Commit 6dd93287 authored by gauthier's avatar gauthier

commit my code before applying sebastian Held patches 13

git-svn-id: http://svn.eurecom.fr/openair4G/trunk@7045 818b1a75-f10b-46b9-bf7c-635c3b92a50f
parent 202f8cd0
......@@ -46,6 +46,7 @@
#include "NwGtpv1uLog.h"
#include "assertions.h"
#include "intertask_interface.h"
#include "gtpv1u.h"
#if defined(ENB_MODE)
......@@ -573,9 +574,10 @@ nwGtpv1uHandleEchoReq(NW_IN NwGtpv1uStackT *thiz,
NW_IN NwU16T peerPort,
NW_IN NwU32T peerIp)
{
NwGtpv1uRcT rc = NW_GTPV1U_FAILURE;
NwGtpv1uRcT rc = NW_GTPV1U_FAILURE;
NwU16T seqNum = 0;
NwGtpv1uMsgHandleT hMsg = 0;
NwGtpv1uMsgHandleT hMsg = 0;
int bufLen = 0;
seqNum = ntohs(*(NwU16T *) (msgBuf + (((*msgBuf) & 0x02) ? 8 : 4)));
......@@ -592,6 +594,13 @@ nwGtpv1uHandleEchoReq(NW_IN NwGtpv1uStackT *thiz,
0,
(&hMsg));
bufLen = sizeof(NwGtpv1uIeTv1T)+ ((NwGtpv1uMsgT*)hMsg)->msgLen;
((NwGtpv1uMsgT*)hMsg)->msgBuf = itti_malloc(
TASK_GTPV1_U,
TASK_UDP,
bufLen);
((NwGtpv1uMsgT*)hMsg)->msgBufLen = bufLen;
NW_ASSERT(NW_GTPV1U_OK == rc);
/*
......
......@@ -104,6 +104,9 @@ nwGtpv1uMsgNew( NW_IN NwGtpv1uStackHandleT hGtpuStackHandle,
4 : 0);
//NW_GTPV1U_EPC_SPECIFIC_HEADER_SIZE : (NW_GTPV1U_EPC_SPECIFIC_HEADER_SIZE - 4));
pMsg->msgBuf = NULL;
pMsg->msgBufLen = 0;
pMsg->msgBufOffset = 0;
*phMsg = (NwGtpv1uMsgHandleT) pMsg;
return NW_GTPV1U_OK;
}
......
......@@ -92,11 +92,9 @@ void generate_autn(u8 sqn[6], u8 ak[6], u8 amf[2], u8 mac_a[8], u8 autn[16]);
int generate_vector(uint64_t imsi, uint8_t key[16], uint8_t plmn[3],
uint8_t sqn[6], auc_vector_t *vector);
inline
void kdf(uint8_t *key, uint16_t key_len, uint8_t *s, uint16_t s_len, uint8_t *out,
uint16_t out_len);
inline
void derive_kasme(uint8_t ck[16], uint8_t ik[16], uint8_t plmn[3], uint8_t sqn[6],
uint8_t ak[6], uint8_t kasme[32]);
......
......@@ -140,7 +140,6 @@ int generate_vector(uint64_t imsi, uint8_t key[16], uint8_t plmn[3],
uint8_t ck[16];
uint8_t ik[16];
uint8_t ak[6];
int i;
if (vector == NULL) {
return EINVAL;
......
......@@ -69,7 +69,7 @@ void generate_random(uint8_t *random_p, ssize_t length)
// pthread_mutex_unlock(&random_state.lock);
// mpz_export(random_p, NULL, 1, length, 0, 0, random_nb);
int r = 0, i, mask = 0, shift;
int i;//r = 0, mask = 0, shift;
for (i = 0; i < length; i ++) {
// if ((i % sizeof(i)) == 0)
......
## MySQL mandatory options
MYSQL_server = "127.0.0.1";
MYSQL_user = "hssadmin";
MYSQL_pass = "admin";
MYSQL_db = "oai_db";
MYSQL_server = "@MYSQL_server@";
MYSQL_user = "@MYSQL_user@";
MYSQL_pass = "@MYSQL_pass@";
MYSQL_db = "@MYSQL_db@";
## HSS options
OPERATOR_key = "@OPERATOR_key@";
## Freediameter options
FD_conf = "@AM_CONF_DIR@/hss_fd.conf";
FD_conf = "@FREEDIAMETER_PATH@/../etc/freeDiameter/hss_fd.conf";
......@@ -51,7 +51,7 @@ echo "Creating HSS certificate for user '$HOSTNAME'.'$REALM'"
# openssl ca -cert cacert.pem -keyfile cakey.pem -in hss.csr.pem -out hss.cert.pem -outdir . -batch
# Create a Root Certification Authority Certificate
openssl req -new -batch -x509 -days 3650 -nodes -newkey rsa:1024 -out cacert.pem -keyout cakey.pem -subj /CN=$REALM/C=FR/ST=PACA/L=Aix/O=Eurecom/OU=CM
openssl req -new -batch -x509 -days 3650 -nodes -newkey rsa:1024 -out hss.cacert.pem -keyout hss.cakey.pem -subj /CN=$REALM/C=FR/ST=PACA/L=Aix/O=Eurecom/OU=CM
# Generate a Private Key
openssl genrsa -out hss.key.pem 1024
......@@ -60,7 +60,7 @@ openssl genrsa -out hss.key.pem 1024
openssl req -new -batch -out hss.csr.pem -key hss.key.pem -subj /CN=$HOSTNAME.$REALM/C=FR/ST=PACA/L=Aix/O=Eurecom/OU=CM
# Certification authority
openssl ca -cert cacert.pem -keyfile cakey.pem -in hss.csr.pem -out hss.cert.pem -outdir . -batch
openssl ca -cert hss.cacert.pem -keyfile hss.cakey.pem -in hss.csr.pem -out hss.cert.pem -outdir . -batch
if [ ! -d /usr/local/etc/freeDiameter ]
then
......@@ -68,7 +68,7 @@ then
sudo mkdir /usr/local/etc/freeDiameter/
fi
sudo cp -upv cakey.pem hss.cert.pem cacert.pem hss.key.pem /usr/local/etc/freeDiameter/
sudo cp -upv hss.cakey.pem hss.cert.pem hss.cacert.pem hss.key.pem /usr/local/etc/freeDiameter/
# openssl genrsa -out $hss.key.pem 1024
# openssl req -new -batch -out $hss.csr.pem -key $hss.key.pem -subj /CN=$hss.test.fr/C=FR/ST=Biot/L=Aix/O=test.fr/OU=mobiles
......
......@@ -377,7 +377,6 @@ int hss_mysql_push_rand_sqn(const char *imsi, uint8_t *rand_p, uint8_t *sqn)
{
int status = 0, i;
MYSQL_RES *res;
MYSQL_ROW row;
char query[255];
int query_length = 0;
uint64_t sqn_decimal = 0;
......
......@@ -29,6 +29,7 @@
#include <stdio.h>
#include <stdint.h>
#include <pthread.h>
#include <mysql/mysql.h>
#include <netinet/in.h> /* To provide internet addresses strings helpers */
......
......@@ -34,9 +34,12 @@
* \version 0.1
*/
#include <freeDiameter/freeDiameter-host.h>
#include <freeDiameter/libfdproto.h>
#include <stdint.h>
#include <string.h>
#include <inttypes.h>
#include <pthread.h>
#include "hss_config.h"
#include "db_proto.h"
......
......@@ -31,7 +31,7 @@
#include "db_proto.h"
#include "s6a_proto.h"
inline char *experimental_retcode_2_string(int ret_code)
char *experimental_retcode_2_string(int ret_code)
{
switch(ret_code) {
/* Experimental-Result-Codes */
......@@ -55,7 +55,7 @@ inline char *experimental_retcode_2_string(int ret_code)
return "DIAMETER_AVP_UNSUPPORTED";
}
inline char *retcode_2_string(int ret_code)
char *retcode_2_string(int ret_code)
{
switch(ret_code) {
case ER_DIAMETER_SUCCESS:
......
......@@ -51,7 +51,7 @@ static struct session_handler *s6a_reg = NULL;
static struct disp_hdl *handle;
s6a_cnf_t s6a_cnf;
#if !defined(FREEDIAMETER_VERSION_1_2_0)
#if FREEDIAMETER_VERSION < 120
void s6a_cli_sess_cleanup(void * arg, char * sid, void * opaque);
void s6a_cli_sess_cleanup(void * arg, char * sid, void * opaque)
......@@ -311,7 +311,7 @@ int s6a_init(hss_config_t *hss_config_p)
}
/* Create handler for sessions */
#if !defined(FREEDIAMETER_VERSION_1_2_0)
#if FREEDIAMETER_VERSION < 120
CHECK_FCT(fd_sess_handler_create(&s6a_reg, s6a_cli_sess_cleanup, NULL));
#else
session_state_dump dumper;
......
......@@ -232,7 +232,7 @@ int s6a_add_result_code(struct msg *ans, struct avp *failed_avp,
int s6a_add_ipv4_address(struct avp *avp, const char *ipv4_addr);
int s6a_add_ipv6_address(struct avp *avp, const char *ipv6_addr);
inline char *experimental_retcode_2_string(int ret_code);
inline char *retcode_2_string(int ret_code);
char *experimental_retcode_2_string(int ret_code);
char *retcode_2_string(int ret_code);
#endif /* S6A_PROTO_H_ */
......@@ -34,6 +34,9 @@
* \version 0.1
*/
#include <freeDiameter/freeDiameter-host.h>
#include <freeDiameter/libfdproto.h>
#include "hss_config.h"
#include "db_proto.h"
#include "s6a_proto.h"
......
......@@ -34,6 +34,8 @@
* \version 0.1
*/
#include <freeDiameter/freeDiameter-host.h>
#include <freeDiameter/libfdproto.h>
#include "hss_config.h"
#include "db_proto.h"
#include "s6a_proto.h"
......
......@@ -42,15 +42,30 @@
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <stdint.h>
#include <errno.h>
#include <getopt.h>
#include "hss_config.h"
#include "hss_parser.h"
#ifndef PACKAGE_NAME
#define PACKAGE_NAME "OPENAIR-HSS"
#endif
#ifndef PACKAGE_VERSION
#define PACKAGE_VERSION "UNKNOWN-EXPERIMENTAL"
#endif
#ifndef PACKAGE_BUGREPORT
#define PACKAGE_BUGREPORT "openair4G-devel@eurecom.fr"
#endif
// LG TODO fd_g_debug_lvl
int fd_g_debug_lvl = 1;
/* YACC forward declarations */
extern int yyparse (struct hss_config_s *hss_config_p);
extern uint8_t OP[16];
static int config_parse_command_line(int argc, char *argv[],
hss_config_t *hss_config_p);
static int config_parse_file(hss_config_t *hss_config_p);
......@@ -82,7 +97,37 @@ int config_init(int argc, char *argv[], hss_config_t *hss_config_p)
abort();
}
config_display(hss_config_p);
return ret;
// post processing for op key
if (hss_config_p->operator_key) {
if (strlen(hss_config_p->operator_key) == 32) {
ret = sscanf(hss_config_p->operator_key,
"%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
(unsigned int*)&OP[0],(unsigned int*)&OP[1],
(unsigned int*)&OP[2],(unsigned int*)&OP[3],
(unsigned int*)&OP[4],(unsigned int*)&OP[5],
(unsigned int*)&OP[6],(unsigned int*)&OP[7],
(unsigned int*)&OP[8],(unsigned int*)&OP[9],
(unsigned int*)&OP[10],(unsigned int*)&OP[11],
(unsigned int*)&OP[12],(unsigned int*)&OP[13],
(unsigned int*)&OP[14],(unsigned int*)&OP[15]);
if (ret != 16) {
fprintf(stderr,
"Error in configuration file: operator key: %s\n",
hss_config_p->operator_key);
abort();
}
} else {
fprintf(stderr,
"Error in configuration file: operator key length != 32 (16 hex bytes): %s\n",
hss_config_p->operator_key);
abort();
}
} else {
fprintf(stderr, "Error in configuration file: operator key is null\n");
abort();
}
return 0;
}
static void display_banner(void)
......@@ -119,6 +164,9 @@ static void config_display(hss_config_t *hss_config_p)
fprintf(stdout, "* FreeDiameter:\n");
fprintf(stdout, "\t- Conf file ........: %s\n",
hss_config_p->freediameter_config);
fprintf(stdout, "* Security:\n");
fprintf(stdout, "\t- Operator key......: %s\n",
hss_config_p->operator_key);
}
static int config_parse_command_line(int argc, char *argv[],
......
......@@ -35,6 +35,9 @@ typedef struct hss_config_s {
char *mysql_password;
char *mysql_database;
char *operator_key;
/* The freediameter configuration file */
char *freediameter_config;
......
......@@ -69,6 +69,7 @@ int fddlex(YYSTYPE *lvalp, YYLTYPE *llocp);
%token MYSQL_SERVER
%token MYSQL_PASS
%token MYSQL_DB
%token OPERATOR_KEY
%%
conffile: /* Empty is OK -- for simplicity here, we reject in daemon later */
......@@ -76,6 +77,7 @@ conffile: /* Empty is OK -- for simplicity here, we reject in daemon later
| conffile mysql_server
| conffile mysql_user
| conffile mysql_pass
| conffile operator_key
| conffile fdconf
| conffile errors
{
......@@ -108,6 +110,12 @@ mysql_server: MYSQL_SERVER '=' QSTRING ';'
}
;
operator_key: OPERATOR_KEY '=' QSTRING ';'
{
hss_config_p->operator_key = $3;
}
;
fdconf: FDCONF '=' QSTRING ';'
{
hss_config_p->freediameter_config = $3;
......
......@@ -113,6 +113,7 @@ qstring \"[^\"\n]*\"
(?i:"MYSQL_user") { return MYSQL_USER; }
(?i:"MYSQL_pass") { return MYSQL_PASS; }
(?i:"MYSQL_db") { return MYSQL_DB; }
(?i:"OPERATOR_key") { return OPERATOR_KEY; }
/* Valid single characters for yyparse */
<*>[=,:;{}] { return yytext[0]; }
......
......@@ -45,11 +45,11 @@ HOSTNAME=$(hostname -f)
echo "Creating MME certificate for user '$HOSTNAME'.'$REALM'"
# CA self certificate
openssl req -new -batch -x509 -days 3650 -nodes -newkey rsa:1024 -out cacert.pem -keyout cakey.pem -subj /CN=$REALM/C=FR/ST=PACA/L=Aix/O=Eurecom/OU=CM
openssl req -new -batch -x509 -days 3650 -nodes -newkey rsa:1024 -out mme.cacert.pem -keyout mme.cakey.pem -subj /CN=$REALM/C=FR/ST=PACA/L=Aix/O=Eurecom/OU=CM
openssl genrsa -out user.key.pem 1024
openssl req -new -batch -out user.csr.pem -key user.key.pem -subj /CN=$HOSTNAME.$REALM/C=FR/ST=PACA/L=Aix/O=Eurecom/OU=CM
openssl ca -cert cacert.pem -keyfile cakey.pem -in user.csr.pem -out user.cert.pem -outdir . -batch
openssl genrsa -out mme.key.pem 1024
openssl req -new -batch -out mme.csr.pem -key mme.key.pem -subj /CN=$HOSTNAME.$REALM/C=FR/ST=PACA/L=Aix/O=Eurecom/OU=CM
openssl ca -cert mme.cacert.pem -keyfile mme.cakey.pem -in mme.csr.pem -out mme.cert.pem -outdir . -batch
if [ ! -d /usr/local/etc/freeDiameter ]
then
......@@ -57,7 +57,7 @@ then
sudo mkdir /usr/local/etc/freeDiameter/
fi
sudo cp -uv user.key.pem user.cert.pem cacert.pem cakey.pem /usr/local/etc/freeDiameter/
sudo cp -uv mme.key.pem mme.cert.pem mme.cacert.pem mme.cakey.pem /usr/local/etc/freeDiameter/
# openssl genrsa -out ubuntu.key.pem 1024
# openssl req -new -batch -x509 -out ubuntu.csr.pem -key ubuntu.key.pem -subj /CN=ubuntu.localdomain/C=FR/ST=BdR/L=Aix/O=fD/OU=Tests
......
......@@ -59,12 +59,12 @@ void s6a_peer_connected_cb(struct peer_info *info, void *arg)
itti_send_msg_to_task(TASK_S1AP, INSTANCE_DEFAULT, message_p);
#if ! defined(ENABLE_USE_GTPU_IN_KERNEL)
/* Inform SGI that connection to HSS is established */
message_p = itti_alloc_new_message(TASK_S6A, ACTIVATE_MESSAGE);
itti_send_msg_to_task(TASK_FW_IP, INSTANCE_DEFAULT, message_p);
#endif
}
/* For test */
......
......@@ -136,13 +136,13 @@ int sgw_lite_init(char* config_file_name_pP)
spgw_system("iptables -t filter -F", SPGW_WARN_ON_ERROR, __FILE__, __LINE__);
spgw_system("iptables -t raw -F", SPGW_WARN_ON_ERROR, __FILE__, __LINE__);
spgw_system("ip route flush cache", SPGW_WARN_ON_ERROR, __FILE__, __LINE__);
spgw_system("rmmod iptable_raw > /dev/null 2>&1", SPGW_WARN_ON_ERROR, __FILE__, __LINE__);
spgw_system("rmmod iptable_raw > /dev/null 2>&1", SPGW_WARN_ON_ERROR, __FILE__, __LINE__);
spgw_system("rmmod iptable_mangle > /dev/null 2>&1", SPGW_WARN_ON_ERROR, __FILE__, __LINE__);
spgw_system("rmmod iptable_nat > /dev/null 2>&1", SPGW_WARN_ON_ERROR, __FILE__, __LINE__);
spgw_system("rmmod iptable_nat > /dev/null 2>&1", SPGW_WARN_ON_ERROR, __FILE__, __LINE__);
spgw_system("rmmod iptable_filter > /dev/null 2>&1", SPGW_WARN_ON_ERROR, __FILE__, __LINE__);
spgw_system("rmmod ip_tables > /dev/null 2>&1", SPGW_WARN_ON_ERROR, __FILE__, __LINE__);
spgw_system("rmmod ip_tables > /dev/null 2>&1", SPGW_WARN_ON_ERROR, __FILE__, __LINE__);
spgw_system("rmmod xt_state xt_mark xt_GTPUAH xt_GTPURH xt_tcpudp xt_connmark ipt_LOG ipt_MASQUERADE > /dev/null 2>&1", SPGW_WARN_ON_ERROR, __FILE__, __LINE__);
spgw_system("rmmod x_tables > /dev/null 2>&1", SPGW_WARN_ON_ERROR, __FILE__, __LINE__);
spgw_system("rmmod x_tables > /dev/null 2>&1", SPGW_WARN_ON_ERROR, __FILE__, __LINE__);
spgw_system("rmmod nf_conntrack_netlink nfnetlink nf_nat nf_conntrack_ipv4 nf_conntrack > /dev/null 2>&1", SPGW_WARN_ON_ERROR, __FILE__, __LINE__);
spgw_system("modprobe ip_tables", SPGW_ABORT_ON_ERROR, __FILE__, __LINE__);
spgw_system("modprobe x_tables", SPGW_ABORT_ON_ERROR, __FILE__, __LINE__);
......@@ -152,6 +152,7 @@ int sgw_lite_init(char* config_file_name_pP)
spgw_system("sysctl -w net.ipv4.conf.all.log_martians=1",SPGW_WARN_ON_ERROR, __FILE__, __LINE__);
spgw_system("sysctl -w net.ipv4.conf.all.route_localnet=1",SPGW_WARN_ON_ERROR, __FILE__, __LINE__);
spgw_system("sysctl -w net.ipv4.conf.all.rp_filter=0",SPGW_WARN_ON_ERROR, __FILE__, __LINE__);
spgw_system("sync", SPGW_ABORT_ON_ERROR, __FILE__, __LINE__);
#endif
spgw_config_init(config_file_name_pP, &spgw_config);
pgw_lite_load_pool_ip_addresses();
......
......@@ -619,7 +619,6 @@ int spgw_config_init(char* lib_config_file_name_pP, spgw_config_t* config_pP) {
STAILQ_INSERT_TAIL(&config_pP->pgw_config.pgw_lite_ipv4_pool_list, ip4_ref, ipv4_entries);
counter64 = counter64 - 1;
} while (counter64 > 0);
//---------------
if (config_pP->pgw_config.pgw_masquerade_SGI) {
in_addr_var.s_addr = config_pP->pgw_config.ipv4.pgw_ipv4_address_for_SGI;
......@@ -636,7 +635,6 @@ int spgw_config_init(char* lib_config_file_name_pP, spgw_config_t* config_pP) {
SPGW_APP_ERROR("Masquerade SGI\n");
}
}
} else {
SPGW_APP_ERROR("CONFIG POOL ADDR IPV4: BAD MASQ: %s\n", atoken2);
}
......
# -------- Local ---------
# Uncomment if the framework cannot resolv it.
Identity = "@HOSTNAME@.pft";
Realm = "pft";
Identity = "@MME_FQDN@";
Realm = "@REALM@";
# TLS configuration (see previous section)
TLS_Cred = "/usr/local/etc/freeDiameter/user.cert.pem",
"/usr/local/etc/freeDiameter/user.key.pem";
TLS_CA = "/usr/local/etc/freeDiameter/cacert.pem";
TLS_Cred = "${FREEDIAMETER_PATH}/../etc/freeDiameter/mme.cert.pem",
"${FREEDIAMETER_PATH}/../etc/freeDiameter/mme.key.pem";
TLS_CA = "${FREEDIAMETER_PATH}/../etc/freeDiameter/mme.cacert.pem";
# Disable use of TCP protocol (only listen and connect in SCTP)
# Default : TCP enabled
No_TCP;
#No_SCTP;
@TRANSPORT_option@;
# This option is ignored if freeDiameter is compiled with DISABLE_SCTP option.
# Prefer TCP instead of SCTP for establishing new connections.
# This setting may be overwritten per peer in peer configuration blocs.
# Default : SCTP is attempted first.
@TRANSPORT_PREFER_TCP_option@;
No_IPv6;
# Overwrite the number of SCTP streams. This value should be kept low,
# especially if you are using TLS over SCTP, because it consumes a lot of
# resources in that case. See tickets 19 and 27 for some additional details on
# this.
# Limit the number of SCTP streams
SCTP_streams = 15;
SCTP_streams = 3;
# By default, freeDiameter acts as a Diameter Relay Agent by forwarding all
# messages it cannot handle locally. This parameter disables this behavior.
NoRelay;
TLS_old_method;
AppServThreads = 1;
#ListenOn = "192.168.57.100";
# Specify the addresses on which to bind the listening server. This must be
# specified if the framework is unable to auto-detect these addresses, or if the
# auto-detected values are incorrect. Note that the list of addresses is sent
# in CER or CEA message, so one should pay attention to this parameter if some
# adresses should be kept hidden.
@ListenOn@
@DIAMETER_PORT@;
@DIAMETER_SEC_PORT@;
#Port = 3870;
#SecPort = 3871;
# -------- Extensions ---------
# Uncomment (and create rtd.conf) to specify routing table for this peer.
......@@ -62,5 +86,12 @@ LoadExtension = "dict_s6a.fdx";
# with the peers listed here.
# For only accepting incoming connections, see the acl_wl.fx extension.
# ConnectPeer = "hss.test.fr" { ConnectTo = "192.168.56.101"; No_IPv6; No_TCP; Port = 3868; Realm = "test.fr"; };
#ConnectPeer = "hss.pft" { ConnectTo = "192.168.14.17"; No_IPv6; Port = 3868; };
# ConnectPeer
# Declare a remote peer to which this peer must maintain a connection.
# In addition, this allows specifying non-default parameters for this peer only
# (for example disable SCTP with this peer, or use RFC3588-flavour TLS).
# Note that by default, if a peer is not listed as a ConnectPeer entry, an
# incoming connection from this peer will be rejected. If you want to accept
# incoming connections from other peers, see the acl_wl.fdx? extension which
# allows exactly this.
@ConnectPeer@ = "@HSS_FQDN@" { ConnectTo = "@HSS_IP@"; No_IPv6; No_TLS ; port = 3868; Realm = "@REALM@"; };
......@@ -38,6 +38,7 @@
// From http://www.itu.int/pub/T-SP-E.212B-2014
const mcc_mnc_list_t mcc_mnc_list[] = {
{001, "01"},
{412, "01"},
{412, "20"},
{412, "40"},
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment