aboutsummaryrefslogtreecommitdiffstats
path: root/openbsc/src/osmo-bsc_nat/bsc_ussd.c
AgeCommit message (Collapse)AuthorFilesLines
2020-10-18Migrate from BSC_FD_* to OSMO_FD_*Harald Welte1-2/+2
Change-Id: If45434eb0d7da69feb4001e0ac35f0e297bdeef5
2019-05-16nat: Allocate bsc_nat_parsed on the stack instead of heapPau Espin Pedrol1-7/+4
There's no real need to allocate it using talloc. Allocating it on the stack simplifies the code, avoids mem leaks and makes it faster. Change-Id: I66c44890952339f15131081e2f629a2824b6d3ba
2019-03-28Replace broken ipa_ccm_idtag APIs with new ipa_ccm_id onesPau Espin Pedrol1-3/+3
ipa_ccm_idtag_parse_off is broken, and can only be used with len_offset=1 on ID Request messages, otherwise won't work correctly. Modify ipa_ccm_idtag_parse to at least parse those correctly, and document the limitations. Those two functions are already deprecated and only used in openbsc by 3 callers: * ipa_ccm_idtag_parse in ussd_read_cb(): Broken, that function can only work for Requests and it's used to parse a Response. * ipa_ccm_idtag_parse_off in forward_sccp_to_msc (NAT): Broken, it can only be used to parse Requests and it's used to parse a Response. Furthermore, len_offset=2 is passed which makes no sense and most probably it fails always, or can even make the program crash. * ipa_ccm_idtag_parse_off in (answer_challenge): This one is fine and could actually be replaced with ipa_ccm_id_get_parse after libosmocore commit (see below) is merged. See libosmocore I6efc852dfc041192f554e41a58290a0f63298021 for more information. As a consequence of the fixes, osmo-bsc-nat now parses messages sent from VTY test correctly and thus it goes into processing them instead of silently dropping them. As a result, some VTY tests fail because they are sending incorrect format (missing NULL char in unit id strings) and osmo-bsc-nat closses its connection (due to bad auth). Change-Id: I3b995f8ef0b48c0a5b3375e42926641934359cd2
2018-06-27bsc-nat: Avoid heap-use-after-free on USSD conn lostPau Espin Pedrol1-4/+7
When ussd_read_cb calls bsc_nat_ussd_destroy the osmo_fd struct is freed, so we need to indicate to osmo_wqueue_bfd_cb that it should not continue using the fd pointer after we return. Fixes following AddressSanitizer report: <0015> osmo-bsc_nat/bsc_ussd.c:273 USSD Connection on 13 with IP: 1.2.3.4 <0015> osmo-bsc_nat/bsc_ussd.c:132 USSD Connection was lost. ================================================================= ==18118==ERROR: AddressSanitizer: heap-use-after-free on address 0x61200047c4b4 at pc 0x7ffff6067540 bp 0x7fffffffe170 sp 0x7fffffffe168 READ of size 4 at 0x61200047c4b4 thread T0 #0 0x7ffff606753f in osmo_wqueue_bfd_cb libosmocore/src/write_queue.c:65 #1 0x7ffff605206b in osmo_fd_disp_fds libosmocore/src/select.c:217 #2 0x7ffff6052305 in osmo_select_main libosmocore/src/select.c:257 #3 0x421dfa in main osmo-bsc_nat/bsc_nat.c:1718 #4 0x7ffff47ffb44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44) #5 0x406438 (/bin/osmo-bsc_nat+0x406438) Change-Id: I35854c43524714d07f31d71c775ac1cd0a57d22e
2017-05-10src: use osmo_timer_setup()Pablo Neira Ayuso1-2/+1
Use new function available in libosmocore to set up timers. Compile tested only. Change-Id: Ibcfd915688e97d370a888888a83a7c95cbe16819
2016-04-29use new libosmocore gsm_23_003.h for IMEI/IMSI lengthHarald Welte1-1/+1
... rather than our private definitions everwhere. As an added benefit, gprs_gsup_messages.h is now free of any header dependencies within openbsc.
2016-03-1504.08: apply new transaction id inline functionsNeels Hofmeyr1-1/+1
libosmocore recently added inline functions to relieve callers from applying bitmasks and bit shifts to access the transaction id of a GSM 04.08 header. Apply these functions.
2016-03-1504.08: apply new bitmask functions, fix bitmask useNeels Hofmeyr1-2/+2
Replace hardcoded protocol discriminator and message type bitmasks with function calls recently introduced in libosmocore. Note that the release 98 bitmasks slightly differ from the release 99 bitmasks. This patch uses the "default" gsm48_hdr_msg_type invocation, thus it depends on libosmocore whether 98 or 99 bitmasks are used. In some places, use of the bitmask was erratic. Fix these implicitly by employing the bitmask functions: * silent_call.c: silent_call_reroute(): add missing bitmask for MM. * bsc_msg_filter.c: bsc_msg_filter_initial(): RR vs. MM messages. * osmo_bsc_filter.c: bsc_find_msc() and bsc_scan_bts_msg(): RR vs. MM messages. * bsc_nat_rewrite.c: bsc_nat_rewrite_msg(): SMS vs. CC messages. * bsc_ussd.c: no bitmask is applicable for the message types used here. * gb_proxy.c: gbproxy_imsi_acquisition(): missing bit mask for pdisc. In gprs_gb_parse.c: gprs_gb_parse_dtap(), add a log notice for unexpected message types.
2015-05-03filter: Move the con_type into the filter_stateHolger Hans Peter Freyther1-1/+1
2015-05-03filter: Remove nat_sccp_connection from public APIHolger Hans Peter Freyther1-6/+7
2015-05-03filter: Remove nat from bsc_nat_acc_lst and replace with msgHolger Hans Peter Freyther1-3/+3
2015-05-03filter: Cease out "struct bsc_nat" from the APIHolger Hans Peter Freyther1-1/+1
This means we need to require a talloc context and simply operate on the list. I had considered creating a structure to hold the list head but I didn't find any other members so omitted it for now.
2015-05-03filter: Move the access list management aroundHolger Hans Peter Freyther1-0/+1
2015-04-10nitb: Fix IMSI/IMEI buffer handling (Coverity)Jacob Erlbeck1-1/+1
Currently the handling of the buffers is not done consistently. Some code assumes that the whole buffer may be used to store the string while at other places, the last buffer byte is left untouched in the assumption that it contains a terminating NUL-character. The latter is the correct behaviour. This commit changes to code to not touch the last byte in the buffers and to rely on the last byte being NUL. So the maximum IMSI/IMEI length is GSM_IMSI_LENGTH-1/GSM_IMEI_LENGTH-1. For information: We assume that we allocate the structure with talloc_zero. This means we have NULed the entire imsi array and then only write sizeof - 1 characters to it. So the last byte remains NUL. Fixes: Coverity CID 1206568, 1206567 Sponsored-by: On-Waves ehf
2014-08-20adopt recent IPA related symbol renameHarald Welte1-1/+2
... which happened during recent migration of IPA functionality from libosmo-abis into libosmocore.
2014-04-01ipa: Use enhanced ipa_msg_recv_buffered() to cope with partioned IPA messagesJacob Erlbeck1-2/+6
The old ipa_msg_recv() implementation didn't support partial receive, so IPA connections got disconnected when this happened. This patch adds the handling of the temporary message buffers and uses ipa_msg_recv_buffered(). It has been successfully tested by jerlbeck with osmo-nitb and osmo-bsc. Ticket: OW#768 Sponsored-by: On-Waves ehf
2013-09-02nat: Attempt to follow the MODULE_METHOD pattern for methodsHolger Hans Peter Freyther1-2/+2
Rename methods to be like bsc_ussd_ACTION.
2013-08-14nat/ussd: Add 'show ussd-connection' vty commandJacob Erlbeck1-0/+19
This command returns the current state of the connection to the USSD side channel provider. It shows whether a provider has been connected and authorized or not. Fixes: OW#953
2013-08-13nat: Fix potential memory leak when reading a messageHolger Hans Peter Freyther1-0/+1
Spotted while going through the code with Jacob. We could have leaked the msgb in case of error.
2013-07-03nat: Fix compiler warning and cast uint16_t to uint8_tHolger Hans Peter Freyther1-2/+2
2013-04-29nat: Include LAC/CI as TV values at the end of the 'status' messageHolger Hans Peter Freyther1-0/+10
Extend the status message and send LAC/CI as part of the status message. It is using TV to allow sending more fields in the feature. We only need to encode the data and this is why there is no tlv description yet.
2013-04-22nat: Use memcmp for the token on the USSD interface as wellHolger Hans Peter Freyther1-6/+13
This is similar to the token on the A-interface. There are no more token based authentication in the NAT.
2013-04-16nat: Rename "struct sccp_connections" to "struct nat_sccp_connection"Holger Hans Peter Freyther1-4/+4
The name sccp_connection is used in the osmo-sccp code, sccp_connections was used in the NAT for tracking a sccp_connection. Rename it so it is obvious that the struct belongs to the nat. The rename was done with sed: $ sed -i s,"struct sccp_connections","struct nat_sccp_connection",g \ include/openbsc/*.h src/osmo-bsc_nat/* tests/*/*
2011-08-19src: port openBSC over libosmo-abis0.9.15Pablo Neira Ayuso1-3/+6
This is a big patch that ports openBSC over libosmo-abis. Sorry, the changes that are included here are all dependent of libosmo-abis, splitting them into smaller pieces would leave the repository in some intermediate state, which is not desired. The main changes are: - The directory libabis/ has been removed as it now lives in libosmo-abis. - new configuration file format for nanoBTS and HSL femto, we need to define the virtual e1_line and attach it to the OML link. - all the existing BTS drivers (nanoBTS, hsl femto, Nokia site, BS11 and rbs2000) now use the new libosmo-abis framework. - use r232 input driver available in libosmo-abis for bs11_config. - use ipa_msg_recv instead of old ipaccess_read_msg function. - delete definition of gsm_e1_subslot and input_signal_data. These structures now lives in libosmo-abis. Most of this patch are deletions of libabis/ which has been moved to libosmo-abis. This patch also modifies openBSC to use all the new definitions available in libosmocore and libosmo-abis. In order to do that, we have replaced the following: - DINP, DMI, DMIB and DMUX by their respective DL* correspondences. - SS_GLOBAL by SS_L_GLOBAL - SS_INPUT by SS_L_INPUT - S_GLOBAL_SHUTDOWN by S_L_GLOBAL_SHUTDOWN - SS_INPUT by SS_L_INPUT - S_INP_* by S_L_INP_* sub-signals - E1INP_NODE by L_E1INP_NODE vty node This patch has been tested with: - one nanoBTS - the HSL femto with the examples available under libosmo-abis - BS11 with both dahdi and misdn drivers.
2011-05-07src: use namespace prefix osmo_* for misc utilsPablo Neira Ayuso1-1/+1
Summary of changes: s/bcd2char/osmo_bcd2char/g s/char2bcd/osmo_char2bcd/g s/hexparse/osmo_hexparse/g s/hexdump/osmo_hexdump/g s/hexdump_nospc/osmo_hexdump_nospc/g s/ubit_dump/osmo_ubit_dump/g s/static_assert/osmo_static_assert/g
2011-05-06src: use namespace prefix osmo_counter*Pablo Neira Ayuso1-1/+1
Summary of changes: s/struct counter/struct osmo_counter/g s/counter_inc/osmo_counter_inc/g s/counter_get/osmo_counter_get/g s/counter_reset/osmo_counter_reset/g s/counter_alloc/osmo_counter_alloc/g s/counter_free/osmo_counter_free
2011-05-06src: use namespace prefix osmo_wqueue*Pablo Neira Ayuso1-2/+2
Summary of changes: s/struct write_queue/struct osmo_wqueue/g s/write_queue_init/osmo_wqueue_init/g s/write_queue_clear/osmo_wqueue_clear/g s/write_queue_enqueue/osmo_wqueue_enqueue/g s/write_queue_bfd_cb/osmo_wqueue_bfd_cb/g
2011-05-06src: use namespace prefix osmo_fd* and osmo_select*Pablo Neira Ayuso1-4/+4
Summary of changes: s/struct bsc_fd/struct osmo_fd/g s/bsc_register_fd/osmo_fd_register/g s/bsc_unregister_fd/osmo_fd_unregister/g s/bsc_select_main/osmo_select_main/g
2011-05-06src: use namespace prefix osmo_timer* for timer functionsPablo Neira Ayuso1-3/+3
Summary of changes: s/struct timer_list/struct osmo_timer_list/g s/bsc_add_timer/osmo_timer_add/g s/bsc_schedule_timer/osmo_timer_schedule/g s/bsc_del_timer/osmo_timer_del/g s/bsc_timer_pending/osmo_timer_pending/g s/bsc_nearest_timer/osmo_timers_nearest/g s/bsc_prepare_timers/osmo_timers_prepare/g s/bsc_update_timers/osmo_timers_update/g s/bsc_timer_check/osmo_timers_check/g
2011-04-19ussd: Keep track of used TIs for USSD and forward messagesHolger Hans Peter Freyther1-23/+63
Keep track of the used transaction identifier and always forward messages to the USSD provider. E.g. this can be used to have a dialogue going. Right now it is still possible that the MSC will close down the connection.
2011-04-18nat: Inform the USSD Provider about lost connectionsHolger Hans Peter Freyther1-8/+0
2011-04-13nat: And out the skip_indicator/transaction id from the gsm48 headerHolger Hans Peter Freyther1-1/+3
We need to and out the protocol discriminator as call control might have use transactions. This has only failed for the USSD filter so far as this must deal with transactions.
2011-04-12src: more robust ipaccess_idtag_parse()Pablo Neira Ayuso1-1/+7
Now ipaccess_idtag_parse() returns -EINVAL instead of -1. We also check for the return value of this function in every invocation to skip further processing in case of messages with malformed TLVs. This idea was suggested by Zecke.
2011-04-11nat: Fix a crash due the refactoring and pass the nat again.Holger Hans Peter Freyther1-1/+1
2011-04-06nat: Remember if the MSC accepted the connection on principleHolger Hans Peter Freyther1-0/+4
For the USSD module we only want to handle requests that are legitimate. This is achieved by looking for the CM Service Accept or the BSSAP CIPHER MODE COMMAND.
2011-04-05libcommon: socket: extend make_sock() prototypePablo Neira Ayuso1-1/+1
This patch extends the make_sock() prototype so you can fully set the fields priv_nr and data of the bsc_fd structure. This is the first step to get rid of the internal make_sock() implementation that ipaccess-proxy uses. This patch includes a minor cleanup to pass INADDR_ANY instead of zero, if you do not want to bind the socket to one specific address.
2011-04-01nat: Make the USSD number matching a regexpHolger Hans Peter Freyther1-3/+3
This allows to match multiple numbers and multiple patterns
2011-03-23Fix build of bsc-nat and GPRS code after include path changeHarald Welte1-3/+3
The last patch changed the osmocore include paths, this fixes some build problems caused by it
2011-03-23src: use new library libosmogsm and new path to headers in libosmocorePablo Neira Ayuso1-4/+4
libosmogsm is a new library that is distributed in the libosmocore. Now, openbsc depends on it. This patch gets openbsc with this change. This patch also rewrites all include path to the new osmocom/[gsm|core] Signed-off-by: Pablo Neira Ayuso <pablo@gnumonks.org>
2011-03-03Rename bsc_nat -> osmo-bsc_nat and bsc_mgcp -> osmo-bsc_mgcpHarald Welte1-0/+363
This now enforces a unique structure: All of our main daemon programs start with an "osmo-" prefix.