pespin submitted this change.

View Change

Approvals: laforge: Looks good to me, but someone else must approve pespin: Looks good to me, approved osmith: Looks good to me, but someone else must approve Jenkins Builder: Verified 
xua_asp_fsm: Validate remote ASP Id matching config in SG role

The node in SG role really doesn't have an ASP Id of its own (it is
never sent over the wire). Hence, use the "asp-identifier <N>" VTY
config in SG role to require the ASP to identify itself with a given
ASP identifier.

Related: OS#6953
Change-Id: I3e22439aa7e22f7a6113b093c44ace6745c808b9
---
M src/xua_asp_fsm.c
1 file changed, 27 insertions(+), 1 deletion(-)

diff --git a/src/xua_asp_fsm.c b/src/xua_asp_fsm.c
index 26247cb..913f0e8 100644
--- a/src/xua_asp_fsm.c
+++ b/src/xua_asp_fsm.c
@@ -556,15 +556,41 @@
 	case XUA_ASP_E_ASPSM_ASPUP:
 		ENSURE_SG_OR_IPSP(fi, event);
 		/* Optional ASP Identifier */
-		if ((asp_id_ie = xua_msg_find_tag(data, SUA_IEI_ASP_ID))) {
+		asp_id_ie = xua_msg_find_tag(data, SUA_IEI_ASP_ID);
+
+		if (asp_id_ie) {
 			asp_id = xua_msg_part_get_u32(asp_id_ie);
 			if (!ss7_asp_check_remote_asp_id_unique(asp, asp_id)) {
 				peer_send_error(fi, M3UA_ERR_INVAL_ASP_ID);
 				return;
 			}
+			/* Expect specific ASP Id from ASP in SG role to match local config.
+			 * In IPSP, each side can have its own local different ASP Identifier. */
+			if (asp->cfg.role == OSMO_SS7_ASP_ROLE_SG) {
+				if (asp->cfg.local_asp_id_present &&
+				    asp->cfg.local_asp_id != asp_id) {
+					LOGPFSML(fi, LOGL_NOTICE, "ASPUP: Received asp_id %" PRIu32
+						 " doesn't match configured 'asp-identifier %" PRIu32"'\n",
+						 asp_id, asp->cfg.local_asp_id);
+					peer_send_error(fi, M3UA_ERR_INVAL_ASP_ID);
+					return;
+				}
+			}
 			/* Store for NTFY */
 			asp->remote_asp_id = asp_id;
 			asp->remote_asp_id_present = true;
+		} else if (asp->cfg.role == OSMO_SS7_ASP_ROLE_SG &&
+			   asp->cfg.local_asp_id_present) {
+			/* If configured in role SG, expect the ASP to send us an ASP Identifier.
+			 * RFC4666 3.8.1: 'The "ASP Identifier Required" error is sent by an SGP in
+			 * response to an ASP Up message that does not contain an ASP Identifier
+			 * parameter when the SGP requires one. The ASP SHOULD resend the ASP Up
+			 * message with an ASP Identifier.'*/
+			LOGPFSML(fi, LOGL_NOTICE, "ASPUP: Received no asp_id "
+				 "while expecting 'asp-identifier %" PRIu32"'\n",
+				 asp->cfg.local_asp_id);
+			peer_send_error(fi, M3UA_ERR_ASP_ID_REQD);
+			return;
 		}
 		/* send ACK */
 		peer_send(fi, XUA_ASP_E_ASPSM_ASPUP_ACK, NULL);

To view, visit change 42119. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-MessageType: merged
Gerrit-Project: libosmo-sigtran
Gerrit-Branch: master
Gerrit-Change-Id: I3e22439aa7e22f7a6113b093c44ace6745c808b9
Gerrit-Change-Number: 42119
Gerrit-PatchSet: 4
Gerrit-Owner: pespin <pespin@sysmocom.de>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: laforge <laforge@osmocom.org>
Gerrit-Reviewer: osmith <osmith@sysmocom.de>
Gerrit-Reviewer: pespin <pespin@sysmocom.de>