Doing so should avoid the crash seen in OS#3956, where a message is
received in osmo-sgsn gtp iface after having received a DeleteCtxAccept
message where pdp and associated cbp is freed. As a result, when new
confirmation arrives, it can still be matched against an old request and
be sent to upper layers providing an already freed cbp.
With this patch, since all queued messages belonging to that pdp are
dropped, confirmation won't find a match and be discarded in libgtp.
In order to be able to drop all req messages belonging to a pdp, a new list
is added to pdp_t and qmsg_t are added to that list when inserted into the per-gsn
req transmit queue. This way upon pdp free time it's simply a
matter of iterating over that list to remove all messages.
There's no need to do same for resp queue, and it'd be actually
counter-productive, because it wouldn't be possible to detect and
discard duplicates anymore after pdp ctx has been freed.
Related: OS#3956
Change-Id: Id86d0b241454d3ad49c64c28087fd2710fa2d17a
Coverity pointed out that a format string used inappropriate
format string directives for variables of type size_t.
Change-Id: I889019aad963932fdc032421e60a72c809a93bca
Related: CID#135197
Osmocom has maintained this program since about 7 years now, while
the original author / copyright holder has completely disappeared.
With the introduction of Osmocom-style CTRL and VTY interfaces,
the way how the program is used and configured has substantially
changed. In order to avoid confusion in terms of configuration file
format etc, let's rename it to OsmoGGSN.
Change-Id: I2da30f7d4828e185bfac1a4e2d8414b01cbe4f9d
Fix an apparent typo that prevented queue iteration to find the correct item to
be removed. Instead, the first item was always returned. Calling code has been
analyzed to find that mostly this fault is not visible, since usually, the
first item is indeed the correct item to be returned. See mail thread
http://lists.osmocom.org/pipermail/osmocom-net-gprs/2016-June/000618.html
Date: Wed Jun 1 11:51:38 UTC 2016
Subject: "[PATCH] gtp/queue/queue_seqdel(): fix element check which always was true"
Coverity complains about a 'Dereference before null check' on *queue.
So, push the NULL check further up.
Though I doubt that 'return EOF' is the proper way to handle allocation
failure, this patch is only about the NULL dereference.
Fixes: CID#57918
After so many years of silence, we don't expect the original author to
return to the project. To make things a bit simpler for us, we convert
the coding style to what we are used to (Linux style).
The conversion was made using the 'Lindent' script which is part of the
Linux kernel.
Pau Espin
Stefan Sperling
Harald Welte
Neels Hofmeyr