summaryrefslogtreecommitdiffstats
path: root/openbsc/src/osmo-bsc_nat
AgeCommit message (Collapse)AuthorFilesLines
2019-08-05Remove undefined param passed to {logging,osmo_stats}_vty_add_cmdsPau Espin Pedrol1-2/+2
Since March 15th 2017, libosmocore API logging_vty_add_cmds() had its parameter removed (c65c5b4ea075ef6cef11fff9442ae0b15c1d6af7). However, definition in C file doesn't contain "(void)", which means number of parameters is undefined and thus compiler doesn't complain. Let's remove parameters from all callers before enforcing "(void)" on it. API osmo_stats_vty_add_cmds never had a param list but has seem problem (no "void"), so some users decided to pass a parameter to it. Change-Id: I7d9d477b983b0d62f01237d90acaa7ce455c3c3d Related: OS#4138
2019-08-05nat: Remove unused func bsc_vty_init()Pau Espin Pedrol1-8/+0
The function is never called in osmo-bsc-nat, and logging_vty_add_cmds() is called directly in main(). Change-Id: Ie13cf5dc7f8dfa6fc6c3953dfcacaed7d5feb114
2019-06-21bsc-nat: Remove whitespace at the end of CTR descriptionsPau Espin Pedrol1-13/+13
Change-Id: Ia7ff352de1fb1997066f72e84a7d517c7642853a
2019-05-26mgcp: Handle CI and X-Osmux param name as case insensitivePau Espin Pedrol1-12/+65
RFC3435 states most text (except SDP) must be handled as case insensitive. Since we are no longer using strstr(msg->l2h), we need to iterate per line and call related extract/handle function for that line. Call to bsc_mgcp_osmux_confirm() is left at the end because it needs to be called too in case no matching line is found. In that case, it will release the CID. Similar stuff ocurrs for bsc_mgcp_extract_ci(). Related: OS#4001 Change-Id: Iadc004064a5a237c93009f242cb943ebc4d2d7e6
2019-05-16nat: Allocate bsc_nat_parsed on the stack instead of heapPau Espin Pedrol4-76/+65
There's no real need to allocate it using talloc. Allocating it on the stack simplifies the code, avoids mem leaks and makes it faster. Change-Id: I66c44890952339f15131081e2f629a2824b6d3ba
2019-05-08nat: Fix crash (double-free) in forward_sccp_to_mscPau Espin Pedrol1-2/+2
In bsc_nat_parse(), parsed is allocated this way: """parsed = talloc_zero(msg, struct bsc_nat_parsed);""" So parsed is a child of msg, and so it's freed when msg is freed. Since libosmocore c7f52c4c84d6a8898048738c4db9266289c40b45, osmo_wqueue_enqueue() correctly detects queue full and returns an error, and then queue_for_msc() calls msgb_free(). Code in osmo-bsc-nat was probably written before that change in behavior, so that's why probably the bug was not hit before. The "if (parsed)" condition is removed since it's actually fine to talloc_free(NULL). Related: SYS#4548 Change-Id: I209d3e2d809a67915ec43c874e68f7f746a565f0
2019-05-02nat: Return error code in queue_for_mscPau Espin Pedrol1-4/+8
Might be useful in the future for its callers, since sometimes actions need to be taken place based on whether enqueuing failed (and msg was freed). Change-Id: I9f172f9c9ca9db18f6adcf9267db23c73e9d5bc6
2019-04-23osmo-bsc_nat: Parse MGCP Connection ID as hexDaniel Willmann1-1/+4
Our ttcn3-bscnat-tests would randomly fail. After the CRCX ACK returns from the MSC the bsc-nat reports it could not find a CI it it and deletes the connection on the BSC-side. This happens because the field is parsed as a decimal value instead of hexadecimal. So a value of 00FED122 is parsed as '0' which is a reserved value in our program. This fix parses the field as hexadecimal value and also logs an error if the value happens to be 0. make check will now test if a hexadecimal CI is parsed correctly. Fixes: OS#3951 Change-Id: I49b8b61644bf706162102dce268cae2265536fc5
2019-03-28Replace broken ipa_ccm_idtag APIs with new ipa_ccm_id onesPau Espin Pedrol2-6/+6
ipa_ccm_idtag_parse_off is broken, and can only be used with len_offset=1 on ID Request messages, otherwise won't work correctly. Modify ipa_ccm_idtag_parse to at least parse those correctly, and document the limitations. Those two functions are already deprecated and only used in openbsc by 3 callers: * ipa_ccm_idtag_parse in ussd_read_cb(): Broken, that function can only work for Requests and it's used to parse a Response. * ipa_ccm_idtag_parse_off in forward_sccp_to_msc (NAT): Broken, it can only be used to parse Requests and it's used to parse a Response. Furthermore, len_offset=2 is passed which makes no sense and most probably it fails always, or can even make the program crash. * ipa_ccm_idtag_parse_off in (answer_challenge): This one is fine and could actually be replaced with ipa_ccm_id_get_parse after libosmocore commit (see below) is merged. See libosmocore I6efc852dfc041192f554e41a58290a0f63298021 for more information. As a consequence of the fixes, osmo-bsc-nat now parses messages sent from VTY test correctly and thus it goes into processing them instead of silently dropping them. As a result, some VTY tests fail because they are sending incorrect format (missing NULL char in unit id strings) and osmo-bsc-nat closses its connection (due to bad auth). Change-Id: I3b995f8ef0b48c0a5b3375e42926641934359cd2
2018-11-27bsc-nat: Enable octet-aligned when ensuring mode setPau Espin Pedrol1-1/+1
From RFC 4867: octet-align: Permissible values are 0 and 1. If 1, octet-aligned operation SHALL be used. If 0 or if not present, bandwidth-efficient operation is employed. Change-Id: Ic4db7f6d18f650f36f3186965096771f748de5fd
2018-10-12nat: Log state of pending transactionPau Espin Pedrol1-2/+2
Change-Id: I9f686404517bf8a2044cf59dd5bfaf90eb4f798f
2018-10-12nat: Log endpoint nr consistently as hexPau Espin Pedrol1-1/+1
Change-Id: I581f40da47614223219800e97a334f8b5e06b13f
2018-09-17bsc_filter: Move whitelisted info log to debugPau Espin Pedrol1-1/+1
It shows up all the time in logs while using "logging level all info", let's move it to debug. Change-Id: I51274dad5afef16e466921c5d58672427d23fd3b
2018-09-13nat: return -EBADF in read wqueue cb on fd closedPau Espin Pedrol1-1/+1
bsc_msc_lost will close the current fd (without freeing it), so let's skip possible writes to an already closed fd bsc_msc_lost will close the current fd (without freeing it), so let's skip possible writes to an already closed fd.. Change-Id: I55c1a88f6524e897c70abf8ba18f1bb2b1f650aa
2018-09-13nat: Remove misleading commentPau Espin Pedrol1-1/+0
PONG is being sent a as an answer to PING a few lines above in same function. Change-Id: I88ca95d46f4ace1da4025d12302422dbfa578354
2018-09-13nat: Remove misleading commentPau Espin Pedrol1-4/+0
Code is already doing stuff with the connection (fd). Change-Id: Ieeaa0e024b9542d1a22a8e3ab4c3229a6f8a0b49
2018-09-13cosmetic: Remove duplicate semicolon and whitespacePau Espin Pedrol1-2/+2
Change-Id: Ib36b8937d1210488784ebae6917cb1b4c871c9d4
2018-08-20mgcp: add VTY Option to force-realloc endpointsPhilipp Maier2-1/+3
Currently the force_realloc feature is turnd on and of in a hardcoded way. This patch makes the option available via VTY. Backport from osmo-mgw.git. Change-Id: Ic8740512c5ea0766ff6ceb1c28b9c2b3fe46e75f
2018-08-16vty: Fix typo writing bts-jitter-buffer-delay-{min,max}Pau Espin Pedrol1-2/+2
Change-Id: I83948ce626b924802d1963411a3f40c5fed24355
2018-07-12nat: ctrl: Avoid sending back received ERROR msgsPau Espin Pedrol1-7/+11
We only send back if we had an error parsing the message locally. If we receive an ERROR message from a bsc, we try to forward it if the ID is valid, otherwise only log the received error description locally. Related: OS#3394 Change-Id: I7b4d20aea7a16c4b4e5add7c274a4ed34a7f6b8d
2018-07-12nat: ctrl: use strtol instead of atoi as it has explicit error documentationPau Espin Pedrol1-2/+13
In some cases id can be non-digit such as "err" for ERROR cmds generated from parsing failures. Change-Id: Ief0b203efbcf2be04253b5056840be94d58a9994
2018-07-12nat: ctrl: Use ctrl_cmd_parse2 to obtain detailed errorPau Espin Pedrol1-11/+2
Instead of always logging/sending same error, use the new ctrl_cmd_parse2 API which always returns a cmd structure with a specific error description. Change-Id: I6ef2b6e309632ed9cb296e8a1e71f879007a36ae
2018-07-04nat: Add VTY cmd paging-bss-forward to nat nodePau Espin Pedrol2-0/+27
This command controls forward/drop of BSS paging messages from MSC to all BSCs connected to BSC-NAT. In situations in which MS don't generally roam from one BSC to another under the BSC-NAT, it may be beneficial (bandwidth wise) to drop these global paging commands, which are usually issued by the MSC if the location of the MS isn't known and LAC paging has failed. Change-Id: I737774543e0a8734d79b072e66e3c09e82b001d3
2018-06-28bsc-nat: forward paging to all BSC when CELL_IDENT_BSS is receivedPau Espin Pedrol2-14/+34
Previous to this commit, an error message was printed and the paging message was dropped: openbsc/openbsc/src/osmo-bsc_nat/bsc_nat.c:618 Could not parse paging message: -3 Related: OS#3325 Change-Id: I3125ba0e67d2965c0be3089748dd113b1bf615af
2018-06-28bsc-nat: find_paging: Check return code of tlv_parsePau Espin Pedrol1-1/+7
Change-Id: Ib03681cf91550846af0d487c11cc90b6f700b340
2018-06-28bsc_vty: Write access list entries when storing bsc configPau Espin Pedrol1-3/+2
Back-port from osmo-bsc.git d99182c01037f4dd14fb72b2b06497e0c1bebb49. Change-Id: I0b951a9c3dbe245c3813fc91ceb9118a0de779b8
2018-06-28Rename bsc_msg_acc_lst_vty_init to have more uniform prefixPau Espin Pedrol1-1/+1
Back-port from osmo-bsc.git a0f1196eda79de0e838b29eb91d9f31839f2f447. Change-Id: I519fb945a99206dff6c4aeb476d527e632b7e751
2018-06-28bsc-nat: Add more complete VTY command to show BSC related infoPau Espin Pedrol1-68/+74
Other VTY commands already exist which provides each a subset of these features, but while operating bsc-nat it became interesting to have all this info easily reachable for a specific BSC. Change-Id: I47bfd4fb800390505bdeb0f1d0bd1306fb888a59
2018-06-27bsc-nat: Replace '.' in counter names with ':'Pau Espin Pedrol1-14/+14
The '.' is illegal character in counter names, as they are exported via CTRL interface, where '.' has a special meaning that cannot be used by strings comprising the variable name. Change-Id: I55470ae74d350e4020209921fd8a09b51b120a41
2018-06-27bsc-nat: Avoid heap-use-after-free on USSD conn lostPau Espin Pedrol1-4/+7
When ussd_read_cb calls bsc_nat_ussd_destroy the osmo_fd struct is freed, so we need to indicate to osmo_wqueue_bfd_cb that it should not continue using the fd pointer after we return. Fixes following AddressSanitizer report: <0015> osmo-bsc_nat/bsc_ussd.c:273 USSD Connection on 13 with IP: 1.2.3.4 <0015> osmo-bsc_nat/bsc_ussd.c:132 USSD Connection was lost. ================================================================= ==18118==ERROR: AddressSanitizer: heap-use-after-free on address 0x61200047c4b4 at pc 0x7ffff6067540 bp 0x7fffffffe170 sp 0x7fffffffe168 READ of size 4 at 0x61200047c4b4 thread T0 #0 0x7ffff606753f in osmo_wqueue_bfd_cb libosmocore/src/write_queue.c:65 #1 0x7ffff605206b in osmo_fd_disp_fds libosmocore/src/select.c:217 #2 0x7ffff6052305 in osmo_select_main libosmocore/src/select.c:257 #3 0x421dfa in main osmo-bsc_nat/bsc_nat.c:1718 #4 0x7ffff47ffb44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44) #5 0x406438 (/bin/osmo-bsc_nat+0x406438) Change-Id: I35854c43524714d07f31d71c775ac1cd0a57d22e
2018-06-15bsc-nat: show running-config now prints bsc nodesPau Espin Pedrol1-39/+41
Fixes: OS#3335 Change-Id: I847e84d5cc50619059cbae7a2c6471c60609aec6
2018-06-15bsc-nat: Add -V param to print versionPau Espin Pedrol1-1/+7
Change-Id: I4dbf97905749aa9379bc6b6b448953d8b1825545
2018-06-15bsc-nat: Fix missing help description for -T timestamp cmdline optionPau Espin Pedrol1-0/+1
Change-Id: I6a6fc3574630c0893797388bbbdeabe14572f988
2018-06-08bsc-nat: Avoid heap-use-after-free on bsc auth failurePau Espin Pedrol1-19/+32
Previous to this patch, if ipaccess_auth_bsc() failed finding the requested auth token, it would call bsc_close_connection() on it. However, it would not report callers that the bsc conn was closed. Since ipaccess_auth_bsc is called in the following path: [osmo_wqueue_bfd_cb->ipaccess_bsc_read_cb->forward_sccp_to_msc->ipaccess_auth_bsc] It needs to notify the lower layers (wqueue) that the conn/osmo_fd has been freed an it should avoid keep using/forwarding it again. This patch fixes this issue by moving the conn closing one layer down the stack (from ipaccess_auth_bsc to forward_sccp_to_msc), and in there we now close the conn and provide required information to the callers. Fixes following Asan report: Unit_Name='foobar' <0015> openbsc/openbsc/src/osmo-bsc_nat/bsc_nat.c:1061 No bsc found for token 'foobar' len 6 on fd: 11. ================================================================= ==18946==ERROR: AddressSanitizer: heap-use-after-free on address 0x616001f8b81c at pc 0x7ffff6067540 bp 0x7fffffffe170 sp 0x7fffffffe168 READ of size 4 at 0x616001f8b81c thread T0 #0 0x7ffff606753f in osmo_wqueue_bfd_cb libosmocore/src/write_queue.c:65 #1 0x7ffff605206b in osmo_fd_disp_fds libosmocore/src/select.c:217 #2 0x7ffff6052305 in osmo_select_main libosmocore/src/select.c:257 #3 0x421c8e in main openbsc/openbsc/src/osmo-bsc_nat/bsc_nat.c:1714 #4 0x7ffff47ffb44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44) #5 0x406438 (/bin/osmo-bsc_nat+0x406438) Fixes: SYS#4250 Change-Id: Ifb39a045b98bc2043a98a9787fc61cbcddc368e0
2018-06-08bsc-nat: ipaccess_auth_bsc: Close bsc conn immediately on bad format receivedPau Espin Pedrol1-0/+2
This commit changes behaviour to a (imho) better logic and is a preparation for follow-up commits to avoid heap-use-after-free error when closing the bsc connection. Previously, authentication would still not be accepted but the connection would be staying alive for a while until id_timeout timer triggers. Let's close the connection immediately instead, this way BSC side can see quickly something is wrong with what it is sending. Furthermore, this way the logic of the function is simplified: If auth goes well, conn is alive. If auth goes wrong, conn is closed. Change-Id: I972961b8967076c56c607f98c2360054144951e4
2018-06-08bsc-nat: forward_sccp_to_msc: Fix memleak on receive from non authenticated bscPau Espin Pedrol1-2/+1
variable "parsed" was not being freed in this case. By calling exit2 we make sure it is freed. Change-Id: Ifd0c145ff733fdfb2f6fcb32065de99ee951d106
2018-06-08bsc-nat: forward_sccp_to_msc: Remove unneeded exit3 sectionPau Espin Pedrol1-10/+3
exit3 is the same as exit2 with the addition of calling bsc_send_con_refuse(). Since exit3 path is only followed once, it's easier to call bsc_send_con_refuse() on that code path and remove exit3 entirely in order to simplify the function. Change-Id: I2ba0aeca1ee0fffd75019bfba37907f0b8015066
2018-06-08bsc-nat: forward_sccp_to_msc: Remove unneeded gotoPau Espin Pedrol1-2/+0
Change-Id: I1e98ef1dd410aa3e534666356a74590dac87b918
2018-06-08bsc-nat: bsc_nat_filter_ipa: Improve documentationPau Espin Pedrol1-1/+3
Change-Id: I91b18aeb8bdc2a1b392474318b1df1b4b1fee5a3
2018-06-08bsc-nat: Avoid sending reset ack twice in a rowPau Espin Pedrol1-1/+0
Fixes: 38a77d0098b21e14a42a91fd83bc8179b2978555 Change-Id: Iedf45a787d5e684b2f199e8e947da434fe75cf05
2018-05-30bsc_nat.c: Return correct err code to avoid heap-user-after-freePau Espin Pedrol1-15/+16
When ipaccess_bsc_read_cb calls bsc_close_connection, the osmo_fd struct is freed, so we need to indicate to osmo_wqueue_bfd_cb that it should not continue using the fd pointer after we return. Fixes following AdressSanitizer report: <0015> openbsc/openbsc/src/osmo-bsc_nat/bsc_nat.c:1317 The connection to the BSC Nr: -1 was lost. Cleaning it ================================================================= ==27028==ERROR: AddressSanitizer: heap-use-after-free on address 0x6160000c521c at pc 0x7ffff606b056 bp 0x7fffffffe170 sp 0x7fffffffe168 READ of size 4 at 0x6160000c521c thread T0 #0 0x7ffff606b055 in osmo_wqueue_bfd_cb libosmocore/src/write_queue.c:65 #1 0x7ffff6055c3b in osmo_fd_disp_fds libosmocore/src/select.c:217 #2 0x7ffff6055ed5 in osmo_select_main libosmocore/src/select.c:257 #3 0x421c82 in main openbsc/openbsc/src/osmo-bsc_nat/bsc_nat.c:1713 #4 0x7ffff4803b44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44) #5 0x406438 (/bin/osmo-bsc_nat+0x406438) Fixes: OS#3300 Change-Id: I120f646601bd4275b9088d0d73000ce04564bc6b
2018-04-16nat: Add jitter buffer on the uplink receiverPau Espin Pedrol2-0/+86
Default usage values are defined in mgcp node, and can be per-BSC overriden on each bsc node. Change-Id: Ibf3932adc07442fb5e9c7a06404853f9d0a20959
2018-04-11bsc_nat: ctrl: Fix crash on receveing bsc replyPau Espin Pedrol1-2/+8
Since libosmocore 7c0031fc8063771e604976233fb7b46d2b85c077, the cmd param passed to handlers in ctrl_handle_msg is always freed afterwards, thus it is owned by the same function. Avoid keeping it alive and accessing it later when it has already been freed. Related: OS#3157 Change-Id: Ib1e1fb79746d4a4f3e30254fdb7a7e851c2cd0e4
2018-04-11bsc_nat: Drop redundant ccon ptr in bsc_cmd_listPau Espin Pedrol2-6/+5
Change-Id: Ic2e4ca7d8eb4e8f71dc773b3f2c0f09709d90a94
2018-04-11bsc_nat: forward_to_bsc: Fix memleak on send failurePau Espin Pedrol1-1/+2
Change-Id: If0dfae40f03db297eeb4e296daf5fe78ba53a11b
2018-04-11bsc_nat: forward_to_bsc: remove one level of indentationPau Espin Pedrol1-45/+46
Change-Id: I105be500399259a97ef711f17b4a51e72dc8cc53
2018-04-11bsc_nat: ctrl: fix memleak on reply receivalPau Espin Pedrol1-4/+3
Change-Id: I146c4a561b0cd62779d60da3b55b96e24438bd89
2018-03-29Migrate from OpenSSL to osmo_get_rand_id()Neels Hofmeyr1-4/+2
Drop OpenSSL/libcrypto dependency, use osmo_get_rand_id() instead. Backport osmo-msc 753c15de2f00e24f76ac9b01a20e1e2ff0f86ce2 = I71cd631704a4dc155c6c752fee2a42cd6e2fa336 " Migrate from OpenSSL to osmo_get_rand_id() This avoids potential licensing incompatibility and makes integration of Debian packaging patches easier. " Apply similar changes in bsc-nat, mm_auth_test etc. Tested manually with osmo-nitb and sysmoBTS, and verified that Authentication Requests send heterogenous RAND tokens. Related: OS#1694 Change-Id: I81ebd55c7c90a436c5f2090e6790d78b773d2c92
2017-11-01vty: skip installing cmds now always installed by defaultNeels Hofmeyr1-3/+0
vty_install_default() and install_default() will soon be deprecated. Depends: I5021c64a787b63314e0f2f1cba0b8fc7bff4f09b Change-Id: I4951982fc78ae167d8e16a672d7af44d703721a9
2017-06-09don't re-implement osmo_talloc_replace_string()Harald Welte3-16/+16
osmo_talloc_replace_string() was introducd into libosmocore in 2014, see commit f3c7e85d05f7b2b7bf093162b776f71b2bc6420d There's no reason for us to re-implement this as bsc_replace_string here. Change-Id: I6d2fcaabbc74730f6f491a2b2d5c784ccafc6602