Attention is currently required from: laforge, neels.
pespin has posted comments on this change. ( https://gerrit.osmocom.org/c/osmo-mgw/+/35205?usp=email )
Change subject: IuUP: allow Initialization from any address if not yet set ......................................................................
Patch Set 2:
(3 comments)
Commit Message:
https://gerrit.osmocom.org/c/osmo-mgw/+/35205/comment/158c6533_50887307 PS1, Line 28: Decided for now that it's not worth the extra effort to make this more : restrictive
ok, I understand. […]
"we do allow any source address to send MGCP to the MGW and actually". This is easily constraint by selecting a proper IP address like a localhost address when configuring osmo-mgw local MGCP address, or binding to an IP address only available on a given interface. The problem with "security" from the RTP ports comes from the fact that the remote IP address is selected by a 3rd entity/node connected to us, and osmo-mgw uses ip probing to find out how to connect.
File src/libosmo-mgcp/mgcp_network.c:
https://gerrit.osmocom.org/c/osmo-mgw/+/35205/comment/d09ff72c_2e8481ca PS1, Line 838: if (mgcp_conn_rtp_is_iuup(conn) && !conn->iuup.configured) {
(There are two places to indicate codecs, one in the MGCP header which we basically ignore, and the […]
With current master (at least from yesterday) yes, you are right. However, as I mentioned I merged a patch in osmo-hnbgw to announce a "hnb IuUP address" to osmo-mgw right from the first RAN-side MGCP CRCX, by using the Iuh remote IP address at the hnbgw, so that osmo-mgw can guess correctly its binding IuUP address in the assumed general case where Iuh IP address = IuUP IP address in HNB. See https://gitea.osmocom.org/cellular-infrastructure/osmo-hnbgw/commit/656d1d27...
Besides that, libosmo-mgcp-client needs to be adapted in order to allow submitting an IP address on the wire (CRCX) even if the port is yet not known (port=0). This is what this osmo-mgw.git patch is accomplishing: https://gerrit.osmocom.org/c/osmo-mgw/+/35152
As you see, with this patch the generated CRCX now contains an SDP, and hence it doesn't go through the add_lco() path, but through the add_sdp() (because it's the only way to provide an IP address to osmo-mgw so it does the ip probing).
Now that you processed all the above, read again my previous comment to understand the modifications (going back more or less to version 1 of the patch to send the codec in the CRCX even if the port=0).
File src/libosmo-mgcp/mgcp_network.c:
https://gerrit.osmocom.org/c/osmo-mgw/+/35205/comment/6a20a4bb_df864304 PS2, Line 837: != 0)
(i find this really hard to read. […]
It's not a bool, it's a tristate 1, 0, -1. It's a bool + error. So in here we are handling error as "consider it as not set".