pespin has uploaded this change for review.
sgsn: Validate TLI received in RAB Ass Req
Related: OS#6508
Change-Id: I3a3699cea981caa89b30742c031d5f232418b0ee
---
A library/ITU_X213_Types.ttcn
M library/ranap/RANAP_Templates.ttcn
M sgsn/BSSGP_ConnHdlr.ttcn
M sgsn/gen_links.sh
4 files changed, 193 insertions(+), 1 deletion(-)
git pull ssh://gerrit.osmocom.org:29418/osmo-ttcn3-hacks refs/changes/33/38433/1
diff --git a/library/ITU_X213_Types.ttcn b/library/ITU_X213_Types.ttcn
new file mode 100644
index 0000000..ec656c2
--- /dev/null
+++ b/library/ITU_X213_Types.ttcn
@@ -0,0 +1,172 @@
+module ITU_X213_Types {
+
+/* ITU_X213_Types, defining abstract TTCN-3 data types for ITU-T Rec. X.213.
+ *
+ * (C) 2024 by sysmocom - s.f.m.c. GmbH <info@sysmocom.de>
+ * All rights reserved.
+ * Author: Pau Espin Pedrol <pespin@sysmocom.de>
+ *
+ * Released under the terms of GNU General Public License, Version 2 or
+ * (at your option) any later version.
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+
+import from General_Types all;
+import from Osmocom_Types all;
+
+/* Network Service access point */
+
+/* initial domain part (IDP). = authority and format identifier (AFI) + initial domain identifier (IDI). */
+
+type enumerated NSAP_AFI {
+ NSAP_AFI_IANA_ICP_DEC ('34'H),
+ NSAP_AFI_IANA_ICP_BIN ('35'H)
+} with { variant "FIELDLENGTH(8)" };
+
+type enumerated NSAP_IDI_IANA_ICP {
+ NSAP_IDI_IANA_ICP_IPv6 ('0000'H),
+ NSAP_IDI_IANA_ICP_IPv4 ('0001'H)
+} with { variant "FIELDLENGTH(16)"
+ variant "BYTEORDER(last)" };
+
+type record NSAP_DSP_IANA_ICP_BIN_IPv6 {
+ OCT16 addr,
+ OCT1 padding
+};
+
+type record NSAP_DSP_IANA_ICP_BIN_IPv4 {
+ OCT4 addr,
+ octetstring padding optional /* TODO: limit this field to be max 13 bytes (20 - 3 - 4)*/
+};
+
+type union NSAP_DSP_IANA_ICP_BIN {
+ NSAP_DSP_IANA_ICP_BIN_IPv6 ipv6,
+ NSAP_DSP_IANA_ICP_BIN_IPv4 ipv4,
+ octetstring other
+};
+
+type record NSAP_IDI_IANA_ICP_BIN {
+ NSAP_IDI_IANA_ICP icp,
+ NSAP_DSP_IANA_ICP_BIN dsp
+} with { variant (dsp) "CROSSTAG(ipv6, icp = NSAP_IDI_IANA_ICP_IPv6;
+ ipv4, icp = NSAP_IDI_IANA_ICP_IPv4;
+ other, OTHERWISE)"
+};
+
+type union NSAP_IDI {
+ NSAP_IDI_IANA_ICP_BIN iana_icp_bin,
+ octetstring other
+};
+
+type record NSAP_IDP {
+ NSAP_AFI afi,
+ NSAP_IDI idi
+} with { variant (idi) "CROSSTAG(iana_icp_bin, afi = NSAP_AFI_IANA_ICP_BIN;
+ other, OTHERWISE)"
+};
+
+type record NSAP_Address {
+ NSAP_IDP idp
+};
+
+
+external function enc_NSAP_Address(in NSAP_Address pco_data) return octetstring
+with { extension "prototype(convert)" extension "encode(RAW)" }
+
+external function dec_NSAP_Address(in octetstring pco_payload) return NSAP_Address
+with { extension "prototype(convert) decode(RAW)" };
+
+/**********************
+ * ITU_X213_Templates:
+ **********************/
+
+template (present) NSAP_DSP_IANA_ICP_BIN_IPv6 tr_NSAP_IANA_IPv6_Address(template (present) OCT16 addr := ?) := {
+ addr := addr,
+ padding := ?
+};
+template (value) NSAP_DSP_IANA_ICP_BIN_IPv6 ts_NSAP_IANA_IPv6_Address(template (value) OCT16 addr) := {
+ addr := addr,
+ padding := '00'O
+};
+
+template (present) NSAP_DSP_IANA_ICP_BIN_IPv4 tr_NSAP_IANA_IPv4_Address(template (present) OCT4 addr := ?, template octetstring padding := *) := {
+ addr := addr,
+ padding := padding
+};
+template (value) NSAP_DSP_IANA_ICP_BIN_IPv4 ts_NSAP_IANA_IPv4_Address(template (value) OCT4 addr, template (omit) octetstring padding := omit) := {
+ addr := addr,
+ padding := padding
+};
+
+template (present) NSAP_DSP_IANA_ICP_BIN tr_NSAP_IANA_u_IPv6_Address(template (present) OCT16 addr := ?) := {
+ ipv6 := tr_NSAP_IANA_IPv6_Address(addr)
+};
+template (value) NSAP_DSP_IANA_ICP_BIN ts_NSAP_IANA_u_IPv6_Address(template (value) OCT16 addr) := {
+ ipv6 := ts_NSAP_IANA_IPv6_Address(addr)
+};
+
+template (present) NSAP_DSP_IANA_ICP_BIN tr_NSAP_IANA_u_IPv4_Address(template (present) OCT4 addr := ?, template octetstring padding := *) := {
+ ipv4 := tr_NSAP_IANA_IPv4_Address(addr, padding)
+};
+template (value) NSAP_DSP_IANA_ICP_BIN ts_NSAP_IANA_u_IPv4_Address(template (value) OCT4 addr, template (omit) octetstring padding := omit) := {
+ ipv4 := ts_NSAP_IANA_IPv4_Address(addr, padding)
+};
+
+template (present) NSAP_IDI_IANA_ICP_BIN tr_NSAP_IDI_IANA_ICP_BIN(template (present) NSAP_IDI_IANA_ICP icp := ?,
+ template (present) NSAP_DSP_IANA_ICP_BIN dsp := ?) := {
+ icp := icp,
+ dsp := dsp
+};
+template (value) NSAP_IDI_IANA_ICP_BIN ts_NSAP_IDI_IANA_ICP_BIN(template (value) NSAP_IDI_IANA_ICP icp,
+ template (value) NSAP_DSP_IANA_ICP_BIN dsp) := {
+ icp := icp,
+ dsp := dsp
+};
+
+template (present) NSAP_IDI tr_NSAP_IDI_u_IANA_ICP_BIN(template (present) NSAP_IDI_IANA_ICP_BIN iana_icp_bin := ?) := {
+ iana_icp_bin := iana_icp_bin
+};
+template (value) NSAP_IDI ts_NSAP_IDI_u_IANA_ICP_BIN(template (value) NSAP_IDI_IANA_ICP_BIN iana_icp_bin) := {
+ iana_icp_bin := iana_icp_bin
+};
+
+template (present) NSAP_IDP tr_NSAP_IDP(template (present) NSAP_AFI afi := ?, template (present) NSAP_IDI idi := ?) := {
+ afi := afi,
+ idi := idi
+};
+template (value) NSAP_IDP ts_NSAP_IDP(template (value) NSAP_AFI afi, template (value) NSAP_IDI idi) := {
+ afi := afi,
+ idi := idi
+};
+
+template (present) NSAP_Address tr_NSAP_Address_IANA_BIN_IPv6(template (present) OCT16 addr := ?) := {
+ idp := tr_NSAP_IDP(NSAP_AFI_IANA_ICP_BIN,
+ tr_NSAP_IDI_u_IANA_ICP_BIN(tr_NSAP_IDI_IANA_ICP_BIN(NSAP_IDI_IANA_ICP_IPv6,
+ tr_NSAP_IANA_u_IPv6_Address(addr))))
+};
+template (value) NSAP_Address ts_NSAP_Address_IANA_BIN_IPv6(template (value) OCT16 addr) := {
+ idp := ts_NSAP_IDP(NSAP_AFI_IANA_ICP_BIN,
+ ts_NSAP_IDI_u_IANA_ICP_BIN(ts_NSAP_IDI_IANA_ICP_BIN(NSAP_IDI_IANA_ICP_IPv6,
+ ts_NSAP_IANA_u_IPv6_Address(addr))))
+};
+
+template (present) NSAP_Address tr_NSAP_Address_IANA_BIN_IPv4(template (present) OCT4 addr := ?,
+ template octetstring padding := *) := {
+ idp := tr_NSAP_IDP(NSAP_AFI_IANA_ICP_BIN,
+ tr_NSAP_IDI_u_IANA_ICP_BIN(tr_NSAP_IDI_IANA_ICP_BIN(NSAP_IDI_IANA_ICP_IPv4,
+ tr_NSAP_IANA_u_IPv4_Address(addr, padding))))
+};
+template (value) NSAP_Address ts_NSAP_Address_IANA_BIN_IPv4(template (value) OCT4 addr,
+ template (omit) octetstring padding := omit) := {
+ idp := ts_NSAP_IDP(NSAP_AFI_IANA_ICP_BIN,
+ ts_NSAP_IDI_u_IANA_ICP_BIN(ts_NSAP_IDI_IANA_ICP_BIN(NSAP_IDI_IANA_ICP_IPv4,
+ ts_NSAP_IANA_u_IPv4_Address(addr, padding))))
+};
+/* IPv4 with padding so that TLA is 20 bytes. This is quite common: */
+template (value) NSAP_Address ts_NSAP_Address_IANA_BIN_IPv4Len20(template (value) OCT4 addr) :=
+ ts_NSAP_Address_IANA_BIN_IPv4(addr, '00000000000000000000000000'O);
+
+
+} with { encode "RAW"; variant "FIELDORDER(msb)" }
diff --git a/library/ranap/RANAP_Templates.ttcn b/library/ranap/RANAP_Templates.ttcn
index a433d62..5cd9353 100644
--- a/library/ranap/RANAP_Templates.ttcn
+++ b/library/ranap/RANAP_Templates.ttcn
@@ -1878,5 +1878,12 @@
return rab_id;
}
+function f_ranap_rab_ass_req_extract_tli(RANAP_PDU ranap) return TransportLayerInformation
+{
+ var RAB_AssignmentRequest.protocolIEs ies := ranap.initiatingMessage.value_.rAB_AssignmentRequest.protocolIEs;
+ var TransportLayerInformation tli := ies[0].value_.rAB_SetupOrModifyList[0][0].firstValue.rAB_SetupOrModifyItemFirst.transportLayerInformation;
+ return tli;
+}
+
}
diff --git a/sgsn/BSSGP_ConnHdlr.ttcn b/sgsn/BSSGP_ConnHdlr.ttcn
index c39b614..121ac2d 100644
--- a/sgsn/BSSGP_ConnHdlr.ttcn
+++ b/sgsn/BSSGP_ConnHdlr.ttcn
@@ -17,6 +17,7 @@
import from MobileL3_Types all;
import from L3_Templates all;
import from L3_Common all;
+import from ITU_X213_Types all;
import from GSUP_Types all;
import from GSUP_Templates all;
@@ -696,7 +697,18 @@
var RANAP_PDU ranap;
[] BSSAP.receive(tr_RANAP_RabAssReq(?)) -> value ranap {
var RAB_ID rab_id := f_ranap_rab_ass_req_extract_rab_id(ranap);
- /*TODO: validate received remote IP addr + TEID = apars.ggsn_ip_u + apars.ggsn_tei_u */
+ var TransportLayerInformation tli := f_ranap_rab_ass_req_extract_tli(ranap);
+
+ /* Validate received IP address + TEID from SGSN is the one we
+ * did set up from the GGSN, since the SGSN is expected to do
+ * Direct Tunnel: */
+ var template (present) TransportLayerInformation exp_tli :=
+ tr_TLI_ps(oct2bit(enc_NSAP_Address(valueof(ts_NSAP_Address_IANA_BIN_IPv4Len20(apars.ggsn_ip_u)))),
+ apars.ggsn_tei_u);
+ if (not match(tli, exp_tli)) {
+ Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail,
+ log2str("Rx RAB Ass Req with TLI ", tli, " vs exp ", exp_tli));
+ }
var template (value) RAB_SetupOrModifiedList l;
l := ts_RAB_SMdL_ps(rab_id, oct2bit(apars.rnc_ip_u), apars.rnc_tei_u);
BSSAP.send(ts_RANAP_RabAssResp(l));
diff --git a/sgsn/gen_links.sh b/sgsn/gen_links.sh
index 8df1a87..2e5d9f9 100755
--- a/sgsn/gen_links.sh
+++ b/sgsn/gen_links.sh
@@ -89,6 +89,7 @@
FILES+="Osmocom_CTRL_Types.ttcn Osmocom_CTRL_Functions.ttcn Osmocom_CTRL_Adapter.ttcn "
FILES+="Osmocom_VTY_Functions.ttcn "
FILES+="LLC_Templates.ttcn L3_Templates.ttcn L3_Common.ttcn "
+FILES+="ITU_X213_Types.ttcn "
FILES+="RAN_Emulation.ttcnpp RAN_Adapter.ttcnpp SCCP_Templates.ttcn "
# IPA_Emulation + dependencies
FILES+="IPA_Types.ttcn IPA_Emulation.ttcnpp IPA_CodecPort.ttcn IPA_CodecPort_CtrlFunct.ttcn IPA_CodecPort_CtrlFunctDef.cc Native_Functions.ttcn Native_FunctionDefs.cc "
To view, visit change 38433. To unsubscribe, or for help writing mail filters, visit settings.