diff options
author | Philipp Maier <pmaier@sysmocom.de> | 2017-10-17 15:23:53 +0200 |
---|---|---|
committer | Harald Welte <laforge@gnumonks.org> | 2017-10-24 10:50:07 +0000 |
commit | 224a6dda02a2fcf11f70ac25abe9c780167649bf (patch) | |
tree | 16327523b7671fe50d4820f77da9bb30327e338b | |
parent | f0e392ac2dbb44eb42a242353f392d570b5de8e8 (diff) |
gb: optionally allow nsip packets only from a specific host
When listening for nsip connections is enabled, then every remote
host may send packets. This is useful for an SGSN that serves
multiple PCUs, but contraproductive for a PCU that awaits packets
from a single SGSN.
Add struct members remote_ip, and remote_port to struct gprs_ns_inst,
when set, then the listening end uses connect() to ensure that only
the expected host may send packets.
Related: OS#2401
Change-Id: Ifeb201d9006eec275a46708007ff342cdfc14e45
-rw-r--r-- | TODO-RELEASE | 1 | ||||
-rw-r--r-- | include/osmocom/gprs/gprs_ns.h | 2 | ||||
-rw-r--r-- | src/gb/gprs_ns.c | 28 |
3 files changed, 28 insertions, 3 deletions
diff --git a/TODO-RELEASE b/TODO-RELEASE index 1964cff4..e5a6f700 100644 --- a/TODO-RELEASE +++ b/TODO-RELEASE @@ -12,3 +12,4 @@ libosmogsm/gsup ABI change fix AUTS length to 14, not 16 (length is implicit) libosmogsm/oap ABI change fix AUTS length to 14, not 16 (length is implicit) osmo-auc-gen UI change fix AUTS length to 14, not 16 (length is implicit) libosmovty ABI change redefine _LAST_OSMOVTY_NODE as a high number to increase node space +libosmogb ABI change add struct members nsip.remote_ip, and nsip.remote_port to struct gprs_ns_inst
\ No newline at end of file diff --git a/include/osmocom/gprs/gprs_ns.h b/include/osmocom/gprs/gprs_ns.h index 5aee755f..d4aef824 100644 --- a/include/osmocom/gprs/gprs_ns.h +++ b/include/osmocom/gprs/gprs_ns.h @@ -88,6 +88,8 @@ struct gprs_ns_inst { struct osmo_fd fd; uint32_t local_ip; uint16_t local_port; + uint32_t remote_ip; + uint16_t remote_port; int dscp; } nsip; /*! NS-over-FR-over-GRE-over-IP specific bits */ diff --git a/src/gb/gprs_ns.c b/src/gb/gprs_ns.c index 7443a8ba..fd465b4b 100644 --- a/src/gb/gprs_ns.c +++ b/src/gb/gprs_ns.c @@ -1561,15 +1561,37 @@ static int nsip_fd_cb(struct osmo_fd *bfd, unsigned int what) int gprs_ns_nsip_listen(struct gprs_ns_inst *nsi) { struct in_addr in; + struct in_addr remote; + char remote_str[INET_ADDRSTRLEN]; int ret; in.s_addr = osmo_htonl(nsi->nsip.local_ip); + remote.s_addr = osmo_htonl(nsi->nsip.remote_ip); nsi->nsip.fd.cb = nsip_fd_cb; nsi->nsip.fd.data = nsi; - ret = osmo_sock_init_ofd(&nsi->nsip.fd, AF_INET, SOCK_DGRAM, - IPPROTO_UDP, inet_ntoa(in), - nsi->nsip.local_port, OSMO_SOCK_F_BIND); + + if (nsi->nsip.remote_ip && nsi->nsip.remote_port) { + /* connect to ensure only we only accept packets from the + * configured remote end/peer */ + snprintf(remote_str, sizeof(remote_str), "%s", inet_ntoa(remote)); + ret = + osmo_sock_init2_ofd(&nsi->nsip.fd, AF_INET, SOCK_DGRAM, + IPPROTO_UDP, inet_ntoa(in), + nsi->nsip.local_port, remote_str, + nsi->nsip.remote_port, OSMO_SOCK_F_BIND | OSMO_SOCK_F_CONNECT); + + LOGP(DNS, LOGL_NOTICE, + "Listening for nsip packets from %s:%u on %s:%u\n", + remote_str, nsi->nsip.remote_port, inet_ntoa(in), nsi->nsip.local_port); + } else { + /* Accept UDP packets from any source IP/Port */ + ret = osmo_sock_init_ofd(&nsi->nsip.fd, AF_INET, SOCK_DGRAM, + IPPROTO_UDP, inet_ntoa(in), nsi->nsip.local_port, OSMO_SOCK_F_BIND); + + LOGP(DNS, LOGL_NOTICE, "Listening for nsip packets on %s:%u\n", inet_ntoa(in), nsi->nsip.local_port); + } + if (ret < 0) return ret; |