Harald Welte
4b2ed35b8f
GPRS: Fix buffer overflow in case of very long MS RA CAP IE
...
The MS Radio Access Capability IE can be _very_ long in some recent
high-end mobile phones, way beyond the old 14-byte limit. We increase
our array to 52 bytes, and make sure not to overflow that buffer.
2011-07-27 23:35:38 +02:00
Holger Hans Peter Freyther
074b2b24e0
smsqueue: There was a race/bug with a booting phone, paging and LU
...
It was possible to set the LAC=0 on a subscriber that just has
done a LU because it did not respond to a paging request.
E.g. when a phone is rebooting, a SMS being delivered, the phone
is doing the LU, sub_ready_for_sm will try to send a SMS (but the
phone is not ready yet and it will timeout), then the paging code will
send us an expiration note and we might set the LAC=0 for this
subscriber.
Ideally we would be able to stop the paging request once the subscriber
is authenticated and then hand this to the SMS layer, right now the
best thing to do is to detect that we will run into this problem and
not send the SMS, not try to set the LAC=0.
2011-07-25 00:19:36 +02:00
Harald Welte
07b7bd79d6
TRAU mux: add some comment to the source of the gsm_fr_map
2011-07-24 02:18:13 +02:00
Harald Welte
b226864db5
fix some header file related issues preventing lcr from compiling
2011-07-23 10:53:30 +02:00
Holger Hans Peter Freyther
d455ebe5ff
Merge branch 'daniel/controlif'
2011-07-19 20:08:07 +02:00
Daniel Willmann
8d9876e1ba
osmo-bsc: Only keep the newest of subsequent invalid positions
2011-07-19 20:07:20 +02:00
Daniel Willmann
3118191f59
osmo_bsc: Track the last three locations.
2011-07-19 20:07:20 +02:00
Daniel Willmann
fa2218cbc9
osmo-bsc: Add valid field to location command
2011-07-19 20:07:20 +02:00
Daniel Willmann
6d718c054a
osmo-bsc: Improve return handling in verify_net_loc
2011-07-19 20:07:20 +02:00
Daniel Willmann
44fb151c12
osmo-bsc: Compare char * with NULL instead of 0
2011-07-19 20:07:20 +02:00
Daniel Willmann
1c33d4c00d
libcommon: Add DCTRL logging destination for libctrl related messages
2011-07-19 20:07:20 +02:00
Daniel Willmann
fc83a36cbd
libctrl: Use inttypes.h macros to make uint64_t printfs portable.
2011-07-19 20:07:20 +02:00
Holger Hans Peter Freyther
31f5f71647
paging: Add method to find the paging data for a given subscriber
2011-07-19 20:01:54 +02:00
Holger Hans Peter Freyther
0e412c7a55
bsc: Correct the cast for the signal data
...
There is a dedicated msc_signal_data cast the signal_data to
this type and enjoy working connection closing on a per MSC base.
2011-07-19 19:56:53 +02:00
Holger Hans Peter Freyther
74db7744ee
mgcp: Implement RSIP based on a trunk level
...
Implement the RSIP spec extension to work on the specified
trunk instead of hardcoding it to the virtual trunk.
2011-07-19 19:56:33 +02:00
Holger Hans Peter Freyther
9b9a171da9
bsc: Fix a memory leak when the BSC is not allowed to open a connection
...
When the BSC is refusing to open an outgoing connection the SCCP
connection was leaked. Use the normal free as the socket should
be either closed or disconnected.
2011-07-19 19:54:33 +02:00
Holger Hans Peter Freyther
5e3bbba962
bsc: Call the RF Control interface ctrl all the way
...
We had the rf_ctrl_name and the rf_ctl pointer, make both use
the word ctrl.
2011-07-19 19:53:52 +02:00
Holger Hans Peter Freyther
fe1ca353bb
bts-init: Initialize the BTS like it will look after a reset
...
Reset the BTS MO State on BTS bootstrap. This way we will always
test the BTS disconnect/reconnect case of the BTS.
Do not reset the administrative state of objects. The BSC might
have set these and wants to maintain them across disconnect/
reconnect. Right now this is true for the TRX state.
2011-07-18 11:35:56 +02:00
Holger Hans Peter Freyther
95fd72b9f7
misc: Remove the osmocom/core/process.h include
...
The osmo_daemonize moved from process.h to application.h (that
is already included), remove the process.h include.
2011-07-18 10:40:13 +02:00
Holger Hans Peter Freyther
d010eb4651
ipaccess-firmware: Fix dumping the wrong header fields
...
We want to compare the file more_magic[0] and more_magic[1]
with the static more_magic array to see where the difference
is.
src/ipaccess/ipaccess-firmware.c +64 ipaccess_analyze_file(26) warn: buffer overflow 'firmware_header->more_magic' 2 <= 2
src/ipaccess/ipaccess-firmware.c +64 ipaccess_analyze_file(26) warn: buffer overflow 'firmware_header->more_magic' 2 <= 3
2011-07-16 14:43:01 +02:00
Harald Welte
74902c5435
sgsn_libgtp: remove bogus unreached second return statement
...
found by Smatch
2011-07-16 13:47:37 +02:00
Harald Welte
baf7700429
sgsn_main: add comment about exit statement never reached
2011-07-16 13:47:01 +02:00
Harald Welte
f6b606f422
gprs_gmm: ctx cannot be null, so remove check
...
Detected by Smatch:
/home/laforge/projects/git/openbsc/openbsc/src/gprs/gprs_gmm.c +757 gsm48_rx_gmm_att_req(133) warn: variable dereferenced before check 'ctx'
2011-07-16 13:45:57 +02:00
Harald Welte
cd367b959e
gprs_bssgp_util.c: orig_msg == NULL is not supported
...
we need it for deriving the NSEI anyway.
Detected by Smatch
2011-07-16 13:45:10 +02:00
Harald Welte
d4ab13b630
ipaccess-proxy: use ANSI function declarations (void)
2011-07-16 13:39:44 +02:00
Harald Welte
36ac775838
ipaccess-proxy: fix array bounds problem
...
detected by Smatch:
/home/laforge/projects/git/openbsc/openbsc/src/ipaccess/ipaccess-proxy.c +173 store_idtags(14) error: buffer overflow 'ipbc->id_tags' 255 <= 255
/home/laforge/projects/git/openbsc/openbsc/src/ipaccess/ipaccess-proxy.c +173 store_idtags(14) error: buffer overflow 'ipbc->id_tags' 255 <= 255
/home/laforge/projects/git/openbsc/openbsc/src/ipaccess/ipaccess-proxy.c +175 store_idtags(16) error: buffer overflow 'ipbc->id_tags' 255 <= 255
/home/laforge/projects/git/openbsc/openbsc/src/ipaccess/ipaccess-proxy.c +178 store_idtags(19) error: buffer overflow 'ipbc->id_tags' 255 <= 255
/home/laforge/projects/git/openbsc/openbsc/src/ipaccess/ipaccess-proxy.c +500 ipaccess_rcvmsg(66) error: buffer overflow 'ipbc->rsl_conn' 4 <= 4
/home/laforge/projects/git/openbsc/openbsc/src/ipaccess/ipaccess-proxy.c +504 ipaccess_rcvmsg(70) error: buffer overflow 'ipbc->bsc_rsl_conn' 4
<= 4
2011-07-16 13:38:48 +02:00
Harald Welte
5b3c05d89a
bs11_config: fix array bounds problem by using value_string
...
Detected by Smatch:
/home/laforge/projects/git/openbsc/openbsc/src/utils/bs11_config.c +223 linkstate_name(5) error: buffer overflow 'bs11_link_state' 3 <= 3
/home/laforge/projects/git/openbsc/openbsc/src/utils/bs11_config.c +240 mbccu_load_name(5) error: buffer overflow 'mbccu_load' 6 <= 6
/home/laforge/projects/git/openbsc/openbsc/src/utils/bs11_config.c +905 main(34) info: ignoring unreachable code.
2011-07-16 13:35:24 +02:00
Harald Welte
258c713343
gsm_04_11: use 'unsigned int sms_alphabet' to include 0xffffffff
...
Detected by Smatch
2011-07-16 13:34:52 +02:00
Harald Welte
d1476bc603
db: use ANSI (void) function declarations
2011-07-16 13:24:09 +02:00
Harald Welte
2c5f4c635a
db: fix Smatch warnings
...
/home/laforge/projects/git/openbsc/openbsc/src/libmsc/db.c +254 db_fini(6) info: redundant null check on db_dirname calling free()
/home/laforge/projects/git/openbsc/openbsc/src/libmsc/db.c +256 db_fini(8) info: redundant null check on db_basename calling free()
/home/laforge/projects/git/openbsc/openbsc/src/libmsc/db.c +280 db_create_subscriber(20) warn: variable dereferenced before check 'subscr'
2011-07-16 13:22:57 +02:00
Harald Welte
46324ccfcd
bsc_vty: Fix some Smatch warnings
...
/home/laforge/projects/git/openbsc/openbsc/src/libbsc/bsc_vty.c +1062
show_e1ts(25) warn: variable dereferenced before check 'line'
/home/laforge/projects/git/openbsc/openbsc/src/libbsc/bsc_vty.c +1075
show_e1ts(38) warn: buffer overflow 'line->ts' 32 <= 32
2011-07-16 13:16:39 +02:00
Harald Welte
142c4b8ca8
abis_nm: fix signedness error (uint8_t len cannot be negative)
...
Detected by Smatch
2011-07-16 13:03:29 +02:00
Harald Welte
7017fa7c9d
[bsc-nat] ctrlif: use llist_entry() macro and fix overly-long lines
2011-07-13 14:53:16 +02:00
Harald Welte
f071e16f23
[bsc-nat] ctrlif: save ourselves one level of indentation
2011-07-13 14:53:16 +02:00
Harald Welte
6552047d44
[bsc-nat] ctrlif: use the 'err' label consistently
...
and propagate -ENOMEM in case we have no memory
2011-07-13 14:53:16 +02:00
Harald Welte
f8e49dd187
bsc-nat: ctrlif: split out handle_ctrlif_msg() from ipaccess_bsc_read_cb()
...
We want to avoid spaghetti code by creating smaller functions,
which also helps with the line lengths / indentation levels.
2011-07-13 14:53:16 +02:00
Harald Welte
1b5e5c3727
controlif: declare controlif_setup() in control_cmd.h
...
this avoids us to copy+paste external declarations over all 'main'
files.
2011-07-13 14:53:16 +02:00
Harald Welte
f505f5dff1
controlif: Adapt to minor data structure change regarding nm_state
...
This was required due to master diverging from where controlif
had last branched off.
2011-07-13 14:53:15 +02:00
Harald Welte
07252918ea
Merge branch 'daniel_ctrlif'
2011-07-13 14:52:51 +02:00
Daniel Willmann
a86bc39cc9
nat: Use libctrl and add command forwarding to osmo-bsc
...
Passes commands beginning with "bsc.<num>" to the bsc that is
responsible for LAC <num>.
2011-07-13 14:07:11 +02:00
Daniel Willmann
fc5391f54e
libctrl: Add ctrl_cmd_cpy() to copy a command
2011-07-13 14:07:10 +02:00
Daniel Willmann
bc07090af2
osmo_bsc: Add some libctrl commands
...
* net.location to get/set the geographical location of the network
format is <tstamp>,<lat>,<lon>,<height>
* per trx rf_locked command (net.bts0.trx0.rf_locked)
* network-wide rf_locked command (net.rf_locked)
2011-07-13 14:07:10 +02:00
Daniel Willmann
f7d557cdf2
osmo_bsc: Use libctrl, handle ctrl cmds on port 4249 or from the nat
...
This patch initializes libctrl to listen for connections on port 4249.
Additionally, control messages arriving from the nat will also be
processed.
2011-07-13 14:07:10 +02:00
Daniel Willmann
e8aef2a84b
bsc_hack: Use libctrl, listen on port 4249
2011-07-13 14:07:10 +02:00
Daniel Willmann
2c192639b5
libctrl: Add commands to query counters and rate_cntr
...
These commands are installed in controlif_setup. Query them like this:
"rate_ctr.<interval>.<counter group>.<index>.<counter name>" for rate
counters and "counter.<counter name>" for regular counters. <interval>
may be either "abs" for absolute values or one or
"per_{sec,min,hour,day}".
It is possible to query all rate counters in a group (regardless of
index) or all counters in a group and with a certain index if you omit
<counter name> and <index> or just <counter name>.
2011-07-13 14:06:18 +02:00
Daniel Willmann
e46792971b
libctrl: Add macros to help define commands
2011-07-13 14:06:18 +02:00
Daniel Willmann
4462f8c30f
Add libctrl, an SNMP-like control interface
...
In contrast to the VTY interface the control interface is meant to be
used by programs.
This patch adds basic support, no commands are defined.
2011-07-13 14:06:18 +02:00
Daniel Willmann
203d865317
Add example to communicate through the control interface
2011-07-13 14:06:18 +02:00
Daniel Willmann
4bcc1c37b8
Add documentation for the control interface protocol
2011-07-13 14:06:18 +02:00
Harald Welte
7d33bdf962
osmo-bsc: Some more logging (LOGL_INFO).
2011-07-12 00:05:11 +02:00