pespin has uploaded this change for review. (
https://gerrit.osmocom.org/c/osmo-hnbgw/+/39479?usp=email )
Change subject: peek_l3_ul_nas: Split parsing logic based on PS/CS ctx
......................................................................
peek_l3_ul_nas: Split parsing logic based on PS/CS ctx
It makes no sense to receive an MM message over PS context or a GMM
message over a CS context, hence better clearly split the parsing code
paths to avoid unintended logic execution.
Related: OS#6717
Change-Id: I198f2fd14952362c4d189663d067c7f9dae2ed05
---
M src/osmo-hnbgw/hnbgw_l3.c
1 file changed, 47 insertions(+), 42 deletions(-)
git pull ssh://gerrit.osmocom.org:29418/osmo-hnbgw refs/changes/79/39479/1
diff --git a/src/osmo-hnbgw/hnbgw_l3.c b/src/osmo-hnbgw/hnbgw_l3.c
index 1fd3398..86d39dc 100644
--- a/src/osmo-hnbgw/hnbgw_l3.c
+++ b/src/osmo-hnbgw/hnbgw_l3.c
@@ -159,9 +159,7 @@
static int peek_l3_ul_nas(struct hnbgw_context_map *map, const uint8_t
*nas_pdu, size_t len,
const struct osmo_plmn_id *local_plmn)
{
- const struct gsm48_hdr *gh;
- int8_t pdisc;
- uint8_t mtype;
+ const struct gsm48_hdr *gh = (const struct gsm48_hdr *)nas_pdu;
const struct gsm48_loc_upd_req *lu;
struct gsm48_service_request *cm;
struct osmo_location_area_id old_lai;
@@ -170,64 +168,71 @@
map->l3 = (struct hnbgw_l3_peek){
.gmm_nri_container = -1,
+ .mi = {
+ .type = GSM_MI_TYPE_NONE,
+ .tmsi = GSM_RESERVED_TMSI,
+ },
};
- /* Get the mobile identity from CS MM -- the PS GMM happens further
down.
- * This will return an error for GMM messages, ignore that. */
- if (!map->is_ps)
- osmo_mobile_identity_decode_from_l3_buf(&map->l3.mi, nas_pdu,
len, false);
-
- /* Get is_emerg and from_other_plmn */
if (len < sizeof(*gh)) {
LOGP(DCN, LOGL_ERROR, "Layer 3 message too short for header\n");
return -EINVAL;
}
- gh = (void *)nas_pdu;
- pdisc = gsm48_hdr_pdisc(gh);
- mtype = gsm48_hdr_msg_type(gh);
+ map->l3.gsm48_pdisc = gsm48_hdr_pdisc(gh);
+ map->l3.gsm48_msg_type = gsm48_hdr_msg_type(gh);
- map->l3.gsm48_pdisc = pdisc;
- map->l3.gsm48_msg_type = mtype;
+ /* CS MM -- the PS GMM happens further down.
+ * Determine mobile identity, from_other_plmn, is_emerg. */
+ if (!map->is_ps) {
+ osmo_mobile_identity_decode_from_l3_buf(&map->l3.mi, nas_pdu,
len, false);
- /* Determine from_other_plmn and is_emerg */
- switch (pdisc) {
- case GSM48_PDISC_MM:
+ switch (map->l3.gsm48_pdisc) {
+ case GSM48_PDISC_MM:
+ /* Get is_emerg and from_other_plmn */
+ switch (map->l3.gsm48_msg_type) {
+ case GSM48_MT_MM_LOC_UPD_REQUEST:
+ if (len < sizeof(*gh) + sizeof(*lu)) {
+ LOGP(DCN, LOGL_ERROR, "LU Req message
too short\n");
+ break;
+ }
- switch (mtype) {
- case GSM48_MT_MM_LOC_UPD_REQUEST:
- if (len < sizeof(*gh) + sizeof(*lu)) {
- LOGP(DCN, LOGL_ERROR, "LU Req message too
short\n");
+ lu = (struct gsm48_loc_upd_req *)gh->data;
+ gsm48_decode_lai2(&lu->lai, &old_lai);
+
+ map->l3.from_other_plmn =
(osmo_plmn_cmp(&old_lai.plmn, local_plmn) != 0);
+ if (map->l3.from_other_plmn)
+ LOGP(DRUA, LOGL_INFO, "LU from other
PLMN: old LAI=%s my PLMN=%s\n",
+ osmo_plmn_name_c(OTC_SELECT,
&old_lai.plmn),
+ osmo_plmn_name_c(OTC_SELECT,
local_plmn));
+ break;
+
+ case GSM48_MT_MM_CM_SERV_REQ:
+ if (len < sizeof(*gh) + sizeof(*cm)) {
+ LOGP(DRUA, LOGL_ERROR, "CM Service Req
message too short\n");
+ break;
+ }
+ cm = (struct gsm48_service_request
*)&gh->data[0];
+ map->l3.is_emerg = (cm->cm_service_type ==
GSM48_CMSERV_EMERGENCY);
+ LOGP(DRUA, LOGL_DEBUG, "CM Service
is_emerg=%d\n", map->l3.is_emerg);
+ break;
+
+ default:
break;
}
-
- lu = (struct gsm48_loc_upd_req *)gh->data;
- gsm48_decode_lai2(&lu->lai, &old_lai);
-
- map->l3.from_other_plmn = (osmo_plmn_cmp(&old_lai.plmn,
local_plmn) != 0);
- if (map->l3.from_other_plmn)
- LOGP(DRUA, LOGL_INFO, "LU from other PLMN: old
LAI=%s my PLMN=%s\n",
- osmo_plmn_name_c(OTC_SELECT,
&old_lai.plmn),
- osmo_plmn_name_c(OTC_SELECT, local_plmn));
- break;
-
- case GSM48_MT_MM_CM_SERV_REQ:
- if (len < sizeof(*gh) + sizeof(*cm)) {
- LOGP(DRUA, LOGL_ERROR, "CM Service Req message
too short\n");
- break;
- }
- cm = (struct gsm48_service_request *)&gh->data[0];
- map->l3.is_emerg = (cm->cm_service_type ==
GSM48_CMSERV_EMERGENCY);
- LOGP(DRUA, LOGL_DEBUG, "CM Service is_emerg=%d\n",
map->l3.is_emerg);
break;
default:
break;
}
- break;
+ return 0;
+ }
+
+ /* PS GMM: Determine mobile identity, gmm_nri_container,
from_other_plmn and is_emerg */
+ switch (map->l3.gsm48_pdisc) {
case GSM48_PDISC_MM_GPRS:
- switch (mtype) {
+ switch (map->l3.gsm48_msg_type) {
case GSM48_MT_GMM_ATTACH_REQ:
mobile_identity_decode_from_gmm_att_req(&map->l3.mi,
&old_ra, &nri, nas_pdu, len, false);
--
To view, visit https://gerrit.osmocom.org/c/osmo-hnbgw/+/39479?usp=email
To unsubscribe, or for help writing mail filters, visit
https://gerrit.osmocom.org/settings?usp=email
Gerrit-MessageType: newchange
Gerrit-Project: osmo-hnbgw
Gerrit-Branch: master
Gerrit-Change-Id: I198f2fd14952362c4d189663d067c7f9dae2ed05
Gerrit-Change-Number: 39479
Gerrit-PatchSet: 1
Gerrit-Owner: pespin <pes...@sysmocom.de>
