Pau Espin Pedrol | f7884e8 | 2019-08-20 12:06:13 +0200 | [diff] [blame] | 1 | /* |
| 2 | * PCO parsing related code |
| 3 | * Copyright (C) 2002, 2003, 2004 Mondru AB. |
| 4 | * Copyright (C) 2017-2019 by Harald Welte <laforge@gnumonks.org> |
| 5 | * Copyright (C) 2019 sysmocom - s.f.m.c. GmbH <info@sysmocom.de> |
| 6 | * |
| 7 | * The contents of this file may be used under the terms of the GNU |
| 8 | * General Public License Version 2, provided that the above copyright |
| 9 | * notice and this permission notice is included in all copies or |
| 10 | * substantial portions of the software. |
| 11 | * |
| 12 | */ |
| 13 | |
| 14 | #include <unistd.h> |
| 15 | #include <string.h> |
| 16 | |
| 17 | #include <osmocom/core/msgb.h> |
| 18 | #include <osmocom/gsm/tlv.h> |
| 19 | |
Pau Espin Pedrol | f612ffe | 2019-08-20 13:24:55 +0200 | [diff] [blame] | 20 | #include "../lib/util.h" |
| 21 | |
Pau Espin Pedrol | f7884e8 | 2019-08-20 12:06:13 +0200 | [diff] [blame] | 22 | #include "pco.h" |
| 23 | #include "ggsn.h" |
| 24 | |
| 25 | /* determine if IPCP contains given option */ |
| 26 | static const uint8_t *ipcp_contains_option(const struct ipcp_hdr *ipcp, size_t ipcp_len, |
| 27 | enum ipcp_options opt, size_t opt_minlen) |
| 28 | { |
| 29 | const uint8_t *cur_opt = ipcp->options; |
| 30 | |
| 31 | /* iterate over Options and check if protocol contained */ |
| 32 | while (cur_opt + sizeof(struct ipcp_option_hdr) <= (uint8_t*)ipcp + ipcp_len) { |
| 33 | const struct ipcp_option_hdr *cur_opt_hdr = (const struct ipcp_option_hdr *)cur_opt; |
| 34 | /* length value includes 2 bytes type/length */ |
| 35 | if (cur_opt_hdr->len < sizeof(struct ipcp_option_hdr)) |
| 36 | return NULL; |
| 37 | if (cur_opt_hdr->type == opt && |
| 38 | cur_opt_hdr->len >= sizeof(struct ipcp_option_hdr) + opt_minlen) |
| 39 | return cur_opt; |
| 40 | cur_opt += cur_opt_hdr->len; |
| 41 | } |
| 42 | return NULL; |
| 43 | } |
| 44 | |
| 45 | |
| 46 | static const char *pap_welcome = "Welcome to OsmoGGSN " PACKAGE_VERSION; |
| 47 | |
| 48 | /* Handle PAP protocol according to RFC 1334 */ |
| 49 | static void process_pco_element_pap(const struct pco_element *pco_in, struct msgb *resp, |
| 50 | const struct apn_ctx *apn, struct pdp_t *pdp) |
| 51 | { |
| 52 | const struct pap_element *pap_in = (const struct pap_element *) pco_in->data; |
| 53 | uint16_t pap_in_len; |
| 54 | uint8_t peer_id_len; |
| 55 | const uint8_t *peer_id; |
| 56 | unsigned int pap_welcome_len; |
| 57 | uint8_t pap_out_size; |
| 58 | struct pap_element *pap_out; |
| 59 | |
| 60 | if (pco_in->length < sizeof(struct pap_element)) |
| 61 | goto ret_broken; |
| 62 | |
| 63 | pap_in_len = osmo_load16be(&pap_in->len); |
| 64 | if (pco_in->length < pap_in_len) |
| 65 | goto ret_broken; |
| 66 | /* "pco_in->length > pap_in_len" is allowed: RFC1334 2.2 states: |
| 67 | "Octets outside the range of the Length field should be treated as |
| 68 | Data Link Layer padding and should be ignored on reception." |
| 69 | */ |
| 70 | |
| 71 | switch (pap_in->code) { |
| 72 | case PAP_CODE_AUTH_REQ: |
| 73 | if (pap_in_len < sizeof(struct pap_element) + 1) |
| 74 | goto ret_broken_auth; |
| 75 | peer_id_len = pap_in->data[0]; |
| 76 | if (pap_in_len < sizeof(struct pap_element) + 1 + peer_id_len) |
| 77 | goto ret_broken_auth; |
| 78 | peer_id = &pap_in->data[1]; |
| 79 | LOGPPDP(LOGL_DEBUG, pdp, "PCO PAP PeerId = %s, ACKing\n", |
| 80 | osmo_quote_str((const char *)peer_id, peer_id_len)); |
| 81 | /* Password-Length + Password following here, but we don't care */ |
| 82 | |
| 83 | /* Prepare response, we ACK all of them: */ |
| 84 | pap_welcome_len = strlen(pap_welcome); |
| 85 | /* +1: Length field of pap_welcome Message */ |
| 86 | pap_out_size = sizeof(struct pap_element) + 1 + pap_welcome_len; |
| 87 | pap_out = alloca(pap_out_size); |
| 88 | pap_out->code = PAP_CODE_AUTH_ACK; |
| 89 | pap_out->id = pap_in->id; |
| 90 | pap_out->len = htons(pap_out_size); |
| 91 | pap_out->data[0] = pap_welcome_len; |
| 92 | memcpy(pap_out->data+1, pap_welcome, pap_welcome_len); |
| 93 | msgb_t16lv_put(resp, PCO_P_PAP, pap_out_size, (uint8_t *) pap_out); |
| 94 | break; |
| 95 | case PAP_CODE_AUTH_ACK: |
| 96 | case PAP_CODE_AUTH_NAK: |
| 97 | default: |
| 98 | LOGPPDP(LOGL_NOTICE, pdp, "Unsupported PAP PCO Code %u, ignoring\n", pap_in->code); |
| 99 | break; |
| 100 | } |
| 101 | return; |
| 102 | |
| 103 | ret_broken_auth: |
| 104 | LOGPPDP(LOGL_NOTICE, pdp, "Invalid PAP AuthenticateReq: %s, ignoring\n", |
| 105 | osmo_hexdump_nospc((const uint8_t *)pco_in, pco_in->length)); |
| 106 | return; |
| 107 | |
| 108 | ret_broken: |
| 109 | LOGPPDP(LOGL_NOTICE, pdp, "Invalid PAP PCO Length: %s, ignoring\n", |
| 110 | osmo_hexdump_nospc((const uint8_t *)pco_in, pco_in->length)); |
| 111 | } |
| 112 | |
| 113 | static void process_pco_element_ipcp(const struct pco_element *pco_elem, struct msgb *resp, |
| 114 | const struct apn_ctx *apn, struct pdp_t *pdp) |
| 115 | { |
| 116 | struct ippoolm_t *peer_v4 = pdp_get_peer_ipv(pdp, false); |
| 117 | const struct in46_addr *dns1 = &apn->v4.cfg.dns[0]; |
| 118 | const struct in46_addr *dns2 = &apn->v4.cfg.dns[1]; |
| 119 | uint8_t *start = resp->tail; |
| 120 | const struct ipcp_hdr *ipcp; |
| 121 | uint16_t ipcp_len; |
| 122 | uint8_t *len1, *len2; |
| 123 | unsigned int len_appended; |
| 124 | ptrdiff_t consumed; |
| 125 | size_t remain; |
| 126 | |
| 127 | if (!peer_v4) { |
| 128 | LOGPPDP(LOGL_ERROR, pdp, "IPCP but no IPv4 type ?!?\n"); |
| 129 | return; |
| 130 | } |
| 131 | |
| 132 | ipcp = (const struct ipcp_hdr *)pco_elem->data; |
| 133 | consumed = (pco_elem->data - &pdp->pco_req.v[0]); |
| 134 | remain = sizeof(pdp->pco_req.v) - consumed; |
| 135 | ipcp_len = osmo_load16be(&ipcp->len); |
| 136 | if (remain < 0 || remain < ipcp_len) { |
| 137 | LOGPPDP(LOGL_ERROR, pdp, "Malformed IPCP, ignoring\n"); |
| 138 | return; |
| 139 | } |
| 140 | |
| 141 | /* Three byte T16L header */ |
| 142 | msgb_put_u16(resp, 0x8021); /* IPCP */ |
| 143 | len1 = msgb_put(resp, 1); /* Length of contents: delay */ |
| 144 | |
| 145 | msgb_put_u8(resp, 0x02); /* ACK */ |
| 146 | msgb_put_u8(resp, ipcp->id); /* ID: Needs to match request */ |
| 147 | msgb_put_u8(resp, 0x00); /* Length MSB */ |
| 148 | len2 = msgb_put(resp, 1); /* Length LSB: delay */ |
| 149 | |
| 150 | if (dns1->len == 4 && ipcp_contains_option(ipcp, ipcp_len, IPCP_OPT_PRIMARY_DNS, 4)) { |
| 151 | msgb_put_u8(resp, 0x81); /* DNS1 Tag */ |
| 152 | msgb_put_u8(resp, 2 + dns1->len); /* DNS1 Length, incl. TL */ |
| 153 | msgb_put_u32(resp, ntohl(dns1->v4.s_addr)); |
| 154 | } |
| 155 | |
| 156 | if (dns2->len == 4 && ipcp_contains_option(ipcp, ipcp_len, IPCP_OPT_SECONDARY_DNS, 4)) { |
| 157 | msgb_put_u8(resp, 0x83); /* DNS2 Tag */ |
| 158 | msgb_put_u8(resp, 2 + dns2->len); /* DNS2 Length, incl. TL */ |
| 159 | msgb_put_u32(resp, ntohl(dns2->v4.s_addr)); |
| 160 | } |
| 161 | |
| 162 | /* patch in length values */ |
| 163 | len_appended = resp->tail - start; |
| 164 | *len1 = len_appended - 3; |
| 165 | *len2 = len_appended - 3; |
| 166 | } |
| 167 | |
| 168 | static void process_pco_element_dns_ipv6(const struct pco_element *pco_elem, struct msgb *resp, |
| 169 | const struct apn_ctx *apn, struct pdp_t *pdp) |
| 170 | { |
| 171 | unsigned int i; |
| 172 | const uint8_t *tail = resp->tail; |
| 173 | |
| 174 | for (i = 0; i < ARRAY_SIZE(apn->v6.cfg.dns); i++) { |
| 175 | const struct in46_addr *i46a = &apn->v6.cfg.dns[i]; |
| 176 | if (i46a->len != 16) |
| 177 | continue; |
| 178 | msgb_t16lv_put(resp, PCO_P_DNS_IPv6_ADDR, i46a->len, i46a->v6.s6_addr); |
| 179 | } |
| 180 | if (resp->tail == tail) |
| 181 | LOGPPDP(LOGL_NOTICE, pdp, "MS requested IPv6 DNS, but APN has none configured\n"); |
| 182 | } |
| 183 | |
| 184 | static void process_pco_element_dns_ipv4(const struct pco_element *pco_elem, struct msgb *resp, |
| 185 | const struct apn_ctx *apn, struct pdp_t *pdp) |
| 186 | { |
| 187 | unsigned int i; |
| 188 | const uint8_t *tail = resp->tail; |
| 189 | |
| 190 | for (i = 0; i < ARRAY_SIZE(apn->v4.cfg.dns); i++) { |
| 191 | const struct in46_addr *i46a = &apn->v4.cfg.dns[i]; |
| 192 | if (i46a->len != 4) |
| 193 | continue; |
| 194 | msgb_t16lv_put(resp, PCO_P_DNS_IPv4_ADDR, i46a->len, (uint8_t *)&i46a->v4); |
| 195 | } |
| 196 | if (resp->tail == tail) |
| 197 | LOGPPDP(LOGL_NOTICE, pdp, "MS requested IPv4 DNS, but APN has none configured\n"); |
| 198 | } |
| 199 | |
| 200 | static void process_pco_element(const struct pco_element *pco_elem, struct msgb *resp, |
| 201 | const struct apn_ctx *apn, struct pdp_t *pdp) |
| 202 | { |
| 203 | uint16_t protocol_id = osmo_load16be(&pco_elem->protocol_id); |
| 204 | |
| 205 | LOGPPDP(LOGL_DEBUG, pdp, "PCO Protocol 0x%04x\n", protocol_id); |
| 206 | switch (protocol_id) { |
| 207 | case PCO_P_PAP: |
| 208 | process_pco_element_pap(pco_elem, resp, apn, pdp); |
| 209 | break; |
| 210 | case PCO_P_IPCP: |
| 211 | process_pco_element_ipcp(pco_elem, resp, apn, pdp); |
| 212 | break; |
| 213 | case PCO_P_DNS_IPv6_ADDR: |
| 214 | process_pco_element_dns_ipv6(pco_elem, resp, apn, pdp); |
| 215 | break; |
| 216 | case PCO_P_DNS_IPv4_ADDR: |
| 217 | process_pco_element_dns_ipv4(pco_elem, resp, apn, pdp); |
| 218 | break; |
| 219 | default: |
| 220 | LOGPPDP(LOGL_INFO, pdp, "Unknown/Unimplemented PCO Protocol 0x%04x: %s\n", |
| 221 | protocol_id, osmo_hexdump_nospc(pco_elem->data, pco_elem->length)); |
| 222 | break; |
| 223 | } |
| 224 | } |
| 225 | |
| 226 | /* process one PCO request from a MS/UE, putting together the proper responses */ |
| 227 | void process_pco(const struct apn_ctx *apn, struct pdp_t *pdp) |
| 228 | { |
| 229 | struct msgb *resp = msgb_alloc(256, "PCO.resp"); |
| 230 | const struct ul255_t *pco = &pdp->pco_req; |
| 231 | const struct pco_element *pco_elem; |
| 232 | const uint8_t *cur; |
| 233 | |
| 234 | /* build the header of the PCO response */ |
| 235 | OSMO_ASSERT(resp); |
| 236 | msgb_put_u8(resp, 0x80); /* ext-bit + configuration protocol byte */ |
| 237 | |
| 238 | /* iterate over the PCO elements in the request; call process_pco_element() for each */ |
| 239 | for (cur = pco->v + 1, pco_elem = (const struct pco_element *) cur; |
| 240 | cur + sizeof(struct pco_element) <= pco->v + pco->l; |
| 241 | cur += pco_elem->length + sizeof(*pco_elem), pco_elem = (const struct pco_element *) cur) { |
| 242 | process_pco_element(pco_elem, resp, apn, pdp); |
| 243 | } |
| 244 | |
| 245 | /* copy the PCO response msgb and copy its contents over to the PDP context */ |
| 246 | if (msgb_length(resp) > 1) { |
| 247 | memcpy(pdp->pco_neg.v, msgb_data(resp), msgb_length(resp)); |
| 248 | pdp->pco_neg.l = msgb_length(resp); |
| 249 | } else |
| 250 | pdp->pco_neg.l = 0; |
| 251 | msgb_free(resp); |
| 252 | } |