From 40ecc7d538344d7d6e71ddc1b62e2f9eb2785641 Mon Sep 17 00:00:00 2001 From: Matan Perelman Date: Sun, 31 Dec 2023 11:33:54 +0200 Subject: [PATCH] abis_rsl: Add rach expiry timeout This allows controlling the RACH DoS attack protection without increasing call drops rate. Change-Id: Iff7266672dd8bc9ce2b34b0478d98fb70691f425 --- include/osmocom/bsc/bts.h | 3 +++ src/osmo-bsc/abis_rsl.c | 5 ++--- src/osmo-bsc/bts.c | 1 + src/osmo-bsc/bts_vty.c | 15 +++++++++++++++ 4 files changed, 21 insertions(+), 3 deletions(-) diff --git a/include/osmocom/bsc/bts.h b/include/osmocom/bsc/bts.h index 6974dcad2..a1799eb0a 100644 --- a/include/osmocom/bsc/bts.h +++ b/include/osmocom/bsc/bts.h @@ -663,6 +663,9 @@ struct gsm_bts { /* We will ignore CHAN RQD with access delay greater than rach_max_delay */ uint8_t rach_max_delay; + /* We will ignore CHAN RQD sitting in the queue for period greater than rach_expiry_timeout */ + uint8_t rach_expiry_timeout; + /* Is Fast return to LTE allowed during Chan Release in this BTS? */ bool srvcc_fast_return_allowed; diff --git a/src/osmo-bsc/abis_rsl.c b/src/osmo-bsc/abis_rsl.c index 860e4a249..49e8b52c3 100644 --- a/src/osmo-bsc/abis_rsl.c +++ b/src/osmo-bsc/abis_rsl.c @@ -1975,7 +1975,6 @@ static int rsl_rx_pchan_rqd(struct chan_rqd *rqd) * requests from the queue to prevent the queue from growing indefinetly. */ static void reduce_rach_dos(struct gsm_bts *bts) { - int rlt = gsm_bts_get_radio_link_timeout(bts); time_t timestamp_current = time(NULL); struct chan_rqd *rqd; struct chan_rqd *rqd_tmp; @@ -1983,9 +1982,9 @@ static void reduce_rach_dos(struct gsm_bts *bts) /* Drop all expired channel requests in the list */ llist_for_each_entry_safe(rqd, rqd_tmp, &bts->chan_rqd_queue, entry) { - /* If the channel request is older than the radio link timeout we drop it. This also means that the + /* If the channel request is older than the rach expiry timeout we drop it. This also means that the * queue is under its overflow limit again. */ - if (timestamp_current - rqd->timestamp > rlt) { + if (timestamp_current - rqd->timestamp > bts->rach_expiry_timeout) { LOG_BTS(bts, DRSL, LOGL_INFO, "CHAN RQD: tossing expired channel request" "(ra=0x%02x, neci=0x%02x, chreq_reason=0x%02x)\n", rqd->ref.ra, bts->network->neci, rqd->reason); diff --git a/src/osmo-bsc/bts.c b/src/osmo-bsc/bts.c index 814ba41a4..19041377b 100644 --- a/src/osmo-bsc/bts.c +++ b/src/osmo-bsc/bts.c @@ -470,6 +470,7 @@ struct gsm_bts *gsm_bts_alloc(struct gsm_network *net, struct gsm_bts_sm *bts_sm bts->interf_meas_params_cfg = interf_meas_params_def; bts->rach_max_delay = 63; + bts->rach_expiry_timeout = 32; /* SRVCC is enabled by default */ bts->srvcc_fast_return_allowed = true; diff --git a/src/osmo-bsc/bts_vty.c b/src/osmo-bsc/bts_vty.c index 3af7296f4..ef8b8bdc4 100644 --- a/src/osmo-bsc/bts_vty.c +++ b/src/osmo-bsc/bts_vty.c @@ -772,6 +772,19 @@ DEFUN_ATTR(cfg_bts_rach_max_delay, return CMD_SUCCESS; } +DEFUN_ATTR(cfg_bts_rach_expiry_timeout, + cfg_bts_rach_expiry_timeout_cmd, + "rach expiry-timeout <4-64>", + RACH_STR + "Set the timeout for channel requests expiry\n" + "Maximum timeout before dropping channel requests\n", + CMD_ATTR_IMMEDIATE) +{ + struct gsm_bts *bts = vty->index; + bts->rach_expiry_timeout = atoi(argv[0]); + return CMD_SUCCESS; +} + #define REP_ACCH_STR "FACCH/SACCH repetition\n" DEFUN_USRATTR(cfg_bts_rep_dl_facch, @@ -4516,6 +4529,7 @@ static void config_write_bts_single(struct vty *vty, struct gsm_bts *bts) rach_max_trans_raw2val(bts->si_common.rach_control.max_trans), VTY_NEWLINE); vty_out(vty, " rach max-delay %u%s", bts->rach_max_delay, VTY_NEWLINE); + vty_out(vty, " rach expiry-timeout %u%s", bts->rach_expiry_timeout, VTY_NEWLINE); vty_out(vty, " channel-description attach %u%s", bts->si_common.chan_desc.att, VTY_NEWLINE); @@ -4862,6 +4876,7 @@ int bts_vty_init(void) install_element(BTS_NODE, &cfg_bts_rach_tx_integer_cmd); install_element(BTS_NODE, &cfg_bts_rach_max_trans_cmd); install_element(BTS_NODE, &cfg_bts_rach_max_delay_cmd); + install_element(BTS_NODE, &cfg_bts_rach_expiry_timeout_cmd); install_element(BTS_NODE, &cfg_bts_chan_desc_att_cmd); install_element(BTS_NODE, &cfg_bts_chan_dscr_att_cmd); install_element(BTS_NODE, &cfg_bts_chan_desc_bs_pa_mfrms_cmd);