vty: Introduce encryption cipher-plugin-path command
The load of plugins will eventually be moved to libosmo-gprs implementation, and path will be passed as a parameter. Once it's moved inside libosmo-gprs, it will be more strict on load failures, which can cause internally if the path doesn't exist (unless NULL is passed). Hence, add a VTY config to allow configuring the right path, and have it disabled by default. Change-Id: I4f965c7afafa193f4d7486750dd3e43cca22bb65changes/09/30909/2
parent
93bc518b53
commit
86b630cfe1
|
@ -77,6 +77,7 @@ struct sgsn_config {
|
|||
/* misc */
|
||||
struct gprs_ns2_inst *nsi;
|
||||
|
||||
char *crypt_cipher_plugin_path;
|
||||
enum sgsn_auth_policy auth_policy;
|
||||
uint8_t gea_encryption_mask;
|
||||
uint8_t uea_encryption_mask;
|
||||
|
|
|
@ -413,8 +413,6 @@ int main(int argc, char **argv)
|
|||
sgsn->cfg.nsi = sgsn_nsi;
|
||||
bssgp_set_bssgp_callback(sgsn_bssgp_dispatch_ns_unitdata_req_cb, sgsn_nsi);
|
||||
|
||||
gprs_llc_init("/usr/local/lib/osmocom/crypt/");
|
||||
|
||||
gprs_ns2_vty_init(sgsn_nsi);
|
||||
bssgp_vty_init();
|
||||
gprs_llc_vty_init();
|
||||
|
@ -449,6 +447,8 @@ int main(int argc, char **argv)
|
|||
if (rc < 0)
|
||||
exit(1);
|
||||
|
||||
gprs_llc_init(sgsn->cfg.crypt_cipher_plugin_path);
|
||||
|
||||
rc = sgsn_gtp_init(sgsn);
|
||||
if (rc) {
|
||||
LOGP(DGPRS, LOGL_FATAL, "Cannot bind/listen on GTP socket\n");
|
||||
|
|
|
@ -282,6 +282,8 @@ static int config_write_sgsn(struct vty *vty)
|
|||
|
||||
vty_out(vty, "%s", VTY_NEWLINE);
|
||||
}
|
||||
if (g_cfg->crypt_cipher_plugin_path)
|
||||
vty_out(vty, "encryption cipher-plugin-path %s%s", g_cfg->crypt_cipher_plugin_path, VTY_NEWLINE);
|
||||
if (g_cfg->sgsn_ipa_name)
|
||||
vty_out(vty, " gsup ipa-name %s%s", g_cfg->sgsn_ipa_name, VTY_NEWLINE);
|
||||
if (g_cfg->gsup_server_addr.sin_addr.s_addr)
|
||||
|
@ -839,6 +841,27 @@ DEFUN(cfg_encrypt2, cfg_encrypt2_cmd,
|
|||
return CMD_SUCCESS;
|
||||
}
|
||||
|
||||
DEFUN(cfg_encrypt_cipher_plugin_path, cfg_encrypt_cipher_plugin_path_cmd,
|
||||
"encryption cipher-plugin-path PATH",
|
||||
ENCRYPTION_STR
|
||||
"Path to gprs encryption cipher plugin directory\n"
|
||||
"Plugin path\n")
|
||||
{
|
||||
osmo_talloc_replace_string(sgsn, &sgsn->cfg.crypt_cipher_plugin_path, argv[0]);
|
||||
|
||||
return CMD_SUCCESS;
|
||||
}
|
||||
|
||||
DEFUN(cfg_no_encrypt_cipher_plugin_path, cfg_no_encrypt_cipher_plugin_path_cmd,
|
||||
"no encryption cipher-plugin-path PATH",
|
||||
NO_STR ENCRYPTION_STR
|
||||
"Path to gprs encryption cipher plugin directory\n"
|
||||
"Plugin path\n")
|
||||
{
|
||||
TALLOC_FREE(sgsn->cfg.crypt_cipher_plugin_path);
|
||||
return CMD_SUCCESS;
|
||||
}
|
||||
|
||||
DEFUN(cfg_authentication, cfg_authentication_cmd,
|
||||
"authentication (optional|required)",
|
||||
"Whether to enforce MS authentication in GERAN (only with auth-policy remote)\n"
|
||||
|
@ -1773,6 +1796,8 @@ int sgsn_vty_init(struct sgsn_config *cfg)
|
|||
install_element(SGSN_NODE, &cfg_encrypt2_cmd);
|
||||
install_element(SGSN_NODE, &cfg_encrypt_cmd);
|
||||
install_element(SGSN_NODE, &cfg_encryption_uea_cmd);
|
||||
install_element(SGSN_NODE, &cfg_encrypt_cipher_plugin_path_cmd);
|
||||
install_element(SGSN_NODE, &cfg_no_encrypt_cipher_plugin_path_cmd);
|
||||
|
||||
install_element(SGSN_NODE, &cfg_gsup_ipa_name_cmd);
|
||||
install_element(SGSN_NODE, &cfg_gsup_remote_ip_cmd);
|
||||
|
|
|
@ -37,6 +37,8 @@ OsmoSGSN(config-sgsn)# list
|
|||
authentication (optional|required)
|
||||
encryption gea <0-4> [<0-4>] [<0-4>] [<0-4>] [<0-4>]
|
||||
encryption uea <0-2> [<0-2>] [<0-2>]
|
||||
encryption cipher-plugin-path PATH
|
||||
no encryption cipher-plugin-path PATH
|
||||
gsup ipa-name NAME
|
||||
gsup remote-ip A.B.C.D
|
||||
gsup remote-port <0-65535>
|
||||
|
|
Loading…
Reference in New Issue