libmsc/gsm_04_11.c: introduce and use gsm411_assign_sm_rp_mr()
Initially, it was assumed that if there is no active RAN connection, we can just start counting from 0x00, as there are no other SMS related transactions, and transaction itself is allocated using talloc_zero(). Until now it was looking good, but... As soon as we establish RAN connection with subscriber, we already have a transaction with SM-RP-MR 0x00, but conn->next_rp_ref also remains 0x00 - it isn't being increased! It means that we can face a SM-RP-MR conflict (or collision) if another MT SMS would arrive to the MSC (from SMSC over GSUP) when this transaction is still active, i.e. the first SMS is still being sent, because conn->next_rp_ref++ would return 0x00 again. Moreover, there might be already a MO SMS transaction, and using the conn->next_rp_ref counter wouldn't prevent us from having duplicate SM-RP-MR value. Let's get rid of this per-connection counter, and introduce a function instead, that would iterate over existing transactions and look for an unused SM-RP-MR value. This change makes the following test cases pass: - TC_gsup_mt_sms_rp_mr, - TC_gsup_mo_mt_sms_rp_mr. Discovered by: Neels Hofmeyr Related Change-Id: (TTCN) I3a52d44f4abde9b6b471b9108c1cee905884c9bc Related Change-Id: (TTCN) I17cbbaa64d9bce770f985588e93cd3eecd732120 Change-Id: Ife6d954c46b7d8348a4221ab677d0355eb3ee7ac
This commit is contained in:
Vadim Yanitskiy
parent
cfd058dbf1
commit
c7de62cc53
|
|
@ -102,8 +102,6 @@ struct ran_conn {
|
|||
|
||||
/* LU expiration handling */
|
||||
uint8_t expire_timer_stopped;
|
||||
/* SMS helpers for libmsc */
|
||||
uint8_t next_rp_ref;
|
||||
|
||||
/* Are we part of a special "silent" call */
|
||||
int silent_call;
|
||||
|
|
|
|||
|
|
@ -1028,6 +1028,30 @@ static struct gsm_trans *gsm411_trans_init(struct gsm_network *net, struct vlr_s
|
|||
return trans;
|
||||
}
|
||||
|
||||
/* Assigns an (unused) SM-RP-MR value to a given transaction */
|
||||
static int gsm411_assign_sm_rp_mr(struct gsm_trans *trans)
|
||||
{
|
||||
uint8_t mr;
|
||||
|
||||
/* After allocation a given transaction has zero-initialized
|
||||
* SM-RP-MR value, so trans_find_by_sm_rp_mr() may consider
|
||||
* 0x00 as used. This is why we "poison" this transaction
|
||||
* using the highest value. */
|
||||
trans->sms.sm_rp_mr = 0xff;
|
||||
|
||||
/* According to 8.2.3, MR is in the range 0 through 255 */
|
||||
for (mr = 0x00; mr < 0xff; mr++) {
|
||||
if (trans_find_by_sm_rp_mr(trans->net, trans->vsub, mr))
|
||||
continue; /* this MR is busy, find another one */
|
||||
/* An unused value has been found, assign it */
|
||||
trans->sms.sm_rp_mr = mr;
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* All possible values are busy */
|
||||
return -EBUSY;
|
||||
}
|
||||
|
||||
static struct gsm_trans *gsm411_alloc_mt_trans(struct gsm_network *net,
|
||||
struct vlr_subscr *vsub)
|
||||
{
|
||||
|
|
@ -1052,9 +1076,11 @@ static struct gsm_trans *gsm411_alloc_mt_trans(struct gsm_network *net,
|
|||
if (!trans)
|
||||
return NULL;
|
||||
|
||||
if (conn) {
|
||||
/* Generate unique RP Message Reference */
|
||||
trans->sms.sm_rp_mr = conn->next_rp_ref++;
|
||||
/* Assign a unique SM-RP Message Reference */
|
||||
if (gsm411_assign_sm_rp_mr(trans) != 0) {
|
||||
LOGP(DLSMS, LOGL_ERROR, "Failed to assign SM-RP-MR\n");
|
||||
trans_free(trans);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/* Use SAPI 3 (see GSM 04.11, section 2.3) */
|
||||
|
|
|
|||
Loading…
Reference in New Issue