This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
Neels Hofmeyr gerrit-no-reply at lists.osmocom.orgNeels Hofmeyr has submitted this change and it was merged. Change subject: vty: make auth tuple reuse configurable ...................................................................... vty: make auth tuple reuse configurable Change-Id: Iba6253d9bf8d4a9d9f6f26ba045e6c7f0dc7f8f2 --- M doc/examples/osmo-msc/osmo-msc.cfg M src/libmsc/msc_vty.c 2 files changed, 33 insertions(+), 0 deletions(-) Approvals: Harald Welte: Looks good to me, approved diff --git a/doc/examples/osmo-msc/osmo-msc.cfg b/doc/examples/osmo-msc/osmo-msc.cfg index 1b1d192..fff964b 100644 --- a/doc/examples/osmo-msc/osmo-msc.cfg +++ b/doc/examples/osmo-msc/osmo-msc.cfg @@ -17,3 +17,5 @@ msc mgcpgw remote-ip 10.23.24.1 assign-tmsi + auth-tuple-max-reuse-count 3 + auth-tuple-reuse-on-error 1 diff --git a/src/libmsc/msc_vty.c b/src/libmsc/msc_vty.c index 5c9539d..c19666f 100644 --- a/src/libmsc/msc_vty.c +++ b/src/libmsc/msc_vty.c @@ -88,6 +88,27 @@ return CMD_SUCCESS; } +DEFUN(cfg_msc_auth_tuple_max_reuse_count, cfg_msc_auth_tuple_max_reuse_count_cmd, + "auth-tuple-max-reuse-count <-1-2147483647>", + "Configure authentication tuple re-use\n" + "0 to use each auth tuple at most once (default), >0 to limit re-use, -1 to re-use infinitely (vulnerable!).\n") +{ + struct gsm_network *gsmnet = gsmnet_from_vty(vty); + gsmnet->vlr->cfg.auth_tuple_max_reuse_count = atoi(argv[0]); + return CMD_SUCCESS; +} + +DEFUN(cfg_msc_auth_tuple_reuse_on_error, cfg_msc_auth_tuple_reuse_on_error_cmd, + "auth-tuple-reuse-on-error (0|1)", + "Configure authentication tuple re-use when HLR is not responsive\n" + "0 = never re-use auth tuples beyond auth-tuple-max-reuse-count (default)\n" + "1 = if the HLR does not deliver new tuples, do re-use already available old ones.\n") +{ + struct gsm_network *gsmnet = gsmnet_from_vty(vty); + gsmnet->vlr->cfg.auth_reuse_old_sets_on_error = atoi(argv[0]) ? true : false; + return CMD_SUCCESS; +} + static int config_write_msc(struct vty *vty) { struct gsm_network *gsmnet = gsmnet_from_vty(vty); @@ -100,6 +121,14 @@ VTY_NEWLINE); vty_out(vty, " cs7-instance-iu %u%s", gsmnet->iu.cs7_instance, VTY_NEWLINE); + + if (gsmnet->vlr->cfg.auth_tuple_max_reuse_count) + vty_out(vty, " auth-tuple-max-reuse-count %d%s", + OSMO_MAX(-1, gsmnet->vlr->cfg.auth_tuple_max_reuse_count), + VTY_NEWLINE); + if (gsmnet->vlr->cfg.auth_reuse_old_sets_on_error) + vty_out(vty, " auth-tuple-reuse-on-error 1%s", + VTY_NEWLINE); mgcp_client_config_write(vty, " "); #ifdef BUILD_IU @@ -152,6 +181,8 @@ vty_install_default(MSC_NODE); install_element(MSC_NODE, &cfg_msc_assign_tmsi_cmd); install_element(MSC_NODE, &cfg_msc_no_assign_tmsi_cmd); + install_element(MSC_NODE, &cfg_msc_auth_tuple_max_reuse_count_cmd); + install_element(MSC_NODE, &cfg_msc_auth_tuple_reuse_on_error_cmd); install_element(MSC_NODE, &cfg_msc_cs7_instance_a_cmd); install_element(MSC_NODE, &cfg_msc_cs7_instance_iu_cmd); -- To view, visit https://gerrit.osmocom.org/4554 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: merged Gerrit-Change-Id: Iba6253d9bf8d4a9d9f6f26ba045e6c7f0dc7f8f2 Gerrit-PatchSet: 2 Gerrit-Project: osmo-msc Gerrit-Branch: master Gerrit-Owner: Neels Hofmeyr <nhofmeyr at sysmocom.de> Gerrit-Reviewer: Harald Welte <laforge at gnumonks.org> Gerrit-Reviewer: Jenkins Builder