https://osmocom.org/https://osmocom.org/favicon.ico?16647414092019-02-18T13:18:01ZOpen Source Mobile CommunicationsOsmoBSC - Bug #3806: OsmoBSC accepts BSSAP with wrong length fieldhttps://osmocom.org/issues/3806?journal_id=133872019-02-18T13:18:01Zlaforge
<ul><li><strong>Related to</strong> <i><a class="issue tracker-1 status-3 priority-3 priority-high3 closed" href="/issues/3805">Bug #3805</a>: OsmoMSC sends invalid BSSMAP length field on CSFB CLEAR COMMAND</i> added</li></ul> OsmoBSC - Bug #3806: OsmoBSC accepts BSSAP with wrong length fieldhttps://osmocom.org/issues/3806?journal_id=135972019-03-18T17:18:36Zdexter
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>In Progress</i></li><li><strong>% Done</strong> changed from <i>0</i> to <i>40</i></li></ul><p>I have now integrated checking+truncating of the bssmap message length, there is no TTCN3 test yet.</p>
<p><a class="external" href="https://gerrit.osmocom.org/#/c/osmo-bsc/+/13306">https://gerrit.osmocom.org/#/c/osmo-bsc/+/13306</a> osmo_bsc_bssap: check bssamp length field<br /><a class="external" href="https://gerrit.osmocom.org/#/c/osmo-msc/+/13307">https://gerrit.osmocom.org/#/c/osmo-msc/+/13307</a> a_iface_bssap: check bssamp length field</p> OsmoBSC - Bug #3806: OsmoBSC accepts BSSAP with wrong length fieldhttps://osmocom.org/issues/3806?journal_id=136342019-03-26T08:40:40Zdexter
<ul></ul><p>The two patches for the length check, which I proposed look good in review. However, I have problems creating with TTCN3 for this since TTCN3 seems to let me only generate valid CLEAR COMMANDs. The best would be if I could somehow send a hand crafted SCCP payload, however, I do not know if this is possible.</p> OsmoBSC - Bug #3806: OsmoBSC accepts BSSAP with wrong length fieldhttps://osmocom.org/issues/3806?journal_id=136362019-03-26T10:11:47Zlaforge
<ul><li><strong>File</strong> <a href="/attachments/3617">bssap_adapter.diff</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/3617/bssap_adapter.diff">bssap_adapter.diff</a> added</li></ul><p>On Tue, Mar 26, 2019 at 08:40:40AM +0000, dexter [REDMINE] wrote:</p>
<blockquote>
<p>The two patches for the length check, which I proposed look good in review. However, I have problems creating with TTCN3 for this since TTCN3 seems to let me only generate valid CLEAR COMMANDs. The best would be if I could somehow send a hand crafted SCCP payload, however, I do not know if this is possible.</p>
</blockquote>
<p>1) Normal option</p>
<p>Normally, You'd need to use the SCCP_Emulation directly, without the BSSMAP_Emulation on top.</p>
<p>2) Hackish option</p>
<p>Alternatively, you could extend the BSSAP_Conn_PT (port betwene BSSMAP_Emulation and ConnHdlr)<br />to accept something like 'octetstring' (in addition to PDU_BSSAP, etc.) and extend the<br />BSSMAP_Emulation.main() function with a<br /><pre>
[] CLIENT.receive(octetstring:?) -> value oct {
BSSAP.send(oct);
}
</pre></p>
<p>you'd also have to extend BSSAP_CODEC_PT similarly, implementing somethin like a<br />"type record BSSAP_N_DATA_RAW_req" which uses "octetstring" instead of PDU_BSSAP.</p>
<p>However, I guess at that point it all becomes too complex. So I'd suggest to simply<br />go for yet another way:</p>
<p>3) BSSAP_Adapter without "ops"</p>
<p>When you call f_bssmap_init with an "omit" argument as BssmapOps, then you basically<br />get the entire SIGTRAN stack up to SCCP, but without any BSSAP/BSSMAP on top.</p>
<p>You would then have something like a</p>
<pre>
modulepar {
BSSAP_Configuration mp_bssap_cfg := { ... }; /* like BSC_Tests.ttcn */
}
component RAW_SCCP_CT {
BSSAP_Adapter g_ba;
port SCCPasp_PT SCCP;
}
function f_init() runs on RAW_SCCP_CT {
f_bssap_init(g_ba, mp_cfg, "RAW_SCCP", omit);
connect(self:SCCP, g_ba.vc_SCCP:SCCP_SP_PORT);
}
</pre>
<p>from that point onwards, you can then use things like</p>
<pre>
testcase TC_foo() runs on RAW_SCCP_CT {
f_init();
SCCP.send(t_ASP_N_CONNECT_req(called, calling, omit, omit, '01020304'O, conn_id, omit));
SCCP.receive(tr_ASP_N_CONNECT_res ....
</pre>
<p>You may need the attached patch to fix a bug in BSSAP_Adapter.ttcn</p> OsmoBSC - Bug #3806: OsmoBSC accepts BSSAP with wrong length fieldhttps://osmocom.org/issues/3806?journal_id=158382019-09-04T09:26:15Zlaforge
<ul><li><strong>Assignee</strong> deleted (<del><i>dexter</i></del>)</li></ul> OsmoBSC - Bug #3806: OsmoBSC accepts BSSAP with wrong length fieldhttps://osmocom.org/issues/3806?journal_id=194982020-08-28T20:15:04Zfixeria
<ul><li><strong>Status</strong> changed from <i>In Progress</i> to <i>Stalled</i></li></ul>