Hello Harald Welte, Jenkins Builder,
I'd like you to reexamine a change. Please visit
https://gerrit.osmocom.org/4317
to look at the new patch set (#2).
gb: optionally allow nsip packets only from a specific host
When listening for nsip connections is enabled, then every remote
host may send packets. This is useful for an SGSN that serves
multiple PCUs, but contraproductive for a PCU that awaits packets
from a single SGSN.
Add struct members remote_ip, and remote_port to struct gprs_ns_inst,
when set, then the listening end uses connect() to ensure that only
the expected host may send packets.
Change-Id: Ifeb201d9006eec275a46708007ff342cdfc14e45
---
M TODO-RELEASE
M include/osmocom/gprs/gprs_ns.h
M src/gb/gprs_ns.c
3 files changed, 28 insertions(+), 3 deletions(-)
git pull ssh://gerrit.osmocom.org:29418/libosmocore refs/changes/17/4317/2
diff --git a/TODO-RELEASE b/TODO-RELEASE
index 1964cff..e5a6f70 100644
--- a/TODO-RELEASE
+++ b/TODO-RELEASE
@@ -12,3 +12,4 @@
libosmogsm/oap ABI change fix AUTS length to 14, not 16 (length
is implicit)
osmo-auc-gen UI change fix AUTS length to 14, not 16 (length
is implicit)
libosmovty ABI change redefine _LAST_OSMOVTY_NODE as a high
number to increase node space
+libosmogb ABI change add struct members nsip.remote_ip, and
nsip.remote_port to struct gprs_ns_inst
\ No newline at end of file
diff --git a/include/osmocom/gprs/gprs_ns.h b/include/osmocom/gprs/gprs_ns.h
index 938ad99..66e3d9e 100644
--- a/include/osmocom/gprs/gprs_ns.h
+++ b/include/osmocom/gprs/gprs_ns.h
@@ -88,6 +88,8 @@
struct osmo_fd fd;
uint32_t local_ip;
uint16_t local_port;
+ uint32_t remote_ip;
+ uint16_t remote_port;
int dscp;
} nsip;
/*! NS-over-FR-over-GRE-over-IP specific bits */
diff --git a/src/gb/gprs_ns.c b/src/gb/gprs_ns.c
index d20ed23..862f5b5 100644
--- a/src/gb/gprs_ns.c
+++ b/src/gb/gprs_ns.c
@@ -1561,15 +1561,37 @@
int gprs_ns_nsip_listen(struct gprs_ns_inst *nsi)
{
struct in_addr in;
+ struct in_addr remote;
+ char remote_str[INET_ADDRSTRLEN];
int ret;
in.s_addr = osmo_htonl(nsi->nsip.local_ip);
+ remote.s_addr = osmo_htonl(nsi->nsip.remote_ip);
nsi->nsip.fd.cb = nsip_fd_cb;
nsi->nsip.fd.data = nsi;
- ret = osmo_sock_init_ofd(&nsi->nsip.fd, AF_INET, SOCK_DGRAM,
- IPPROTO_UDP, inet_ntoa(in),
- nsi->nsip.local_port, OSMO_SOCK_F_BIND);
+
+ if (nsi->nsip.remote_ip && nsi->nsip.remote_port) {
+ /* connect to ensure only we only accept packets from the
+ * configured remote end/peer */
+ snprintf(remote_str, sizeof(remote_str), "%s",
inet_ntoa(remote));
+ ret =
+ osmo_sock_init2_ofd(&nsi->nsip.fd, AF_INET, SOCK_DGRAM,
+ IPPROTO_UDP, inet_ntoa(in),
+ nsi->nsip.local_port, remote_str,
+ nsi->nsip.remote_port, OSMO_SOCK_F_BIND
| OSMO_SOCK_F_CONNECT);
+
+ LOGP(DNS, LOGL_NOTICE,
+ "Listening for nsip packets from %s:%u on %s:%u\n",
+ remote_str, nsi->nsip.remote_port, inet_ntoa(in),
nsi->nsip.local_port);
+ } else {
+ /* Accept UDP packets from any source IP/Port */
+ ret = osmo_sock_init_ofd(&nsi->nsip.fd, AF_INET, SOCK_DGRAM,
+ IPPROTO_UDP, inet_ntoa(in),
nsi->nsip.local_port, OSMO_SOCK_F_BIND);
+
+ LOGP(DNS, LOGL_NOTICE, "Listening for nsip packets on %s:%u\n",
inet_ntoa(in), nsi->nsip.local_port);
+ }
+
if (ret < 0)
return ret;
--
To view, visit https://gerrit.osmocom.org/4317
To unsubscribe, visit https://gerrit.osmocom.org/settings
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: Ifeb201d9006eec275a46708007ff342cdfc14e45
Gerrit-PatchSet: 2
Gerrit-Project: libosmocore
Gerrit-Branch: master
Gerrit-Owner: dexter <pma...@sysmocom.de>
Gerrit-Reviewer: Harald Welte <lafo...@gnumonks.org>
Gerrit-Reviewer: Jenkins Builder
