From 3186dd7c3601dc80dd7ae837ed8f1ea43ff09d95 Mon Sep 17 00:00:00 2001
From: Martin Kacer <martin.kacer@p1sec.com>
Date: Tue, 13 Nov 2018 10:45:57 +0100
Subject: [PATCH] DiameterFW session correlation bug fix

---
 .../src/main/java/diameterfw/DiameterFirewall.java        | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/sigfw/sigfw.sigfw/src/main/java/diameterfw/DiameterFirewall.java b/sigfw/sigfw.sigfw/src/main/java/diameterfw/DiameterFirewall.java
index 934784f..b489b8f 100644
--- a/sigfw/sigfw.sigfw/src/main/java/diameterfw/DiameterFirewall.java
+++ b/sigfw/sigfw.sigfw/src/main/java/diameterfw/DiameterFirewall.java
@@ -208,7 +208,7 @@ private static void configLog4j() {
     // Diameter sessions
     // TODO consider additng Diameter Host into Key
     // Used to correlate Diameter Answers with Requests, to learn the Dest-Realm for the answer
-    // Key: AppID + ":" + "CommandCode" + ":" + Dest_realm + ":" + msg.getEndToEndIdentifier() + ":" + msg.getHopByHopIdentifier())
+    // Key: AppID + ":" + "CommandCode" + ":" + Dest_realm + ":" + msg.getEndToEndIdentifier()
     // Value: Origin-Realm from first message detected (Request)
     private static Map<String, String> diameter_sessions = ExpiringMap.builder()
                                                 .expiration(10, TimeUnit.SECONDS)
@@ -1034,7 +1034,7 @@ public void run() {
                     // ------ Request/Answer correlation --------
                     // Store the Diameter session, to be able encrypt also answers. Store Origin Realm from Request
                     if (!dest_realm.equals("") && msg.isRequest()) {
-                        String session_id = ai + ":" + cc + ":" + dest_realm + ":" + msg.getEndToEndIdentifier() + ":" + msg.getHopByHopIdentifier();
+                        String session_id = ai + ":" + cc + ":" + dest_realm + ":" + msg.getEndToEndIdentifier();
                         diameter_sessions.put(session_id, orig_realm);
                     }
                     // ------------------------------------------
@@ -1064,7 +1064,7 @@ public void run() {
                     // Answers without Dest-Realm, but seen previously Request
                     else if (!msg.isRequest()) {
                         String _dest_realm = "";
-                        String session_id = ai + ":" + cc + ":" + orig_realm + ":" + msg.getEndToEndIdentifier() + ":" + msg.getHopByHopIdentifier();
+                        String session_id = ai + ":" + cc + ":" + orig_realm + ":" + msg.getEndToEndIdentifier();
                         if (diameter_sessions.containsKey(session_id)) {
                             _dest_realm = diameter_sessions.get(session_id);
                         }
@@ -1318,7 +1318,7 @@ else if (!msg.isRequest()) {
 
 
                     // ---------- Diameter encryption -----------
-                    String session_id = ai + ":" +  cc + ":" +  orig_realm + ":" + msg.getEndToEndIdentifier() + ":" + msg.getHopByHopIdentifier();
+                    String session_id = ai + ":" +  cc + ":" +  orig_realm + ":" + msg.getEndToEndIdentifier();
 
                     // Requests containing Dest-Realm
                     if (!dest_realm.equals("") && msg.isRequest() && DiameterFirewallConfig.destination_realm_encryption.containsKey(dest_realm)) {