All addresses in struct tun_t were stored as an in_addr.
But IPv6 addresses need an in6_addr, so switch tun_t addresses
to the in64_addr wrapper struct.
This is an ABI break, as documented in TODO-RELEASE.
Fixes an out of bounds memcpy() identified by Coverity.
Change-Id: Idd2431ad25d7fa182e52e2bd5231ceb04d427c34
Related: CID#174278
Coverity pointed out that a format string used inappropriate
format string directives for variables of type size_t.
Change-Id: I889019aad963932fdc032421e60a72c809a93bca
Related: CID#135197
The variable this->listsize is an unsigned int, but the format
string assumed ptrdiff_t. Found by Coverity.
Change-Id: Ib2a55907adae98f8aa7b079f1c9a3b4fc5f67fc5
Related: CID#188879
Coverity points out that addr.len was potentially being used
uninitialized, via calls to in46a_inc(&addr).
Change-Id: Idb67394e5f4c2072380a33f46c848d92c4317245
Related: CID#174189
When copying an address to a reused static hash table member
with memcpy(), this code mistakenly passed the size of a
pointer as the amount of bytes to be copied, rather than
the actual size of the address.
This means the IP pool could contain bogus IP addresses because
only addr->len (a uint8_t) and 3 further bytes of the address
were actually copied on 32 bit platforms. On 64 bit platforms,
a sufficient amount of bytes were copied for IPv4 to work
correctly, but too few bytes were copied for IPv6.
This problem was found by Coverity.
Replace the bogus memcpy() call with direct assignments to the
appropriate struct in64addr union members, and assert that the
length recorded for the address actually corresponds to the
length used by the address family (IP4, IPv6).
Change-Id: Ic21560f7519e776107485a8779702fb1279d065c
Related: CID#57921
The calloc() call in ippool_new() had two problems.
The first problem is benign: The order of arguments were reversed.
Pass the number of elements in the array first, then the size of
each element, as calloc() expects.
This problem was found by me. There are more instances of this
problem in this file, which I'll address in follow-up patches.
The second problem is that the requested allocation was larger than
necessary: The hash table is an array of pointers to ippoolm_t, not
an array of struct ippoolm_t. Fix the required size passed to calloc().
This problem was found by Coverity.
Change-Id: I93fa5bc539771ca19714f6a665558c9140e2ce07
Related: CID#57920
Coverity complains about a missing ioctl() return value check.
Check for failure of the TUNSETNOCSUM ioctl and log a warning
if it fails.
Change-Id: I88da2164d975d7a232619b8d31c5eadeef0f3a80
Related: CID#57661
Clearing the request and response queue is useful for debugging
to reset "some" state. Otherwise some tests will get un-expected
packets.
Change-Id: I279d1d7cbf5d37dd5609c2b968f317fe9a0e348d
The .tarball-version file should contain the *source version* uniquely
identifying the git commit, and not the Debian package name.
With https://gerrit.osmocom.org/#/c/osmo-ci/+/10343/ there is a correct
.tarball-version file in the .tar.xz of the nightly source packages.
Change-Id: I1466936033c2f60edd1078eb41f3508d87da4402
Related: OS#3449
Sometimes the originating pdp ctx causing the Recovery Procedure is
required, in order to drop all pdp ctx but this one, which specs specify
should be handled as valid:
"""
The SGSN receiving the Recovery information element shall handle it as when an
Echo Response message is received but shall consider the PDP context being created as active if the response indicates
successful context activation at the GGSN.
"""
Change-Id: I53e92298f2f6b84d662a3300d922e8c2ccb178bc
With this API, user is expectd to free the PDP ctx when the confirmation
for the release has been received (cb_conf time). This way user can
maintain the pdp ctx alive during all this time. Extra code is added to
gtp_delete_pdp_resp() since it's now possible to match it and push it up
to the user cb_conf.
This way, cb_conf() can be used for locally-initiated DEL CTX REQ, while
delete_context() cb is left for remotely-initiated DEL CTX REQ. In this
later case, when the DEL CTX RESP is sent the ctx is deleted and the
delete_context() is called, where the user can do related actions or
trigger consequence events (in the case of SGSN, it will drop all
related GGSN bits for that PDP ctx and forward the DEACT PDP CTX to the
MS).
Change-Id: I29d366253bb98dcba328c7ce8aa3e4daf8f75e6c
Parse multiple IPCP IEs embedded in Protocol Configuration Options,
and return IPCP responses for all of them. Makes the associated
TTCN3 GGSN test pass.
Depends: Ia1410abb216831864042f95679330f4508e1af3d
Change-Id: I51ecab4e35f3ee638e68ca773b0da90cc0294ab0
Related: OS#3319
IPCP data can begin at any byte location in the pco_req->v array.
Casting to a 'struct ipcp_hdr' pointer could lead to unaligned access.
Parse IPCP data with u_int8_t pointers instead to avoid this problem.
Add some length checks while here.
pco_contains_proto() and ipcp_contains_option() now receive the minimum
size of the data the caller is looking for, and only return pointers
to items of sufficient size.
Also fix an inifinite loop in ipcp_contains_option() by refusing
IPCP options with length small than 2. Previously, a zero length
option would trigger an infinite loop in the parser.
Change-Id: Ia1410abb216831864042f95679330f4508e1af3d
Related: OS#3194
According to 3GPP TS 29.060 section "7.3.5
Delete PDP Context Request", both directions are valid in both GSNs.
This allows osmo-sgsn receive delete ctx indication (cb_delete_context)
in order to implement GGSN initiated requests.
Change-Id: I6927c07be4ddf74defe338d01d947056e15cd14d
struct ipcp_option_hdr and struct ipcp_hdr are not declared as
packed explicitly, but they are used to parse memory blobs by
casting pointers. Add __attribute__((packed)) to ensure that
those structs are stored packed.
Change-Id: I14e10bb3ce482347b3f0c4d3a75168a55df15f20
Related: OS#3288
The abort condition of the while loop in ipcp_contains_option()
is accessing ipcp->len directly. Unfortunately this field is an
uint16_t which as to be interpreted as little endian value. If
it is used without prior conversion the value may appear larger
than actually intended and the loop will then not stop at the
end of end of the buffer.
This can cause unpredictable results when the value given with
the parameter enum ipcp_options opt is not found.
The loop will then eventually cause a segmentation fauld or
is likely to hang as soon as cur_opt->len points to a zero
byte in memory.
- Make sure that ipcp->len interpreted correctly by accessing
it through ntohs()
Change-Id: Icffde89f9bc5d8fcadf6e2dd6c0b4de03440edd5
Related: OS#3288
There are some configuration nodes, which are handled by extenral
libraries, such as libosmoctrl. So, when switching back to the
parent node, this should be kept in mind.
Change-Id: I65be7910dc46166caa34a0984a6763e1477dec99
The 1.2.0 release bumped lib version to 3 and updated the debian package
file accordingly, but forgot to increase dh_strip line in debian/rules.
Change-Id: Ib54f231943348c06acecd6f413b2c96b24f6db28
This way, the IP address / route handling between TUN devices and kernel
GTP can be shared, which will provide not only a unified codebase but
also a more consistent behavior.
This also paves the road for to use kernel GTP from sgsnemu in the future.
Related: OS#3214
Change-Id: Ic53a971136edd0d8871fbd6746d7b0090ce3a188
tun_addaddr() internally contains a fallback to tun_setaddr() for the
first address, so we can unify the API usage a bit and use tun_addaddr()
from all call sites
Change-Id: I34de003a1a040254bd38b29e48caea34cb0c88d2
There's nothing really tun-specific about the adding and removing of
addresses to network devices. Let's generalize the related code.
Change-Id: I139a950dd81a4b1199953be1608cd109a060f562
There's a problem during the initial start-up of osmo-ggsn in case
of kernel gtp-u: apn->ggsn->gsn is not yet set while parsing the
'apn' nodes from the config file. This member is only set after
the last 'apn' node has been parsed at the end of the 'ggsn' node.
Closes: OS#3217
Change-Id: I022a5e5ebc1f155e8f94938856d310462f79bbe8
This option was removed in dda21ed7d4
and the behaviour previously implied by -f has since been the default.
Change-Id: Iba13df713af03771739a4feff4b222a0c3352394
Related: OS#3044
Provide a sane means of adding the -Werror compiler flag.
Currently, some of our jenkins.sh add -Werror by passing 'CFLAGS="-Werror"',
but that actually *overwrites* all the other CFLAGS we might want to have set.
Maintain these exceptions from -Werror:
a) deprecation (allow upstream to mark deprecation without breaking builds);
b) "#warning" pragmas (allow to remind ourselves of errors without breaking
builds)
As a last configure step before generating the output files, print the complete
CFLAGS and CPPFLAGS by means of AC_MSG_RESULT.
Change-Id: Ifcde5a110cbed0eaa250dd946927e3b0f4f9bd13
This param is parsed by gethostbyname() and it's confusing to document
it as an interface, because users will then attempt to pass "lo" to it,
which fails.
Change-Id: Id8ef0e12ddcaf8bfd199a44de0ba4280f05d4431
Older commit switched pdp_t to have an array of 2 peers instead of
only one in order to accomodate for ipv4v6 contexts, which can have 2
addresses assigned. The usage of peer field was not updated in sgsnemu
accordingly, which means the wrong memory portion was being accessed.
Fixes: 2d6a69e69a ("Add support for IPv4v6 End User Addresses")
Change-Id: I9e563522173a82b265e93b1ef9dc93ced40fefa2
Harald Welte
Neels Hofmeyr
Pau Espin
Philipp Maier
Martin Hauke