pespin has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-sgsn/+/30909 )
Change subject: vty: Introduce encryption cipher-plugin-path command ......................................................................
vty: Introduce encryption cipher-plugin-path command
The load of plugins will eventually be moved to libosmo-gprs implementation, and path will be passed as a parameter. Once it's moved inside libosmo-gprs, it will be more strict on load failures, which can cause internally if the path doesn't exist (unless NULL is passed). Hence, add a VTY config to allow configuring the right path, and have it disabled by default.
Change-Id: I4f965c7afafa193f4d7486750dd3e43cca22bb65 --- M include/osmocom/sgsn/sgsn.h M src/sgsn/sgsn_main.c M src/sgsn/sgsn_vty.c M tests/osmo-sgsn_test-nodes.vty 4 files changed, 30 insertions(+), 2 deletions(-)
git pull ssh://gerrit.osmocom.org:29418/osmo-sgsn refs/changes/09/30909/1
diff --git a/include/osmocom/sgsn/sgsn.h b/include/osmocom/sgsn/sgsn.h index 441a614..6e93178 100644 --- a/include/osmocom/sgsn/sgsn.h +++ b/include/osmocom/sgsn/sgsn.h @@ -77,6 +77,7 @@ /* misc */ struct gprs_ns2_inst *nsi;
+ char *crypt_cipher_plugin_path; enum sgsn_auth_policy auth_policy; uint8_t gea_encryption_mask; uint8_t uea_encryption_mask; diff --git a/src/sgsn/sgsn_main.c b/src/sgsn/sgsn_main.c index d9d454c..04de6a2 100644 --- a/src/sgsn/sgsn_main.c +++ b/src/sgsn/sgsn_main.c @@ -413,8 +413,6 @@ sgsn->cfg.nsi = sgsn_nsi; bssgp_set_bssgp_callback(sgsn_bssgp_dispatch_ns_unitdata_req_cb, sgsn_nsi);
- gprs_llc_init("/usr/local/lib/osmocom/crypt/"); - gprs_ns2_vty_init(sgsn_nsi); bssgp_vty_init(); gprs_llc_vty_init(); @@ -449,6 +447,8 @@ if (rc < 0) exit(1);
+ gprs_llc_init(sgsn->cfg.crypt_cipher_plugin_path); + rc = sgsn_gtp_init(sgsn); if (rc) { LOGP(DGPRS, LOGL_FATAL, "Cannot bind/listen on GTP socket\n"); diff --git a/src/sgsn/sgsn_vty.c b/src/sgsn/sgsn_vty.c index d3dba92..9bd9845 100644 --- a/src/sgsn/sgsn_vty.c +++ b/src/sgsn/sgsn_vty.c @@ -284,6 +284,8 @@
vty_out(vty, "%s", VTY_NEWLINE); } + if (g_cfg->crypt_cipher_plugin_path) + vty_out(vty, "encryption cipher-plugin-path %s%s", g_cfg->crypt_cipher_plugin_path, VTY_NEWLINE); if (g_cfg->sgsn_ipa_name) vty_out(vty, " gsup ipa-name %s%s", g_cfg->sgsn_ipa_name, VTY_NEWLINE); if (g_cfg->gsup_server_addr.sin_addr.s_addr) @@ -841,6 +843,27 @@ return CMD_SUCCESS; }
+DEFUN(cfg_encrypt_cipher_plugin_path, cfg_encrypt_cipher_plugin_path_cmd, + "encryption cipher-plugin-path PATH", + ENCRYPTION_STR + "Path to gprs encryption cipher plugin directory\n" + "Plugin path\n") +{ + osmo_talloc_replace_string(sgsn, &sgsn->cfg.crypt_cipher_plugin_path, argv[0]); + + return CMD_SUCCESS; +} + +DEFUN(cfg_no_encrypt_cipher_plugin_path, cfg_no_encrypt_cipher_plugin_path_cmd, + "no encryption cipher-plugin-path PATH", + NO_STR ENCRYPTION_STR + "Path to gprs encryption cipher plugin directory\n" + "Plugin path\n") +{ + TALLOC_FREE(sgsn->cfg.crypt_cipher_plugin_path); + return CMD_SUCCESS; +} + DEFUN(cfg_authentication, cfg_authentication_cmd, "authentication (optional|required)", "Whether to enforce MS authentication in GERAN (only with auth-policy remote)\n" @@ -1775,6 +1798,8 @@ install_element(SGSN_NODE, &cfg_encrypt2_cmd); install_element(SGSN_NODE, &cfg_encrypt_cmd); install_element(SGSN_NODE, &cfg_encryption_uea_cmd); + install_element(SGSN_NODE, &cfg_encrypt_cipher_plugin_path_cmd); + install_element(SGSN_NODE, &cfg_no_encrypt_cipher_plugin_path_cmd);
install_element(SGSN_NODE, &cfg_gsup_ipa_name_cmd); install_element(SGSN_NODE, &cfg_gsup_remote_ip_cmd); diff --git a/tests/osmo-sgsn_test-nodes.vty b/tests/osmo-sgsn_test-nodes.vty index 22d81d2..4c65415 100644 --- a/tests/osmo-sgsn_test-nodes.vty +++ b/tests/osmo-sgsn_test-nodes.vty @@ -37,6 +37,8 @@ authentication (optional|required) encryption gea <0-4> [<0-4>] [<0-4>] [<0-4>] [<0-4>] encryption uea <0-2> [<0-2>] [<0-2>] + encryption cipher-plugin-path PATH + no encryption cipher-plugin-path PATH gsup ipa-name NAME gsup remote-ip A.B.C.D gsup remote-port <0-65535>
-
pespin