Transaction only topology_hiding enhancements

[davidtrihy-genesys]

Summary

Additional features to the topology_hiding module in transaction only mode.

1. Compact encoding of the thinfo param
2. One way hiding based on socket tags, this allows for asymmetric transaction topology hiding where the request may not strip any information but the response does or vice versa
3. Selection of the encoding algorithm, legacy or new compact encoding along with password rotation support
4. New autoroute functionality toggleable on or off

Details

A strong effort was made to not alter dialog topology_hiding functionality and only target transaction functionality but there was a refactor done to separate the logic as the transaction aware logic grew in size due to the changes so a lot of the common code was refactored into separate source files to make development easier and additional functionality that could be common was added to those same files

• This is the refactor of the logic in a commit 75ff8a6bdd87466f44a5c8dbeac417cf82493ae4 the idea is to show that there is no functionality change that would affect the dialog aware module
• This is the new codec for the compact encoding 44b86215d8bc06137e4e7a44ad549f645576d21b
• pseudovars support commit ac6d588b96741d6aaf6597528b56d2abc6462889
• This is the modparam changes bbba1f626f1478a040e947ef246da9bd66656ba3

The major logic rework is part of this commit here 11783c1c4faa561541e7b0e26ee4bffa9adb88a0 this is where the bulk of the work was done to support the new model of topology_hiding there are other smaller commits too but these ones give the bulk of changes.

Once the modparam name and scheme has been agreed upon the documentation can be added in another commit before merged the PR

Socket tag matching

Purpose of these tags is to define the sockets that will be used for topology hiding, internal is when the request comes in and the socket is switched, it will allow the topology_hiding to be engaged but also not strip topology information for requests and only for responses, the inverse applies for requests initiated from internal.

External is purely for failover scenarios, in this case if you don't have a DNS advertised for your internal socket and that instance fails, you can do some script initiated failover to another instance that may have the same IP address but has the same tag and it should be able to decode the socket information using the tags to match the information as opposed to IP addresses
If this tag is not set then failover will not work in this scenario, this only affects the auto_route

modparam("topology_hiding", "th_internal_trusted_tag", "my_internal_socket_tag")
modparam("topology_hiding", "th_external_socket_tag", "my_external_socket_tag")

socket = tcp:203.0.100.10:5060 tag my_external_socket_tag
socket = udp:10.100.20.40:5080 tag my_internal_socket_tag

auto route modparam

This modparam is purely to generate an auto route on the trusted internal socket when one way hiding is engaged due to no Contact header update, the script writer can turn it off and choose to do sequential requests in the script

modparam("topology_hiding", "th_auto_route_on_trusted_socket", 1)

param encoding and password

Allows for setting the param name, password and encoding type and choosing which one to use when doing topology_hiding will allow two definitions and supports password rotation

modparam("topology_hiding", "th_contact_encode_param_password", "thinfo:password1:C")
modparam("topology_hiding", "th_use_param", "thinfo")

Solution

The solution has some limitations that could be addressed in future with modparams but I don't think it's entirely necessary for now

1. New pseudovars do not support legacy encoding scheme, they were written to directly read the decoded buffer of the compact encoding rather than copy
2. Parts of the buffer management were moved from using pkg_malloc to using static buffers of fixed size, the sizing is 4096 bytes and if the decoding goes above that size it will fail to decode, this could also be made as a modparam and the allocation of the buffer could be done at module init time, the idea is to remove unneeded dynamic allocations during transaction processing
3. The amount of URIs that can be decoded is fixed at 12, it was a random number I picked, once again it could be made as a modparam or fully dynamic

These listed limitations only really apply to the new encoding type and the target usage of this algorithm is in the one way hiding mode of operation which the script writer should be aware of the internal SIP message Routes and Contact headers so they should be aware of the limitations, in any case I plan to address them in a follow up PR

Compatibility

Retains full backwards compatibility with the current mode of operation, will link the suite of sipssert tests written when PR is open.