Attention is currently required from: laforge, neels.
3 comments:
Commit Message:
Decided for now that it's not worth the extra effort to make this more
restrictive
ok, I understand. […]
"we do allow any source address to send MGCP to the MGW and actually". This is easily constraint by selecting a proper IP address like a localhost address when configuring osmo-mgw local MGCP address, or binding to an IP address only available on a given interface.
The problem with "security" from the RTP ports comes from the fact that the remote IP address is selected by a 3rd entity/node connected to us, and osmo-mgw uses ip probing to find out how to connect.
File src/libosmo-mgcp/mgcp_network.c:
Patch Set #1, Line 838: if (mgcp_conn_rtp_is_iuup(conn) && !conn->iuup.configured) {
(There are two places to indicate codecs, one in the MGCP header which we basically ignore, and the […]
With current master (at least from yesterday) yes, you are right. However,
as I mentioned I merged a patch in osmo-hnbgw to announce a "hnb IuUP address" to osmo-mgw right from the first RAN-side MGCP CRCX, by using the Iuh remote IP address at the hnbgw, so that osmo-mgw can guess correctly its binding IuUP address in the assumed general case where Iuh IP address = IuUP IP address in HNB. See
https://gitea.osmocom.org/cellular-infrastructure/osmo-hnbgw/commit/656d1d27788a000b93f00cf9cdf659e0dacadde7
Besides that, libosmo-mgcp-client needs to be adapted in order to allow submitting an IP address on the wire (CRCX) even if the port is yet not known (port=0). This is what this osmo-mgw.git patch is accomplishing:
https://gerrit.osmocom.org/c/osmo-mgw/+/35152
As you see, with this patch the generated CRCX now contains an SDP, and hence it doesn't go through the add_lco() path, but through the add_sdp() (because it's the only way to provide an IP address to osmo-mgw so it does the ip probing).
Now that you processed all the above, read again my previous comment to understand the modifications (going back more or less to version 1 of the patch to send the codec in the CRCX even if the port=0).
File src/libosmo-mgcp/mgcp_network.c:
Patch Set #2, Line 837: != 0)
(i find this really hard to read. […]
It's not a bool, it's a tristate 1, 0, -1. It's a bool + error. So in here we are handling error as "consider it as not set".
To view, visit change 35205. To unsubscribe, or for help writing mail filters, visit settings.