Alexander Couzens
0301c131e8
osmo-epdg: db: fix missing const on const char *imsi
2024-02-17 02:09:47 +01:00
Alexander Couzens
c513e1c778
osmo_epdg: db: handle duplicate by removing them
...
This still leaves the IPSec tunnel open, but ignore it for now
2024-02-17 02:09:47 +01:00
Alexander Couzens
43457788ef
osmo-epdg: listener: authorize: fix missing goto when ue can't found
2024-02-17 02:09:47 +01:00
Alexander Couzens
844c7f19ba
osmo-epdg: listener: remove unused header
2024-02-17 02:09:47 +01:00
Alexander Couzens
e5667d8499
osmo-epdg: UE: free the own imsi on destroy()
2024-02-17 02:09:47 +01:00
Alexander Couzens
33974bdfae
osmo-epdg: free the GSUP response
2024-02-17 02:09:47 +01:00
Alexander Couzens
39f114fd95
osmo-epdg: UE: use .refcount = 1 instead of ref_get() in the constructor
2024-02-17 02:09:42 +01:00
Alexander Couzens
e1d2902a78
osmo-listener: add printf for debugging
2024-02-17 01:45:01 +01:00
Alexander Couzens
ca047a6816
osmo-epdg: provider: fix type warning in container_of
...
It was the correct pointer.
2024-02-17 00:35:28 +01:00
Alexander Couzens
d9ba891d60
osmo-epdg: listener: remove unused variable
2024-02-17 00:33:22 +01:00
Alexander Couzens
d334adb748
osmo-epdg: provider: fix "this" pointer in the attribute provider callbacks
...
Yes it hurts!
2024-02-17 00:29:13 +01:00
Alexander Couzens
aaba569495
osmo-epdg: Use the new UE/db object
...
Save the state of the UE into the UE object in the database.
2024-02-17 00:28:33 +01:00
Alexander Couzens
6f3e8f5ecd
osmo-epdg: add a UE object together with an in memory db
2024-02-17 00:28:05 +01:00
Alexander Couzens
2dfe87749f
osmo-epdg: utils: add get_imsi_ike() to get the imsi of an ike_sa_t object
2024-02-17 00:27:55 +01:00
Alexander Couzens
f22c728a4c
osmo-epdg: ipa_client: check if stream is alive
...
Otherwise we might send over a non-existant stream resulting in a
null pointer exception.
2024-02-17 00:27:41 +01:00
Alexander Couzens
646fcb6403
osmo-epdg: implement an attribute provider handing always out the IP 10.45.0.1
2024-02-17 00:27:19 +01:00
Alexander Couzens
c6f37c4e9b
osmo_epdg_provider: rename provider->provider into simaka
...
In preparation to add support for the attribute provider.
The attribute provider will be used to supply the Virtual IP (vip)
2024-02-17 00:26:47 +01:00
Alexander Couzens
bc1a4da647
fixup remove APN from tunnel request
2024-02-09 20:57:58 +01:00
Alexander Couzens
7fd21d1fe5
osmo-epdg: Add more debug outputs
2024-02-09 20:54:43 +01:00
Alexander Couzens
795f478dbd
osmo_epdg: ipa_client: implement reconnect
2024-02-09 20:54:41 +01:00
Alexander Couzens
c1cc15dd49
osmo_epdg: gsup_client: refactor the copy of IMSI
...
Move checks and copying into an own function.
Make imsi const.
2024-02-09 20:54:41 +01:00
Alexander Couzens
7006cc0c46
osmo_epdg: add PDP Info on SAI GSUP messages
...
The SAI GSUP message now requires to have PDP Info filled with
APN and PDP type which should be already knows at this state.
Hardcoding PDP type for now.
2024-02-09 20:54:41 +01:00
Alexander Couzens
09f36edddb
README: add how to build
2024-02-09 20:54:41 +01:00
Alexander Couzens
0569c5133a
gsup_client: set message class to IPSEC_EPDG
2024-02-09 20:54:41 +01:00
Alexander Couzens
a9404c3110
osmo-epdg: drop APN from Tunnel Request
...
The APN is far too late in the Tunnel Request as the APN is already
used by the EPDG/AAA when doing the ServerAssignmentRequest (on GSUP
the Location Update Request). So we need to move the APN
either into the Location Update Request or hardcode it.
2024-02-09 20:54:41 +01:00
Alexander Couzens
820185941a
epdg_listener: authorize: get IMSI and APN
2024-02-09 20:54:41 +01:00
Alexander Couzens
05d9dc8552
Start implementing osmo_epdg state
2024-02-09 20:54:41 +01:00
Alexander Couzens
c469464d8a
osmo-epdg: implement Tunnel Request/Response
...
Requires gsup message types in libosmocore
2024-02-09 20:54:41 +01:00
Alexander Couzens
2bf7e10d94
gsup_client: fix coding style
2024-02-09 20:51:35 +01:00
Alexander Couzens
df75a2e6a5
osmo_epdg_listener: add TODO to validate APN
2024-02-09 20:51:35 +01:00
Alexander Couzens
ef057c8489
osmo-epdg: add protection against multiple includes of osmo_epdg_utils.h
2024-02-09 20:51:23 +01:00
Alexander Couzens
1c92c4d83e
start of osmo-epdg plugin
...
- simple gsup/ipa working
- strongswan is requesting tuples via GSUP.
- strongswan client can authenticate
- SWu-IKEv2 can't authenticate
ToDos:
- gsup: disconnect/reconnect
- gsup: failures cases
- blocking queue needs to be cleaned up
- fix coding style
2023-03-23 15:29:57 +01:00
Alexander Couzens
e7e6a51fb1
add documentation
...
Add a full example for both ePDG and UE.
2023-03-23 15:08:29 +01:00
Alexander Couzens
dfa0f7daf5
blocking_queue: add remove() function
...
Allows to remove an object which is still in the queue.
2023-02-26 11:05:04 +01:00
Andreas Steffen
4817d5ed0d
Version bump to 5.9.3
2021-07-06 14:00:39 +02:00
Andreas Steffen
a09a905e1d
vici: Suppress trailing nul character
2021-07-06 12:06:23 +02:00
Tobias Brunner
2cd5314de7
testing: Use specific versions of swidGenerator and strongTNC
...
This way we get updated versions automatically (referencing "master"
required manually deleting the downloaded archives and the unpacked
directories). It also allows switching versions when working in different
branches (note that REV can also be set to a commit ID, e.g. to test
changes before tagging them later and merging the branch).
2021-06-30 16:17:39 +02:00
Tobias Brunner
06e11b481b
kernel-netlink: Fix theoretical memory leak when parsing routes
...
This currently can't happen as the kernel always puts RTA_TABLE as first
attribute in RTM_NEWROUTE messages.
2021-06-25 13:51:44 +02:00
Tobias Brunner
f6aafb3005
Fixed some typos, courtesy of codespell
...
Main change is the conversion from the British cancelling/-ed to the
American canceling/-ed.
2021-06-25 11:32:29 +02:00
Andreas Steffen
30fab57124
Version bump to 5.9.3rc1
2021-06-24 09:18:54 +02:00
Tobias Brunner
19611b1d28
testing: Build wolfSSL from the Git repository
...
Use the same configure options etc. for both builds (no need for the cert
options as we don't use TLS or X.509 parsing) and switch to a Git commit
that includes the SHA-3 OID fix (it's actually the fix itself).
2021-06-22 17:54:15 +02:00
Andreas Steffen
4baca5ca80
testing: Fixed ikev2/farp scenario
2021-06-22 12:32:35 +02:00
Andreas Steffen
dbd1534875
Version bump to 5.9.3dr4
2021-06-22 10:33:07 +02:00
Andreas Steffen
eba2622587
testing: Migrate ikev2-stroke-bye scenarios to vici
2021-06-22 10:23:06 +02:00
Andreas Steffen
706c58b291
testing: Fixed pretest script of ikev1/rw-psk-aggressive scenario
2021-06-21 12:03:36 +02:00
Tobias Brunner
6d8890767c
testing: Migrate ikev2/host2host-transport-nat scenario to vici
...
This also restores the test as it was before the referenced commit so it
again, as written in the description, demonstrates that venus is unable
to ping sun without IPsec tunnel.
Fixes: f27fb58ae0
("testing: Update description and test evaluation of host2host-transport-nat")
2021-06-21 12:03:36 +02:00
Tobias Brunner
2b5c743952
testing: Migrate MOBIKE tests to vici
...
Note that the mobike-nat test has been removed as it basically did the same
as the mobike-virtual-ip-nat test. Instead, the mobike-nat-mapping scenario
is added, which simulates a NAT router restart.
2021-06-21 12:03:36 +02:00
Tobias Brunner
abe51389c5
ike-mobike: Force MOBIKE update after NAT mappings changed
...
The addresses observed by the client behind the NAT are exactly the same if
the NAT router gets restarted.
Fixes: 2b255f01af
("ike-mobike: Use ike_sa_t::update_hosts() to trigger events")
2021-06-21 12:03:36 +02:00
Tobias Brunner
036ae27645
ike-sa: Log IKE endpoint changes
2021-06-21 12:03:36 +02:00
Tobias Brunner
79b526deba
ha: Register the correct IKE_SA with the manager after a rekeying
...
Fixes: 20dfbcad08
("ha: Register new IKE_SAs before calling inherit_post()")
Closes strongswan/strongswan#456 .
2021-06-21 10:02:26 +02:00