- Fixed several errors that could sent uninitialized data through the network.

master
faluco 4 years ago committed by faluco
parent a4f0ecba36
commit 0b127fa8c7

@ -74,7 +74,6 @@ private:
int m_s11; int m_s11;
struct sockaddr_un m_mme_addr, m_spgw_addr; struct sockaddr_un m_mme_addr, m_spgw_addr;
in_addr_t m_mme_gtpc_ip;
bool init_s11(); bool init_s11();
uint32_t get_new_ctrl_teid(); uint32_t get_new_ctrl_teid();

@ -138,12 +138,10 @@ bool mme_gtpc::send_create_session_request(uint64_t imsi)
m_mme_gtpc_log->info("Sending Create Session Request.\n"); m_mme_gtpc_log->info("Sending Create Session Request.\n");
m_mme_gtpc_log->console("Sending Create Session Request.\n"); m_mme_gtpc_log->console("Sending Create Session Request.\n");
struct srslte::gtpc_pdu cs_req_pdu; struct srslte::gtpc_pdu cs_req_pdu;
struct srslte::gtpc_create_session_request* cs_req = &cs_req_pdu.choice.create_session_request;
struct srslte::gtpc_pdu cs_resp_pdu;
// Initialize GTP-C message to zero // Initialize GTP-C message to zero
bzero(&cs_req_pdu, sizeof(struct srslte::gtpc_pdu)); std::memset(&cs_req_pdu, 0, sizeof(cs_req_pdu));
struct srslte::gtpc_create_session_request* cs_req = &cs_req_pdu.choice.create_session_request;
// Setup GTP-C Header. TODO: Length, sequence and other fields need to be added. // Setup GTP-C Header. TODO: Length, sequence and other fields need to be added.
cs_req_pdu.header.piggyback = false; cs_req_pdu.header.piggyback = false;
@ -155,7 +153,6 @@ bool mme_gtpc::send_create_session_request(uint64_t imsi)
cs_req->imsi = imsi; cs_req->imsi = imsi;
// Control TEID allocated // Control TEID allocated
cs_req->sender_f_teid.teid = get_new_ctrl_teid(); cs_req->sender_f_teid.teid = get_new_ctrl_teid();
cs_req->sender_f_teid.ipv4 = m_mme_gtpc_ip;
m_mme_gtpc_log->info("Next MME control TEID: %d\n", m_next_ctrl_teid); m_mme_gtpc_log->info("Next MME control TEID: %d\n", m_next_ctrl_teid);
m_mme_gtpc_log->info("Allocated MME control TEID: %d\n", cs_req->sender_f_teid.teid); m_mme_gtpc_log->info("Allocated MME control TEID: %d\n", cs_req->sender_f_teid.teid);
@ -194,7 +191,7 @@ bool mme_gtpc::send_create_session_request(uint64_t imsi)
// Save GTP-C context // Save GTP-C context
gtpc_ctx_t gtpc_ctx; gtpc_ctx_t gtpc_ctx;
bzero(&gtpc_ctx, sizeof(gtpc_ctx_t)); std::memset(&gtpc_ctx, 0, sizeof(gtpc_ctx_t));
gtpc_ctx.mme_ctr_fteid = cs_req->sender_f_teid; gtpc_ctx.mme_ctr_fteid = cs_req->sender_f_teid;
m_imsi_to_gtpc_ctx.insert(std::pair<uint64_t, gtpc_ctx_t>(imsi, gtpc_ctx)); m_imsi_to_gtpc_ctx.insert(std::pair<uint64_t, gtpc_ctx_t>(imsi, gtpc_ctx));
@ -293,6 +290,7 @@ bool mme_gtpc::send_modify_bearer_request(uint64_t imsi, uint16_t erab_to_modify
{ {
m_mme_gtpc_log->info("Sending GTP-C Modify bearer request\n"); m_mme_gtpc_log->info("Sending GTP-C Modify bearer request\n");
srslte::gtpc_pdu mb_req_pdu; srslte::gtpc_pdu mb_req_pdu;
std::memset(&mb_req_pdu, 0, sizeof(mb_req_pdu));
std::map<uint64_t, gtpc_ctx_t>::iterator it = m_imsi_to_gtpc_ctx.find(imsi); std::map<uint64_t, gtpc_ctx_t>::iterator it = m_imsi_to_gtpc_ctx.find(imsi);
if (it == m_imsi_to_gtpc_ctx.end()) { if (it == m_imsi_to_gtpc_ctx.end()) {
@ -341,6 +339,7 @@ bool mme_gtpc::send_delete_session_request(uint64_t imsi)
{ {
m_mme_gtpc_log->info("Sending GTP-C Delete Session Request request. IMSI %" PRIu64 "\n", imsi); m_mme_gtpc_log->info("Sending GTP-C Delete Session Request request. IMSI %" PRIu64 "\n", imsi);
srslte::gtpc_pdu del_req_pdu; srslte::gtpc_pdu del_req_pdu;
std::memset(&del_req_pdu, 0, sizeof(del_req_pdu));
srslte::gtp_fteid_t sgw_ctr_fteid; srslte::gtp_fteid_t sgw_ctr_fteid;
srslte::gtp_fteid_t mme_ctr_fteid; srslte::gtp_fteid_t mme_ctr_fteid;
@ -381,6 +380,7 @@ void mme_gtpc::send_release_access_bearers_request(uint64_t imsi)
// The GTP-C connection will not be torn down, just the user plane bearers. // The GTP-C connection will not be torn down, just the user plane bearers.
m_mme_gtpc_log->info("Sending GTP-C Release Access Bearers Request\n"); m_mme_gtpc_log->info("Sending GTP-C Release Access Bearers Request\n");
srslte::gtpc_pdu rel_req_pdu; srslte::gtpc_pdu rel_req_pdu;
std::memset(&rel_req_pdu, 0, sizeof(rel_req_pdu));
srslte::gtp_fteid_t sgw_ctr_fteid; srslte::gtp_fteid_t sgw_ctr_fteid;
// Get S-GW Ctr TEID // Get S-GW Ctr TEID
@ -432,7 +432,7 @@ void mme_gtpc::send_downlink_data_notification_acknowledge(uint64_t imsi, enum s
m_mme_gtpc_log->debug("Sending GTP-C Data Notification Acknowledge. Cause %d\n", cause); m_mme_gtpc_log->debug("Sending GTP-C Data Notification Acknowledge. Cause %d\n", cause);
srslte::gtpc_pdu not_ack_pdu; srslte::gtpc_pdu not_ack_pdu;
srslte::gtp_fteid_t sgw_ctr_fteid; srslte::gtp_fteid_t sgw_ctr_fteid;
bzero(&not_ack_pdu, sizeof(srslte::gtpc_pdu)); std::memset(&not_ack_pdu, 0, sizeof(not_ack_pdu));
// get s-gw ctr teid // get s-gw ctr teid
std::map<uint64_t, gtpc_ctx_t>::iterator it_ctx = m_imsi_to_gtpc_ctx.find(imsi); std::map<uint64_t, gtpc_ctx_t>::iterator it_ctx = m_imsi_to_gtpc_ctx.find(imsi);
@ -462,7 +462,7 @@ bool mme_gtpc::send_downlink_data_notification_failure_indication(uint64_t imsi,
m_mme_gtpc_log->debug("Sending GTP-C Data Notification Failure Indication. Cause %d\n", cause); m_mme_gtpc_log->debug("Sending GTP-C Data Notification Failure Indication. Cause %d\n", cause);
srslte::gtpc_pdu not_fail_pdu; srslte::gtpc_pdu not_fail_pdu;
srslte::gtp_fteid_t sgw_ctr_fteid; srslte::gtp_fteid_t sgw_ctr_fteid;
bzero(&not_fail_pdu, sizeof(srslte::gtpc_pdu)); std::memset(&not_fail_pdu, 0, sizeof(not_fail_pdu));
// get s-gw ctr teid // get s-gw ctr teid
std::map<uint64_t, gtpc_ctx_t>::iterator it_ctx = m_imsi_to_gtpc_ctx.find(imsi); std::map<uint64_t, gtpc_ctx_t>::iterator it_ctx = m_imsi_to_gtpc_ctx.find(imsi);

@ -1023,6 +1023,7 @@ bool nas::handle_attach_complete(srslte::byte_buffer_t* nas_rx)
srslte::byte_buffer_t* nas_tx; srslte::byte_buffer_t* nas_tx;
// Get NAS authentication response // Get NAS authentication response
std::memset(&attach_comp, 0, sizeof(attach_comp));
LIBLTE_ERROR_ENUM err = liblte_mme_unpack_attach_complete_msg((LIBLTE_BYTE_MSG_STRUCT*)nas_rx, &attach_comp); LIBLTE_ERROR_ENUM err = liblte_mme_unpack_attach_complete_msg((LIBLTE_BYTE_MSG_STRUCT*)nas_rx, &attach_comp);
if (err != LIBLTE_SUCCESS) { if (err != LIBLTE_SUCCESS) {
m_nas_log->error("Error unpacking NAS authentication response. Error: %s\n", liblte_error_text[err]); m_nas_log->error("Error unpacking NAS authentication response. Error: %s\n", liblte_error_text[err]);

@ -21,6 +21,7 @@
#include "srsepc/hdr/spgw/gtpc.h" #include "srsepc/hdr/spgw/gtpc.h"
#include <algorithm> #include <algorithm>
#include <cstring>
#include <fcntl.h> #include <fcntl.h>
#include <inttypes.h> // for printing uint64_t #include <inttypes.h> // for printing uint64_t
#include <linux/if.h> #include <linux/if.h>
@ -200,7 +201,8 @@ void spgw::gtpc::handle_create_session_request(const struct srslte::gtpc_create_
tunnel_ctx = create_gtpc_ctx(cs_req); tunnel_ctx = create_gtpc_ctx(cs_req);
// Create session response message // Create session response message
srslte::gtpc_pdu cs_resp_pdu = {}; srslte::gtpc_pdu cs_resp_pdu;
std::memset(&cs_resp_pdu, 0, sizeof(cs_resp_pdu));
srslte::gtpc_header* header = &cs_resp_pdu.header; srslte::gtpc_header* header = &cs_resp_pdu.header;
srslte::gtpc_create_session_response* cs_resp = &cs_resp_pdu.choice.create_session_response; srslte::gtpc_create_session_response* cs_resp = &cs_resp_pdu.choice.create_session_response;
@ -211,7 +213,7 @@ void spgw::gtpc::handle_create_session_request(const struct srslte::gtpc_create_
header->type = srslte::GTPC_MSG_TYPE_CREATE_SESSION_RESPONSE; header->type = srslte::GTPC_MSG_TYPE_CREATE_SESSION_RESPONSE;
// Initialize to zero // Initialize to zero
bzero(cs_resp, sizeof(struct srslte::gtpc_create_session_response)); std::memset(cs_resp, 0, sizeof(struct srslte::gtpc_create_session_response));
// Setup Cause // Setup Cause
cs_resp->cause.cause_value = srslte::GTPC_CAUSE_VALUE_REQUEST_ACCEPTED; cs_resp->cause.cause_value = srslte::GTPC_CAUSE_VALUE_REQUEST_ACCEPTED;
// Setup sender F-TEID (ctrl) // Setup sender F-TEID (ctrl)
@ -285,6 +287,7 @@ void spgw::gtpc::handle_modify_bearer_request(const struct srslte::gtpc_header&
// Setting up Modify bearer response PDU // Setting up Modify bearer response PDU
// Header // Header
srslte::gtpc_pdu mb_resp_pdu; srslte::gtpc_pdu mb_resp_pdu;
std::memset(&mb_resp_pdu, 0, sizeof(mb_resp_pdu));
srslte::gtpc_header* header = &mb_resp_pdu.header; srslte::gtpc_header* header = &mb_resp_pdu.header;
header->piggyback = false; header->piggyback = false;
header->teid_present = true; header->teid_present = true;
@ -341,9 +344,9 @@ bool spgw::gtpc::send_downlink_data_notification(uint32_t spgw_ctr_teid)
m_gtpc_log->debug("Sending Downlink Notification Request\n"); m_gtpc_log->debug("Sending Downlink Notification Request\n");
struct srslte::gtpc_pdu dl_not_pdu; struct srslte::gtpc_pdu dl_not_pdu;
std::memset(&dl_not_pdu, 0, sizeof(dl_not_pdu));
struct srslte::gtpc_header* header = &dl_not_pdu.header; struct srslte::gtpc_header* header = &dl_not_pdu.header;
struct srslte::gtpc_downlink_data_notification* dl_not = &dl_not_pdu.choice.downlink_data_notification; struct srslte::gtpc_downlink_data_notification* dl_not = &dl_not_pdu.choice.downlink_data_notification;
bzero(&dl_not_pdu, sizeof(struct srslte::gtpc_pdu));
// Find MME Ctrl TEID // Find MME Ctrl TEID
std::map<uint32_t, spgw_tunnel_ctx_t*>::iterator tunnel_it = m_teid_to_tunnel_ctx.find(spgw_ctr_teid); std::map<uint32_t, spgw_tunnel_ctx_t*>::iterator tunnel_it = m_teid_to_tunnel_ctx.find(spgw_ctr_teid);
@ -454,7 +457,7 @@ spgw_tunnel_ctx_t* spgw::gtpc::create_gtpc_ctx(const struct srslte::gtpc_create_
m_gtpc_log->console("SPGW: Allocate UE IP %s\n", inet_ntoa(ue_ip_)); m_gtpc_log->console("SPGW: Allocate UE IP %s\n", inet_ntoa(ue_ip_));
// Save the UE IP to User TEID map // Save the UE IP to User TEID map
spgw_tunnel_ctx_t* tunnel_ctx = new spgw_tunnel_ctx_t; spgw_tunnel_ctx_t* tunnel_ctx = new spgw_tunnel_ctx_t{};
tunnel_ctx->imsi = cs_req.imsi; tunnel_ctx->imsi = cs_req.imsi;
tunnel_ctx->ebi = default_bearer_id; tunnel_ctx->ebi = default_bearer_id;
@ -465,7 +468,7 @@ spgw_tunnel_ctx_t* spgw::gtpc::create_gtpc_ctx(const struct srslte::gtpc_create_
tunnel_ctx->up_user_fteid.ipv4 = m_gtpu->get_s1u_addr(); tunnel_ctx->up_user_fteid.ipv4 = m_gtpu->get_s1u_addr();
tunnel_ctx->dw_ctrl_fteid.teid = cs_req.sender_f_teid.teid; tunnel_ctx->dw_ctrl_fteid.teid = cs_req.sender_f_teid.teid;
tunnel_ctx->dw_ctrl_fteid.ipv4 = cs_req.sender_f_teid.ipv4; tunnel_ctx->dw_ctrl_fteid.ipv4 = cs_req.sender_f_teid.ipv4;
bzero(&tunnel_ctx->dw_user_fteid, sizeof(srslte::gtp_fteid_t)); std::memset(&tunnel_ctx->dw_user_fteid, 0, sizeof(srslte::gtp_fteid_t));
m_teid_to_tunnel_ctx.insert(std::pair<uint32_t, spgw_tunnel_ctx_t*>(spgw_uplink_ctrl_teid, tunnel_ctx)); m_teid_to_tunnel_ctx.insert(std::pair<uint32_t, spgw_tunnel_ctx_t*>(spgw_uplink_ctrl_teid, tunnel_ctx));
m_imsi_to_ctr_teid.insert(std::pair<uint64_t, uint32_t>(cs_req.imsi, spgw_uplink_ctrl_teid)); m_imsi_to_ctr_teid.insert(std::pair<uint64_t, uint32_t>(cs_req.imsi, spgw_uplink_ctrl_teid));

Loading…
Cancel
Save