Currently the NET_DST information element (see GSM 24.008) is not
included in generated MM info messages even when the DST field in the
timezone info has been set via the VTY or the control interface.
This patch modifies gsm48_tx_mm_info() to append this information
element if (and only if) a non-zero DST has been configured. The
DST IE is not part of GSM 4.8. Therefore it will only be sent, if the
DST offset is configured to a value != 0.
The DST functionality has been verified with wireshark by Jacob.
Sponsored-by: On-Waves ehf
Currently we only set the SUBSCR on RSL messages. Extend it to
messages that go through MNCC. For call control/bridging it is
difficult to pick the right subscriber. We should support a list
or at least two legs in the imsi filter context.
In case the unpack of a USSD request is failing the channel would
remain open and the phone would not receive a response. Simply
reject the interrogation.
Example interrogation:
0000 1b 7b 1c 0d a1 0b 02 01 01 02 01 0e 30 03 04 01
0010 11 7f 01 00
Sylvain pointed out that in the current crash log the transaction
we try to read the SMS from is actually a transaction for Call
Control. On AMD64 the struct layout is different and that leads to
a crash when the CC transaction is in front of the SMS transaction.
Look at the trans->protocol to fix the crash. The issue got
introduced in 6a3d765bf9 (2010)
when I added the SAPI N Reject handling.
#0 smpp_sms_cb (subsys=1, signal=4, handler_data=0xbb8270, signal_data=0x7fff33574ea0)
at smpp_openbsc.c:284
284 if (sms->source != SMS_SOURCE_SMPP)
(gdb) bt
#0 smpp_sms_cb (subsys=1, signal=4, handler_data=0xbb8270, signal_data=0x7fff33574ea0)
at smpp_openbsc.c:284
#1 0x00007f424e4a094c in osmo_signal_dispatch (subsys=1, signal=4,
signal_data=0x7fff33574ea0) at signal.c:105
#2 0x000000000042b070 in send_signal (sig_no=<optimized out>, trans=<optimized out>,
sms=<optimized out>, paging_result=<optimized out>) at gsm_04_11.c:125
#3 0x000000000042ccd2 in gsm411_sapi_n_reject (conn=0xec6790) at gsm_04_11.c:1000
#4 0x0000000000408983 in send_sapi_reject (link_id=<optimized out>, conn=<optimized out>)
at bsc_api.c:733
#5 rll_ind_cb (_data=<optimized out>, lchan=<optimized out>, link_id=<optimized out>,
rllr_ind=<optimized out>) at bsc_api.c:755
#6 rll_ind_cb (lchan=<optimized out>, link_id=<optimized out>, _data=<optimized out>,
rllr_ind=<optimized out>) at bsc_api.c:736
#7 0x000000000041f8d2 in complete_rllr (rllr=<optimized out>, type=<optimized out>)
at bsc_rll.c:55
#8 0x00007f424e4a03bc in osmo_timers_update () at timer.c:243
#9 0x00007f424e4a069b in osmo_select_main (polling=0) at select.c:133
#10 0x0000000000407394 in main (argc=<optimized out>, argv=0x7fff33575238) at bsc_hack.c:346
(gdb) frame 3
#3 0x000000000042ccd2 in gsm411_sapi_n_reject (conn=0xec6790) at gsm_04_11.c:1000
1000 send_signal(S_SMS_UNKNOWN_ERROR, trans, sms, 0);
(gdb) p trans
$1 = (struct gsm_trans *) 0xedba80
(gdb) p *trans
....
data = 0x1}}, sms = 0x3439323400000003}}}
(gdb) p trans->protocol
$4 = 3 '\003'
Avoid a crash when reading a SMS and a Subscriber could not be resolved.
It is not clear why the read was failing. The sender_id and the receiver_id
was valid for the given sms. I assume that the database has been locked
due external access to it.
The side-effect is that in case of such a failure the sms_queue will start
to deliver starting from subscriber id = 0 again.
#1 0x0000000000428bec in sms_from_result (net=0x156a270, result=0x15eda30) at db.c:1146
#2 0x000000000042a8e0 in db_sms_get_unsent_by_subscr (net=0x156a270,
min_subscr_id=<optimized out>, failed=<optimized out>) at db.c:1255
#3 0x000000000042e900 in take_next_sms (smsq=<optimized out>) at sms_queue.c:193
#4 sms_submit_pending (_data=0x158e300) at sms_queue.c:227
#5 0x00007f3fd30de3bc in osmo_timers_update () at timer.c:243
#6 0x00007f3fd30de69b in osmo_select_main (polling=0) at select.c:133
#7 0x0000000000406fbc in main (argc=9, argv=<optimized out>) at bsc_hack.c:346
(gdb) frame 1
#1 0x0000000000428bec in sms_from_result (net=0x156a270, result=0x15eda30) at db.c:1146
1146 strncpy(sms->src.addr, sms->sender->extension, sizeof(sms->src.addr)-1);
(gdb) p *sms
(gdb) p sms->sender
$1 = (struct gsm_subscriber *) 0x0
(gdb) p sender_id
$2 = <optimized out>
Sylvain pointed out that the RLL and the SMC timeout is the same.
This can lead to have a SMC re-transmission before the first RLL
Establish Request has timed out. Reduce the RLL timeout. GSM 08.58
does not specify a timeout so right now I just reduce it to seven
seconds.
conn->loc_operation is already NULL (e.g. due a five second timeout but
we are still processing a RSL message after we initiated the release
procedure). Do not attempt to authorize a subcriber without knowing the
key_sequence.
This can cause more problems but we will need to test this in the field.
(gdb) bt
#0 gsm0408_authorize (conn=0x19fc2f0, msg=<optimized out>) at gsm_04_08.c:323
#1 gsm0408_authorize (conn=0x19fc2f0, msg=<optimized out>) at gsm_04_08.c:319
#2 0x000000000043a99a in mm_rx_id_resp (conn=0x19fc2f0, msg=<optimized out>)
at gsm_04_08.c:495
#3 gsm0408_rcv_mm (msg=<optimized out>, conn=0x19fc2f0) at gsm_04_08.c:1041
#4 gsm0408_dispatch (conn=0x19fc2f0, msg=<optimized out>) at gsm_04_08.c:3232
(gdb) p *conn
$5 = {entry = {next = 0x1746930, prev = 0x1a14270}, subscr = 0x1745eb0,
expire_timer_stopped = 1 '\001', loc_operation = 0x0, sec_operation = 0x0,
anch_operation = 0x0, silent_call = 0, put_channel = 0, sccp_con = 0x0, in_release = 0,
lchan = 0x7f8c79007218, ho_lchan = 0x0, bts = 0x1719f90, T10 = {node = {
rb_parent_color = 0, rb_right = 0x0, rb_left = 0x0}, list = {next = 0x0, prev = 0x0},
timeout = {tv_sec = 0, tv_usec = 0}, active = 0, cb = 0, data = 0x0},
secondary_lchan = 0x0}
When modern Smartphones receive "Not in VLR". The baseband firmware
apparently does not try to do an IMSI ATTACH but just remains un-happy
and will not connect to the network anymore.
Let's revert it and see if we can find the real issue about the
sms being invalid. Sylvain has pointed out that we get invoked
from a timer and might not have stopped it properly.
This reverts commit 80ba9b5dd6.
I am not sure why it is crashing so this is a speculative fix based on
something we already did in 3e9b2ec257.
#0 sms_find_pending (smsq=0x2706300, sms=<optimized out>) at sms_queue.c:77
#1 sms_sms_cb (subsys=<optimized out>, signal=4, handler_data=0x26e2270,
signal_data=0x7fffdac256c0) at sms_queue.c:396
#2 0x00007fcdea94394c in osmo_signal_dispatch (subsys=1, signal=4,
signal_data=0x7fffdac256c0) at signal.c:105
#3 0x000000000042acc0 in send_signal (sig_no=<optimized out>, trans=<optimized out>,
sms=<optimized out>, paging_result=<optimized out>) at gsm_04_11.c:124
#4 0x000000000042c8e2 in gsm411_sapi_n_reject (conn=0x2722d30) at gsm_04_11.c:999
#5 0x00000000004085d3 in send_sapi_reject (link_id=<optimized out>, conn=<optimized out>)
at bsc_api.c:733
#6 rll_ind_cb (_data=<optimized out>, lchan=<optimized out>, link_id=<optimized out>,
rllr_ind=<optimized out>) at bsc_api.c:755
#7 rll_ind_cb (lchan=<optimized out>, link_id=<optimized out>, _data=<optimized out>,
rllr_ind=<optimized out>) at bsc_api.c:736
#8 0x000000000041f522 in complete_rllr (rllr=<optimized out>, type=<optimized out>)
at bsc_rll.c:55
#9 0x00007fcdea9433bc in osmo_timers_update () at timer.c:243
#10 0x00007fcdea94369b in osmo_select_main (polling=0) at select.c:133
#11 0x0000000000406fbc in main (argc=9, argv=<optimized out>) at bsc_hack.c:346
The legacy functions have a bad/wrong return value for the number
of septets in the string. Change the code to use the new functions
which will fix encoding issues as well.
Location Update Requests time out and get rejected because the
subscriber is not authorized. Authorizing the subscriber through
openBSC or sqlite3 doesn't help the subscriber is still seen and
shown as not authorized
The value is read as uint, this is the wrong type it's a (u)longlong
in libdbi 0.9.0 and later.
Currently, all timestamps are force to SeqNo*d + C which is more than
required by the nanoBTS which seems to be sensitive to alignment
errors only (dTS != k*d, d = ptime * rate = 160).
This patch replaces the force_constant_timing feature by a
force_aligned_timing feature. The timestamp offset will only be
changed (and timestamp errors counted) when the alignment does not
match to the raster based on ptime (default 20ms).
The VTY interface does not change.
Sponsored-by: On-Waves ehf
Decoding and encoding of FR and EFR TRAU frames are put into seperate
functions. CRC check is done to detect bad EFR TRAU frames.
The test case includes FR and EFR transcoding.
EFR support was tested with Nokia InSite BTS and Siemens BS11.
Currently the SDP 'ptime' media attribute is never set in generated
MGCP responses.
This patch optionally includes the 'ptime' attribute if
packet_duration_ms is != 0. This behaviour can be enabled/disabled
by using the VTY command "sdp audio-payload send-ptime" (enabled by
default).
Sponsored-by: On-Waves ehf
This patch parses the 'ptime' and 'maxptime' SDP attributes, and the
SDP rate information and sets up packet_duration_ms accordingly. If
the packet duration is unknown or allows for different values (e.g.
because 'ptime' uses a range or 'maxptime' allows for more than one
frame) the duration is set to 0.
Sponsored-by: On-Waves ehf
Currently the local connection options have been stored as a string.
This patch replaces this string by a struct (that still contains a
string) along with the parsed fields (only the packetization period
at the moment).
It also re-adds the calls to set_local_cx_options() to the
handle_create_con() and handle_modify_con() functions. Except for
the test program this has no side effects, since the LCO values
aren't used yet.
Currently the timestamp offset calculation is done in two different
places.
This patch moves and unifies both code parts into a separate function.
Sponsored-by: On-Waves ehf
Andreas highlighted that the doubel assignment is not needed and
wrong. Change the code to assign chan_list[0] before writing the
base frequency to the header. Update the testcase to make the highest
bit set and update the test result.
The IMSI can only be 15 characters in length, our define gives
us a length of 17. This means we have place for two NULs. Use
strncpy and make sure it is null-terminated.
Fixes: Coverity CID 1040707
Since the packet duration is given in ms with the 'ptime' RTP media
attribute and also with the 'p' MGCP local connection option, the
computation is changed to use this value (if present). The
computation assumes, that there are N complete frames in a packet and
takes into account, that the ptime value possibly had been rounded
towards the next ms value (which is never the case with a frame length
of exact 20ms).
Sponsored-by: On-Waves ehf
This forces the output timing to fulfill
dTS = dSegNo * fixedPacketDuration
where dSegNo = seqNo - lastSeqNo.
If timestamp patching is enabled, the output timestamp will be set
to lastTimestamp + dTS. This kind of relative updating is used to
handle seqNo- and timestamp-wraparounds properly.
The updating of timestamp and SSRC has been separated and the patch
field of mgcp_rtp_state has been renamed to patch_ssrc to reflect
it's semantics more closely. The offset fields are now used always
and will change the corresponding header field if they are != 0.
Ticket: OW#1065
Sponsored-by: On-Waves ehf
Currently the output SSRC is always forced to be the same if SSRC
patching is enabled.
This patch modifies this to optionally restrict the number of SSRC
changes that will be corrected.
Note that the configuration only allows for the 'once' mode and 'off'.
Sponsored-by: On-Waves ehf
The ssrc has been used without respect to proper byte ordering in
mgcp_patch_and_count(). This only affected log messages.
This patch introduces a new variable 'ssrc' that takes the value of
the SSRC in proper byte order.
Sponsored-by: On-Waves ehf
This patch adds a packet_duration field to mgcp_rtp_state which
contains the RTP packet's duration in RTP timestamp units or 0, when
the duration is unknown or not fixed.
Sponsored-by: On-Waves ehf
Currently seq_offset and timestamp_offset are updated on each SSRC
change even when SSRC patching is not allowed.
This patch fixes this by changing mgcp_patch_and_count() to only
update these fields when SSRC patching is allowed.
Sponsored-by: On-Waves ehf
Show old and new SSRC. Move logging command upward to show the values
immediately after the change has been detected and before any fixing
attempt is made.
Sponsored-by: On-Waves ehf
This adds datastructures and a VTY frontend to configure the
different type of RTP header patching: SSRC and timestamp.
Note that timestamp patching is not yet implemented.
Sponsored-by: On-Waves ehf
The tsdelta computation and error detection didn't handle the
intialisation phase properly.
This patches fixes this by skipping the output timing validation
when the SSRCs don't match.
Sponsored-by: On-Waves ehf
So far the SDP part of the CRCX message has been ignored by the MGW.
This patch adds SDP parsing for this case, eventually updating the
net end's payload type and connection parameters.
Sponsored-by: On-Waves ehf
So far the payload type used in RTP streams has been taken from the
trunk configuration in NAT mode.
This patch changes the implementation to use the payload type
announced in the SDP part of MGCP messages and responses. SDP
descriptions more than one m=audio line are not yet supported
properly (always the last one is taken).
Ticket: OW#466
Sponsored-by: On-Waves ehf
The MGCP message isn't always NUL-terminated when arriving at
mgcp_handle_message(). This may lead to undefined results.
This patch ensures that the message text is NUL-terminated by
setting *msg->tail to '\0' in mgcp_handle_message().
Addresses:
<000b> mgcp_protocol.c:642 Unhandled option: 'r'/114 on 0x3
<000b> mgcp_protocol.c:593 Unhandled SDP option: '='/61 on 0x3
<000b> mgcp_protocol.c:871 Unhandled option: '.'/46 on 0x2
Sponsored-by: On-Waves ehf
This patch add the for_each_line macro based on a strline_r()
function (similar to strtok_r()), that is also part of this patch.
This strline_r() function is tolerant with respect to line endings,
it supports CR-only, CRLF, and LF-only and any combinations thereof
(note that a CRLF is always detected as a single line break).
Similar to for_each_non_empty_line (the former for_each_line) where
the 'save' pointer needed to be initialised by a call to strtok_r(),
the new for_each_line macro expects, that the 'save' pointer has been
initialised by a call to strline_r(). Also note, that
for_each_line/strline_r and for_each_non_empty_line/strtok_r may use
the 'save' pointer differently, so calls to them can not be mixed.
Sponsored-by: On-Waves ehf
The implementation of for_each_line is based on strtok() and skips
any sequence of CR and LF. Thus empty lines are never detected. There
exists code which tests for an empty line to detect the beginning of
the SDP part which is dead code currently (the parser works
nevertheless due to other reasons). So the semantics of this macro
have been misunderstood at least once.
This patch renames the macro to reflect the semantics more precisely.
Sponsored-by: On-Waves ehf
The current implementation increments the seqno but does not increment
the RTP timestamp, leading to two identical timestamps following one
after the other.
This patch fixes this by adding the computed tsdelta when the offset
is calulated. In the unlikely case, that a tsdelta hasn't been
computed yet when the SSRC changes, a tsdelta is computed based on
the RTP rate and a RTP packet duration of 20ms (one speech frame per
channel and packet). If the RTP rate is not known, a rate of 8000 is
assumed.
Note that this approach presumes, that the per RTP packet duration
(in samples) is the same for the last two packets of the stream being
replaced (the first one).
Sponsored-by: On-Waves ehf
This patch adds a test case to check, whether RTP timestamps are
generated properly after SSRC changes and whether the error counters
work properly.
Sponsored-by: On-Waves ehf
This patch modifies the patch_and_count() function to check for RTP
timestamp inconsistencies. It basically checks, whether dTS/dSeqNo
remains constant. If this fails, the corresponding counter is
incremented. There are four counter for this: Incoming and outgoing,
each for streams from the BTS and the net.
Note that this approach presumes, that the per RTP packet duration
(in samples) remains the same throughout the entire stream. Changing
the number of speech frames per channel and packet will be detected
as error.
In addition, the VTY command 'show mgcp' is extended by an optional
'stats' to show the counter values, too.
Ticket: OW#964
Sponsored-by: On-Waves ehf