While fixing potentially incorrect memory access, the check for maximum
number of supported BTS features was incorrectly adjusted instead of
feature vectore length check next to it. Fix this by adjusting checks
properly and adding comments to avoid future confusion.
The error was introduced in a60bb3dd28.
Change-Id: I06d2498d730624d5da535f6add6fa98d004714ae
Use sizeof target BTS feature storage to make sure we always fit into
pre-allocated memory. Also use it for log check.
Change-Id: Ib107daa6e8b9bc397a10756071849f8ff82455d5
Fixes: CID 170581
Request BTS attributes via OML on connection and parse the response:
request/parse incoming response as sw-config.
Note: only basic BTS-wide KV attributes wrapped in sw-config are
supported for now.
Change-Id: I589be51daca0cb9e1f3473b93e910e46b06e23ae
Related: OS#1614
* use define for number of attributes instead of magic number
* add sub_model to gsm_bts struct
* expand number of BTS features
* mark attributes parameter to abis_nm_get_attr() as const
Change-Id: I7ecb0c4339530d3a8354a2f94b34063dda87e030
Related: OS#1614
* add version string to gsm_bts
* add PCU version string to gsm_bts
* rename GSM_BTS_TYPE_OSMO_SYSMO -> GSM_BTS_OSMOBTS to avoid confusion
between BTS model and variant
* add variant enum to gsm_bts_model using enum with variants for each
hw vendor of OsmoBTS
* show connected PCU version (if available) in vty via 'show bts'
This will come in handy when logging details regarding particular BTS
reported via OML, see:
Related: OS#1614
Change-Id: I6710d53115f34634a7b70969cc05fd5c72ff8ab2
Explicitly check for and log PCU version received from BTS via OML alert
message.
Change-Id: I3c88663d4e2887a4038b4c3f1387128295b8934e
Related: OS#1614
* clearly separate report parts
* use textual representation for failure cause if possible
Change-Id: I7a98a77011463021d0edd6ecfab1680e211f7e16
Related: OS#1615
Currently the sign_link pointer is dereferenced after a call to
osmo_signal_dispatch, which can indirectly call
e1inp_sign_link_destroy. If that happens, accessing *sign_link is
illegal and can lead to a segmentation violation.
Since only the bts pointer is needed from sign_link after the call to
osmo_signal_dispatch, this patch changes abis_nm_rcvmsg_fom to save
that pointer to a local variable earlier.
Addresses:
<0019> input/ipa.c:250 accept()ed new link from 192.168.1.101 to port 3002
SET ATTR NACK CAUSE=Message cannot be performed
<0005> bsc_init.c:52 Got a NACK going to drop the OML links.
<001b> bsc_init.c:319 Lost some E1 TEI link: 1 0xb351a830
=================================================================
==13198== ERROR: AddressSanitizer: heap-use-after-free on address 0xb5d1bc70 at pc 0x80a6e3d bp 0xbfbb33d8 sp 0xbfbb33cc
Sponsored-by: On-Waves ehf
In case ftell -1 will be returned. Coverity complained that the
pos we pass to fseek might be negative. In case the ftell fails
we are at the last line for sure.
Fixes: Coverity CID 1040721
In case the max_power_reduction changes, issue a new Set Radio
Carrier Attributes command. OML 12.21 allows to not include the
ARFCN list and the semantic I picked/understand is that a partial
update is possible.
Fixes: SYS#267
We don't want every caller to check for ts->tsc == -1 and then
using ts->trx->bts->tsc instead. Rather, introduce a new inline
function to retrieve the correct value.
The support has been implemented for an old model, we were told that
newer versions would be made incompatible with OpenBSC. Ther are
various warnings in the code and coverity has found some new ones.
Just remove the code as we don't know of anyone using this code.
The previous code didn't work as expected. The trx and dst pointer
are located in an union and in the case of the Abis code the dst
is used to point to the signalling link timeslot and not the TRX.
The is_ipaccess_bts always returned false because the dst was casted
to a trx while it was no trx.
This fix was tested with the nack_test/NACKTest.st of the test repo.
abis_nm.c: In function ‘abis_nm_get_attr’:
abis_nm.c:1380:11: warning: unused variable ‘cur’ [-Wunused-variable]
abis_nm.c: In function ‘ipac_parse_bcch_info’:
abis_nm.c:2588:11: warning: variable ‘len’ set but not used [-Wunused-but-set-variable]
bts_nokia_site.c:1310:6: warning: variable ‘constructed’ set but not used [-Wunused-but-set-variable]
bts_nokia_site.c: At top level:
bts_nokia_site.c:1364:12: warning: ‘dump_elements’ defined but not used [-Wunused-function]
gsm_04_08.c: In function ‘mm_rx_loc_upd_req’:
gsm_04_08.c:521:6: warning: variable ‘rc’ set but not used [-Wunused-but-set-variable]
osmo_msc.c: In function ‘msc_ciph_m_compl’:
osmo_msc.c:122:7: warning: variable ‘rc’ set but not used [-Wunused-but-set-variable]
bts_hsl_femtocell.c: In function ‘hslfemto_bootstrap_om’:
bts_hsl_femtocell.c:101:11: warning: variable ‘cur’ set but not used [-Wunused-but-set-variable]
bts_hsl_femtocell.c: In function ‘hsl_drop_oml’:
bts_hsl_femtocell.c:232:21: warning: variable ‘line’ set but not used [-Wunused-but-set-variable]
handover_logic.c: In function ‘ho_chan_activ_ack’:
handover_logic.c:197:6: warning: variable ‘rc’ set but not used [-Wunused-but-set-variable]
so far, osmo-bts/sysmobts used to be entered as "sysmobts" type in the
configuration file. However, there are some differences in the
protocol/behaviour and we should reflect that by a new BTS plugin (with
lots of code reuse from the nanobts driver).
Use LOGP(DNM, LOGL_ERROR, ...); for errors in the
abis_nm_rx_sw_act_req method.
GCC warning:
abis_nm.c: In function ‘abis_nm_rx_sw_act_req’:
abis_nm.c:412:6: warning: variable ‘ret’ set but not used [-Wunused-but-set-variable]
The libosmo-abis merge broke Ericsson RBS support, as it didn't get the
part right where the per-TRX OML sign_link is determined while
transmitting OM2000 messages.
As a result of this fix, we can remove the 'to_trx_oml' parameter to
_abis_nm_sendmsg(), which is a nice cleanup.
This is a big patch that ports openBSC over libosmo-abis.
Sorry, the changes that are included here are all dependent
of libosmo-abis, splitting them into smaller pieces would
leave the repository in some intermediate state, which is
not desired.
The main changes are:
- The directory libabis/ has been removed as it now lives in
libosmo-abis.
- new configuration file format for nanoBTS and HSL femto, we
need to define the virtual e1_line and attach it to the OML
link.
- all the existing BTS drivers (nanoBTS, hsl femto, Nokia site,
BS11 and rbs2000) now use the new libosmo-abis framework.
- use r232 input driver available in libosmo-abis for bs11_config.
- use ipa_msg_recv instead of old ipaccess_read_msg function.
- delete definition of gsm_e1_subslot and input_signal_data.
These structures now lives in libosmo-abis.
Most of this patch are deletions of libabis/ which has been
moved to libosmo-abis.
This patch also modifies openBSC to use all the new definitions
available in libosmocore and libosmo-abis. In order to do that,
we have replaced the following:
- DINP, DMI, DMIB and DMUX by their respective DL* correspondences.
- SS_GLOBAL by SS_L_GLOBAL
- SS_INPUT by SS_L_INPUT
- S_GLOBAL_SHUTDOWN by S_L_GLOBAL_SHUTDOWN
- SS_INPUT by SS_L_INPUT
- S_INP_* by S_L_INP_* sub-signals
- E1INP_NODE by L_E1INP_NODE vty node
This patch has been tested with:
- one nanoBTS
- the HSL femto with the examples available under libosmo-abis
- BS11 with both dahdi and misdn drivers.
This patch modifies openBSC code to use msg->dst which stores the
pointer to the signalling link structure instead of the pointer to
the transceiver structure.
This patch prepares the introduction of libosmo-abis.
Max
Neels Hofmeyr
Harald Welte