After checking the FCS, it's no use. The FCS should also not
appear on `hexdump(msgb_l3(MSG), msgb_l3len(MSG))`.
Change-Id: I27e061ead86395a336b67c7aead93d305a0f2ae8
When a MS does the following
- MS: GMM Attach
- MS: Activate PDP CTX
- SGSN: send PDP CTX Request to GGSN which GGSN does not answer
- GMM Detach (MM ctx get freed)
- libgtp retrans timeout of the first answer
- sgsn_libgtp.c: create_pdp_conf() which ignores this ctx because of emtpy MM ctx
Change-Id: I4575f7f80f785a62ae3b7f165d236a9dd818aabf
Introduce a new FSM step in GMM Attach to send the
Security Command to the RNC after completing the
Authentication.
Fixes: f7198d7dbb84 ("gprs_gmm: introduce a GMM Attach Request FSM")
Change-Id: I1e12b0a32e58c6f78dba7b548f7d7016567229db
NET_FAIL will result in asking again and again. Reject with IMPL_DETACHED to drop the
MS completely.
Change-Id: I195d533e330a4b577cad80c7e757d481f9c837df
Document all keywords of the 'reset sgsn state' command: set the same doc
string for all three.
Also fixes the build after libosmocore
I1f18e0e41da4772d092d71261b9e489dc1598923, which resulted in HIDDEN commands
coming up in the VTY reference dumping. Note that libosmocore
I92c3c66ff69c186234276c64478d6342e061d25e will again remove this breakage by
omitting hidden commands.
Change-Id: I8b6e8615e409266910f2f76a10ced9ab33e4de91
Move the check of the echo timer into an own function.
The gtp echo timer must be re-check everytime the
echo-timer has been modified or deactivated via vty.
Fixes the TTCN3 SGSN_Tests.TC_attach_restart_ctr_echo
Change-Id: Ia33471a9a9cfc3887facb665c82094b99932052a
The GMM ctx->gmm_att_req.auth_reattempt is used to track
multiple UTMS re-sync attempt of a MS.
Change-Id: I708226cec9e131dcda4234f42ed3689f4f6750e8
Fixes: f7198d7dbb84 ("gprs_gmm: introduce a GMM Attach Request FSM")
Fixes: OS#3556
When the GGSN crashs, the SGSN will be notified after
it comes back. Because of the async operation,
the mm ctx could be already gone.
Change-Id: I507a8c2193c84f8dff7f5d669adcd3583331f289
Allow ttcn3 to flush the gtp queue between each test.
Fixes ttcn3 test SGSN_Tests.TC_attach_pdp_act_deact_mt_t3395_expire
Change-Id: I49d70cb7abe5cbe92ea68882fa68eccec0e79586
The old GMM Attach Request handling used a recursive function
which can not handle certain states and is quite complex and hard to
extend.
The new FSM handles such request in a FSM and can be called multiple
times.
Change-Id: I58b9c17be9776a03bb2a5b21e99135cfefc8c912
The test cases now implemented by TTCN3 which should not be as fragile
as the unit tests. Because the unit tests expect a quite strong internal
state to be happen.
Change-Id: Iac1c8854b5ea4aa03279990390ebc110c979aac2
It was discovered during OBS debian build that --enable-ui was not being
passed despite being defined. Comparing with other similar projects it
became clear that this override tag was not correct and it was being
omitted.
Change-Id: I0ad1009100fd7c2798bcf22aa84a0d90fbe41a55
The intention was to use the file's basename, but __BASE_FILE__ means "the root
file that is being parsed and contains #include statements".
If we had a function using __BASE_FILE__ and that was defined in an #included
file, __BASE_FILE__ would indicate the first file where the #include is, and
not the file where the function is defined. __BASE_FILE__ works for us because
we don't ever include function definitions that log something, so __BASE_FILE__
always coincides with __FILE__ for our logging; but still __BASE_FILE__ is
semantically the wrong constant.
Related: OS#2740
Change-Id: Icdf7af7a31fbba9197b3711eaf102fc0ae333bcc
The '.' is illegal character in counter names, as they are exported
via CTRL interface, where '.' has a special meaning that cannot be
used by strings comprising the variable name.
Change-Id: I66a7e044c027672adf77fbd6c0a111c43ee31b4f
This timer allows periodically cleaning up stale links in link-list of
each gbproxy_peer. Previous to this patch, this kind of cleanup
(gbproxy_remove_stale_link_infos) was being done only as a consequence
of external events being triggered, such as a message from that peer
being received.
It was found in a production network agreggating several BSS that some
of them were offline for a longtime but gbproxy was still caching big
amounts of really old link_info for the NSEI assigned to those BSS,
because since they were probably turned off abruptely, no new messages
were received from it which would trigger the cleanup.
As a consequence, it has been observed that a timer to periodically
clean up old entries (link-list max-age) is requird in case w don't
receive messages from that NSEI periodically.
Related: SYS#4431
Change-Id: Ic777016f6d4f0e30fb736484774ca46878f17b7a
It was discovered in some prod setups that some TLLIs can maintain quite
long queues of msgb in case its IMSI is not acquired and the tlli is not
pruned due to link-list max-{age,length} being set to 0. As a result,
the osmo-gpbroxy steadly increases the list size of maintained TLLIs, and
some TLLI was found without IMSI catching already 1211 msgb.
Let's allow setting a maxiumum length for the queue storing those msgb
in a per TLLI base. If the limit is reached, oldest msgb are removed
before adding a new one.
Depends: libosmocore Change-Id I33b501e89a8f29e4aa121696bcbb13d4b83db40f
Related: SYS#4297
Change-Id: I4473be8604f80302df03ffdd5a13280dc072f824
gprs_msgb_resize_area was introduced in libosmocore 0.94
(f78ec5ce0d0f6038147d9b9e14d81094309ba5d5) as msgb_resize_area. Let's use
that one to avoid code duplication.
Change-Id: Ib80f7b2b186d87f21d63d9b0bec58175170c905c
gprs_msgb_copy was introduced in libosmocore 0.94
(f78ec5ce0d0f6038147d9b9e14d81094309ba5d5) as bssgp_msgb_copy. Let's use
that one to avoid code duplication.
Change-Id: I42a65fd8e4045fafadf5694f2d8d0c5e7ab350a0
Reset the SGSN internal state. Useful when testing the SGSN via TTCN3.
Depends on the libosmocore commit:
I29b6ad6742ddf9b0b58b4af37d9a1cf18e019325
Change-Id: I92096f3f6ea49e75676e30e9921d00210bac5382
This seems to b remaining from ancient days. The code
in there is either no longer needed, or has been moved to libosmocore.
Change-Id: I9307f9da7f48dd0a2e1cb213072068736e569722
libosmogsm in libosmocore.git from Change-Id
Ie36729996abd30b84d1c30a09f62ebc6a9794950 onwards contains oap_client.c,
so we don't need our local copy here in this repo anymore.
Change-Id: I7b194f98ef3f925b6178d8a8dbd9fcf2f0c6e132
Requires: libosmocore.git Change-Id Ie36729996abd30b84d1c30a09f62ebc6a9794950
This check is not in all our repos that use git-version-gen. Indeed it
seems to be a leftover of openbsc where I think it wanted to ensure
being called in the openbsc subfolder or something? libosmocore e.g.
doesn't have it.
In any case .git being a directory is not always true (if using git
worktree) so remove this check.
Change-Id: I4385cc4fb87ca4354a3c608a18aa3d2eb03a744f
The '.' is illegal character in counter names, as they are exported
via CTRL interface, where '.' has a special meaning that cannot be
used by strings comprising the variable name.
Change-Id: I93a2e5b6ec66c9edb6e93d95032e788f552af44b
When PDP CTX CREATE ACK is received with an increased RestartCtr, cb_recovery2
is called first, which will dettach ggsn from al pdp ctx (free the
pdp_t). But when giving control back from the ctrl, libgtp still uses
that freed ctx and sends it back to osmo-sgsn through cb_conf().
As specs state in any case that we need to handle the message containing
the increased RestartCtr as valid, we then need to avoid freeing the pdp
ctx and leave handling for later in cb_conf.
Depends: osmo-ggsn (libgtp) Change-Id I53e92298f2f6b84d662a3300d922e8c2ccb178bc.
Change-Id: I0989c00e18ca95a099e1a312940eaac71957b444
Previous API freed the ctx immediatelly after sending the packet, which
triggered a call to cb_delete_context() and dropped the entire
sgsn_pdp_ctx before the PDP DEL CTX ACCEPT was received. This new API
won't free the pdp ctx and we can tear down everything once we receive
the ACCEPT in cb_conf.
cb_conf is not automatically freed at cb_conf, user needs to free it, so
we need to remove setting pctx->lib to NULL in cb_conf to avoid leaking the
pdp ctx, as it needs to be freed inside sgsn_pdp_ctx_free().
Depends: osmo-ggsn (libgtp) Change-Id I29d366253bb98dcba328c7ce8aa3e4daf8f75e6c.
Change-Id: I304c59de5d137b81de3c6df0fdbe911ae3dbd1f3
if pdp->ggsn==NULL, sgsn_addr was not initialized and caused asan report
during snprintf:
==19459==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fffffffbe31 at pc 0x7ffff6e563fe bp 0x7fffffffb130 sp 0x7fffffffa8a8
READ of size 31 at 0x7fffffffbe31 thread T0
...
Address 0x7fffffffbe31 is located in stack of thread T0 at offset 337 in frame
#0 0x55555573a7b0 in cdr_snprintf_pdp osmo-sgsn/src/gprs/sgsn_cdr.c:154
...
[320, 337) 'sgsn_addr' <== Memory access at offset 337 overflows this variable
...
Change-Id: I97bc56a4e3e76725eb2717b74b3ac125b68bbf0a
field pdp->num_T_exp was being reset to 0 every time
pdpctx_timer_start() was called from gsm48_tx_gsm_deact_pdp_req().
Take the chance to test max amount of retrans to 4 as detailed in specs.
Change-Id: Iacce3c66f61578ebee37abaa287f7e183f985c1c
Scenario and behaviour before this commit:
- Received Echo Reply from GGSN has incremented RestartCounter
- func sgsn_ggsn_ctx_drop_all_pdp() is called to dettach all pdp ctx
from GGSN and request the MS to deact all related ctx.
- DEACT ACCEPT is received from MS, and then it tries to send DEL PDP CTX
to GGSN, expecting to receive a Confirmation and only then freeing the
pdp ctx.
The problem is that since the initial cause of triggering was a GGSN
restart, the GGSN doesn't know anything about that pdp ctx anymore, so
it's not useful sending it. We can instead dettach the GGSN and libgtp
ref at drop_all_pdp() time and then when we receive DEACT ACCEPT from MS
we can free the pdp ctx directly.
Change-Id: I1c74098e181552c218e152bf4ac5035cea770428
According to 3GPP TS 24.008 Section 6.1.3.4, the tear down indicator IE
maybe included in the DEACTIVATE PDP CONTEXT REQUEST message in order
to indicate whether only the PDP context associated with this specific
TI or all active PDP contexts sharing the same PDP address and APN as
the PDP context associated with this specific TI shall be deactivated.
As we don't permit/support establishing multiple PDP contexts using
the same APN and PDP address, it shouldn't really make any difference.
Nevertheless, we want to clear everything, so let's include it.
Change-Id: Ia9bc2d0e93362a8473eac5cf4c7e8ffa41c79e5b
60 seconds is used by default, which is the minimum accepted value for
this timer as per 3GPP TS 29.060 section "7.2.1 Echo Request".
Having it low by default is good for lab use in which a lot of stuff
changes over time.
Change-Id: Ia1898d172482bf6a25d829f8fc9a47824f49456f
In sgsn_pdp_ctx_terminate, a pdp ctx is terminated and the mm ctx is
detached. However, T3395 may still be armed and then pdpctx_timer_cb
will trigger, and attempt to use the pdp->mm ctx which was already
detached (set to NULL) when calling
gsm48_tx_gsm_deact_pdp_req()->mmctx2msgid().
Following list of log lines shows the scenario+crash, in which osmo-sgsn
is trying to deactivate the ctx all the time but the PCU doesn't ACK it,
and then at some point the PDP context is forced released.
osmo-sgsn/src/gprs/gprs_gmm.c:2294 MM(901700000015254/d7e9ab95) <- DEACTIVATE PDP CONTEXT REQ
osmo-sgsn/src/gprs/gprs_gmm.c:1464 MM(901700000015254/d7e9ab95) -> GMM DETACH REQUEST TLLI=0xd7e9ab95 type=GPRS detach Power-off
osmo-sgsn/src/gprs/gprs_gmm.c:313 MM(901700000015254/d7e9ab95) Cleaning MM context due to GPRS DETACH REQUEST
osmo-sgsn/src/gprs/gprs_sgsn.c:332 MM(901700000015254/d7e9ab95) Dropping PDP context for NSAPI=5
osmo-sgsn/src/gprs/gprs_sgsn.c:434 PDP(901700000015254/0) Forcing release of PDP context
osmo-sgsn/src/gprs/gprs_sndcp.c:508 SNSM-DEACTIVATE.ind (lle=0x62100001bca0, TLLI=d7e9ab95, SAPI=3, NSAPI=5)
osmo-sgsn/src/gprs/sgsn_libgtp.c:310 PDP(---/0) Delete PDP Context
osmo-sgsn/src/gprs/gprs_gmm.c:2294 MM(---/ffffffff) <- DEACTIVATE PDP CONTEXT REQ
osmo-sgsn/src/gprs/gprs_gmm.c:305:25: runtime error: member access within null pointer of type 'const struct sgsn_mm_ctx'
Program received signal SIGSEGV, Segmentation fault.
0x0000555555698c1b in mmctx2msgid (msg=0x61d0000172e0, mm=0x0)
at /home/pespin/dev/sysmocom/git/osmo-sgsn/src/gprs/gprs_gmm.c:305
305 msgb_tlli(msg) = mm->gb.tlli;
(gdb) bt
#0 0x0000555555698c1b in mmctx2msgid (msg=0x61d0000172e0, mm=0x0)
at osmo-sgsn/src/gprs/gprs_gmm.c:305
#1 0x00005555556b170a in _gsm48_tx_gsm_deact_pdp_req (mm=0x0, tid=0 '\000',
sm_cause=38 '&')
at osmo-sgsn/src/gprs/gprs_gmm.c:2297
#2 0x00005555556b1a2e in gsm48_tx_gsm_deact_pdp_req (pdp=0x6140000008a0,
sm_cause=38 '&')
at osmo-sgsn/src/gprs/gprs_gmm.c:2311
#3 0x00005555556b876c in pdpctx_timer_cb (_pdp=0x6140000008a0)
at osmo-sgsn/src/gprs/gprs_gmm.c:2717
#4 0x00007ffff355eb3e in osmo_timers_update ()
at libosmocore/src/timer.c:257
#5 0x00007ffff356255c in osmo_select_main (polling=0)
at libosmocore/src/select.c:254
#6 0x00005555556f17cb in main (argc=3, argv=0x7fffffffe298)
at osmo-sgsn/src/gprs/sgsn_main.c:531
Change-Id: I2120e53ade6cabad37f9bd99e6680a453411821b
Before this commit, echo req/rsp logic was implemented in libgtp but
never used in osmo-sgsn.
This commit adds a timer which periodically sends a GTP ECHO Request to
every GGSN if there's at least one pdpd context associated with it. This
way by checking the restart counter in the ECHO Reply it can be known if
the GGSN was restarted. In this case, logic already present in osmo-sgsn
will terminate all pdp contexts associated with that GGSN.
Change-Id: I9d714726785407859f26bbef052cd0efc28e8dae
This way we can easily track all pdp context associated to a specific
ggsn, which is useful to handle some scenarios, such as the one
implemented in next commit, in which specs references that GSNs should
ping only other GSNs with at least one pdp ctx in common. So the list
of pdp ctx per GGSN is really useful too (and cheap computationally)
to check if we should arm or disarm the echo procedure timer.
So this commit can be seen as a preparation for next commit.
Change-Id: I3bbcc0883df2bf1290ba8d4bd70db8baa494087a
The message this test is trying to parse is indeed invalid.
Add a comment showing the message in decoded form, and assert
that the parser rejects it.
Also, add a missing call to cleanup_test().
Change-Id: I2a86432d080c38d3c95626372a0129499d7146dd
Related: OS#3178
Neels Hofmeyr
Harald Welte
Pau Espin
Daniel Willmann