Age | Commit message (Collapse) | Author | Files | Lines |
|
The general infrastructure for UMTS AKA is already in place:
* GSUP with capability to send us auth_vectors that contain
either triplets or quintuples
* mm_context that holds such auth_vectors
Add:
* capability to send UMTS AUTN in GMM AUTH REQ
* parse extended UMTS RES
* on auth response, validate expected AKA with vector and received res/sres
* add Auth Failure message to receive resync AUTS token and
* send to HLR
* clear out-of-sync auth tuple
* enter new state for when we're waiting for HLR to resync and send new
tuples so that the next Auth Request will be handled
Original first half of this patch by: Harald Welte <laforge@gnumonks.org>
Full UMTS AKA procedure including AUTS resync tested to work against OsmoHLR
with R99 USIM and Milenage algorithm.
The sgsn_test.c needs adjustment because we're checking the vector's auth_types
now.
Depends: libosmocore change-ids
I277fb3d407396dffa5c07a9c5454d87a415d393f
If943731a78089f0aac3d55245de80596d01314a4
Related: OS#1956
Change-Id: Ie6a0cefba5e4e7f02cc2eaf6ec006ac07d5c1816
|
|
Prepare for replacing gsm_subscriber with vlr_subscriber. vlr_subscriber will
not make sense to be used in gprs, so have a dedicated GPRS subscriber struct.
(Could change if the gprs code were to use libvlr; is currently independent).
Related: OS#1592
Change-Id: Ia8b391ee009c8545763cba04505be3947835120e
|
|
Handle Delete Subscriber Data GSUP message from HLR to disable Packet
Services for a given IMSI.
Change-Id: I6b9b494fa58bcb95bd550c49f8204f00f8fdf628
Related: OS#1645
|
|
Postfix the ran type to clarify the purpose.
Because of the new support of the Iu ran type, there are 2 functions to allocate a mm ctx.
For Iu it's sgsn_mm_ctx_alloc_iu(). For gb it should be named in the same way.
Change-Id: Ic49009e8c20c12308855e1409c09004698c79b95
|
|
GMM is the right term. MM state is already occupied.
Change-Id: I9cfdcf921e4ebd14a5e7ce7489ec4ce5d1f5515f
|
|
Shorten some code and make obvious to the reader that the string copy is done
in a safe way.
Change-Id: I900726cf06d34128db22a3d3d911ee0d1423b1bd
|
|
Use osmo_strlcpy() to fix unsafe invocation of strncpy(), which potentially
left the result unterminated.
Change-Id: I1a119b1760a3e3262538b4b012d476fdce505482
|
|
This is in preparation for moving gsup to libcommon, which is in turn
preparation for libvlr.
Related: OS#1592
Change-Id: I9c95d00f1a9420887a44c938b1d0ee3e20586f4c
|
|
Make sure everything is named gsup_client_ / GSUP_CLIENT_.
Rename static gsup_client_send() to client_send() to avoid clash with public
gprs_gsup_client_send() being renamed to gsup_client_send().
This is in preparation for moving gsup to libcommon, which is in turn
preparation for libvlr. libvlr and osmo-sgsn will use the same GSUP client
code. A number of patches will follow up on this, also for the the OAP client.
Related: OS#1592
Change-Id: I57433973b1c4f6cc1e12e7b1c96b5f719f418b51
|
|
This reverts commit 1611df5226199da2bf2fba3d22d93cc1a6c6c777.
This is due to a segfault introduced to the asan build only. See:
http://lists.osmocom.org/pipermail/openbsc/2016-December/009966.html
Subject: new sanitizer breakage: SIGSEGV in sgsn_create_pdp_ctx()
Date: Tue Dec 13 12:08:32 UTC 2016
Change-Id: Ic926c0e6778947b516994822e3a21d4fde25bb02
|
|
Enable Deactivate PDP context based on the IMSI of the subscriber.
When there are PDP contexts present for a MM context,
PDP context will be deactivated along with GMM Detach(MM context deletion).
If there are no PDP present, MM context will be deleted to avoid
further PDP context request from the MS.
Test cases is added to check this functionality.
Change-Id: Ia0a41aa2218ec2fda4ea17a37c8cc55cba63dd13
|
|
Change-Id: I696a7d25d2f4d19922e05a7e83c4aeec5c44fb07
Fixes: Coverity CID 135156
|
|
Drop extern definitions of talloc_msgb_ctx and use msgb_talloc_ctx_init()
instead.
In sgsn_test.c, use a local variable msgb_ctx to do the talloc report
from the return value of msgb_talloc_ctx_init().
Change-Id: I2f9ace855f0ecbdc9adf5d75bcb1a3d666570de4
|
|
Changing the test to allow still allocated block from the rate
counters.
Change-Id: Ie30e4c3084ee3a138d6b39bb5000234ac814e65f
|
|
According to 3GPP TS 24.008 § 4.7.1.2 some GMM frames are not supposed
to be ciphered. Propagate information about the necessity for
encryption between MM <-> LLC to ensure only proper frames are
encrypted/decrypted/dropped.
Change-Id: I0358905e60d1b182f75caec81bfcc72bbbbb2aa1
Related: OS#1582
|
|
The A&C reference number specified in 3GPP TS 24.008 § 10.5.5.19
identifies particular request sent by network with the related response
sent by MS. The value transparently copied from request to response by
MS: the spec do not specify what exactly should be in there so we use
rand() to decrease chance for collisions.
Note: variable named 'rand' clashes with standard function rand() so it
was renamed.
Change-Id: I3638821a9b4a0532b28dbbb50faa30c4082579f6
Related: OS#1582
|
|
Change-Id: Ia4df145ab03ebcaad70a13601cff60c488a5de54
Related: OS#1582
|
|
(committing just to test gerrit, if it goes through it's still a valid change)
Change-Id: I3291ea2da99cd7f0e2f340b0e6fd6022d088beb8
|
|
This is the entry point for GMM from Gb. We will create a new one
for Iu, so let's be explicit rather than implicit.
Change-Id: I93c074bf99db041117c0dc03dc8255879845a875
|
|
Explicitly mark those sgsn_mm_ctx members that apply for Gb mode and (upcoming)
Iu mode, respectively.
Add some comments in sgsn_mm_ctx.
Change-Id: Ife9b02549f284e2547f16117cf43d7a36948fc4b
Tweaked-By: Neels Hofmeyr <nhofmeyr@sysmocom.de>
|
|
We recently implementd InsertSubscriberData in the SGSN, adapt the test
to reflect that.
|
|
This requires the corresponding commit in libosmocore.
|
|
This requres the corresponding commit in libosmocore.
|
|
Rather than having a 'private' structure for kc, sres and rand, we
now finally (with 4 years delay) use osmo_auth_vector from libosmogsm,
which encapsulates authentication vectors that can be either GSM
triplets or UMTS quintuples or a combination of both.
gsm_auth_tuple becomes a wrapper around osmo_auth_vector, adding
use_count and key_seq to it.
key_seq is no longer initialized inside gprs_gsup_messages.c, as there
is no CKSN / key_seq inside the message anyway. If a usre of the code
needs key_seq, they need to manage it themselves.
|
|
If an MM context cannot be found based on BBSGP info and a RA UPDATE
REQUEST is received, try to find an MM context with an P-TMSI from
which the TLLI could have been derived. This also checks, whether the
routing area matches.
This is similar to the old behaviour removed by the commits
"sgsn: Only look at TLLIs in sgsn_mm_ctx_by_tlli" and
"sgsn: Remove tlli_foreign2local", except that this will only
be done for RA UPDATE REQUESTs now.
Sponsored-by: On-Waves ehf
|
|
This test add different cases of routing area changes.
Sponsored-by: On-Waves ehf
|
|
Currently the code also matches the TLLI against LOCAL and FOREIGN
mappings of the P-TMSI, thus eventually finding MM contexts not
consistent with the TLLI (both tlli and tlli_new differ). On
the other hand, tlli_new is not checked at all.
This commit changes the function to only look at mmctx->tlli,
mmctx->tlli_new, and the routing area.
Sponsored-by: On-Waves ehf
|
|
The BSSGP cell identifier is used to get the RA for the TLLI lookup.
The send_0408_message function used in the tests does not set this,
so the RA identifier is always 0-0-0-0.
This commit adds a parameters to pass the RAID and adds missing
dummy RAIDs.
Note that the CI can still not be set and thus is always 0.
Sponsored-by: On-Waves ehf
|
|
Currently foreign TLLI are sometimes mapped to local TLLI in the
hope that they will match. This seems to sometimes introduce
inconsisties, possibly leading to a failing assertion in
_bssgp_tx_dl_ud.
This mapping should probably reduce the allocation of additional
LLME during routing area changes.
This commit removes tlli_foreign2local.
Sponsored-by: On-Waves ehf
|
|
Currently just the number of intercepted downlink messages is counted
and eventually checked. The contents of the messages is lost. The
PTMSI contained in ATTACH/RAU Accept messages is just 'guessed' by
resetting the random number generator after reference PTMSIs have
been generated. While this works with rand_r, RAND_bytes cannot be
forced to recreate a certain number sequence this way (unless the
backend is replaced).
This commit changes that behaviour so that the last received msgb is
kept and decoded. The PTMSI that has been assigned by the SGSN is
then taken in the affected test cases and used instead of a 'guessed'
one. This is similar to how a real MS would react to the Accept
message.
Sponsored-by: On-Waves ehf
|
|
This (currently empty) function is meant to contain code that cleans
up the left-overs of the test functions. This will be needed by the
next commit that will store the last received msgb for later inspection.
Sponsored-by: On-Waves ehf
|
|
For real networks we need to check if the requested APN string
is allowed and then resolve the GGSN address through DNS. There
are countries with two or three digit MNCs and one could either
try to keep a list of countries that have two/three digits or
just try both of them. I have opted for the later for the ease
of the implementation.
C-Ares doesn't allow to cancel a request so we will need to
have the MMCTX and the Lookup have different lifetimes. We simply
set ->mmctx to NULL in case the MMCTX dies more early.
The selected and verified apn_str will be copied into the out
parameter. In case no static APN/GGSN config is present and the
dynamic mode is enabled a request will be made.
|
|
This is a left-over from the initial system where no PDP
was provided by the system. For now if there is a subscr
attached and no PDP context provisioned. He is not allowed
to have a data connection.
Update the testcase to create the pdp list entry more
early with a wildcard and then change it to a specific
match.
|
|
Copy the hlr-Number into the sgsn_data and use it during
the purgeMS. There is no unit test that looks at the data
we send so I manually verified this by looking at the output.
Below is the output of the test that purges the subscriber.
<000f> gprs_subscriber.c:170 SUBSCR(123456789012345) Sending GSUP, will send: 0c 01 08 21 43 65 87 09 21 43 f5 09 07 91 83 61 26 31 23 f3
|
|
In case there is a subscr attached to the MM context and there
is an encoded MSISDN we will attempt to decode it and in case
of an international number prepend a '+'. Assume that the array
size of gsm_mmcc_called->number is as big as ctx->msisdn for the
strncpy.
|
|
The MSISDN should be present for "security" reasons in the first
activation of a PDP context. Take the encoded MSISDN, store it for
future use and then put it into the PDP activation request.
The MM Context contains a field for a decoded MSISDN already. As
we need to forward the data to the GGSN I want to avoid having to
store TON and NPI in another place. Simply store the data in the
encoded form.
|
|
When handling an incoming GSUP cancellation request, the cancel_type
if effectively ignored, such that is always handled as
GPRS_GSUP_CANCEL_TYPE_UPDATE and never as WITHDRAW.
This commit fixes the expression used to set the variable
is_update_procedure.
Fixes: Coverity CID 1267739
Sponsored-by: On-Waves ehf
|
|
This reverts commit f81cacc6814dde73f203d125b0065d1451a98317.
Since the PURGE MS retry mechanism had been removed, this feature
is not used anymore. It just makes the code more complex.
Conflicts:
openbsc/include/openbsc/gprs_sgsn.h
openbsc/src/gprs/gprs_subscriber.c
openbsc/tests/sgsn/sgsn_test.c
|
|
Currently the APN IE in the Activate PDP Contex Request and the PDP
data that is stored with the subscriber is ignored completely.
This commit adds the sgsn_mm_ctx_find_ggsn_ctx that checks the APN IE
against the subscriber's PDP data entries if both are present. If
there is no match, the request is rejected.
If an APN IE has not been included but PDP data entries are present,
the function checks all of these entries against the static 'apn'
configuration to find a suitable entry.
If an APN has not been determined so far and any APN is allowed, the
configuration is checked with an empty APN string, to allow for
default configurations based on the IMSI prefix only.
If nothing of this succeeded but the request wasn't rejected either,
and there is no 'apn' configuration at all or if any APN is allowed
but a default configuration ist not present, the GGSN with id 0 is
used (if present).
Otherwise the request is rejected ('missing APN').
Ticket: OW#1334
Sponsored-by: On-Waves ehf
|
|
This commit adds the exported functions apn_ctx_find_alloc,
apn_ctx_free, apn_ctx_by_name, and apn_ctx_match to manage and
retrieve APN to GGSN mappings.
The following VTY commands are added to 'config-sgsn':
- apn APN ggsn <0-255>
- apn APN imsi-prefix PREFIX ggsn <0-255>
which maps an APN gateway string to an SGSN id. The SGSN must be
configured in advance. When matching an APN string, entries with a
leading '*' are used for suffix matching, otherwise an exact match is
done. When a prefix is given, it is matched against the IMSI. If
several entries match, a longer matching IMSI prefix has precedence.
If there are several matching entries with the same PREFIX, the entry
with longest matching APN is returned.
Ticket: OW#1334
Sponsored-by: On-Waves ehf
|
|
Currently the PDP info that is transmitted via GSUP is just parsed
and then discarded.
This commit adds a new data structure sgsn_subscriber_pdp_data and
maintains a list of those in sgsn_subscriber_data. The PDP data is
copied from an incoming GSUP UpdateLocationResult message. If that
message contains the PDPInfoComplete flag, the list is cleared before
new entries are added. The 'show subscriber cache' output now also
shows the PDP data entries.
Note that the InsertSubscriberData message is still not supported.
[hfreyther: Added talloc_free in gprs_subscr_pdp_data_clear]
Sponsored-by: On-Waves ehf
|
|
Currently the MM context is not deleted when a GSUP location
cancellation message is processed, because the real
sgsn_update_subscriber_data function has been wrapped to a dummy
implementation.
This commit adds an explicit call to sgsn_mm_ctx_cleanup_free which
also unassigns the LLME, so the call to gprs_llgmm_assign is removed.
It also adds an assertion to check that there are no talloc'ed blocks
left in tall_bsc_ctx.
Addresses:
== 372 bytes in 1 blocks are possibly lost in loss record 7 of 9
== at 0x402A17C: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
== by 0x4059FB8: _talloc_zero (talloc.c:354)
== by 0x8055B82: sgsn_mm_ctx_alloc (gprs_sgsn.c:167)
== by 0x804A336: alloc_mm_ctx (sgsn_test.c:140)
== by 0x804B24D: test_subscriber_gsup (sgsn_test.c:503)
== by 0x804EC99: main (sgsn_test.c:1853)
Sponsored-by: On-Waves ehf
|
|
This commits adds a few asserts that check the value of
subscr->error_cause after a GSUP message has been received.
Sponsored-by: On-Waves ehf
|
|
This commit adds a check after a GSUP message has been decoded
whether it is an error message and does not contain a cause value.
If his is the case, the cause value is set to 'Network failure', so
that this cause if effectively the default value for error messages.
Sponsored-by: On-Waves ehf
|
|
Currently there are not any test cases for PurgeMS GSUP messages in
test_subscriber_gsup.
This commit adds tests for incoming PurgeMSResult and -Error
messages.
Sponsored-by: On-Waves ehf
|
|
Currently the MM context cleanup code is distributed over several
functions. sgsn_mm_ctx_free not only frees data structure but also
eventually stops the timer and does the subscriber clean-up.
mm_ctx_cleanup_free (gprs_gmm.c) cleans up the PDP contexts and
unassign the TLLI.
This commit moves the cleanup code from both functions into a new
unifying function sgsn_mm_ctx_cleanup_free that cares about the
clean-up of all related sub-systems.
Sponsored-by: On-Waves ehf
|
|
Currently, sgsn_update_subscriber_data can be called with mmctx ==
NULL and will find and associate the right context (if present) based
on the subscriber's IMSI. This will not happen in regular use
any more, since sgsn_update_subscriber_data will only be called when
subscribers are used (auth mode 'remote') and in this case
gprs_subscr_get_or_create_by_mmctx will already be called by
sgsn_auth_request. Therefore, MM context and subscriber are always
associated except for some test cases and experimental VTY usage.
The current implementation of sgsn_update_subscriber_data also causes
additional complexity for the deletion on MM contexts to avoid a
ipossible double-free MM contexts.
This commit removes the MM context <-> subscriber association code
from sgsn_update_subscriber_data. That function must always be called
with mmctx != NULL, now. To avoid problems with VTY and test usage,
the calling subscriber function now only call
sgsn_update_subscriber_data when mmctx != NULL, since the purpose of
that function is to update that state of an existing MM context after
subscriber data has been changed.
Sponsored-by: On-Waves ehf
|
|
The old name is somewhat misleading. The function is rather preparing
the subscriber for a subsequent subscr_free, that is possibly invoked
by a subscr_put. It detaches the subscriber from the MM context and
optionally invokes a PURGE_MS procedure. Therefore the _cleanup
suffix is chosen (see mm_ctx_cleanup_free).
Sponsored-by: On-Waves ehf
|
|
Currently gprs_subscr_delete implicitely calls subscr_put, which
makes the code more complex than necessary (additional subscr_get) in
a few places. It also makes it more difficult to see, whether get/put
are balanced within a function. In addition, the functions are not
named consistently (gprs_subscr_delete vs.
gprs_subscr_put_and_cancel).
This commit changes the semantics of gprs_subscr_delete and
indirectly of gprs_subscr_put_and_cancel to not call subscr_put on
their argument, but to leave that for the caller to do it
explicitely.
It renames gprs_subscr_put_and_cancel to gprs_subscr_cancel to
reflect that change in the name, too.
Sponsored-by: On-Waves ehf
|
|
The subscriber cache would help in case:
* GPRS DETACH, GPRS ATTACH. In that case we might still
have some cached authentication tuples we avoid another
sendAuthenticationInfo request.
* After a detach the cache expiry would make sure to
eventually send a purgeMS to the HLR (which might be
ignored).
At the same time to make the cache work we will need to
make sure to start and stop timers. In case we don't
start we might accumulate subscribers. I am afraid that
the above two benefits do not outweight the complexity
of this implementation.
|