Mercurial > hg > freeDiameter

view extensions/app_redirect/ard_rules.c @ 1510:a2fb51309cd2

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add 3GPP TS 29.345 V15.1.0 (2019-09) Add AVPs: - App-Layer-User-Id, UTF8String, code 3801, section 6.3.2 - Assistance-info, Grouped, code 3802, section 6.3.3 - Assistance-Info-Validity-Timer, Unsigned32, code 3803, section 6.3.4 - Discovery-Type, Unsigned32, code 3804, section 6.3.5 - Filter-Id, OctetString, code 3805, section 6.3.9 - MAC-Address, UTF8String, code 3806, section 6.3.11 - Match-Report, Grouped, code 3807, section 6.3.12 - Operating-Channel, Unsigned32, code 3808, section 6.3.14 - P2P-Features, Unsigned32, code 3809, section 6.3.15 - ProSe-App-Code, OctetString, code 3810, section 6.3.16 - ProSe-App-Id, UTF8String, code 3811, section 6.3.17 - ProSe-App-Mask, OctetString, code 3812, section 6.3.18 - ProSe-Discovery-Filter, Grouped, code 3813, section 6.3.20 - PRR-Flags, Unsigned32, code 3814, section 6.3.21 - ProSe-Validity-Timer, Unsigned32, code 3815, section 6.3.22 - Requesting-EPUID, UTF8String, code 3816, section 6.3.23 - Targeted-EPUID, UTF8String, code 3817, section 6.3.26 - Time-Window, Unsigned32, code 3818, section 6.3.27 - WiFi-P2P-Assistance-Info, Grouped, code 3819, section 6.3.30 - WLAN-Assistance-Info, Grouped, code 3820, section 6.3.31 - WLAN-Link-Layer-Id, OctetString, code 3821, section 6.3.32 - WLAN-Link-Layer-Id-List, Grouped, code 3822, section 6.3.33 - Location-Update-Trigger, Grouped, code 3823, section 6.3.42 - Location-Update-Event-Type, Unsigned32, code 3824, section 6.3.43 - Change-Of-Area-Type, Grouped, code 3825, section 6.3.44 - Location-Update-Event-Trigger, Unsigned32, code 3826, section 6.3.45 - Report-Cardinality, Enumerated, code 3827, section 6.3.46 - Minimum-Interval-Time, Unsigned32, code 3828, section 6.3.47 - Periodic-Location-Type, Grouped, code 3829, section 6.3.48 - Location-Report-Interval-Time, Unsigned32, code 3830, section 6.3.49 - Total-Number-Of-Reports, Unsigned32, code 3831, section 6.3.50 - Validity-Time-Announce, Unsigned32, code 3832, section 6.3.36 - Validity-Time-Monitor, Unsigned32, code 3833, section 6.3.37 - Validity-Time-Communication, Unsigned32, code 3834, section 6.3.38 - ProSe-App-Code-Info, Grouped, code 3835, section 6.3.39 - MIC, OctetString, code 3836, section 6.3.40 - UTC-based-Counter, Unsigned32, code 3837, section 6.3.41 - ProSe-Match-Refresh-Timer, Unsigned32, code 3838, section 6.3.52 - ProSe-Metadata-Index-Mask, OctetString, code 3839, section 6.3.60 - App-Identifier, Grouped, code 3840, section 6.3.61 - OS-ID, OctetString, code 3841, section 6.3.62 - OS-App-ID, UTF8String, code 3842, section 6.3.63 - Requesting-RPAUID, UTF8String, code 3843, section 6.3.64 - Target-RPAUID, UTF8String, code 3844, section 6.3.65 - Target-PDUID, OctetString, code 3845, section 6.3.66 - ProSe-Restricted-Code, OctetString, code 3846, section 6.3.67 - ProSe-Restricted-Code-Suffix-Range, OctetString, code 3847, section 6.3.68 - Beginning-Suffix, OctetString, code 3848, section 6.3.69 - Ending-Suffix, OctetString, code 3849, section 6.3.70 - Discovery-Entry-ID, Unsigned32, code 3850, section 6.3.59 - Match-Timestamp, Time, code 3851, section 6.3.71 - PMR-Flags, Unsigned32, code 3852, section 6.3.57 - ProSe-Application-Metadata, UTF8String, code 3853, section 6.3.58 - Discovery-Auth-Request, Grouped, code 3854, section 6.3.53 - Discovery-Auth-Response, Grouped, code 3855, section 6.3.54 - Match-Request, Grouped, code 3856, section 6.3.55 - Match-Report-Info, Grouped, code 3857, section 6.3.56 - Banned-RPAUID, UTF8String, code 3858, section 6.3.73 - Banned-PDUID, OctetString, code 3859, section 6.3.74 - Code-Receiving-Security-Material, Grouped, code 3860, section 6.3.75 - Code-Sending-Security-Material, Grouped, code 3861, section 6.3.76 - DUSK, OctetString, code 3862, section 6.3.77 - DUIK, OctetString, code 3863, section 6.3.78 - DUCK, OctetString, code 3864, section 6.3.79 - MIC-Check-indicator, Unsigned32, code 3865, section 6.3.80 - Encrypted-Bitmask, OctetString, code 3866, section 6.3.81 - ProSe-App-Code-Suffix-Range, OctetString, code 3867, section 6.3.82 - PC5-tech, OctetString, code 3868, section 6.3.84 Note: Name conflict with 3GPP TS 29.154 Time-Window (4204). Time-Window (3818) in 3GPP TS 29.345 V12.1.0 (2014-12) predates Time-Window (4204) in 3GPP TS 29.154 V13.1.0 (2016-03).
author Luke Mewburn <luke@mewburn.net>
date Sun, 05 Apr 2020 08:27:37 +1000
parents 1af09cc156d6
children
line wrap: on
line source

/*********************************************************************************************************
* Software License Agreement (BSD License)                                                               *
* Author: Sebastien Decugis <sdecugis@freediameter.net>							 *
*													 *
* Copyright (c) 2013, WIDE Project and NICT								 *
* All rights reserved.											 *
* 													 *
* Redistribution and use of this software in source and binary forms, with or without modification, are  *
* permitted provided that the following conditions are met:						 *
* 													 *
* * Redistributions of source code must retain the above 						 *
*   copyright notice, this list of conditions and the 							 *
*   following disclaimer.										 *
*    													 *
* * Redistributions in binary form must reproduce the above 						 *
*   copyright notice, this list of conditions and the 							 *
*   following disclaimer in the documentation and/or other						 *
*   materials provided with the distribution.								 *
* 													 *
* * Neither the name of the WIDE Project or NICT nor the 						 *
*   names of its contributors may be used to endorse or 						 *
*   promote products derived from this software without 						 *
*   specific prior written permission of WIDE Project and 						 *
*   NICT.												 *
* 													 *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED *
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A *
* PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR *
* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 	 *
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 	 *
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR *
* TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF   *
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.								 *
*********************************************************************************************************/

#include "app_redir.h"

static const char * redir_type_str[] = {
	"DONT_CACHE",
	"ALL_SESSION",
	"ALL_REALM",
	"REALM_AND_APPLICATION",
	"ALL_APPLICATION",
	"ALL_HOST",
	"ALL_USER"
};

struct dict_object * avp_Redirect_Host = NULL;
struct dict_object * avp_Redirect_Host_Usage = NULL;
struct dict_object * avp_Redirect_Max_Cache_Time = NULL;
	

void ard_rule_dump(struct ard_rule * r)
{
	struct fd_list * li;
	fd_log_debug("   rule @%p: %s, %us", r, redir_type_str[r->type], r->rct);
	for (li = r->criteria.next; li != &r->criteria; li = li->next) {
		struct ard_criteria * c = li->o;
		switch (c->type) {
			case FROM_ID:
				fd_log_debug("      Criteria: received from peer %s'%s'", c->is_regex?"REGEX":"", c->s);
				break;
			case FROM_REALM:
				fd_log_debug("      Criteria: received from realm %s'%s'", c->is_regex?"REGEX":"", c->s);
				break;
			case APP_ID:
				fd_log_debug("      Criteria: application id is %u", c->i);
				break;
			case AVP_INT:
				fd_log_debug("      Criteria: contains '%s' AVP with value '%d'", c->avp_info.avp_name, c->i);
				break;
			case AVP_STR:
				fd_log_debug("      Criteria: contains '%s' AVP with value %s'%s'", c->avp_info.avp_name, c->is_regex?"REGEX":"", c->s);
				break;
		
			default:
				fd_log_debug("      Criteria: invalid (%d)!", c->type);
		}
	}
	for (li = r->targets.next; li != &r->targets; li = li->next) {
		struct ard_target * t = li->o;
		fd_log_debug("      Redirect to: '%s'", t->s);
	}
}

/* Tells if the string in s (is0term or not) matches the string in the criteria (regex or not) */
static int str_match(struct ard_criteria * c, uint8_t *s, size_t l, int is0term, int * match)
{
	TRACE_ENTRY("%p %p %zd %d %p", c, s, l, is0term, match);
	
	*match = 0;
	
	if (c->is_regex == 0) {
		if ( ! fd_os_almostcasesrch(c->s, c->sl, s, l, NULL) )
			*match = 1;
	} else {
		int err;
#ifdef HAVE_REG_STARTEND
		regmatch_t pmatch[1];
		memset(pmatch, 0, sizeof(pmatch));
		pmatch[0].rm_so = 0;
		pmatch[0].rm_eo = l;
		err = regexec(&c->preg, (char *)s, 0, pmatch, REG_STARTEND);
#else /* HAVE_REG_STARTEND */
		if (!is0term) {
			/* We have to create a copy of the string in this case */
			char *mystrcpy;
			CHECK_MALLOC( mystrcpy = (char *)os0dup(s, l) );
			err = regexec(&c->preg, mystrcpy, 0, NULL, 0);
			free(mystrcpy);
		} else {
			err = regexec(&c->preg, (char *)s, 0, NULL, 0);
		}
#endif /* HAVE_REG_STARTEND */
		
		/* Now check the result */
		if (err == 0) {
			/* We have a match */
			*match = 1;
		} else if (err != REG_NOMATCH) {
			/* An error occurred */
			char * buf;
			size_t bl;

			/* Error while compiling the regex */
			TRACE_DEBUG(INFO, "Error while executing the regular expression '%s':", c->s);

			/* Get the error message size */
			bl = regerror(err, &c->preg, NULL, 0);

			/* Alloc the buffer for error message */
			CHECK_MALLOC( buf = malloc(bl) );

			/* Get the error message content */
			regerror(err, &c->preg, buf, bl);
			TRACE_DEBUG(INFO, "\t%s", buf);

			/* Free the buffer, return the error */
			free(buf);
			return (err == REG_ESPACE) ? ENOMEM : EINVAL;
		}
	}
	return 0;
}

/* Search the first matching rule in the config */
static int find_rule(struct msg * msg, struct ard_rule ** found)
{
	struct fd_list * li;
	struct msg_hdr * mhdr = NULL;
	struct peer_hdr * phdr = NULL;
	
	ASSERT(msg && found);
	*found = NULL;
	
	/* Get the message's header */
	CHECK_FCT( fd_msg_hdr(msg, &mhdr) );
	
	/* Get the message's origin */
	{
		DiamId_t id;
		size_t len;
		CHECK_FCT( fd_msg_source_get(msg, &id, &len) );
		CHECK_FCT( fd_peer_getbyid(id, len, 0, &phdr) );
	}
	
	/* Now for each rule check if all criteria match */
	for (li = ard_conf->rules.next; li != &ard_conf->rules; li = li->next) {
		struct fd_list * lic;
		struct ard_rule * r = li->o;
		int is_match = 1;
		
		for (lic = r->criteria.next; is_match && (lic != &r->criteria); lic = lic->next) {
			struct ard_criteria * c = lic->o;
			
			/* Does this criteria match ? */
			switch (c->type) {
				case APP_ID:
					if (c->i != mhdr->msg_appl)
						is_match = 0;
					break;
					
				case FROM_ID:
					CHECK_FCT( str_match(c, (uint8_t *)phdr->info.pi_diamid, phdr->info.pi_diamidlen, 1, &is_match) );
					break;
				
				case FROM_REALM:
					if (phdr->info.runtime.pir_realm) {
						CHECK_FCT( str_match(c, (uint8_t *)phdr->info.runtime.pir_realm, phdr->info.runtime.pir_realmlen, 1, &is_match) );
					} else {
						/* since we don't have the realm it was received from, assume it does not match */
						TRACE_DEBUG(INFO, "Missing realm info for peer '%s', skipping rule %p", phdr->info.pi_diamid, r);
						is_match = 0;
					}
					break;
				
				case AVP_INT:
				case AVP_STR:
					/* We have to search the whole message for the matching AVP */
					{
						is_match = 0;
						struct avp * avp = NULL;
						CHECK_FCT(  fd_msg_browse(msg, MSG_BRW_FIRST_CHILD, &avp, NULL)  );
						while (avp && !is_match) {
							struct avp_hdr * ahdr = NULL;
							CHECK_FCT( fd_msg_avp_hdr(avp, &ahdr) );

							if ( (ahdr->avp_code == c->avp_info.avp_code)
							  && (ahdr->avp_vendor == c->avp_info.avp_vendor) )  /* always 0 if no V flag */
							{
								/* dict-parse this AVP to ensure it has a value */
								CHECK_FCT( fd_msg_parse_dict( avp, fd_g_config->cnf_dict, NULL ) );

								/* Now check if the value matches our criteria */
								if (c->type == AVP_INT) {
									if (ahdr->avp_value->u32 == c->i)
										is_match = 1;
								} else {
									/* it is AVP_STR */
									CHECK_FCT( str_match(c, ahdr->avp_value->os.data, ahdr->avp_value->os.len, 0, &is_match) );
								}

								if (is_match)
									break;
							}

							/* go to next */
							CHECK_FCT( fd_msg_browse(avp, MSG_BRW_NEXT, &avp, NULL) );
						}

					}
				
					break;
			
			}
		}
		
		if (is_match) {
			/* We found the first rule that matches for this message */
			*found = r;
			break;
		}
	}
	
	return 0;
}

/* The forward callback */
int ard_rule_apply(void * cbdata, struct msg ** msg)
{
	struct ard_rule * rule = NULL;
	
	TRACE_ENTRY("%p %p", cbdata, msg);
	CHECK_PARAMS(msg && *msg);
	
	/* First, check if we have a rule that applies to this message */
	CHECK_FCT( find_rule(*msg, &rule) );
	
	if (rule) {
		struct avp * avp;
		union avp_value val;
		struct fd_list * li;
		
		/* We have to reply a Redirect message in this case */
		CHECK_FCT( fd_msg_new_answer_from_req(fd_g_config->cnf_dict, msg, MSGFL_ANSW_ERROR) );
		
		CHECK_FCT( fd_msg_rescode_set( *msg, "DIAMETER_REDIRECT_INDICATION", NULL, NULL, 1 ) );
		
		/* Now add the Redirect-* AVPs */
		CHECK_FCT( fd_msg_avp_new( avp_Redirect_Host_Usage, 0, &avp ) );
		val.u32 = rule->type;
		CHECK_FCT( fd_msg_avp_setvalue( avp, &val ) );
		CHECK_FCT( fd_msg_avp_add( *msg, MSG_BRW_LAST_CHILD, avp ) );
		
		if (rule->type) {
			CHECK_FCT( fd_msg_avp_new( avp_Redirect_Max_Cache_Time, 0, &avp ) );
			val.u32 = rule->rct ?: ard_conf->default_rct;
			CHECK_FCT( fd_msg_avp_setvalue( avp, &val ) );
			CHECK_FCT( fd_msg_avp_add( *msg, MSG_BRW_LAST_CHILD, avp ) );
		}
		
		for (li = rule->targets.next; li != &rule->targets; li = li->next) {
			struct ard_target * t = li->o;
			
			CHECK_FCT( fd_msg_avp_new( avp_Redirect_Host, 0, &avp ) );
			val.os.data = t->s;
			val.os.len  = t->l;
			CHECK_FCT( fd_msg_avp_setvalue( avp, &val ) );
			CHECK_FCT( fd_msg_avp_add( *msg, MSG_BRW_LAST_CHILD, avp ) );
		}
		
		/* Send this answer */
		CHECK_FCT( fd_msg_send( msg, NULL, NULL) );
	}
	
	return 0;
}
"Welcome to our mercurial repository"