Currently such messages lead to a creation of a new peer with the
SGSN's NSEI, which results in echoing the message back to the SGSN.
This patch modifies this by sending a STATUS response (invalid BVCI)
instead back to the SGSN.
Sponsored-by: On-Waves ehf
This adds a test with a UNITDATA SGSN message that is addressed to an
invalid (unknown) BVCI. The test shows, that the message is echoed to
the SGSN.
Sponsored-by: On-Waves ehf
This adds counters that are incremented when errors are detected.
It also modifies the VTY command 'show gbproxy' so that
'show gbproxy stats' shows the counters.
Sponsored-by: On-Waves ehf
Add the unused attribute to peer_free() that isn't used currently.
Change 'RAC' to 'NSEI' in the log message, since the latter has been
examined before the log message is generated.
Sponsored-by: On-Waves ehf
This adds a simulation of the SGSN side of the Gbproxy. The VC is set
up correctly and several combinations of BSSGP messages are sent.
Sponsored-by: On-Waves ehf
Currently in most places in gb_proxy.c a reference to a NS-VC object
is used where the peer is meant instead. The patch changes this by
using the NSEI instead in these cases.
Sponsored-by: On-Waves ehf
This program tests the gbproxy implementation by passing NS messages
to a modified gbproxy that dumps the resulting messages, signals, and
state.
It focusses on testing abnormal situations like port changes.
Ticket: OW#874
Sponsored-by: On-Waves ehf
This adds a per BTS control command 'timezone' which expects a value
of the format '<hours>,<mins>,<dst>' or 'off' to set the value of
bts->tz. It has the same functionality like the existing VTY command
'timezone' in network/bts.
Sponsored-by: On-Waves ehf
Ticket: OW#978
This adds in-place patching of the time information in the
MM INFORMATION message. The timezone in the 'Local time zone' and
the 'Universal time and local time zone' information elements
and the offset in the 'Network Daylight Saving Time' information
element are optionally set.
The new values are determined by the 'timezone' vty command in the
config_net_bts node. That command is extended by an optional
DST offset parameter.
Tests are provided for the vty part and for the plain
bsc_scan_msc_msg() function.
Sponsored-by: On-Waves ehf
Ticket: OW#978
When verification failed and the reply string was not updated, the
message "Someone forgot to fill in the reply." was shown instead
of the default "Value failed verification." message.
This patch changes the default reply handling in ctrl_cmd_handle()
by setting the reply to NULL initially and then checking it at the
end. If it hasn't been set, a generic message is assigned and an
error is logged.
This script is similar to vty_test_runner.py but tests the control
interface instead.
It currently tests some error cases, BTS status queries, and
setting/clearing rf_locked.
This stores the last SET rf_locked control command along with a
timestamp. The 'show network' vty command is extended to show
this information.
Ticket: OW#659
This prevents the application from crashing when there is a half
configured BTS (e.g. by using the command 'bts 1' when there isn't
a BTS 1) and the 'write' command is used.
Send an USSD message to the mobile station requesting a connection
for a call or a SMS when the link to the MSC is down or in the
grace period.
The messages can be set (and this feature activated) by setting
bsc/missing-msc-text resp. msc/bsc-grace-text via the vty.
The generation of both messages has been tested manually.
Ticket: OW#957
In case of the RLSD coming from the MSC we are patching the address
in-situ but for local calls set con = NULL. We then answered the RLSD
with the wrong reference and the MSC kept on trying.
It was possible to cause a crash by enabling and disabling the
MSC connection. The enabling lead to scheduling a connection
and the second call was not stopping the timer.
Assign a static name to a MSC Connection and use it. In case there
are multiple connections we can now more easily identify them.
This is only used for the NAT right now, the BSC could start to
name the various MSC connections too.
Currently the 'mgcp' command fails in the 'config-nat' node, because
it get confused with 'mgcp-through-msc-ipa' which is executed
instead because of the prefix based command selection. Thus the
latter command is renamed by this patch to avoid the common prefix.
The workaround in the test suite is removed.
Add bsc_install_default() and replace all install_default()
This patch adds bsc_install_default() which calls install_default()
and add 'exit' and 'end'. All other calls to install_default() are
replaced by calls to bsc_install_default().
Since 'exit' and 'end' are now added automatically to each node, the
explicit registrations of these commands are removed by this patch,
too.
The related tests succeed now without work-arounds (except for the
'config' node itself which is part of libosmocore).
ournode_exit() duplicates most of bsc_vty_go_parent(). This patch
fixes the inconsistencies of both functions within
bsc_vty_go_parent() and replaces the implementation of
ournode_exit() by a call to it. This makes 'exit' behave exactly
like ^D in all openbsc nodes.
ournode_end() has been changed to walk through the intermediate
nodes until one of the top nodes is reached. This allows for
cleanups to be done on the way.
Note that in config mode if the tree is searched along the nodes
toward the config node and a command is not found this way, a
rollback is done by just replacing the vty's node and index member
variable by the saved old values which might break the whole thing, when
there has been a free() on the way.
These tests check for the availability of 'exit' and 'end' in each
configuration node and for the node specific commands to traverse
the tree.
In addition, using these commands from within inner contexts is
checked. This will detect problems, when an outer command word is
a prefix of an inner command, like with 'mgcp' and
'mgcp-through-msc-ipa'.
Several assertions are disabled due to inconsistencies and missing
commands (see above).
Addresses:
osmo_bsc_sccp.c:280:2: warning: implicit declaration of function ‘gsm0480_send_ussdNotify’ [-Wimplicit-function-declaration]
osmo_bsc_sccp.c:281:2: warning: implicit declaration of function ‘gsm0480_send_releaseComplete’ [-Wimplicit-function-declaration]
It was possible that the wrong NSEI information was sent to the
BTS. This is because patch_nm_tables is not called before sending
the data to the BTS. This will break when two BTS connect more or
less at the same time.
Stop using the arrays directly and instead introduce a method
that will patch the table and return the data and length. This
makes sure that all users patch the table before we send the
data to the BTS.
I bootstrapped a sysmoBTS and I can bring up rsl. The device is
running with a dummy load so I couldn't do more verification.
Change '%s(bsc)#' to '%s(config-bsc)# '. The missing trailing blank
breaks osmopy's VTYInteract.command() because the blank is contained
in the end patterns which are checked to decide whether to leave the
select loop. Thus trying to execute the 'bsc' command there blocks
the test script forever.
Send an USSD message on each MS connection if the connection to
the MSC has been lost.
Add a vty config command 'bsc-msc-loss-txt' in 'config-msc' to set
the notification string and to enable the feature.
Ticket: OW#957
This command returns the current state of the connection to the USSD
side channel provider. It shows whether a provider has been connected
and authorized or not.
Fixes: OW#953
There's a VTY option by which for every ESME the user can specify if the
E.212 or E.164 number should be used in DELIVER-SM. The ALERT
notifications generate by subscriber LU have so far always contained the
E.212 (IMSI) rather than E.164 (MSISDN) which is a bit inconsistent.
Rather than copying code, we create a new function that implements
ALERTing all ESMEs.
If the MS memory for SMS is exceeded and we get an RP-layer error, we
need to report that back to the (transaction-mode) ESME. Otherwise the
ESME will wait forever after sending a SUBMIT-SM without ever receiving
a response to it.
Thanks to Holger for catching this.
* The post-routing is applied after the first re-writing. To do this
the new number is copied back into the called data structure.
* Add a testcase that goes from 0172 to 0049 and then back to 0049
using the post rule with a table lookup.
* Increase the rewritten rule to five digits (this is the easiest
for the unit test). This will add another 40kb to the runtime size.
* Create a unit test that tests adding and removing the prefix rules.
* Use the regexp match to replace from one package
* It is a trie. The max depth of the trie is the length of the
longest prefix. The lookup is O(lookuped_prefix), but as the prefix
length is limited, the lookup time is constant.
* Each node can hold the entire prefix, has place for the rewrite
rule with up to three digits.
* A trie with 20k entries will take about 3MB ram.
* Filling the trie 100 times takes ~800ms on my i7 laptop
* 10.000.000 lookups take 315ms.. (for the same prefix).
* 93/99 lines are tested, 6/6 functions are tested, 49 of 54 branches
are tested. Only memory allocation failures are not covered
* A late addition is to handle the '+' sign and to increase the number
of chars in the rewrite prefix. The timing/line coverage has not
been updated after this change.
In case we have access to the context verify that the selected
msgb_tlli is either the old_tlli or the tlli in either local or
foreign format. It is wrong to use any other TLLI.
Attempt to solve what f0901f0067 tried to
solve without breaking the case of someone with a foreign TLLI from a
different network.
Lookup with the foreign TLLI converted to a local one in case we did
not find the TLLI and only then create a LLE/LLME on the fly for the
RX path.
During the GPRS Attach procedure we might have a foreign tlli and
in the RX create a LLME on the fly for this tlli. The GMM GPRS
Attach handling code will then assign a new TLLI and keep the
foreign tlli as the llme->old_tlli.
When the GMM is sending the identity request the msgb_tlli will
point to the foreign tlli. The GPRS LLC code will then try to find
that foreign tlli but due the conversion this will not be found.
Instead a new ad-hoc LLE/LLME will be created on the fly for
each message (this means there are duplicate LLE/LLMEs in the
list).
Make the code more strict and remove the tlli_foreign2local change
from the look-up routine. This will make the GPRS LLC code find
the right LLE/LLME and the N(U) will be handled correctly.
This partially reverts:
f0901f0067
Addresses:
<0012> gprs_llc.c:773 LLC RX: unknown TLLI 0xadf11820, creating LLME on the fly
...
<0012> gprs_llc.c:357 LLC TX: unknown TLLI 0xedf11820, creating LLME on the fly
Reproducable:
Use pcu_emu (gprs attach) and observe with wireshark.
In case of a failure this method didn't set the pctx->lib back to
NULL. In case of a timeout the callback will be made with pdp=NULL
and this would lead to leaking the PDP context. Check for the case
of having a pctx->lib != pdp and free it.
This resolves:
<000f> gprs_sgsn.c:259 freeing PDP context that still has a libgtp handle attached to it, this shouldn't happen!
The jenkins build node has Python 2.5.X installed and the
assertGreater method is not available. Use assert_ until
we can use newer versions of Python.
Disable the periodic LU using "no periodic location update" VTY
command. In that case set the expire_lu to 0 which will then be
translated to a NULL in the database layer. This leads to a bit of
copy and paste in the db_sync_subscriber method but I don't see
how we could easily use 'datetime(%i, 'unixepoch')' and 'NULL'
at the same time.
Change the query to find expired queries to check for NOT NULL
and the time being in the past. This means if there are still
old subscribers in the database they might not be expired. One
would need to execute a query like "UPATE Subscriber SET expire_lu
= 0 WHERE expire_lu is null". The same applies when disabling the
periodic LU. One would need to update the database by hand.
Manual tests executed/passed:
1.) periodic LU enabled:
* use gst LUTest.st to do a LU
* UPDATE Subscriber SET expire_lu=datetime('now');
* observe the subscriber being expired (it was)
2.) periodic LU disabled:
* use gst LUTest.st to do a LU
* verify that the expire_lu is NULL in the database
We were expiring subscribers during active calls. This is because
the T3212 is stopped under certain conditions but we didn't stop
that timer at all.
Remember if T3212 timer was stopped due something done by NITB and
update the expiration time at the end of the radio connection, as
the phone should restart it when returning to MM Idle.
It is a bit difficult to decide when we should set the flag. E.g.
in a CM Service Request we don't know if we accept the service and
during a LU we already send MM messages before we accept or reject
the subscriber.
The easiest is to set the flag when receiving a paging response
on known subscribers and at the end of the authentication process.
Do not expire a subscriber that has an active connection that is
marked with the flag, e.g. we would still expire a subscriber that
is being paged.
Manual tests executed/passed:
* gst LUTest.st verified that a expiration date was set
* gst SMSTest.st (doing another LU but forcing a timeout on the
SMS sending). Verified that the expire_lu was updated.
Make sure to not ever have issues with this code again, move the
utility code to a new file and create a basic testcase. The method
currently has 100% line and branch coverage. My initial patched
missed the smpp_utils.c file and I re-did the copying (and verifying
the branch coverage)
bsc_api.c:417:3: warning: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 7 has type ‘unsigned int’ [-Wformat]
bsc_api.c: In function ‘handle_ass_fail’:
bsc_api.c:458:3: warning: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 7 has type ‘unsigned int’ [-Wformat]
db.c: In function ‘db_sync_subscriber’:
db.c:785:3: warning: format ‘%i’ expects argument of type ‘int’, but argument 8 has type ‘time_t’ [-Wformat]
osmo_msc.c: In function ‘msc_release_connection’:
osmo_msc.c:145:20: warning: unused variable ‘trans’ [-Wunused-variable]
smpp_smsc.c: In function ‘link_accept_cb’:
smpp_smsc.c:891:24: warning: assignment from incompatible pointer type [enabled by default]
smpp_smsc.c:271:1: warning: ‘esme_by_system_id’ defined but not used [-Wunused-function]
smpp_openbsc.c: In function ‘smpp_openbsc_init’:
smpp_openbsc.c:545:2: warning: implicit declaration of function ‘smpp_vty_init’ [-Wimplicit-function-declaration]
osmo_bsc_ctrl.c: In function ‘verify_bts_loc’:
osmo_bsc_ctrl.c:340:19: warning: variable ‘height’ set but not used [-Wunused-but-set-variable
smpp_mirror.c: In function ‘main’:
smpp_mirror.c:297:2: warning: implicit declaration of function ‘osmo_init_logging’ [-Wimplicit-function-declaration]
This adds a minimalistic ACL by which certain, individual roaming IMSIs
can be authorized to use the SGSN. So you can selectively bypass the
'MCC+MNC == first 5 digits of IMSI' checking for a couple of IMSIs
It appears to me that for NM_OC_BS11 mo was either NULL or the
one mo value from NM_OC_BS11_RACK. The break inside the nested
switch case didn't break from the outer one.
Fixes Coverity: CID 1040728
The esme->acl is treated like it can be NULL in other places
of the code. Assume it can be NULL during this check as well.
Dereference after null check (FORWARD_NULL)
9. var_deref_op: Dereferencing null pointer "esme->acl".
Fixes: Coverity CID 1042374
As Holger pointed out, they contained a GPLv2+ disclaimer rather than
the AGPLv3+ which we use for OpenBSC. This is not an incompaibility,
but was done unintentionally. The code was always mean to be under
AGPLv3+.
Nevertheless, anyone using those two files in a version up to this
commit have the right to use it under GPLv2+ as well. This is not
applicable for any versions after this commit.
A CM service request must be acknowledged also, when encryption is already
enabled.
Without encryption enabled, the security status is GSM_SECURITY_NOTAVAIL,
which causes a CM service acknowledge. On initial CM service request, the
security status is GSM_SECURITY_SUCCEED, if encryption is enabled. This
will not lead to an acknowledge, because the cyphering command implies an
acknowlege. An additional CM service request requires an acknowledge, so
I added a new security status: GSM_SECURITY_ALREADY
Coverity pointed out that we use trans->subscr after a NULL check,
it is our believe that every transaction will have a subscriber.
Remove the check and add an assert before we are dispatching things.
Fixes: Coverity CID 1040740, CID 1040739
Coverity pointed out that this code is logically dead. Quickly
judging the code we will forward the RSLD message anyway. Remove
the code for now and next time I work on the NAT/USSD bridge I
will have a look at the flow of the RLSD messages.
Fixes: Coverity CID 1042327
The number = int_number assignment will make the number point to
the stack and as the int_number goes out of scope at the end of
the if statement other code could re-use this stack for other memory.
Fixes: Coverity CID 1042325
Coverity complains about the saveptr used in the strtok_r. This
is not a bug because we pass a string as part of the first call
to strtok_r but it is easier to just initialize it.
Addresses: Coverity CID 1042323
This fixes both a GCC and a Coverity warning:
GCC:
gsm_subscriber.c: In function ‘subscr_expire_callback’:
gsm_subscriber.c:389:2: warning: format ‘%i’ expects argument of type ‘int’, but argument 8 has type ‘long long unsigned int’ [-Wformat]
Coverity:
CID 1040712
This is fixing a GCC and Coverity warning.
GCC:
sgsn_vty.c: At top level:
sgsn_vty.c:308:1: warning: ‘show_ggsn_cmd’ defined but not used [-Wunused-variable]
Coverity: CID 1040727
This is fixing a GCC and Coverity warning:
GCC:
sgsn_vty.c: In function ‘vty_dump_pdp’:
sgsn_vty.c:64:5: warning: ‘i’ may be used uninitialized in this function [-Wmaybe-uninitialized]
sgsn_vty.c:49:15: note: ‘i’ was declared here
Coverity: CID 1040706
The code was written like checking the return value of the
osmo_fd_register but the rc variable was not assigned for the
subsequent calls.
Fixes: Coverity CID 1040741
Original code was inconsistent about lengths and could lead to out
of bounds write. Lengths were also inconsistent with the TS 24.008.
Fixes: Coverity CID 1040714.
The support has been implemented for an old model, we were told that
newer versions would be made incompatible with OpenBSC. Ther are
various warnings in the code and coverity has found some new ones.
Just remove the code as we don't know of anyone using this code.
Coverity is not happy about it but it doesn't appear to be a real
issue as the data will not be NULL on the first call.
Addresses: Coverity CID 1040704
In case the specified trx number is not configured, do not crash
but return NULL from the function. The libosmo-abis library should
close the connection for us then.
Begin with the NAT code. It is not clear yet if we will have one
file with all the tests or will have a sub directory with *.py files.
In the long run the base class will move to the osmo-python-tests
module.
The test scripts warn about missing documentation, untested configs,
check common errors, and stub out testing individual VTY commands.
The scripts have been moved to the another osmocom repository,
python/osmo-python-tests
The features were requested by zecke.
In some situations (like MS reboot without prior DETACH or SGSN reboot
without prior MS detach), the LLC sequence numbers for UI mode could
be different on both sides.
The LLC spec unfortunately doesn't permit us to send something like a
FRMR in this case, but instructs us to silently discard the frame. At
that time the remote LLC entity will re-transmit the frame with the same
seqeunce number over and over again, which we will drop again and again.
The mthod used now will keep track of the last received UI sequence
number. If that number is retransmitted for three times in a row, then
we accept this sequence number and recover from that point on.
system_id is a char array, which makes the NULL check a tautology,
so we should check with strlen if the string is empty or not.
This is fixing the "write" command of VTY that would otherwise
create a config file that can not be parsed.
If an ESME has the dcs_transparent config flag, then the TP-DCS
of MO-SMS is transparently passed to SMPP and not converted to SMPP
specific data_coding values.
This is needed in cases where ESMEs actually care about the exact
TP-DCS, as the conversion from TP-DCS to SMPP data_coding is not
bijective.
There are multiple ways how the TS 03.38 TP-DCS can indicate 8bit or
7bit messages. SMPP has it's own data coding specification, which is
different from TS 03.38.
However, some SMPP ESMEs want to be able to have fine-grained control
over the TP-DCS indicated in the TPDU header. If such values like 0xF6
are used in SMPP, we now transparently pass them on to the GSM side.
The RQNT message might not contain a 'S:' line with the actual tone
to play. Instead of calling the callback with the 0 as tone just leave
early.
Example:
X: 6B9519B88F0
R: D/[0-9#*](N), G/ft, fxr/t38
A channel that fails to send an ACK/NACK/REL within the four second
timeout is now marked as broken. In case the release comes in late
it will be ignored. The lchan should already been freed and for now
we don't want to trust the channel.
In the future we might want to send a "release" for a channel that
got activated ack late and just set the state to none on a channel
that is released acked late.
The late ACK and REL has been tested with two manual tests using the
fakebts. The channels remained blocked even after having received
the ACK message here. The NACK case has not been manually tested.
Assume that there is a bsc_gsmnet and modify the ipaccess-config to
provide this symbol. If a bsc_gsmmnet is not available when linked
the linker will complain and fail.
E.g. give an error like this:
../../src/libbsc/libbsc.a(bts_ipaccess_nanobts.o): In function `ipaccess_sign_link_up':
src/libbsc/bts_ipaccess_nanobts.c:550: undefined reference to `bsc_gsmnet'
Make sure that the bts_ipa_nm_sig_cb is only installed once. In
a nanoBTS + sysmoBTS network the _start method will be called
for each mode leading to the handler being registered twice.
Make sure that there is only one handler registered by unregistering
a previously installed handler. The osmo_signal_unregister_handler
will remove 0 or 1 handlers per invocation and we only add one
handler in this file so it is always balanced.
The nanoBTS code is trying to find a struct gsm_bts based on
the ipaccess_gsmnet and the ipaccess_unit data. The pointer is
not initialized in the case of a sysmoBTS leading to a classic
NULL pointer dereference.
Move the feature init into the _init method. This way we can
re-use the start code of the nanoBTS. This ensures that the
ipaccess_gsmnet pointer is properly initialized and that the
signal handlers are installed.
Extend the status message and send LAC/CI as part of the status
message. It is using TV to allow sending more fields in the feature.
We only need to encode the data and this is why there is no tlv
description yet.
The bsc_nat.h is included by common_vty.c so we may not used
sccp_types.h in the bsc_nat.h header file. Move the callstats
to a new file and include it where it is needed.
Find the Cell Identifier from the Complete Layer3 Information and
store it for future reference. We could begin to verify that the
LAC/CI used really belongs to the BSC.
The name sccp_connection is used in the osmo-sccp code, sccp_connections
was used in the NAT for tracking a sccp_connection. Rename it so it is
obvious that the struct belongs to the nat.
The rename was done with sed:
$ sed -i s,"struct sccp_connections","struct nat_sccp_connection",g \
include/openbsc/*.h src/osmo-bsc_nat/* tests/*/*
Prepend the international number with a '+' and then do the normal
re-writing on it. There are a couple of ways to handle this:
\+([0-9]), \+[0-9][0-9]([0-9]), \+49([0-9])
Add a test case for the international re-write based on an already
internationalized number.
Limit the amount of pending DLCX responses to three times the amount
of available endpoints. Currently all MGCP messages are sent and handled
in sequence.
We want to send a TRAP with the MGCP statistics from the NAT and
the connected BSC. The BSC endpoint can be either released because
of a DLCX from the MGCP CallAgent or the SCCP Connection release on
the A-link.
This is why we need to queue the statistics when the deleting the
endpoint on the BSC. The processing is continued once the response
arrives. This code assumes that the response of the DLCX will be sent
by the remote side. The current amount of outstanding responses can be
seen on the VTY. This assumption is based on the fact that the BSC has
already responded to the CRCX and maybe to the MDCX.
The MGCP RFC is bended to prefix the transaction identifier with "nat-"
to easily detect the response and hand it to the handler. This will
then parse the response and generate the TRAP. The current version is
v1. We assume that the transaction space is big enough and we will
not re-assign the transaction identifier too early.
The sysmobts is now having a SAPI queue with all pending SAPI operations
on the BTS. Add the llist_head to the lchan and make sure it is initialized
by the shared code.
The token was compared with the configured one but only up to a
user supplied length. Compare the token sizes and then use memcmp
for the actual comparison to make sure to compare the right ammount
of characters.
There is no unit-test but there should be one.
It was possible that the tmp was strduped but not freed, e.g. when
the number of commas was not right. It would evenutally be freed at
the time the cmd is freed thanks to the talloc hierachy.
An ESME can now be configured in the VTY to enable osmocom-extensions,
which will add vendor-specific SMPP TLVs for RxLev/RxQual/ARFCN/IMEI and
transmit power to the SMPP DELIVER-SM message type.
As bsc_gsmnet is NULL at the time we call smpp_openbsc_init(),
we later run into segfaults with subscribers that don't have a
subscr->net set.
However, we cannot delay smpp_openbsc_init() until after
bsc_bootstrap_network(), as we then fail to parse the SMPP specific
VTY/config file options...
This patch adds a new VTY command "ip.access rsl-ip A.B.C.D" at the
BTS level. If you set this IP address, the BTS will be instructed to
establish the RSL link to the indiciated IP address, rather than using
the same as for the OML link (default).
Use "ip.access rsl-ip 0" to disable the feature.
Inside the SI1 rest_octets we will need to indicate if the ARFCN
is band 1800 or 1900. If the BTS is either 850 or 1900 we assume
we are running a PCS network, otherwise it is a DCS network.
The band indicator is not documented in GSM 04.08 but it is in the
GSM 05.14 version 6.1.0 Release 1997.
abis_rsl.c:332:23: warning: 'memset' call operates on objects of type 'struct rsl_ie_chan_mode'
while the size is based on a different type 'struct rsl_ie_chan_mode *'
[-Wsizeof-pointer-memaccess]
memset(cm, 0, sizeof(cm));
~~ ^~
abis_rsl.c:332:23: note: did you mean to dereference the argument to 'sizeof' (and multiply it
by the number of elements)?
memset(cm, 0, sizeof(cm));
^~
1 warning generated.
The paging structure is still initialized lazily and we attempt
to traverse it before it is ready. The crash was discovered by
Katerina. Removing the lazy initialization will take a bit of work
as the gsm_data_shared is used by the osmo-bts and the OpenBSC but
paging is different.
Katerina pointed out that some nodes are not fully documented and
proposed some messages. The token/timeout messages were correct, I
have modified the other messages. I removed the full-stop from the
PING/PONG documentation as we are normally not using a full sentence.
when the SMS code was moved into libosmocore, its logging prefix was
changed from 'sms' to 'lsms', which breaks existing config files.
This introduces a deprecated/hidden vty command to make sure those
config files are still parsed OK, and will simply print a warning
message about the config needing some update.
The message was corrupt at several points. They are fixed now and
successfully tested.
A default T3122 timer value of 10 is defined by default now. If set to 0,
the reject message will not be sent. Note that when using existing configs
with T3122 value set to 0.
The RF lock excluded BTS was not paged at all. Now forward the
paging message to the handler and call a function that will check
if this LAC can be paged right now. Introduce a new paging method
that allows to page on a dedicated bts, refactor the code to use
this method for paging.
When introducing the exclude for the BTS lock the RF stayed up but
all connections were immediately released. Optionally pass the BTS
as second parameter and check the exclude bit.
Tested-with: rf-lock-exclude/RFLockExcludeTest.st
If after release has been sent, the call control layer waits for:
- reception of release complete
- or timeout
- or release of transaction (due to radio link failure)
In this case, an MNCC_REL_CNF is sent to upper layer. The callref must
still exist, so the upper layer can handle this confirm.
If transaction is destroyed, but callref still exists, the
mncc_release_ind function is called. If the upper layer already sent an
MNCC_REL_REQ, the state N19 was entered. In this case it expects an
MNCC_REL_CNF.
For PCS1900 the SI1 does not contain the ARFCN of the serving cell.
This is because the arfcn2band method will return GSM_BAND_1800 and
not GSM_BAND_1900. The academic fix would be to set the ARFCN_PCS bit
but this would require increasing the bitvector sizes from 1024/8 to
(0x8000 + 1024) / 8. This would increase the storage size for each
bitvector by three.
It is not possible to have DCS1800 and PCS1900 in one network so we
can avoid increasing the memory usage and check if the ARFCN resolved
to 1800 and then check if the BTS is a 1900 BTS and then claim that
this is compatible.
The code predates the TLV parser and we were parsing the RLM from the
wrong offset. In general we were using the length of the TLV which
happened to be equal to the T200 indication.
After consulting the RLM cuases not every of them should generate a
BSC_RLLR_IND_ERR_IND as these are forwarded to the MSC as a SAPI reject
right now.
TLV parsing now generates this due a bug in the osmo-bts code:
abis_rsl.c:1605 (bts=0,trx=0,ts=2,ss=0) SAPI=0 <0000> abis_rsl.c:1547 (bts=0,trx=0,ts=2,ss=0) ERROR INDICATION cause=Fraeme not implemented
For short IP failures we want the RF to stay up and wait for
the re-connect but in case the A-link is gone too long it is
good to switch off the RF and wait for commands to enable it
again.