If one paging request is timing out the others will timeout soon
as well. With the current code the next timeout would expire the
next request in the queue. We will now stop all paging requests
and then issue a next paging request. So for both paging success
and failure we will now stop all the other requests.
This is mostly a workaround, one should count on how many
BTSes we are paging and wait for all failures before we remove
the item from the queue.
Kick the queue in case the paging was timing out. No one is going
to call subscr_put_channel for us so we will do it on the subscriber.
There is also another problem with multiple BTS in the LAC and paging
timeout. We will need to remember how many BTSes we have paged.
If we have a RF failure between the paging response and the auth
success we will not inform the subscriber layer of the failed paging
and instead just 'drop' the SMS. In case we have not completed the
auth and close the channel we will now send an auth failure.
The conn might be released during the loop and then conn->bts
is a null pointer and we end up crashing. Store the gsm_network
in a local variable and access this one.
Improve the debugging possibilities and print the failed attempts
and the sms that was attempted to be delivered. this should help
with debugging the code.
The active channel might or might not be gone when the transaction
has been released. Instead of passing an invalid subscriber conn
we will pass the subscr that is ref-counted and guranteed to be
valid at this point. subscr_put_channel could search the connections
for an active connection if that is ever needed.
In contrast to the previous believe we may not have a conn here
as we are still paging for the sub. Instead of printing the BTS
print the lac where we think the subscriber is located.
Follow trans->conn->lchan to the BTS instead of using the BTS that
is guranteed to be NULL in the codepath we have entered here. The
trans->conn should still be there, and the lchan should be valid as
well as we have reordered the clear statements.
When the new_lchan for handover is failing we should stop the
handover operation. This is fixing a crash that we get a timeout
on the lchan and have no conn set to it. Introduce a flag to
the bsc_clear_handover to not free the lchan. In case the ho_lchan
is failing we do not want to call lchan_release as it would
reset the state.
The trau_mux likes to call cc_tx_to_mncc for each received
frame from the E1 link. Using a signal for each audio frame
is messy as well. The best thing I could think of is to put
this into the BSC to deref the pointer. The other option would
be to include the gsm_data.h in the mncc.h header and have
the method as inline.
Instead of creating the sockets in the RSL code we will do this
in the CRCX_ACK, MDCX_ACK, DLCX_IND signal handler of gsm_04_08.
Introduce a handover signal so we can repatch the RTP sockets in
the gsm_04_08 as well.
In case we get a RA UPD REQ on a new cell (both served by the same
SGSN), the LLC stack should not allocate a ne LLE/LLME, as the latter
would reset the V(u)sent / V(u)recv to zero and make the MS discard
our responses.
Instead, whenever the LLC stack sees a foreign TLLI, it should always
convert it to the local TLLI before doing any lookup for a LLE/LLME.
We create a loop by not setting trans->callref = 0 before calling
trans_free(), as the latter would again send a MNCC_REL_IND up
the stack.
Also: Fix memory leak in case we try to read from mncc_sock
but socket is just gone.
This adds mncc_sock_from_cc() as a handler function for CC messages
to be passed to the MNCC interface. If there is no MNCC socket
registered, we immediately release any CC related messages.
Together with flushing all established CC transaction at MNCC socket
close time, this ensures that all resources are released and no
new resources can be established until the MNCC applicaiton has
re-attached.
The MNCC messages now again get directly handled by the net->mncc_recv()
callback. If the callee wants to put them in a queue, it' his business
to do that.
Using this code we will soon be able to use LCR or other MNCC
applications via a unix domain socket.
The code is not actually used yet after this patch.
The reason for this is quite simple: We want to make sure anyone
running a customized version of OpenBSC to operate a network will
have to release all custom modifiations to the source code.
The SS_LCHAN signals now always include the lchan_sig_data. For
the measurement report it will optionally include the measurement
report as well. Attempt to update all handlers of this signal as well
Check the signal and only continue if it is any of the
signals we want to handle. In the case of measurement
reports we would cast some random code to a lchan.
The release might release the lchan we want to send the response
on. Reorder the code to first send the message and then give up
the security operation which might release the lchan.
According to the specs (GSM 04.08 Table 9.9), the only possibility
if neci=1 and this cause is used is "Originating call and TCH/F is
needed"
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
With the old code it was possible that we first saw SMS that
we have already in the queue. In that case we had free slots
available but have not filled them. With his new loop we try
harder to find SMS we can send, it attempts (and should work)
to detect a loop to break the loop before finding SMS to deliver.
Increase the number of SMS we will try to send at a time and
decrease the failures we handle before going to the next item. With
the default timeout we will attempt to page the subscriber for 60
seconds and we can increase the queue speed by going to the next
item faster.
The sms queue will attempt to send one SMS per subscriber
to fill all the available slots. It will handle the case
where paging has not started, timed out or if there was
any kind of other failure. It is also retransmitting SMS
in case of failures.
The SMSqueue will be responsible of sending to the user. It will
do so in a loop and will also try not to overload the BTS. This
means the throughput of SMS will be limited.
This is providing access to the paging result, the sms,
the transaction. This will allow the SMS queue to do
decisions based on the source of the failure.
The signal_data was inconsistent. Sometimes we passed the transaction
and sometimes we passed the sms. Change it to always pass the sms. The
S_SMS_SMMA is a bit special as it does not involve any SMS.
This is creating 1000 subscribers and 30 SMS each. The SMS
itself is badly formatted (not a valid 7bit encoding) but
it should be enough for a stress test.
If a signal handler accesses the database he will still see
the old lac. Make sure he is seeing the new one. Update the
subscriber from the database in case the query failed or other
things have changed.
Start counting the attempts of each paging request and call
the callback with the PAGING_BUSY type when the paging request
timed out but the subscriber was not paged at all. This can
only happen with a huge paging backlog.
In case the system has so many pending paging
Introduce a method that will remove all subscribers that have a
zero use count. This is useful if someone wants to purge subscribers
from memory or wants to disable the everything in RAM feature.
This is implemented by not freeing the subscriber when the
reference count becomes smaller than zero. We hope that this
will save many database accesses during the congres.
As we do not yet use the HLR from the SGSN, we allow all MS to
attach to our GPRS network. However, if this is running in a public
environment, it could cause service interruption to users of commercial
GPRS networks.
Thus, we now check if the first 5 digits of the IMSI match the MCC/MNC
of the cell that they want to register to. Thus, any subscribers with
SIM cards from real operators will no longer be accepted.
LOGL_ERROR will make this message shpw up in everey default log
config. However, as it seems, this is commonly observed in case
a MS still sends a MS STATUS (in respons to the MM INFO) at the
end of a location area update.
It might be best to actually change the channel release procedure
to make sure we can still pass such 'late' data to the MSC until
the time the Layer2 has been completely released.
If a MS changes RA, the RA will arrive in the new cell using the old
TLLI (masked as foreign TLLI). So we need to look-up the TLLI
in a special way, using the old RA as indicated in the 04.08 GMM
message.
There is still another bug remaining: As we somehow create a new LLC,
the sequence numbers of our responses start from 0 again, which is not
what the MS expects. This needs to be fixed in a follow-up patch.
In the GPRS NS protocol stack, the amount of NS/BSSGP headers like MS RADIO
CAPA INFO can be quite long. In order to fit the full user message and
those headers, we have to enlarge the head/tailroom of the msgb allocations.
On a nanoBTS, this command can be used to manually switch a given 'dynamic
pdch/tch' timeslot from one mode into the other.
There are no safeguards that the timeslot is not in use at the given time.
We send a LU Accept with the TMSI as the MI. According to the
spec the phone should store this new TMSI and send a TMSI
REALLOCATION COMPLETE to us. We will release the LU then and this
should trigger the release procedure.
This was introduced by a recent change to gsm_data.h to include
less header files. We really need to access the RSL information
here so it is fine to include the file.
In commit 39e2eadc99 a bug was introduced
that used the 'trans' after trans_free() had already been called.
This became visible now when the openbsc+lcr combination was calling
an unknown/invalid telephone number in a MO call, resulting in
a segfault.
Currently the nanoBTS bootstrap code requires a high delay
otherwise we are not bringing the device up properly. Changing
the init code turns out harder than it seems like. So this is
a workaround for that to allow a high speed RSL/OML connection
after the bringup.
The line driver can have a default TS delay. It is set to the
current default for the nanoBTS and the BS11. For the ipaccess
case we will set the delay lower for the RSL connection and
inside the ipaccess-config we can set it low right away to
have fast firmware flashing and such.
Instead of sending many messages we will queue the OML
messages and wait for the ACK/NACK before sending the
next message from the queue. We tag the msgb to remember
if we need to wait for an ack or not.
We keep the order of all messages, on ACKs and similiar
occassions we will drown the queue until we reach a message
that needs to be acked and then wait for that ack again.
Possible breakage can appear when we send an OML (e.g.
BS11 specific message) msg which does not need to be acked
through the abis_nm_sendmsg call. The fix will be to use
the _direct version of this method.
Re-Enable as it might have fixed something... who knows.
Conflicts:
openbsc/include/openbsc/abis_nm.h
openbsc/include/openbsc/gsm_data.h
openbsc/src/abis_nm.c
openbsc/src/gsm_data.c
Assume that a NACK is a onetime failure and that on the next
attempt it will work better. If that is not the case we might
even send a reboot to the BTS.
Sometimes the operative change for the NSE is getting nacked,
this might be due that we send it before we get the OPSTART ACK
for this object class. Send it from the CELL availability as
a workaround. This init code needs to be changed to make these
dependencies work more reliable.
Forget about the ho_lchan inside the gsm_subscriber_connection
in case of a handover failure, also clear the gsm_subscriber_connection
pointer before the lchan is passed to the lchan_free routine.
Do not use the NULL context for this allocation. It should hang
off the gsm_subscriber_connection but for now at least make it
the child of the BSC so it is showing up in the talloc report.
Can't declare it in gsm_04_08.h tough ... gsm_cbfn is defined in
gsm_data.h and trying to include that in gsm_04_08 just creates a
huge mess.
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
The default values are those where the parameters are encoded
as '0' and they're not output in the config file if that case
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
When switching the RF off we will always go through the grace
period, add a direct off mode to switch it off directly. Make
the query return a 'g' if we are in the process of switching
things over.
Use the ipaccess_drop_oml and ipaccess_drop_rsl functions
instead of closing the socket and hoping this is picked up
somehow. This just leads to some weird hangs. And gdb was
not really helpful to say where it was coming from.
In the future we should avoid using a gsm_subscriber at all
and pass the imsi/tmsi to the paging function directly. For
now we can use the old model for paging and go through the
gsm_subscriber. This has the benefit of load balancing on
the BTS and such.
Sending this as the RTP_PAYLOAD2 will produce a MDCX NACK
as we send the RTP_PAYLOAD in the CRCX. It does not seem to
be necessary to send anything != 0 for the RTP_PAYLOAD2.
Refactor the closing code of the CC timeout to a new function,
also make sure that the SCCP Connection is forced closed before
we destruct the connection for real.
This will change the LAI of a LU accept message to the LAI
used for the on-air network. It will also detect when to
send a welcome ussd to the subscriber.
Holger Hans Peter Freyther
Harald Welte
Sylvain Munaut
Dieter Spaar