cellular-infrastructure
/
osmo-bsc
mirror of https://gerrit.osmocom.org/osmo-bsc
9
0
Fork 0
Code Issues Releases Wiki Activity
6,656 Commits 64 Branches 117 Tags 59 MiB
Commit Graph

6656 Commits

Author SHA1 Message Date
Pau Espin 9862bcb5cd Fix heap-use-after-free due to OML link destruction 
ipaccess_drop_oml was being called inside an osmo_fd cb context, were
-EBADF must be returned if the structure holding the osmo_fd is freed.
In the middle of the path (see OS#3495 for path tree) it goes through a
signal dispatch, so it's impossible to make sure we return some value to
the osmo_fd cb. As a result, it is required to defer dropping the OML
Link from current code path and do it through a timer.

Fixes following ASan report:
20180822124927913  <0004> abis_nm.c:787 OC=RADIO-CARRIER(02) INST=(00,00,ff): CHANGE ADMINISTRATIVE STATE NACK CAUSE=Message cannot be performed
20180822124927913  <0004> osmo_bsc_main.c:186 Got CHANGE ADMINISTRATIVE STATE NACK going to drop the OML links.
20180822124927913  <0015> bts_ipaccess_nanobts.c:406 (bts=0) Dropping OML link.
...
=================================================================
==17607==ERROR: AddressSanitizer: heap-use-after-free on address 0x62e000060a68 at pc 0x7f5ea8e27086 bp 0x7ffde92b6d80 sp 0x7ffde92b6d78
READ of size 8 at 0x62e000060a68 thread T0
    #0 0x7f5ea8e27085 in handle_ts1_write input/ipaccess.c:371
    #1 0x7f5ea8e27085 in ipaccess_fd_cb input/ipaccess.c:391
    #2 0x7f5ea9147ca8 in osmo_fd_disp_fds libosmocore/src/select.c:217
    #3 0x7f5ea9147ca8 in osmo_select_main libosmocore/src/select.c:257
    #4 0x555813ab79d6 in main osmo-bsc/osmo_bsc_main.c:922
    #5 0x7f5ea76d02e0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202e0)
    #6 0x555813ab84e9 in _start (/bin/osmo-bsc+0x34d4e9)

Fixes: OS#3495
Change-Id: I7c794c763481c28e8c35dc9b11d27969e16feb3c
 2018-08-23 16:47:30 +02:00
Neels Hofmeyr 5f0a63d678 fix lchan_rtp_fsm: missing event handling 
Release and Rollback events are allowed but unhandled in states
WAIT_MGW_CONFIGURED and ROLLBACK, and hence would result in an assertion. Add
handling in these states.

Change-Id: Iab233c592384902098644eee27bb8445fde3aa6f
 2018-08-22 19:56:35 +00:00
Pau Espin dcbcbad374 abis_nm: Fix trailing whitespacing 
Change-Id: Ia434b349e85019d2224a6f9a699058dccc6072dc
 2018-08-22 12:25:44 +02:00
Pau Espin 889e0169a7 abis_nm: Fix heap-use-after-free in abis_nm_set_channel_attr 
LOGPFOH uses the msgb through "foh", so we have to free msgb after
calling it, not before.

Fixes following ASAN report:
20180822120155990 DNM <0004> abis_nm.c:1889 OC=CHANNEL(03) INST=(00,01,06): Set Chan Attr (bts=0,trx=1,ts=6)
=================================================================
==16465==ERROR: AddressSanitizer: heap-use-after-free on address 0x61a00002b3f0 at pc 0x7f587f44c0db bp 0x7ffc59e31df0 sp 0x7ffc59e31de8
READ of size 1 at 0x61a00002b3f0 thread T0
    #0 0x7f587f44c0da in abis_nm_dump_foh libosmocore/src/gsm/abis_nm.c:937
    #1 0x561e09e1532c in abis_nm_set_channel_attr osmo-bsc/src/osmo-bsc/abis_nm.c:1892
    #2 0x561e09efd269 in nm_statechg_event osmo-bsc/src/osmo-bsc/bts_ipaccess_nanobts.c:168
    #3 0x561e09efd269 in bts_ipa_nm_sig_cb osmo-bsc/src/osmo-bsc/bts_ipaccess_nanobts.c:335
    #4 0x7f587efb3d16 in osmo_signal_dispatch libosmocore/src/signal.c:120
    #5 0x561e09e18e31 in abis_nm_rx_statechg_rep osmo-bsc/src/osmo-bsc/abis_nm.c:255
    #6 0x561e09e18e31 in abis_nm_rcvmsg_report osmo-bsc/src/osmo-bsc/abis_nm.c:380
    #7 0x561e09e18e31 in abis_nm_rcvmsg_fom osmo-bsc/src/osmo-bsc/abis_nm.c:778
    #8 0x561e09e1dc19 in abis_nm_rcvmsg osmo-bsc/src/osmo-bsc/abis_nm.c:926
    #9 0x7f587ec90cc2 in handle_ts1_read input/ipaccess.c:274
    #10 0x7f587ec90cc2 in ipaccess_fd_cb input/ipaccess.c:389
    #11 0x7f587efb1ca8 in osmo_fd_disp_fds libosmocore/src/select.c:217
    #12 0x7f587efb1ca8 in osmo_select_main libosmocore/src/select.c:257
    #13 0x561e09e049d6 in main osmo-bsc/src/osmo-bsc/osmo_bsc_main.c:922
    #14 0x7f587d53a2e0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202e0)
    #15 0x561e09e054e9 in _start (/bin/osmo-bsc+0x34d4e9)

Fixes: OS#3494
Change-Id: I030117abfdcee387516a4dea7e1e6a9bae8055f6
 2018-08-22 12:25:44 +02:00
Neels Hofmeyr c649c3fe8e use __FILE__, not __BASE_FILE__ 
The intention was to use the file's basename, but __BASE_FILE__ means "the root
file that is being parsed and contains #include statements".

If we had a function using __BASE_FILE__ and that was defined in an #included
file, __BASE_FILE__ would indicate the first file where the #include is, and
not the file where the function is defined. __BASE_FILE__ works for us because
we don't ever include function definitions that log something, so __BASE_FILE__
always coincides with __FILE__ for our logging; but still __BASE_FILE__ is
semantically the wrong constant.

Related: OS#2740
Change-Id: Ic6d9dafc96c9d467ae53be2cd41adcf26a4e5125
 2018-08-20 12:40:43 +02:00
Pau Espin 4db98554fd bsc: Use libosmocore API to track osmo_signal structs 
libosmocore recently had the new API introduced for this purpose.

Depends: libosmocore Change-Id Id58ca18eb826b8f4183a7cf0dbb2b38cba702a09
Change-Id: Id07260635327617f8da5050af1e906891a89c530
 2018-08-17 07:06:08 +00:00
Philipp Maier 0c8771e34f doc: update mgw settings in example config file 
The example config file lacks a default port setting for the local
mgcp client port. Lets update that.

Change-Id: I6b1c5097d98ec2ab97d51f99b1105db3de85c75f
Related: OS#2874
 2018-08-13 10:10:17 +00:00
Philipp Maier 48338570e1 lcls: do not LCLS call legs with different codecs 
It is theoretically possible to LCLS two legs that use different
codecs. However, this requires transcoding capabilities on the
local MGW. If the local MGW lacks transcoding features such a
local circuit should be avoided. Enabeling LCLS under such
coditions should be optional (VTY)

- Add check to avoid LCLS on different codec/rate
- Add VTY-Option to optionally override the check
  (MGW is able to transcode)

Change-Id: I157549129a40c64364dc126f67195759e5f1d60f
Related: OS#1602
 2018-08-08 13:02:58 +02:00
Philipp Maier 628a05e738 GSCON: call api of a_reset.c with msc object directly 
The API of a_reset.c is currently called with a pointer to struct
reset_ctx. This puts the responsibility of checking the presence of
msc->a.reset_fsm to the caller. It would be much more effective if the
caller would check if msc->a.reset_fsm before dereferencing it.

This also fixes at least one segfault that ocurrs when gscon_timer_cb()
is called but no sccp connection is present yet. Therefore the pointer
to bsc_msc_data would not be populated. This is now detected by
a_reset.c itsself.

- minor code cleanups
- call a_reset.c functions with msc (struct bsc_msc_data)

Change-Id: I0802aaadf0af4e58e41c98999e8c6823838adb61
Related: OS#3447
 2018-08-07 15:11:41 +00:00
Philipp Maier bf4e29a7df GSCON: avoid sending connection oriented data when not connected 
When no connection is present and had never existed, then
conn->sccp.msc is unpopulated. However, there may be situations where
osmo_bsc_sigtran_send() is executed while no connection is present.

At the moment we assert on conn->sccp.msc, which would cause osmo-bsc
to exit. In order to avoid this, better check conn->sccp.msc and drop
the sccp message when the check is negative.

- Remove assertion, add check.

Change-Id: I4eaa983702224e5995a388ea9890ee04212eb569
Related: OS#3446
 2018-08-07 12:09:01 +02:00
Philipp Maier c1a0f7a1f5 sigtran: fix memleak in osmo_bsc_sigtran_send() 
The function osmo_bsc_sigtran_send() checks if the MSC is ready by
calling a_reset_conn_ready(). If it is not ready it returns with
-EINVAL. The msg message buffer is not freed, so we leak memory in those
edge cases.

- Make sure msg is freed when MSC is not ready.
- Add a comment that osmo_bsc_sigtran_send() takes ownership of msg

Change-Id: Ib1ff1d20e960a356bcee276b7c1bf9c93283e7af
 2018-08-07 12:06:36 +02:00
Harald Welte 1152362b51 handover_fsm.c: Fix -Werror=format-security errors 
When building with -Werror=format-security, such as our OBS builds,
it fails like this:

[  118s] handover_fsm.c: In function 'parse_ho_request':
[  118s] handover_fsm.c:478:4: error: format not a string literal and no format arguments [-Werror=format-security]
[  118s]     gsm0808_cell_id_name(&req->cell_id_serving));
[  118s]     ^~~~~~~~~~~~~~~~~~~~
[  118s] handover_fsm.c:489:4: error: format not a string literal and no format arguments [-Werror=format-security]
[  118s]     gsm0808_cell_id_name(&req->cell_id_target));
[  118s]     ^~~~~~~~~~~~~~~~~~~~
[  120s] cc1: some warnings being treated as errors

Let's make sure we don't call sprintf() and friends without a format
string.  In fact, if we only want to copy a string without extra
formatting, use osmo_strlcpy() or OSMO_STRLCPY_ARRAY().

Change-Id: I56cff3618f012f6b019f4fca7e2768814487137a
 2018-08-01 18:35:34 +02:00
Harald Welte 13af4d7ec5 Migrate from osmo_ipa_idtag_parse() to ipa_ccm_id_resp_parse() 
In libosmocore Change-ID I1834d90fbcdbfcb05f5b8cfe39bfe9543737ef8f
we have introduced ipa_ccm_id_resp_parse() as a bugfixed replacement
of ipa_ccm_idtag_parse().

The main difference is that the returned "value" parts now have
a correct reported "length", whereas before this commit they all
reported a one-byte too-long "length" for each IE.

Change-Id: I7d5ab323989c13d0cc6ff05547306edb918e423f
 2018-08-01 13:43:44 +02:00
Philipp Maier c80cce67af gscon: use BSS-common payload types on BSS side 
In cases where a codec has no fixed (IANA) payload type number, a
dynamically coosen payload type number is used. For the route between
BSC and MSC 3GPP as designated certain payload type numbers. However,
beond that, those payload type numbers may not necessarly apply. The
RTP communication between BTS and BSC still might run on a completely
different payload type number.

libosmo-netif contains a header file which payload type numbers
shall be used. Lets use those in order to signal the same payload type
numbers as we actually use in the RTP packets to the MGW.

Change-Id: I507a1b1446c8f140b2950d73cf737797604c1ac3
Related: OS#2728
Related: OS#3384
 2018-08-01 11:27:17 +02:00
Philipp Maier a406b167c1 endpoint_fsm: add missing return in mgcp_pick_codec 
The function mgcp_pick_codec is responsible to set the codec
information. In cases whee the codec type can not be determined
correctly it sets verb_info->codecs_len = 0, indicating to the caller
that no codocs are set. However, after that it does not return, it sets
an invalid codec anyway.

- Add missing return to keep the no-codec setting in case of error.

Change-Id: I8d1f8553357b6ad328ab1e5d4525fad0dd282a42
 2018-08-01 10:56:59 +02:00
Neels Hofmeyr 94d30f2b25 cosmetic: gscon: don't re-enter ST_CLEARING 
I often see "ERROR [ST_CLEARING] Entering ST_CLEARING not permitted!", avoid
the bogus error messages by checking entering ST_CLEARING only if not in it
yet. Still don't allow re-entering, to not restart the timeout.

Change-Id: Ia1f171c08dcbc529f907a20eed43bf5ee3a452b3
 2018-07-28 12:18:23 +02:00
Neels Hofmeyr 34c881a811 cosmetic: rename osmo_bsc_api.c to gsm_08_08.c 
Change-Id: I91922f557072d0fb8cfe213a8a7b50f3bb23dea0
 2018-07-28 12:18:23 +02:00
Neels Hofmeyr 81a496340c cosmetic: rename bsc_api.h to gsm_08_08.h 
See also I91922f557072d0fb8cfe213a8a7b50f3bb23dea0, which renames
osmo_bsc_api.c to gsm_08_08.c.

Change-Id: I7179eb27183ee213f8fc8d548895b67aa43dc6a2
 2018-07-28 12:18:23 +02:00
Neels Hofmeyr b5ce49f872 cosmetic: reduce bsc_api.h 
Remove as much as possible from bsc_api.h. Use '#pragma once'. Tweak head
comment.

BSC_API_CONN_POL_{ACCEPT,REJECT}: only user is static complete_layer3(), just
use a bool return value instead.

msc_connected(): only used in osmo_bsc_api.c, make static there.

Instead of including gsm_data.h, declare structs opaquely, include stdint.h.
codec_pref_test.c used this as indirect gsm_data.h include via osmo_bsc.h,
include gsm_data.h there directly.

osmo_bsc.h: instead of including bsc_api.h, declare opaque structs.

gsm_04_08_rr.h: declare opaque structs to replace indirect include of
gsm_data.h.

Change-Id: Ia9c0f9828317236048e40ec9ecf9990592e2190a
 2018-07-28 12:18:23 +02:00
Neels Hofmeyr 8757f42c8e cosmetic: dissolve bsc_api.c 
gsm0808_page() is just a thin wrapper for rsl_paging_cmd(), the only caller is
page_ms() from paging.c. Directly call rsl_paging_cmd() instead.

Move gsm0808_cipher_mode() to the only caller in osmo_bsc_bssap.c, make static.

Change-Id: Ib7ce026b52d4ba3e53a8b2824e74ea92432c48c5
 2018-07-28 12:18:23 +02:00
Neels Hofmeyr a07b667453 vty: 'handover any': pick more random chans, use lchan_select_by_type() 
The 'handover any' VTY command is only useful for testing. It is even more
useful if it doesn't always pick the first used lchan but produces more random
handovers.

The algorithm takes a random number as input, iterates over used lchans once,
and if the random number is larger, takes modulo of the nr of used lchans
counted. A second iteration will then produce a match.

Instead of figuring out the lchan type logic in bsc_vty.c, just use
lchan_select_by_type();

Change-Id: I50b70e02d665b967e401db65581e110bc83101e7
 2018-07-28 12:18:23 +02:00
Neels Hofmeyr 6d568ed7ff cosmetic: constify gsm_bts_num() net arg 
Change-Id: I9a078ffb781ee55c0ca114fa0d752c1b53067419
 2018-07-28 12:18:23 +02:00
Neels Hofmeyr 3c5612f82b create separate logging categories for lchan,ts,as FSMs 
Change-Id: Ie889b8860a4a63c7c22ef65025f690d64cd7330c
 2018-07-28 12:18:23 +02:00
Neels Hofmeyr 2fc79dd220 allocate larger lchans if no SDCCH are available 
Related: OS#3332
Change-Id: I2fcf9e9baa7d03974a367763f3f52f59dfc2cc51
 2018-07-28 12:18:23 +02:00
Neels Hofmeyr d5df9a1d0d lchan_fsm: add in_release_handler flag 
If a release event is being handled, ignore other ricocheting release events
until that release handling has concluded.

For example, if an lchan is regularly released, it signals the lchan RTP FSM to
release, which then calls back to say "RTP is released" on termination -- this
should not trigger other state changes than the initial release intends.

Change-Id: Iec41e006b6ab9d0f618d36925341f9536353e5d8
 2018-07-28 12:18:23 +02:00
Neels Hofmeyr ac85b34476 lchan_fsm: split off lchan_rtp_fsm, establish RTP a bit earlier 
Change-Id: Id7a4407d9b63be05ce63f5f2768b7d7e3d5c86fb
 2018-07-28 12:18:23 +02:00
Neels Hofmeyr dbb38d532b fix BSC_CTR_ASSIGNMENT doc strings 
Change-Id: I9de0c16a14edd8bf4f02b7781ccfd211e0a79463
 2018-07-28 12:18:23 +02:00
Neels Hofmeyr 73ecfbb822 cosmetic: FSMs: allow ignorable events 
In various FSMs, some events may appear later or earlier without need of
action. Do not indicate these as 'ERROR' (event not permitted), but allow and
ignore them.

Debug-log about some of those.

From the old code, we've taken over the habit to change into
WAIT_BEFORE_RF_RELEASE even before SAPI[0] is released. Hence we may still
receive a SAPI[0] REL_IND in WAIT_BEFORE_RF_RELEASE. Don't show this as error
message, just silently accept it.

Change-Id: Ie320c7c6a1436184aaf2ec5a1843e04f4b3414ab
 2018-07-28 12:18:23 +02:00
Neels Hofmeyr 18ce10b7b1 timeslot FSM: permit entering broken state from anywhere 
Change-Id: I59abcef2ee1d9e307f8eacf1d5ea663e19099a6a
 2018-07-28 12:18:23 +02:00
Neels Hofmeyr 52b5298eab timeslot FSM: fix infinite recursion on failure to send PDCH ACT 
If PDCH ACT sending fails and we go back to UNUSED, the UNUSED onenter goes
right back to PDCH ACT and we loop. Avoid by going straight to broken state.

Actually, if we can't send messages, the timeslot is obviously broken, so also
enter the broken state if PDCH deactivation fails to be sent out.

Change-Id: Iebaffd0547a9651c5ba435b54dedab99c2cfdd31
 2018-07-28 12:18:23 +02:00
Neels Hofmeyr 459113d810 fix: dispatch TS_EV_RSL_DOWN when losing RSL 
Noticed by ttcn3-bsc-test: after TC_ms_rel_ind_does_not_cause_bssmap_reset the
test TC_dyn_pdch_ipa_act_deact would fail because RSL was still indicated as
available, and only OML was properly signalled as down.

Before recent commit I4843d03b3237cdcca0ad2041ef6895ff253d8419 to fix nanobts
and use only flags for RSL and OML presence, the timeslot FSM actually checked
RSL link presence and the lacking RSL DOWN event was not noticed.

Change-Id: I66c7fc5fcc676f4960f3d089b8c2ae5bce37ed99
 2018-07-28 12:18:23 +02:00
Neels Hofmeyr bcdbfb7406 fix nanobts: timeslot FSM: use flags to remember OML,RSL status 
Before this patch, the timeslot FSM receives OML and RSL ready events.
Afterwards, it relies on examining the RSL and OML status to match the received
events. This doesn't work for the ip.access nanobts, which fails to change the
CHANNEL OM's operational status even though it has sent an Opstart ACK.  We
receive OML CHANNEL Opstart ACK, but the mo's state left at OP_STATE=Disabled.
We apparently cannot rely on the gsm_abis_mo state as assumed before this
patch, since changing the state depends on each BTS vendor's OML
implementation.

Also, implementation wise, it is better to not include assumptions on RSL and
OML implementations in the timeslot FSM. Simply receive the OML and RSL ready
events and remember that they arrived in dedicated flags.

Remove the no longer needed oml_is_ts_ready() callback from struct
gsm_bts_model added in:

  commit 91aa68f762
  "dyn TS: init only when both RSL and the Channel OM are established"
  I99f29d2ba079f6f4b77f0af12d9784588d2f56b3

This keeps osmo-bts operational while fixing ip.access nanobts, where the
CHANNEL OM's state prevented the timeslot FSM from entering operation.

Change-Id: I4843d03b3237cdcca0ad2041ef6895ff253d8419
 2018-07-28 12:18:23 +02:00
Neels Hofmeyr 31f525e756 large refactoring: use FSMs for lchans; add inter-BSC HO 
Add FSMs:

- timeslot_fsm: handle dynamic timeslots and OML+RSL availability.
- lchan_fsm: handle an individual lchan activation, RTP stream and release,
  signal the appropriate calling FSMs on success, failure, release.
- mgw_endpoint_fsm: handle one entire endpoint with several CI.
- assignment_fsm: BSSMAP Assignment Request.
- handover_fsm: all of intra, inter-MO and inter-MT handover.

Above FSMs absorb large parts of the gscon FSM. The gscon FSM was surpassing
the maximum amount events (32), and it is more logical to treat assignment,
handover and MGW procedures in separate FSMs.

- Add logging macros for each FSM type:
  - LOG_TS()
  - LOG_LCHAN()
  - LOG_MGWEP(), LOG_CI()
  - LOG_ASSIGNMENT()
  - LOG_HO()
  These log with the osmo_fsm_inst where present.
  New style decision: logging without a final newline char is awkward,
  especially for gsmtap logging and when other logs interleave LOGPC() calls;
  we have various cases where the final \n goes missing, and also this invokes
  the log category checking N times instead of once.
  So I decided to make these macros *always* append a newline, but only if
  there is no final newline yet. I hope that the compiler optimizes the
  strlen() of the constant format strings away. Thus I can log with or without
  typing "\n" and always get an \n termination anyway.

General:

- replace osmo_timers, state enums and program-wide osmo_signal_dispatch()
  with dedicated FSM timeouts, states and events.

- introduce a common way to handle Tnnn timers: gsm_timers.h/.c: struct T_def.
  These can be used (with some macro magic) to define a state's timeout once,
  and not make mistakes for each osmo_fsm_inst_state_chg().

Details:

bsc_subscr_conn_fsm.c:

- move most states of this FSM to lchan_fsm, assignment_fsm, handover_fsm and
  mgw_endpoint_fsm.

- There is exactly one state for an ongoing Assignment, with all details
  handled in conn->assignment.fi. The state relies on the assignment_fsm's
  timeout.

- There is one state for an ongoing Handover; except for an incoming Handover
  from a remote BSS, the gscon remains in ST_INIT until the new lchan and conn
  are both established.

- move bssmap_add_lcls_status() to osmo_bsc_lcls.c

abis_rsl.c:

- move all dynamic timeslot logic away into timeslot_fsm. Only keep plain send/receive functions in
  abis_rsl.c

- reduce some rsl functions to merely send a message, rename to "_tx_".
  - rsl_ipacc_mdcx(): add '_tx_' in the name; move parts that change the lchan state out into the
    lchan_fsm, the lchan->abis_ip.* are now set there prior to invoking this function.

- move all timers and error/release handling away into various FSMs.

- tweak ipa_smod_s_for_lchan() and ipa_rtp_pt_for_lchan() to not require an
  lchan passed, but just mode,type that they require. Rename to
  ipacc_speech_mode*() and ipacc_payload_type().

- add rsl_forward_layer3_info, used for inter-BSC HO MO, to just send the RR
  message received during BSSMAP Handover Command.

- move various logging to LOG_LCHAN() in order to log with the lchan FSM instance.
  One drawback is that the lchan FSM is limited to one logging category, i.e. this moves some logging
  from DRR to DRSL. It might actually make sense to combine those categories.

- lose LOGP...LOGPC logging cascades: they are bad for gsmtap logging and for performance.

- handle_classmark_chg(): change logging, move cm2 len check out of the cm3 condition (I hope that's
  correct).

- gsm48_send_ho_cmd(): split off gsm48_make_ho_cmd() which doesn't send right away, so that during
  inter-bsc HO we can make an RR Handover Command to send via the MSC to the remote BSS.

assignment_fsm.c:

- the Chan Mode Modify in case of re-using the same lchan is not implemented
  yet, because this was also missing in the previous implementation (OS#3357).

osmo_bsc_api.c:

- simplify bsc_mr_config() and move to lchan_fsm.c, the only caller; rename to
  lchan_mr_config(). (bsc_mr_config() used to copy the values to mr_bts_lv
  twice, once by member assignment and then again with a memcpy.)

- During handover, we used to copy the MR config from the old lchan. Since we
  may handover between FR and HR, rather set the MR Config anew every time, so
  that FR rates are always available on FR lchans, and never on HR lchans.

Depends: I03ee7ce840ecfa0b6a33358e7385528aabd4873f (libosmocore),
         I1f2918418c38918c5ac70acaa51a47adfca12b5e (libosmocore)
Change-Id: I82e3f918295daa83274a4cf803f046979f284366
 2018-07-28 12:18:23 +02:00
Neels Hofmeyr 596c402835 add gsm_timers, for Tnnn definitions usable by FSMs 
Change-Id: If212fcd042051b6fa53484254223614c5b93a9c6
 2018-07-28 12:18:23 +02:00
Neels Hofmeyr 68455f30a0 cosmetic: move RR functions from bsc_api.c to gsm_04_08_rr.c 
Rationale: bsc_api.c used to be a kind of kitchen sink for various
implementations, we want to dissolve it. Also, combining 0808 and 0408 in the
same c file causes "weird" linking dependencies for utility and test programs.

bsc_api.c will be completely dissolved in upcoming
Ib7ce026b52d4ba3e53a8b2824e74ea92432c48c5.

Change-Id: Ie8ee334145bf7bc3a601d395ea7ab9b2009b61c7
 2018-07-28 12:18:23 +02:00
Neels Hofmeyr 6242742d20 rename gsm_04_08_utils.[hc] to gsm_04_08_rr 
"utils" suggests thin helpers to aid using a proper API, while this .c file
actually *is* the proper RR API. Rename from "utils" to "rr".

Change-Id: I0ffff63d57f03cb324df8e40e41caea5b55a2c85
 2018-07-28 12:18:23 +02:00
Neels Hofmeyr 149160f9f1 fix / clarify rsl dtap cache 
In certain situations like handover or assignment, DTAP must not go out via RSL
directly but is cached to be submitted later. Make sure that all RSL DTAP
sending adheres to this:

gscon_submit_rsl_dtap() is the new "public" API to request an RSL DTAP to be
sent. Depending on the gscon's state, this ends up in the cache or is sent
directly. When caching, there is no way to tell whether sending will succeed or
not, so semantically it does not make sense to even return a result code. Just
return void. Change all "public" callers to gscon_submit_rsl_dtap().

Merge gsm0808_submit_dtap() and submit_dtap() guts to gsm0808_send_rsl_dtap(),
static in bsc_subscr_conn_fsm.c: directly send DTAP, assume a conn->lchan to be
present, or otherwise trigger a BSSMAP Clear Request.

The static submit_dtap() becomes a thin convenience wrapper.

Move ho_dtap_cache* functions to bsc_subscr_conn_fsm.c and rename to
gscon_dtap_cache_* -- they are not only for handover, also for assignment.

Function gsm0808_submit_dtap() m
Introduce function gscon_submit_rsl_dtap()

Change-Id: I6ffd7aa641c8905292c769400048c96aa0949585
 2018-07-28 12:18:23 +02:00
Neels Hofmeyr 3b5de1b668 doc: update/fix FSM charts 
These reflect the plan for refactoring, and will be implemented by
I82e3f918295daa83274a4cf803f046979f284366 and
Id7a4407d9b63be05ce63f5f2768b7d7e3d5c86fb

Change-Id: I29e31b753e23a4207662e0e385a337e7df836f45
 2018-07-28 12:18:23 +02:00
Neels Hofmeyr 431e085736 inter-BSC HO: neighbor_ident API: drop 9bit BSIC 
9-bit BSIC exist in the 3GPP specs, but we don't use them anywhere. Rather
remove that choice from the API and UI.

Change-Id: I29b92f47da2636d3a19f073755f9382fa98f9010
 2018-07-28 12:18:23 +02:00
Neels Hofmeyr 19bed23065 inter-BSC HO: add neighbor_ident API to manage neighbor-BSS-cells 
Depends: Ia71ba742108b5ff020997bfb612ad5eb30d04fcd (libosmocore)
Change-Id: I0153d7069817fba9146ddc11214de2757d7d37bf
 2018-07-28 12:18:23 +02:00
Pau Espin 08d02dd510 Bump version: 1.2.1.92-93916-dirty → 1.3.0 
Change-Id: Ic8f12e8a6e3a98f7c69920b27d08a5e7e3eebc31
 2018-07-27 19:25:05 +02:00
Philipp Maier 93916be8d5 rsl: use 3GPP assigned payload type constants from libosmo-netif 
The payload constants for AMR, EFR, GSM-FR, and GSM-HR are already
defined in libosmo-netif, there is no need to re-define them locally.

- include rtp.h from libosmo-netif in abis_rsl.c
- remove duplicate payload type constants

Change-Id: Ib6a866b29d863d6875c67748dbe6b6468941ab29
Related: OS#2728
 2018-07-26 14:13:09 +02:00
Daniel Willmann 3ff76b02ce git-version-gen: Don't check for .git directory 
This check is not in all our repos that use git-version-gen. Indeed it
seems to be a leftover of openbsc where I think it wanted to ensure
being called in the openbsc subfolder or something? libosmocore e.g.
doesn't have it.

In any case .git being a directory is not always true (if using git
worktree) so remove this check.

Change-Id: I976dd4ff20cc5b220b244b1fb6192c0528c32638
 2018-07-24 18:04:51 +02:00
Neels Hofmeyr ab2248e8c9 BTS codec pref legacy compat: allow all codecs per default 
Legacy compat: we used to not check the BTS codec-pref settings upon assignment
until we added checks for the BTS codec-pref in osmo-bsc
5bc43cd107, change-id
I285234e9c81de74d9fb9907fca2c443b08537435, "codec_pref: check bts codec
support". From that commit onwards, config setups without a 'codec-pref'
potentially stop working (like all osmo-gsm-tester runs just did), because with
no codec-pref settings, now only FR is permitted, while before the patch, we
would allow any codecs as long as MSC and the overall BSC config agree on them.
So, upon BTS initialization, enable all codecs. These get reset to a more fine
grained selection IF a 'codec-support' config appears in the config file (see
bsc_vty.c).

Change-Id: I4650a1f8e350c6f74f48391f43ddfe771be01e1b
 2018-07-24 15:27:50 +02:00
Neels Hofmeyr 629a43a4c2 various logging: fix missing/extra newlines 
Change-Id: Id2619d0d45eb2686246c03643b4a578392a54cfe
 2018-07-23 01:29:23 +02:00
Neels Hofmeyr 31716f981a hodec2 log: less verbose, more concise logging 
Drop numerous log statements that merely bloat the ho decision log.

Logging HO candidates: log more compact in a single line, do not use LOGPC and
multiline output. The result is more useful information in a quarter of the log
lines.

LOGPHOLCHAN(), LOGPHOLCHANTOBTS():
- log lchan->type instead of lchan->ts->pchan
- always log the speech mode

===== Before =====

DHODEC handover_decision_2.c:1131 (lchan 0.010 TCH/F) (subscr IMSI:000001) MEASUREMENT REPORT (1 neighbors)
DHODEC handover_decision_2.c:1136 (lchan 0.010 TCH/F) (subscr IMSI:000001)   0: arfcn=871 bsic=63 neigh_idx=0 rxlev=30 flags=0
DHODEC handover_decision_2.c:261 (lchan 0.010 TCH/F) (subscr IMSI:000001) neigh 871 rxlev=30 last_seen_nr=3
DHODEC handover_decision_2.c:1158 (lchan 0.010 TCH/F) (subscr IMSI:000001) HODEC2: evaluating measurement report
DHODEC handover_decision_2.c:1175 (lchan 0.010 TCH/F) (subscr IMSI:000001) Measurement report: average RX level = -110
DHODEC handover_decision_2.c:1190 (lchan 0.010 TCH/F) (subscr IMSI:000001) Virtually improving RX level from -110 to -105, due to AFS bias
DHODEC handover_decision_2.c:1220 (lchan 0.010 TCH/F) (subscr IMSI:000001) Attempting handover/assignment due to low rxlev
DHODEC handover_decision_2.c:899 (lchan 0.010 TCH/F) (subscr IMSI:000001) Collecting candidates for Assignment and Handover
DHODEC handover_decision_2.c:407 (lchan 0.010 TCH/F)->(BTS 0) (subscr IMSI:000001) tch_mode='SPEECH_AMR' type='TCH_F'
DHODEC handover_decision_2.c:313 (lchan 0.010 TCH/F) (subscr IMSI:000001) FR3 supported
DHODEC handover_decision_2.c:313 (lchan 0.010 TCH/F) (subscr IMSI:000001) HR3 supported
DHODEC handover_decision_2.c:489 (lchan 0.010 TCH/F)->(BTS 0) (subscr IMSI:000001) removing TCH/F, already on TCH/F in this cell
DHODEC handover_decision_2.c:573 (lchan 0.010 TCH/F)->(BTS 0) (subscr IMSI:000001) TCH/H would not be congested after HO
DHODEC handover_decision_2.c:605 (lchan 0.010 TCH/F)->(BTS 0) (subscr IMSI:000001) TCH/H would not be less congested in target than source cell after HO
DHODEC handover_decision_2.c:609 (lchan 0.010 TCH/F)->(BTS 0) (subscr IMSI:000001) requirements=0x30
DHODEC handover_decision_2.c:704  - current BTS 0, RX level -110
DHODEC handover_decision_2.c:707    o free TCH/F slots 3, minimum required 0
DHODEC handover_decision_2.c:709    o free TCH/H slots 4, minimum required 0
DHODEC handover_decision_2.c:714    o no requirement fulfilled for TCHF (no assignment possible)
DHODEC handover_decision_2.c:737    o requirement A B fulfilled for TCHH (not congested after assignment)
DHODEC handover_decision_2.c:407 (lchan 0.010 TCH/F)->(BTS 1) (subscr IMSI:000001) tch_mode='SPEECH_AMR' type='TCH_F'
DHODEC handover_decision_2.c:313 (lchan 0.010 TCH/F) (subscr IMSI:000001) FR3 supported
DHODEC handover_decision_2.c:313 (lchan 0.010 TCH/F) (subscr IMSI:000001) HR3 supported
DHODEC handover_decision_2.c:563 (lchan 0.010 TCH/F)->(BTS 1) (subscr IMSI:000001) TCH/F would not be congested after HO
DHODEC handover_decision_2.c:573 (lchan 0.010 TCH/F)->(BTS 1) (subscr IMSI:000001) TCH/H would not be congested after HO
DHODEC handover_decision_2.c:595 (lchan 0.010 TCH/F)->(BTS 1) (subscr IMSI:000001) TCH/F would not be less congested in target than source cell after HO
DHODEC handover_decision_2.c:605 (lchan 0.010 TCH/F)->(BTS 1) (subscr IMSI:000001) TCH/H would not be less congested in target than source cell after HO
DHODEC handover_decision_2.c:609 (lchan 0.010 TCH/F)->(BTS 1) (subscr IMSI:000001) requirements=0x33
DHODEC handover_decision_2.c:701  - neighbor BTS 1, RX level -110 -> -80
DHODEC handover_decision_2.c:707    o free TCH/F slots 4, minimum required 0
DHODEC handover_decision_2.c:709    o free TCH/H slots 4, minimum required 0
DHODEC handover_decision_2.c:712    o requirement A B fulfilled for TCHF (not congested after handover)
DHODEC handover_decision_2.c:737    o requirement A B fulfilled for TCHH (not congested after handover)
DHODEC handover_decision_2.c:914 (lchan 0.010 TCH/F) (subscr IMSI:000001) adding 2 candidates from 1 neighbors, total 2
DHODEC handover_decision_2.c:1020 (lchan 0.010 TCH/F)->(BTS 1) (subscr IMSI:000001) Best candidate, RX level -80
DHODEC handover_decision_2.c:625 (lchan 0.010 TCH/F)->(BTS 1) (subscr IMSI:000001) Triggering Handover
DHODEC handover_decision_2.c:688 (lchan 0.010 TCH/F)->(BTS 1) (subscr IMSI:000001) Triggering handover to TCH/F, due to low rxlevel
DHO handover_logic.c:133 (BTS 0 trx 0 ts 1 lchan 0 TCH/F)->(BTS 1 lchan TCH_F) Initiating Handover...
DMSC handover_logic.c:135 SUBSCR_CONN[0x612000000520]{ACTIVE}: Received Event HO_START
DHODEC handover_logic.c:172 (BTS 0 trx 0 arfcn 870 ts 1 lchan 0 TCH/F)->(BTS 1 trx 0 arfcn 871 ts 1 lchan 0 TCH/F) (subscr IMSI:000001) Triggering Handover

===== After =====

DHODEC handover_decision_2.c:1039 (lchan 0.010 TCH_F SPEECH_AMR) (subscr IMSI:000001) MEASUREMENT REPORT (1 neighbors)
DHODEC handover_decision_2.c:1044 (lchan 0.010 TCH_F SPEECH_AMR) (subscr IMSI:000001)   0: arfcn=871 bsic=63 neigh_idx=0 rxlev=30 flags=0
DHODEC handover_decision_2.c:1097 (lchan 0.010 TCH_F SPEECH_AMR) (subscr IMSI:000001) Avg RX level = -110 dBm, +5 dBm AFS bias = -105 dBm; Avg RX quality = -1 (invalid), +0 AFS bias = -1
DHODEC handover_decision_2.c:1122 (lchan 0.010 TCH_F SPEECH_AMR) (subscr IMSI:000001) RX level is TOO LOW: -105 < -100
DHODEC handover_decision_2.c:677 (lchan 0.010 TCH_F SPEECH_AMR)->(BTS 0) (subscr IMSI:000001) RX level -110; TCH/F={free 3 (want 0), [-] not a candidate}; TCH/H={free 4 (want 0), [ABC] good}
DHODEC handover_decision_2.c:671 (lchan 0.010 TCH_F SPEECH_AMR)->(BTS 1) (subscr IMSI:000001) RX level -110 -> -80; TCH/F={free 4 (want 0), [ABC] good}; TCH/H={free 4 (want 0), [ABC] good}
DHODEC handover_decision_2.c:928 (lchan 0.010 TCH_F SPEECH_AMR)->(BTS 1) (subscr IMSI:000001) Best candidate, RX level -80
DHODEC handover_decision_2.c:641 (lchan 0.010 TCH_F SPEECH_AMR)->(BTS 1) (subscr IMSI:000001) Triggering handover to TCH/F, due to low rxlevel
DMSC handover_logic.c:125 SUBSCR_CONN[0x612000000520]{ACTIVE}: Received Event HO_START
DHODEC handover_logic.c:169 (BTS 0 trx 0 arfcn 870 ts 1 lchan 0 TCH_F SPEECH_AMR)->(BTS 1 trx 0 arfcn 871 ts 1 lchan 0 TCH/F) (subscr IMSI:000001) Triggering Handover

Change-Id: If1add9b57a051d32b67a4a08ab47a9655aa9dd17
 2018-07-23 01:29:23 +02:00
Philipp Maier 12f79f6e10 chan_alloc: reset rtp voice related bits in lchan_free() 
The function lchan_free() is supposed to reset the lchan so that
it can be used by another connection. This function does not yet
reset the struct memebers in lchan->abis_ip. This may lead to
confusion if some other end re-uses that lchan and finds old RTP
voice port/ip settings there. Those data must be reset to
ensure it does accidently migrate into an unrelated conext.

- do a memset to 0 on lchan->abis_ip in lchan_free()

Change-Id: I0c99494292cd1d058a19a21413d0ddb51471c6be
Related: OS#3396
 2018-07-22 07:26:52 +00:00
Pau Espin bd3de187e8 ctrl: Avoid sending back received ERROR msgs 
Change-Id: If0cd4d435acd13dd132248c521e6bb0182de0deb
 2018-07-22 06:23:01 +00:00
Philipp Maier 5bc43cd107 codec_pref: check bts codec support 
The vty option bts->codec-support allows the user to set the supported
codecs per BTS level. However, those values are currently only used to
make the handover decision but the logic that handles the BSSMAP
ASSIGNMENT REQUEST does not check those flags.

- Do not ignore bts->codec-support flags on BSSMAP ASSIGNMENT REQUEST

Change-Id: I285234e9c81de74d9fb9907fca2c443b08537435
Closes: OS#3361
 2018-07-22 06:16:11 +00:00
Philipp Maier 844876f8d5 codec_pref: move match_codec_pref() to separate c-file and add unit-test 
At the moment there are three sources that may advertise a list of
supported audio codec/rate settings. There is the MS that advertises
advertises a speech codec list and the MSC that sends a channel type
information element over A and there are also settings in the bsc
configuration file that may restrict the codec/rate types that are
allowed to use.

The function match_codec_pref() looks at all of the three buckets and
selects a codec that satisfies all three. This is already a somewhat
complicated process, overit is very isolated, so lets give it its own
c-file.

Due to the lack of unit-tests it is very hard to make changes here so
lets add also unit-test to make sure that regressions are catched early.

- Put match_codec_pref() and all its helper functions into a separate
  c-file.
- Add a unit test.

Change-Id: Iabedfdcec8b99a319f2d57cbea45c5e36c7b6e29
Related: OS#3361
 2018-07-22 06:16:11 +00:00