[M] Change in libosmo-sigtran[master]: xua asp block: SGP/IPSP: Answer ASPAC with Err if blocked - gerrit-log

31 Mar 2026

pespin has uploaded this change for review. ( https://gerrit.osmocom.org/c/libosmo-sigtran/+/42549?usp=email )
Change subject: xua asp block: SGP/IPSP: Answer ASPAC with Err if blocked
......................................................................
xua asp block: SGP/IPSP: Answer ASPAC with Err if blocked
Reject received ASPACs when the asp is administratively blocked.
Moving an already active ASP into inactive state upon user applies
adminsitrative block is not covered in this commit; it will be
implementer later.
This commit doesn't yet implement asp blocking in ASP role nor
(ASP-side) IPSP role.
Related: OS#6752
Change-Id: I23851fe05c06b6bf59b902632029a2382231427e
---
M src/ss7_asp.c
M src/ss7_asp.h
M src/ss7_asp_vty.c
M src/xua_asp_fsm.c
M tests/vty/osmo_stp_test.vty
M tests/vty/ss7_asp_test.vty
6 files changed, 66 insertions(+), 7 deletions(-)
git pull ssh://gerrit.osmocom.org:29418/libosmo-sigtran refs/changes/49/42549/1

diff --git a/src/ss7_asp.c b/src/ss7_asp.c
index ba3b95c..96e8759 100644
--- a/src/ss7_asp.c
+++ b/src/ss7_asp.c
@@ -1530,6 +1530,18 @@
    return -1;
 }
+/* Change adminsitrative state "block" of an ASP.
+ * A blocked ASP can't stay nor be turned into ACTIVE state. */
+void ss7_asp_set_blocked(struct osmo_ss7_asp *asp, bool blocked)
+{
+	if (asp->cfg.adm_state.blocked == blocked)
+		return;
+	LOGPASP(asp, DLSS7, LOGL_NOTICE, "Applying Adm State change: '%sblock' -> '%sblock'\n",
+		asp->cfg.adm_state.blocked ? "" : "no ",
+		blocked ? "" : "no ");
+	asp->cfg.adm_state.blocked = blocked;
+}
+
 /* Apply sane configs for unconfigured options and restart the ASP.  */
 void ss7_asp_restart_after_reconfigure(struct osmo_ss7_asp *asp)
 {
diff --git a/src/ss7_asp.h b/src/ss7_asp.h
index 6b8e974..3012e5e 100644
--- a/src/ss7_asp.h
+++ b/src/ss7_asp.h
@@ -192,6 +192,7 @@
 int ss7_asp_apply_new_local_address(const struct osmo_ss7_asp *asp, unsigned int loc_idx);
 int ss7_asp_apply_drop_local_address(const struct osmo_ss7_asp *asp, unsigned int loc_idx);
+void ss7_asp_set_blocked(struct osmo_ss7_asp *asp, bool blocked);
 void ss7_asp_restart_after_reconfigure(struct osmo_ss7_asp *asp);
unsigned int ss7_asp_get_all_rctx(const struct osmo_ss7_asp *asp, uint32_t *rctx, unsigned int rctx_size,
diff --git a/src/ss7_asp_vty.c b/src/ss7_asp_vty.c
index 3cae016..e3c82fe 100644
--- a/src/ss7_asp_vty.c
+++ b/src/ss7_asp_vty.c
@@ -705,9 +705,33 @@
       "Allows a SCTP Association with ASP, but doesn't let it become active\n",
       CMD_ATTR_NODE_EXIT)
 {
-	/* TODO */
-	vty_out(vty, "Not supported yet%s", VTY_NEWLINE);
-	return CMD_WARNING;
+	struct osmo_ss7_asp *asp = vty->index;
+
+	if (asp->cfg.proto != OSMO_SS7_ASP_PROT_M3UA &&
+	    asp->cfg.proto != OSMO_SS7_ASP_PROT_SUA) {
+		vty_out(vty, "%% 'block' not supported for ASP protocol %s%s",
+			osmo_ss7_asp_protocol_name(asp->cfg.proto), VTY_NEWLINE);
+		return CMD_WARNING;
+	}
+
+	if (asp->cfg.role == OSMO_SS7_ASP_ROLE_ASP) {
+		vty_out(vty, "%% 'block' not yet implemented in 'role asp'%s", VTY_NEWLINE);
+		return CMD_WARNING;
+	}
+
+	ss7_asp_set_blocked(asp, true);
+	return CMD_SUCCESS;
+}
+
+DEFUN_ATTR(asp_no_block, asp_no_block_cmd,
+	   "no block",
+	   NO_STR "Allows a SCTP Association with ASP, but doesn't let it become active\n",
+	   CMD_ATTR_NODE_EXIT)
+{
+	struct osmo_ss7_asp *asp = vty->index;
+
+	ss7_asp_set_blocked(asp, false);
+	return CMD_SUCCESS;
 }
DEFUN_ATTR(asp_shutdown, asp_shutdown_cmd,
@@ -1492,6 +1516,7 @@
    gen_asp_timer_lm_cmd_strs(&asp_timer_lm_cmd);
    install_lib_element(L_CS7_ASP_NODE, &asp_timer_lm_cmd);
    install_lib_element(L_CS7_ASP_NODE, &asp_block_cmd);
+	install_lib_element(L_CS7_ASP_NODE, &asp_no_block_cmd);
    install_lib_element(L_CS7_ASP_NODE, &asp_shutdown_cmd);
    install_lib_element(L_CS7_ASP_NODE, &asp_no_shutdown_cmd);
 }
diff --git a/src/xua_asp_fsm.c b/src/xua_asp_fsm.c
index 8524c4d..7ee3fd1 100644
--- a/src/xua_asp_fsm.c
+++ b/src/xua_asp_fsm.c
@@ -655,7 +655,7 @@
    struct xua_msg_part *asp_id_ie;
    struct xua_msg *xua_in;
    uint32_t traf_mode = 0;
-	struct xua_msg_part *part;
+	struct xua_msg_part *rctx_ie;
    uint32_t asp_id;
    int i;
@@ -711,9 +711,9 @@
    			return;
    		}
    	}
-		if ((part = xua_msg_find_tag(xua_in, M3UA_IEI_ROUTE_CTX))) {
-			for (i = 0; i < part->len / sizeof(uint32_t); i++) {
-				uint8_t *rctx_raw = &part->dat[i * sizeof(uint32_t)];
+		if ((rctx_ie = xua_msg_find_tag(xua_in, M3UA_IEI_ROUTE_CTX))) {
+			for (i = 0; i < rctx_ie->len / sizeof(uint32_t); i++) {
+				uint8_t *rctx_raw = &rctx_ie->dat[i * sizeof(uint32_t)];
    			uint32_t rctx = osmo_load32be(rctx_raw);
    			as = ss7_asp_find_as_by_rctx(asp, rctx);
    			if (!as) {
@@ -726,6 +726,23 @@
    		}
    	}
+		if (asp->cfg.adm_state.blocked) {
+			/* RFC4666 (M3UA) 3.8.1: The "Refused - Management Blocking" error is sent
+			 * when an ASP Up or ASP Active message is received and the request is refused
+			 * for management reasons (e.g., management lockout).  If this error is in
+			 * response to an ASP Active message, the Routing Context(s) in the ASP Active
+			 * message SHOULD be included in the Error message."
+			 * RC4666 (M3UA) 4.3.4.3: "If for any local reason (e.g., management lockout)
+			 * the SGP responds to an ASP Active message with an Error message with reason
+			 * Refused Management Blocking".
+			 */
+			LOGPFSML(fi, LOGL_INFO, "ASPAC: Reject due to ASP in administrative state 'block'\n");
+			peer_send_error_ext(fi, SUA_ERR_REFUSED_MGMT_BLOCKING,
+					    rctx_ie ? rctx_ie->dat : NULL,
+					    rctx_ie ? rctx_ie->len : 0);
+			return;
+		}
+
    	if (traf_mode) { /* if the peer has specified a traffic mode at all */
    		/* First validate peer not trying to establish an incompatible traffic mode: */
    		llist_for_each_entry(assoc, &asp->assoc_as_list, asp_entry) {
diff --git a/tests/vty/osmo_stp_test.vty b/tests/vty/osmo_stp_test.vty
index 561fc39..3c6e466 100644
--- a/tests/vty/osmo_stp_test.vty
+++ b/tests/vty/osmo_stp_test.vty
@@ -303,6 +303,7 @@
   timer xua (ack|beat) <1-999999>
   timer lm (wait_asp_up|wait_notify|wait_notify_rkm|wait_rk_reg_resp) <1-999999>
   block
+  no block
   shutdown
   no shutdown
 ...
@@ -332,6 +333,7 @@
   tcp-param          Configure TCP parameters
   destination-audit  Configure ASP Auditing (xUA DAUD)
   quirk              Disable quirk to work around interop issues
+  block              Allows a SCTP Association with ASP, but doesn't let it become active
   shutdown           Terminates SCTP association; New associations will be rejected
 ...
diff --git a/tests/vty/ss7_asp_test.vty b/tests/vty/ss7_asp_test.vty
index 62b7aa3..0b8f4fd 100644
--- a/tests/vty/ss7_asp_test.vty
+++ b/tests/vty/ss7_asp_test.vty
@@ -299,6 +299,7 @@
   timer xua (ack|beat) <1-999999>
   timer lm (wait_asp_up|wait_notify|wait_notify_rkm|wait_rk_reg_resp) <1-999999>
   block
+  no block
   shutdown
   no shutdown
 ...
@@ -330,6 +331,7 @@
   tcp-param          Configure TCP parameters
   destination-audit  Configure ASP Auditing (xUA DAUD)
   quirk              Disable quirk to work around interop issues
+  block              Allows a SCTP Association with ASP, but doesn't let it become active
   shutdown           Terminates SCTP association; New associations will be rejected
 ...
-- 
To view, visit https://gerrit.osmocom.org/c/libosmo-sigtran/+/42549?usp=email
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email

Gerrit-MessageType: newchange
Gerrit-Project: libosmo-sigtran
Gerrit-Branch: master
Gerrit-Change-Id: I23851fe05c06b6bf59b902632029a2382231427e
Gerrit-Change-Number: 42549
Gerrit-PatchSet: 1
Gerrit-Owner: pespin pespin@sysmocom.de



    