chan_sip: Peers with distinct source ports don't match, regardless of transport.

Previously, peers connected via TCP (or TLS) were matched by ignoring their
source port. One cannot say anything when protocol:IP:port match, yes (see
<http://stackoverflow.com/q/3329641>). However, when the ports do not match, the
peers do not match as well.

This change allows two peers connected to an Asterisk server via TCP (or TLS)
behind a NAT (= same source IP address) to be differentiated via their port as
well.

ASTERISK-27457
Reported by: Stephane Chazelas

Change-Id: Id190428bf1d931f2dbfd4b293f53ff8f20d98efa

diff --git a/channels/chan_sip.c b/channels/chan_sip.c
index 559e5c05b488b5e6c8713bb74fc389f831d64081..dacc717af48fd882e85b1001e18d8b9524d8c3ee 100644 (file)
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -34129,10 +34129,9 @@ static int peer_ipcmp_cb_full(void *obj, void *arg, void *data, int flags)
        }
 
        /* We matched the IP, check to see if we need to match by port as well. */
-       if ((peer->transports & peer2->transports) & (AST_TRANSPORT_TLS | AST_TRANSPORT_TCP)) {
-               /* peer matching on port is not possible with TCP/TLS */
-               return CMP_MATCH | CMP_STOP;
-       } else if (ast_test_flag(&peer2->flags[0], SIP_INSECURE_PORT)) {
+       if (((peer->transports & peer2->transports) &
+               (AST_TRANSPORT_UDP | AST_TRANSPORT_WS | AST_TRANSPORT_WSS)) &&
+               ast_test_flag(&peer2->flags[0], SIP_INSECURE_PORT)) {
                /* We are allowing match without port for peers configured that
                 * way in this pass through the peers. */
                return ast_test_flag(&peer->flags[0], SIP_INSECURE_PORT) ?