summaryrefslogtreecommitdiffstats
path: root/openbsc/src/osmo-bsc_nat
AgeCommit message (Collapse)AuthorFilesLines
2016-04-29move utils.h functions to libosmocoreHarald Welte1-2/+1
This needs the corresponding commit in libosmocore which imports the related functions
2016-04-29use new libosmocore gsm_23_003.h for IMEI/IMSI lengthHarald Welte1-1/+1
... rather than our private definitions everwhere. As an added benefit, gprs_gsup_messages.h is now free of any header dependencies within openbsc.
2016-04-16nat/vty: Do not print token update statementHolger Hans Peter Freyther1-4/+1
On start this would print one line per BSC and this doesn't add a lot of value. Let's just remove this logging message.
2016-04-16bsc_nat: forward_sccp_to_msc(): assert con presence (CID #57872)Neels Hofmeyr1-0/+1
2016-04-14NAT: reload BSCs config dynamicallyMax1-0/+29
Add vty tests for BSC configuration reloading. Load BSCs configuration on bscs-config-file command: * remove all runtime configured BSC not in the config file * close connections to all BSC with updated token value Fixes: OS#1670 Sponsored-by: On-Waves ehf
2016-04-14NAT: move BSC config into separate fileMax2-4/+50
Introduce new configuration option bscs-config-file which includes BSC configuration from the given file. Both absolute and relative (to the main config file) paths are supported. Add 'show bscs-config' command to display current BSC configuration. Note: it is still possible to have BSC configuration in the main file (provided proper index number is used) and in runtime but BSC configuration is no longer saved automatically. The management of included configuration file is left to external tools. Update configuration examples. Fixes: OS#1669 Sponsored-by: On-Waves ehf
2016-04-12NAT: allow allocating BSC in arbitrary orderMax2-12/+9
Check for existing BSC before allocating new one. Track number of remaining BSCs on deallocation. Explicitly use BSC number in allocation function.
2016-04-12NAT: extend debug output for ipaccess errorsMax1-2/+2
2016-04-12NAT: vty command to display number of BSCsMax1-0/+9
Add command 'show nat num-bscs-configured' to display number of configured BSCs. Sponsored-by: On-Waves ehf
2016-03-1504.08: apply new transaction id inline functionsNeels Hofmeyr1-1/+1
libosmocore recently added inline functions to relieve callers from applying bitmasks and bit shifts to access the transaction id of a GSM 04.08 header. Apply these functions.
2016-03-1504.08: apply new bitmask functions, fix bitmask useNeels Hofmeyr3-6/+6
Replace hardcoded protocol discriminator and message type bitmasks with function calls recently introduced in libosmocore. Note that the release 98 bitmasks slightly differ from the release 99 bitmasks. This patch uses the "default" gsm48_hdr_msg_type invocation, thus it depends on libosmocore whether 98 or 99 bitmasks are used. In some places, use of the bitmask was erratic. Fix these implicitly by employing the bitmask functions: * silent_call.c: silent_call_reroute(): add missing bitmask for MM. * bsc_msg_filter.c: bsc_msg_filter_initial(): RR vs. MM messages. * osmo_bsc_filter.c: bsc_find_msc() and bsc_scan_bts_msg(): RR vs. MM messages. * bsc_nat_rewrite.c: bsc_nat_rewrite_msg(): SMS vs. CC messages. * bsc_ussd.c: no bitmask is applicable for the message types used here. * gb_proxy.c: gbproxy_imsi_acquisition(): missing bit mask for pdisc. In gprs_gb_parse.c: gprs_gb_parse_dtap(), add a log notice for unexpected message types.
2016-02-25enable ctrl bind config for various programsNeels Hofmeyr2-3/+11
Add ctrl_vty_init() calls and feed the ctrl_vty_get_bind_addr() return value to ctrl_interface_setup() in the following programs: osmo-bsc osmo-bsc_nat osmo-nitb osmo-sgsn For osmo-sgsn, move the control interface setup invocation below the config parsing, so that the ctrl_vty_get_bind_addr() can return the configured address.
2016-02-25enable telnet VTY bind address config for various programsNeels Hofmeyr1-4/+9
Following the 'line vty'/'bind A.B.C.D' command added in libosmocore, use the configured address to set the telnet bind for the VTY line. It is now possible to publish the VTY on a specific local interface (including 0.0.0.0 aka "any"). Implement in all of: osmo-gbproxy osmo-gtphub osmo-sgsn osmo-bsc osmo-bsc_nat osmo-bsc_mgcp osmo-nitb In some of these main programs, move the telnet initialization below the configuration parsing. Historically, this was not a good idea for programs using bsc_init.c (aka bsc_bootstrap_network()), since they expected a gsm_network struct pointer in ((struct telnet_connection*)vty->priv)->priv, so that telnet had to be either initialized or replaced by a dummy struct. In the meantime, the gsm_network struct is not actually looked up in a priv pointer but in the static bsc_vty.c scope (bsc_gsmnet), so this limitation is mere legacy (even though said legacy is still there in an "#if 0" chunk). In the other binaries I have briefly looked at the init sequence dependencies and found no reason to initialize telnet above the config file parsing. In any case, I have tested every single one of abovementioned binaries to verify that they still parse the example config successfully and launch, allowing VTY connections on the configured address(es). I hope this suffices. In all of the above, log VTY address and port. LOGL_INFO is disabled by default in some of the logging scopes, and since it is a single log message right at program launch, I decided for the slightly more aggressive LOGL_NOTICE.
2016-02-25bsc_nat: fail if VTY telnet port cannot be bound, clarify commentNeels Hofmeyr1-2/+5
2016-02-24minor fixes in bsc_vty.c and bsc_nat.cNeels Hofmeyr1-2/+3
Remove unused talloc.h from bsc_vty.c. In bsc_nat.c, use OSMO_CTRL_PORT_BSC_NAT instead of hardcoding port number, and include ctrl/ports.h for that. Fix comment typo "COMAMND"
2015-11-02stats: Set class_id in rate_ctr group descriptionsJacob Erlbeck1-0/+2
This commit adds the class_id initialiser to all rate_ctr_group_desc definitions. Sponsored-by: On-Waves ehf
2015-11-02stats: Enable stats for sgsn, gbproxy, nitb, bsc, natJacob Erlbeck1-0/+4
This commit initialises and enables the stats subsystem for the given binaries. Sponsored-by: On-Waves ehf
2015-11-02libcommon: soak up three static functions.Neels Hofmeyr1-11/+1
Add new kitchen sink openbsc/utils.h and libcommon/utils.c to make three so far static functions public (so I can use them in the upcoming OAP code). A place to put them could have been the gprs_utils.h, but all general functions in there have a gprs_ prefix, and todo markings to move them away. All other libcommon headers are too specific, so I opened up this kitchen sink header. Replace the implementation of encode_big_endian() with a call to osmo_store64be_ext(). See comments. Apply the change in Makefiles and C files.
2015-10-12osmux: Make sure that bigger Osmux ids actually fitHolger Hans Peter Freyther1-2/+2
We put a signed integer into this string but did not account for the newline and for the terminating NUL of the string. Add the newline to the string and add one for NUL. Spotted while accidently having a CID of 255.
2015-10-12osmux: Remember the allocated CID and make sure it is releasedHolger Hans Peter Freyther1-9/+9
There appears to be a leak of CIDs: <000b> mgcp_osmux.c:544 All Osmux circuits are in use! There are paths that a CID had been requested and never released of the NAT. Remember the allocated CID inside the endpoint so it can always be released. It is using a new variable as the behavior for the NAT and MGCP MGW is different. The allocated_cid must be signed so that we can assign outside of the 0-255 range of it. Fixes: OW#1493
2015-10-12osmux: Enforce Osmux only global and per BSC configurationHolger Hans Peter Freyther2-10/+44
Extend the osmux only setting from the MGCP MGW to the NAT. This is applied when an endpoint is allocated and/or when the allocation is confirmed by the remote system. Not tested. The impact should only be when the new option is being used. Fixes: OW#1492
2015-09-24vty: Change the return type from enum to intHolger Hans Peter Freyther1-1/+1
clang complained that different enums are mixed with the return type and we actually want this to be an int now.
2015-09-23bsc_nat: Fix 1 log error output of wrong variable.Neels Hofmeyr1-1/+1
2015-08-20mgcp: Begin to separate network and bts endpointsHolger Hans Peter Freyther1-3/+3
Make it possible to bind the call-agent to a specific IP address and the network and bts end to different ip addresses. Begin by clarifying which source ip address we want to have.
2015-08-13nat: Forward SDP files with multiple payload types in itHolger Hans Peter Freyther1-6/+7
The parsing code assumed that there will be a single payload type and this assumption is clearly wrong. Forward all of the payload types. The code is still only extracting the first type from the list. The variable name has been renamed to reflect this.
2015-08-0364bit: Fix compiler warnings in regard to 64bitHolger Hans Peter Freyther1-2/+2
vty_interface_layer3.c:584:4: warning: format '%d' expects argument of type 'int', but argument 3 has type 'long unsigned int' [-Wformat=] sizeof(subscr->extension)-1, VTY_NEWLINE);
2015-07-01nat: Use RAND_bytes instead of /dev/urandomHolger Hans Peter Freyther2-21/+7
We don't need to consume all the entropy of the kernel but can use libcrypto (OpenSSL) to generate random data. It is not clear if we need to call RAND_load_file but I think we can assume that our Unices have a /dev/urandom. This takes less CPU time, provides good enough entropy (in theory) and leaves some in the kernel entropy pool.
2015-07-01nat: After we identified the bsc check the keyHolger Hans Peter Freyther2-4/+89
We are using the token to find the right bsc_config and then we can use the last_rand of the bsc_connection to calculate the expected result and try to compare it with a time constant(???) memcmp.
2015-07-01bsc: Check for the rand and then generate a resHolger Hans Peter Freyther1-1/+1
Check if the NAT has sent 16 bytes of RAND and if a key has been configured in the system and then generate a result using milenage. The milenage res will be sent and noth the four byte GSM SRES derivation.
2015-07-01nat: Send 16 bytes of rand to the BSC and remember itHolger Hans Peter Freyther1-3/+37
Generate 16 byte of random data to be used for A3A8 by the BSC in the response. We can't know which BSC it is at this point and I don't want to send another message once the token has been received so always send the data with an undefined code. The old BSCs don't parse the message and will happily ignore the RAND. /dev/urandom can give short reads on Linux so loop around it until the bytes have been read from the kernel.
2015-07-01nat: Provide access to /dev/urandom for the codeHolger Hans Peter Freyther1-0/+9
Instead of doing open/read/close all the time, open the FD in the beginning and keep it open. To scare me even more I have seen /dev/urandom actually providing a short read and then blocking but it seems to be the best way to get the random byes we need for authentication. So one should/could run the cheap random generator on the system (e.g. haveged) or deal with the NAT process to block.
2015-07-01bsc/nat: Fix the structure of the identity request messageHolger Hans Peter Freyther1-4/+11
Unfortunately the basic structure of the response is broken. There is a two byte length followed by data. The concept of a 'tag' happens to be the first byte of the data. This means we want to write strlen of the token, then we want to write the NUL and then we need to account for the tag in front. Introduce a flag if the new or old format should be used. This will allow to have new BSCs talk to old NATs without an additional change. In the long run we can clean that up.
2015-07-01nat: Close the connection after we couldn't find the userHolger Hans Peter Freyther1-0/+1
In case the token was not correct, just close the connection. It is not clear that forcing a new TCP connection is going to give us any extra security here. But with the upcoming auth handling it does make sense to have both case look similar.
2015-07-01nat: Factor out the config by token searchHolger Hans Peter Freyther2-19/+31
In the upcoming authentication improvements it is nice to separate the finding of the config from the post-allow handling of it.
2015-07-01nat: Add size check for the payloadHolger Hans Peter Freyther1-1/+1
The msgb will always have these bytes but it is better practice to verify that the message really has space for the two bytes.
2015-05-03filter: Move the con_type into the filter_stateHolger Hans Peter Freyther5-24/+24
2015-05-03filter: Remove bsc_connection from the filter APIHolger Hans Peter Freyther1-2/+16
Remove the last occurence of NAT datastructures in the filtering module and add the ctx to the filter request structure.
2015-05-03filter: Remove nat_sccp_connection from public APIHolger Hans Peter Freyther3-13/+16
2015-05-03filter: Separate SCCP/BSSAP extraction and gsm48 codeHolger Hans Peter Freyther2-1/+106
For the BSC we will have the gsm48_hdr and don't need to find data within SCCP. For legacy reasons we need to initialize con_type, imsi, reject causes early on and need to do the same in the filter method.
2015-05-03filter: More renaming and remove of "NAT" from itHolger Hans Peter Freyther2-8/+8
2015-05-03filter: Remove nat from bsc_nat_acc_lst and replace with msgHolger Hans Peter Freyther4-13/+13
2015-05-03filter: Cease out "struct bsc_nat" from the APIHolger Hans Peter Freyther2-2/+2
This means we need to require a talloc context and simply operate on the list. I had considered creating a structure to hold the list head but I didn't find any other members so omitted it for now.
2015-05-03filter: Move VTY code into the filter moduleHolger Hans Peter Freyther1-110/+2
2015-05-03filter: Move the access list management aroundHolger Hans Peter Freyther2-88/+1
2015-05-03filter: Move the method definition to the filter moduleHolger Hans Peter Freyther4-0/+4
Move the filter methods to the filter module. This is still only usable for the NAT and the _dt/_cr filter routines need to move back to the bsc_nat in the long run.
2015-05-03filter: Move the gsm 04.08 filter to a common placeHolger Hans Peter Freyther2-444/+2
For customer requirements we want to be able to do filtering on the BSC as well. The same messages need to be scanned and the same access-lists will be looked at. In the future we might even split traffic based on the IMSI. Begin with moving the code to a new top level directory and then renaming and removing the nat dependency.
2015-04-23nat: Make mode-set patching optionalHolger Hans Peter Freyther3-4/+32
2015-04-10nitb: Fix IMSI/IMEI buffer handling (Coverity)Jacob Erlbeck1-1/+1
Currently the handling of the buffers is not done consistently. Some code assumes that the whole buffer may be used to store the string while at other places, the last buffer byte is left untouched in the assumption that it contains a terminating NUL-character. The latter is the correct behaviour. This commit changes to code to not touch the last byte in the buffers and to rely on the last byte being NUL. So the maximum IMSI/IMEI length is GSM_IMSI_LENGTH-1/GSM_IMEI_LENGTH-1. For information: We assume that we allocate the structure with talloc_zero. This means we have NULed the entire imsi array and then only write sizeof - 1 characters to it. So the last byte remains NUL. Fixes: Coverity CID 1206568, 1206567 Sponsored-by: On-Waves ehf
2015-04-07nat: Fix timeslot range in 'show bsc mgcp' VTY commandJacob Erlbeck1-1/+1
Currently the inner loop in show_bsc_mgcp iterates of the timeslot interval [0, 31]. Timeslot 0 is not valid, which causes mgcp_timeslot_to_endpoint to generate a corresponding warning and to return an invalid endp value. That value causes an out-of-bound read access, possibly hitting unallocated memory. This patch fixes the loop range by starting with timeslot 1. Note that this does not prevent mgcp_timeslot_to_endpoint from returning an invalid endpoint index when called with arguments not within its domain. Addresses: <000b> ../../include/openbsc/mgcp.h:250 Timeslot should not be 0 [...] vty=0xb4203db0, argc=1, argv=0xbfffebb0) at bsc_nat_vty.c:256 max = 1 con = 0xb4a004f0 i = 0 j = 0 [...] ==15700== ERROR: AddressSanitizer: heap-use-after-free on address 0xb520be4f at pc 0x8062a42 bp 0xbfffeb18 sp 0xbfffeb0c Sponsored-by: On-Waves ehf
2015-04-07nat: Check for the access list in set command as wellHolger Hans Peter Freyther1-1/+8
I omitted the check as this was already done by the verify function for this command. Please Coverity and do the check again even if it is not necessary. I begin to doubt the usage of a "dedicated" verify method as well. Silences: Coverity CID 1293150