Commit Graph

6734 Commits

Author SHA1 Message Date
Vadim Yanitskiy 8b0737fa71 Use GSM23003_MSISDN_MAX_DIGITS from libosmogsm
Change-Id: If9eb46b83b6ad45f210b86b46dd416352adcc3ff
Depends on: Idc74f4d94ad44b9fc1b6d43178f5f33d551ebfb1
2019-05-29 08:48:16 +00:00
Philipp Maier 483cea889c sgs_iface: detect and react to VLR/HLR failure
The HLR (which is connected via the GSUP interface) may fail and
disconnect. On the next location update the VLR will try to talk to the
HLR and fail. This failure event is not communicated towards the SGs
related code and the SGs-association will remain in the LA-PRESENT state
forever. Lets add code to report the problem to the SGs code and trigger
a RESET an the SGs interface.

- Add a flag to report an HLR problem back to the SGs code
- Fix the FSM that controls the reset
- Make sure the all SGs associations are reset when the failure occurs.

Change-Id: Icc7df92879728bc98c85fc1d5d8b4c6246501b12
Related: OS#3859
2019-05-27 11:49:50 +00:00
Vadim Yanitskiy b683dcfe6b transaction: accept trans_type enum in trans_log_subsys()
Change-Id: I3c373d20ebd6e96ebd57f84b74dc15a6b69c03ac
2019-05-26 09:27:22 +00:00
Pau Espin a3cdab4481 Request Osmux CID and forward it in Assign Req and Assign Compl
Related: OS#2551
Depends: osmo-mgw.git I73b4c62baf39050da81d65553cbea07bc51163de
Change-Id: I5b14e34481e890669c9ee02dba81eba84293cebb
2019-05-21 18:32:38 +02:00
Vadim Yanitskiy 643270f717 libmsc/gsm_04_11.c: properly handle MMTS indication
According to 3GPP TS 29.002, section, MMS (More Messages to Send)
is an optional IE of MT-ForwardSM-Req message which is used by SMSC to
indicate that there are more (multi-part) MT SMS messages to be sent.

The MSC needs to use this indication in order to decide whether to
keep the RAN connection with a given subscriber open.

Related Change-Id: (TTCN) I6308586a70c4fb3254c519330a61a9667372149f
Change-Id: Ic46b04913b2e8cc5d11a39426dcc1bfe11f1d31e
Related: OS#3587
2019-05-19 07:34:35 +00:00
Pau Espin c9ba754235 a_iface: Announce Osmux support on RESET (ACK) send
Related: OS#2551
Depends: libosmocore.git I28f83e2e32b9533c99e65ccc1562900ac2aec74e
Change-Id: Id607f60749e923755cb38179bc283a7957670653
2019-05-19 07:28:02 +00:00
Pau Espin f9f38b568c bssap: Detect BSC Osmux support on RESET (ACK) recv
Related: OS#2551
Depends: libosmocore.git I28f83e2e32b9533c99e65ccc1562900ac2aec74e
Change-Id: If4f33da9b414ab194098755d2c5be85e1fce5d31
2019-05-19 07:28:02 +00:00
Pau Espin 4faff9ef86 vty: Add option to enable osmux towards BSCs
Change-Id: I6de1be0322ddbdc115074ebb6be2598ebf6c95db
2019-05-19 07:28:02 +00:00
Neels Hofmeyr a10d79eab1 build osmo-msc: add "missing" LIBASN1C_LIBS
in osmo-msc/, osmo-msc was actually missing the LIBASN1C_LIBS even
though it included LIBASN1C_CFLAGS. Probably libasn1c is implicitly linked from, but doesn't hurt to name it.

When building without Iu support, the LIBOSMORANAP* and LIBASN1C* vars are
empty, so no need to explicitly switch on BUILD_IU, just name them.

Change-Id: I39ae5e3f0f7661ca9ee5c17a500be28c461d7ec7
2019-05-19 07:25:04 +00:00
Vadim Yanitskiy e0ef6d1e32 libmsc/rtp_stream.c: prevent NULL-pointer dereference
Change-Id: Ie80b9fae490acc9ee8de742e35b6ef59c4388f57
Fixes: CID#198432
2019-05-16 09:03:49 +00:00
Vadim Yanitskiy 56e722ff1a libmsc/msc_vty.c: use llist_count() in subscr_dump_full_vty()
Change-Id: I9e4814d2b2da7d4e75da074e138f423af850ed49
2019-05-16 08:48:51 +00:00
Vadim Yanitskiy 3ccd823ee0 libmsc/msc_vty.c: fix documentation of 'show subscriber id'
Change-Id: I3357e71ae54e22b97cbb3707712445d7602c1129
2019-05-16 08:48:51 +00:00
Vadim Yanitskiy 23d42d6358 libmsc/msc_vty.c: fix: use msub_for_vsub() in subscr_dump_full_vty()
Change-Id: I8a099b71b10ebb5d2bccfc7e78b6d37a1e60add8
Related: OS#4003
2019-05-16 08:48:51 +00:00
Alexander Couzens b10ec6a751 remove msc specific db counters
DB counters has been used to save osmo_counters & osmo_rate_ctr to a local
sqlite databases every 60 seconds.
This is quite slow e.g. 1000 subscriber might slow the msc down.

Change-Id: Id64f1839a55b5326f74ec04b7a5dbed9d269b89c
2019-05-15 18:27:12 +00:00
Pau Espin f15852b992 ran_peer: Move rx_reset_ack logic into its own func
Later on we want to do extra steps upon receiving a Rx Reset Ack
(checking for Osmux support from peer). Let's move handling of this
message into its own function to have handling implementation in one

Change-Id: I516c4baf6071d26f6c530726d93677bed968efd1
2019-05-15 10:25:04 +00:00
Oliver Smith cbf2c93d11 vlr: optionally send IMEI early to HLR
When 'check-imei-rqd 1 early' is set in the config, send the IMEI to
the HLR before doing the location update with the HLR.

The OsmoHLR documentation referenced in the code will be added in
osmo-hlr.git's Change-Id I2dd4a56f7b8be8b5d0e6fc32e04459e5e278d0a9.

Related: OS#2542
Change-Id: I88283cad23793b475445d814ff49db534cb41244
2019-05-15 10:57:43 +02:00
Oliver Smith b8077b0c1d vlr: when setting IMEISV, also set IMEI
Copy IMEISV to IMEI when IMEISV changes. The additional SV digits will
get cut off then. This is needed for the subscriber on demand use case,
since we can get the IMEISV early (see [1]), but need to send the IMEI
to the Check IMEI procedure.

While adjusting the tests, I have noticed that there are code paths
where we ask the MS for the IMEISV first, and later ask the MS for the
IMEI, although we already have the IMEISV. This could be improved in a
future patch.

[1] Change-Id I256224194c3b8caf2b58a88d11dccd32c569201f

Related: OS#2542
Change-Id: I02e7b66848bf7dddb31b105e2ae981432817ae1e
2019-05-15 10:57:43 +02:00
Oliver Smith d103705f01 vlr: fix IMEI length
Set the length of vlr_subscr->imei to
instead of

Note that there is also GSM23003_IMEI_NUM_DIGITS (15), which includes
an additional checksum digit. This digit is not intended for digital
transmission, so we don't need to store it. Also by not storing it, we
can simply copy the IMEI-part from the IMEISV to the IMEI without
worrying about the checksum (will be done in a follow up patch).

A good overview of the IMEI/IMEISV structure is here:

Related: OS#2542
Change-Id: Iaf2569c099874b55acbd748b776394726cc5ce54
2019-05-15 08:53:22 +00:00
Oliver Smith 03ded913ad vty: make retrieve-imeisv-early configurable
Prepare for Rhizomatica's subscriber on demand use case, in which the
network access is disabled by default for new subscribers, but the IMEI
is required in the HLR to find out which user has which IMSI. Due to the
network access being disabled, the location update request towards the
HLR fails and the MS gets rejected, so we need to get the IMEI early.

Related: OS#2542, OS#3755
Change-Id: I256224194c3b8caf2b58a88d11dccd32c569201f
2019-05-15 08:43:39 +00:00
Vadim Yanitskiy d24c46a38b libmsc/ran_peer.c: avoid unreasonable use of goto in ran_peer_down_paging()
Change-Id: I3320240d8f1dc318e516162bb32e01ddafc7e30e
2019-05-14 21:49:47 +07:00
Vadim Yanitskiy ede95d18b3 libmsc/ran_peer.c: fix msgb memleaks in ran_peer_down_paging()
Change-Id: I1e76b5eab7cfa091375bd9c76d8dcdec8d16ffe5
2019-05-14 21:41:06 +07:00
Sylvain Munaut 762bb042ec make LOG_TRANS() NULL-safe again
Previous patch [1] removed NULL-safety from LOG_TRANS(). Fix that.

In case a trans is NULL, it is fine to log in the DMSC category, since the
context should still be general (erratic message or other initial problems).

[1] 7f85acea9b / I6dfe5b98fb9e884c2dde61d603832dafceb12123
    "LOG_TRANS: store subsys in trans, unify USSD logging back to DMM"

Change-Id: I6e36c47bf828dd073b36c6301bbeabcc28e101e6
2019-05-14 09:18:10 +00:00
Oliver Smith ffd522ec6f vlr_lu_fsm.c: assert for invalid events
In state machine callback functions, instead of logging an error when
an invalid event arrives, do OSMO_ASSERT(0).

Change-Id: If5363ae37b414a0ac195e5f89664c75cbad0bb21
2019-05-14 08:19:52 +00:00
Vadim Yanitskiy c5a8e9f19a libmsc/mncc_call.c: fix uninitialized access of stack memory
Change-Id: I5f561d9682c9fb87e4837430063095ef2cb7bd5f
Fixes: CID#198405
2019-05-13 20:15:04 +00:00
Vadim Yanitskiy 444771dae2 libmsc/ran_msg_a.c: prevent chosen_encryption->key buffer overrun
In ran_a_make_handover_request() we do prevent destination buffer
(r.encryption_information.key) overflow, but not source buffer
(n->geran.chosen_encryption->key) overrun if an incorrect key
length is received. Let's fix this.

Change-Id: I278bb72660634c2d535e1bd3d7fce5696da23575
Fixes: CID#198450 Out-of-bounds access
2019-05-13 20:15:04 +00:00
Vadim Yanitskiy 18e8b39fcd libmsc/ran_msg_a.c: refactor ran_a_decode_lcls_notification()
We basically need to make sure that one of two possible IEs
is not NULL, while another is NULL (eXclusive OR). This can
be done using at least two conditional branches.

Change-Id: Ie0f9b5c1bbbfb744e0615da07d76037d91b0abc8
Fixes: CID#198444 Logically dead code
2019-05-13 20:15:04 +00:00
Vadim Yanitskiy bfe8eb7620 libmsc/ran_msg_a.c: avoid ternary operator in struct initialization
For some reason, having ternary operator there makes Coverity think
that 'n->geran.chosen_encryption' is dereferenced before checking
against NULL. Let's make it happy, and move the assignment.

Change-Id: I95051d0f02e2fdd3ec8da3a506109e7b23e99b4b
Fixes: CID#198454 Dereference before null check
2019-05-13 20:15:04 +00:00
Vadim Yanitskiy 36c8153999 libmsc/gsm_04_11.c: fix NULL-pointer dereference in gsm340_rx_tpdu()
Change-Id: I1e9b351e949efe596295d18f98c8a73c8e013763
Fixes: CID#198451
2019-05-13 20:15:04 +00:00
Vadim Yanitskiy 678354f6ba sms_queue_test: assert return value of osmo_use_count_get_put()
Change-Id: I9381e88435ccd856ec619135ca9999c15c25d436
Fixes: CID#198416
2019-05-13 20:15:04 +00:00
Vadim Yanitskiy 4dd477f16c libmsc/msc_a.c: fix possible NULL-pointer dereferences
Change-Id: Id5c95fbf318a2e51e7ffee2e08ceab3042b26cc9
Fixes: CID#198411, CID#198414
2019-05-13 20:15:04 +00:00
Vadim Yanitskiy a870faf674 libmsc/msc_ho.c: fix unreacheable check of MSC-T role allocation
Change-Id: I46fa37ff27e8a4576fdc8edad894ee16759a6e7a
Fixes: CID#198413
2019-05-13 20:15:04 +00:00
Vadim Yanitskiy 48a24cd85b libmsc/sgs_server.c: do not override rc in case of SCTP_SHUTDOWN_EVENT
Change-Id: I06215a7d3dc33f2e8adb77fa1b3f2ac5198dee26
Fixes: CID#190867
2019-05-13 20:15:04 +00:00
Vadim Yanitskiy dcd709948c tests/.../ avoid redundant linkage with librt
The librt is required for old glibc < 2.17 to get clock_gettime().
Since we do check the availability of this function libosmocore
and conditionally link it against librt, there is no need to do
such unconditional and redundant linkage here.

Change-Id: If587d16d2db677b97e3a0641027eb735af9c9c30
2019-05-13 16:56:02 +07:00
Vadim Yanitskiy 59ed7920eb libmsc/gsm_04_11_gsup.c: cosmetic: drop useless variable
Change-Id: I102e1bd0f8365e77bbc9203158909aad8dcf214b
2019-05-12 15:48:51 +00:00
Vadim Yanitskiy 4456065dfe libmsc/gsm_04_08.c: clarify IMEI rejection in gsm48_rx_mm_serv_req()
Change-Id: I65277aee1f52a8b4fd4b970e992482bbadd94d39
2019-05-12 10:35:18 +00:00
Vadim Yanitskiy b380a8c938 libmsc/gsm_04_08.c: refactor CM Service Request parsing
In gsm48_rx_mm_serv_req() we need to make sure that a given message
buffer is large enough to contain both 'gsm48_hdr' and
'gsm48_service_request' structures.

Comparing msg->data_len with size of pointer if wrong because:

  - we actually need to compare with size of struct(s),
  - we need msgb_l3len(), not length of the whole buffer.

Moreover, since we have to use the pointer arithmetics in order
to keep backwards compatibility with Phase1 phones, we also
need to check the length of both Classmark2 and MI IEs.

Change-Id: I6e7454d7a6f63fd5a0e12fb90d8c58688da0951e
2019-05-12 10:35:18 +00:00
Vadim Yanitskiy 2fca80ea56 libmsc/gsm_04_08.c: fix: print proper length value
Since in parse_umts_auth_resp() we are checking the length of
GSM48_IE_AUTH_RES_EXT TLV, we need to print its length, but
not the length of the whole L3.

Change-Id: I2bfebce6d017be834bfe7628ffa2b341eb82c11c
2019-05-12 10:35:18 +00:00
Neels Hofmeyr 0a437be0e3 silence error messages about HANDOVER_END not permitted
The MSC_A_EV_HANDOVER_END exists as parent term event for the msc_ho_fsm, but
it is not actually required as functional event, since all cleanup is handled
in msc_ho_fsm_cleanup().

That's why I never bothered to add the event to msc_a_fsm, but of course that
means we get an error message after each (successful and unsuccessful)
handover, that the MSC_A_EV_HANDOVER_END is not permitted.

Allow the event and ignore it to silence the error message.
Explain in a comment.

Change-Id: Ie8dc0c0a631b7da43111f329562007766a21b134
2019-05-12 10:33:20 +00:00
Neels Hofmeyr 979b057ad7 add DSS logging category
Change-Id: Id7e04c9f5088334cd5ec6cfdb6a9b3a2a7e7fda0
2019-05-12 10:32:42 +00:00
Vadim Yanitskiy 6a689b2b5b libmsc/gsm_04_11.c: cosmetic: restructure gsm411_mm_send()
Change-Id: I22e99f40ab2252a0b716969091e4d24b3b4268a2
2019-05-12 04:17:45 +07:00
Vadim Yanitskiy c11342ec4e libmsc/gsm_04_11.c: fix double init of both SMR and SMC FSMs
Change-Id: I23700a2c575a96057ef22bc5d8ab6271104d619b
2019-05-12 04:17:20 +07:00
Harald Welte 4dd150afa3 Iu: Send SMS over SAPI-3
After neels/ho was merged, SMS over IuCS/RANAP was failing in both
MO and MT direction.  The reason was that all mobile-terminated SMS-CP
layer messages were sent in RANAP with SAPI-0 instaed of SAPI-1.

Change-Id: I98e6eddb52d5c61c4e2d34bdfcd43cf460296ad7
Closes: OS#3993
2019-05-10 23:56:49 +02:00
Neels Hofmeyr f50d13045e call_leg: document the parent_event_* items
Change-Id: Ib099178a0f6ab218646c67c0e7a3d360c81af684
2019-05-10 07:13:53 +00:00
Neels Hofmeyr 265a4c7489 call_leg: remove unused event MSC_EV_CALL_LEG_RTP_RELEASED
The event is actually never dispatched and useless, because when an RTP stream
releases, the call_leg terminates directly anyway (which wasn't apparent when
starting to design the call_leg FSM yet).

Change-Id: I6b2fc1225c960fa2f7c46adf241520217a07821c
2019-05-10 07:13:41 +00:00
Harald Welte c0847d641c SMPP: Don't accept password or system-id exceeding spec length
The SMPP 3.4 specification defines the password field as a
"Variable-length octet string with maximum length of 9", and according
to table 3-1 this means including the terminating NUL-byte.

However, OsmoMSC allows to configure longer passwords in the ESME
configuration. Those passwords will then never match, as libsmpp34
performs length validation and generates a parser error for anyone
trying to send a longer password via SMPP.

The same applies for system-id, where we have to permit only 15
characters with zero termination, but not 16 characters.

Change-Id: I81ef593e84bf1e15f6746386fc145495fae29354
Closes: OS#3166
2019-05-10 07:07:00 +00:00
Neels Hofmeyr 7f85acea9b LOG_TRANS: store subsys in trans, unify USSD logging back to DMM
Instead of calling trans_log_subsys() for each LOG_TRANS() log line, rather
store in trans->log_subsys once on trans_alloc() and use that.

Do not fall back to the RAN's own subsystem (DBSSAP / DIUCS), it makes little
sense and may cause logging to switch subsystems depending on the RAN state.

In trans_log_subsys(), add missing switch cases:

- Log silent call transactions also on CC.
- Log USSD on DMM.

About USSD: we currently have no dedicated USSD logging category. As a result,
after LOG_TRANS() was introduced [1], USSD logged on DBSSAP/DIUCS or DMSC,
depending on whether a RAN was associated with the trans or not. Before that
change, USSD always logged on DMM, so, until we have a separate logging
category for USSD, consistenly use DMM again.

[1] in I2e60964d7a3c06d051debd1c707051a0eb3101ba / ff7074a0c7

Related: coverity CID 198453
Change-Id: I6dfe5b98fb9e884c2dde61d603832dafceb12123
2019-05-10 07:04:50 +00:00
Neels Hofmeyr da3ce717b8 no HO call forwarding if no RTP stream
Fixes: coverity CID 198447
Related: OS#3992 (does not fix, just related)
Change-Id: Ia223c2e20e625879ab71fc5c8afd0305fd224c58
2019-05-10 07:04:50 +00:00
Neels Hofmeyr 911e5979ed make msc_a_vsub() and others NULL-safe
Fixes: coverity CID 198451
Change-Id: Icd146ae512236a09cad080ed3eb85944e8f5cee4
2019-05-10 07:04:50 +00:00
Neels Hofmeyr 4deb8c9ea0 ran_a_make_handover_request(): allow no encryption
Fixes: coverity CID 198454
Change-Id: Ifb83ab2a8b6148b457224687ffada2dff4c3204f
2019-05-10 07:04:50 +00:00
Vadim Yanitskiy 4eca09fdb1 libmsc/gsm_04_11.c: properly handle TP-User-Data-Length
As per 3GPP TS 03.40, section "TP-User-Data-Length (TP-UDL)",
if the TP-User-Data is coded using the GSM 7-bit default alphabet,
the TP-User-Data-Length field indicates the *number of septets*
within the TP-User-Data field to follow. Otherwise, i.e. in case
of 8-bit or UCS-2 encoded data, the *number of octets* is indicated.

Since we store the original TP-UDL value (as received), we might
need to convert septets to octets before passing it to memcpy().
Otherwise this would lead to a buffer overrun.

Also, as we receive TPDU from untrusted source (i.e. subscriber),
the TP-UDL value needs to be checked against the corresponding
maximum (160 septets or 140 octets) and truncated if needed.

Please note that buffer overrun is still possible, e.g. when an
indicated TP-UDL value is grather than the remaining TPDU length.
Preventing this would require adding an additional check.

Change-Id: I4b08db7665e854a045129e7695e2bdf296df1688
Depends-on: (core) I54f88d2908ac47228813fb8c049f4264e5145241
2019-05-10 03:22:32 +07:00