11 Apr
2011
11 Apr
'11
5:04 p.m.
From: Pablo Neira Ayuso <pablo(a)gnumonks.org>
This patchset is the third in the series to cleanup code in
ipaccess tools and drivers.
They have been tested by bootstraping the nanoBTS successfully in
a small setup with two laptops, one acting as proxy and another with
osmo-nitb.
They are available in the pablo/cleanups branch in openbsc git tree.
BTW: I'm going to stop a bit with cleanups to add a VTY interface
for ipaccess-proxy, as Harald suggested.
Please, merge it!
Thanks.
Pablo Neira Ayuso (7):
libabis: ipaccess: more robust ipaccess_idtag_name()
src: more robust ipaccess_idtag_parse()
libabis: ipaccess: use log instead of debug under errors in
ipaccess_send()
ipaccess-find: get rid of ipac_idtag_name()
ipaccess-proxy: more robust option parsing and checking
ipaccess-proxy: remove leftover option `--udp'
ipaccess-proxy: get rid of make_gprs_sock()
openbsc/include/openbsc/ipaccess.h | 2 +-
openbsc/src/ipaccess/Makefile.am | 6 +++
openbsc/src/ipaccess/ipaccess-find.c | 22 +------------
openbsc/src/ipaccess/ipaccess-proxy.c | 56 +++++++++++++--------------------
openbsc/src/libabis/input/ipaccess.c | 18 ++++++----
openbsc/src/osmo-bsc_nat/bsc_nat.c | 8 ++++-
openbsc/src/osmo-bsc_nat/bsc_ussd.c | 8 ++++-
7 files changed, 55 insertions(+), 65 deletions(-)
--
1.7.2.3
11 Apr
11 Apr
5:04 p.m.
New subject: [PATCH 1/7] libabis: ipaccess: more robust ipaccess_idtag_name()
From: Pablo Neira Ayuso <pablo(a)gnumonks.org>
ipaccess_idtag_name() now takes a uint8_t as parameter which is the
length of the type tag.
This patch was suggested by Zecke.
---
openbsc/include/openbsc/ipaccess.h | 2 +-
openbsc/src/libabis/input/ipaccess.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/openbsc/include/openbsc/ipaccess.h b/openbsc/include/openbsc/ipaccess.h
index 00642ff..0edd81d 100644
--- a/openbsc/include/openbsc/ipaccess.h
+++ b/openbsc/include/openbsc/ipaccess.h
@@ -79,7 +79,7 @@ int ipaccess_send_pong(int fd);
int ipaccess_send_id_ack(int fd);
int ipaccess_send_id_req(int fd);
-const char *ipaccess_idtag_name(int tag);
+const char *ipaccess_idtag_name(uint8_t tag);
int ipaccess_idtag_parse(struct tlv_parsed *dec, unsigned char *buf, int len);
int ipaccess_parse_unitid(const char *str, u_int16_t *site_id, u_int16_t *bts_id,
u_int16_t *trx_id);
diff --git a/openbsc/src/libabis/input/ipaccess.c b/openbsc/src/libabis/input/ipaccess.c
index e1e314b..c4c13d7 100644
--- a/openbsc/src/libabis/input/ipaccess.c
+++ b/openbsc/src/libabis/input/ipaccess.c
@@ -100,7 +100,7 @@ static const char *idtag_names[] = {
[IPAC_IDTAG_UNIT] = "Unit_ID",
};
-const char *ipaccess_idtag_name(int tag)
+const char *ipaccess_idtag_name(uint8_t tag)
{
if (tag >= ARRAY_SIZE(idtag_names))
return "unknown";
--
1.7.2.3
5:04 p.m.
New subject: [PATCH 2/7] src: more robust ipaccess_idtag_parse()
From: Pablo Neira Ayuso <pablo(a)gnumonks.org>
Now ipaccess_idtag_parse() returns -EINVAL instead of -1. We also
check for the return value of this function in every invocation to
skip further processing in case of messages with malformed TLVs.
This idea was suggested by Zecke.
---
openbsc/src/libabis/input/ipaccess.c | 14 +++++++++-----
openbsc/src/osmo-bsc_nat/bsc_nat.c | 8 +++++++-
openbsc/src/osmo-bsc_nat/bsc_ussd.c | 8 +++++++-
3 files changed, 23 insertions(+), 7 deletions(-)
diff --git a/openbsc/src/libabis/input/ipaccess.c b/openbsc/src/libabis/input/ipaccess.c
index c4c13d7..ba641a8 100644
--- a/openbsc/src/libabis/input/ipaccess.c
+++ b/openbsc/src/libabis/input/ipaccess.c
@@ -123,7 +123,7 @@ int ipaccess_idtag_parse(struct tlv_parsed *dec, unsigned char *buf,
int len)
if (t_len > len + 1) {
LOGP(DMI, LOGL_ERROR, "The tag does not fit: %d\n", t_len);
- return -1;
+ return -EINVAL;
}
DEBUGPC(DMI, "%s='%s' ", ipaccess_idtag_name(t_tag), cur);
@@ -251,7 +251,7 @@ static int ipaccess_rcvmsg(struct e1inp_line *line, struct msgb *msg,
u_int16_t site_id = 0, bts_id = 0, trx_id = 0;
struct gsm_bts *bts;
char *unitid;
- int len;
+ int len, ret;
/* handle base messages */
ipaccess_rcvmsg_base(msg, bfd);
@@ -260,10 +260,14 @@ static int ipaccess_rcvmsg(struct e1inp_line *line, struct msgb
*msg,
case IPAC_MSGT_ID_RESP:
DEBUGP(DMI, "ID_RESP ");
/* parse tags, search for Unit ID */
- ipaccess_idtag_parse(&tlvp, (u_int8_t *)msg->l2h + 2,
- msgb_l2len(msg)-2);
+ ret = ipaccess_idtag_parse(&tlvp, (u_int8_t *)msg->l2h + 2,
+ msgb_l2len(msg)-2);
DEBUGP(DMI, "\n");
-
+ if (ret < 0) {
+ LOGP(DINP, LOGL_ERROR, "ignoring IPA response message "
+ "with malformed TLVs\n");
+ return ret;
+ }
if (!TLVP_PRESENT(&tlvp, IPAC_IDTAG_UNIT))
break;
diff --git a/openbsc/src/osmo-bsc_nat/bsc_nat.c b/openbsc/src/osmo-bsc_nat/bsc_nat.c
index 7586294..8c164a2 100644
--- a/openbsc/src/osmo-bsc_nat/bsc_nat.c
+++ b/openbsc/src/osmo-bsc_nat/bsc_nat.c
@@ -1019,9 +1019,15 @@ exit:
/* do we know who is handling this? */
if (msg->l2h[0] == IPAC_MSGT_ID_RESP) {
struct tlv_parsed tvp;
- ipaccess_idtag_parse(&tvp,
+ int ret;
+ ret = ipaccess_idtag_parse(&tvp,
(unsigned char *) msg->l2h + 2,
msgb_l2len(msg) - 2);
+ if (ret < 0) {
+ LOGP(DNAT, LOGL_ERROR, "ignoring IPA response "
+ "message with malformed TLVs\n");
+ return ret;
+ }
if (TLVP_PRESENT(&tvp, IPAC_IDTAG_UNITNAME))
ipaccess_auth_bsc(&tvp, bsc);
}
diff --git a/openbsc/src/osmo-bsc_nat/bsc_ussd.c b/openbsc/src/osmo-bsc_nat/bsc_ussd.c
index ff1d27a..4beef7b 100644
--- a/openbsc/src/osmo-bsc_nat/bsc_ussd.c
+++ b/openbsc/src/osmo-bsc_nat/bsc_ussd.c
@@ -123,9 +123,15 @@ static int ussd_read_cb(struct bsc_fd *bfd)
if (hh->proto == IPAC_PROTO_IPACCESS) {
if (msg->l2h[0] == IPAC_MSGT_ID_RESP) {
struct tlv_parsed tvp;
- ipaccess_idtag_parse(&tvp,
+ int ret;
+ ret = ipaccess_idtag_parse(&tvp,
(unsigned char *) msg->l2h + 2,
msgb_l2len(msg) - 2);
+ if (ret < 0) {
+ LOGP(DNAT, LOGL_ERROR, "ignoring IPA response "
+ "message with malformed TLVs\n");
+ return ret;
+ }
if (TLVP_PRESENT(&tvp, IPAC_IDTAG_UNITNAME))
ussd_auth_con(&tvp, conn);
}
--
1.7.2.3
5:52 p.m.
New subject: [PATCH 2/7] src: more robust ipaccess_idtag_parse()
On 04/11/2011 05:04 PM, pablo(a)gnumonks.org wrote:
From: Pablo Neira Ayuso <pablo(a)gnumonks.org>
Thanks, IIRC there is another issue here. We assume that the strings on the
wire contain a '\0', e.g. in the printf statements we rely on this. So we
could either put this in there or do something else.
thanks
holger
12 Apr
12 Apr
7:55 p.m.
New subject: [PATCH 2/7] src: more robust ipaccess_idtag_parse()
Hi Holger,
On 11/04/11 17:52, Holger Hans Peter Freyther wrote:
On 04/11/2011 05:04 PM, pablo(a)gnumonks.org wrote:
Can I assume that all IPAC_IDTAG_* are all strings?
I mean all of these:
[IPAC_IDTAG_SERNR] = "Serial_Number",
[IPAC_IDTAG_UNITNAME] = "Unit_Name",
[IPAC_IDTAG_LOCATION1] = "Location_1",
[IPAC_IDTAG_LOCATION2] = "Location_2",
[IPAC_IDTAG_EQUIPVERS] = "Equipment_Version",
[IPAC_IDTAG_SWVERSION] = "Software_Version",
[IPAC_IDTAG_IPADDR] = "IP_Address",
[IPAC_IDTAG_MACADDR] = "MAC_Address",
[IPAC_IDTAG_UNIT] = "Unit_ID",
If so, I'll send a patch to check for the trailing \0 to:
dec->lv[t_tag].val = cur;
Sorry, I didn't get you in the first hand, I'm not ignoring your
requests :-).
Let me know if this is not what you mean.
From: Pablo Neira Ayuso
<pablo(a)gnumonks.org>
Thanks, IIRC there is another issue here. We assume that the strings on the
wire contain a '\0', e.g. in the printf statements we rely on this. So we
could either put this in there or do something else.
13 Apr
13 Apr
1:38 p.m.
New subject: [PATCH 2/7] src: more robust ipaccess_idtag_parse()
On 04/12/2011 07:55 PM, Pablo Neira Ayuso wrote:
I'm sorry. I do not know.
Thanks, IIRC
there is another issue here. We assume that the strings on the
wire contain a '\0', e.g. in the printf statements we rely on this. So we
could either put this in there or do something else.
Can I assume that all IPAC_IDTAG_* are all strings? If so, I'll send a patch to check for the trailing
\0 to:
dec->lv[t_tag].val = cur;
Sorry, I didn't get you in the first hand, I'm not ignoring your
requests :-).
Let me know if this is not what you mean.
It would be good to find out which of these tags have the null termination and
which not.
holger
11 Apr
11 Apr
5:04 p.m.
New subject: [PATCH 3/7] libabis: ipaccess: use log instead of debug under errors in ipaccess_send()
From: Pablo Neira Ayuso <pablo(a)gnumonks.org>
This patch was suggested by Zecke.
---
openbsc/src/libabis/input/ipaccess.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/openbsc/src/libabis/input/ipaccess.c b/openbsc/src/libabis/input/ipaccess.c
index ba641a8..cba03a0 100644
--- a/openbsc/src/libabis/input/ipaccess.c
+++ b/openbsc/src/libabis/input/ipaccess.c
@@ -200,7 +200,7 @@ static int ipaccess_send(int fd, const void *msg, size_t msglen)
if (ret < 0)
return ret;
if (ret < msglen) {
- DEBUGP(DINP, "ipaccess_send: short write\n");
+ LOGP(DINP, LOGL_ERROR, "ipaccess_send: short write\n");
return -EIO;
}
return ret;
--
1.7.2.3
5:04 p.m.
New subject: [PATCH 4/7] ipaccess-find: get rid of ipac_idtag_name()
From: Pablo Neira Ayuso <pablo(a)gnumonks.org>
Use generic ipaccess_idtag_name() available in libabis instead.
---
openbsc/src/ipaccess/Makefile.am | 6 ++++++
openbsc/src/ipaccess/ipaccess-find.c | 22 +---------------------
2 files changed, 7 insertions(+), 21 deletions(-)
diff --git a/openbsc/src/ipaccess/Makefile.am b/openbsc/src/ipaccess/Makefile.am
index cff3505..4fe1e37 100644
--- a/openbsc/src/ipaccess/Makefile.am
+++ b/openbsc/src/ipaccess/Makefile.am
@@ -4,6 +4,12 @@ AM_LDFLAGS = $(LIBOSMOCORE_LIBS) $(LIBOSMOGSM_LIBS) $(COVERAGE_LDFLAGS)
bin_PROGRAMS = ipaccess-find ipaccess-config ipaccess-proxy
+ipaccess_find_LDADD = $(top_builddir)/src/libbsc/libbsc.a \
+ $(top_builddir)/src/libmsc/libmsc.a \
+ $(top_builddir)/src/libabis/libabis.a \
+ $(top_builddir)/src/libbsc/libbsc.a \
+ $(top_builddir)/src/libtrau/libtrau.a \
+ $(top_builddir)/src/libcommon/libcommon.a
ipaccess_find_SOURCES = ipaccess-find.c
ipaccess_config_SOURCES = ipaccess-config.c ipaccess-firmware.c network_listen.c
diff --git a/openbsc/src/ipaccess/ipaccess-find.c b/openbsc/src/ipaccess/ipaccess-find.c
index a273609..987e35c 100644
--- a/openbsc/src/ipaccess/ipaccess-find.c
+++ b/openbsc/src/ipaccess/ipaccess-find.c
@@ -32,26 +32,6 @@
#include <openbsc/ipaccess.h>
#include <openbsc/gsm_data.h>
-static const char *idtag_names[] = {
- [IPAC_IDTAG_SERNR] = "Serial Number",
- [IPAC_IDTAG_UNITNAME] = "Unit Name",
- [IPAC_IDTAG_LOCATION1] = "Location 1",
- [IPAC_IDTAG_LOCATION2] = "Location 2",
- [IPAC_IDTAG_EQUIPVERS] = "Equipment Version",
- [IPAC_IDTAG_SWVERSION] = "Software Version",
- [IPAC_IDTAG_IPADDR] = "IP Address",
- [IPAC_IDTAG_MACADDR] = "MAC Address",
- [IPAC_IDTAG_UNIT] = "Unit ID",
-};
-
-static const char *ipac_idtag_name(int tag)
-{
- if (tag >= ARRAY_SIZE(idtag_names))
- return "unknown";
-
- return idtag_names[tag];
-}
-
static int udp_sock(const char *ifname)
{
int fd, rc, bc = 1;
@@ -133,7 +113,7 @@ static int parse_response(unsigned char *buf, int len)
t_len = *cur++;
t_tag = *cur++;
- printf("%s='%s' ", ipac_idtag_name(t_tag), cur);
+ printf("%s='%s' ", ipaccess_idtag_name(t_tag), cur);
cur += t_len;
}
--
1.7.2.3
5:04 p.m.
New subject: [PATCH 5/7] ipaccess-proxy: more robust option parsing and checking
From: Pablo Neira Ayuso <pablo(a)gnumonks.org>
With this patch, ipaccess-proxy makes more robust option checking:
$ ./ipaccess-proxy -l 1.1.1.1 -b 2.2.2.2 -e
ERROR: missing mandatory argument for `-e' option
And we return to shell to enforce the user to try again with the
appropriate invocation.
Before this patch, the default getopt_long() error handling was
enabled which displayed this message:
./ipaccess-proxy: option requires an argument -- 'e'
and ipaccess-proxy continued working.
This is generic enough to cover other option that require mandatory
arguments like `--bsc' and `--listen'.
---
openbsc/src/ipaccess/ipaccess-proxy.c | 15 +++++++++++++++
1 files changed, 15 insertions(+), 0 deletions(-)
diff --git a/openbsc/src/ipaccess/ipaccess-proxy.c
b/openbsc/src/ipaccess/ipaccess-proxy.c
index 55658cf..dd0a739 100644
--- a/openbsc/src/ipaccess/ipaccess-proxy.c
+++ b/openbsc/src/ipaccess/ipaccess-proxy.c
@@ -1133,6 +1133,9 @@ static void handle_options(int argc, char** argv)
{
int options_mask = 0;
+ /* disable explicit missing arguments error output from getopt_long */
+ opterr = 0;
+
while (1) {
int option_index = 0, c;
static struct option long_options[] = {
@@ -1176,6 +1179,18 @@ static void handle_options(int argc, char** argv)
case 'e':
log_set_log_level(stderr_target, atoi(optarg));
break;
+ case '?':
+ if (optopt) {
+ printf("ERROR: missing mandatory argument "
+ "for `%s' option\n", argv[optind-1]);
+ } else {
+ printf("ERROR: unknown option `%s'\n",
+ argv[optind-1]);
+ }
+ print_usage();
+ print_help();
+ exit(EXIT_FAILURE);
+ break;
default:
/* ignore */
break;
--
1.7.2.3
5:04 p.m.
New subject: [PATCH 6/7] ipaccess-proxy: remove leftover option `--udp'
From: Pablo Neira Ayuso <pablo(a)gnumonks.org>
It seems it remains unimplemented, remove it.
---
openbsc/src/ipaccess/ipaccess-proxy.c | 1 -
1 files changed, 0 insertions(+), 1 deletions(-)
diff --git a/openbsc/src/ipaccess/ipaccess-proxy.c
b/openbsc/src/ipaccess/ipaccess-proxy.c
index dd0a739..4dd6ee5 100644
--- a/openbsc/src/ipaccess/ipaccess-proxy.c
+++ b/openbsc/src/ipaccess/ipaccess-proxy.c
@@ -1145,7 +1145,6 @@ static void handle_options(int argc, char** argv)
{"log-level", 1, 0, 'e'},
{"listen", 1, 0, 'l'},
{"bsc", 1, 0, 'b'},
- {"udp", 1, 0, 'u'},
{0, 0, 0, 0}
};
--
1.7.2.3
5:04 p.m.
New subject: [PATCH 7/7] ipaccess-proxy: get rid of make_gprs_sock()
From: Pablo Neira Ayuso <pablo(a)gnumonks.org>
It is similar to make_sock() available in openbsc/libcommon.
---
openbsc/src/ipaccess/ipaccess-proxy.c | 40 +++++---------------------------
1 files changed, 7 insertions(+), 33 deletions(-)
diff --git a/openbsc/src/ipaccess/ipaccess-proxy.c
b/openbsc/src/ipaccess/ipaccess-proxy.c
index 4dd6ee5..5254959 100644
--- a/openbsc/src/ipaccess/ipaccess-proxy.c
+++ b/openbsc/src/ipaccess/ipaccess-proxy.c
@@ -126,7 +126,6 @@ static char *listen_ipaddr;
static char *bsc_ipaddr;
static char *gprs_ns_ipaddr;
-static int make_gprs_sock(struct bsc_fd *bfd, int (*cb)(struct bsc_fd*,unsigned int),
void *);
static int gprs_ns_cb(struct bsc_fd *bfd, unsigned int what);
#define PROXY_ALLOC_SIZE 1200
@@ -389,7 +388,13 @@ static int ipbc_alloc_connect(struct ipa_proxy_conn *ipc, struct
bsc_fd *bfd,
if (gprs_ns_ipaddr) {
struct sockaddr_in sock;
socklen_t len = sizeof(sock);
- ret = make_gprs_sock(&ipbc->gprs_ns_fd, gprs_ns_cb, ipbc);
+ struct in_addr addr;
+ uint32_t ip;
+
+ inet_aton(listen_ipaddr, &addr);
+ ip = ntohl(addr.s_addr); /* make_sock() needs host byte order */
+ ret = make_sock(&ipbc->gprs_ns_fd, IPPROTO_UDP, ip, 0, 0,
+ gprs_ns_cb, ipbc);
if (ret < 0) {
LOGP(DINP, LOGL_ERROR, "Creating the GPRS socket failed.\n");
goto err_udp_bsc;
@@ -982,37 +987,6 @@ static int gprs_ns_cb(struct bsc_fd *bfd, unsigned int what)
return 0;
}
-static int make_gprs_sock(struct bsc_fd *bfd, int (*cb)(struct bsc_fd*,unsigned int),
void *data)
-{
- struct sockaddr_in addr;
- int ret;
-
- bfd->fd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
- bfd->cb = cb;
- bfd->data = data;
- bfd->when = BSC_FD_READ;
-
- memset(&addr, 0, sizeof(addr));
- addr.sin_family = AF_INET;
- addr.sin_port = 0;
- inet_aton(listen_ipaddr, &addr.sin_addr);
-
- ret = bind(bfd->fd, (struct sockaddr *) &addr, sizeof(addr));
- if (ret < 0) {
- LOGP(DINP, LOGL_ERROR,
- "Could not bind n socket for IP %s with error: %s.\n",
- listen_ipaddr, strerror(errno));
- return -EIO;
- }
-
- ret = bsc_register_fd(bfd);
- if (ret < 0) {
- perror("register_listen_fd");
- return ret;
- }
- return 0;
-}
-
/* Actively connect to a BSC. */
static struct ipa_proxy_conn *connect_bsc(struct sockaddr_in *sa, int priv_nr, void
*data)
{
--
1.7.2.3
7:14 p.m.
Hi Pablo,
On Mon, Apr 11, 2011 at 05:04:23PM +0200, pablo(a)gnumonks.org wrote:
They are available in the pablo/cleanups branch in
openbsc git tree.
BTW: I'm going to stop a bit with cleanups to add a VTY interface
for ipaccess-proxy, as Harald suggested.
Please, merge it!
thanks, merged!
--
- Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)
12 Apr
12 Apr
7:56 p.m.
On 11/04/11 19:14, Harald Welte wrote:
Hi Pablo,
On Mon, Apr 11, 2011 at 05:04:23PM +0200, pablo(a)gnumonks.org wrote:
Hm, I don't see them in the master branch, still in your local tree?
They are available in the pablo/cleanups branch
in openbsc git tree.
BTW: I'm going to stop a bit with cleanups to add a VTY interface
for ipaccess-proxy, as Harald suggested.
Please, merge it!
thanks, merged!
9:51 p.m.
On Tue, Apr 12, 2011 at 07:56:29PM +0200, Pablo Neira Ayuso wrote:
On 11/04/11 19:14, Harald Welte wrote:
yes, sorry. fixed now.
--
- Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)
Hi Pablo,
On Mon, Apr 11, 2011 at 05:04:23PM +0200, pablo(a)gnumonks.org wrote:
Hm, I don't see them in the master branch, still in your local tree? They are available in the pablo/cleanups branch
in openbsc git tree.
BTW: I'm going to stop a bit with cleanups to add a VTY interface
for ipaccess-proxy, as Harald suggested.
Please, merge it!
thanks, merged!
5184
days inactive
5185
days old
13 comments
4 participants
participants (4)
-
Harald Welte -
Holger Hans Peter Freyther -
Pablo Neira Ayuso -
pablo@gnumonks.org