This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/OpenBSC@lists.osmocom.org/.
Vadim Yanitskiy axilirator at gmail.comHi Pau, today I cannot sign in to Gerrit for some magic reason, so I would like to post some notes about your change [1]. [1] https://gerrit.osmocom.org/#/c/osmo-sgsn/+/14445/ > [...] it changed the default logic for remote policy to not require > authentication, which broke TTCN3 tests because sgsn no longer > tries to authenticate the users. My bad, sorry for that. > let's enable it by default when on auth-policy remote. ACK. > doc/manuals/vty/sgsn_vty_reference.xml > Allow MS to attach via GERAN without authentication > (default and only possible value for non-remote auth-policy) Actually, no. My motivation for introducing this VTY parameter was exactly the ability to use remote auth-policy (i.e. OsmoHLR) to check if a subscriber is known, but not to require authentication, just like we can do in CS-domain. In other words, 'authentication optional' should work with 'auth-policy remote'. > src/gprs/sgsn_vty.c > DEFUN(cfg_authentication, cfg_authentication_cmd, > [...] > Allow MS to attach via GERAN without authentication > (default and only possible value for non-remote auth-policy) Same here. It *is* possible for 'auth-policy remote' too. > src/gprs/gprs_sgsn.c > struct sgsn_instance *sgsn_instance_alloc(void *talloc_ctx) > [...] > inst->cfg.auth_policy = SGSN_AUTH_POLICY_CLOSED; > /* only applies if auth_policy is REMOTE */ > inst->cfg.require_authentication = true; > [...] Are you sure this wouldn't break non-remote auth-policy use cases? AFAIR, the GMM layer requests authentication regardless of the 'auth-policy', so then in 'gprs/sgsn_auth.c' we conditionally perform authentication or immediately return SGSN_AUTH_ACCEPTED. An alternative solution is to invert 'cfg.require_authentication', e.g. to 'cfg.omit_authentication', so by default we will require authentication since it's initialized to false. With best regards, Vadim Yanitskiy.