Do the auth check in bsc_nat_filter_sccp_cr, remove the cause from
the signature again. For the bsc_nat_filter_dt restructure the flow
but leave the auth inside the id response message.
Return 1 when the IMSI has been extracted as indicator for running
the auth check. 1 has not been used before and is safe to be used
as this indicator.
In preparation for another kind of black-list allow the filter code
to decide how the connection should be rejected. Introduce a new struct
that will carry the reject causes for certain operations.
This implements exipiry of subscribers, requires a schema change. A permanent
attachment (time set to 0) is not supported any more and would require some
more work. This code was used at the 29C3.
Set the subscriber expiry timeout to twice the duration of the location
update period and provide functions subscr_expire() and
db_subscriber_expire() to mark subscribers offline that have missed two
location update periods.
This patch increases the DB revision to 3, so the hlr will be
incompatible with prior versions.
We should allow 0 for T3212 as well to disable the location update
period. In that case we will need a way to indicate that in the
database.
libcommon: Default to 30min location update period
libbsc: Limit VTY value for periodic update and disallow the value 0
According to GSM 04.08 Table 10.5.33 "The value 0 is used for infinite
timeout value i.e. periodic updating shall not be used within the cell."
This was the default value until now, but the code that deals with
expiring inactive subscribers in the next commit can't handle that case
so this remains a TODO for now.
The actual command implementation was already for this, but some
bad vty parsing prevented optional range arguments from working
properly.
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
This file is created in ./configure so we shouldn't remove it with make.
Otherwise ./configure && make clean && make check fails with:
make[3]: *** No rule to make target `atconfig', needed by `check-local'.
Stop.
We parse the load_config, take the ptrdiff_t from start and load_config
and from the previous array as the alignment can differ on different ABIs.
This was found by Daniel when executing the tests on a 64 bit userspace.
This was reported by Kevin when he was testing handover. The problem
is the order of the signal handlers for S_ABISIP_CRCX_ACK. Right now
the handover signal handler is called before the one inside the libmsc
gsm_04_08.c. This means S_HANDOVER_ACK is signalled _before_ there is a
rtp socket created for the channel. The result is that the MDCX will
never be sent and the called will not be properly switched _after_ the
handover detection.
I do not want to play with the order of signal handlers, remove the
CRCX ack handling from the handover_logic.c and force the NITB (and
later the BSC) to check if the lchan is involved with a handover and
do the switching in there. This means right now we do what two signal
handlers did in one.
Reproduced and tested with the FakeBTS Handover test.
Log message:
<0004> abis_rsl.c:1954 (bts=1,trx=0,ts=3,ss=0) IPAC_CRCX_ACK ...
<000c> gsm_04_08.c:1400 no RTP socket for new_lchan
<001a> rtp_proxy.c:533 rtp_socket_create(): success
<001a> rtp_proxy.c:615 rtp_socket_bind(rs=0x48703c8, IP=0.0.0.0): ...
In case of handover (but probably on RACH) we would send a RLL for
SAPI=0 even if this SAPI was never established. After we have released
all SAPI>0 locally check that SAPI=0 is established and if not release
the rf channel directly.
Merge the channel release re-work. The most notable change is that
SAPI > 0 will now be released on the local end and that the release
process should be both more fast and more standard conform. With SMS
spamming/mass sending the nanoBTS is crashing but this does not appear
to originate from any of these changes. I used git rebase to go through
each of the change to see where the nanoBTS is crashing but couldn't
reproduce it. It might be a general overload or something generated by
the modems of the sysmocom modem bank. Merge it before the 29C3 so we
can test this code some more.
T3109 is started when the SACCH is deactivated. It is stopped when
the phones sends the DISC/UA/UM on LAPDm for the main signalling
link. In case of timeout the abnormal release procedure will be
initiated. Make sure to not issue the SACCH Deactivate twice to
avoid confusing the equipment.
This is still not fully spec compliant. In case of a timeout the
abnormal release handling will be started which involves starting
T3111+2. The error handling should be split out of the rf channel
release method, e.g. lchan_release should be called and check if
the channel release was already initiated.
If the CHAN ACTIV is NACKED we set the state backto NONE. This is
problematic as our channel allocator will allocate from the front
or from the back and if the channel is early in the list it might
cause permanent failures. Introduce a BROKEN state and use it when
the channel activation is failing for an unknown reason. Copy the
cause so it can be inspected later.
Deactivate the SACCH and release all SAPIs locally as of GSM 04.08. Add
documentation to the code and explain what will happen as part of the
release process.
* Release all channels with SAPI > 0 with the "local end release"
(as of NOTE 1 of GSM 04.08).
* No need to wait for all SAPIs to be torn down and the normal
REL_IND/REL_CONF will call rsl_handle_release and the channel
should be released.
* Update the documentation
Put the idiom that sets the lchan state to none and respecting the
error state into a shared method. This way the special handling for
the abnormal case is just in one place.
Avoid printing error messages when paging while the BTS is down. In
case a BTS is going down it is best to just let the timers expire
normally. We can not expire them right away as multiple BTS could be
paged and we do not want to interfere with that. There is no need to
stop the queue right now.
If subscriber A is calling B and has sent a CC Setup message we will
allocate the MO and MT transaction and link them together. When the
BTS or the lchan is failing the BSC API will send a clear request,
as part of the clear request all pending transactions will be released.
As part of taking down the transaction, the remote leg will be informed
and will send a MNCC_REL_REQ. This results in a call to trans_free. The
llist_for_each_entry_safe does not handle removing other elements from
the list and we would segfault.
One way to fix this is to move the transaction list into the subscriber
connection. This might require to create the subscriber connection for
MT handling earlier. Otherwise one could have one transaction list inside
the subscriber connection and a global list for MT- transactions.
--disable-smpp would actually not disable SMPP but enable it. Correct
it for all usages of AC_ARG_ENABLE.
Move the unconditional invocation of PKG_CHECK_MODULES before the
conditional one to make it work as the pkg-config m4 macro appears
to expand the first usage differently and searches for the pkg-config
exuable.
Use "$enableval" to see if the feature should be enabled or disabled
and then search for the module afterwards.
This has been reported and analyzed by Tobias Engel. The IMSI Detach
is dispatched as part of the complete layer3 message. I had patched
the code to release the anchor and call msc_release_connection to
release the connection as fast as possible (otherwise the anchor would
trigger in a couple of seconds).
With commit 70ae5d3000 I made this more
generic to release the connection immediately if there are no operations,
no transaction and no silent call. This leads to the subscriber connection
being released twice and eventually causing a segfault. Remove the
msc_release_connection invocation from the IMSI Detach code as the connection
will be taken down by the BSC API.
This has been tested using the FakeBTS and an IMSI Detach message. The
channel is released immediately and the nitb does not crash.
GCC 3.x on PowerPC correctly highlights that the code is fishy.
Re-reading the RFC 3550 shows that we should subtract it and then
we are in the 16bit range. The probation and re-sync code is still
missing.
GCC:
mgcp/mgcp_network.c:200: warning: comparison is always true due to limited range of data type
Holger Hans Peter Freyther
Sylvain Munaut