Attention is currently required from: laforge, neels. pespin has posted comments on this change. ( https://gerrit.osmocom.org/c/osmo-mgw/+/35205?usp=email )
Change subject: IuUP: allow Initialization from any address if not yet set ...................................................................... Patch Set 2: (3 comments) Commit Message: https://gerrit.osmocom.org/c/osmo-mgw/+/35205/comment/158c6533_50887307 PS1, Line 28: Decided for now that it's not worth the extra effort to make this more : restrictive > ok, I understand. […] "we do allow any source address to send MGCP to the MGW and actually". This is easily constraint by selecting a proper IP address like a localhost address when configuring osmo-mgw local MGCP address, or binding to an IP address only available on a given interface. The problem with "security" from the RTP ports comes from the fact that the remote IP address is selected by a 3rd entity/node connected to us, and osmo-mgw uses ip probing to find out how to connect. File src/libosmo-mgcp/mgcp_network.c: https://gerrit.osmocom.org/c/osmo-mgw/+/35205/comment/d09ff72c_2e8481ca PS1, Line 838: if (mgcp_conn_rtp_is_iuup(conn) && !conn->iuup.configured) { > (There are two places to indicate codecs, one in the MGCP header which we > basically ignore, and the […] With current master (at least from yesterday) yes, you are right. However, as I mentioned I merged a patch in osmo-hnbgw to announce a "hnb IuUP address" to osmo-mgw right from the first RAN-side MGCP CRCX, by using the Iuh remote IP address at the hnbgw, so that osmo-mgw can guess correctly its binding IuUP address in the assumed general case where Iuh IP address = IuUP IP address in HNB. See https://gitea.osmocom.org/cellular-infrastructure/osmo-hnbgw/commit/656d1d27788a000b93f00cf9cdf659e0dacadde7 Besides that, libosmo-mgcp-client needs to be adapted in order to allow submitting an IP address on the wire (CRCX) even if the port is yet not known (port=0). This is what this osmo-mgw.git patch is accomplishing: https://gerrit.osmocom.org/c/osmo-mgw/+/35152 As you see, with this patch the generated CRCX now contains an SDP, and hence it doesn't go through the add_lco() path, but through the add_sdp() (because it's the only way to provide an IP address to osmo-mgw so it does the ip probing). Now that you processed all the above, read again my previous comment to understand the modifications (going back more or less to version 1 of the patch to send the codec in the CRCX even if the port=0). File src/libosmo-mgcp/mgcp_network.c: https://gerrit.osmocom.org/c/osmo-mgw/+/35205/comment/6a20a4bb_df864304 PS2, Line 837: != 0) > (i find this really hard to read. […] It's not a bool, it's a tristate 1, 0, -1. It's a bool + error. So in here we are handling error as "consider it as not set". -- To view, visit https://gerrit.osmocom.org/c/osmo-mgw/+/35205?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-mgw Gerrit-Branch: master Gerrit-Change-Id: I6c365559a7bd197349f0ea99f7a13b56a4bb580b Gerrit-Change-Number: 35205 Gerrit-PatchSet: 2 Gerrit-Owner: neels <nhofm...@sysmocom.de> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: neels <nhofm...@sysmocom.de> Gerrit-CC: laforge <lafo...@osmocom.org> Gerrit-CC: pespin <pes...@sysmocom.de> Gerrit-Attention: neels <nhofm...@sysmocom.de> Gerrit-Attention: laforge <lafo...@osmocom.org> Gerrit-Comment-Date: Tue, 05 Dec 2023 10:30:45 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: neels <nhofm...@sysmocom.de> Comment-In-Reply-To: laforge <lafo...@osmocom.org> Comment-In-Reply-To: pespin <pes...@sysmocom.de> Gerrit-MessageType: comment
