Age | Commit message (Collapse) | Author | Files | Lines |
|
Numerous manual adjustments are included to make sense on the sysmocom/iu branch:
* gsm_04_08_gprs.h has moved to libosmocore on the master branch, but
sysmocom/iu has added some entries. Until it is clear whether to move the
additions to libosmocore as well, keep gsm_04_08_gprs.h on sysmocom/iu with
merely the additions.
* Thus, keep using the old gsm_04_08_gprs.[hc] from openbsc in the Makefiles,
but only where the sysmocom/iu additions are needed.
* In openbsc's gsm_04_08_gprs.h,
* include the libosmocore gsm_04_08_gprs.h,
* use '#pragma once' instead of #ifndef and
* add a TODO comment about moving the rest to libosmocore.
* Apply the addition of an osmo_auth_vector to gsm_auth_tuple: in the Iu auth
vector hacks, use the gsm_auth_tuple.vec instead of a local struct.
See iu_hack__get_hardcoded_auth_tuple() and gsm48_rx_gmm_att_req().
* In the si2q tests, pass NULL as ctx to gsm_network_init().
* In cscn_main.c, add a debug log that was originally added to osmo-nitb.
* openbsc/.gitignore: keep only one addition of 'writtenconfig'
Conflicts:
openbsc/include/openbsc/gprs_sgsn.h
openbsc/include/openbsc/gsm_04_08_gprs.h
openbsc/src/gprs/gsm_04_08_gprs.c
openbsc/src/libmsc/gsm_04_08.c
openbsc/src/osmo-cscn/cscn_main.c
openbsc/tests/gsm0408/Makefile.am
|
|
When receiving authentication response or security mode complete messages,
actually release the security operation stored with the subscriber conn.
|
|
Just return 0 regardless of the security callback's return value when
receiving authentication response or security mode complete messages.
|
|
By having conn->in_release == 1, calling msc_release_connection() has no
effect and thus never frees the conn. So, after all pending requests have
been discarded, also discard and free the unused connection.
|
|
In gsm04_08_clear_request(), in_release == 1 anyway and
msc_release_connection() would exit immediately without any effect. Don't
confuse the reader by passing release=1 arg.
|
|
Subscriber conn stuff doesn't really belong in gsm_subscriber.c.
(I moved because I thought it would call some static functions in gsm_04_08.c,
which ended up not being the case; anyway, it makes more sense to stay in
gsm_04_08.c.)
|
|
During peliminary paging response testing, I introduced some code duplication.
Remove that and instead call the code that was there before 63b99ced83773d923
("add preliminary paging response handling, incomplete").
By calling the gsm_subscriber API, the connection is also secured and hence
Integrity Protection is enabled for IuCS.
|
|
Tweak debug logging, use paging category DPAG.
Change the order of arguments to make more sense in the causal relationship.
|
|
Rename subscr_request_channel() to _conn() and remove the channel_type arg.
The "channel" is a term from closely tied MSC+BSC code, after separation we
shall call it a "connection", i.e. over IuCS or A.
The channel_type arg is already unused from a previous MSCSPLIT commit.
|
|
Add function subscr_authorized(), absorbing the guts of static
authorize_subscriber() from gsm_04_08.c, except the parts specific to Location
Updating.
subscr_authorized() is a check that is to be added to validation of a paging
response.
|
|
Rather than having a 'private' structure for kc, sres and rand, we
now finally (with 4 years delay) use osmo_auth_vector from libosmogsm,
which encapsulates authentication vectors that can be either GSM
triplets or UMTS quintuples or a combination of both.
gsm_auth_tuple becomes a wrapper around osmo_auth_vector, adding
use_count and key_seq to it.
key_seq is no longer initialized inside gprs_gsup_messages.c, as there
is no CKSN / key_seq inside the message anyway. If a usre of the code
needs key_seq, they need to manage it themselves.
|
|
In case both TCH/H and TCH/F or different codecs are configured and
internal MNCC handler is used we might end up in a situation where call
legs with incompatible channel types or codecs would be connected
resulting in a broken audio. Disconnect such calls with appropriate
error message.
Fixes: OS#1663
|
|
|
|
In handle_paging_response(), don't check conn against NULL after using it all
the time anyway.
To ensure beyond doubt that it is actually never NULL, assert conn further up
in the call stack, i.e. in gsm0408_dispatch(), the main entry point for
receiving data from the BSC/RNC level. Also assert msg while at it.
Fixes: CID#93769
|
|
This provides helpful information for debugging internal MNCC handler.
|
|
In gsm_04_08.c, add a static handle_paging_resp() to take over from the libbsc
function gsm48_handle_paging_resp(). Use the subscr->requests listing to handle
a Paging Response and call the pending cbfn.
In NITB, this used to be done via BTS, and I haven't entirely resolved yet how
exactly to rewire this in standalone libmsc. So far, this "works for me", but
is worth another visit.
Still missing: enable Integrity Protection.
|
|
|
|
|
|
|
|
Factor out hardcoded-Ki and auth tuple creation into a static function.
Add generation of fresh random bytes and generate a valid auth tuple so that
the authentication token is different for every MM Auth.
|
|
|
|
|
|
Upon authentication response, initiate integrity protection for Iu by sending a
Security Mode Command (IK), with hardcoded auth tuple so far.
Implement RANAP event handling to receive Security Mode Complete message,
adding stubs for the other events; in new files osmo-cscn/iucs_ranap.[hc] to
keep RANAP dependencies separate, and particularly out of libmsc.
Upon receiving Security Mode Complete, call the security operation callback
(conn->sec_operation->cb) to complete the Location Update.
Introduce enum integrity_protection_state constants to indicate integrity
protection, record in gsm_subscriber_conn.iu.integrity_protection.
Make subscr_conn_lookup_iu() non-static and declare in iu_cs.h to be able to
call from iucs_ranap.c's Security Mode Complete event.
Implement dummy iu_tx_sec_mode_cmd() to allow tests to build without RANAP
dependencies.
In cscn_main.c, call iucs_rx_ranap_event(), to populate the struct gsm_network
struct with cscn_network explicitly (don't share cscn_network across
compilation scopes because it's ugly).
|
|
directly
|
|
Prepares for calling from IuCS RANAP events.
|
|
|
|
|
|
libosmocore recently added inline functions to relieve callers from applying
bitmasks and bit shifts to access the transaction id of a GSM 04.08 header.
Apply these functions.
|
|
Replace hardcoded protocol discriminator and message type bitmasks with
function calls recently introduced in libosmocore.
Note that the release 98 bitmasks slightly differ from the release 99 bitmasks.
This patch uses the "default" gsm48_hdr_msg_type invocation, thus it depends on
libosmocore whether 98 or 99 bitmasks are used.
In some places, use of the bitmask was erratic. Fix these implicitly by
employing the bitmask functions:
* silent_call.c: silent_call_reroute(): add missing bitmask for MM.
* bsc_msg_filter.c: bsc_msg_filter_initial(): RR vs. MM messages.
* osmo_bsc_filter.c: bsc_find_msc() and bsc_scan_bts_msg(): RR vs. MM
messages.
* bsc_nat_rewrite.c: bsc_nat_rewrite_msg(): SMS vs. CC messages.
* bsc_ussd.c: no bitmask is applicable for the message types used here.
* gb_proxy.c: gbproxy_imsi_acquisition(): missing bit mask for pdisc.
In gprs_gb_parse.c: gprs_gb_parse_dtap(), add a log notice for unexpected
message types.
|
|
libosmocore recently added inline functions to relieve callers from applying
bitmasks and bit shifts to access the transaction id of a GSM 04.08 header.
Apply these functions.
|
|
Replace hardcoded protocol discriminator and message type bitmasks with
function calls recently introduced in libosmocore.
Note that the release 98 bitmasks slightly differ from the release 99 bitmasks.
This patch uses the "default" gsm48_hdr_msg_type invocation, thus it depends on
libosmocore whether 98 or 99 bitmasks are used.
In some places, use of the bitmask was erratic. Fix these implicitly by
employing the bitmask functions:
* silent_call.c: silent_call_reroute(): add missing bitmask for MM.
* bsc_msg_filter.c: bsc_msg_filter_initial(): RR vs. MM messages.
* osmo_bsc_filter.c: bsc_find_msc() and bsc_scan_bts_msg(): RR vs. MM
messages.
* bsc_nat_rewrite.c: bsc_nat_rewrite_msg(): SMS vs. CC messages.
* bsc_ussd.c: no bitmask is applicable for the message types used here.
* gb_proxy.c: gbproxy_imsi_acquisition(): missing bit mask for pdisc.
In gprs_gb_parse.c: gprs_gb_parse_dtap(), add a log notice for unexpected
message types.
|
|
|
|
So far the code did only auth+ciph or none. Add case handling for only
authentication without ciphering (basically just fill in the blanks).
|
|
|
|
|
|
Depending on conn->via_iface, fail upon missing auth for 3G.
Move the log notice saying "skipping auth" to gsm48_secure_channel() where
conn->via_iface is actually known.
|
|
|
|
|
|
As commented in the code, the GSM_SECURITY_AUTH_FAILED path is never invoked by
the gsm48_secure_channel() function as it is today.
Note that the upcoming Iu auth will probably add a GSM_SECURITY_AUTH_FAILED
status. In that case, sending a LU Reject immediately may be desirable, but
arguably a bit of timeout could make life harder for auth attackers.
The code removed by this patch doesn't send out a LU Reject ever, since a call
to release_loc_updating_req() only releases the connection. To reject, a call
to gsm0408_loc_upd_rej() would be necessary, as seen in loc_upd_rej_cb().
And finally, if _gsm0408_authorize_sec_cb() doesn't do anything about anything,
the same loc_upd_rej_cb() will be run by a timeout and send a LU Reject
properly (as commented in the code).
|
|
|
|
|
|
|
|
The diff between this and master will probably need a lot of review and fixes.
The current state does compile, but I expect pretty much everything to be
broken now. Future development will reinstate proper functionality piecemeal.
The first goal is to get basic signalling to work, then SMS. The voice control
(RTP) is completely disabled now (see "#if BEFORE_MSCSPLIT") and will be fixed
last AFAICT.
|
|
the BSC-side of the API behind gsm0808_submit_dtap() is doing
this resolving again anyway. So let's avoid doing it twice, and avoid
having more dependency of the MSC down into the lchan details.
|
|
|
|
subscr_name() was called from several places:
* either without a check for subscr being NULL, which for example
was causing a segfault if we hand-over a channel before identifying the
subscriber
* or with an explicit NULL check and the ternary operator (?).
We now simplify the code by checking for the NULL Subscriber in subscr_name()
itself.
|
|
I do hope the unimplemented/unknown messages did not return 0 intentionally.
|
|
At Rhizomatica we see that some GSM 04.08 messages are leaked and
have no other indication if that is Call Control, SMS or something
else.
|
|
When a MNCC handler wants to issue the MNCC_BRIDGE primitive
overt the MNCC interface, this was not possible so far via the
MNCC socket. This primitive was so far only available from the
internal MNCC handler, more or less by accident I suppose. The reason
for this is in the way the array of two call references had been passed
into mncc_tx_to_cc().
|
|
In case of the RTP bridge mode we need to select the codec
ourselves. Rely on the same (incomplete) codec selection that
can be done using the mncc-int configuration node. This might
gain bearer capabilities support.
In case of a SDCCH a TCH/F will be attempted to be assigned.
This is an open issue for both modes and there should be a
preference for full or half-rate channels somewhere.
|