Holger Hans Peter Freyther | 090a4d8 | 2010-06-15 18:48:01 +0800 | [diff] [blame] | 1 | |
| 2 | /* BSC Multiplexer/NAT Utilities */ |
| 3 | |
| 4 | /* |
| 5 | * (C) 2010 by Holger Hans Peter Freyther <zecke@selfish.org> |
| 6 | * (C) 2010 by On-Waves |
| 7 | * All Rights Reserved |
| 8 | * |
| 9 | * This program is free software; you can redistribute it and/or modify |
| 10 | * it under the terms of the GNU General Public License as published by |
| 11 | * the Free Software Foundation; either version 2 of the License, or |
| 12 | * (at your option) any later version. |
| 13 | * |
| 14 | * This program is distributed in the hope that it will be useful, |
| 15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 17 | * GNU General Public License for more details. |
| 18 | * |
| 19 | * You should have received a copy of the GNU General Public License along |
| 20 | * with this program; if not, write to the Free Software Foundation, Inc., |
| 21 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
| 22 | * |
| 23 | */ |
| 24 | |
| 25 | #include <openbsc/bsc_nat.h> |
| 26 | #include <openbsc/gsm_data.h> |
Holger Hans Peter Freyther | 21c4d9e | 2010-03-30 05:57:42 +0200 | [diff] [blame] | 27 | #include <openbsc/bssap.h> |
| 28 | #include <openbsc/debug.h> |
Holger Hans Peter Freyther | 8ddcc15 | 2010-04-01 08:21:33 +0200 | [diff] [blame] | 29 | #include <openbsc/ipaccess.h> |
Holger Hans Peter Freyther | 090a4d8 | 2010-06-15 18:48:01 +0800 | [diff] [blame] | 30 | |
Holger Hans Peter Freyther | 21c4d9e | 2010-03-30 05:57:42 +0200 | [diff] [blame] | 31 | #include <osmocore/linuxlist.h> |
Holger Hans Peter Freyther | 090a4d8 | 2010-06-15 18:48:01 +0800 | [diff] [blame] | 32 | #include <osmocore/talloc.h> |
Holger Hans Peter Freyther | a707061 | 2010-06-15 18:50:57 +0800 | [diff] [blame] | 33 | #include <osmocore/gsm0808.h> |
Holger Hans Peter Freyther | 090a4d8 | 2010-06-15 18:48:01 +0800 | [diff] [blame] | 34 | |
Holger Hans Peter Freyther | 8be49b3 | 2010-03-30 10:45:48 +0200 | [diff] [blame] | 35 | #include <sccp/sccp.h> |
| 36 | |
Holger Hans Peter Freyther | 21c4d9e | 2010-03-30 05:57:42 +0200 | [diff] [blame] | 37 | #include <netinet/in.h> |
| 38 | #include <arpa/inet.h> |
| 39 | |
Holger Hans Peter Freyther | 090a4d8 | 2010-06-15 18:48:01 +0800 | [diff] [blame] | 40 | struct bsc_nat *bsc_nat_alloc(void) |
| 41 | { |
| 42 | struct bsc_nat *nat = talloc_zero(tall_bsc_ctx, struct bsc_nat); |
| 43 | if (!nat) |
| 44 | return NULL; |
| 45 | |
| 46 | INIT_LLIST_HEAD(&nat->sccp_connections); |
| 47 | INIT_LLIST_HEAD(&nat->bsc_connections); |
| 48 | INIT_LLIST_HEAD(&nat->bsc_configs); |
Holger Hans Peter Freyther | 5fa42dd | 2010-04-12 12:17:09 +0200 | [diff] [blame] | 49 | nat->stats.sccp.conn = counter_alloc("nat.sccp.conn"); |
| 50 | nat->stats.sccp.calls = counter_alloc("nat.sccp.calls"); |
| 51 | nat->stats.bsc.reconn = counter_alloc("nat.bsc.conn"); |
| 52 | nat->stats.bsc.auth_fail = counter_alloc("nat.bsc.auth_fail"); |
| 53 | nat->stats.msc.reconn = counter_alloc("nat.msc.conn"); |
Holger Hans Peter Freyther | 9226d70 | 2010-06-15 18:51:04 +0800 | [diff] [blame] | 54 | nat->msc_ip = talloc_strdup(nat, "127.0.0.1"); |
Holger Hans Peter Freyther | bace202 | 2010-04-17 07:48:45 +0200 | [diff] [blame] | 55 | nat->msc_port = 5000; |
Holger Hans Peter Freyther | acd3078 | 2010-05-05 16:57:38 +0800 | [diff] [blame] | 56 | nat->auth_timeout = 2; |
| 57 | nat->ping_timeout = 20; |
| 58 | nat->pong_timeout = 5; |
Holger Hans Peter Freyther | 090a4d8 | 2010-06-15 18:48:01 +0800 | [diff] [blame] | 59 | return nat; |
| 60 | } |
| 61 | |
Holger Hans Peter Freyther | 9226d70 | 2010-06-15 18:51:04 +0800 | [diff] [blame] | 62 | void bsc_nat_set_msc_ip(struct bsc_nat *nat, const char *ip) |
| 63 | { |
| 64 | if (nat->msc_ip) |
| 65 | talloc_free(nat->msc_ip); |
| 66 | nat->msc_ip = talloc_strdup(nat, ip); |
| 67 | } |
| 68 | |
Holger Hans Peter Freyther | 090a4d8 | 2010-06-15 18:48:01 +0800 | [diff] [blame] | 69 | struct bsc_connection *bsc_connection_alloc(struct bsc_nat *nat) |
| 70 | { |
| 71 | struct bsc_connection *con = talloc_zero(nat, struct bsc_connection); |
| 72 | if (!con) |
| 73 | return NULL; |
| 74 | |
Holger Hans Peter Freyther | 72deaea | 2010-03-29 15:14:15 +0200 | [diff] [blame] | 75 | con->nat = nat; |
Holger Hans Peter Freyther | 0952b2f | 2010-04-22 12:05:23 +0800 | [diff] [blame] | 76 | write_queue_init(&con->write_queue, 100); |
Holger Hans Peter Freyther | 090a4d8 | 2010-06-15 18:48:01 +0800 | [diff] [blame] | 77 | return con; |
| 78 | } |
| 79 | |
| 80 | struct bsc_config *bsc_config_alloc(struct bsc_nat *nat, const char *token, unsigned int lac) |
| 81 | { |
| 82 | struct bsc_config *conf = talloc_zero(nat, struct bsc_config); |
| 83 | if (!conf) |
| 84 | return NULL; |
| 85 | |
| 86 | conf->token = talloc_strdup(conf, token); |
| 87 | conf->lac = lac; |
| 88 | conf->nr = nat->num_bsc; |
| 89 | conf->nat = nat; |
| 90 | |
Holger Hans Peter Freyther | 085ea30 | 2010-04-16 16:52:20 +0200 | [diff] [blame] | 91 | llist_add_tail(&conf->entry, &nat->bsc_configs); |
Holger Hans Peter Freyther | 090a4d8 | 2010-06-15 18:48:01 +0800 | [diff] [blame] | 92 | ++nat->num_bsc; |
| 93 | |
Holger Hans Peter Freyther | 5fa42dd | 2010-04-12 12:17:09 +0200 | [diff] [blame] | 94 | conf->stats.sccp.conn = counter_alloc("nat.bsc.sccp.conn"); |
| 95 | conf->stats.sccp.calls = counter_alloc("nat.bsc.sccp.calls"); |
| 96 | conf->stats.net.reconn = counter_alloc("nat.bsc.net.reconnects"); |
| 97 | |
Holger Hans Peter Freyther | 090a4d8 | 2010-06-15 18:48:01 +0800 | [diff] [blame] | 98 | return conf; |
| 99 | } |
Holger Hans Peter Freyther | 21c4d9e | 2010-03-30 05:57:42 +0200 | [diff] [blame] | 100 | |
Holger Hans Peter Freyther | 8be49b3 | 2010-03-30 10:45:48 +0200 | [diff] [blame] | 101 | void sccp_connection_destroy(struct sccp_connections *conn) |
| 102 | { |
| 103 | LOGP(DNAT, LOGL_DEBUG, "Destroy 0x%x <-> 0x%x mapping for con %p\n", |
| 104 | sccp_src_ref_to_int(&conn->real_ref), |
| 105 | sccp_src_ref_to_int(&conn->patched_ref), conn->bsc); |
Holger Hans Peter Freyther | 3633095 | 2010-04-22 12:08:17 +0800 | [diff] [blame] | 106 | bsc_mgcp_dlcx(conn); |
Holger Hans Peter Freyther | 8be49b3 | 2010-03-30 10:45:48 +0200 | [diff] [blame] | 107 | llist_del(&conn->list_entry); |
| 108 | talloc_free(conn); |
| 109 | } |
| 110 | |
Holger Hans Peter Freyther | 935b2df | 2010-04-17 08:07:19 +0200 | [diff] [blame] | 111 | struct bsc_connection *bsc_nat_find_bsc(struct bsc_nat *nat, struct msgb *msg, int *lac_out) |
Holger Hans Peter Freyther | 21c4d9e | 2010-03-30 05:57:42 +0200 | [diff] [blame] | 112 | { |
| 113 | struct bsc_connection *bsc; |
| 114 | int data_length; |
| 115 | const u_int8_t *data; |
| 116 | struct tlv_parsed tp; |
| 117 | int i = 0; |
| 118 | |
Holger Hans Peter Freyther | 05c77ab | 2010-04-18 02:41:20 +0800 | [diff] [blame] | 119 | *lac_out = -1; |
| 120 | |
Holger Hans Peter Freyther | 4b66bff | 2010-03-30 06:51:23 +0200 | [diff] [blame] | 121 | if (!msg->l3h || msgb_l3len(msg) < 3) { |
| 122 | LOGP(DNAT, LOGL_ERROR, "Paging message is too short.\n"); |
| 123 | return NULL; |
| 124 | } |
| 125 | |
Holger Hans Peter Freyther | 21c4d9e | 2010-03-30 05:57:42 +0200 | [diff] [blame] | 126 | tlv_parse(&tp, gsm0808_att_tlvdef(), msg->l3h + 3, msgb_l3len(msg) - 3, 0, 0); |
| 127 | if (!TLVP_PRESENT(&tp, GSM0808_IE_CELL_IDENTIFIER_LIST)) { |
| 128 | LOGP(DNAT, LOGL_ERROR, "No CellIdentifier List inside paging msg.\n"); |
| 129 | return NULL; |
| 130 | } |
| 131 | |
| 132 | data_length = TLVP_LEN(&tp, GSM0808_IE_CELL_IDENTIFIER_LIST); |
| 133 | data = TLVP_VAL(&tp, GSM0808_IE_CELL_IDENTIFIER_LIST); |
Holger Hans Peter Freyther | 69a365e | 2010-04-21 18:47:24 +0800 | [diff] [blame] | 134 | |
| 135 | /* No need to try a different BSS */ |
| 136 | if (data[0] == CELL_IDENT_BSS) { |
| 137 | return NULL; |
| 138 | } else if (data[0] != CELL_IDENT_LAC) { |
Holger Hans Peter Freyther | 60ebf14 | 2010-04-06 10:25:40 +0200 | [diff] [blame] | 139 | LOGP(DNAT, LOGL_ERROR, "Unhandled cell ident discrminator: %d\n", data[0]); |
Holger Hans Peter Freyther | 21c4d9e | 2010-03-30 05:57:42 +0200 | [diff] [blame] | 140 | return NULL; |
| 141 | } |
| 142 | |
| 143 | /* Currently we only handle one BSC */ |
| 144 | for (i = 1; i < data_length - 1; i += 2) { |
| 145 | unsigned int _lac = ntohs(*(unsigned int *) &data[i]); |
Holger Hans Peter Freyther | 935b2df | 2010-04-17 08:07:19 +0200 | [diff] [blame] | 146 | *lac_out = _lac; |
Holger Hans Peter Freyther | 21c4d9e | 2010-03-30 05:57:42 +0200 | [diff] [blame] | 147 | llist_for_each_entry(bsc, &nat->bsc_connections, list_entry) { |
Holger Hans Peter Freyther | bfcf519 | 2010-04-06 15:11:34 +0200 | [diff] [blame] | 148 | if (!bsc->cfg) |
| 149 | continue; |
| 150 | if (!bsc->authenticated || _lac != bsc->cfg->lac) |
Holger Hans Peter Freyther | 21c4d9e | 2010-03-30 05:57:42 +0200 | [diff] [blame] | 151 | continue; |
| 152 | |
| 153 | return bsc; |
| 154 | } |
| 155 | } |
| 156 | |
| 157 | return NULL; |
Holger Hans Peter Freyther | 8ddcc15 | 2010-04-01 08:21:33 +0200 | [diff] [blame] | 158 | } |
| 159 | |
| 160 | int bsc_write_mgcp(struct bsc_connection *bsc, const u_int8_t *data, unsigned int length) |
| 161 | { |
| 162 | struct msgb *msg; |
| 163 | |
| 164 | if (length > 4096 - 128) { |
| 165 | LOGP(DINP, LOGL_ERROR, "Can not send message of that size.\n"); |
| 166 | return -1; |
| 167 | } |
| 168 | |
| 169 | msg = msgb_alloc_headroom(4096, 128, "to-bsc"); |
| 170 | if (!msg) { |
| 171 | LOGP(DINP, LOGL_ERROR, "Failed to allocate memory for BSC msg.\n"); |
| 172 | return -1; |
| 173 | } |
| 174 | |
| 175 | /* copy the data */ |
| 176 | msg->l3h = msgb_put(msg, length); |
| 177 | memcpy(msg->l3h, data, length); |
| 178 | |
Holger Hans Peter Freyther | eb4edde | 2010-04-08 10:24:57 +0200 | [diff] [blame] | 179 | return bsc_write(bsc, msg, NAT_IPAC_PROTO_MGCP); |
Holger Hans Peter Freyther | 8ddcc15 | 2010-04-01 08:21:33 +0200 | [diff] [blame] | 180 | } |
| 181 | |
Holger Hans Peter Freyther | eb4edde | 2010-04-08 10:24:57 +0200 | [diff] [blame] | 182 | int bsc_write(struct bsc_connection *bsc, struct msgb *msg, int proto) |
Holger Hans Peter Freyther | 8ddcc15 | 2010-04-01 08:21:33 +0200 | [diff] [blame] | 183 | { |
| 184 | /* prepend the header */ |
Holger Hans Peter Freyther | eb4edde | 2010-04-08 10:24:57 +0200 | [diff] [blame] | 185 | ipaccess_prepend_header(msg, proto); |
Holger Hans Peter Freyther | 8ddcc15 | 2010-04-01 08:21:33 +0200 | [diff] [blame] | 186 | |
| 187 | if (write_queue_enqueue(&bsc->write_queue, msg) != 0) { |
| 188 | LOGP(DINP, LOGL_ERROR, "Failed to enqueue the write.\n"); |
| 189 | msgb_free(msg); |
| 190 | return -1; |
| 191 | } |
| 192 | |
| 193 | return 0; |
| 194 | } |
Holger Hans Peter Freyther | 6d35716 | 2010-05-14 03:39:56 +0800 | [diff] [blame] | 195 | |
Holger Hans Peter Freyther | 4ebb30e | 2010-05-14 08:14:09 +0800 | [diff] [blame^] | 196 | |
| 197 | static int _cr_check_loc_upd(struct bsc_connection *bsc, uint8_t *data, unsigned int length) |
| 198 | { |
| 199 | u_int8_t mi_type; |
| 200 | struct gsm48_loc_upd_req *lu; |
| 201 | char mi_string[GSM48_MI_SIZE]; |
| 202 | |
| 203 | if (sizeof(*lu) < length) { |
| 204 | LOGP(DNAT, LOGL_ERROR, "Location updating request does not fit.\n"); |
| 205 | return -1; |
| 206 | } |
| 207 | |
| 208 | lu = (struct gsm48_loc_upd_req *) data; |
| 209 | mi_type = lu->mi[0] & GSM_MI_TYPE_MASK; |
| 210 | |
| 211 | /* |
| 212 | * We can only deal with the IMSI. This will fail for a phone that |
| 213 | * will send the TMSI of a previous network to us. |
| 214 | */ |
| 215 | if (mi_type != GSM_MI_TYPE_IMSI) |
| 216 | return 0; |
| 217 | |
| 218 | gsm48_mi_to_string(mi_string, sizeof(mi_string), lu->mi, lu->mi_len); |
| 219 | |
| 220 | /* |
| 221 | * Now apply blacklist/whitelist |
| 222 | */ |
| 223 | |
| 224 | return 0; |
| 225 | } |
| 226 | |
| 227 | |
| 228 | /* Filter out CR data... */ |
Holger Hans Peter Freyther | 6d35716 | 2010-05-14 03:39:56 +0800 | [diff] [blame] | 229 | int bsc_nat_filter_sccp_cr(struct bsc_connection *bsc, struct msgb *msg, struct bsc_nat_parsed *parsed) |
| 230 | { |
Holger Hans Peter Freyther | 4ebb30e | 2010-05-14 08:14:09 +0800 | [diff] [blame^] | 231 | struct tlv_parsed tp; |
| 232 | struct gsm48_hdr *hdr48; |
| 233 | int hdr48_len; |
| 234 | int len; |
| 235 | |
| 236 | if (parsed->gsm_type != BSS_MAP_MSG_COMPLETE_LAYER_3) { |
| 237 | LOGP(DNAT, LOGL_ERROR, |
| 238 | "Rejecting CR message due wrong GSM Type %d\n", parsed->gsm_type); |
| 239 | return -1; |
| 240 | } |
| 241 | |
| 242 | /* the parsed has had some basic l3 length check */ |
| 243 | len = msg->l3h[1]; |
| 244 | if (msgb_l3len(msg) - 3 < len) { |
| 245 | LOGP(DNAT, LOGL_ERROR, |
| 246 | "The CR Data has not enough space...\n"); |
| 247 | return -1; |
| 248 | } |
| 249 | |
| 250 | msg->l4h = &msg->l3h[3]; |
| 251 | len -= 1; |
| 252 | |
| 253 | tlv_parse(&tp, gsm0808_att_tlvdef(), msg->l4h, len, 0, 0); |
| 254 | |
| 255 | if (!TLVP_PRESENT(&tp, GSM0808_IE_LAYER_3_INFORMATION)) { |
| 256 | LOGP(DNAT, LOGL_ERROR, "CR Data does not contain layer3 information.\n"); |
| 257 | return -1; |
| 258 | } |
| 259 | |
| 260 | hdr48_len = TLVP_LEN(&tp, GSM0808_IE_LAYER_3_INFORMATION); |
| 261 | |
| 262 | if (hdr48_len < sizeof(*hdr48)) { |
| 263 | LOGP(DNAT, LOGL_ERROR, "GSM48 header does not fit.\n"); |
| 264 | return -1; |
| 265 | } |
| 266 | |
| 267 | hdr48 = (struct gsm48_hdr *) TLVP_VAL(&tp, GSM0808_IE_LAYER_3_INFORMATION); |
| 268 | |
| 269 | if (hdr48->msg_type == GSM48_MT_MM_LOC_UPD_REQUEST) { |
| 270 | return _cr_check_loc_upd(bsc, &hdr48->data[0], hdr48_len - sizeof(*hdr48)); |
| 271 | } else { |
| 272 | return 0; |
| 273 | } |
Holger Hans Peter Freyther | 6d35716 | 2010-05-14 03:39:56 +0800 | [diff] [blame] | 274 | } |