Change in osmo-sgsn[master]: vty: Introduce encryption cipher-plugin-path command

pespin Mon, 09 Jan 2023 09:32:18 -0800

pespin has uploaded this change for review. ( 
https://gerrit.osmocom.org/c/osmo-sgsn/+/30909 )



Change subject: vty: Introduce encryption cipher-plugin-path command
......................................................................

vty: Introduce encryption cipher-plugin-path command

The load of plugins will eventually be moved to libosmo-gprs
implementation, and path will be passed as a parameter. Once it's moved
inside libosmo-gprs, it will be more strict on load failures, which can
cause internally if the path doesn't exist (unless NULL is passed).
Hence, add a VTY config to allow configuring the right path, and have it
disabled by default.

Change-Id: I4f965c7afafa193f4d7486750dd3e43cca22bb65
---
M include/osmocom/sgsn/sgsn.h
M src/sgsn/sgsn_main.c
M src/sgsn/sgsn_vty.c
M tests/osmo-sgsn_test-nodes.vty
4 files changed, 30 insertions(+), 2 deletions(-)



  git pull ssh://gerrit.osmocom.org:29418/osmo-sgsn refs/changes/09/30909/1

diff --git a/include/osmocom/sgsn/sgsn.h b/include/osmocom/sgsn/sgsn.h
index 441a614..6e93178 100644
--- a/include/osmocom/sgsn/sgsn.h
+++ b/include/osmocom/sgsn/sgsn.h
@@ -77,6 +77,7 @@
        /* misc */
        struct gprs_ns2_inst *nsi;

+       char *crypt_cipher_plugin_path;
        enum sgsn_auth_policy auth_policy;
        uint8_t gea_encryption_mask;
        uint8_t uea_encryption_mask;
diff --git a/src/sgsn/sgsn_main.c b/src/sgsn/sgsn_main.c
index d9d454c..04de6a2 100644
--- a/src/sgsn/sgsn_main.c
+++ b/src/sgsn/sgsn_main.c
@@ -413,8 +413,6 @@
        sgsn->cfg.nsi = sgsn_nsi;
        bssgp_set_bssgp_callback(sgsn_bssgp_dispatch_ns_unitdata_req_cb, 
sgsn_nsi);

-       gprs_llc_init("/usr/local/lib/osmocom/crypt/");
-
        gprs_ns2_vty_init(sgsn_nsi);
        bssgp_vty_init();
        gprs_llc_vty_init();
@@ -449,6 +447,8 @@
        if (rc < 0)
                exit(1);

+       gprs_llc_init(sgsn->cfg.crypt_cipher_plugin_path);
+
        rc = sgsn_gtp_init(sgsn);
        if (rc) {
                LOGP(DGPRS, LOGL_FATAL, "Cannot bind/listen on GTP socket\n");
diff --git a/src/sgsn/sgsn_vty.c b/src/sgsn/sgsn_vty.c
index d3dba92..9bd9845 100644
--- a/src/sgsn/sgsn_vty.c
+++ b/src/sgsn/sgsn_vty.c
@@ -284,6 +284,8 @@

                vty_out(vty, "%s", VTY_NEWLINE);
        }
+       if (g_cfg->crypt_cipher_plugin_path)
+               vty_out(vty, "encryption cipher-plugin-path %s%s", 
g_cfg->crypt_cipher_plugin_path, VTY_NEWLINE);
        if (g_cfg->sgsn_ipa_name)
                vty_out(vty, " gsup ipa-name %s%s", g_cfg->sgsn_ipa_name, 
VTY_NEWLINE);
        if (g_cfg->gsup_server_addr.sin_addr.s_addr)
@@ -841,6 +843,27 @@
        return CMD_SUCCESS;
 }

+DEFUN(cfg_encrypt_cipher_plugin_path, cfg_encrypt_cipher_plugin_path_cmd,
+       "encryption cipher-plugin-path PATH",
+       ENCRYPTION_STR
+       "Path to gprs encryption cipher plugin directory\n"
+       "Plugin path\n")
+{
+       osmo_talloc_replace_string(sgsn, &sgsn->cfg.crypt_cipher_plugin_path, 
argv[0]);
+
+       return CMD_SUCCESS;
+}
+
+DEFUN(cfg_no_encrypt_cipher_plugin_path, cfg_no_encrypt_cipher_plugin_path_cmd,
+       "no encryption cipher-plugin-path PATH",
+       NO_STR ENCRYPTION_STR
+       "Path to gprs encryption cipher plugin directory\n"
+       "Plugin path\n")
+{
+       TALLOC_FREE(sgsn->cfg.crypt_cipher_plugin_path);
+       return CMD_SUCCESS;
+}
+
 DEFUN(cfg_authentication, cfg_authentication_cmd,
       "authentication (optional|required)",
       "Whether to enforce MS authentication in GERAN (only with auth-policy 
remote)\n"
@@ -1775,6 +1798,8 @@
        install_element(SGSN_NODE, &cfg_encrypt2_cmd);
        install_element(SGSN_NODE, &cfg_encrypt_cmd);
        install_element(SGSN_NODE, &cfg_encryption_uea_cmd);
+       install_element(SGSN_NODE, &cfg_encrypt_cipher_plugin_path_cmd);
+       install_element(SGSN_NODE, &cfg_no_encrypt_cipher_plugin_path_cmd);

        install_element(SGSN_NODE, &cfg_gsup_ipa_name_cmd);
        install_element(SGSN_NODE, &cfg_gsup_remote_ip_cmd);
diff --git a/tests/osmo-sgsn_test-nodes.vty b/tests/osmo-sgsn_test-nodes.vty
index 22d81d2..4c65415 100644
--- a/tests/osmo-sgsn_test-nodes.vty
+++ b/tests/osmo-sgsn_test-nodes.vty
@@ -37,6 +37,8 @@
   authentication (optional|required)
   encryption gea <0-4> [<0-4>] [<0-4>] [<0-4>] [<0-4>]
   encryption uea <0-2> [<0-2>] [<0-2>]
+  encryption cipher-plugin-path PATH
+  no encryption cipher-plugin-path PATH
   gsup ipa-name NAME
   gsup remote-ip A.B.C.D
   gsup remote-port <0-65535>

--
To view, visit https://gerrit.osmocom.org/c/osmo-sgsn/+/30909
To unsubscribe, or for help writing mail filters, visit 
https://gerrit.osmocom.org/settings

Gerrit-Project: osmo-sgsn
Gerrit-Branch: master
Gerrit-Change-Id: I4f965c7afafa193f4d7486750dd3e43cca22bb65
Gerrit-Change-Number: 30909
Gerrit-PatchSet: 1
Gerrit-Owner: pespin <[email protected]>
Gerrit-MessageType: newchange

Change in osmo-sgsn[master]: vty: Introduce encryption cipher-plugin-path command

Reply via email to