diff options
author | Jacob Erlbeck <jerlbeck@sysmocom.de> | 2014-06-06 18:49:23 +0200 |
---|---|---|
committer | Holger Hans Peter Freyther <holger@moiji-mobile.com> | 2014-07-22 16:56:33 +0200 |
commit | 7c101d922e54af3b990a2a8d86ded18c3f3b89c7 (patch) | |
tree | c4ac8dd4f4ac0d7024a81de5f87e89f4bc2f66d7 /openbsc/src/gprs/gb_proxy.c | |
parent | 006c038212e1d79938810812c218a4fe4aad737c (diff) |
gprs: Track IMSI/TLLI to control APN patching
This patch adds IMSI/TLLI connection tracking and uses it to control
APN patching based on the IMSI. TLLI entries can expire based on age
and/or by limiting the TLLI list size.
VTY config-gbproxy:
no core-access-point-name disable APN patching
core-access-point-name none remove APN if present
core-access-point-name APN replace APN if present
core-access-point-name none match-imsi RE remove if IMSI matches
core-access-point-name APN match-imsi RE replace if IMSI matches
tlli-list max-age SECONDS expire after SECONDS
no tlli-list max-age don't expire by age
tlli-list max-length N keep N entries only
no tlli-list max-length don't limit list length
RE is an extended regular expression, e.g. ^12345|^23456
Ticket: OW#1192
Sponsored-by: On-Waves ehf
Diffstat (limited to 'openbsc/src/gprs/gb_proxy.c')
-rw-r--r-- | openbsc/src/gprs/gb_proxy.c | 324 |
1 files changed, 312 insertions, 12 deletions
diff --git a/openbsc/src/gprs/gb_proxy.c b/openbsc/src/gprs/gb_proxy.c index 4f6ac24be..8fee4acbd 100644 --- a/openbsc/src/gprs/gb_proxy.c +++ b/openbsc/src/gprs/gb_proxy.c @@ -29,6 +29,7 @@ #include <sys/fcntl.h> #include <sys/stat.h> #include <arpa/inet.h> +#include <time.h> #include <osmocom/core/talloc.h> #include <osmocom/core/select.h> @@ -39,6 +40,8 @@ #include <osmocom/gprs/gprs_ns.h> #include <osmocom/gprs/gprs_bssgp.h> +#include <osmocom/gsm/gsm_utils.h> + #include <openbsc/signal.h> #include <openbsc/debug.h> #include <openbsc/gb_proxy.h> @@ -128,9 +131,18 @@ static const struct rate_ctr_group_desc peer_ctrg_desc = { .ctr_desc = peer_ctr_description, }; +struct { + int check_imsi; + regex_t imsi_re_comp; +} gbprox_global_patch_state = {0,}; + struct gbprox_patch_state { int local_mnc; int local_mcc; + + /* List of TLLIs for which patching is enabled */ + struct llist_head enabled_tllis; + int enabled_tllis_count; }; struct gbprox_peer { @@ -155,6 +167,8 @@ struct gbprox_peer { /* Linked list of all Gb peers (except SGSN) */ static LLIST_HEAD(gbprox_bts_peers); +static void gbprox_delete_tllis(struct gbprox_peer *peer); + /* Find the gbprox_peer by its BVCI */ static struct gbprox_peer *peer_by_bvci(uint16_t bvci) { @@ -237,6 +251,8 @@ static struct gbprox_peer *peer_alloc(uint16_t bvci) llist_add(&peer->list, &gbprox_bts_peers); + INIT_LLIST_HEAD(&peer->patch_state.enabled_tllis); + return peer; } @@ -244,6 +260,9 @@ static void peer_free(struct gbprox_peer *peer) { rate_ctr_group_free(peer->ctrg); llist_del(&peer->list); + + gbprox_delete_tllis(peer); + talloc_free(peer); } @@ -378,6 +397,275 @@ int gbprox_str_to_apn(uint8_t *apn_enc, const char *str, size_t max_chars) return len; } +struct gbprox_tlli_info { + struct llist_head list; + + uint32_t tlli; + time_t timestamp; + uint8_t *mi_data; + size_t mi_data_len; +}; + +static struct gbprox_tlli_info *gbprox_find_tlli(struct gbprox_peer *peer, + uint32_t tlli) +{ + struct gbprox_tlli_info *tlli_info; + struct gbprox_patch_state *state = &peer->patch_state; + + llist_for_each_entry(tlli_info, &state->enabled_tllis, list) + if (tlli_info->tlli == tlli) + return tlli_info; + + return NULL; +} + +static struct gbprox_tlli_info *gbprox_find_tlli_by_mi( + struct gbprox_peer *peer, + const uint8_t *mi_data, + size_t mi_data_len) +{ + struct gbprox_tlli_info *tlli_info; + struct gbprox_patch_state *state = &peer->patch_state; + + llist_for_each_entry(tlli_info, &state->enabled_tllis, list) { + if (tlli_info->mi_data_len != mi_data_len) + continue; + if (memcmp(tlli_info->mi_data, mi_data, mi_data_len) != 0) + continue; + + return tlli_info; + } + + return NULL; +} + +static void gbprox_delete_tlli(struct gbprox_peer *peer, + struct gbprox_tlli_info *tlli_info) +{ + struct gbprox_patch_state *state = &peer->patch_state; + + llist_del(&tlli_info->list); + talloc_free(tlli_info); + state->enabled_tllis_count -= 1; +} + +static void gbprox_delete_tllis(struct gbprox_peer *peer) +{ + struct gbprox_tlli_info *tlli_info, *nxt; + struct gbprox_patch_state *state = &peer->patch_state; + + llist_for_each_entry_safe(tlli_info, nxt, &state->enabled_tllis, list) { + llist_del(&tlli_info->list); + talloc_free(tlli_info); + } + + OSMO_ASSERT(llist_empty(&state->enabled_tllis)); +} + +int gbprox_set_patch_filter(const char *filter, const char **err_msg) +{ + static char err_buf[300]; + int rc; + + if (gbprox_global_patch_state.check_imsi) { + regfree(&gbprox_global_patch_state.imsi_re_comp); + gbprox_global_patch_state.check_imsi = 0; + } + + if (!filter) + return 0; + + rc = regcomp(&gbprox_global_patch_state.imsi_re_comp, filter, + REG_EXTENDED | REG_NOSUB | REG_ICASE); + + if (rc == 0) { + gbprox_global_patch_state.check_imsi = 1; + return 0; + } + + if (err_msg) { + regerror(rc, &gbprox_global_patch_state.imsi_re_comp, + err_buf, sizeof(err_buf)); + *err_msg = err_buf; + } + + return -1; +} + +static int gbprox_check_imsi(struct gbprox_peer *peer, + const uint8_t *imsi, size_t imsi_len) +{ + char mi_buf[200]; + int rc; + + if (!gbprox_global_patch_state.check_imsi) + return 1; + + rc = gsm48_mi_to_string(mi_buf, sizeof(mi_buf), imsi, imsi_len); + if (rc < 1) { + LOGP(DGPRS, LOGL_NOTICE, "Invalid IMSI %s\n", + osmo_hexdump(imsi, imsi_len)); + return -1; + } + + LOGP(DGPRS, LOGL_DEBUG, "Checking IMSI '%s' (%d)\n", mi_buf, rc); + + rc = regexec(&gbprox_global_patch_state.imsi_re_comp, mi_buf, 0, NULL, 0); + if (rc == REG_NOMATCH) { + LOGP(DGPRS, LOGL_INFO, + "IMSI '%s' doesn't match pattern '%s'\n", + mi_buf, gbcfg.match_re); + return 0; + } + + return 1; +} + +static int gbprox_remove_stale_ttlis(struct gbprox_peer *peer, time_t now) +{ + struct gbprox_patch_state *state = &peer->patch_state; + struct gbprox_tlli_info *tlli_info = NULL, *nxt; + int count = 0; + int deleted_count = 0; + + llist_for_each_entry_safe(tlli_info, nxt, &state->enabled_tllis, list) { + int is_stale = 0; + time_t age = now - tlli_info->timestamp; + + count += 1; + + if (gbcfg.tlli_max_len > 0) + is_stale = is_stale || count > gbcfg.tlli_max_len; + + if (gbcfg.tlli_max_age > 0) + is_stale = is_stale || age > gbcfg.tlli_max_age; + + if (!is_stale) + continue; + + LOGP(DGPRS, LOGL_INFO, + "Removing TLLI %08x from list (stale)\n", + tlli_info->tlli); + + gbprox_delete_tlli(peer, tlli_info); + tlli_info = NULL; + + deleted_count += 1; + } + + return deleted_count; +} + +static void gbprox_register_tlli(struct gbprox_peer *peer, uint32_t tlli, + const uint8_t *imsi, size_t imsi_len) +{ + struct gbprox_patch_state *state = &peer->patch_state; + struct gbprox_tlli_info *tlli_info; + int enable_patching; + time_t now = 0; + + if (gprs_tlli_type(tlli) != TLLI_LOCAL) + return; + + if (!imsi || (imsi[0] & GSM_MI_TYPE_MASK) != GSM_MI_TYPE_IMSI) + return; + + if (!gbprox_global_patch_state.check_imsi) + return; + + tlli_info = gbprox_find_tlli(peer, tlli); + + /* Check, whether the IMSI matches */ + enable_patching = gbprox_check_imsi(peer, imsi, imsi_len); + + if (enable_patching < 0) + return; + + if (!tlli_info) { + tlli_info = gbprox_find_tlli_by_mi(peer, imsi, imsi_len); + + if (tlli_info) { + /* TLLI has changed somehow, adjust it */ + LOGP(DGPRS, LOGL_INFO, + "The TLLI has changed from %08x to %08x\n", + tlli_info->tlli, tlli); + tlli_info->tlli = tlli; + } + } + + if (!tlli_info) { + if (!enable_patching) + return; + + LOGP(DGPRS, LOGL_INFO, "Adding TLLI %08x to list\n", tlli); + tlli_info = talloc_zero(peer, struct gbprox_tlli_info); + tlli_info->tlli = tlli; + } else { + llist_del(&tlli_info->list); + OSMO_ASSERT(state->enabled_tllis_count > 0); + state->enabled_tllis_count -= 1; + } + + OSMO_ASSERT(tlli_info != NULL); + + if (enable_patching) { + now = time(NULL); + + tlli_info->timestamp = now; + llist_add(&tlli_info->list, &state->enabled_tllis); + state->enabled_tllis_count += 1; + + gbprox_remove_stale_ttlis(peer, now); + + if (tlli_info != llist_entry(state->enabled_tllis.next, + struct gbprox_tlli_info, list)) { + LOGP(DGPRS, LOGL_ERROR, + "Unexpectedly removed new TLLI entry as stale, " + "TLLI %08x\n", tlli); + tlli_info = NULL; + } + } else { + LOGP(DGPRS, LOGL_INFO, + "Removing TLLI %08x from list (patching no longer enabled)\n", + tlli); + talloc_free(tlli_info); + tlli_info = NULL; + } + + if (tlli_info) { + tlli_info->mi_data_len = imsi_len; + tlli_info->mi_data = + talloc_realloc_size(tlli_info, tlli_info->mi_data, imsi_len); + OSMO_ASSERT(tlli_info->mi_data != NULL); + memcpy(tlli_info->mi_data, imsi, imsi_len); + } +} + +static void gbprox_unregister_tlli(struct gbprox_peer *peer, uint32_t tlli) +{ + struct gbprox_tlli_info *tlli_info; + + tlli_info = gbprox_find_tlli(peer, tlli); + if (tlli_info) { + LOGP(DGPRS, LOGL_INFO, + "Removing TLLI %08x from list\n", + tlli); + llist_del(&tlli_info->list); + talloc_free(tlli_info); + } +} + +static int gbprox_check_tlli(struct gbprox_peer *peer, uint32_t tlli) +{ + LOGP(DGPRS, LOGL_INFO, "Checking TLLI %08x, class: %d\n", + tlli, gprs_tlli_type(tlli)); + if (gprs_tlli_type(tlli) != TLLI_LOCAL) + return 0; + + return !gbprox_global_patch_state.check_imsi || + gbprox_find_tlli(peer, tlli) != NULL; +} + /* check whether patching is enabled at this level */ static int patching_is_enabled(enum gbproxy_patch_mode need_at_least) { @@ -715,7 +1003,7 @@ struct gbprox_peer *peer_by_bssgp_tlv(struct tlv_parsed *tp) static int gbprox_patch_dtap(struct msgb *msg, uint8_t *data, size_t data_len, struct gbprox_peer *peer, int to_bss, - int *len_change) + uint32_t tlli, int *len_change) { struct gsm48_hdr *g48h; @@ -767,8 +1055,16 @@ static int gbprox_patch_dtap(struct msgb *msg, uint8_t *data, size_t data_len, break; if (gbcfg.core_apn == NULL) break; + if (!gbprox_check_tlli(peer, tlli)) + break; return gbprox_patch_gsm_act_pdp_req(msg, data, data_len, peer, to_bss, len_change); + + case GSM48_MT_GMM_DETACH_ACK: + case GSM48_MT_GMM_DETACH_REQ: + gbprox_unregister_tlli(peer, tlli); + break; + default: break; }; @@ -777,7 +1073,9 @@ static int gbprox_patch_dtap(struct msgb *msg, uint8_t *data, size_t data_len, } static void gbprox_patch_llc(struct msgb *msg, uint8_t *llc, size_t llc_len, - struct gbprox_peer *peer, int to_bss) + struct gbprox_peer *peer, int to_bss, + struct bssgp_ud_hdr *budh, + struct tlv_parsed *bssgp_tp) { struct gprs_llc_hdr_parsed ghp = {0}; int rc; @@ -787,6 +1085,7 @@ static void gbprox_patch_llc(struct msgb *msg, uint8_t *llc, size_t llc_len, int len_change = 0; const char *err_info = NULL; int err_ctr = -1; + uint32_t tlli = budh ? ntohl(budh->tlli) : 0; /* parse LLC */ rc = gprs_llc_hdr_parse(&ghp, llc, llc_len); @@ -806,6 +1105,12 @@ static void gbprox_patch_llc(struct msgb *msg, uint8_t *llc, size_t llc_len, if (ghp.sapi != GPRS_SAPI_GMM) return; + if (gbcfg.core_apn && to_bss && tlli && + TLVP_PRESENT(bssgp_tp, BSSGP_IE_IMSI)) + gbprox_register_tlli(peer, tlli, + TLVP_VAL(bssgp_tp, BSSGP_IE_IMSI), + TLVP_LEN(bssgp_tp, BSSGP_IE_IMSI)); + if (ghp.cmd != GPRS_LLC_UI) return; @@ -829,7 +1134,7 @@ static void gbprox_patch_llc(struct msgb *msg, uint8_t *llc, size_t llc_len, data_len = ghp.data_len; rc = gbprox_patch_dtap(msg, data, data_len, peer, to_bss, - &len_change); + tlli, &len_change); if (rc > 0) { llc_len += len_change; @@ -875,10 +1180,9 @@ static void gbprox_patch_bssgp_message(struct msgb *msg, struct gbprox_peer *peer, int to_bss) { struct bssgp_normal_hdr *bgph; - struct bssgp_ud_hdr *budh; + struct bssgp_ud_hdr *budh = NULL; struct tlv_parsed tp; uint8_t pdu_type; - struct gbprox_patch_state *state = NULL; uint8_t *data; size_t data_len; @@ -886,11 +1190,12 @@ static void gbprox_patch_bssgp_message(struct msgb *msg, return; bgph = (struct bssgp_normal_hdr *) msgb_bssgph(msg); - budh = (struct bssgp_ud_hdr *) msgb_bssgph(msg); pdu_type = bgph->pdu_type; if (pdu_type == BSSGP_PDUT_UL_UNITDATA || pdu_type == BSSGP_PDUT_DL_UNITDATA) { + budh = (struct bssgp_ud_hdr *) msgb_bssgph(msg); + bgph = NULL; data = budh->data; data_len = msgb_bssgp_len(msg) - sizeof(*budh); } else { @@ -919,11 +1224,6 @@ static void gbprox_patch_bssgp_message(struct msgb *msg, return; } - state = &peer->patch_state; - - if (to_bss && !state->local_mcc && !state->local_mnc) - return; - if (TLVP_PRESENT(&tp, BSSGP_IE_ROUTEING_AREA)) { gbprox_patch_raid((uint8_t *)TLVP_VAL(&tp, BSSGP_IE_ROUTEING_AREA), peer, to_bss, "ROUTING_AREA"); @@ -937,7 +1237,7 @@ static void gbprox_patch_bssgp_message(struct msgb *msg, patching_is_enabled(GBPROX_PATCH_LLC_ATTACH_REQ)) { uint8_t *llc = (uint8_t *)TLVP_VAL(&tp, BSSGP_IE_LLC_PDU); size_t llc_len = TLVP_LEN(&tp, BSSGP_IE_LLC_PDU); - gbprox_patch_llc(msg, llc, llc_len, peer, to_bss); + gbprox_patch_llc(msg, llc, llc_len, peer, to_bss, budh, &tp); /* Note that the tp struct might contain invalid pointers here * if the LLC field has changed its size */ } |