From 271b3b152000f5bcf21c444daedfe2799b3ee5f6 Mon Sep 17 00:00:00 2001
From: Richard Fuchs <rfuchs@sipwise.com>
Date: Wed, 27 Aug 2025 14:36:40 -0400
Subject: [PATCH] MT#55283 store sfd in fsin in dtls_connection

This makes it possible for the BIO callback to access these values,
instead of obtaining possibly mismatched values from packet_stream.

Restores behaviour prior to 5331506

Closes #1996

Change-Id: I74ccb82f1739ca98eb033e68df4e27619ca7e46a
---
 daemon/dtls.c  | 12 ++++++++++--
 include/dtls.h |  2 ++
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/daemon/dtls.c b/daemon/dtls.c
index 72e9a378d..ed0639597 100644
--- a/daemon/dtls.c
+++ b/daemon/dtls.c
@@ -643,7 +643,7 @@ static long dtls_bio_callback(BIO *bio, int oper, const char *argp, size_t len,
 	struct packet_stream *ps = d->ps;
 	if (!ps)
 		return ret;
-	struct stream_fd *sfd = ps->selected_sfd;
+	struct stream_fd *sfd = d->sfd;
 	if (!sfd)
 		return ret;
 
@@ -654,7 +654,9 @@ static long dtls_bio_callback(BIO *bio, int oper, const char *argp, size_t len,
 		argp[8], argp[9], argp[10], argp[11],
 		argp[12], argp[13], argp[14], argp[15]);
 
-	const endpoint_t *fsin = &ps->endpoint;
+	const endpoint_t *fsin = &d->fsin;
+	if (fsin->address.family == NULL)
+		fsin = &ps->endpoint;
 	if (fsin->port == 9 || fsin->address.family == NULL)
 		return ret;
 	
@@ -906,6 +908,11 @@ int dtls(stream_fd *sfd, const str *s, const endpoint_t *fsin) {
 	if (!d->init || !d->ssl)
 		return -1;
 
+	// used by the BIO callback
+	d->fsin = fsin ? *fsin : (endpoint_t) {0};
+	obj_release(d->sfd);
+	d->sfd = obj_get(sfd);
+
 	if (s) {
 		if(s->len > 13 && (unsigned char)s->s[0] == DTLS_CT_HANDSHAKE) {
 			ilogs(srtp, LOG_INFO, "Processing incoming DTLS Handshake %02x %s packet from %s",
@@ -1012,6 +1019,7 @@ void dtls_connection_cleanup(struct dtls_connection *c) {
 		if (c->w_bio)
 			BIO_free(c->w_bio);
 	}
+	obj_release(c->sfd);
 	ZERO(*c);
 }
 
diff --git a/include/dtls.h b/include/dtls.h
index 3372e47d7..0732ec4fb 100644
--- a/include/dtls.h
+++ b/include/dtls.h
@@ -43,6 +43,8 @@ struct dtls_connection {
 	SSL *ssl;
 	BIO *r_bio, *w_bio;
 	struct packet_stream *ps;
+	endpoint_t fsin;
+	stream_fd *sfd;
 	unsigned char tls_id[16];
 	unsigned int init:1,
 	             active:1,