pespin has uploaded this change for review. (
https://gerrit.osmocom.org/c/libosmo-sigtran/+/42119?usp=email )
Change subject: xua_asp_fsm: Validate remote ASP Id matching config in SG role
......................................................................
xua_asp_fsm: Validate remote ASP Id matching config in SG role
The node in SG role really doesn't have an ASP Id of its own (it is
never sent over the wire). Hence, use the "asp-identifier <N>" VTY
config in SG role to require the ASP to identift itself with a given
ASP identifier.
Related: OS#6953
Change-Id: I3e22439aa7e22f7a6113b093c44ace6745c808b9
---
M src/xua_asp_fsm.c
1 file changed, 27 insertions(+), 1 deletion(-)
git pull ssh://gerrit.osmocom.org:29418/libosmo-sigtran
refs/changes/19/42119/1
diff --git a/src/xua_asp_fsm.c b/src/xua_asp_fsm.c
index b1bbec6..0ce2b41 100644
--- a/src/xua_asp_fsm.c
+++ b/src/xua_asp_fsm.c
@@ -577,15 +577,41 @@
case XUA_ASP_E_ASPSM_ASPUP:
ENSURE_SG_OR_IPSP(fi, event);
/* Optional ASP Identifier */
- if ((asp_id_ie = xua_msg_find_tag(data, SUA_IEI_ASP_ID))) {
+ asp_id_ie = xua_msg_find_tag(data, SUA_IEI_ASP_ID);
+
+ if (asp_id_ie) {
asp_id = xua_msg_part_get_u32(asp_id_ie);
if (!ss7_asp_check_remote_asp_id_unique(asp, asp_id)) {
peer_send_error(fi, M3UA_ERR_INVAL_ASP_ID);
return;
}
+ /* Expect specific ASP Id from ASP in SG role to match
local config.
+ * In IPSP, each side can have its own local different
ASP Identifier. */
+ if (asp->cfg.role == OSMO_SS7_ASP_ROLE_SG) {
+ if (asp->cfg.local_asp_id_present &&
+ asp->cfg.local_asp_id != asp_id) {
+ LOGPFSML(fi, LOGL_NOTICE, "ASPUP:
Received asp_id %" PRIu32
+ " doesn't match configured
'asp-identifier %" PRIu32"'\n",
+ asp_id, asp->cfg.local_asp_id);
+ peer_send_error(fi,
M3UA_ERR_INVAL_ASP_ID);
+ return;
+ }
+ }
/* Store for NTFY */
asp->remote_asp_id = asp_id;
asp->remote_asp_id_present = true;
+ } else if (asp->cfg.role == OSMO_SS7_ASP_ROLE_SG &&
+ asp->cfg.local_asp_id_present) {
+ /* If configured in role SG, expect the ASP to send us
an ASP Identifier.
+ * RFC4666 3.8.1: 'The "ASP Identifier Required" error
is sent by an SGP in
+ * response to an ASP Up message that does not contain
an ASP Identifier
+ * parameter when the SGP requires one. The ASP SHOULD
resend the ASP Up
+ * message with an ASP Identifier.'*/
+ LOGPFSML(fi, LOGL_NOTICE, "ASPUP: Received no asp_id "
+ "while expecting 'asp-identifier %"
PRIu32"'\n",
+ asp->cfg.local_asp_id);
+ peer_send_error(fi, M3UA_ERR_ASP_ID_REQD);
+ return;
}
/* send ACK */
peer_send(fi, XUA_ASP_E_ASPSM_ASPUP_ACK, NULL);
--
To view, visit https://gerrit.osmocom.org/c/libosmo-sigtran/+/42119?usp=email
To unsubscribe, or for help writing mail filters, visit
https://gerrit.osmocom.org/settings?usp=email
Gerrit-MessageType: newchange
Gerrit-Project: libosmo-sigtran
Gerrit-Branch: master
Gerrit-Change-Id: I3e22439aa7e22f7a6113b093c44ace6745c808b9
Gerrit-Change-Number: 42119
Gerrit-PatchSet: 1
Gerrit-Owner: pespin <[email protected]>
