March 2026 - gerrit-log - lists.osmocom.org

[L] Change in pysim[master]: docs/put_key: add tutorial that explains how to manage global platfor...
by dexter 19 Mar '26

19 Mar '26

Attention is currently required from: daniel, laforge, neels. Hello Jenkins Builder, daniel, laforge, neels, I'd like you to reexamine a change. Please visit https://gerrit.osmocom.org/c/pysim/+/42353?usp=email to look at the new patch set (#4). Change subject: docs/put_key: add tutorial that explains how to manage global platform keys ...................................................................... docs/put_key: add tutorial that explains how to manage global platform keys With the increased interest in using GlobalPlatform features of UICC and eUICCs (OTA-SMS, applets, etc.), also comes an increased interest in how the related GlobalPlatform keys can be managed (key rotation, adding/removing keysets from/to a Security Domain). Unfortunately, many aspects of this topic are not immediately obvious for the average user. Let's add a tutorial that contains some practical examples to shine some light on the topic. Related: SYS#7881 Change-Id: I163dfedca3df572cb8442e9a4a280e6c5b00327e --- A docs/put_key-tutorial.rst M docs/shell.rst 2 files changed, 830 insertions(+), 1 deletion(-) git pull ssh://gerrit.osmocom.org:29418/pysim refs/changes/53/42353/4 -- To view, visit https://gerrit.osmocom.org/c/pysim/+/42353?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: newpatchset Gerrit-Project: pysim Gerrit-Branch: master Gerrit-Change-Id: I163dfedca3df572cb8442e9a4a280e6c5b00327e Gerrit-Change-Number: 42353 Gerrit-PatchSet: 4 Gerrit-Owner: dexter <pmaier(a)sysmocom.de> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: daniel <dwillmann(a)sysmocom.de> Gerrit-Reviewer: laforge <laforge(a)osmocom.org> Gerrit-Reviewer: neels <nhofmeyr(a)sysmocom.de> Gerrit-Attention: neels <nhofmeyr(a)sysmocom.de> Gerrit-Attention: laforge <laforge(a)osmocom.org> Gerrit-Attention: daniel <dwillmann(a)sysmocom.de>

1 0

[L] Change in pysim[master]: docs/put_key: add tutorial that explains how to manage global platfor...
by dexter 19 Mar '26

19 Mar '26

Attention is currently required from: daniel, laforge, neels. dexter has posted comments on this change by dexter. ( https://gerrit.osmocom.org/c/pysim/+/42353?usp=email ) Change subject: docs/put_key: add tutorial that explains how to manage global platform keys ...................................................................... Patch Set 4: (3 comments) Patchset: PS3: I have reworked the part about the ISD-P. I think this should be good now. The only open question that still remains is the KVN range commonly used for SCP81. File docs/put_key-tutorial.rst: https://gerrit.osmocom.org/c/pysim/+/42353/comment/b26a03d3_2f32e64e?usp=em… : PS2, Line 405: | 48-63 | reserved for `SCP03` | > I am not sure with this range. I found it in the following patch: […] I finally found a reference for the KVN range used with SCP81 and it even aligns with my practical observations. https://gerrit.osmocom.org/c/pysim/+/42353/comment/0fd3061e_302f0487?usp=em… : PS2, Line 808: > I also tried to provision the key within the permitted range from the table above but it didn't work […] Done -- To view, visit https://gerrit.osmocom.org/c/pysim/+/42353?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: comment Gerrit-Project: pysim Gerrit-Branch: master Gerrit-Change-Id: I163dfedca3df572cb8442e9a4a280e6c5b00327e Gerrit-Change-Number: 42353 Gerrit-PatchSet: 4 Gerrit-Owner: dexter <pmaier(a)sysmocom.de> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: daniel <dwillmann(a)sysmocom.de> Gerrit-Reviewer: laforge <laforge(a)osmocom.org> Gerrit-Reviewer: neels <nhofmeyr(a)sysmocom.de> Gerrit-Attention: neels <nhofmeyr(a)sysmocom.de> Gerrit-Attention: laforge <laforge(a)osmocom.org> Gerrit-Attention: daniel <dwillmann(a)sysmocom.de> Gerrit-Comment-Date: Thu, 19 Mar 2026 16:50:40 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: dexter <pmaier(a)sysmocom.de>

1 0

[L] Change in pysim[master]: docs/put_key: add tutorial that explains how to manage global platfor...
by dexter 19 Mar '26

19 Mar '26

Attention is currently required from: daniel, laforge, neels. Hello Jenkins Builder, daniel, laforge, neels, I'd like you to reexamine a change. Please visit https://gerrit.osmocom.org/c/pysim/+/42353?usp=email to look at the new patch set (#3). The following approvals got outdated and were removed: Verified+1 by Jenkins Builder Change subject: docs/put_key: add tutorial that explains how to manage global platform keys ...................................................................... docs/put_key: add tutorial that explains how to manage global platform keys With the increased interest in using GlobalPlatform features of UICC and eUICCs (OTA-SMS, applets, etc.), also comes an increased interest in how the related GlobalPlatform keys can be managed (key rotation, adding/removing keysets from/to a Security Domain). Unfortunately, many aspects of this topic are not immediately obvious for the average user. Let's add a tutorial that contains some practical examples to shine some light on the topic. Related: SYS#7881 Change-Id: I163dfedca3df572cb8442e9a4a280e6c5b00327e --- A docs/put_key-tutorial.rst M docs/shell.rst 2 files changed, 830 insertions(+), 1 deletion(-) git pull ssh://gerrit.osmocom.org:29418/pysim refs/changes/53/42353/3 -- To view, visit https://gerrit.osmocom.org/c/pysim/+/42353?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: newpatchset Gerrit-Project: pysim Gerrit-Branch: master Gerrit-Change-Id: I163dfedca3df572cb8442e9a4a280e6c5b00327e Gerrit-Change-Number: 42353 Gerrit-PatchSet: 3 Gerrit-Owner: dexter <pmaier(a)sysmocom.de> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: daniel <dwillmann(a)sysmocom.de> Gerrit-Reviewer: laforge <laforge(a)osmocom.org> Gerrit-Reviewer: neels <nhofmeyr(a)sysmocom.de> Gerrit-Attention: neels <nhofmeyr(a)sysmocom.de> Gerrit-Attention: laforge <laforge(a)osmocom.org> Gerrit-Attention: daniel <dwillmann(a)sysmocom.de>

1 0

[L] Change in pysim[master]: docs/put_key: add tutorial that explains how to manage global platfor...
by dexter 19 Mar '26

19 Mar '26

Attention is currently required from: daniel, laforge, neels. dexter has posted comments on this change by dexter. ( https://gerrit.osmocom.org/c/pysim/+/42353?usp=email ) Change subject: docs/put_key: add tutorial that explains how to manage global platform keys ...................................................................... Patch Set 3: (2 comments) File docs/put_key-tutorial.rst: https://gerrit.osmocom.org/c/pysim/+/42353/comment/4cf5210a_e1df87dc?usp=em… : PS2, Line 80: pySIM-shell (00:MF/ADF.ISD-R)> > We need to check back if this really works. […] I have now reworked this. When I get https://euicc-manual.osmocom.org/docs/lpa/applet-id/ correctly then the purpose of the ISD-P is to be some kind of secure container of the profile. When it also is the "on-card representative of the SM-DP+", then the eSIM profile owner (MNO) probably has no influence here at all. This also may explain why it has no keys provisioned. As far as I understand now the ISD-P is not interesting at all in the scope of this tutorial. What we are interested in is the securityDomain that is specified in the eSIM profile. https://gerrit.osmocom.org/c/pysim/+/42353/comment/3eab4fe4_cf6a6d15?usp=em… : PS2, Line 462: +----------------+---------+---------------------------------------+ > I am not sure with the purpose of those two keys. […] I have checked this back. Remote Application Management over HTTP – Public Release v1.1.2, section 3.3.2 clearly says that the second key is a DEK key. So this is correct. -- To view, visit https://gerrit.osmocom.org/c/pysim/+/42353?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: comment Gerrit-Project: pysim Gerrit-Branch: master Gerrit-Change-Id: I163dfedca3df572cb8442e9a4a280e6c5b00327e Gerrit-Change-Number: 42353 Gerrit-PatchSet: 3 Gerrit-Owner: dexter <pmaier(a)sysmocom.de> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: daniel <dwillmann(a)sysmocom.de> Gerrit-Reviewer: laforge <laforge(a)osmocom.org> Gerrit-Reviewer: neels <nhofmeyr(a)sysmocom.de> Gerrit-Attention: neels <nhofmeyr(a)sysmocom.de> Gerrit-Attention: laforge <laforge(a)osmocom.org> Gerrit-Attention: daniel <dwillmann(a)sysmocom.de> Gerrit-Comment-Date: Thu, 19 Mar 2026 16:33:15 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: dexter <pmaier(a)sysmocom.de>

1 0

[L] Change in osmo-uecups[master]: Use libosmocore netdev
by pespin 19 Mar '26

19 Mar '26

Attention is currently required from: daniel, fixeria, laforge, lynxis lazus, osmith, pespin. pespin has posted comments on this change by pespin. ( https://gerrit.osmocom.org/c/osmo-uecups/+/42444?usp=email ) Change subject: Use libosmocore netdev ...................................................................... Patch Set 1: (1 comment) File daemon/gtp_tunnel.c: https://gerrit.osmocom.org/c/osmo-uecups/+/42444/comment/18170dbe_115b6fc1?… : PS1, Line 20: #define ADDR_SUBNET_PREFIX 16 I'm unsure which address subnet should I be setting here. How is the UE assumed to know? should we use 32 since it's supposed to be a p2p? Passing 24 there for instance makes fail ping from 10.45.0.1 to 10.45.1.1 -- To view, visit https://gerrit.osmocom.org/c/osmo-uecups/+/42444?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: comment Gerrit-Project: osmo-uecups Gerrit-Branch: master Gerrit-Change-Id: I8f18ef56a6e7186fed88f965fbb34aa390c3bac1 Gerrit-Change-Number: 42444 Gerrit-PatchSet: 1 Gerrit-Owner: pespin <pespin(a)sysmocom.de> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: daniel <dwillmann(a)sysmocom.de> Gerrit-Reviewer: fixeria <vyanitskiy(a)sysmocom.de> Gerrit-Reviewer: laforge <laforge(a)osmocom.org> Gerrit-Reviewer: lynxis lazus <lynxis(a)fe80.eu> Gerrit-Reviewer: osmith <osmith(a)sysmocom.de> Gerrit-Attention: osmith <osmith(a)sysmocom.de> Gerrit-Attention: laforge <laforge(a)osmocom.org> Gerrit-Attention: pespin <pespin(a)sysmocom.de> Gerrit-Attention: fixeria <vyanitskiy(a)sysmocom.de> Gerrit-Attention: daniel <dwillmann(a)sysmocom.de> Gerrit-Attention: lynxis lazus <lynxis(a)fe80.eu> Gerrit-Comment-Date: Thu, 19 Mar 2026 16:27:15 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No

1 0

[L] Change in osmo-uecups[master]: Use libosmocore netdev
by pespin 19 Mar '26

19 Mar '26

pespin has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-uecups/+/42444?usp=email ) Change subject: Use libosmocore netdev ...................................................................... Use libosmocore netdev Depends: libosmocore.git Change-Id I75153eb59e96a6a2505dc5b29432c76e5c21ea24 Change-Id: I8f18ef56a6e7186fed88f965fbb34aa390c3bac1 --- A TODO-RELEASE M daemon/Makefile.am M daemon/gtp_tunnel.c M daemon/internal.h D daemon/netdev.c M daemon/tun_device.c 6 files changed, 72 insertions(+), 183 deletions(-) git pull ssh://gerrit.osmocom.org:29418/osmo-uecups refs/changes/44/42444/1 diff --git a/TODO-RELEASE b/TODO-RELEASE new file mode 100644 index 0000000..8eda384 --- /dev/null +++ b/TODO-RELEASE @@ -0,0 +1,10 @@ +# When cleaning up this file: bump API version in corresponding Makefile.am and rename corresponding debian/lib*.install +# according to https://osmocom.org/projects/cellular-infrastructure/wiki/Make_a_new_release +# In short: https://www.gnu.org/software/libtool/manual/html_node/Updating-version-info… +# LIBVERSION=c:r:a +# If the library source code has changed at all since the last update, then increment revision: c:r + 1:a. +# If any interfaces have been added, removed, or changed since the last update: c + 1:0:a. +# If any interfaces have been added since the last public release: c:r:a + 1. +# If any interfaces have been removed or changed since the last public release: c:r:0. +#library what description / commit summary line +libosmocore >1.13.1 osmo_netdev_del_addr() diff --git a/daemon/Makefile.am b/daemon/Makefile.am index 1c680a6..89afe7a 100644 --- a/daemon/Makefile.am +++ b/daemon/Makefile.am @@ -37,7 +37,6 @@ osmo_uecups_daemon_SOURCES = \ cups_client.c \ utility.c \ - netdev.c \ tun_device.c \ gtp_daemon.c \ gtp_endpoint.c \ diff --git a/daemon/gtp_tunnel.c b/daemon/gtp_tunnel.c index a13b163..b5c3689 100644 --- a/daemon/gtp_tunnel.c +++ b/daemon/gtp_tunnel.c @@ -16,6 +16,9 @@ #include "internal.h" +/* FIXME: which prefix to pass here instead of 24? */ +#define ADDR_SUBNET_PREFIX 16 + #define LOGT(t, lvl, fmt, args ...) \ LOGP(DGT, lvl, "%s: " fmt, (t)->name, ## args) @@ -60,9 +63,9 @@ memcpy(&t->user_addr, &cpars->user_addr, sizeof(t->user_addr)); memcpy(&t->remote_udp, &cpars->remote_udp, sizeof(t->remote_udp)); - if (netdev_add_addr(t->tun_dev->nl, t->tun_dev->ifindex, &t->user_addr) < 0) { + if (osmo_netdev_add_addr(t->tun_dev->netdev, &t->user_addr, ADDR_SUBNET_PREFIX) < 0) { LOGT(t, LOGL_ERROR, "Cannot add user addr to tun device: %s\n", - strerror(errno)); + strerror(errno)); } /* TODO: hash table? */ @@ -134,12 +137,14 @@ /* UNLOCKED destroy of tunnel; drops references to EP + TUN */ void _gtp_tunnel_destroy(struct gtp_tunnel *t) { + int rc; + LOGT(t, LOGL_NOTICE, "Destroying\n"); /* talloc is not thread safe, all alloc/free must come from main thread */ ASSERT_MAIN_THREAD(t->d); - if (netdev_del_addr(t->tun_dev->nl, t->tun_dev->ifindex, &t->user_addr) < 0) - LOGT(t, LOGL_ERROR, "Cannot remove user address: %s\n", strerror(errno)); + if ((rc = osmo_netdev_del_addr(t->tun_dev->netdev, &t->user_addr, ADDR_SUBNET_PREFIX)) < 0) + LOGT(t, LOGL_ERROR, "Cannot remove user address: %s\n", strerror(-rc)); llist_del(&t->list); diff --git a/daemon/internal.h b/daemon/internal.h index 7a016fa..280bb3e 100644 --- a/daemon/internal.h +++ b/daemon/internal.h @@ -13,6 +13,8 @@ #include <osmocom/core/it_q.h> #include <osmocom/core/utils.h> #include <osmocom/core/socket.h> +#include <osmocom/core/logging.h> +#include <osmocom/core/netdev.h> #include <osmocom/netif/stream.h> @@ -36,15 +38,6 @@ DUECUPS, }; -/*********************************************************************** - * netdev / netlink - ***********************************************************************/ - -int netdev_add_addr(struct nl_sock *nlsk, int ifindex, const struct osmo_sockaddr *osa); -int netdev_del_addr(struct nl_sock *nlsk, int ifindex, const struct osmo_sockaddr *osa); -int netdev_set_link(struct nl_sock *nlsk, int ifindex, bool up); -int netdev_add_defaultroute(struct nl_sock *nlsk, int ifindex, uint8_t family); - /*********************************************************************** * GTP Endpoint (UDP socket) @@ -115,8 +108,7 @@ const char *netns_name; int netns_fd; - /* netlink socket in the namespace of the tun device */ - struct nl_sock *nl; + struct osmo_netdev *netdev; /* list of local addresses? or simply only have the kernel know thses? */ diff --git a/daemon/netdev.c b/daemon/netdev.c deleted file mode 100644 index 165a6bc..0000000 --- a/daemon/netdev.c +++ /dev/null @@ -1,137 +0,0 @@ -/* SPDX-License-Identifier: GPL-2.0 */ -#include <unistd.h> -#include <stdint.h> -#include <stdbool.h> -#include <stdlib.h> -#include <string.h> -#include <stdio.h> -#include <errno.h> -#include <sys/types.h> -#include <sys/socket.h> - -#include <netinet/ip.h> -#include <netinet/ip6.h> - -#include <linux/if.h> -#include <linux/if_tun.h> -#include <sys/ioctl.h> - -#include <linux/netlink.h> -#include <netlink/socket.h> -#include <netlink/route/link.h> -#include <netlink/route/addr.h> -#include <netlink/route/route.h> -#include <netlink/route/nexthop.h> - -#include <osmocom/core/utils.h> -#include <osmocom/core/socket.h> - -/*********************************************************************** - * netlink helper functions - ***********************************************************************/ - -static int _netdev_addr(struct nl_sock *nlsk, int ifindex, const struct osmo_sockaddr *osa, bool add) -{ - struct nl_addr *local = NULL; - struct rtnl_addr *addr; - int rc; - - switch (osa->u.sa.sa_family) { - case AF_INET: - local = nl_addr_build(AF_INET, &osa->u.sin.sin_addr, 4); - break; - case AF_INET6: - local = nl_addr_build(AF_INET6, &osa->u.sin6.sin6_addr, 16); - break; - } - OSMO_ASSERT(local); - - addr = rtnl_addr_alloc(); - OSMO_ASSERT(addr); - rtnl_addr_set_ifindex(addr, ifindex); - OSMO_ASSERT(rtnl_addr_set_local(addr, local) == 0); - - if (add) - rc = rtnl_addr_add(nlsk, addr, 0); - else - rc = rtnl_addr_delete(nlsk, addr, 0); - - rtnl_addr_put(addr); - - return rc; -} - -int netdev_add_addr(struct nl_sock *nlsk, int ifindex, const struct osmo_sockaddr *osa) -{ - return _netdev_addr(nlsk, ifindex, osa, true); -} - -int netdev_del_addr(struct nl_sock *nlsk, int ifindex, const struct osmo_sockaddr *osa) -{ - return _netdev_addr(nlsk, ifindex, osa, false); -} - -int netdev_set_link(struct nl_sock *nlsk, int ifindex, bool up) -{ - struct rtnl_link *link, *change; - int rc; - - rc = rtnl_link_get_kernel(nlsk, ifindex, NULL, &link); - if (rc < 0) - return rc; - - change = rtnl_link_alloc(); - OSMO_ASSERT(change); - - if (up) - rtnl_link_set_flags(change, IFF_UP); - else - rtnl_link_unset_flags(change, IFF_UP); - - rc = rtnl_link_change(nlsk, link, change, 0); - - rtnl_link_put(change); - rtnl_link_put(link); - - return rc; -} - -int netdev_add_defaultroute(struct nl_sock *nlsk, int ifindex, uint8_t family) -{ - struct rtnl_route *route = rtnl_route_alloc(); - struct rtnl_nexthop *nhop = rtnl_route_nh_alloc(); - struct nl_addr *dst, *gw; - uint8_t buf[16]; - int rc; - - OSMO_ASSERT(route); - OSMO_ASSERT(nhop); - - /* destination address of route: all-zero */ - memset(buf, 0, sizeof(buf)); - dst = nl_addr_build(family, buf, family == AF_INET ? 4 : 16); - OSMO_ASSERT(dst); - nl_addr_set_prefixlen(dst, 0); - - /* gateway address of route: also all-zero */ - gw = nl_addr_clone(dst); - OSMO_ASSERT(gw); - - /* nexthop for route */ - rtnl_route_nh_set_ifindex(nhop, ifindex); - rtnl_route_nh_set_gateway(nhop, gw); - - /* tie everything together in the route */ - rtnl_route_set_dst(route, dst); - rtnl_route_set_family(route, family); - rtnl_route_add_nexthop(route, nhop); - - rc = rtnl_route_add(nlsk, route, NLM_F_CREATE); - - //rtnl_route_nh_free(nhop); - nl_addr_put(gw); - nl_addr_put(dst); - rtnl_route_put(route); - - return rc; -} diff --git a/daemon/tun_device.c b/daemon/tun_device.c index 837fd9d..d7bbec1 100644 --- a/daemon/tun_device.c +++ b/daemon/tun_device.c @@ -16,7 +16,7 @@ #include <fcntl.h> #include <signal.h> #include <netdb.h> - +#include <net/if.h> #include <netinet/ip.h> #include <netinet/ip6.h> @@ -26,10 +26,6 @@ #include <linux/if_tun.h> #include <sys/ioctl.h> -#include <linux/netlink.h> -#include <netlink/socket.h> -#include <netlink/route/link.h> - #include <osmocom/core/linuxlist.h> #include <osmocom/core/talloc.h> #include <osmocom/core/logging.h> @@ -318,9 +314,9 @@ static struct tun_device * _tun_device_create(struct gtp_daemon *d, const char *devname, const char *netns_name) { - struct rtnl_link *link; struct tun_device *tun; struct osmo_netns_switch_state switch_state; + bool inside_netns = false; int rc; tun = talloc_zero(d, struct tun_device); @@ -349,6 +345,7 @@ tun->netns_name, strerror(errno)); goto err_close_ns; } + inside_netns = true; } tun->fd = tun_open(0, tun->devname); @@ -357,49 +354,72 @@ goto err_restore_ns; } - tun->nl = nl_socket_alloc(); - if (!tun->nl || nl_connect(tun->nl, NETLINK_ROUTE) < 0) { - LOGTUN(tun, LOGL_ERROR, "Cannot create netlink socket in namespace '%s'\n", - tun->netns_name); + /* Store interface index: + * (Note: there's a potential race condition here between creating the + * iface with a given name above and attempting to retrieve its ifindex based + * on that name. Someone (ie udev) could have the iface renamed in + * between here. It's a pity that TUNSETIFF doesn't copy back to us the + * newly allocated ifinidex as it does with ifname) + */ + tun->ifindex = if_nametoindex(tun->devname); + if (tun->ifindex == 0) { + LOGTUN(tun, LOGL_ERROR, "Unable to find ifinidex for dev %s\n", + tun->devname); goto err_close; } - rc = rtnl_link_get_kernel(tun->nl, 0, tun->devname, &link); - if (rc < 0) { - LOGTUN(tun, LOGL_ERROR, "Cannot get ifindex for netif after create?!?\n"); - goto err_free_nl; - } - tun->ifindex = rtnl_link_get_ifindex(link); - rtnl_link_put(link); - /* switch back to default namespace before creating new thread */ - if (tun->netns_name) + if (inside_netns) { OSMO_ASSERT(osmo_netns_switch_exit(&switch_state) == 0); + inside_netns = false; + } + + tun->netdev = osmo_netdev_alloc(tun, tun->devname); + if (tun->netns_name) { + rc = osmo_netdev_set_netns_name(tun->netdev, tun->netns_name); + if (rc < 0) + goto err_free_netdev; + } + rc = osmo_netdev_set_ifindex(tun->netdev, tun->ifindex); + if (rc < 0) + goto err_free_netdev; + + rc = osmo_netdev_register(tun->netdev); + if (rc < 0) + goto err_free_netdev; /* bring the network device up */ - rc = netdev_set_link(tun->nl, tun->ifindex, true); + rc = osmo_netdev_ifupdown(tun->netdev, true); if (rc < 0) LOGTUN(tun, LOGL_ERROR, "Cannot set interface to 'up'\n"); - if (tun->netns_name) { - rc = netdev_add_defaultroute(tun->nl, tun->ifindex, AF_INET); + if (inside_netns) { + struct osmo_sockaddr osa; + + memset(&osa, 0, sizeof(osa)); + osa.u.sin.sin_family = AF_INET; + osa.u.sin.sin_addr.s_addr = 0; + rc = osmo_netdev_add_route(tun->netdev, &osa, 0, NULL); if (rc < 0) LOGTUN(tun, LOGL_ERROR, "Cannot add IPv4 default route " - "(rc=%d): %s\n", rc, nl_geterror(rc)); + "(rc=%d): %s\n", rc, strerror(-rc)); else LOGTUN(tun, LOGL_INFO, "Added IPv4 default route\n"); - rc = netdev_add_defaultroute(tun->nl, tun->ifindex, AF_INET6); + memset(&osa, 0, sizeof(osa)); + osa.u.sin6.sin6_family = AF_INET6; + memset(&osa.u.sin6.sin6_addr, 0, sizeof(osa.u.sin6.sin6_addr)); + rc = osmo_netdev_add_route(tun->netdev, &osa, 0, NULL); if (rc < 0) LOGTUN(tun, LOGL_ERROR, "Cannot add IPv6 default route " - "(rc=%d): %s\n", rc, nl_geterror(rc)); + "(rc=%d): %s\n", rc, strerror(-rc)); else LOGTUN(tun, LOGL_INFO, "Added IPv6 default route\n"); } if (pthread_create(&tun->thread, NULL, tun_device_thread, tun)) { LOGTUN(tun, LOGL_ERROR, "Cannot create TUN thread: %s\n", strerror(errno)); - goto err_free_nl; + goto err_free_netdev; } LOGTUN(tun, LOGL_INFO, "Created (in netns '%s')\n", tun->netns_name); @@ -407,12 +427,12 @@ return tun; -err_free_nl: - nl_socket_free(tun->nl); +err_free_netdev: + osmo_netdev_free(tun->netdev); err_close: close(tun->fd); err_restore_ns: - if (tun->netns_name) + if (inside_netns) OSMO_ASSERT(osmo_netns_switch_exit(&switch_state) == 0); err_close_ns: if (tun->netns_name) @@ -482,7 +502,7 @@ if (tun->netns_name) close(tun->netns_fd); close(tun->fd); - nl_socket_free(tun->nl); + osmo_netdev_free(tun->netdev); talloc_free(tun); } -- To view, visit https://gerrit.osmocom.org/c/osmo-uecups/+/42444?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: newchange Gerrit-Project: osmo-uecups Gerrit-Branch: master Gerrit-Change-Id: I8f18ef56a6e7186fed88f965fbb34aa390c3bac1 Gerrit-Change-Number: 42444 Gerrit-PatchSet: 1 Gerrit-Owner: pespin <pespin(a)sysmocom.de>

1 0

[M] Change in libosmocore[master]: netdev: Add API osmo_netdev_del_addr()
by pespin 19 Mar '26

19 Mar '26

pespin has uploaded this change for review. ( https://gerrit.osmocom.org/c/libosmocore/+/42443?usp=email ) Change subject: netdev: Add API osmo_netdev_del_addr() ...................................................................... netdev: Add API osmo_netdev_del_addr() Change-Id: I75153eb59e96a6a2505dc5b29432c76e5c21ea24 --- M TODO-RELEASE M include/osmocom/core/netdev.h M src/core/libosmocore.map M src/core/netdev.c 4 files changed, 80 insertions(+), 0 deletions(-) git pull ssh://gerrit.osmocom.org:29418/libosmocore refs/changes/43/42443/1 diff --git a/TODO-RELEASE b/TODO-RELEASE index 0ed7189..ee01c5b 100644 --- a/TODO-RELEASE +++ b/TODO-RELEASE @@ -7,3 +7,4 @@ # If any interfaces have been added since the last public release: c:r:a + 1. # If any interfaces have been removed or changed since the last public release: c:r:0. #library what description / commit summary line +core add osmo_netdev_del_addr() diff --git a/include/osmocom/core/netdev.h b/include/osmocom/core/netdev.h index 4d505fe..33dc4ec 100644 --- a/include/osmocom/core/netdev.h +++ b/include/osmocom/core/netdev.h @@ -42,6 +42,8 @@ void osmo_netdev_set_mtu_chg_cb(struct osmo_netdev *netdev, osmo_netdev_mtu_chg_cb_t mtu_chg_cb); int osmo_netdev_add_addr(struct osmo_netdev *netdev, const struct osmo_sockaddr *addr, uint8_t prefixlen); +int osmo_netdev_del_addr(struct osmo_netdev *netdev, const struct osmo_sockaddr *addr, uint8_t prefixlen); + int osmo_netdev_add_route(struct osmo_netdev *netdev, const struct osmo_sockaddr *dst_addr, uint8_t dst_prefixlen, const struct osmo_sockaddr *gw_addr); int osmo_netdev_ifupdown(struct osmo_netdev *netdev, bool ifupdown); diff --git a/src/core/libosmocore.map b/src/core/libosmocore.map index 06a9009..0cb696b 100644 --- a/src/core/libosmocore.map +++ b/src/core/libosmocore.map @@ -323,6 +323,7 @@ osmo_netdev_add_addr; osmo_netdev_add_route; osmo_netdev_alloc; +osmo_netdev_del_addr; osmo_netdev_free; osmo_netdev_get_dev_name; osmo_netdev_get_ifindex; diff --git a/src/core/netdev.c b/src/core/netdev.c index be7ad2e..d9bc797 100644 --- a/src/core/netdev.c +++ b/src/core/netdev.c @@ -606,6 +606,50 @@ return 0; } +static int netdev_mnl_del_addr(struct osmo_mnl *omnl, unsigned int if_index, const struct osmo_sockaddr *osa, uint8_t prefix) +{ + char buf[MNL_SOCKET_BUFFER_SIZE]; + struct nlmsghdr *nlh = mnl_nlmsg_put_header(buf); + struct ifaddrmsg *ifm; + + nlh->nlmsg_type = RTM_DELADDR; + nlh->nlmsg_flags = NLM_F_REQUEST | NLM_F_CREATE | NLM_F_REPLACE | NLM_F_ACK; + nlh->nlmsg_seq = (uint32_t)time(NULL); + + ifm = mnl_nlmsg_put_extra_header(nlh, sizeof(*ifm)); + ifm->ifa_family = osa->u.sa.sa_family; + ifm->ifa_prefixlen = prefix; + ifm->ifa_flags = IFA_F_PERMANENT; + ifm->ifa_scope = RT_SCOPE_UNIVERSE; + ifm->ifa_index = if_index; + + /* + * The exact meaning of IFA_LOCAL and IFA_ADDRESS depend + * on the address family being used and the device type. + * For broadcast devices (like the interfaces we use), + * for IPv4 we specify both and they are used interchangeably. + * For IPv6, only IFA_ADDRESS needs to be set. + */ + switch (osa->u.sa.sa_family) { + case AF_INET: + mnl_attr_put_u32(nlh, IFA_LOCAL, osa->u.sin.sin_addr.s_addr); + mnl_attr_put_u32(nlh, IFA_ADDRESS, osa->u.sin.sin_addr.s_addr); + break; + case AF_INET6: + mnl_attr_put(nlh, IFA_ADDRESS, sizeof(struct in6_addr), &osa->u.sin6.sin6_addr); + break; + default: + return -EINVAL; + } + + if (mnl_socket_sendto(omnl->mnls, nlh, nlh->nlmsg_len) < 0) { + LOGP(DLGLOBAL, LOGL_ERROR, "mnl_socket_sendto\n"); + return -EIO; + } + + return 0; +} + static int netdev_mnl_add_route(struct osmo_mnl *omnl, unsigned int if_index, const struct osmo_sockaddr *dst_osa, @@ -983,6 +1027,38 @@ return rc; } +/*! Remove IP address from netdev interface + * \param[in] netdev The netdev object managing the netdev interface + * \param[in] addr The local address to remove from the interface + * \param[in] prefixlen The network prefix of addr + * \returns 0 on succes; negative on error. + */ +int osmo_netdev_del_addr(struct osmo_netdev *netdev, const struct osmo_sockaddr *addr, uint8_t prefixlen) +{ + struct osmo_netns_switch_state switch_state; + char buf[INET6_ADDRSTRLEN]; + int rc; + + if (!netdev->registered) + return -ENODEV; + + LOGNETDEV(netdev, LOGL_NOTICE, "Deleting address %s/%u from dev %s\n", + osmo_sockaddr_ntop(&addr->u.sa, buf), prefixlen, netdev->dev_name); + + NETDEV_NETNS_ENTER(netdev, &switch_state, "Delete address"); + +#if ENABLE_LIBMNL + rc = netdev_mnl_del_addr(netdev->netns_ctx->omnl, netdev->ifindex, addr, prefixlen); +#else + LOGNETDEV(netdev, LOGL_ERROR, "%s: NOT SUPPORTED. Build libosmocore with --enable-libmnl.\n", __func__); + rc = -ENOTSUP; +#endif + + NETDEV_NETNS_EXIT(netdev, &switch_state, "Delete address"); + + return rc; +} + /*! Add IP route to netdev interface * \param[in] netdev The netdev object managing the netdev interface * \param[in] dst_addr The destination address of the route -- To view, visit https://gerrit.osmocom.org/c/libosmocore/+/42443?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: newchange Gerrit-Project: libosmocore Gerrit-Branch: master Gerrit-Change-Id: I75153eb59e96a6a2505dc5b29432c76e5c21ea24 Gerrit-Change-Number: 42443 Gerrit-PatchSet: 1 Gerrit-Owner: pespin <pespin(a)sysmocom.de>

1 0

[L] Change in osmo-uecups[master]: Use libosmocore netns API
by pespin 19 Mar '26

19 Mar '26

pespin has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-uecups/+/42442?usp=email ) Change subject: Use libosmocore netns API ...................................................................... Use libosmocore netns API Change-Id: Ia8617765d4c14483e2ad0ea09a8f2276fd7aaebf --- M daemon/Makefile.am M daemon/cups_client.c M daemon/internal.h M daemon/main.c D daemon/netns.c D daemon/netns.h M daemon/tun_device.c 7 files changed, 10 insertions(+), 324 deletions(-) git pull ssh://gerrit.osmocom.org:29418/osmo-uecups refs/changes/42/42442/1 diff --git a/daemon/Makefile.am b/daemon/Makefile.am index 2d62f11..1c680a6 100644 --- a/daemon/Makefile.am +++ b/daemon/Makefile.am @@ -27,7 +27,6 @@ noinst_HEADERS = \ gtp.h \ - netns.h \ internal.h \ $(NULL) @@ -39,7 +38,6 @@ cups_client.c \ utility.c \ netdev.c \ - netns.c \ tun_device.c \ gtp_daemon.c \ gtp_endpoint.c \ diff --git a/daemon/cups_client.c b/daemon/cups_client.c index e2bae46..578719b 100644 --- a/daemon/cups_client.c +++ b/daemon/cups_client.c @@ -13,6 +13,7 @@ #include <osmocom/core/talloc.h> #include <osmocom/core/logging.h> #include <osmocom/core/exec.h> +#include <osmocom/core/netns.h> #include "internal.h" #include "gtp.h" @@ -405,7 +406,7 @@ struct gtp_daemon *d = cc->d; const char *cmd, *user; char **addl_env = NULL; - sigset_t oldmask; + struct osmo_netns_switch_state switch_state; int nsfd = -1, rc; juser = json_object_get(sprog, "run_as_user"); @@ -447,7 +448,7 @@ } if (jnetns) { - rc = switch_ns(nsfd, &oldmask); + rc = osmo_netns_switch_enter(nsfd, &switch_state); if (rc < 0) { talloc_free(addl_env); return -EIO; @@ -457,7 +458,7 @@ rc = osmo_system_nowait2(cmd, osmo_environment_whitelist, addl_env, user); if (jnetns) { - OSMO_ASSERT(restore_ns(&oldmask) == 0); + OSMO_ASSERT(osmo_netns_switch_exit(&switch_state) == 0); } talloc_free(addl_env); diff --git a/daemon/internal.h b/daemon/internal.h index d431add..7a016fa 100644 --- a/daemon/internal.h +++ b/daemon/internal.h @@ -1,8 +1,6 @@ /* SPDX-License-Identifier: GPL-2.0 */ #pragma once -#include "netns.h" - #include <stdint.h> #include <stdbool.h> #include <pthread.h> diff --git a/daemon/main.c b/daemon/main.c index c023351..b00e5d3 100644 --- a/daemon/main.c +++ b/daemon/main.c @@ -36,7 +36,6 @@ #include <jansson.h> #include "internal.h" -#include "netns.h" #include "gtp.h" static void *g_tall_ctx; @@ -226,8 +225,6 @@ handle_options(argc, argv); - init_netns(); - rc = vty_read_config_file(g_config_file, NULL); if (rc < 0) { fprintf(stderr, "Failed to open config file: '%s'\n", g_config_file); diff --git a/daemon/netns.c b/daemon/netns.c deleted file mode 100644 index b0ec254..0000000 --- a/daemon/netns.c +++ /dev/null @@ -1,273 +0,0 @@ -#warning "Merge netns.c from osmo-ggsn and osmo-gtpu-daemon" -/* - * Copyright (C) 2014-2017, Travelping GmbH <info(a)travelping.com> - * Copyright (C) 2020, Harald Welte <laforge(a)gnumonks.org> - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - * - */ - -#if defined(__linux__) - -#ifdef HAVE_CONFIG_H -# include "config.h" -#endif - -#ifndef _GNU_SOURCE -# define _GNU_SOURCE -#endif - -#include <errno.h> -#include <stdio.h> -#include <stdlib.h> -#include <unistd.h> -#include <sched.h> -#include <signal.h> -#include <sys/types.h> -#include <sys/stat.h> -#include <sys/socket.h> -#include <sys/mount.h> -#include <sys/param.h> -#include <fcntl.h> -#include <errno.h> - -#include <osmocom/core/utils.h> - -#include "netns.h" - -#define NETNS_PATH "/var/run/netns" - -/*! default namespace of the GGSN process */ -static int default_nsfd = -1; - -/*! switch to a (non-default) namespace, store existing signal mask in oldmask. - * \param[in] nsfd file descriptor representing the namespace to whch we shall switch - * \param[out] oldmaks caller-provided memory location to which old signal mask is stored - * \ returns 0 on success or negative (errno) in case of error */ -int switch_ns(int nsfd, sigset_t *oldmask) -{ - sigset_t intmask; - int rc; - - OSMO_ASSERT(default_nsfd >= 0); - - if (sigfillset(&intmask) < 0) - return -errno; - if ((rc = sigprocmask(SIG_BLOCK, &intmask, oldmask)) != 0) - return -rc; - - if (setns(nsfd, CLONE_NEWNET) < 0) { - /* restore old mask if we couldn't switch the netns */ - sigprocmask(SIG_SETMASK, oldmask, NULL); - return -errno; - } - return 0; -} - -/*! switch back to the default namespace, restoring signal mask. - * \param[in] oldmask signal mask to restore after returning to default namespace - * \returns 0 on successs; negative errno value in case of error */ -int restore_ns(sigset_t *oldmask) -{ - OSMO_ASSERT(default_nsfd >= 0); - - int rc; - if (setns(default_nsfd, CLONE_NEWNET) < 0) - return -errno; - - if ((rc = sigprocmask(SIG_SETMASK, oldmask, NULL)) != 0) - return -rc; - return 0; -} - -/*! open a file from within specified network namespace */ -int open_ns(int nsfd, const char *pathname, int flags) -{ - sigset_t intmask, oldmask; - int ret; - int fd = -1; - int rc; - - OSMO_ASSERT(default_nsfd >= 0); - - /* mask off all signals, store old signal mask */ - if (sigfillset(&intmask) < 0) - return -errno; - if ((rc = sigprocmask(SIG_BLOCK, &intmask, &oldmask)) != 0) - return -rc; - - /* associate the calling thread with namespace file descriptor */ - if (setns(nsfd, CLONE_NEWNET) < 0) { - ret = -errno; - goto restore_sigmask; - } - /* open the requested file/path */ - if ((fd = open(pathname, flags)) < 0) { - ret = -errno; - goto restore_defaultns; - } - ret = fd; - -restore_defaultns: - /* return back to default namespace */ - if (setns(default_nsfd, CLONE_NEWNET) < 0) { - if (fd >= 0) - close(fd); - return -errno; - } - -restore_sigmask: - /* restore process mask */ - if ((rc = sigprocmask(SIG_SETMASK, &oldmask, NULL)) != 0) { - if (fd >= 0) - close(fd); - return -rc; - } - - return ret; -} - -/*! create a socket in another namespace. - * Switches temporarily to namespace indicated by nsfd, creates a socket in - * that namespace and then returns to the default namespace. - * \param[in] nsfd File descriptor of the namspace in which to create socket - * \param[in] domain Domain of the socket (AF_INET, ...) - * \param[in] type Type of the socket (SOCK_STREAM, ...) - * \param[in] protocol Protocol of the socket (IPPROTO_TCP, ...) - * \returns 0 on success; negative errno in case of error */ -int socket_ns(int nsfd, int domain, int type, int protocol) -{ - sigset_t intmask, oldmask; - int ret; - int sk = -1; - int rc; - - OSMO_ASSERT(default_nsfd >= 0); - - /* mask off all signals, store old signal mask */ - if (sigfillset(&intmask) < 0) - return -errno; - if ((rc = sigprocmask(SIG_BLOCK, &intmask, &oldmask)) != 0) - return -rc; - - /* associate the calling thread with namespace file descriptor */ - if (setns(nsfd, CLONE_NEWNET) < 0) { - ret = -errno; - goto restore_sigmask; - } - - /* create socket of requested domain/type/proto */ - if ((sk = socket(domain, type, protocol)) < 0) { - ret = -errno; - goto restore_defaultns; - } - ret = sk; - -restore_defaultns: - /* return back to default namespace */ - if (setns(default_nsfd, CLONE_NEWNET) < 0) { - if (sk >= 0) - close(sk); - return -errno; - } - -restore_sigmask: - /* restore process mask */ - if ((rc = sigprocmask(SIG_SETMASK, &oldmask, NULL)) != 0) { - if (sk >= 0) - close(sk); - return -rc; - } - return ret; -} - -/*! initialize this network namespace helper module. - * Must be called before using any other functions of this file. - * \returns 0 on success; negative errno in case of error */ -int init_netns() -{ - /* store the default namespace for later reference */ - if ((default_nsfd = open("/proc/self/ns/net", O_RDONLY)) < 0) - return -errno; - return 0; -} - -/*! create obtain file descriptor for network namespace of give name. - * Creates /var/run/netns if it doesn't exist already. - * \param[in] name Name of the network namespace (in /var/run/netns/) - * \returns File descriptor of network namespace; negative errno in case of error */ -int get_nsfd(const char *name) -{ - int ret = 0; - int rc; - int fd; - sigset_t intmask, oldmask; - char path[MAXPATHLEN] = NETNS_PATH; - - OSMO_ASSERT(default_nsfd >= 0); - - /* create /var/run/netns, if it doesn't exist already */ - rc = mkdir(path, S_IRWXU|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH); - if (rc < 0 && errno != EEXIST) - return rc; - - /* create /var/run/netns/[name], if it doesn't exist already */ - snprintf(path, sizeof(path), "%s/%s", NETNS_PATH, name); - fd = open(path, O_RDONLY|O_CREAT|O_EXCL, 0); - if (fd < 0) { - if (errno == EEXIST) { - if ((fd = open(path, O_RDONLY)) < 0) - return -errno; - return fd; - } - return -errno; - } - if (close(fd) < 0) - return -errno; - - /* mask off all signals, store old signal mask */ - if (sigfillset(&intmask) < 0) - return -errno; - if ((rc = sigprocmask(SIG_BLOCK, &intmask, &oldmask)) != 0) - return -rc; - - /* create a new network namespace */ - if (unshare(CLONE_NEWNET) < 0) { - ret = -errno; - goto restore_sigmask; - } - if (mount("/proc/self/ns/net", path, "none", MS_BIND, NULL) < 0) - ret = -errno; - - /* switch back to default namespace */ - if (setns(default_nsfd, CLONE_NEWNET) < 0) - return -errno; - -restore_sigmask: - /* restore process mask */ - if ((rc = sigprocmask(SIG_SETMASK, &oldmask, NULL)) != 0) - return -rc; - - /* might have been set above in case mount fails */ - if (ret < 0) - return ret; - - /* finally, open the created namespace file descriptor from default ns */ - if ((fd = open(path, O_RDONLY)) < 0) - return -errno; - - return fd; -} - -#endif diff --git a/daemon/netns.h b/daemon/netns.h deleted file mode 100644 index 3b91ba3..0000000 --- a/daemon/netns.h +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (C) 2014-2017, Travelping GmbH <info(a)travelping.com> - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - * - */ - -#ifndef __NETNS_H -#define __NETNS_H - -#if defined(__linux__) - -int init_netns(void); - -int switch_ns(int nsfd, sigset_t *oldmask); -int restore_ns(sigset_t *oldmask); - -int open_ns(int nsfd, const char *pathname, int flags); -int socket_ns(int nsfd, int domain, int type, int protocol); -int get_nsfd(const char *name); - -#endif - -#endif diff --git a/daemon/tun_device.c b/daemon/tun_device.c index bc41db9..837fd9d 100644 --- a/daemon/tun_device.c +++ b/daemon/tun_device.c @@ -33,11 +33,11 @@ #include <osmocom/core/linuxlist.h> #include <osmocom/core/talloc.h> #include <osmocom/core/logging.h> +#include <osmocom/core/netns.h> #include <osmocom/core/utils.h> #include "gtp.h" #include "internal.h" -#include "netns.h" /*********************************************************************** * TUN Device @@ -320,7 +320,7 @@ { struct rtnl_link *link; struct tun_device *tun; - sigset_t oldmask; + struct osmo_netns_switch_state switch_state; int rc; tun = talloc_zero(d, struct tun_device); @@ -333,7 +333,7 @@ if (netns_name) { tun->netns_name = talloc_strdup(tun, netns_name); - tun->netns_fd = get_nsfd(tun->netns_name); + tun->netns_fd = osmo_netns_open_fd(tun->netns_name); if (tun->netns_fd < 0) { LOGTUN(tun, LOGL_ERROR, "Cannot obtain netns file descriptor: %s\n", strerror(errno)); @@ -343,7 +343,7 @@ /* temporarily switch to specified namespace to create tun device */ if (tun->netns_name) { - rc = switch_ns(tun->netns_fd, &oldmask); + rc = osmo_netns_switch_enter(tun->netns_fd, &switch_state); if (rc < 0) { LOGTUN(tun, LOGL_ERROR, "Cannot switch to netns '%s': %s\n", tun->netns_name, strerror(errno)); @@ -374,7 +374,7 @@ /* switch back to default namespace before creating new thread */ if (tun->netns_name) - OSMO_ASSERT(restore_ns(&oldmask) == 0); + OSMO_ASSERT(osmo_netns_switch_exit(&switch_state) == 0); /* bring the network device up */ rc = netdev_set_link(tun->nl, tun->ifindex, true); @@ -413,7 +413,7 @@ close(tun->fd); err_restore_ns: if (tun->netns_name) - OSMO_ASSERT(restore_ns(&oldmask) == 0); + OSMO_ASSERT(osmo_netns_switch_exit(&switch_state) == 0); err_close_ns: if (tun->netns_name) close(tun->netns_fd); -- To view, visit https://gerrit.osmocom.org/c/osmo-uecups/+/42442?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: newchange Gerrit-Project: osmo-uecups Gerrit-Branch: master Gerrit-Change-Id: Ia8617765d4c14483e2ad0ea09a8f2276fd7aaebf Gerrit-Change-Number: 42442 Gerrit-PatchSet: 1 Gerrit-Owner: pespin <pespin(a)sysmocom.de>

1 0

[M] Change in pysim[master]: transport: change APDU format paradigm
by dexter 19 Mar '26

19 Mar '26

Attention is currently required from: daniel, laforge, neels. dexter has posted comments on this change by dexter. ( https://gerrit.osmocom.org/c/pysim/+/42441?usp=email ) Change subject: transport: change APDU format paradigm ...................................................................... Patch Set 1: (1 comment) Patchset: PS1: This patch wouldn't alter the behavior of existing APDU scripts. As far as I know pySim-shell, pySim-prog and pySim-read are the only programs that make use of the pySim/transport API. In case there are other projects that use this API, those would need fixing if they still use TPDUs instead of APDUs. If this is a concern we should find an alternative. -- To view, visit https://gerrit.osmocom.org/c/pysim/+/42441?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: comment Gerrit-Project: pysim Gerrit-Branch: master Gerrit-Change-Id: I9a531a825def318b28bf58291d811cf119003fab Gerrit-Change-Number: 42441 Gerrit-PatchSet: 1 Gerrit-Owner: dexter <pmaier(a)sysmocom.de> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: daniel <dwillmann(a)sysmocom.de> Gerrit-Reviewer: laforge <laforge(a)osmocom.org> Gerrit-Reviewer: neels <nhofmeyr(a)sysmocom.de> Gerrit-Attention: neels <nhofmeyr(a)sysmocom.de> Gerrit-Attention: laforge <laforge(a)osmocom.org> Gerrit-Attention: daniel <dwillmann(a)sysmocom.de> Gerrit-Comment-Date: Thu, 19 Mar 2026 12:39:50 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No

1 0

[M] Change in pysim[master]: transport: change APDU format paradigm
by dexter 19 Mar '26

19 Mar '26

dexter has uploaded this change for review. ( https://gerrit.osmocom.org/c/pysim/+/42441?usp=email ) Change subject: transport: change APDU format paradigm ...................................................................... transport: change APDU format paradigm Unfortunately we have mixed up the concept of TPDUs and APDUs in earlier versions of pySim-shell. This lead to problems with detecteding the APDU case properly (see also ISO/IEC 7816-3) and also prevented us from adding support for T=1. This problem has been fixed long time ago and all APDUs sent from the pySim-shell code should be well formed and valid according to ISO/IEC 7816-3. To ensure that we continue to format APDUs correctly as APDUs (and not TPDUs) we have added a mechanism to the LinkBase class that would either raise an exception or print a warning if someone mistakenly tries to send an APDU that is really a TPDU. Whether a warning is printed or an exception is raised is controlled via the apdu_strict member in the LinkBase class, which is false (print warning only) by default. The reason why we have implemneted the mechanism this way was because we wanted to ensure that existing APDU scripts (pySim-shell apdu command) keep working, even though when those scripts uses APDUs which are formally invalid. Sending a TPDU instead of an APDU via a T=0 link will still work in almost all cases. This is also the reason why this problem slipped through unnoticed for long time. However, there may still be subtile problems araising from this practice. The root of the problem is that it is impossible to distinguish between APDU case 3 and 4 when a TPDU instead of an APDU is sent. However in order to handle a case 4 APDU correctly we must be able to distinguish the APDU case correctly to handle the case correctly. ETSI TS 102 221, section 7.3.1.1.4, clause 4 is very clear about the fact that not (only) the status word (e.g. 61xx) but the APDU case is what matters. To complete the logic in LinkBaseTpdu and to maintain compatibility (older APDU scripts), we must still be able to switch between the 'apdu_strict' mode and the non-strict mode. However, it makes sense to do this on a per-api-call basis instead globally via a class property. At the same time we will limit the effect of pySim-shell's apdu_strict setable to the apdu command only. By doing so, the bahviour of the apdu command is not altered. Users will still have to enable the 'strict' mode explicitly. At the same time all the internal functionality of pySim-shell will always use the 'strict' mode. Related: OS#6970 Change-Id: I9a531a825def318b28bf58291d811cf119003fab --- M pySim-shell.py M pySim/commands.py M pySim/transport/__init__.py 3 files changed, 24 insertions(+), 28 deletions(-) git pull ssh://gerrit.osmocom.org:29418/pysim refs/changes/41/42441/1 diff --git a/pySim-shell.py b/pySim-shell.py index 50deea2..39678fd 100755 --- a/pySim-shell.py +++ b/pySim-shell.py @@ -136,8 +136,7 @@ self.add_settable(Settable2Compat('apdu_trace', bool, 'Trace and display APDUs exchanged with card', self, onchange_cb=self._onchange_apdu_trace)) self.add_settable(Settable2Compat('apdu_strict', bool, - 'Enforce APDU responses according to ISO/IEC 7816-3, table 12', self, - onchange_cb=self._onchange_apdu_strict)) + 'Strictly apply APDU format according to ISO/IEC 7816-3, table 12', self)) self.add_settable(Settable2Compat('verbose', bool, 'Enable/disable verbose logging', self, onchange_cb=self._onchange_verbose)) @@ -218,13 +217,6 @@ else: self.card._scc._tp.apdu_tracer = None - def _onchange_apdu_strict(self, param_name, old, new): - if self.card: - if new == True: - self.card._scc._tp.apdu_strict = True - else: - self.card._scc._tp.apdu_strict = False - def _onchange_verbose(self, param_name, old, new): PySimLogger.set_verbose(new) if new == True: @@ -295,9 +287,9 @@ # can be executed without the presence of a runtime state (self.rs) object. However, this also means that # self.lchan is also not present (see method equip). if opts.raw or self.lchan is None: - data, sw = self.card._scc.send_apdu(opts.APDU, apply_lchan = False) + data, sw = self.card._scc.send_apdu(opts.APDU, apply_lchan = False, apdu_strict = self.apdu_strict) else: - data, sw = self.lchan.scc.send_apdu(opts.APDU, apply_lchan = False) + data, sw = self.lchan.scc.send_apdu(opts.APDU, apply_lchan = False, apdu_strict = self.apdu_strict) if data: self.poutput("SW: %s, RESP: %s" % (sw, data)) else: diff --git a/pySim/commands.py b/pySim/commands.py index 066a2c4..b973b93 100644 --- a/pySim/commands.py +++ b/pySim/commands.py @@ -87,7 +87,7 @@ else: return 255 - def send_apdu(self, pdu: Hexstr, apply_lchan:bool = True) -> ResTuple: + def send_apdu(self, pdu: Hexstr, apply_lchan:bool = True, apdu_strict: bool = True) -> ResTuple: """Sends an APDU and auto fetch response data Args: @@ -101,11 +101,12 @@ if apply_lchan: pdu = cla_with_lchan(pdu[0:2], self.lchan_nr) + pdu[2:] if self.scp: - return self.scp.send_apdu_wrapper(self._tp.send_apdu, pdu) + return self.scp.send_apdu_wrapper(self._tp.send_apdu, pdu, apdu_strict = apdu_strict) else: - return self._tp.send_apdu(pdu) + return self._tp.send_apdu(pdu, apdu_strict = apdu_strict) - def send_apdu_checksw(self, pdu: Hexstr, sw: SwMatchstr = "9000", apply_lchan:bool = True) -> ResTuple: + def send_apdu_checksw(self, pdu: Hexstr, sw: SwMatchstr = "9000", apply_lchan:bool = True, + apdu_strict: bool = True) -> ResTuple: """Sends an APDU and check returned SW Args: @@ -121,12 +122,13 @@ if apply_lchan: pdu = cla_with_lchan(pdu[0:2], self.lchan_nr) + pdu[2:] if self.scp: - return self.scp.send_apdu_wrapper(self._tp.send_apdu_checksw, pdu, sw) + return self.scp.send_apdu_wrapper(self._tp.send_apdu_checksw, pdu, sw, apdu_strict = apdu_strict) else: - return self._tp.send_apdu_checksw(pdu, sw) + return self._tp.send_apdu_checksw(pdu, sw, apdu_strict = apdu_strict) def send_apdu_constr(self, cla: Hexstr, ins: Hexstr, p1: Hexstr, p2: Hexstr, cmd_constr: Construct, - cmd_data: Hexstr, resp_constr: Construct, apply_lchan:bool = True) -> Tuple[dict, SwHexstr]: + cmd_data: Hexstr, resp_constr: Construct, apply_lchan:bool = True, + apdu_strict: bool = True) -> Tuple[dict, SwHexstr]: """Build and sends an APDU using a 'construct' definition; parses response. Args: @@ -145,7 +147,7 @@ lc = i2h([len(cmd)]) if cmd_data else '' le = '00' if resp_constr else '' pdu = ''.join([cla, ins, p1, p2, lc, b2h(cmd), le]) - (data, sw) = self.send_apdu(pdu, apply_lchan = apply_lchan) + (data, sw) = self.send_apdu(pdu, apply_lchan = apply_lchan, apdu_strict = apdu_strict) if data: # filter the resulting dict to avoid '_io' members inside rsp = filter_dict(resp_constr.parse(h2b(data))) @@ -155,7 +157,8 @@ def send_apdu_constr_checksw(self, cla: Hexstr, ins: Hexstr, p1: Hexstr, p2: Hexstr, cmd_constr: Construct, cmd_data: Hexstr, resp_constr: Construct, - sw_exp: SwMatchstr="9000", apply_lchan:bool = True) -> Tuple[dict, SwHexstr]: + sw_exp: SwMatchstr="9000", apply_lchan:bool = True, + apdu_strict: bool = True) -> Tuple[dict, SwHexstr]: """Build and sends an APDU using a 'construct' definition; parses response. Args: @@ -171,7 +174,7 @@ Tuple of (decoded_data, sw) """ (rsp, sw) = self.send_apdu_constr(cla, ins, p1, p2, cmd_constr, cmd_data, resp_constr, - apply_lchan = apply_lchan) + apply_lchan = apply_lchan, apdu_strict = apdu_strict) if not sw_match(sw, sw_exp): raise SwMatchError(sw, sw_exp.lower(), self._tp.sw_interpreter) return (rsp, sw) diff --git a/pySim/transport/__init__.py b/pySim/transport/__init__.py index f19790c..6807048 100644 --- a/pySim/transport/__init__.py +++ b/pySim/transport/__init__.py @@ -90,7 +90,6 @@ self.sw_interpreter = sw_interpreter self.apdu_tracer = apdu_tracer self.proactive_handler = proactive_handler - self.apdu_strict = False @abc.abstractmethod def __str__(self) -> str: @@ -141,11 +140,12 @@ self.apdu_tracer.trace_reset() return self._reset_card() - def send_apdu(self, apdu: Hexstr) -> ResTuple: + def send_apdu(self, apdu: Hexstr, apdu_strict: bool = True) -> ResTuple: """Sends an APDU with minimal processing Args: apdu : string of hexadecimal characters (ex. "A0A40000023F00", must comply to ISO/IEC 7816-3, section 12.1) + apdu_strict : strictly apply APDU format according to ISO/IEC 7816-3, table 12 Returns: tuple(data, sw), where data : string (in hex) of returned data (ex. "074F4EFFFF") @@ -174,26 +174,27 @@ if len(data) > 0 and (case == 3 or case == 1): exeption_str = 'received unexpected response data, incorrect APDU-case ' + \ '(%d, should be %d, missing Le field?)!' % (case, case + 1) - if self.apdu_strict: + if apdu_strict: raise ValueError(exeption_str) else: log.warning(exeption_str) return (data, sw) - def send_apdu_checksw(self, apdu: Hexstr, sw: SwMatchstr = "9000") -> ResTuple: + def send_apdu_checksw(self, apdu: Hexstr, sw: SwMatchstr = "9000", apdu_strict: bool = True) -> ResTuple: """Sends an APDU and check returned SW Args: apdu : string of hexadecimal characters (ex. "A0A40000023F00", must comply to ISO/IEC 7816-3, section 12.1) - sw : string of 4 hexadecimal characters (ex. "9000"). The user may mask out certain - digits using a '?' to add some ambiguity if needed. + sw : string of 4 hexadecimal characters (ex. "9000"). The user may mask out certain digits using a '?' + to add some ambiguity if needed. + apdu_strict : strictly apply APDU format according to ISO/IEC 7816-3, table 12 Returns: tuple(data, sw), where data : string (in hex) of returned data (ex. "074F4EFFFF") sw : string (in hex) of status word (ex. "9000") """ - rv = self.send_apdu(apdu) + rv = self.send_apdu(apdu, apdu_strict) last_sw = rv[1] while sw == '9000' and sw_match(last_sw, '91xx'): -- To view, visit https://gerrit.osmocom.org/c/pysim/+/42441?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email Gerrit-MessageType: newchange Gerrit-Project: pysim Gerrit-Branch: master Gerrit-Change-Id: I9a531a825def318b28bf58291d811cf119003fab Gerrit-Change-Number: 42441 Gerrit-PatchSet: 1 Gerrit-Owner: dexter <pmaier(a)sysmocom.de>

1 0

2026

2025

2024

2023

2022

gerrit-log March 2026