Surround IPSec code with feature flag checks

pcscf/kamailio_pcscf.cfg

@@ -173,9 +173,8 @@ loadmodule "statistics"
 
 loadmodule "ims_dialog"
 loadmodule "ims_usrloc_pcscf"
-#!ifdef WITH_IPSEC
+# Following module is required even in case of IPSec being disabled.
 loadmodule "ims_ipsec_pcscf"
-#!endif
 loadmodule "ims_registrar_pcscf"
 
 #!ifdef WITH_XMLRPC
@@ -248,7 +247,9 @@ modparam("debugger", "mod_hash_size", 5)
 modparam("debugger", "mod_level_mode", 1)
 modparam("debugger", "mod_level", "rtpengine=3")
 modparam("debugger", "mod_level", "ims_qos=3")
+#!ifdef WITH_IPSEC
 modparam("debugger", "mod_level", "ims_ipsec_pcscf=3")
+#!endif
 modparam("debugger", "mod_level", "textops=3")
 modparam("debugger", "mod_level", "tm=3")
 modparam("debugger", "mod_level", "ims_registrar_pcscf=3")
@@ -761,11 +762,7 @@ route[REQINIT] {
 		send_reply("503", "Server shutting down");
 		exit;
 	}
-# #!ifdef WITH_IPSEC
-# 	if (!is_method("REGISTER")) {
-#        	ipsec_forward("location");
-#   }
-# #!endif
+
 	# Ignore Re-Transmits:
 	if (t_lookup_request()) {
 		exit;
@@ -928,10 +925,7 @@ event_route[uac:reply] {
 			xlog("  Unregistering $uac_req(ruri);$var(alias)\n");
 			setdebug("9");
 #!ifdef WITH_IPSEC
-			#if ($sht(ipsec_clients=>$(T_req($ct){nameaddr.uri})) != $null) {
-				#ipsec_destroy("location");
 			ipsec_destroy_by_contact("location", "$uac_req(ruri);$var(alias)", "$(uac_req(ouri){uri.host})", "$(uac_req(ouri){uri.port})");
-			#}
 #!endif
 			pcscf_unregister("location", "$uac_req(ruri);$var(alias)", "$(uac_req(ouri){uri.host})", "$(uac_req(ouri){uri.port})");
 			resetdebug();

pcscf/route/mo.cfg

@@ -103,9 +103,7 @@ onreply_route[MO_reply] {
 		append_hf("Contact: $ct;$hdr(C-Params)\r\n");
 	}
 #!ifdef WITH_IPSEC
-	#if ($sht(ipsec_clients=>$(T_req($ct){nameaddr.uri})) != $null) {
 	ipsec_forward("location");
-	#}
 #!endif
 	# In case of 1xx and 2xx do NAT
 	if(status=~"[12][0-9][0-9]")
@@ -168,11 +166,13 @@ route[MO_indialog] {
 		force_rport();
 	}
 
+#!ifdef WITH_IPSEC
 	if ($dd != "" && $rd != "" && $fs != "") {
         if ($rd =~ ".*" + $dd + ".*") {
 			ipsec_forward("location");
 		}
 	}
+#!endif
 }
 
 onreply_route[MO_indialog_reply] {

pcscf/route/mt.cfg

@@ -93,11 +93,13 @@ route[MT_indialog] {
 		force_rport();
 	}
 
+#!ifdef WITH_IPSEC
     if ($dd != "" && $rd != "" && $fs != "") {
         if ($rd =~ ".*" + $dd + ".*") {
             ipsec_forward("location");
         }
     }
+#!endif
 }
 
 onreply_route[MT_indialog_reply] {

pcscf/route/register.cfg

@@ -21,10 +21,12 @@ route[REGISTER] {
 		exit;
 	}
 
+#!ifdef WITH_IPSEC
 	$sht(ipsec_clients=>$(ct{nameaddr.uri})) = $null;
 	if ($hdr(Security-Client) =~ ".*ipsec-3gpp.*") {
 		$sht(ipsec_clients=>$(ct{nameaddr.uri})) = 1;
 	}
+#!endif
 
 	# Strip additional Tags from RURI:
 	if ($rU == $null)
@@ -255,13 +257,13 @@ onreply_route[REGISTER_reply]
 		update_stat("register_success", "+1");
 		update_stat("register_time", "$var(stat_add)");
 #!ifdef WITH_IPSEC
-		#if ($sht(ipsec_clients=>$(T_req($ct){nameaddr.uri})) != $null) {
             ipsec_forward("location");
-		#}
    	}
 	else {
 		if (t_check_status("401")) {
-			ipsec_create("location");
+			if(ipsec_create("location")!=1) {
+				send_reply("503", "Service Unavailable (Create ipsec failed)");
+			}
 			if ($sht(ipsec_clients=>$(T_req($ct){nameaddr.uri})) != $null) {
 				$var(sec_client) = $(T_req($hdr(Security-Client)));
 				xnotice("Security-Client=$var(sec_client)\n");
@@ -284,9 +286,6 @@ onreply_route[REGISTER_reply]
 				xnotice("New header - WWW-Authenticate=$var(new_hdr)\n");
 			}
         }
-		#if (t_check_status("403")) {
-		#	ipsec_destroy("location");
-		#}
 #!endif
     }
 	exit;