This check is not in all our repos that use git-version-gen. Indeed it
seems to be a leftover of openbsc where I think it wanted to ensure
being called in the openbsc subfolder or something? libosmocore e.g.
doesn't have it.
In any case .git being a directory is not always true (if using git
worktree) so remove this check.
Change-Id: I4385cc4fb87ca4354a3c608a18aa3d2eb03a744f
The '.' is illegal character in counter names, as they are exported
via CTRL interface, where '.' has a special meaning that cannot be
used by strings comprising the variable name.
Change-Id: I93a2e5b6ec66c9edb6e93d95032e788f552af44b
When PDP CTX CREATE ACK is received with an increased RestartCtr, cb_recovery2
is called first, which will dettach ggsn from al pdp ctx (free the
pdp_t). But when giving control back from the ctrl, libgtp still uses
that freed ctx and sends it back to osmo-sgsn through cb_conf().
As specs state in any case that we need to handle the message containing
the increased RestartCtr as valid, we then need to avoid freeing the pdp
ctx and leave handling for later in cb_conf.
Depends: osmo-ggsn (libgtp) Change-Id I53e92298f2f6b84d662a3300d922e8c2ccb178bc.
Change-Id: I0989c00e18ca95a099e1a312940eaac71957b444
Previous API freed the ctx immediatelly after sending the packet, which
triggered a call to cb_delete_context() and dropped the entire
sgsn_pdp_ctx before the PDP DEL CTX ACCEPT was received. This new API
won't free the pdp ctx and we can tear down everything once we receive
the ACCEPT in cb_conf.
cb_conf is not automatically freed at cb_conf, user needs to free it, so
we need to remove setting pctx->lib to NULL in cb_conf to avoid leaking the
pdp ctx, as it needs to be freed inside sgsn_pdp_ctx_free().
Depends: osmo-ggsn (libgtp) Change-Id I29d366253bb98dcba328c7ce8aa3e4daf8f75e6c.
Change-Id: I304c59de5d137b81de3c6df0fdbe911ae3dbd1f3
if pdp->ggsn==NULL, sgsn_addr was not initialized and caused asan report
during snprintf:
==19459==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fffffffbe31 at pc 0x7ffff6e563fe bp 0x7fffffffb130 sp 0x7fffffffa8a8
READ of size 31 at 0x7fffffffbe31 thread T0
...
Address 0x7fffffffbe31 is located in stack of thread T0 at offset 337 in frame
#0 0x55555573a7b0 in cdr_snprintf_pdp osmo-sgsn/src/gprs/sgsn_cdr.c:154
...
[320, 337) 'sgsn_addr' <== Memory access at offset 337 overflows this variable
...
Change-Id: I97bc56a4e3e76725eb2717b74b3ac125b68bbf0a
field pdp->num_T_exp was being reset to 0 every time
pdpctx_timer_start() was called from gsm48_tx_gsm_deact_pdp_req().
Take the chance to test max amount of retrans to 4 as detailed in specs.
Change-Id: Iacce3c66f61578ebee37abaa287f7e183f985c1c
Scenario and behaviour before this commit:
- Received Echo Reply from GGSN has incremented RestartCounter
- func sgsn_ggsn_ctx_drop_all_pdp() is called to dettach all pdp ctx
from GGSN and request the MS to deact all related ctx.
- DEACT ACCEPT is received from MS, and then it tries to send DEL PDP CTX
to GGSN, expecting to receive a Confirmation and only then freeing the
pdp ctx.
The problem is that since the initial cause of triggering was a GGSN
restart, the GGSN doesn't know anything about that pdp ctx anymore, so
it's not useful sending it. We can instead dettach the GGSN and libgtp
ref at drop_all_pdp() time and then when we receive DEACT ACCEPT from MS
we can free the pdp ctx directly.
Change-Id: I1c74098e181552c218e152bf4ac5035cea770428
According to 3GPP TS 24.008 Section 6.1.3.4, the tear down indicator IE
maybe included in the DEACTIVATE PDP CONTEXT REQUEST message in order
to indicate whether only the PDP context associated with this specific
TI or all active PDP contexts sharing the same PDP address and APN as
the PDP context associated with this specific TI shall be deactivated.
As we don't permit/support establishing multiple PDP contexts using
the same APN and PDP address, it shouldn't really make any difference.
Nevertheless, we want to clear everything, so let's include it.
Change-Id: Ia9bc2d0e93362a8473eac5cf4c7e8ffa41c79e5b
60 seconds is used by default, which is the minimum accepted value for
this timer as per 3GPP TS 29.060 section "7.2.1 Echo Request".
Having it low by default is good for lab use in which a lot of stuff
changes over time.
Change-Id: Ia1898d172482bf6a25d829f8fc9a47824f49456f
In sgsn_pdp_ctx_terminate, a pdp ctx is terminated and the mm ctx is
detached. However, T3395 may still be armed and then pdpctx_timer_cb
will trigger, and attempt to use the pdp->mm ctx which was already
detached (set to NULL) when calling
gsm48_tx_gsm_deact_pdp_req()->mmctx2msgid().
Following list of log lines shows the scenario+crash, in which osmo-sgsn
is trying to deactivate the ctx all the time but the PCU doesn't ACK it,
and then at some point the PDP context is forced released.
osmo-sgsn/src/gprs/gprs_gmm.c:2294 MM(901700000015254/d7e9ab95) <- DEACTIVATE PDP CONTEXT REQ
osmo-sgsn/src/gprs/gprs_gmm.c:1464 MM(901700000015254/d7e9ab95) -> GMM DETACH REQUEST TLLI=0xd7e9ab95 type=GPRS detach Power-off
osmo-sgsn/src/gprs/gprs_gmm.c:313 MM(901700000015254/d7e9ab95) Cleaning MM context due to GPRS DETACH REQUEST
osmo-sgsn/src/gprs/gprs_sgsn.c:332 MM(901700000015254/d7e9ab95) Dropping PDP context for NSAPI=5
osmo-sgsn/src/gprs/gprs_sgsn.c:434 PDP(901700000015254/0) Forcing release of PDP context
osmo-sgsn/src/gprs/gprs_sndcp.c:508 SNSM-DEACTIVATE.ind (lle=0x62100001bca0, TLLI=d7e9ab95, SAPI=3, NSAPI=5)
osmo-sgsn/src/gprs/sgsn_libgtp.c:310 PDP(---/0) Delete PDP Context
osmo-sgsn/src/gprs/gprs_gmm.c:2294 MM(---/ffffffff) <- DEACTIVATE PDP CONTEXT REQ
osmo-sgsn/src/gprs/gprs_gmm.c:305:25: runtime error: member access within null pointer of type 'const struct sgsn_mm_ctx'
Program received signal SIGSEGV, Segmentation fault.
0x0000555555698c1b in mmctx2msgid (msg=0x61d0000172e0, mm=0x0)
at /home/pespin/dev/sysmocom/git/osmo-sgsn/src/gprs/gprs_gmm.c:305
305 msgb_tlli(msg) = mm->gb.tlli;
(gdb) bt
#0 0x0000555555698c1b in mmctx2msgid (msg=0x61d0000172e0, mm=0x0)
at osmo-sgsn/src/gprs/gprs_gmm.c:305
#1 0x00005555556b170a in _gsm48_tx_gsm_deact_pdp_req (mm=0x0, tid=0 '\000',
sm_cause=38 '&')
at osmo-sgsn/src/gprs/gprs_gmm.c:2297
#2 0x00005555556b1a2e in gsm48_tx_gsm_deact_pdp_req (pdp=0x6140000008a0,
sm_cause=38 '&')
at osmo-sgsn/src/gprs/gprs_gmm.c:2311
#3 0x00005555556b876c in pdpctx_timer_cb (_pdp=0x6140000008a0)
at osmo-sgsn/src/gprs/gprs_gmm.c:2717
#4 0x00007ffff355eb3e in osmo_timers_update ()
at libosmocore/src/timer.c:257
#5 0x00007ffff356255c in osmo_select_main (polling=0)
at libosmocore/src/select.c:254
#6 0x00005555556f17cb in main (argc=3, argv=0x7fffffffe298)
at osmo-sgsn/src/gprs/sgsn_main.c:531
Change-Id: I2120e53ade6cabad37f9bd99e6680a453411821b
Before this commit, echo req/rsp logic was implemented in libgtp but
never used in osmo-sgsn.
This commit adds a timer which periodically sends a GTP ECHO Request to
every GGSN if there's at least one pdpd context associated with it. This
way by checking the restart counter in the ECHO Reply it can be known if
the GGSN was restarted. In this case, logic already present in osmo-sgsn
will terminate all pdp contexts associated with that GGSN.
Change-Id: I9d714726785407859f26bbef052cd0efc28e8dae
This way we can easily track all pdp context associated to a specific
ggsn, which is useful to handle some scenarios, such as the one
implemented in next commit, in which specs references that GSNs should
ping only other GSNs with at least one pdp ctx in common. So the list
of pdp ctx per GGSN is really useful too (and cheap computationally)
to check if we should arm or disarm the echo procedure timer.
So this commit can be seen as a preparation for next commit.
Change-Id: I3bbcc0883df2bf1290ba8d4bd70db8baa494087a
The message this test is trying to parse is indeed invalid.
Add a comment showing the message in decoded form, and assert
that the parser rejects it.
Also, add a missing call to cleanup_test().
Change-Id: I2a86432d080c38d3c95626372a0129499d7146dd
Related: OS#3178
The flag cannot be enabled in all cases because current osmo-iuh header
contain compilation warnings which are then propagated to this project
when building against them.
Change-Id: Ia4285a88af6d4adfba08c055c6734f9d82c1a5a4
This patch adds a control interface to osmo-gbproxy as well as the first
two commands to query the state of each NSVC and gbproxy peer.
The "nsvc-state" command replies with
nsei, nsvci, local state, role, remote state of all NSVCs.
The "gbproxy-state" command replies with
nsei, bvci, mcc, mnc, lac, rac, and state of each peer.
Entries are separated by a newline '\n' character. If there are no
entries an empty list is returned. This behaviour is similar to that of
the subscriber-list-active-v1 command in osmo-sgsn.
$ ./osmo_ctrl.py -d 127.0.0.1 -p 4263 -g nsvc-state
Got message: b'GET_REPLY 23 nsvc-state 101,101,DEAD,BLOCKED,SGSN,DEAD,UNBLOCKED\n'
$ ./osmo_ctrl.py -d 127.0.0.1 -p 4263 -g gbproxy-state
Got message: b'GET_REPLY 4871085901306801158 gbproxy-state '
Change-Id: I82c74fd0bfcb9ba4ec3619d9fdaa0cae201b3177
Ticket: OS#3281, SYS#4235
Sponsored-by: On-Waves ehf
Add a test which reproduces the parsing problem. Whether this problem
is due to an invalid message or a parser bug is yet to be determined.
Until then, this test helps with analyzing the problem further.
Change-Id: I39189701a57c785ffdacc3ae26d7aa93bb06cde6
Related: OS#3178
The detach type network side is defined as
- Reattach required
- Reattach not required
- IMSI detach (after VLR failure)
IMSI detach seems to be more close. Howeever the standard
isn't clear about this.
Change-Id: I27da6dc5165819cccd1ae0a98b132b45a01f38bb
There is no way to recover from "PROTOCOL_ERRORS".
As long the error_cause is not set, the
SGSN won't send out a GMM Request Reject.
Fixes: TTCN: SGGN_Tests.TC_attach_auth_sai_reject
Change-Id: Iefe8f05686ef4acac721f3c0672910704f3b0ff8
Store the established security context type (GSM or UMTS) instead of the
boolean flag is_authenticated. Provide the previous boolean query with thin
sgsn_mm_ctx_is_authenticated() function.
Knowing which security context was established will be necessary for OS#3224,
i.e. using the proper ciphering key, which is not yet tested properly, and
probably not correct at this stage.
This change will make new SGSN_Tests.TC_attach_umts_aka_gsm_sres pass.
Related: OS#3193 OS#3224
Change-Id: I36807bad3bc55c0030d4f09cb2c369714f24bec7
Particularly gbproxy_test.c had various mem leaks, which (will) show up with
gcc (Debian 7.3.0-15) 7.3.0 address sanitizer. Fix those leaks to verify that
we don't have memleaks in the production code.
Change-Id: Ia4204c8b3d895b42c103edecb61b99d3d22bd36f
Use the proper enum ranap_nsap_addr_enc instead of int, and properly exclude
that member when we're building without Iu support:
sgsn_vty.c:1323:31: error: passing argument 2 of ‘ranap_iu_vty_init’ from incompatible pointer type [-Werror=incompatible-pointer-types]
ranap_iu_vty_init(SGSN_NODE, &g_cfg->iu.rab_assign_addr_enc);
Add const to a local var to silence compiler warning retrieving TLVP_VAL:
gprs_gmm.c:1657:18: error: initialization discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers]
uint8_t *mi = TLVP_VAL(&tp, GSM48_IE_GMM_ALLOC_PTMSI);
^~~~~~~~
Change-Id: I1168ce6425c31db3f6c3bf1f3682ae96b028c59b
Like we did in osmo-sgsn in If804da17a7481e79e000fe40ae0d9c4be9722e61, move
from 'osmo_gbproxy.cfg' to 'osmo-gbproxy.cfg' as default config file name.
Still look for the legacy file name to not break old setups.
Change-Id: I9448908d94a23001f04b6334a78739a839b91313
Add 3-digit flags and use the new RAI and LAI API from libosmocore throughout
the code base to be able to handle an MNC < 100 that has three digits (leading
zeros).
Note that in gbproxy_test.ok, 0-0 changes to 000-000 instead of 000-00, because
the parsed ra buffer is 000000 which results in 000-000, while 00f000 would
result in 000-00. IOW this is expected.
Change-Id: I7437dfaa586689e2bef0d4be6537e5577a8f6c26
Provide a sane means of adding the -Werror compiler flag.
Currently, some of our jenkins.sh add -Werror by passing 'CFLAGS="-Werror"',
but that actually *overwrites* all the other CFLAGS we might want to have set.
Maintain these exceptions from -Werror:
a) deprecation (allow upstream to mark deprecation without breaking builds);
b) "#warning" pragmas (allow to remind ourselves of errors without breaking
builds)
As a last configure step before generating the output files, print the complete
CFLAGS and CPPFLAGS by means of AC_MSG_RESULT.
Change-Id: Ifea235feb073a276302436936e908d9125c77a82
The osmo-gsm-manuals/vty/sgsn_vty_additions.xml contained many command
explanations that are redundant with the VTY online doc. Some however are more
verbose / easier to understand. Absorb these into the online VTY doc here.
This matches the removal in osmo-gsm-manuals change-id
I71863e5056ad369d2055e9882a52a00fa999ab04.
Change-Id: I35984014424412e91437b7ed71576aef3819cb1e
sgsn_test initializes various struct gprs_ra_id without naming the actual
members, which is vulnerable to struct member re-ordering. Name the members
explicitly.
An upcoming ABI change in libosmocore would cause test failures here without
this patch.
Change-Id: I517ed9edf77fac37d9de7a39df24c419a8a65d96
Both library are required to build osmo-sgsn.
The optional dependency was correct when osmo-sgsn
was part of openbsc.
Change-Id: Id608165ae490cb6c84aac1fe70412b2cb2b2587b
It has stricter type signature which increase the chance of spotting
misuse either via compiler warning or with automated scan. This also
paves the way for gsm48_construct_ra() deprecation in libosmocore.
Change-Id: I2c0f082dc7214ed57a40dad0788e34b838dfac97
Related: OS#1640
Daniel Willmann
Pau Espin
Stefan Sperling
Harald Welte