Problem:
lchan->tch.dtx.dl_amr_fsm struct failed to allocate in l1sap_chan_act routine
in l1sap.c due to illegal characters contained in lchan->name which are passed to
osmo_fsm_inst_alloc routine. As a result, lchan->tch.dtx.dl_amr_fsm is NULL
causing BTS crashed (SEG FAULT) when trying to access this struct.
Below is snapshot of crash log obtained by GDB:
...
Fri Nov 24 18:13:55 2017 <0000> rsl.c:1653 payload type: 98
Fri Nov 24 18:13:55 2017 <0000> rsl.c:1463 (bts=0,trx=0,ts=2,ss=0)
RSL Tx IPAC_MDCX_ACK (local 127.0.0.1:11538, remote 127.0.0.1:30012)
Program received signal SIGSEGV, Segmentation fault.
0x00031930 in dtx_dl_amr_fsm_step (lchan=lchan@entry=0xb69592a8,
rtp_pl=rtp_pl@entry=0x87ae8 " \024\351Y\363_\337\345\351f\177\373\300\210\201\200\210",
rtp_pl_len=17, fn=1728481, l1_payload=0x10dd25 "", marker=marker@entry=true,
len=len@entry=0x10ddc4 "\024", ft_out=0xbefff7d7 "\002",
ft_out@entry=0xbefff7cf "\276\341_\032") at msg_utils.c:233
233 msg_utils.c: No such file or directory.
...
Fix:
* Use different formatting for lchan name passed to osmo_fsm_inst_alloc routine
* Refuse channel activation if FSM could not be generated (as opposed to crash)
Related: OS#2606
Reported-by: Minh-Quang Nguyen <minh-quang.nguyen@nutaq.com>
Change-Id: I929ce3703dc57acf8db569ae0e346265644d0b3c
Recently while testing new osmo-mgw, big RTP packets (around 4K bytes,
see OS#2625 for more info), were being received on the BTS, which was
aborting with the following message:
"msgb(0xff208): Not enough tailroom msgb_put (348 < 1488)"
The crash can be reproduced in a sysmobts as well as on my PC locally
with osmo-bts-trx. I used osmo-bts-trx to test that the patch solved the
abort.
Fixes: OS#2624
Change-Id: Idfde1dacc3dc3d3d5e239cf1f7e39ade7fc25975
When determining if a frame is a fill frame or not, the case
statement only conditionally handled AGCH and PCH cases. In
case a non-fill-frame was observed, the return value was uninitialized,
resulting in some non-fill-frames to be missed from GMSTAP
Change-Id: I7b46c720e34cb8ef9a91ae5da28a050439a1937d
Closes: Coverity CID#174175
* explicitly set SAPI when sending data_ind to PCU
* drop unused receiving code for BCCH SAPI
* send SI13 when PCU is connected
* send SI13 when new SI is received
Change-Id: I9e83ef792585aa962f99897d9973cef12f186bcf
Related: OS#2400
There's very little point in sending fill frames (such as empty PAGING)
or dummy UI frames via GSMTAP all the time. They serve no purpose other
than to bloat the log files and make it more difficult for users to find
the interesting bits among all this noise.
Change-Id: Icd18dafb235933c9e6aa9d98ddd8fac1522cc9ac
So far, L1SAP code is hiding RSL_CHAN_OSMO_PDCH from the bts specific
code below L1SAP. This is some kind of a hack/workaround, making code
and debug output / logs more difficult to understand.
So let's teach the lower layer how to treat RSL_CHAN_OSMO_PDCH and
remove the "hiding" code from the common l1sap.c code.
Change-Id: Iaaa833febe45b82166d3901f10cc5466a7591c19
The RSL Channel ID is best read / interpreted as hex value, not as
decimal, primarily due to the fact that it is a bit-mask of various
fields.
Change-Id: I9b72a67407870b485e7f7e8a72fa1ad30fc8ed4d
Internal l1sap dump_gsmtime has been moved to libosmocore as osmo_dump_gsmtime.
Remove use of internal function and replace with the libosmocore version.
Depends on libosmocore Ib5452e2c20f53006c0f6d197fb055728947125d8
Change-Id: Ia2f89965d970ed5bbb8c0d4f591a043e58c4bd66
After latest changes, l2 expects to receive an event for every TCH
frame, that is, no TCH frame event should be lost on that layer. We
should now then be safe returning always GSM_RTP_DURATION.
The code which used to calculate the variable duration is left there to
assert that indeed we are not longer having this kind of issues.
Change-Id: I9d112c6db142be138e71393e77129e6d069d9973
We want to always call l1if_tch_rx and l1sap_up in order to avoid losing triggering
events on the upper layer.
With this change, the upper layer will increase correctly seq + ts for
RTP. It will then send an RTP packet with only the header and no payload, which is
not correct but at least we avoid drifting the RTP clock. Upcoming patch
in the series solves this issue.
This patch assumes that we are not lossing data events from the physical
layer and that we receive an event every 20ms, even if the MS is not
transmitting due to DTX.
Depends on libosmocore If4ae20c22b881e94585dad710f17b9e37f77bf82
Change-Id: If5df8940fab833eb4e3ed851880b66987d356031
When we're in loopback testing mode for PDTCH, we must make sure to
avoid adding PTCCH blocks to the queue. Only PDTCH blocks must be
enqueued. For the transmit (downlink) side, we already had the PTCCH
check in place.
Change-Id: I7ef40d9bdf74a99375bc6568ed9483499664bf6f
This add support for BTS-side lookback of PDTCH channels.
If lchan-loopback is enabled, We take the uplink frames as received in
PH-DATA.ind and put them into the dl_tch_queue for that lchan. When we
receive PH-RTS.ind, we dequeue frames from that queue and transmit them
in downlink. If no frame is found in queue, we transmit an empty
(all-zero) frame of 23 bytes (CS-1).
Change-Id: Idd07a3f4a88c38398d3e844333c0104e2de23864
When the lchan is in loopback mode, we loop back all uplink blocks into
downlink blocks. We do not processs any RTP frames for that lchan
anymore. Rather, we discard those RTP frames to avoid mixing
looped-back samples with those received from remote.
Change-Id: I29ef4963e9c491c94c413cbc10436a2388c04d9b
In some situations (e.g. when trying to do measurements/testing on the
BTS receiver / uplink) it is useful to have a way to disable the radio
link timeout and keep any channel open until deactivated, irrespective
of whether (valid) data is received or not.
This adds a related feature that can be activated by using an
osmocom-specific value of 0xff for the TS 12.21 Connection Failure
Criterion (9.4.14).
Change-Id: I736f21f6528db5c16fa80cdb905af20673797be5
Computing the measurement results on in l1sap_info_time_ind() all
at once may peak the host CPU. On smaller systems (arm based
sysmobts) this might cause a noticable delay of other important
tasks (e.g. passing l2 messages back and forth) It makes more
sense to compute the measurement results continously when
l1sap_info_meas_ind() is executed.
Change-Id: Iecb9a30c0d716bfc88221cd752b1ffdc74269e30
RTP jitter increases continuously because duration is not
updated when speech resumes in DTX mode.
Change-Id: Ib51ed95a449369222c957b3acebd9ce1f66c5435
Add optional MS timing offset (3GPP TS 45.010 § 1.2) to RSL MEASUREMENT
RESULT (3GPP TS 48.058 § 8.4.8). The value is calculated either directly
from corresponding BTS measurement or from 3GPP TS 48.058 § 9.3.17
Access Delay (for known TA) and is invalidated after RSL report is sent
until new measurement indication or RACH is received.
Change-Id: I4dfe5c48834a083e757d5de3236a02e15a238b28
Related: OS#1574
In some cases, when successive mobile originated calls are made, the LAPDm UA
message gets lost because the channel is relased to early. Too overcome the
problem we do not send relase indications immediately. Instead a flag will be
set and the message stored and sent on the next TCH-RTS-IND.
This commit adds the functionality to store the release indication msg, to
rsl.c. It also addes the mechanism to forward the release indication to l1sap.c
See also coresponding change in openbsc.git:
Change-Id I15fc1ef8e9e83f009bde96de9a8e95702cffbce6
This patch is is a slightly improved/reformatted version of:
95d1f15ad1
Change-Id: Ie4f70c75f0137b4bd72d579b3a32575bac2fca38
* make oml_tx_failure_event_rep() static and use osmo_signal_dispatch()
wrapped into oml_fail_rep() to trigger event reports outside of oml.c
instead of directly calling into OML layer
* remove unnecessary formatting from text messages
Related: OS#1615
Change-Id: I738555c547926e97b325ab53763c0076c42309bc
This bug was introduced in the recently merged
commit 1e399f888e
aka change-id I87f40f5f160a4f6750c4f3d06997fc4f24049303
Fixes: coverity-scan CID#160156 and CID#160155
Change-Id: I88ed1b3e59213acdf97f88eda097b8172b952a5e
The counting of the expired rach slots in l1sap.c is not correctly
implemented. This commit fixes the implementation. The expired
rach slots are now conted correctly according to the configured
channel combination. If a CCCH and SDCCH are combined, only the
frames related to rach slots are counted.
Change-Id: I87f40f5f160a4f6750c4f3d06997fc4f24049303
* Unlike in AMR FR, in AMR HR incoming ONSET have to be treated
differently depending on whether we've recently sent SID UPDATE or
EMPTY frame. Split ST_SID_U FSM state into 2 states to accommodate for
that and make sure that additional states specific to AMR HR are not
used for AMR FR.
* Avoid sending E_VOICE and E_SID_U in corresponding states
as those do not initiate FSM state transitions anyway. This decrease
extra load from FSM signalling which otherwise would be triggered on
per-frame basis.
* Introduce separate signal for SID First P1 -> P2 transition to avoid
confusion with E_COMPL and E_SID_U initiated transitions from P1
state.
* Don't init DTX FSM for SDCCH channels.
Change-Id: I229ba39a38a223fada4881fc9aca35d3639371f8
Related: OS#1801
Previously timestamp was always adjusted according to FN difference. In
case of ONSET event this causes unnecessary TS gap with subsequent
speech packet. Fix this by checking Marker bit before performing
adjustment.
Change-Id: I9bf4b45aa990dd4014334dd846f43f793366056c
Related: OS#1801
Having RTP metadata is useful for debugging - save Sequence Number and
Timestamp next to Marker bit from RTP header.
Change-Id: I359b3bcb74fbfc071547fe2f9d837829374fe997
Do not assume that 1 == BS_AG_BLKS_RES but take that information from
SI3. Note: due to current implementation quirks we activate channels
before SI3 obtained, than we deactivate channels upon receiving SI3 and
activate them again. This might not be necessary once we migrate to
proper OML state machines.
This affects lc15 and sysmo hw.
Change-Id: I11377b12680ac3b2f77f80e742b6f0af63fc9c1e
Related: OS#1575
By default l1sap_tch_ind() returns 0 which signals to its caller that message
has been processed and can be freed. In case of loopback we're forwarding
the message to dl_tch_queue who will free it later. Returning 1 from
l1sap_tch_ind() prevents caller from freeing message.
Change-Id: I1e065075baa51c88fa717f132e1f0a83df68be02
Having duplicated code to fill in fn & tn values makes it harder to read
and modify static gsmtap_p* functions. Fix this by removing the
duplication and moving the common code one level up.
Change-Id: I0e67bf7423424cc11435bc0a5a1110297eeee383
Introduce dtx_dl_amr_enabled() function which checks that DTX is enabled
and FSM is allocated and use it for all corresponding checks.
Change-Id: Ifa68b641265ed14f242765c85e40da2d1021a541
* re-introduce ST_ONSET_F to guard from repetitive ONSET messages in case
multiple FACCH occur duriing DTX silence period.
* produce ONSET event after both SID FIRST and UPDATE in case of AMR FR.
* always dispatch E_SID_F (SID FIRST) signal if in talkspurt.
* allow E_SID_* right after ONSET (zero-length talkspurt).
* add missing E_ONSET signal description.
* fix FSM transitions for AMR HR *Inhibited and First P*.
* fix incorrect return from l1if_tch_encode() in ONSET FACCH with
incoming SID UPDATE
Change-Id: I0e9033c5f169da46aed9a0d1295faff489778dcf
Related: OS#1801
SDCCH occupy lchan 0..3 in combined configuration so for CCCH we've
always used lchan[4] - replace it with CCCH_LCHAN define and add
comment.
Change-Id: Ic5d742c292d638f119c6b4672120c1950adeb7f0
Use dedicated FSM to handle all DTX DL related events:
- add explicit checks if DTX DL is enabled (fixes regression for non-DTX
setup introduced in 654175f33b)
- fix handling of AMR CMI for SPEECH frames
- add FSM for DTX DL
- sync with corresponding changes in OpenBSC's
- handle FACCH-related DTX ONSET events
This affects both lc15 and sysmobts and requires corresponding change in
OpenBSC (Change-Id: Idac8609faf9b5ced818fde899ccfc6ed0c42e8fd).
Change-Id: I74a0b42cb34d525b8a70d264135e82994ca70d31
Previously FN was converted to millisecondss incorrectly due to wrong
conversion between FN and a number of voice samples. The conversion
should be based on following:
* there are 12/13 useful frames for audio in TCH
* there is 1 RTP packet per 4 frame
* there are 160 samples per RTP packet
Fixes: OS#1801
Change-Id: I9cc70cacabde98621aa892cee74f4ac461645093
Use "impossible" dummy value to initialize last_fn to prevent dropping
of 1st RTP frame due to timestamp jump.
Fixes: OS#1803
Change-Id: I485af21f6761048d12dc7f5552fcdd46daf786ed
If Marker bit is set than it's a talkspurt which we have to explicitly
indicate to L1 by first sending ONSET message and than actual voice
data in a separate message.
This change affect sysmobts and LC15 hw.
Change-Id: I88c41568bcb0d82699f617adc4ad192603dd1bb6
Related: OS#1750
Prepare for a dyn TS patch that needs to call rsl_tx_chan_act_ack() directly
without the rel_act_kind decision.
Add function rsl_tx_chan_act_acknack() to wrap rsl_tx_chan_act_ack() and
rsl_tx_chan_act_nack(). Move the decision whether to drop the ack/nack, based
on lchan->rel_act_kind, to the new function, losing some code dup.
Change all callers to use the new function; drop the two older ones from rsl.h
and make them static.
Note: for nack, the exception for dyn TS in PDCH mode was missing
(rsl_tx_chan_act_nack() had only the rel_act_kind != LCHAN_REL_ACT_RSL
condition, but should also have had the dyn TS exception as in
rsl_tx_chan_act_ack()). I already know that this exception will again be
removed in an upcoming commit, but for patch readability it logically makes
sense to add it here. To easily include the nack case, drop the check for which
pchan the dyn TS is operating as, because a rel_act_kind == LCHAN_REL_ACT_PCU
implies that it is either already in or trying to become PDCH mode.
Change-Id: I57ba60c670730c6d7877a6a9b96ece0a7679a0bb
Have one common ts_is_pdch(), placed in lchan.c, since this file is pretty
empty and pretty close to ts. Publish in gsm_data.h.
Remove the if-style implementation from l1sap.c, and instead implement in a
switch statement.
This prepares for upcoming ts_is_pdch() usage in ph_data_req() for sysmo and
lc15.
Change-Id: Ib78d663fdbac5a1d7053f1b9d543649b66da00e2
Interface structure between osmo-bts and osmo-pcu is updated with the
parameters to differentiate the type of RACH and further support 11 bit
RACH. The function prototype and definitions are changed accordingly.
Interface version number is increased.
Change-Id: I4f4c501b2d86d77c78de32a84b1804172ffb6f4d
Apply similar fixes as for TCH/F_PDCH also for TCH/F_TCH/H_PDCH:
Detect dyn TS in PDCH mode in ts_is_pdch().
In trx_set_ts(), enhance the "if (TCH_F_PDCH)" to a switch statement including
both dynamic channel types. Adjust the comment to include both kinds.
Change-Id: I6669739cd08780cd9ffb9451cdae9f6b9704c4fe
Fill in values for BER, BTO, Link quality in L1SAP and send them to
PCU. Note: this increases the version of BTS <-> PCU protocol. It also
requires corresponding changes in libosmocore.
All BTS models provide measurements data unless direct DSP access for
PCU is enabled. For BTS-specific notes see below.
Octphy: conversion from sSNRDb to Link Quality uses formulae which works
in practice instead of what's documented for sSNRDb value. Subject to
change in future revisions.
TRX: C / I link quality estimator is not computed.
Change-Id: Ic9693a044756fb1c7bd2ff3cfa0db042c3c4e01c
Related: OS#1616
In l1sap_ph_rts_ind(), l1sap_ph_data_ind() and to_gsmtap(), the decision
to handle a TS as PDCH was still missing for dynamic TS.
It is not yet clear why this did not impact functionality for dynamic timeslots
on other BTS models. AFAICT they should not work without this patch, but in
fact they do. It would be nice to clarify this some day.
Change-Id: I7b873a089a3de70d980885a7539cb91997464743
common/l1sap: For dyn TS, the BSC will issue RSL Chan Activ requests with a
non-standard chan_nr. While the rest of the code now understands that, the L1
phy will not. Translate to standard PDCH (== TCH/F).
common/oml: use dyn TS' current pchan mode for lchans config.
common/pcu_sock: detect desired PDCH mode of dyn TS.
common/rsl: implement reconnection chain of a TS for changing its pchan:
* rsl_rx_chan_activ():
** Add dyn_pchan_from_chan_nr() to derive the requested pchan from the RSL
chan_nr IE.
** Notice the need for a pchan change and invoke dyn_ts_l1_reconnect() (s.b.)
** Make Chan Mode IE presence optional, because the non-standard PDCH
activation message is simpler and does not require it.
** Do PDCH activation via PCU.
* Add dyn_ts_l1_reconnect(): store state and disconnect the L1 channel;
then wait for cb_ts_disconnected().
* Add osmo_dyn_ts_disconnected() to cb_ts_disconnected():
verify state and connect with the new pchan type; then wait for
cb_ts_connected().
* Add osmo_dyn_ts_connected() to cb_ts_connected(), which re-issues
the cached chan activation message from before disconnecting the L1 channel.
* Also send an rf chan rel/act ack for dyn TS upon PDCH de/act via PCU.
* Add dyn_ts_pdch_release(): on channel release of a dyn TS in PDCH mode,
release via the PCU. Call from rsl_rx_rd_chan_rel().
Change-Id: I463bb6b4e57674f091c3badba9257374961c52c7
We're about to introduce a new kind of dynamic channel, which will also use
parts of the ip.access mode dyn PDCH code paths. Make sure the general parts
have general names and mark ip.access specific parts as such.
Rename dyn_pdch_ts_[dis]connected() to cb_ts_[dis]connected().
Rename dyn_pdch_complete to ipacc_dyn_pdch_complete().
From cb_ts_[dis]connected(), factor out the current code into static
functions ipacc_dyn_pdch_[dis]connected() -- this will make sense once the
new dynamic kind is added to cb_ts_[dis]connected().
Change-Id: I7da5b7cb7b48572671f50e0dec97d9eec3083df1
React on IPAC PDCH ACT and DEACT messages and invoke the PCU and bts_model_ts_*
APIs to effect switchover. The dyn PDCH interaction is described in the comment
to rsl_rx_dyn_pdch(), the main entry point for PDCH switchover.
In case the bts_model_ts_* are not implemented (or return other errors),
reply with an IPAC PDCH ACT/DEACT NACK.
Add callbacks that mark steps in the PDCH switchover process,
dyn_pdch_ts_disconnected(), dyn_pdch_ts_connected() and dyn_pdch_complete().
Add hooks in l1sap.c on channel activation and release confirmation, to call
dyn PDCH callbacks.
BTS dyn PDCH implementations should invoke dyn_pdch_ts_disconnected() and
dyn_pdch_ts_connected() when bts_model_ts_disconnect() or
bts_model_ts_connect() are called, respectively. (upcoming for sysmoBTS)
Change-Id: Id2f5f77121a65d6c14eac127b3d4fb50e97a77ab
Compute RTP user_ts adjustment based on the difference between current
and previous FN instead of hard-coded value.
Change-Id: If1677ddcf754b29990ff7cd846e11c32e3d30b33
Related: OS#1562
Reviewed-on: https://gerrit.osmocom.org/196
Tested-by: Jenkins Builder
Reviewed-by: Harald Welte <laforge@gnumonks.org>
Previously osmo-bts-octphy have not provided in-band presence
information which cause off-by-one errors and misinterpretation of
ph_data_ind by PCU. This fixed now by adding support for explicitly
passing PH-DATA presence info. Corresponding check and in-band passing
of presence information are removed.
Note: this requires libosmocore version with osmo_ph_pres_info_type
support integrated.
[hfreyther/max: Remove + 1 from the decoded length]
During the L1SAP related changes, somehow an old version of
check_for_ciph_cmd() was re-introduced, which didn't store the N(s) as
part of the lchan. To make things worse, the old code was still present
in the sysmobts specific part, but never executed.
In some situations, a PHY might send us a primitive for a logical
channel that is not (or no longer) active. Passing such primitives
higher up the stack is asking for trouble. Specifically, LAPDm
instances cannot accept messages once their instance has been released.
We introduce two new helper functions: get_lchan_by_chan_nr() as well as
get_active_lchan_by_chan_nr(). The former just centralizes the look-up
of the lchan by timeslot number and sub-slot number. The latter also
checks to ensure the lchan is active, which is used for PH-DATA / PH-RTS
primitives. To the contrary, MPH primitives generally don't require the
cahnnel to be active for processing.
MS uplink power control is required in pretty much any BTS, and we
cannot assume that they PHY / L1 will always take care of it by
itself. So the correspondign code is moved to common/power_control.c
and called from the generic part of L1SAP.
The corresponding VTY paramter has been moved from the sysmobts-specific
trx VTY node to the common BTS VTY node.
There are three transitions:
1. LCHAN_CIPH_NONE -> LCHAN_CIPH_RX_REQ -> LCHAN_CIPH_RX_CONF
It is used to enable ciphering in RX (uplink) direction only.
2. LCHAN_CIPH_RX_CONF -> LCHAN_CIPH_RX_CONF_TX_REQ -> LCHAN_CIPH_RXTX_CONF
It is used to additionally enable ciphering in TX (downlink) direction.
3. LCHAN_CIPH_NONE -> LCHAN_CIPH_RXTX_REQ -> LCHAN_CIPH_RX_CONF_TX_REQ
-> LCHAN_CIPH_RXTX_CONF
It is used to enable ciphering in both TX and RX directions. This is used
when the channel is activated with encryption already enabled. (assignment
or handover)
In order to follow the order of these transitions, the RX direction must
always be set before the TX direction.
If no cipher key is set (A5/0), ciphering is set to ALG 0, but lchan cipher
state remains at LCHAN_CIPH_NONE.
This part moves control channel message primitives from osmo-bts-sysmo to
common part.
In order to control ciphering fo BTS model, CIPHER (MPH_INFO) messages are
used.
The original code handled both the fact where a TIME indication would be
missed (and thus the frame number be higher than previous + 1), as well
as the two cases for combined / non-combined CCCH.
The L1SAP code removed some of those bits, which I'm re-introducing
here.
This is a regression of the code compared to the existing
sysmoBTS code, where the L1 tells us whether its AGCH or
PCH. However, it was not used even in the old code, so
we can afford to simply put a #warning here.
This first part moves BCCH message primitives from osmo-bts-sysmo to common
part. A new file "common/l1sap.c" is introduced to implement handling of
layer 1 messages from/to BTS model.
Max
Harald Welte
Pau Espin
Philipp Maier
Neels Hofmeyr