Merge branch 'develop'

Author: salcock

README.md

@@ -1,6 +1,6 @@
 OpenLI -- open source ETSI-compliant Lawful Intercept software
 
-Version: 1.0.11
+Version: 1.0.12
 
 ---------------------------------------------------------------------------
 

configure.ac

@@ -1,6 +1,6 @@
 # Super primitive configure script
 
-AC_INIT(openli, 1.0.11, salcock@waikato.ac.nz)
+AC_INIT(openli, 1.0.12, salcock@waikato.ac.nz)
 
 AM_INIT_AUTOMAKE([subdir-objects])
 AC_CONFIG_SRCDIR(src/collector/collector.c)

debian/changelog

@@ -1,3 +1,18 @@
+openli (1.0.12-1) unstable; urgency=medium
+
+  * Fixed bugs where changes to certain intercept properties
+    were not being applied to the encoded ETSI header fields.
+  * Fixed bug where the 'username' property for a static IP
+    intercept was not being encoded as the ETSI targetUsername
+    field.
+  * Fixed bug where digest hashes added to the provisioner auth
+    database using our helper script were not readable by the
+    provisioner itself.
+  * Fixed crash when processing a SIP message that is spread across
+    multiple packets.
+
+ -- Shane Alcock <shane.alcock@waikato.ac.nz>  Mon, 8 Nov 2021 14:08:42 +1300
+
 openli (1.0.11-1) unstable; urgency=medium
 
   * Improved collector encoding performance by saving and reusing

rpm/openli.spec

@@ -1,5 +1,5 @@
 Name:           openli
-Version:        1.0.11
+Version:        1.0.12
 Release:        1%{?dist}
 Summary:        Software for performing ETSI-compliant lawful intercept
 
@@ -232,6 +232,9 @@ fi
 
 
 %changelog
+* Mon Nov 8 2021 Shane Alcock <salcock@waikato.ac.nz> - 1.0.12-1
+- Updated for 1.0.12 release
+
 * Mon Jul 5 2021 Shane Alcock <salcock@waikato.ac.nz> - 1.0.11-1
 - Updated for 1.0.11 release
 

src/collector/collector_base.h

@@ -244,6 +244,7 @@ typedef struct encoder_job {
     char *cinstr;
     openli_export_recv_t *origreq;
     char *liid;
+    uint8_t cept_version;
 } PACKED openli_encoding_job_t;
 
 void destroy_encoder_worker(openli_encoder_t *enc);

src/collector/collector_publish.h

@@ -54,7 +54,7 @@ enum {
     OPENLI_EXPORT_UMTSCC = 16,
     OPENLI_EXPORT_UMTSIRI = 17,
     OPENLI_EXPORT_RAW_SYNC = 18,
-
+    OPENLI_EXPORT_INTERCEPT_CHANGED = 19,
 };
 
 /* This structure is also used for IPMMCCs since they require the same

src/collector/collector_push_messaging.c

@@ -280,12 +280,23 @@ static int update_ipv4_intercept(colthread_local_t *loc, ipsession_t *toup) {
 
     ipsession_t *found;
     ipv4_target_t *v4;
+    char *tmp;
 
     found = find_ipv4_intercept(loc, toup, &v4);
     if (!found) {
         return 0;
     }
 
+    tmp = found->common.authcc;
+    found->common.authcc = toup->common.authcc;
+    found->common.authcc_len = toup->common.authcc_len;
+    toup->common.authcc = tmp;
+
+    tmp = found->common.delivcc;
+    found->common.delivcc = toup->common.delivcc;
+    found->common.delivcc_len = toup->common.delivcc_len;
+    toup->common.delivcc = tmp;
+
     found->common.tostart_time = toup->common.tostart_time;
     found->common.toend_time = toup->common.toend_time;
 
@@ -350,12 +361,23 @@ static int update_ipv6_intercept(colthread_local_t *loc, ipsession_t *toup) {
     ipsession_t *found;
     ipv6_target_t *v6;
     char prefixstr[100];
+    char *tmp;
 
     found = find_ipv6_intercept(loc, toup, &v6, prefixstr, 100);
     if (!found) {
         return 0;
     }
 
+    tmp = found->common.authcc;
+    found->common.authcc = toup->common.authcc;
+    found->common.authcc_len = toup->common.authcc_len;
+    toup->common.authcc = tmp;
+
+    tmp = found->common.delivcc;
+    found->common.delivcc = toup->common.delivcc;
+    found->common.delivcc_len = toup->common.delivcc_len;
+    toup->common.delivcc = tmp;
+
     found->common.tostart_time = toup->common.tostart_time;
     found->common.toend_time = toup->common.toend_time;
 
@@ -749,6 +771,7 @@ void handle_change_voip_intercept(libtrace_thread_t *t, colthread_local_t *loc,
         rtpstreaminf_t *tochange) {
 
     rtpstreaminf_t *rtp;
+    char *tmp;
 
     if (tochange->streamkey == NULL) {
         return;
@@ -763,6 +786,16 @@ void handle_change_voip_intercept(libtrace_thread_t *t, colthread_local_t *loc,
         return;
     }
 
+    tmp = rtp->common.authcc;
+    rtp->common.authcc = tochange->common.authcc;
+    rtp->common.authcc_len = tochange->common.authcc_len;
+    tochange->common.authcc = tmp;
+
+    tmp = rtp->common.delivcc;
+    rtp->common.delivcc = tochange->common.delivcc;
+    rtp->common.delivcc_len = tochange->common.delivcc_len;
+    tochange->common.delivcc = tmp;
+
     rtp->common.tostart_time = tochange->common.tostart_time;
     rtp->common.toend_time = tochange->common.toend_time;
 
@@ -774,6 +807,7 @@ void handle_change_vendmirror_intercept(libtrace_thread_t *t,
 
     vendmirror_intercept_t *found;
     vendmirror_intercept_list_t *parent;
+    char *tmp;
 
     HASH_FIND(hh, loc->activemirrorintercepts, &(vend->sessionid),
             sizeof(vend->sessionid), parent);
@@ -792,6 +826,16 @@ void handle_change_vendmirror_intercept(libtrace_thread_t *t,
         return;
     }
 
+    tmp = found->common.authcc;
+    found->common.authcc = vend->common.authcc;
+    found->common.authcc_len = vend->common.authcc_len;
+    vend->common.authcc = tmp;
+
+    tmp = found->common.delivcc;
+    found->common.delivcc = vend->common.delivcc;
+    found->common.delivcc_len = vend->common.delivcc_len;
+    vend->common.delivcc = tmp;
+
     found->common.tostart_time = vend->common.tostart_time;
     found->common.toend_time = vend->common.toend_time;
     free_single_vendmirror_intercept(vend);
@@ -801,12 +845,24 @@ void handle_change_iprange_intercept(libtrace_thread_t *t,
         colthread_local_t *loc, staticipsession_t *ipr) {
 
     staticipsession_t *sessrec;
+    char *tmp;
 
     HASH_FIND(hh, loc->activestaticintercepts, ipr->key, strlen(ipr->key),
             sessrec);
     if (sessrec) {
         sessrec->common.tostart_time = ipr->common.tostart_time;
         sessrec->common.toend_time = ipr->common.toend_time;
+
+        tmp = sessrec->common.authcc;
+        sessrec->common.authcc = ipr->common.authcc;
+        sessrec->common.authcc_len = ipr->common.authcc_len;
+        ipr->common.authcc = tmp;
+
+        tmp = sessrec->common.delivcc;
+        sessrec->common.delivcc = ipr->common.delivcc;
+        sessrec->common.delivcc_len = ipr->common.delivcc_len;
+        ipr->common.delivcc = tmp;
+
     }
 
     free_single_staticipsession(ipr);

src/collector/collector_seqtracker.c

@@ -151,12 +151,29 @@ static inline void remove_preencoded(seqtracker_thread_data_t *seqdata,
 
 }
 
+static inline void preencode_etsi_fields(seqtracker_thread_data_t *seqdata,
+        exporter_intercept_state_t *intstate) {
+
+    etsili_intercept_details_t intdetails;
+
+    intdetails.liid = intstate->details.liid;
+    intdetails.authcc = intstate->details.authcc;
+    intdetails.delivcc = intstate->details.delivcc;
+
+    intdetails.operatorid = seqdata->colident->operatorid;
+    intdetails.networkelemid = seqdata->colident->networkelemid;
+    intdetails.intpointid = seqdata->colident->intpointid;
+
+    intstate->preencoded = calloc(OPENLI_PREENCODE_LAST,
+            sizeof(wandder_encode_job_t));
+    etsili_preencode_static_fields(intstate->preencoded, &intdetails);
+}
+
 
 static void track_new_intercept(seqtracker_thread_data_t *seqdata,
         published_intercept_msg_t *cept) {
 
     exporter_intercept_state_t *intstate;
-    etsili_intercept_details_t intdetails;
 
     /* If this LIID already exists, we'll need to replace it */
     HASH_FIND(hh, seqdata->intercepts, cept->liid, strlen(cept->liid),
@@ -173,6 +190,7 @@ static void track_new_intercept(seqtracker_thread_data_t *seqdata,
         intstate->details.liid_len = strlen(cept->liid);
         intstate->details.authcc_len = strlen(cept->authcc);
         intstate->details.delivcc_len = strlen(cept->delivcc);
+        intstate->version ++;
 
     } else {
 
@@ -186,47 +204,25 @@ static void track_new_intercept(seqtracker_thread_data_t *seqdata,
         intstate->details.authcc_len = strlen(cept->authcc);
         intstate->details.delivcc_len = strlen(cept->delivcc);
         intstate->cinsequencing = NULL;
+        intstate->version = 0;
 
         HASH_ADD_KEYPTR(hh, seqdata->intercepts, intstate->details.liid,
                 intstate->details.liid_len, intstate);
     }
 
-    intdetails.liid = cept->liid;
-    intdetails.authcc = cept->authcc;
-    intdetails.delivcc = cept->delivcc;
-
-    intdetails.operatorid = seqdata->colident->operatorid;
-    intdetails.networkelemid = seqdata->colident->networkelemid;
-    intdetails.intpointid = seqdata->colident->intpointid;
-
-    if(seqdata->encoding_method == OPENLI_ENCODING_DER){
-        intstate->preencoded = calloc(OPENLI_PREENCODE_LAST,
-                sizeof(wandder_encode_job_t));
-        etsili_preencode_static_fields(intstate->preencoded, &intdetails);
-    }
+    preencode_etsi_fields(seqdata, intstate);
 }
 
 static void reconfigure_intercepts(seqtracker_thread_data_t *seqdata) {
 
     exporter_intercept_state_t *intstate, *tmp;
-    etsili_intercept_details_t intdetails;
 
     logger(LOG_INFO, "OpenLI configuration reloaded -- updating pre-encoded intercept fields");
 
     HASH_ITER(hh, seqdata->intercepts, intstate, tmp) {
         remove_preencoded(seqdata, intstate);
-
-        intdetails.liid = intstate->details.liid;
-        intdetails.authcc = intstate->details.authcc;
-        intdetails.delivcc = intstate->details.delivcc;
-
-        intdetails.operatorid = seqdata->colident->operatorid;
-        intdetails.networkelemid = seqdata->colident->networkelemid;
-        intdetails.intpointid = seqdata->colident->intpointid;
-
-        intstate->preencoded = calloc(OPENLI_PREENCODE_LAST,
-                sizeof(wandder_encode_job_t));
-        etsili_preencode_static_fields(intstate->preencoded, &intdetails);
+        preencode_etsi_fields(seqdata, intstate);
+        intstate->version ++;
     }
 
 }
@@ -241,6 +237,39 @@ static inline void free_intercept_state(seqtracker_thread_data_t *seqdata,
     free(intstate);
 }
 
+static int modify_tracked_intercept(seqtracker_thread_data_t *seqdata,
+        published_intercept_msg_t *msg) {
+
+    exporter_intercept_state_t *intstate;
+    HASH_FIND(hh, seqdata->intercepts, msg->liid, strlen(msg->liid), intstate);
+    etsili_intercept_details_t intdetails;
+
+    if (!intstate) {
+        logger(LOG_INFO, "OpenLI collector: tracker thread was told to modify intercept LIID %s, but it is not a valid ID?",
+                msg->liid);
+        return -1;
+    }
+
+    if (intstate->details.authcc) {
+        free(intstate->details.authcc);
+    }
+    intstate->details.authcc = msg->authcc;
+
+    if (intstate->details.delivcc) {
+        free(intstate->details.delivcc);
+    }
+    intstate->details.delivcc = msg->delivcc;
+
+    remove_preencoded(seqdata, intstate);
+    preencode_etsi_fields(seqdata, intstate);
+    intstate->version ++;
+
+    if (msg->liid) {
+        free(msg->liid);
+    }
+    return 0;
+}
+
 static int remove_tracked_intercept(seqtracker_thread_data_t *seqdata,
         published_intercept_msg_t *msg) {
 
@@ -253,10 +282,9 @@ static int remove_tracked_intercept(seqtracker_thread_data_t *seqdata,
         return -1;
     }
 
-/*
-    logger(LOG_INFO, "OpenLI collector: tracker thread %d removed intercept %s",
-            seqdata->trackerid, msg->liid);
-*/
+    /* TODO All encoders need to know that they should clear all templates
+     * for this particular intercept, somehow?
+     */
     HASH_DELETE(hh, seqdata->intercepts, intstate);
 	if (msg->liid) {
 		free(msg->liid);
@@ -322,6 +350,7 @@ static int run_encoding_job(seqtracker_thread_data_t *seqdata,
 	job.liid = strdup(liid);
     job.cinstr = strdup(cinseq->cin_string);
     job.cin = (int64_t)cin;
+    job.cept_version = intstate->version;
 
 	if (recvd->type == OPENLI_EXPORT_IPMMCC ||
 			recvd->type == OPENLI_EXPORT_IPCC ||
@@ -393,6 +422,11 @@ static void seqtracker_main(seqtracker_thread_data_t *seqdata) {
 					free(job);
 					break;
 
+                case OPENLI_EXPORT_INTERCEPT_CHANGED:
+                    modify_tracked_intercept(seqdata, &(job->data.cept));
+                    free(job);
+                    break;
+
                 case OPENLI_EXPORT_IPMMCC:
                 case OPENLI_EXPORT_IPMMIRI:
                 case OPENLI_EXPORT_IPIRI: