[M] Change in osmo-ttcn3-hacks[master]: sgsn: Validate TLI received in RAB Ass Req - gerrit-log

17 Oct 2024

pespin has submitted this change. ( https://gerrit.osmocom.org/c/osmo-ttcn3-hacks/+/38433?usp=email )
Change subject: sgsn: Validate TLI received in RAB Ass Req
......................................................................
sgsn: Validate TLI received in RAB Ass Req
Related: OS#6508
Change-Id: I3a3699cea981caa89b30742c031d5f232418b0ee
---
A library/ITU_X213_Types.ttcn
M library/ranap/RANAP_Templates.ttcn
M sgsn/BSSGP_ConnHdlr.ttcn
M sgsn/gen_links.sh
4 files changed, 193 insertions(+), 1 deletion(-)
Approvals:
  osmith: Looks good to me, but someone else must approve
  Jenkins Builder: Verified
  laforge: Looks good to me, but someone else must approve
  pespin: Looks good to me, approved

diff --git a/library/ITU_X213_Types.ttcn b/library/ITU_X213_Types.ttcn
new file mode 100644
index 0000000..3242e9d
--- /dev/null
+++ b/library/ITU_X213_Types.ttcn
@@ -0,0 +1,172 @@
+module ITU_X213_Types {
+
+/* ITU_X213_Types, defining abstract TTCN-3 data types for ITU-T Rec. X.213.
+ *
+ * (C) 2024 by sysmocom - s.f.m.c. GmbH info@sysmocom.de
+ * All rights reserved.
+ * Author: Pau Espin Pedrol pespin@sysmocom.de
+ *
+ * Released under the terms of GNU General Public License, Version 2 or
+ * (at your option) any later version.
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+
+import from General_Types all;
+import from Osmocom_Types all;
+
+/* Network Service access point */
+
+/* initial domain part (IDP). = authority and format identifier (AFI) + initial domain identifier (IDI). */
+
+type enumerated NSAP_AFI {
+	NSAP_AFI_IANA_ICP_DEC ('34'H),
+	NSAP_AFI_IANA_ICP_BIN ('35'H)
+} with { variant "FIELDLENGTH(8)" };
+
+type enumerated NSAP_IDI_IANA_ICP {
+	NSAP_IDI_IANA_ICP_IPv6 ('0000'H),
+	NSAP_IDI_IANA_ICP_IPv4 ('0001'H)
+} with { variant "FIELDLENGTH(16)"
+	 variant "BYTEORDER(last)" };
+
+type record NSAP_DSP_IANA_ICP_BIN_IPv6 {
+	OCT16 addr,
+	OCT1 padding
+};
+
+type record NSAP_DSP_IANA_ICP_BIN_IPv4 {
+	OCT4 addr,
+	octetstring padding length (0..13) optional
+};
+
+type union NSAP_DSP_IANA_ICP_BIN {
+	NSAP_DSP_IANA_ICP_BIN_IPv6 ipv6,
+	NSAP_DSP_IANA_ICP_BIN_IPv4 ipv4,
+	octetstring other
+};
+
+type record NSAP_IDI_IANA_ICP_BIN {
+	NSAP_IDI_IANA_ICP	icp,
+	NSAP_DSP_IANA_ICP_BIN	dsp
+} with { variant (dsp) "CROSSTAG(ipv6, 	icp = NSAP_IDI_IANA_ICP_IPv6;
+				 ipv4, 	icp = NSAP_IDI_IANA_ICP_IPv4;
+				 other,	OTHERWISE)"
+};
+
+type union NSAP_IDI {
+	NSAP_IDI_IANA_ICP_BIN iana_icp_bin,
+	octetstring other
+};
+
+type record NSAP_IDP {
+	NSAP_AFI afi,
+	NSAP_IDI idi
+} with { variant (idi) "CROSSTAG(iana_icp_bin, 	afi = NSAP_AFI_IANA_ICP_BIN;
+				 other,	OTHERWISE)"
+};
+
+type record NSAP_Address {
+	NSAP_IDP	idp
+};
+
+
+external function enc_NSAP_Address(in NSAP_Address pco_data) return octetstring
+with { extension "prototype(convert)" extension "encode(RAW)" }
+
+external function dec_NSAP_Address(in octetstring pco_payload) return NSAP_Address
+with { extension "prototype(convert) decode(RAW)" };
+
+/**********************
+ * ITU_X213_Templates:
+ **********************/
+
+template (present) NSAP_DSP_IANA_ICP_BIN_IPv6 tr_NSAP_IANA_IPv6_Address(template (present) OCT16 addr := ?) := {
+	addr := addr,
+	padding := ?
+};
+template (value) NSAP_DSP_IANA_ICP_BIN_IPv6 ts_NSAP_IANA_IPv6_Address(template (value) OCT16 addr) := {
+	addr := addr,
+	padding := '00'O
+};
+
+template (present) NSAP_DSP_IANA_ICP_BIN_IPv4 tr_NSAP_IANA_IPv4_Address(template (present) OCT4 addr := ?, template octetstring padding := *) := {
+	addr := addr,
+	padding := padding
+};
+template (value) NSAP_DSP_IANA_ICP_BIN_IPv4 ts_NSAP_IANA_IPv4_Address(template (value) OCT4 addr, template (omit) octetstring padding := omit) := {
+	addr := addr,
+	padding := padding
+};
+
+template (present) NSAP_DSP_IANA_ICP_BIN tr_NSAP_IANA_u_IPv6_Address(template (present) OCT16 addr := ?) := {
+	ipv6 := tr_NSAP_IANA_IPv6_Address(addr)
+};
+template (value) NSAP_DSP_IANA_ICP_BIN ts_NSAP_IANA_u_IPv6_Address(template (value) OCT16 addr) := {
+	ipv6 := ts_NSAP_IANA_IPv6_Address(addr)
+};
+
+template (present) NSAP_DSP_IANA_ICP_BIN tr_NSAP_IANA_u_IPv4_Address(template (present) OCT4 addr := ?, template octetstring padding := *) := {
+	ipv4 := tr_NSAP_IANA_IPv4_Address(addr, padding)
+};
+template (value) NSAP_DSP_IANA_ICP_BIN ts_NSAP_IANA_u_IPv4_Address(template (value) OCT4 addr, template (omit) octetstring padding := omit) := {
+	ipv4 := ts_NSAP_IANA_IPv4_Address(addr, padding)
+};
+
+template (present) NSAP_IDI_IANA_ICP_BIN tr_NSAP_IDI_IANA_ICP_BIN(template (present) NSAP_IDI_IANA_ICP icp := ?,
+								  template (present) NSAP_DSP_IANA_ICP_BIN dsp := ?) := {
+	icp := icp,
+	dsp := dsp
+};
+template (value) NSAP_IDI_IANA_ICP_BIN ts_NSAP_IDI_IANA_ICP_BIN(template (value) NSAP_IDI_IANA_ICP icp,
+								template (value) NSAP_DSP_IANA_ICP_BIN dsp) := {
+	icp := icp,
+	dsp := dsp
+};
+
+template (present) NSAP_IDI tr_NSAP_IDI_u_IANA_ICP_BIN(template (present) NSAP_IDI_IANA_ICP_BIN iana_icp_bin := ?) := {
+	iana_icp_bin := iana_icp_bin
+};
+template (value) NSAP_IDI ts_NSAP_IDI_u_IANA_ICP_BIN(template (value) NSAP_IDI_IANA_ICP_BIN iana_icp_bin) := {
+	iana_icp_bin := iana_icp_bin
+};
+
+template (present) NSAP_IDP tr_NSAP_IDP(template (present) NSAP_AFI afi := ?, template (present) NSAP_IDI idi := ?) := {
+	afi := afi,
+	idi := idi
+};
+template (value) NSAP_IDP ts_NSAP_IDP(template (value) NSAP_AFI afi, template (value) NSAP_IDI idi) := {
+	afi := afi,
+	idi := idi
+};
+
+template (present) NSAP_Address tr_NSAP_Address_IANA_BIN_IPv6(template (present) OCT16 addr := ?) := {
+	idp := tr_NSAP_IDP(NSAP_AFI_IANA_ICP_BIN,
+			   tr_NSAP_IDI_u_IANA_ICP_BIN(tr_NSAP_IDI_IANA_ICP_BIN(NSAP_IDI_IANA_ICP_IPv6,
+									       tr_NSAP_IANA_u_IPv6_Address(addr))))
+};
+template (value) NSAP_Address ts_NSAP_Address_IANA_BIN_IPv6(template (value) OCT16 addr) := {
+	idp := ts_NSAP_IDP(NSAP_AFI_IANA_ICP_BIN,
+			   ts_NSAP_IDI_u_IANA_ICP_BIN(ts_NSAP_IDI_IANA_ICP_BIN(NSAP_IDI_IANA_ICP_IPv6,
+									       ts_NSAP_IANA_u_IPv6_Address(addr))))
+};
+
+template (present) NSAP_Address tr_NSAP_Address_IANA_BIN_IPv4(template (present) OCT4 addr := ?,
+							      template octetstring padding := *) := {
+	idp := tr_NSAP_IDP(NSAP_AFI_IANA_ICP_BIN,
+			   tr_NSAP_IDI_u_IANA_ICP_BIN(tr_NSAP_IDI_IANA_ICP_BIN(NSAP_IDI_IANA_ICP_IPv4,
+									       tr_NSAP_IANA_u_IPv4_Address(addr, padding))))
+};
+template (value) NSAP_Address ts_NSAP_Address_IANA_BIN_IPv4(template (value) OCT4 addr,
+							    template (omit) octetstring padding := omit) := {
+	idp := ts_NSAP_IDP(NSAP_AFI_IANA_ICP_BIN,
+			   ts_NSAP_IDI_u_IANA_ICP_BIN(ts_NSAP_IDI_IANA_ICP_BIN(NSAP_IDI_IANA_ICP_IPv4,
+									       ts_NSAP_IANA_u_IPv4_Address(addr, padding))))
+};
+/* IPv4 with padding so that TLA is 20 bytes. This is quite common: */
+template (value) NSAP_Address ts_NSAP_Address_IANA_BIN_IPv4Len20(template (value) OCT4 addr) :=
+	ts_NSAP_Address_IANA_BIN_IPv4(addr, '00000000000000000000000000'O);
+
+
+} with { encode "RAW"; variant "FIELDORDER(msb)" }
diff --git a/library/ranap/RANAP_Templates.ttcn b/library/ranap/RANAP_Templates.ttcn
index a433d62..5cd9353 100644
--- a/library/ranap/RANAP_Templates.ttcn
+++ b/library/ranap/RANAP_Templates.ttcn
@@ -1878,5 +1878,12 @@
    return rab_id;
 }
+function f_ranap_rab_ass_req_extract_tli(RANAP_PDU ranap) return TransportLayerInformation
+{
+	var RAB_AssignmentRequest.protocolIEs ies := ranap.initiatingMessage.value_.rAB_AssignmentRequest.protocolIEs;
+	var TransportLayerInformation tli := ies[0].value_.rAB_SetupOrModifyList[0][0].firstValue.rAB_SetupOrModifyItemFirst.transportLayerInformation;
+	return tli;
+}
+
}
diff --git a/sgsn/BSSGP_ConnHdlr.ttcn b/sgsn/BSSGP_ConnHdlr.ttcn
index c39b614..121ac2d 100644
--- a/sgsn/BSSGP_ConnHdlr.ttcn
+++ b/sgsn/BSSGP_ConnHdlr.ttcn
@@ -17,6 +17,7 @@
 import from MobileL3_Types all;
 import from L3_Templates all;
 import from L3_Common all;
+import from ITU_X213_Types all;
import from GSUP_Types all;
 import from GSUP_Templates all;
@@ -696,7 +697,18 @@
    var RANAP_PDU ranap;
    [] BSSAP.receive(tr_RANAP_RabAssReq(?)) -> value ranap {
    	var RAB_ID rab_id := f_ranap_rab_ass_req_extract_rab_id(ranap);
-		/*TODO: validate received remote IP addr + TEID = apars.ggsn_ip_u + apars.ggsn_tei_u */
+		var TransportLayerInformation tli := f_ranap_rab_ass_req_extract_tli(ranap);
+
+		/* Validate received IP address + TEID from SGSN is the one we
+		 * did set up from the GGSN, since the SGSN is expected to do
+		 * Direct Tunnel: */
+		var template (present) TransportLayerInformation exp_tli :=
+			tr_TLI_ps(oct2bit(enc_NSAP_Address(valueof(ts_NSAP_Address_IANA_BIN_IPv4Len20(apars.ggsn_ip_u)))),
+				  apars.ggsn_tei_u);
+		if (not match(tli, exp_tli)) {
+			Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail,
+				log2str("Rx RAB Ass Req with TLI ", tli, " vs exp ", exp_tli));
+		}
    	var template (value) RAB_SetupOrModifiedList l;
    	l := ts_RAB_SMdL_ps(rab_id, oct2bit(apars.rnc_ip_u), apars.rnc_tei_u);
    	BSSAP.send(ts_RANAP_RabAssResp(l));
diff --git a/sgsn/gen_links.sh b/sgsn/gen_links.sh
index 8df1a87..2e5d9f9 100755
--- a/sgsn/gen_links.sh
+++ b/sgsn/gen_links.sh
@@ -89,6 +89,7 @@
 FILES+="Osmocom_CTRL_Types.ttcn Osmocom_CTRL_Functions.ttcn Osmocom_CTRL_Adapter.ttcn "
 FILES+="Osmocom_VTY_Functions.ttcn "
 FILES+="LLC_Templates.ttcn L3_Templates.ttcn L3_Common.ttcn "
+FILES+="ITU_X213_Types.ttcn "
 FILES+="RAN_Emulation.ttcnpp RAN_Adapter.ttcnpp SCCP_Templates.ttcn "
 # IPA_Emulation + dependencies
 FILES+="IPA_Types.ttcn IPA_Emulation.ttcnpp IPA_CodecPort.ttcn IPA_CodecPort_CtrlFunct.ttcn IPA_CodecPort_CtrlFunctDef.cc Native_Functions.ttcn Native_FunctionDefs.cc "
-- 
To view, visit https://gerrit.osmocom.org/c/osmo-ttcn3-hacks/+/38433?usp=email
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email

Gerrit-MessageType: merged
Gerrit-Project: osmo-ttcn3-hacks
Gerrit-Branch: master
Gerrit-Change-Id: I3a3699cea981caa89b30742c031d5f232418b0ee
Gerrit-Change-Number: 38433
Gerrit-PatchSet: 3
Gerrit-Owner: pespin pespin@sysmocom.de
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: fixeria vyanitskiy@sysmocom.de
Gerrit-Reviewer: laforge laforge@osmocom.org
Gerrit-Reviewer: lynxis lazus lynxis@fe80.eu
Gerrit-Reviewer: osmith osmith@sysmocom.de
Gerrit-Reviewer: pespin pespin@sysmocom.de



    