This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
Max gerrit-no-reply at lists.osmocom.orgHello Harald Welte, Jenkins Builder, I'd like you to reexamine a change. Please visit https://gerrit.osmocom.org/437 to look at the new patch set (#4). SGSN: prevent starting with inconsistent config Previously it was possible to start osmo-sgsn with "auth-policy remote" but without "gsup remote-*" which resulted in broken setup: no MS could perform GPRS ATTACH. Add consistency check to vty code to fix this. Related: OS#1582 Change-Id: Ie4296e7d99d7833f7d828b0196435ea81097cf6e --- M debian/changelog M openbsc/src/gprs/sgsn_vty.c M openbsc/tests/vty_test_runner.py 3 files changed, 18 insertions(+), 3 deletions(-) git pull ssh://gerrit.osmocom.org:29418/openbsc refs/changes/37/437/4 diff --git a/debian/changelog b/debian/changelog index 6a0362a..e9a4212 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,8 @@ openbsc (0.15.1) UNRELEASED; urgency=medium * Move forward toward a new release. + * Prevent SGSN starting with 'auth-policy remote' when no 'gsup remote-*' are configured. + Note: such configs are broken without extra workarounds anyway. -- Holger Hans Peter Freyther <holger at moiji-mobile.com> Tue, 24 May 2016 23:14:31 +0200 diff --git a/openbsc/src/gprs/sgsn_vty.c b/openbsc/src/gprs/sgsn_vty.c index ac08bed..e6dc68d 100644 --- a/openbsc/src/gprs/sgsn_vty.c +++ b/openbsc/src/gprs/sgsn_vty.c @@ -210,9 +210,6 @@ for (server = sgsn->ares_servers; server; server = server->next) vty_out(vty, " grx-dns-add %s%s", inet_ntoa(server->addr.addr4), VTY_NEWLINE); - vty_out(vty, " auth-policy %s%s", - get_value_string(sgsn_auth_pol_strs, g_cfg->auth_policy), - VTY_NEWLINE); if (g_cfg->cipher != GPRS_ALGO_GEA0) vty_out(vty, " encryption %s%s", get_value_string(gprs_cipher_names, g_cfg->cipher), @@ -223,6 +220,9 @@ if (g_cfg->gsup_server_port) vty_out(vty, " gsup remote-port %d%s", g_cfg->gsup_server_port, VTY_NEWLINE); + vty_out(vty, " auth-policy %s%s", + get_value_string(sgsn_auth_pol_strs, g_cfg->auth_policy), + VTY_NEWLINE); vty_out(vty, " gsup oap-id %d%s", (int)g_cfg->oap.client_id, VTY_NEWLINE); @@ -591,6 +591,17 @@ { int val = get_string_value(sgsn_auth_pol_strs, argv[0]); OSMO_ASSERT(val >= SGSN_AUTH_POLICY_OPEN && val <= SGSN_AUTH_POLICY_REMOTE); + if (val == SGSN_AUTH_POLICY_REMOTE) { + const char *err = "%% auth-policy remote requires"; + if (!g_cfg->gsup_server_addr.sin_addr.s_addr) { + vty_out(vty, "%s 'gsup remote-ip'%s", err, VTY_NEWLINE); + return CMD_WARNING; + } + if (!g_cfg->gsup_server_port) { + vty_out(vty, "%s 'gsup remote-port'%s", err, VTY_NEWLINE); + return CMD_WARNING; + } + } g_cfg->auth_policy = val; g_cfg->require_authentication = (val == SGSN_AUTH_POLICY_REMOTE); g_cfg->require_update_location = (val == SGSN_AUTH_POLICY_REMOTE); diff --git a/openbsc/tests/vty_test_runner.py b/openbsc/tests/vty_test_runner.py index bae1866..8fe2b41 100644 --- a/openbsc/tests/vty_test_runner.py +++ b/openbsc/tests/vty_test_runner.py @@ -1037,6 +1037,8 @@ self.assertTrue(self.vty.verify('auth-policy closed', [''])) res = self.vty.command("show running-config") self.assert_(res.find('auth-policy closed') > 0) + self.assertTrue(self.vty.verify('gsup remote-ip 127.0.0.4', [''])) + self.assertTrue(self.vty.verify('gsup remote-port 2222', [''])) self.assertTrue(self.vty.verify('auth-policy remote', [''])) res = self.vty.command("show running-config") self.assert_(res.find('auth-policy remote') > 0) -- To view, visit https://gerrit.osmocom.org/437 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: newpatchset Gerrit-Change-Id: Ie4296e7d99d7833f7d828b0196435ea81097cf6e Gerrit-PatchSet: 4 Gerrit-Project: openbsc Gerrit-Branch: master Gerrit-Owner: Max <msuraev at sysmocom.de> Gerrit-Reviewer: Harald Welte <laforge at gnumonks.org> Gerrit-Reviewer: Holger Freyther <holger at freyther.de> Gerrit-Reviewer: Jenkins Builder