This commit adds the following counters:
- attach-reqs: Number of Attach Request messages
- attach-rejs: Number of Attach Reject messages
- tlli-cache: Size of the TLLI cache
Sponsored-by: On-Waves ehf
These commands manage the TLLI list used to decide whether an APN
shall be patched or not. Note that this list is (currently) only
maintained if IMSI matching is used.
VTY commands (enable node):
show gbproxy tllis show all TLLI entries
delete-gbproxy-tlli NSEI stale purge all stale entries
delete-gbproxy-tlli NSEI imsi IMSI purge entry with the IMSI given
delete-gbproxy-tlli NSEI tlli TLLI purge entry with the TLLI given
Sponsored-by: On-Waves ehf
This patch adds IMSI/TLLI connection tracking and uses it to control
APN patching based on the IMSI. TLLI entries can expire based on age
and/or by limiting the TLLI list size.
VTY config-gbproxy:
no core-access-point-name disable APN patching
core-access-point-name none remove APN if present
core-access-point-name APN replace APN if present
core-access-point-name none match-imsi RE remove if IMSI matches
core-access-point-name APN match-imsi RE replace if IMSI matches
tlli-list max-age SECONDS expire after SECONDS
no tlli-list max-age don't expire by age
tlli-list max-length N keep N entries only
no tlli-list max-length don't limit list length
RE is an extended regular expression, e.g. ^12345|^23456
Ticket: OW#1192
Sponsored-by: On-Waves ehf
Currently, all patching state is stored globally in the gbproxy. Thus
the feature cannot be used safely with a concentrating gbproxy (NAT).
This patch moves the state and relevant counters to the gbprox_peer
structure. It adds code to resolve the corresponding peer when
packets are received by looking at BVCI, NSEI, and BSSGP IEs (BVCI,
RAI/LAI/LAC) when the peer is not passed to the
gbprox_patch_bssgp_message() function.
Test cases are also added for the SGSN->BSS case including test cases
with invalid identifiers.
Note that this patch should make it possible to use RAI patching at a
NAT gbproxy as long as the messages are not encrypted.
Ticket: OW#1185
Sponsored-by: On-Waves ehf
Patch the APN in every 'Activate PDP Context Request' message to the
value given by the 'core-access-point-name' command. If the command is
given without an APN, the whole APN IE will be removed. If the
command is being prefixed by a 'no', the APN IE remains unmodified.
The patch mode 'llc-gsm' is added to selectively enable the patching
of LLC session management messages. This is enabled implicitely by
the patch mode 'llc'.
Note that the patch mode should not be set to a value not enabling
the patching of LLC GSM messages ('llc-gsm', 'llc', and 'default' are
sufficient to patch 'Activate PDP Context Request' messages).
Ticket: OW#1192
Sponsored-by: On-Waves ehf
This patch extends the BSSGP patch code to also patch LLC information
elements along with MCC/MNC patching support for the following messages:
- Attach Request
- Attach Accept
- Routing Area Update Request
- Routing Area Update Accept
- P-TMSI reallocation command
Note that encrypted packets will not be patched.
Ticket: OW#1185
Sponsored-by: On-Waves ehf
This adds a feature to patch the BSSGP MNC/MCC fields of messages going
to and coming from the SGSN. To enable this feature, the gbproxy's
VTY commands 'core-mobile-country-code' and/or
'core-mobile-network-code' must be used. All packets to the SGSN are
patched to match the configured values. Packets received from the
SGSN are patched to the corresponding values as last seen from the BSS
side.
Note that this will probably not work with a gbproxy used for several
BSS simultaneously.
Note also, that MCC/MNC contained in a LLC IE will not be patched.
Ticket: OW#1185
Sponsored-by: On-Waves ehf
This parameter is not used (the methods are always called with an
argument of 1 in the third position). Thus the parameter is removed
completely.
Sponsored-by: On-Waves ehf
Currently the terms 'Routing area code' (RAC) and 'Location area
code' (LAC) are used in several places where 'Routing area
identification' (RAI) or 'Location area identification' (LAI) are
meant in fact.
This patch replaces RAC/LAC by RAI/LAI and 'code' by 'identification'
at these places.
Note that RAI := MCC MNC LAC RAC, and LAI := MCC MNC LAC (see GSM
03.03, sections 4.1 and 4.2).
Sponsored-by: On-Waves ehf
The gbproxy looses NSEI changes on BVC_RESET and then tries to send
later messages to the wrong (not longer existing) destination.
This patch fixes this by updating the peer's nsei field on BVC_RESET.
Ticket: OW#874
Sponsored-by: On-Waves ehf
This checks the behavior of the gbproxy when the BSS peer changes the
NSEI and the NSVCI. It also tests BVC_RESET and other UNITDATA
messages after these changes between BSS and SGSN and vice versa (via
the gbproxy).
Ticket: OW#874
Sponsored-by: On-Waves ehf
This adds the option to delete all BVC peers and/or NS_VC with a
given NSEI with a single command. Static (configured) NS-VC are not
affected. In addition, all connections for this NSEI that can be
deleted by this command can be listed without deleting them by
appending 'dry-run' to the command.
Sponsored-by: On-Waves ehf
Currently such messages lead to a creation of a new peer with the
SGSN's NSEI, which results in echoing the message back to the SGSN.
This patch modifies this by sending a STATUS response (invalid BVCI)
instead back to the SGSN.
Sponsored-by: On-Waves ehf
This adds a test with a UNITDATA SGSN message that is addressed to an
invalid (unknown) BVCI. The test shows, that the message is echoed to
the SGSN.
Sponsored-by: On-Waves ehf
This adds counters that are incremented when errors are detected.
It also modifies the VTY command 'show gbproxy' so that
'show gbproxy stats' shows the counters.
Sponsored-by: On-Waves ehf
Add the unused attribute to peer_free() that isn't used currently.
Change 'RAC' to 'NSEI' in the log message, since the latter has been
examined before the log message is generated.
Sponsored-by: On-Waves ehf
Currently in most places in gb_proxy.c a reference to a NS-VC object
is used where the peer is meant instead. The patch changes this by
using the NSEI instead in these cases.
Sponsored-by: On-Waves ehf
This program tests the gbproxy implementation by passing NS messages
to a modified gbproxy that dumps the resulting messages, signals, and
state.
It focusses on testing abnormal situations like port changes.
Ticket: OW#874
Sponsored-by: On-Waves ehf
The lines 461 and 303 were producing unaligned memory access as
the BVCI was not aligned properly. Introduce a tlvp_val16_unal to
read 16bit from the data, use memcpy to the stack to make sure
that it is working in the aligned and unaligned case.
Instead of direct function calls to individual functions, we now
generate primitives (osmo_prim) and send them to one
application-provided function "bssgp_prim_cb()"
libosmogsm is a new library that is distributed in the libosmocore.
Now, openbsc depends on it. This patch gets openbsc with this
change.
This patch also rewrites all include path to the new
osmocom/[gsm|core]
Signed-off-by: Pablo Neira Ayuso <pablo@gnumonks.org>
When we copy a msgb, we need to make sure the msgb_cb->bssgp_cell_id
pointer points to data in the new message, not in the old message.
Thanks to Dieter Spaar for spotting this.
As we only have one NS-VC between gb_proxy and SGSN, we cannot
forward a NS-BLOCK from the BSS to the SGSN, as it would affect
all other BSS's, too.
Thus, we check if we have an unblocked PTP-BVC in the NSVC to the BSS,
and then issue a BVC-BLOCK towards the SGSN.
This should prevent any further PDU's from the SGSN to be sent to
this BSS.
The reason for this is quite simple: We want to make sure anyone
running a customized version of OpenBSC to operate a network will
have to release all custom modifiations to the source code.
Right now the memcpy with the data will copy data to itself as
the new_msg->data and msg->data are the same due the previous
copying of the header which included copying the list entry..
We allocate a message as big as the current one, then we have to
set all pointers by looking of how far they are away from the
msg->_data and add that to the new pointers.
Also copy the OpenBSC/GPRS specific CB data, also do the same
for calculating the offset to the data... At the end we should
end up with a copy...
Some BSS that connect to the proxy do not continue to perform the
RESET procedure after a timeout. In order to resurrect them, we
simply start a RESET procedure.
As only NS-UNITDATA messages are ever passed into the Gb Proxy,
we need to do the msgb_free() at a much higher point in the calling
stack, i.e. inside the NS protocol layer. This means it is now
the same logic as in OpenBSC itself.
The old idea was to take a msgb from gbprox_rcvmsg() and then
modify it and finally send it all the way down to nsip_sendmsg()
to the remote peer.
However, this introduces memory management difficulties, as we then
have to distinguish three cases:
* msgb was sent to a remote peer
* we sent some error message and need to free the msgb
* we need to make n-1 copies in case of a BSSVC-RESET from the SGSN
So instead we now simply always copy the message if we pass it on.
All messages received by gbprox_rcvmsg() are msgb_free()d in the very
same routine
All messages allocated by tx2peer() or tx2sgsn() are freed after
nsip_sendmsg()
Jacob Erlbeck
Harald Welte