Do not attempt to change permissions/ownership if the package gets
upgraded from a version higher than the next release.
Do not fail if the user deleted the config file.
Be verbose when changing permissions.
Related: OS#4107
Change-Id: I2b01a7625cf66fbb7d203f939ddcc1cbab43cf33
* Explicitly chown /var/lib/osmocom to osmocom:osmocom, instead of
relying on systemd to do it when the service starts up. This does not
work with the systemd versions in debian 10 and almalinux 8.
* deb: Use "useradd" instead of the interactive "adduser" perl script
from Debian. This makes it consistent with how we do it in rpm, and
avoids the dependency on "adduser".
* deb: Consistently use tabs through the file, instead of mixing tabs
and spaces.
* deb: Remove support for the "dpkg-statoverride --list" logic. This
seems to be a rather obscure feature to override permissions for
certain files or directories, for which it does not seem to be a good
idea to make the postinst script less maintainable. Something similar
can be achieved by using your own Osmocom config file in a different
path with different permissions.
Related: OS#4107
Change-Id: I406ff0d625b02991d580c8382aa4be04dba45a00
Created osmocom user & group during package installation.
Fix the configuration dir/files permission to match.
Related: OS#4107
Tweaked-By: Oliver Smith <osmith@sysmocom.de>
Change-Id: I41d47c0884d09d4674ec806d77e43bc8f08d9b64
Fix a bug introduced in commit
implement CM Re-Establish for voice calls
ae98b97382
Neels Hofmeyr <neels@hofmeyr.de>
Thu Jul 29 22:40:59 2021 +0200
I6fa37d6ca9fcb1637742b40e37b68d67664c9b60
We should only succeed when conn_accepted == true!
Related: SYS#5130
Change-Id: I3679162143e8d7d8c0878de2102faa11eadfccfc
With 'no assign-tmsi', regard any TMSI as invalidated at the end of a
Location Updating procedure. Hence, avoid paging by TMSI.
When 'no assign-tmsi' is set, osmo-msc does not actively assign a new
TMSI at the end of the Location Updating. However, it stores any TMSI
identity that the MS sends in a Location Updating Request. So far, this
caused osmo-msc to use the TMSI that the MS had sent in subsequent
Paging, which goes unanswered by the MS.
(After the long standing evil twin problem regarding TMSI MI has been
fixed in recent Ifdabe0b65bffafbf7b8e5cc10e2d225d1ed1cecd, there is no
longer an evil twin risked by clearing out a TMSI.)
Related: SYS#6860 OS#4721
Change-Id: I583682d1a35a70b008d7bb2d89ba7c3109a60b21
When a subscriber first attaches by TMSI only, and later tells the IMSI
via ID Response, it may turn out that this IMSI already exists in the
VLR database. If this happens, the TMSI that the subscriber issued was
not known in the existing VLR entry, indicating that the subscriber has
in the meantime camped on a different core. Which means we can assume
that there cannot be any active connections, and the old subscriber can
be discarded, for the benefit of the new one.
(We could also discard the new one, but it is more complex to reparent
the ongoing FSMs for Compl L3 than to copy some dormant VLR state.)
In vlr_subscr_set_imsi(), check for an existing IMSI entry in the VLR.
If such exists, copy any pending Paging and auth tuple state to the new
subscriber, and discard the old one from the VLR.
In order to safely discard a vlr subscriber by force, add a new vlr_ops
function: subscr_inval(), to tell the MSC that a vlr_subscr is no longer
valid.
Upcoming patch I583682d1a35a70b008d7bb2d89ba7c3109a60b21 better clears
TMSI state from the VLR, making it more likely to hit the evil twin
situation this patch fixes; hence this is, sort of, preparation.
Related: SYS#6860 OS#4721
Change-Id: Ifdabe0b65bffafbf7b8e5cc10e2d225d1ed1cecd
We have an msc_conn_ref pointer from vlr_subscr to an active msc_a
instance. So far, we just keep it pointing at discarded memory. Instead,
make sure it goes back to NULL when the msc_a instance deallocates.
This way the VLR can reliably tell whether a given VLR entry still has
an active connection or is just inactively caching the subscriber.
Related: SYS#6860 OS#4721
Change-Id: Ic63d01d220b63453976fe06a7c6b606f97172c99
* 'sizeof(sms->user_data)' evaluates to 256
* 'ud_len' is of type 'uint8_t' and cannot be greater than 256
Change-Id: Ia71a0b6b9421911dc5113782d2f555a640fd90ed
This commit simply fixes a -Wenum-conversion thrown by clang.
No idea why are we using the SM (GPRS Session Management) cause values.
msc_a_release_mo() does not even use the given SM cause value.
Change-Id: Iade6bf97466ab2b3b39e9ea123fc90d06c0f6a9b
This was found thanks to clang (-Wenum-conversion):
warning: implicit conversion from enumeration type
'enum gsm48_gmm_cause' to different enumeration type
'enum gsm48_reject_value' [-Wenum-conversion]
Change-Id: I0b820bb2a8e561682a8158fc51bd9565f5912d56
I'm not sure why so many files (particularly written by Neels)
did contain a GPLv2+ header, instead of the AGPLv3+ which is the
actual overall project license. I consider it a mistake.
In any case, any copyrightable contribution to those files was done by
sysmocom employees, so I as managing directory can legally make a
license change, whther or not it was a mistake early on or not.
The only GPLv2-or-later file remaining is mncc_internal.c, as it has
more contributors and a longer history.
Change-Id: I8650697592b3160c4d0a7c61ae9c46d4aacb3bef
(Same as osmo-bsc I47c9011b5e0e2886d221e34e6aa281d1dd0495c7)
*.vty tests are picked up by the Makefile.am by means of a wildcard --
they are run when they are there. So when you forget to add it to
EXTRA_DIST, it will be run in your local build tree, but it will be
silently omitted from a distribution tar, and nothing will complain
about it gone missing.
Instead, also use a *.vty wildcard in EXTRA_DIST. So any *.vty test
added to the git source will both be run *and* included in distribution
tars implicitly.
So far, test_neighbor_ident.vty was missing from the distribution.
Change-Id: Id28e020fc59b83d1b4cd0e5b72314a46bea62259
Better match the pattern of sdp_audio_codecs_* instead of having
foreach_ in the front. Prepare for prepending osmo_ some day, because I
plan to move the SDP API to a separate library.
Change-Id: Ia96190e0bdb513886663be1c8c12be3b403b71c9
When we get the codec filter result logged, it is most interesting to
know the caller. So wrap a file-line macro around trans_cc_filter_run().
Change-Id: I243404487c1871e921b08098086ef2fc78a5561d
The comments indicating which two "members" are identical are
inaccurate. (One of them is a macro pointing at the other.)
Change-Id: Ifaa2f361db77cd0ed3ad39d6ca197195b9354ea1
Currently the CSD check is in the middle of figuring out the voice codec
for normal voice calls. Rather do the CSD check first, and then do voice
in one coherent section.
(prep for upcoming change in this code, to support AMR rate selection.)
Change-Id: Ibd21f0bb46c66a406904105564ce961a8760cbe7
Before the codec filter, it would have been the CN side codec, but now
it is only the codec that the RAN reports as assigned, fed into the
codecs filter.
(prep for upcoming change in this code, to support AMR rate selection.)
Change-Id: Ie7966099c5565013018734b0c2028484c24341a7
This also makes sure it doesn't compile against older libosmogsm gsup
versions which would break ABI.
Related: OS#6091
Depends: libosmocore.git Change-Id 70be3560659c58f24b8db529c4fc85da4bb0ec04
Change-Id: Ia002fd6e0334d56de34d352a0bf1a8604e2e9fd3
low/high layer compatibility are used for capability checking between
caller and called entitiy. The transcoding is performed by libosmogsm.
Related: OS#6152
Depends: libosmocore.git Ia6a2159ecf810a02f85b558026edf20b934567de
Change-Id: I760980a7e17e2fa81615adc69ef85797eb0c07f1
low/high layer compatibility are used for capability checking between
caller and called entitiy.
The information is added to the end of struct gsm_mncc increases, so
that the version number needs not to be incremented.
Related: OS#6152
Change-Id: I15f5afcf069ee6c1c4641108ceacc837bee311b5
We do include this IE in result and error messages, but somehow
not in the request messages. For the sake of consistency, let's
ensure that the Source Name IE is present in all SMS related PDUs.
This additionally brings osmo-msc in sync with ttcn3-msc-test, which
was modified to expect the Source Name IE in all receive templates,
and makes the following testcases pass [again]:
* MSC_Tests.TC_gsup_mo_sms
* MSC_Tests.TC_gsup_mo_smma
* MSC_Tests.TC_gsup_mo_mt_sms_rp_mr
Change-Id: I65f5e3b7a0688e258979bb2679598659881a4321
Related: osmo-ttcn3-hacks.git Ic24d3082fe3dce08e43e8f3ecb6d6132503c55c6
Related: OS#6135
... so that it's clear which MNCC handler is used by looking
at the output of `show running-config`.
Change-Id: Id1fe7aecc1c8445db48ff5fddcf6df0f05ba5e2e
Prior to this change, if there was no explicit ipa-name configuration
in OsmoMSC, OsmoHLR would see the GSUP connection as MSC-00-00-00-00-00-00.
However, this default is constructed somewhere deep in IPA libraries
and is not visible to the GSUP client application, in this case OsmoMSC.
This situation creates a problem for SMS-over-GSUP routing: when we get
MT-forwardSM.req from an SMSC, we have to send a GSUP response, and this
response needs to get back to the MT-sending SMSC. Because OsmoHLR
applies only passive routing for these responses, we have to set
source_name when generating MT-forwardSM.res in OsmoMSC - but we cannot
do so if don't know our own IPA name.
Change the default OsmoMSC ipa-name from MSC-00-00-00-00-00-00 to
unnamed-MSC, mirroring OsmoHLR default of unnamed-HLR, and set it
at our application level rather than deep in the libraries.
Related: OS#6135
Change-Id: I7bacd001b81326c32bc262c7d0c0491ded822fa8
Previously added codecs tests uses non-default PT number sent by MT and
adopted by MO. Also test the other direction, i.e. a non-standard PT
from MO is adopted by MT.
Related: OS#6258
Change-Id: I8fbabe242982441d676d09f4d0ed7557c8349f2c
In msc_vlr_test_call.c, allow to tell MO non-default payload type
numbers in the SDP, to verify that it adopts the other call leg's PT
numbers.
Actually apply the non-default payload type number (AMR=96 instead of
the default of 112 from codec_mapping.c) and see the effects in
msc_vlr_test_call.err.
The diff shows that, as intended, the change in payload type number
should result in modifying the MGW endpoint to change the earlier '112'
to the modified '96' used in this test.
Related: OS#6258
Change-Id: I25df2ed7ad792fbe66dfd0fbf08182c9cf6cfc5b
In msc_vlr_test_call.c, allow to tell MO non-default payload type
numbers in the SDP, to verify that it adopts the other call leg's PT
numbers.
This test differs only slightly from the first codecs test, so in this
patch add the test as a 1:1 copy of the first test. The next patch [2/2]
will then show only the difference the new test makes.
Related: OS#6258
Change-Id: I618e3cf1b412985589a0c63bd76b7a60202f17b9
In patch I8760feaa8598047369ef8c3ab2673013bac8ac8a, osmo-msc learns to
handle codec mismatches reported by MT. For simplicity, that patch cuts
short the msc_vlr codecs tests by validating only the first codec.
Now test the full list of codecs properly.
This also introduces testing the re-assignment that MO does to match
MT's codec limitations, and removes the "EXPECTED FAILURE" markers.
Related: OS#6258
Change-Id: Ib933554f826c1b4347dfa3f6c4f6fe086be8b133
It was true once, but not since "do CN CRCX first"
Ie433db1ba0c46d4b97538a969233c155cefac21c
Related: OS#6258
Change-Id: I94e430e4e5b5bf18dbb155258d82f599ada453e6
This is the last missing piece that allows osmo-msc to make good TFO
codecs choices.
Since the codec_filter, osmo-msc properly gathers codec options and
limitations. But the MO call leg still assigns a voice channel before
getting a response from the MT call leg, and is then stuck with that.
Add the capability to adjust the MO call leg's codec in case the MT side
needs a different codec for TFO.
This is only relevant for 2G; on 3G we always have AMR/IuUP.
For inter-MSC handover, keep the behavior unchanged: offer only the
currently assigned codec to the remote side. Codec-changing HO should be
equally trivial to implement, but that is for another day.
msc_vlr_test_call's codec tests are adjusted to test the new feature in
Ib933554f826c1b4347dfa3f6c4f6fe086be8b133. For now, avoid change in
these tests by validating the first codec in SDP lists only.
Related: OS#6258
Related: osmo-ttcn3-hacks I402ed0523a2a87b83f29c5577b2c828102005d53
Change-Id: I8760feaa8598047369ef8c3ab2673013bac8ac8a
Used by I8760feaa8598047369ef8c3ab2673013bac8ac8a to add just a single
codec to a speech codec list, instead of a list.
Change-Id: I6ac23c54bc26939e048ff2df06eb987421cfb1c5
To parse and handle SDP included in incoming MNCC, use rx_mncc_sdp()
everywhere. So now rx_mncc_sdp() is the single implementation for
parsing the SDP string and taking action for codecs if needed.
One current dup of this code has a fall-back to use legacy bearer cap --
absorb that into rx_mncc_sdp(), so that we now also do that fall-back
for all of the incoming MNCC that contains bcap.
This is a cosmetic preparation for implementing MO Re-Assignment to
match MT's codec limitations.
Change-Id: I94ae11654e1f88fbd64361b639a4c583836dc13e
We're checking the result of trans_alloc() 6 out of 7 times, so check
it in gsm_silent_call_start() too, for the sake of consistency.
Change-Id: Ie989cd8146d66d9531cf3f3d84f46a2c6fcc2e5c
Fixes: CID#322140
"[ESTABLISHED] transition to state ESTABLISHED not permitted"
i.e. don't complain when we already are in the established state.
Change-Id: I9b1fd63ed1ee7ed2877a4b2059386354598f4ea4
The cfg bits are for AMR-HR, not GSM-HR. The function
gsm0808_enc_speech_codec_list2() will return -EINVAL when it encounters
GSM-HR with non-zero cfg bits.
It appears this mapping was never used before, and my testing of call
re-assignment to match MT's codecs (it allows more than just the
assigned codec, because it can re-assign) has uncovered this bug
via MSC_Tests.TC_ho_inter_msc_out. I don't fully understand all the
details why we didn't see this before; anyway, the fix is obvious.
Change-Id: I19cff847a0f618ad000d12c1df54c55ef2f79699
The SGs interface is currently only casually mentioned in the chapter
running, even though the SGs interface is a prominent and often
requested feature. Let's give the SGs interface its own section so that
users can find the info about it quicker.
Related: OS#6008
Change-Id: Ic7c17511ee19cb7f6d5069b27beb661ecb4b0be8
When trying to modify the value of an SGs counter (eg. ns11), then the
setting is never stored. The reason for this is that OsmoMSC uses the
wrong string table to compare the user input.
Related: OS#6008
Change-Id: I0358c1ec0026c37fda6db1f3af3145393df25cfd
Only the originator may terminate the VGCS/VBS call. This will not
happen in real life, because the UI of the MS should not allow
termination of a recevied VGCS call.
Change-Id: Ibe289920fa3ea50dd3e7d5c1371456dca9b72604
Related: OS#4854
Certain calls (seen on very old Nokias) won't have the rate adaptation flag
set on "analog" CSD calls. The field for the intermediate rate (after RA) is
still filled correctly.
Workaround this by setting the RA to V.110 whenever the RA is unset but an
intermediate rate is specified.
Change-Id: I5b3e5649fe071636f1becddfbfee06f9175a5f17
Bearer capability 3k1_AUDIO and FAX_G3 are only important
for the interworking function, the MSC should handle
these calls the same as CSD calls with unrestricted digital
bearer capability.
Change-Id: I198aa867a8f236b8ddd05d3b2356f64b876fd4c1
For MO-forwardSM and MT-forwardSM request messages, OsmoHLR applies
routing based on the SMSC address for MO or based on the IMSI for MT.
However, reply messages following these requests are routed passively
based on the destination_name IE. This passive message routing path
requires the source_name IE to be set as well - implement this
source_name setting.
Related: OS#6135
Change-Id: I0b7f4760bdce8a38d43d3860086c6dfb7b390701
When OsmoMSC is used with OsmoHLR rather than a GSUP-to-MAP gateway,
MT-forwardSM.req GSUP messages delivering MT SMS will be coming from
a separate SMSC relayed via OsmoHLR, rather than from OsmoHLR itself.
When we reply to these messages, in order for these replies to reach
the MT-sending SMSC via OsmoHLR, we need to save source_name from
the request and regurgitate it into destination_name in our response
messages. Implement this logic.
Related: OS#6135
Change-Id: I436e333035b8f6e27f86a49fe293ea48ea07a013
If the GSUP request message to which we are replying is an MT SMS
delivery from an SMSC relayed via OsmoHLR, we must set destination_name
in our reply - otherwise our reply won't make it back to the SMSC.
Related: OS#6135
Change-Id: I892fe87a733a78ed9d5761a8ce238caa135dea1e
The intent of the guard timer is to clear hung or stuck states
during call setup or teardown. However, there are some MNCC
messages that will be exchanged between OsmoMSC (passing CC
messages to and from the MS) and the external MNCC agent during
the active call state, not related to setup or teardown: DTMF
start and stop, plus call hold and retrieve operations for call
waiting. Unpatched OsmoMSC restarts the guard timer on every
received MNCC message, even those that pass through to CC without
affecting any state, and the result is breakage for users.
Consider the case of an IVR where you have to press some DTMF keys
before you can be transferred to a human operator. You press the
needed keys, get the human operator, and start talking. Then
3 minutes into your conversion (default guard timer duration)
your call unceremoniously disconnects without any warning.
Fix: look at the MNCC message type, and skip the call to start
the guard timer for known-benign MNCC messages.
Change-Id: Ibe2dd53f8e9e06d175b64df67d2a2e3e2d4155aa
This is a fixup for the patch
'3G: decapsulate IuUP to AMR at the MGW; allow 3G<-AMR->2G'
I386a6a426c318040b019ab5541689c67e94672a1
After above patch, osmo-msc intelligently decides which codecs to run on
which legs of the RTP streams. In the meantime, it seems the necessary
matching changes to call_leg_local_bridge() had been lost somehow.
Testing 3G to 3G voice now, I noticed that call_leg_local_bridge()
overwrites the intelligent choices made earlier.
The history of an MGW endpoint that should convert from IUFP to plain
AMR, extracted from a pcap, looks like this:
<- CRCX None None
-> CRCX-OK audio 4050 RTP/AVP 112 None
<- MDCX audio 4056 RTP/AVP 112 AMR
-> MDCX-OK audio 4050 RTP/AVP 112 AMR
<- MDCX audio 4056 RTP/AVP 96 VND.3GPP.IUFP
-> MDCX-OK audio 4050 RTP/AVP 96 VND.3GPP.IUFP
So after call_leg_local_bridge(), there is an extra MDCX + MDCX-OK that
switches the codec from 112 AMR back to 96 IUFP.
That is because call_leg_local_bridge() copies the *RAN* side's codec to
both CN sides, which used to be ok when RAN and CN codecs were always
identical.
Instead, adjust only the CN sides of the MGW endpoints, and adjust them
so that both CN sides are identical. osmo-mgw should then be able to
trivially translate the codecs appropriately.
Change-Id: I130bcd77ec57e332370c487a11b0b973b6e1089d
Fail if MNCC tries to switch the Information Transfer Capability from
CSD to speech, so it is obvious that something is wrong here. I ran into
this while writing a test.
Related: OS#4394
Change-Id: Ibb76d08cad1ac3bc3320391c89766150a2e605c3
Reject any other codec than GSM0808_SCT_CSD in Assignment Complete from
RAN, if OsmoMSC is preparing a CSD call.
Related: OS#4394
Change-Id: I94de84df41bcd050d0e7b4e4fea1c6a6551ef7d3
Instead of asserting on an empty list of bearer services, return
-EINVAL. This makes the function more similar to
sdp_audio_codecs_to_gsm0808_channel_type which also doesn't assert if
an empty list of codecs is passed.
Related: OS#4394
Change-Id: I15a389e1f7a9d3d17b6531c9836d3d5f9d148267
The MS in general provides the Selected PLMN ID (IE) in the Complete
Layer 3 Information message. osmo-msc handles that message in
msc_a_ran_dec_from_msc_i() and stores the information of the PLMN in
msc_a->via_cell. If no PLMN information is provided in the message, then
at that same place the PLMN configured in the VTY is taken as an implicit
default.
This patch changes trans_lcls_compose() to use the PLMN stored in
msc_a->via_cell instead of the VTY configured one, meaning the PLMN
provided by the MS (through the RAN in use) is used if available
(otherwise the VTY-configure one is still used, as before).
With this patch the PLMN VTY config option use is relegated to a single
point of use in msc_a_ran_dec_from_msc_i() where the Complete Layer 3
Information is used. As a result, it becomes clear now that the VTY
config is only applied in the scenario where no PLMN is provided at that
time.
Related: SYS#6360
Change-Id: Ibad0005a1d7cef64dd8fefa3e554ba99a06c3666
The MS in general provides the Selected PLMN ID (IE) in the Complete
Layer 3 Information message. osmo-msc handles that message in
msc_a_ran_dec_from_msc_i() and stores the information of the PLMN in
msc_a->via_cell. If no PLMN information is provided in the message, then
at that same place the PLMN configured in the VTY is taken as an implicit
default.
The PLMN information stored in msc_a->via_cell is then finally stored
into vsub->cgi in evaluate_acceptance_outcome().
This patch changes gsm0408_loc_upd_acc() to avoid re-applying the PLMN
configured at the VTY again, and instead use whatever is already in
vsub->cgi. This is more correct since the PLMN provided by the MS takes
precedence over the implicitly configured one, meaning several PLMNs can
be handled. Otherwise, the code is always overwriting the PLMN announced
by the network on a specific RAN with the one in the MSC, which may end
up with unexpected results.
Related: SYS#6360
Change-Id: I421bd63a264db2bf6e1c4a4eea976f389e87b332
Currently this function fails to initialize all bcap fields properly,
so the resulting CC Setup message generated by osmo-msc has some
fields set to reserved/invalid values.
With these changes I am able to establish a data call on TCH/F9.6:
* cap->{mode,coding}: assign default values explicitly;
* cap->radio: value 0 is reserved, set GSM48_BCAP_RRQ_FR_ONLY;
* cap->data.sig_access: value 0 is reserved, set GSM48_BCAP_SA_I440_I450;
* cap->data.transp: this is not a bool, set GSM48_BCAP_TR_{TRANSP,RLP};
* cap->data.{nr_{data,stop}_bits,parity}: set 8N1 by default;
* cap->data.modem_type: explicitly assign default value;
* cap->data.interm_rate: value 0 is reserved, set GSM48_BCAP_IR_{8k,16k}.
The related libosmocore.git patch additionally fixes encoding of the
"Connection element (octet 6c)", so that bcap->data.transp is used.
Change-Id: If49c89e4f867bac92ad062c062b9f36bab2b4531
Related: libosmocore.git I7339908864e8a2aef6f2b48a108650167e413c7f
Related: OS#6110, OS#4394
Without the gsm0808_speech_codec functions:
* codec_mapping_by_gsm0808_speech_codec_type(), and
* codec_mapping_by_gsm0808_speech_codec()
fail to find the codec mapping for CLEARMODE.
Change-Id: I87b3aedaf7ff7bbbcb381e94158566dc765e3ae6
Related: OS#6110, OS#4394
As per 3GPP TS 48.008, section 3.2.2.103, the Codec Type is valid if
at least one of FI, PI or PT is set to '1'. Otherwise the Speech
Codec Element is considered invalid and shall be ignored.
Change-Id: Ibc452d37d4215c961a7946eef3ba2e7efdba078b
Related: OS#6110, OS#4394
Whenever we call build_tlv() we must
call destroy_tlv() after we are finished with it.
Similarly, smpp34_unpack() makes calls to smpp34_malloc()
and these need to be free'd by us later.
Change-Id: Ic2abcbe78cf7cf7b6ce36fe09aa9b4f8daee973f
Voice group call and voice broadcast call messages as well as assignment
result are forwarded to VGCS/VBS call control.
Change-Id: Ie68eedb8fcb064a55cd71b58630d7a8c8b5f29ad
Related: OS#4854
When sending or receiving BSSMAP reset msg, the ongoing VGCS/VBS SCCP
connections are cleared. E.g. this happens if the BSC is restarted and
there is an ongoing VGCS/VBS call at this BSC.
Change-Id: Ib0b309150b82148098d05cfb1fb18767283e654e
Related: OS#4854
When the calling phone releases the uplink before it has been assigned
to the group channel, it will send an UPLINK RELEASE message on the
dedicated channel.
This message is forwarded to VGCS state machine to handle the release
there.
Change-Id: Ie8f7338da18eaaefbb022c09b96f18a3d78f8a95
Related: OS#4854
Switching ASCI support is controled via VTY. This added in a later
patch. (Chg-Id: I5bd034a62fc8b483f550d29103c2f7587198f590)
Change-Id: Id68deb69f7395f0f8f50b3820e9d51052a34f753
Related: OS#4854
A voice group/broadcast call has no SCCP connection that is related 1:1
to a calling or called subscriber. Instead there are multiple connections
between MSC and BSS. Some of them control the uplink for each BSS and
some of them assign the channels for each BTS.
SCCP connections are maintained by the VGCS call control. Message from the
RAN are directly forwarded to the VGCS call control.
Change-Id: Ie4a2f19ba75140a6f2de02b709597239c01f02a2
Related: OS#4854
There is no GSM0808_DATA_RATE_TRANSP_300 (not in libosmocore and not in
3GPP TS 48.008 § 3.2.11 on which the enum is based). As I understand it,
we need to use GSM0808_DATA_RATE_TRANSP_600.
As pointed out in review, either TCH/H2.4 or TCH/F2.4 would work for
rates below 9600, so use GSM0808_DATA_FULL_PREF.
Use GSM0808_DATA_FULL_BM instead of GSM0808_SPEECH_FULL_BM. The value is
0x8 for both, but this is the correct name.
Related: OS#4394
Change-Id: I7297cc481fbe36355b5231ca800cf566a1ee93c0
VGCS/VBS messages from BSS are decoded and a receiver funktion for
the GCC/BCC (VGCS/VBS call control) is selected.
Change-Id: Ief6259ba3914eeaceb063b562a0bcbc48349ce60
Related: OS#4854
The (optional) call reference is required to assign a calling subscriber
to a voice group/bcast channel. The BSC can then determine to which
existing VGCS/VBS channel the MS is assigned to.
This IE is part of the GSM standard TS 48.008 (see §3.2.1.1)
Change-Id: I7955c6e0eebc930f85f360dda46be17cbd39e181
Related: OS#4854
This is a built-in data structure to store and handle voice group calls.
The GCR will be used by VGCS/VBS call control.
(Chg-Id: I9947403fde8212b66758104443c60aaacc8b1e7b)
The GCR will be used by VTY code.
(Chg-Id: I5bd034a62fc8b483f550d29103c2f7587198f590)
Change-Id: Ia74a4a865f943c5fb388cd28f9406005c92e663e
Related: OS#4854
Generally a transaction is linked with a subscriber (vsub).
A voice group call transaction may not have a subscriber associated. The
vsub field of the transaction will be NULL. If the group call is
initiated by a calling subscriber, the vsub field is set until the
calling subscriber is assigned to the voice group channel. If the group
call is initiated via VTY, vsub field is not set on creation of the
transaction.
Change-Id: I2b9afe95db4c106c141f4b7bd199ec74e197e523
Related: OS#4854
- TRANS_GCC is used for the voice group call.
- TRANS_BCC for the voice broadcast call.
This also includes the use counters for transaction and CM service
request usage:
- MSC_A_USE_GCC
- MSC_A_USE_BCC
- MSC_A_USE_CM_SERVICE_BCC
- MSC_A_USE_CM_SERVICE_GCC
Change-Id: Iddd11f813582ac2ac2bdee91cc3a525986deb514
Related: OS#4854
A transaction can be identified by the callref and the type. Because
transactions with different types may share the same callref value,
it is required to include the type in the trans_find_by_callref()
parameters.
E.g. a voice group call may have the same callref as a voice broadcast
call, but they are different calls. They also may not be confused with
other transaction types having eventually equal callref value, like
GSM 04.08 calls, SMS or supplementary services transactions.
By adding the transaction type to trans_find_by_callref(), we
essentially now use the (type, callref) tuple as unique ID for
transactions, instead of just callref.
Change-Id: Ic0b82033a1aa3c3508ad610c690a5f29073006c1
Related: OS#4854, OS#3294
Allow the caller of rtp_stream_alloc() to define what events will be
dispatched to the parent FSM. This allows other state machines to use
rtp_stream. It is required for using RTP stream process with VGCS FSM.
Drop the unused parent_call_leg member.
Change-Id: I0991927b6d00da08dfd455980645e68281a73a9e
Related: OS#4854
So far rtp_stream_commit() triggers an MGCP MDCX message only when
codecs or the RTP address changed.
Do the same for mode changes. ('sendrecv', 'recvonly', 'sendonly',...)
Change-Id: I7a5637d0a7f1df13133e522fc78ba75eeeb2873e
Related: OS#4854
The MGCP protocol features the 'C' (call-id) to identify which
connections belong to the same call. They may be used by MGW for
accounting or management procedures.
So far we sent the MNCC callref as call-id. Instead, add a separate
unique call_id number space. Assign a unique call_id to each
transaction.
Change-Id: I36c5f159fa0b54fb576ff8bd279928b895554793
Related: OS#4854
Use the MNCC bearer capabilities in CC setup for CSD, if available.
Note that in the MNCC_F_BEARER_CAP code path sdp_audio_codecs_set_csd()
also gets called by trans_cc_set_remote_from_bc().
Related: OS#4394
Change-Id: I56e49ebc41696912a81b8f4f63fbc36d0b605e9e
Check the return code before writing it to unsigned ct->data_rate, as
"ct->data_rate < 0" is never true.
Fixes: CID#321277
Fixes: 106321 ("Add initial CSD support with external MNCC")
Change-Id: I5d77da71b60748818ba631229126c1bf061a9c7d
Prepare to use trans->bearer_cap.transfer in trans_cc_filter_run() to
differentiate between speech and data (CSD).
Related: OS#4394
Change-Id: Id0476a4882bcb27413d033f2de2c5288954f0b95
Move remote out of codecs, as it will be used by CSD code as well.
Otherwise we would need to store it twice (in cc.codecs.remote and
cc.csd.remote).
Related: OS#4394
Change-Id: I5d2e078db3b3437cb6feae40d8955912d7a297e4
Remove the comment as trans->bearer_cap will be used in CSD code to
differentiate between speech and data.
Related: OS#4394
Change-Id: I0539632f464bc44945599bec52dc2a4df2f0115f
Remove the misleading "We must not pass bearer_cap to
codec_filter_init()" part of the comment. The function doesn't accept a
bearer_cap parameter, it cannot be passed to the function:
void codec_filter_init(struct codec_filter *codec_filter)
{
*codec_filter = (struct codec_filter){};
}
Related: OS#4394
Change-Id: I87a1e371e108d8da514b30f1726aad0f85ea4111
In all the places where codec_filter_ functions get called, for CSD we
will need to filter the bearer services. Add a new
transaction_cc.c file for functions that either combine the
codec_filter_ function with logic for CSD and voice calls or just call
the existing codec_filter function and a new csd_filter function.
Start with moving codec_filter_set_ms_from_bc to this new file, it will
be extended with a case for CSD in a future patch.
Related: OS#4394
Change-Id: If225f2a299ce6bc9ae35a17d6f591d889f49155e
cat-testlogs.sh does "exit 1", so no workspace.tar.xz is created.
Call this script after archiving the workspace.
Change-Id: Ibcb842f32418e66a186d6b21bb5861cf4a0b7c4a
Fixes: 799d972132 "contrib/jenkins: create workspace.tar.xz on error"
Related: OS#5665
In order to figure out why we sometimes get a coredump in the jenkins
master jobs, add a quick hack to get all relevant binaries on libraries
on error.
Related: OS#5665
Change-Id: If7b4eb050e2b3f763b5cfddf1a5b6a18bb41f46e
For all 3G calls, convert IuUP <-> plain AMR/RTP on the MSC's MGW hop
like this:
Before this patch:
hNodeB <--IuUP--> MGW@hnbgw <--IuUP--> MGW@msc <--IuUP--> other call leg
After this patch:
hNodeB <--IuUP--> MGW@hnbgw <--IuUP--> MGW@msc <--AMR--> other call leg
^
This allows, in principle, 2G to 3G calls without expensive transcoding,
like this:
hNodeB <--IuUP--> MGW@hnbgw <--IuUP--> MGW@msc <--AMR--> MGW@msc <--AMR--> MGW@bsc <--AMR--> 2G-BTS
^
(So far only proven to work with AMR-FR at 12k2.)
3G to 3G calls now look like this:
hNodeB <--IuUP--> MGW@hnbgw <--IuUP--> MGW@MSC <--AMR--> MGW@MSC <--IuUP--> MGW@hnbgw <--IuUP--> hNodeB
^
Implementatino: get rid of the shim that was put in place to still send
IuUP (VND.3GPP.IUFP) to the CN. So now, for all 3G voice, the IuUP gets
decapsulated to plain AMR/RTP at the MSC's MGW hop.
What is proven to work with this patch:
successful voice call between 2G and 3G with these conditions:
- a hNodeB that stubbornly accepts only 12k2 AMR;
- a 2G BTS configured to use only TCH/F and only FR3, with only 12k2 as
allowed AMR rate.
We have not yet seen a call working for TCH/H HR3 <-> 3G, because of the
lab hNodeB's limitation to 12k2.
Future work we probably need:
- properly request and negotiate AMR rates via SDP fmtp:mode-set.
- request more RFCIs in our RANAP RAB Assignment requests
(see I61e0e9e75e3239662846fd797532acdefa9f73dc).
- Convert IuUP to AMR already at the HNBGW's MGW?
Solving this is not part of this patch.
Related: SYS#5092
Change-Id: I386a6a426c318040b019ab5541689c67e94672a1
When the SMS sqlite db is opened and not closed properly, sqlite will
print a trace on the next OsmoMSC startup while restoring the database.
This happens when e.g. attempting to bind OsmoMSC on an IP that is not
available (yet) and then restarting OsmoMSC.
db.c:521 Init database connection to 'sms.db' using SQLite3 lib version 3.34.1
db.c:318 SQLITE3: (283) recovered 37 frames from WAL file /var/lib/osmocom/sms.db-wal
backtrace.c:42 backtrace() returned 22 addresses
backtrace.c:53 /lib/x86_64-linux-gnu/libsqlite3.so.0(+0x36a56) [0x7f1518c00a56]
backtrace.c:53 /lib/x86_64-linux-gnu/libsqlite3.so.0(sqlite3_log+0x9e) [0x7f1518c00b3e]
backtrace.c:53 /lib/x86_64-linux-gnu/libsqlite3.so.0(+0x5f4f4) [0x7f1518c294f4]
backtrace.c:53 /lib/x86_64-linux-gnu/libsqlite3.so.0(+0x5fbb3) [0x7f1518c29bb3]
backtrace.c:53 /lib/x86_64-linux-gnu/libsqlite3.so.0(+0x7ee02) [0x7f1518c48e02]
backtrace.c:53 /lib/x86_64-linux-gnu/libsqlite3.so.0(+0x7f908) [0x7f1518c49908]
backtrace.c:53 /lib/x86_64-linux-gnu/libsqlite3.so.0(+0xb9a5f) [0x7f1518c83a5f]
backtrace.c:53 /lib/x86_64-linux-gnu/libsqlite3.so.0(+0xcddac) [0x7f1518c97dac]
backtrace.c:53 /lib/x86_64-linux-gnu/libsqlite3.so.0(+0xcddef) [0x7f1518c97def]
backtrace.c:53 /lib/x86_64-linux-gnu/libsqlite3.so.0(+0xf537d) [0x7f1518cbf37d]
backtrace.c:53 /lib/x86_64-linux-gnu/libsqlite3.so.0(+0xb479e) [0x7f1518c7e79e]
backtrace.c:53 /lib/x86_64-linux-gnu/libsqlite3.so.0(+0xb79b6) [0x7f1518c819b6]
backtrace.c:53 /lib/x86_64-linux-gnu/libsqlite3.so.0(+0xb8116) [0x7f1518c82116]
backtrace.c:53 /lib/x86_64-linux-gnu/libsqlite3.so.0(+0xb853f) [0x7f1518c8253f]
backtrace.c:53 /lib/x86_64-linux-gnu/libsqlite3.so.0(sqlite3_prepare_v2+0x16) [0x7f1518c826a6]
backtrace.c:53 /lib/x86_64-linux-gnu/libsqlite3.so.0(sqlite3_exec+0xb4) [0x7f1518c8fce4]
backtrace.c:53 /usr/bin/osmo-msc(+0x1bf13) [0x564f81946f13]
backtrace.c:53 /usr/bin/osmo-msc(+0x524c0) [0x564f8197d4c0]
backtrace.c:53 /usr/bin/osmo-msc(+0x1324e) [0x564f8193e24e]
backtrace.c:53 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xea) [0x7f1518991d0a]
backtrace.c:53 /usr/bin/osmo-msc(+0x13fea) [0x564f8193efea]
Related: SYS#6360
Change-Id: I9bb799048db5fcdb2a2520107bd75d5f7a865459
Don't fall back to the legacy config if the pool is configured but no
connection to any pool member can be established.
Depends: osmo-mgw I009483ac9dfd6627e414f14d43b89f40ea4644db
Related: OS#5993
Change-Id: I44e7b2723d801ceb03aaa2e5546802b4eb56b3c3
In msc_vlr_test_call, we fail to send the right MNCC struct for
MNCC_RTP_CREATE. We should pass a struct gsm_mncc_rtp. Fix that.
Change-Id: Ia0b3253f85c716e45f925da3f58f025af1f15ec9
In order to send the MSC's RTP endpoint IP address+port in the initial
SDP, move the MGCP CRCX up to an earlier point in the sequence of
establishing a voice call.
Update the voice call sequence chart to show the effects.
Though the semantic change is rather simple, the patch is rather huge --
things have to happen in a different order, and async waits have to
happen at different times.
The new codec filter helps to carry codec resolution information across
the newly arranged code paths.
Related: SYS#5066
Change-Id: Ie433db1ba0c46d4b97538a969233c155cefac21c
Upcoming patch 'do CN CRCX first' changes the ordering of MGCP. To
properly show the change in behavior in the msc_vlr_test_call, first
clarify which side is expected to do MGCP when.
Related: SYS#5066
Change-Id: I972e7426006e5b62f81ccfe4fa224ee9eed7a7ac
Transmit and receive full SDP information via MNCC, to accurately pass
codecs choices between the call legs.
In msc_vlr_test_call.c test_call_mt(), show that when receiving MNCC,
the codec information in SDP overrules the Bearer Cap codec information
-- we expect to still receive inaccurate Bearer Cap from e.g.
osmo-sip-connector, because we have chosen to add SDP to MNCC instead of
trying to fix the codecs represented in Bearer Cap.
For internal MNCC, the MT call leg now knows which codec the MO has
chosen and assigned.
For external MNCC, osmo-sip-connector receives SDP about our codecs
choices and sends it in SIP messages, and we also receive the full SDP
information from the remote SIP leg.
Update the SDP in codec_filter every time it is received, to always have
the latest SDP information from the remote leg.
CC MNCC
| ---ALERTING--> | add local side SDP to MNCC msg
| <--ALERTING--- | store remote side SDP
| <--SETUP-RESP- | store remote side SDP
| --SETUP-CNF--> | add local side SDP to MNCC msg
| -RTP-CREATE--> | use codec_filter, add local side SDP to MNCC msg
| <-RTP-CONNECT- | store remote side SDP
There still is one problem: when initiating MNCC, we do not yet know the
RTP address and port to be used for the CN side, because the CN CRCX
happens later. So far we send 0.0.0.0:0 as RTP endpoint in the SDP,
until the CN CRCX is done. A subsequent patch moves CN CRCX to an
earlier time, adding proper RTP information right from the start.
Related: SYS#5066
Change-Id: Ie0668c0e079ec69da1532b52d00621efe114fc2c
So far, patches have set up rtp_stream to allow setting multiple codecs,
and collected the codecs information into the codecs filter struct.
Now actually use the codecs filter result to choose a codec.
Setting up the call leg FSMs and codecs still looks rather confusing in
this patch, because this is an incremental step in a larger series. The
upcoming patch 'do CN CRCX first' clarifies this substantially.
The resulting codecs behavior is tested in upcoming patch
I879ec61f523ad4ffc69a0b02810591f7c0261ff9. (The test ideally should have
come before this patch, but my time to rework this branch is up.)
With the codecs filter in place, we are ready for sending and receiving
full SDP via MNCC, see upcoming Ie0668c0e079ec69da1532b52d00621efe114fc2c
and Ie433db1ba0c46d4b97538a969233c155cefac21c
Related: SYS#5066
Change-Id: I66e7c8c5e401f4f3a7d3d42b9525b2c6e99691d9
So far, we just forwarded the Bearer Capabilities received in MNCC from
the remote MO call leg, and omitted Bearer Cap if the remote call leg
did not provide any.
Instead, always include Bearer Cap, and compose it from the codecs
filter result. Hence the Bearer Cap is now an intersection of MS, BSS
and remote call leg, instead of just the remote call leg.
Related: SYS#5066
Change-Id: I9586221ef56352b7ce4b2604ae0dc04554145a78
Do not convert to enum mgcp_codecs, but directly pass the
gsm0808_speech_codec IE from the A interface to codecs handling.
For Iu:
- RAN side: use ran_infra.force_mgw_codecs_to_ran to keep the MGW
endpoint towards RAN on IUFP.
- CN side: introduce flag ran_msg.assignment_complete.codec_with_iuup,
so to decide whether to forward IUFP towards CN, we don't need to test
the RAN type, but use the flag from the ran_msg implementation.
In msc_vlr_tests, use the SDP codec string instead of enum
mgcp_codecs.
So far limit to intra-MSC related messaging, adjusting inter-MSC
handover follows in a separate patch.
Change-Id: Ia666cb697fbd140d7239089628faed93860ce671
Allow configuring MGW conns with multiple codecs. The new codecs filter
can have multiple results, and MGCP can configure multiple codecs. Get
rid of this bottleneck, that so far limits to a single codec to MGW.
On Assignment Complete, set codec_filter.assignment to the assigned
codec, and use that to set the resulting codec (possibly multiple codecs
in the future) to create the CN side MGW endpoint.
Related: SYS#5066
Change-Id: If9c67b298b30f893ec661f84c9fc622ad01b5ee5
Indicate in the ran_infra data structure whether a RAN needs specific
codecs to be set up on the RAN facing MGW endpoint.
This allows setting forced RAN codecs as first-class citizen in the
ran_infra data structure, instead of special cases in the code (for IuUP
on IuCS).
Will be used in subsequent commit
I37f65c36af2679ecba1040a11a9aa0eb9481d817, submitted separately for
easier readability.
Change-Id: I37f65c36af2679ecba1040a11a9aa0eb9481d817
Codec List (BSS Supported) is received once in Complete Layer 3 and
again in Assignment Complete messages. Use the most recent one, i.e. the
one from Assignment Complete, when it occurs.
Related: SYS#5066
Change-Id: I5e66ecc7987fa926f39d8be8eaf5799b931ab20a
I noticed by chance that the Assignment Complete message generated in
the test lacks a remote RTP address for the RAN side.
Make the test more realistic by adding a remote RTP address and port. It
doesn't have any bearing on the tests besides more accurately showing
RTP stream setup in the logs.
Change-Id: Ia428762a16dcc17f036d725a00e0b3767418289b
Collect either the SDP or the Bearer Capabilites in the incoming
MNCC in the new codecs filter.
So far just collect the info and do not change the behavior, using the
filter result will follow in a subsequent patch.
Related: SYS#5066
Change-Id: I84d9bbca3e4061da622b1b2fc0bde8868e7e3521
For MT call, initialize the codecs filter and apply the
Codec List (BSS Supported) from Compl L3.
Related: SYS#5066
Change-Id: I530409a64d11da48518a3dc60aa3a4e47c384663
The initial Compl L3 happens long before we establish a CC transaction.
Remember the Codec List (BSS Supported), so that we can feed the new
codecs filter with it. Subsequent patches implement feeding the filter.
Related: SYS#5066
Change-Id: I7cdc348218433141a43d2e42750af02591688240
Add the central codecs_filter for Call Control. The new member is not
used in this patch yet, subsequent patches will start to populate the
various stages of this codec filter, one by one.
Related: SYS#5066
Change-Id: Ib3fdeff8d1e1ea0760168d63ee6e1b1fb993aa5f
Add the infrastructure to store and filter all codec limitiations from
the different stages: MS, BSS, CN and remote call leg. Upcoming patches
will properly collect these and find an optimal codec.
No functional change, yet.
Related: SYS#5066
Change-Id: I4d90f7ca62f2307a7b93dd164aeecbf4bd98ff0a
Converting between different codec representations is confusing. This
codec mapping provides a consolidated overview of all our codec
representations, and how they match up.
In particular, it adds the SDP codec representation repertoire,
preparing the use of full SDP on the MNCC interface.
Related: SYS#5066
Change-Id: Iaa307be6a8487aa8d4ba7cd59d5c5ef04818a744
This option should be used for any executables which are used only
for testing, or for generating other files and are consequently never
installed. By specifying this option, we are telling Libtool that
the executable it links will only ever be executed from where it is
built in the build tree. Libtool is usually able to considerably
speed up the link process for such executables.
Also take a chance to add the missing $(COVERAGE_LDFLAGS).
Change-Id: I664a9d5abed2777deee302f9d3afd1bbfde7a844
Same as voice_call_external_mncc.msc, but run with internal MNCC. Shows
some curious differences like the MNCC_LCHAN_MODIFY that internal MNCC
sends, but external doesn't.
Change-Id: Ic003322dc4e3fce24a8413688cfe18198a4dc08a
Re-run the msc_log_to_ladder.py on an actual 2G-2G voice call log, to
see if anything changed in the meantime, to prepare for upcoming changes
to the sequencing of establishing voice calls.
Also shows recent improvements on picking up RTP ports from MGCP and
MNCC.
Change-Id: I9dcf980ad24d5921c291c9aada211b37f6f3db7f
(multiple changes in one patch because who cares about this script)
tweak regexes -- they worked ok, but some of the '[^:]' should really be
'[^:)]', and they also look happier that way.
don't skip RAN=NONE, so we also see messages before Complete Layer 3.
s/sip/mncc, to generally be valid for both internal and external MNCC.
pick up RTP port information from MGCP OK
pick up RTP port information from MNCC rx and tx
add --verbose flag, to be able to check whether the regex rules are
still working (getting any hits).
fix rule_imsi_detach: should return True to be counted in --verbose.
tweak comment 'Generated by...' to include the full git path.
Change-Id: If619182ba76c6b238a1fa105a3c3449d7f473dd1
Omit "in state FOO", because LOG_TRANS() already logs the state.
Most MNCC "rx" logging was duplicated. Log "rx" only once.
If there is RTP information passed with the MNCC message, log it:
- if there is SDP, log the SDP information.
- if there is no SDP, log the legacy MNCC RTP fields, if any.
One motivation to do this is to get RTP information in ladder diagrams
generated by msc_log_to_ladder.py without the need to add udtrace MNCC
logging to osmo-msc; and also to get RTP info for internal MNCC, where
udtrace doesn't apply, because no unix domain socket is involved in
internal MNCC operation.
Change-Id: I4b916cb482ed441b508c6295de211a21c49cd5c1
Both EXTRA_DIST and CLEANFILES had missing entries. It is easy to
forget to keep them up to date. Rather use wildcards to always pick up
all relevant files.
(Not adding *.dot because there are no .dot charts here, yet.)
Change-Id: I3a18e4608a310169d7c9cd9c1b8ac9015a990920
Since osmo-mgw now supports IuUP properly, and since we indicate IUFP in
the MGCP CRCX towars an IuCS RAN [1], we should no longer place the MGW
endpoint in loopback mode to hack up an IuUP Initialization.
This hack should have been removed along with [1].
[1] IUFP sent to MGW since this commit:
commit 3a02d29804
Refs: 1.8.0-13-g3a02d2980
Announce IuFP audio codec for UTRAN conns in CRCX towards MGW
I7aca671e00ed27ac03f0d106b5a6b665a9bed4c1
Change-Id: I6446c64421e3e13e2b829293d031c98b99cd39a7
A new VTY node was added in commit [1], but bsc_vty_go_parent() was
not updated. Because of that, commands following the MGW node may
crash osmo-msc. See related patch [2] for more details.
Change-Id: I2422fa9152ecc8c4be1f2487ee016c3fe737e653
Fixes: [1] b44cf2d575
Related: [2] osmo-bsc.git Id3050ff7e2402c33ee76c7bf0cc83603c0cc6dfc
According to 3gpp spec the Call Reference part of GCR is 5 octets,
3 octets Call ID followed by 2 octets BSS ID.
We are using our internal call reference (4 octets) and the
location area code, or optionally Cell ID as BSS ID
(2 octets). Obviously it does not fit.
Let's use only 3 octets from the call reference, dropping the MSB.
Includes code by Vadim Yanitskiy <vyanitskiy@sysmocom.de>
Change-Id: I9c33a89c819e8925d89ca833d7705ed5ced6b566
Now that the warnings in osmo-iuh have been fixed, we should be able to
build the IU version of OsmoMSC with --enable-werror too.
Related: OS#4462
Change-Id: Id54be9dd1aa66cc27eb5ee4010be9e495865b331
When the HLR fails to return auth info and authentication and ciphering
are configured to be optional, fall back to no-auth.
This patch concludes a series of preparatory patches and implements the
actual functional change.
Related: OS#4830
Change-Id: I5feda196fa481dd8a46b0e4721c64b7c6600f0d1
Add third outcome of auth_fsm: the no_auth_info_event, which should be
dispatched when auth failed because the HLR has no auth info for this
subscriber, i.e. not because an actual auth challenge failed.
No functional change: Handling no_auth_info_event separately follows in
another patch (to allow fallback to no-auth). Feed the same
_E_AUTH_FAILURE as no_auth_info_event to still behave unchanged.
Related: OS#4830
Change-Id: I5103b1f2727f1729a5517ae359df813d50436ed3
Previous patch added the AUTH_FAILURE event, which means that the
AUTH_RES event now only signals success. Reflect that in the name.
No functional change.
Related: OS#4830
Change-Id: I7124a3591fcf36cee06d7488eeb94f9b85af5dc2
Explicitly send distinct parent events on auth success and failure. So
far determining success depended only on the data pointer passed on with
the event. Distinct events clarify the logging and the FSM code.
This prepares for a third FSM outcome to be added in a subsequent patch,
to separately signal when the HLR has no auth data.
No functional change.
Related: OS#4830
Change-Id: I02776dfe6785983f2ebe398f57867f5ceb288ba0
These functions actually return whether these procedures should be
attempted, not whether they are absolutely required. Rename to avoid
confusion in upcoming patches.
Related: OS#4830
Change-Id: I0ea90476470109134411255ffd1f11d88236c91b
For establishing Layer 3, pass a flag from msc_a to VLR that indicates
to fail if encryption is not possible.
An earlier patch [1] renamed a previously existing flag
require_ciphering to is_ciphering_to_be_attempted, because the naming
was not accurate. This new flag now indicates what its name suggests.
This new flag is needed for upcoming patch [2] to distinguish between
optional and mandatory encryption.
[1] Ia55085e3b36feb275bcf92fc91a4be7d1c24a6b9
[2] I5feda196fa481dd8a46b0e4721c64b7c6600f0d1
Related: OS#4830
Change-Id: I52090c5f5db997030da7c2ed9beca9c51f55f4cf
Clarify the name to avoid confusion in upcoming patches.
This function actually returns whether any ciphering mode besides A5/0
is enabled, and does not imply that ciphering is mandatory. A5/0 may
well be allowed when this function returns true.
Related: OS#4830
Change-Id: Ia55085e3b36feb275bcf92fc91a4be7d1c24a6b9
This way we document the recently gained support for MGW pooling.
Related: SYS#5987
Depends: osmo-gsm-manuals.git Change-Id Ieda0d4bfe6fc90da6e19c791d8ec2da89427ba3b
Change-Id: I9d8116a74a63591599c4cbafa60f9a313e6ab19c
Since call_leg_fsm_releasing_onenter() calls immediatelly
osmo_fsm_inst_term(), it meant we couldn't receive any event in that
state because osmo_fsm disables event dispatching to FSMs being
terminated.
As a result, CALL_LEG_EV_MGW_ENDPOINT_GONE was never received and hence
call_leg_mgw_endpoint_gone() was never called, which means the
mgcp_client used in cl->mgw_endpoint was never put back to the pool.
By first freeing all the children (rtp_streams), we make sure
cl->mgw_endpoint ends up with no conns and sends us the GONE event
before we go ourselves into termination state.
Related: SYS#5987
Change-Id: I2126578c4e64c9f336e8a1f6ee98de970866b8dc
New VTY commands have been added recently to the "mgw" node which drop
the redundant "mgw" prefix on each fo them.
Change-Id: I8ac11388e9493416b644812638e1374251725584
Depends: osmo-mgw.git Change-Id: Id55af13d2ecde49d968b9dca6a2f8108a17ec484
Related: SYS#5987
Let's use the new API available in libosmo-mgcp-client to control more
consciously where the mgw pool config is printed.
Before this patch, the place where the node was printed was defined
based on implementation details on how the enum of nodes are defined and
installed.
Related: SYS#5987
Depends: osmo-mgw.git Change-Id I7a620cf47886d8ecab30ce369cf123d98ab842c5
Change-Id: Ic473fe05c55e8df3eddedf0260ec04b6fefc501f
Large RAN installations may benefit from distributing the RTP voice
stream load over multiple media gateways.
libosmo-mgcp-client supports MGW pooling since version 1.8.0 (more than
one year ago). OsmoBSC has already been making use of it since then (see
osmo-bsc.git 8d22e6870637ed6d392a8a77aeaebc51b23a8a50); lets use this
feature in osmo-msc too.
This commit is also part of a series of patches cleaning up
libosmo-mgcp-client and slowly getting rid of the old non-mgw-pooled VTY
configuration, in order to keep only 1 way to configure
libosmo-mgcp-client through VTY.
Related: SYS#5091
Related: SYS#5987
Change-Id: I7670ba56fe989706579224a364595fdd4b4708ff
Those commands are not controlled/implemented in this repository, so
it's a bad idea having them show up here, since they may change. be
modified, become deprecated, etc.
They are actually becoming deprecated now in libosmo-mgcp-client
(osmo-mgw.git Change-Id Id55af13d2ecde49d968b9dca6a2f8108a17ec484) and
hence they don't appear anymore when listing the node.
Change-Id: I5d908f9e3023f725d49ed039158bd3d09828f12c
The global g_smsc struct pointer is defined twice in the same file.
Let's keep the earlier definition.
Related: OS#5568
Change-Id: If96a44450563d45b707bdd4165cf3cf269db9906
The timer "mgw X2" (RTP stream establishing timeout)
is set by default to 30 seconds.
When an MT call is ringing and remains unanswered, it
is this timer that will expire, and the call is terminated.
Up to now this results in a CC_CAUSE of Resource Unavailable
and if osmo-sip-connector is in use, the SIP agent will
get 503 Service Unavailable.
While "resource unavailable" may be technically correct, in
that the MGW did not return an rtp stream in time, returning
"No User Responding" (resulting in SIP 480) is probably a
more accurate description of what actually happened,
allowing the switch to inform the caller.
Change-Id: I4a9cfc388ec9ecb743d154a114a6db638eac4701
Move it closer to the other MNCC_F_* entries, so that it's more
likely that it gets updated when new flags are added.
Change-Id: If1a12a696b87184c9eee14f475594c317927427b
Related: OS#5282
In c6921e5068, 0x4000 was added to the
possible MNCC field flags, but before this commit, using it would
result in an ERROR of "Unknown MNCC field mask 0x....."
Related: OS#5282
Change-Id: I9e7d224e7f2d6d2824b2466752b6e8c994ac5a3d
This helps to merge similar code from smpp_mirror and smpp_* in follow-up patches.
Related: OS#5568
Change-Id: I8f7ac2c00d16660925dd0b03aa1a0973edf9eb70
By default systemd will execute service with root directory (or home directory for user instance) which might result in
attempts to create files in unexpected place. Let's set it to 'osmocom' subdir of state directory (/var/lib for system instance) instead.
Fixes: OS#5661
Change-Id: I0f942545d9e920ba8a2d8645512ec3414ab27418
Parallel build has been fixed [1] and re-enabled [2] back in 2018.
Change-Id: I13d2d6f3b5ffae390cf429e41bf9035b8c551f66
Related: [1] I5a9d7dbd7b992d322ed0d852ebf8ca2252b51a12 libsmpp34.git
Related: [2] Id41fbcb5a96093eb6c3dc00bcacbd379111ada70 libsmpp34.git
As part of preparation for libosmo-netif migration let's move common SMPP code
into separate build-time library and use it for both smpp_mirror and OsmoMSC
renaming the files if necessary.
While at it we also fix id/password legth limits in smpp_mirror and drop unused
fields from ESME struct.
Related: OS#5568
Change-Id: I61910651bc7c188dc2fb67d96189a66a47e7e8fb
This allows us to drop single-use parameters from osmo_esme to facilitate further code changes.
Related: OS#5568
Change-Id: I34bd4c145b0f6287a323e2350808feb59f1d3187
Having smpp_smsc_stop() called from within smpp_smsc_start() instead of
explicitly inside smpp_smsc_restart() is confusing and could lead to
hard-to-trace bugs. Let's get this fixed first before going further.
Related: OS#5568
Change-Id: I353f5b82c9f5308d93e926538d4ef7e24d0b0339
Some functions act on a struct sdp_audio_codecs but begin with the name
sdp_audio_codec (singular). That's confusing.
Related: SYS#5066
Change-Id: Id87eb350c1f17f8dbf776909824bfa06634c1d04
A problem with SDP fmtp handling is visible in this patch: when cmp_fmtp
is true, we compare fmtp strings 1:1, which is not how things should be
done. The intention is to fix fmtp handling in a later patch.
At least there now is a flag to bypass fmtp comparison altogether.
Related: SYS#5066
Change-Id: I18d33e189674229501afec950aa1c732386455a2
libsqlite3 that ships with some distributions may have secure_delete
activated by default. This means all database records are overwritten
with zeros on DELETE. We don't needs this extra overhead.
Change-Id: I9da6499a38096c8df2025bb9d35ec789864b7c5e
The Binary format changed when libdbi was removed. If we let osmo-msc run on an
unconverted database, the results are unpredictable, certainly undesirable.
Change-Id: I887b6a4374b1c83684f4007e9791ae58bba4e8c1
README.md in-line with that of other osmocom CNI projects:
* markdown syntax
* link to manuals, issue tracker, gerrit contributions, etc.
Change-Id: I98e09e8900c359382e2a90b187f0c6f22a1cf81d
This is meant as a safeguard against users or user equipment which
doesn't set a reasonable validity period. Using this setting, the
SMSC administrator can set a minimum SMS validity period. Any SMS
submitted with lower validity period will be extended to that minimum.
Change-Id: I192528a6f9059d158fa12876a247d61bd7edaec8
Related: OS#5567
Before this patch, we always ignored any SMPP-provided validity period
and used '0' which is now, and means it expires immediately.
As SMPP allows for validity_period of NULL, use 7 days as SMSC default
in such situations.
Change-Id: Iad9f2697f045ed3bc0eb74c3a9730861f82e6c48
Closes: OS#5567
This introduces some VTY settings that determine if delivered
or expired messages should be removed from he SQL database or not.
Change-Id: Id6174875d5c01c40d987077651b27ae1acbcaa93
The pre-historic sms_queue code used to have very strange aspects,
such as having some parameters (max-failure, max-pending) which could
only be sent from the 'enable' node, but not from a config file.
Before adding more configuration parameters, let's clean this up by
introducing a proper VTY config node for the 'smsc'; move the existing
config commands there and add new ones for max-failure and max-pending.
As the sms_queue data structure is only allocated after the config file
parsing happens, we are introducing a new 'sms_queue_config' data
structure. This encapsulates the public readable/writable config
parameters.
Change-Id: Ie8e0ab1a9f979337ff06544b9ab3820954d9804a
As we're using WAL mode, it is not neccessary to use synchronous=FULL
but rely on synchronous=NORMAL mode while still guaranteeing database
consistency.
To do this, we can fix the typo in one of our two PRAGMA statements,
and remove the other.
See https://www.sqlite.org/pragma.html#pragma_synchronous for the
sqlite3 documentation on that topic.
Change-Id: Ie782f0fe90e7204c4d55cdb3948b728c348367d1
Closes: OS#5566
RelateD: OS#5564, OS#5563
The choice of libdbi was one of the biggest early mistakes in (back
then) OpenBSC development. A database abstraction library that
prevents you from using proper prepared statements. Let's finally
abandon it and use sqlite3 directly, just like we do in osmo-hlr.
I decided to remove the database migration code as it would be relatively
cumbersome to port all of it to direct sqlite3 with prepared statements,
and it is prone to introduction of all kinds of errors. Since we don't
have a body of older database files and comprehensive migration tests,
it is safer to not offer migration code of uncertain quality. The last
schema revision (5) was introduced 5 years ago in 2017 (osmo-msc
v1.1.0), so it is considered an exceptionally rare case. People can
install osmo-msc 1.1.0 through 1.8.0 to upgrade to v5 before using
this new 'direct sqlite3' version of osmo-msc.
Change-Id: Ia334904289f92d014e7bd16b02b3b5817c12c790
Related: OS#5559, OS#5563, OS#5564
ERROR: files left in build directory after distclean:
./sms.db-shm
./tests/sms.db-shm
./tests/sms.db-wal
./sms.db-wal
Change-Id: Iecd380f598edbd1635361e4c340d54d092739919
Both callers would immediately execute sms_pending_add() after
a successful sms_pending_from(); we can merge those two functions.
Change-Id: Iaf37234b3caafd568dd4fe17739be9ec842c2a8d
This avoids every caller from manually having to remember to
increment the count, the stat_item and llist_{add,del}.
Change-Id: Ice4c73727ef2d7e4118f0ef5fe24cae943c7528f
If the ESME has been disconnected (dead socket) but still is
in memory (other users hold a use count), we shouldn't enqueue
messages to the write queue.
This prevents messages like
DSMPP write_queue.c:112 wqueue(0x7f8bc392f6e0) is full. Rejecting msgb
Change-Id: I10a270f1d555782be272f4d78da43190618a9950
Closes: OS#3278
When the SMPP code free's an ESME it also free's the related write_queue
and the osmo_fd contained therein. So if this happens while we are
in esme_link_read_cb(), we must return -EBADF to make
osmo_wqueue_bfd_cb() of libosmocore avoid further accessing related
memory.
Change-Id: I441d3b05c2f2556c530783a7f66c73adf6d845a1
Closes: OS#5565
This should give us some more insight into what is happening inside
the MSC's VLR in terms of number of subcribers, rate of successful /
unsuccessful GSUP procedures, etc.
Related: OS#1974
Change-Id: I681bcfc1875363478190151f2931cad197323ee8
The function vlr_subscr_rx_imsi_detach() implies that an explicit IMSI
DETACH was received. However, that same function was called in other
situations such as timer expiration or GSUP CANCEL.
Let's clean this up by splitting the function into two parts.
No logical change is introduced to the VLR in this patch.
Change-Id: Iffc02f3062ad591ca372a3c6d866066cf63a8830
It makes the code much more readable if there's at least a one-liner
documenting each function (and struct member).
Change-Id: I6d239369cabdf1703eba7f3606b46b95cbbb1ea7
Looking at 'perf top' of osmo-msc under load shows that there's a
significant amount of time spent in terms of locking (mutex,...)
which is useless as osmo-msc is a single-threaded application.
Unfortunately libdbi doesn't provide a mechanism to perform
sqlite3_config(), so we have to do it directly here, introducing an
explicit build-time dependency (and linkage) to libsqlite3.
Related: OS#5559
Change-Id: I5bbea90d28b6d73b64b9e5124ff59304b90a8a75
The existing rate counters per-minute/hour/day values were never
computed as the related timer was never started...
Change-Id: I27282051a6da5d1e1a25981712fbe4c4a6378dea
With comments, clarify the code paths where a CM Service use count has
not yet been placed on the conn (just send CM Service Reject) and where
the use count is placed (decrement count on CM Service Reject).
Place the CM Service use count slightly earlier:
- it is then correctly present when checking the mobile identity in
cm_serv_reuse_conn(), avoiding the crash reported in OS#5532.
- there is only one place incrementing the use count instead of two.
Related: OS#5532
Change-Id: I6c735b79b67108bcaadada3f01c7046e262f939b
When using 'check_PROGRAMS', autoconf/automake generates smarter
Makefiles, so that the test programs are not being compiled during
the normal 'make all', but only during 'make check'.
Change-Id: I13b519e61ca0d9ce038e8c989ddac012de4a6c61
This happens if for instance an HNBGW drops the RAB-AssignmentRequest
and does nothing with it.
call_leg.c:348:15: runtime error: member access within null pointer of type 'struct rtp_stream'
Related: OS#5401
Change-Id: I67d2d5b2dd3b367c34f929d63c056306ec001431
We need to set the codec as present in order for
msc_a_up_call_assignment_complete() to configure properly the CN-side of
he leg with the IUFP codec, which should be the desired default in order
to avoid transcoding.
Change-Id: Ib8086462239e2df748cf47ea7b37a07f1f3b85a8
RAB Assignment Complete contains no codec info, hence
assignment_complete.codec is not set and
assignment_complete.codec_present is false.
As a result a wrong value is passed to rtp_stream_set_codec.
This fixes osmo-msc sending "a=rtpmap:112 AMR/8000/1" during MDCX in the
RAT-side connection of the call leg after having properly sent
VND.3GPP.IUFP/16000 in CRCX.
Change-Id: Ic028d35893d29f7d72f22f82ef89695229c9b01b
This way the MGW knows it has to handle IuUP in that connection (answer
IuUP Initialization, etc.).
Depends: osmo-mgw.git 1de5ed6f979bd4c1380789c9a82f8e396f05c5f8
Change-Id: I7aca671e00ed27ac03f0d106b5a6b665a9bed4c1
Remove the paragraph about writing to the Free Software Foundation's
mailing address. The FSF has changed addresses in the past, and may do
so again. In 2021 this is not useful, let's rather have a bit less
boilerplate at the start of source files.
Change-Id: I1b68e0aa26d81fbfe26abaa287d2bd5eec2cfd0f
On the protocol level, it's impossible to indicate UEA0 together
with the other algorithms. The encryption is either a) disabled,
so the Encryption Information IE is not present, or b) enabled,
so the Encryption Information IE indicates UEA1 and/or UEA2.
Because of that, the ranap_new_msg_sec_mod_cmd2() would fail to
generate the RANAP PDU if the given bitmask has the UEA0 bit set.
Fixes: 505a94a610 ("Make UTRAN encryption algorithms configurable")
Change-Id: I3271d27c09fc8d70a912bce998ceffbce64dd95e
Function msc_i_ran_enc() calls msc_role_ran_encode(), but unlike the
other callers of this function it does not free() the encoded message.
A simple solution would be to call msgb_free(), like it's done in
the other places. But a more elegant solution is to modify function
msc_role_ran_encode(), so that it attaches the msgb to OTC_SELECT.
This way there is no need to call msgb_free() here and there.
This change fixes a memleak observed while running ttcn3-msc-test.
Change-Id: I741e082badc32ba9a97c1495c894e1d22e122e3a
Related: OS#5340
Ciphering is optional in both GERAN and UTRAN, however for the later
it's *required* to enable integrity protection for the signalling.
Thus we must always send Security Mode Command in UTRAN, even in
case if ciphering is disabled (UEA0) in the configuration.
The actual decision whether to send CMC/SMC or not is taken in:
* vlr_access_req_fsm.c / _proc_arq_vlr_node2(), and
* vlr_lu_fsm.c / vlr_loc_upd_post_auth().
depending on the value returned by is_ciph_required(). Let's
rename this function to is_cmc_smc_required() and ensure that
it always returns true in UTRAN.
This change fixes the Iu test cases in ttcn3-msc-test.
Change-Id: I6205f13453eff7afbf25e013d72ae98a78fcd31b
Fixes: OS#5333
This function is never called when ciph_required is false, so
there is no need for an additional check in this function.
Change-Id: I900ddd5f1882f8cee234ab1074adcf25830a092c
If a MO SMS gets successfully routed through SMPP, we return early
in gsm340_rx_tpdu() and leak a chunk of type 'struct gsm_sms'.
Change-Id: I8a745d747f06baa7109418ffe600b27b3c0a5228
Fixes: [1] Ic34d398e0a850856e20380ae35e5c2ae5e3c539b
Fixes: OS#5334
RANAP Security Command can include an encryption IE. If it includes
it the RNC can still ignore it (e.g. unsupported encryption) and
return the Security Command Complete with an choosen encryption IE:
"no encryption".
Validate the encryption element and ensure the encryption is included in
the encryption mask.
Closes: OS#4144
Change-Id: Icfc135c8b8ae862defe7114db492af600c26407f
Allow the user fine-grained control over which UMTS encryption
algorithms are permitted, rather than always permitting UEA1 and UEA2
or neither.
This brings the handling of UEA in line with the handling of A5 for
GERAN.
Change-Id: I91f9e50f9c1439aa19528f887b83ae9de628fcfd
Closes: OS#4144
Depends: osmo-iuh.git I6d2d033b0427bdc84fee61e0f3cb7b29935214bf
The existing code allowed the user to configure UMTS encryption in the
vty, but we never actually passed this information down to RANAP. As a
result, the RAN had no chance of ever enabling encryption on the air
interface.
Change-Id: Ieaaa6b23b7337b7edb902fad8031e195e0c5e9d2
Related: OS#4144
Do not turn some compiler warnings into errors by default. This patch
was added before --enable-werror was available.
We build with --enable-werror during development and in CI. If the code
is built with a different compiler that throws additional warnings, it
should not stop the build.
This reverts commit 34f012639d.
Related: OS#5289
Change-Id: Ideff462157a034e053e5e7049605dd8d24440905
Using *unpacked* 'struct osmo_gcr_parsed' in the MNCC PDUs makes
the protocol even more complicated than it currently is, and
moreover complicates implementing MNCCv8 in the ttcn3-sip-test.
Replace 'struct osmo_gcr_parsed' in 'struct gsm_mncc' with a
fixed-length buffer, which is supposed to hold the Global Call
Reference encoded as per 3GPP TS 29.205.
Indicate presence of GCR using the MNCC_F_GCR flag.
Change-Id: I259b6d7e4cbe26159b9b496356fc7c1c27d54521
Fixes: I705c860e51637b4537cad65a330ecbaaca96dd5b
Related: OS#5164, OS#5282
This commit is largely based on work by
Max <msuraev@sysmocom.de>
Adds LCLS parameters for A-interface transactions
This commit also adds a vty option to facilitate globally
disabling LCLS for all calls on this MSC.
Add a global call reference (GCR) to MNCC and therefore
bump the MNCC version to version 8. (This commit has to be
merged at the same time as the corresponing commit in the
osmo-sip-connector for mncc-external use.)
Depends: osmo-sip-connector Id40d7e0fed9356f801b3627c118150055e7232b1
Change-Id: I705c860e51637b4537cad65a330ecbaaca96dd5b
If the remote ESME would send us 0xffffffff as length field, don't try
to allocte 4GB of memory, but bail out.
Change-Id: I561f75210811826de06ea1673eca1df24faaa210
Fixes: CID#240738
The log output of libosmo-mgcp-client has changed. This change causes
the unit tests to fail because the log output does not match anymore.
Lets disable the DLMGCP log output since it is of minor importance
for VLR testing anyway.
Change-Id: Id197e4ab9ba12e284299ef520edee9c362513bf1
Related: SYS#5091
During a recent pcap trace, it was spotted that subscriber coming from
SGs had a use count with 16 "SGs" items, and later it incremented to 17.
Further investigation shows that the related use_count item was never
decreased, meaning every time an SGs-LU was sent by the MME, the item
was incremented further and never decremented.
Let's rename the item to be referenced while in LU, and then decremented
when LU is done. At that time, either the LU was accepted and the
subscriber object has a use_count item "attached", or it was rejected
and we already sent the reject messages, so we are fine deleting it if
needed.
Related: SYS#5337
Change-Id: I22c386f02ffa57428f700b003cc2cf23133598d0
it was recently observed in a pcap trace with gsmtap_log that the
use_count contained a "vlr_sgs_imsi_detach" item despite no related
message was seen near by. Further investigation shows that there's an
unbalanced get+put code path, introduced by an early return added to fix
another issue.
related: SYS#5337
Fixes: 0803d88d9a
Change-Id: I91ae956e50fca2f4d0e1d145d60ccb0ebfb409e9
Set order of states in the same order as they appear in the specs (see
chapter 4.2.2 mentioned above the enum).
Furthermore, from FSM state transition point of view it also makes sense
to put them in this new order, since one should pass through
SGS_UE_ST_LA_UPD_PRES to get to SGS_UE_ST_ASSOCIATED.
Change-Id: Ia9216965e9f30caedffa3cb53d14da7f7fd37b4e
The manual seems to lack a section about how the MGW is set up. In the
osmo-bsc manual we have a "Configure MGCP to connect to an MGW" section
under the "Configure primary links" section. We should have the same
thing in the osmo-msc manual as well.
Change-Id: I5501739e63860c436ff606bc2758b495258cd2b9
Depends: osmo-mgw I47e7ff858d5067b46d52329be5f362ff61c0dff8
Will be used by I6fa37d6ca9fcb1637742b40e37b68d67664c9b60
"implement CM Re-Establish for voice calls"
Related: SYS#5130
Change-Id: I5291d098a02268bd1c2e30195ae61e4a13e8709c
As seen in a running osmo-msc:
"vlr_access_req_fsm.c:153
msc_a(IMSI-....:MSISDN-...:TMSI-0x...:GERAN-A-8:CM_SERVICE_REQ){MSC_A_ST_RELEASING}:
Event MSC_A_EV_CN_CLOSE not permitted"
Also seen in several unit tests, which need update.
The action event handler for that state is actually already
expecting/handling the event by ignoring it, so we should allow it.
Change-Id: I4d30cffab693529aab3ba736419dec116a4dd7ef
Forward the Kc128 key to the new BSS in BSSMAP Handover Request.
Depends: Ieb6e43eef9e57281d54d4b7c63664668df5aef3e (libosmocore)
Change-Id: Id5ce995a741c8e469a50a0c46e53c06a2378bb7e
Add A5/4 to the internal mask of allowed algorithms.
(Not actually working yet, A5/4 implementation follows in other
patches.)
Related: SYS#5324
Change-Id: I5b46aaa8579f8d069ca39caf996a8795ffe63dd7
Use new API in Cipher Mode Command to prepare for A5/4 support.
Depends: Ib3906085e0c6e5a496a9f755f0f786238a86ca34 (libosmocore)
Related: SYS#5324
Change-Id: Ib238d367b8d5d07b6ab4cb2e48fbf4ce22ca4476
Since recently, osmo-bsc behaves strictly as per specs, meaning it will
only send the "Cell selection indicator after release of all TCH and SDCCH IE"
in RR Channel Release iff:
* "Last Used E-UTRAN PLMN Id" was received in the CommonID sent MSC->BSC
* "Last Used E-UTRAN PLMN Id" was received insider "old BSS to new BSS Information"
in the HandoverRequest sent MSC->BSC.
On the other hand, CSFB_Indicator from ClearCommand MSC->BSC is nw
ignored and not taken into account.
Hence, let's update osmo-msc to also behave correctly by sending the
Last Used E-UTRAN PLMN ID at CommonID tx time to avoid regressions in
CSFB support when running against newer osmo-bsc.
Let's keep sending the CSFB Indicator in ClearCommand as we used too, in
order to keep compatibility with older BSCs (as per spec).
Related: SYS#5337
Change-Id: Ic5f175b179973d0a50d94f00e15f5a3e332605fc
Add the missing runtime dependency to the sqlite3 driver of libdbd.
The library does not provide a pkgconfig file, so using "pkgconfig(...)"
as done in the BuildRequires is not possible. Write both the OpenSUSE
and CentOS name with an if..else.
Fixes:
<0009> db.c:648 Failed to create database connection to sqlite3 db 'sms.db';
Is the sqlite3 database driver for libdbi installed on this system?
Change-Id: Ia972944c300aecbb6ec460b2362aabff459baefd
Let's disable category here since we don't care about its formatting here.
In any case, every test relying on logging output validation should
always explicitly state the config to avoid issues in the future if
default values change.
Change-Id: I089c0001fc75e81558c3e860827e4d434cf1eab3
Related: OS#5034
Calling gsm48_cc_tx_release() before mncc_release_ind() has a side
effect: the former may change CC state to GSM_CSTATE_RELEASE_REQ.
This makes the later send MNCC_REL_CNF instead of MNCC_REL_IND, so
if one of the call leg disconnects due to RF failure, the other one
will not be terminated correctly.
Makes both TC_{mo,mt}_call_clear_request TTCN-3 test cases pass.
Change-Id: I3ad4a99757878de3796027325627c87d9a4e93f1
Related: Id16969fe0de04445d1320a96d35cf1d48cc8cf09
Related: SYS#5340
The msc_vlr_tests verify whether any of the tests run contain msgb or
talloc memory leaks. So far they did so by fixating a specific number of
talloc blocks, which may break by library implementations changing.
Instead, verify that the test leaks no allocations by comparing talloc
blocks before and after each test.
When a leak is detected, print the full talloc report to stderr, which
makes the expected output mismatch the actual output and fails the test.
Related: OS#4311
Change-Id: I8537fa76d460c951302932a1bad4299f7fe398c9
Previous code relied on abort() switching sigaction to SIG_FDL +
retriggering SIGABRT in case the signal handler returns, which would
then generate the coredump + terminate the process.
However, if a SIGABRT is received from somewhere else (kill -SIGABRT),
then the process would print the talloc report and continue running,
which is not desired.
Change-Id: Iff66eea9ee70850a4d038ece1d8473457023e1ee
Fixes: OS#4865
osmo-msc is pretty useless without osmo-mgw these days. Let's not
make it a strong dependency, as the mgw could of course be running
on different machines.
Change-Id: I76c1bf30c733cf2fd596a8971ccb8bac4220be66
The function gsm48_rx_cm_reest_req() is the only one where the return
code of osmo_mobile_identity_decode_from_l3() is not checked, lets check
it here too.
Change-Id: I37981205870b094b3a40a20197461208daa62698
Fixes: CID#211037
We may never be able to deliver this SMS if it depends on the ESME, as we will
not resubmit the SMS to the ESME. Better to reject it at this time and have the MS
try again later.
Change-Id: I2c50904349dd4ed229b60b8468d776b817c0bd44
Related: OS#4740
The struct gsm_mncc which is created and populated in mncc_call_tx_setup_ind
casted to a union mncc_msg* pointer. This leads to a memory overrun
in mncc_call_tx because the union mncc_msg is larger then the gsm_mncc struct.
To fix this, lets just declare a union mncc_msg and populate the signal
member inside it. This can be handed over to mncc_call_tx. The data in
it will look the same, except that the memory will have the proper
lenght (longer).
Change-Id: Ifff28b3375d6bd5e4f837f25c46736952f7bfa9b
Fixes: CID 214330
Timer X1 is not defined in libosmo-mgcp-client, so this tdef had no effect.
Change this to X2427.
(libosmo-mgcp-client recently moved T2427001 to X2427.)
(X2 is still used in call_leg.c itself)
Related: OS#4539
Related: If097f52701fd81f29bcca1d252f4fb4fca8a04f7 (osmo-mgw)
Change-Id: I9804fdb2c24f49910f2386e3788bd1107b8ebc40
In this case we are fine with simply updating test result because anyway
ABI breakage in some libosmo-mgcp-client structs was needed, so new
versions of osmo-msc will require new versions of libosmo-mgcp-client.
Change-Id: I1fbdb95f71d3b9a2dc88e1ba79892ae16485aa99
So far, the cmdline argument was the only way to set a database file.
Add a similar config to VTY as 'msc' / 'sms-database'. The cmdline arg is stronger
than the 'database' cfg item. DB is not reloaded from VTY command.
Change-Id: I18d954c30fcceb0b36a620b927fd3a93dcc79f49
"127.0.0.1" is changed to "localhost" to let local NSS decide whether to
use IPv4 or IPv6. In newish systems, IPv6 ::1 will be selected since
IPv6 takes precedence over IPv4.
Similarly, the default source addr needs to be changed from NULL to "localhost"
since for some yet unknwon reason, getaddrinfo(AF_UNSPEC, NULL) returns
first IPv4 "0.0.0.0" and later "::", which is inconsistent with
getaddrinfo("localhost") result, resulting in src=IPv4(0.0.0.0) and
dst=IPv6(::1), which is incompatible and will fail. In any case, since
the default remote address is a local one and it's the client side,
there's no real logical change since the kernel would anyway should have
taken a local address anyway.
Change-Id: I05a5c792ab1d053c6f38ba36d4b9fa6db293fbd0
We're already sending the RANAP CommonID message to the RNC,
let's do the same using BSSMAP CommonId towards the BSC. This
way the BSC knows about the IMSI of the served subscriber, which
is very useful for logging/debugging.
Change-Id: I2552736477663adb250c55728093500e8ae83ebb
Closes: OS#2969
Depends: libosmocore.git I353adc1aa72377f7d4b3336d2ff47791fb73d62c
Otherwise, each time the 3GPP TS 44.014 MS test commands (TCH loop)
are invoked, both subscriber_mstest_{close,open} functions add +1
to the subscriber's reference count, but never revoke it.
Change-Id: I0cefa5b5a0cb712080ba2afd322db329f19608e3
This byte is redundant, and must not be allocated in this function.
A consequence of this error is that the MS alwats interprets the
"Sub-channel" IE as test loop A regardless of the specified type.
Here is an example of malformed Close TCH loop (type C) message:
0f 00 00 04
x. .. .. .. - Skip indicator (see 3GPP TS 24.007)
.x .. .. .. - Protocol discriminator (see 3GPP TS 24.007)
.. xx .. .. - Message type (CLOSE_TCH_LOOP_CMD)
.. .. !! .. - (!) Redundant byte from create_gsm0414_msg()
.. .. .. xx - (!) The actual "Sub-channel" IE (loop C, X=0)
Change-Id: Ia47225b884439dcd43be307e7351994e55fcd50d
So far, by failing to initialize the cause value, we always send a Clear
Command cause == 0, which actually means "Radio Interface Message Failure".
This is seen in all my logged network traces of osmo-msc lab testing.
"Call Control" seems to be the only cause value that remotely fits a normal
release procedure, even if it was not voice call related, see 3GPP TS 48.008
3.2.1.21.
Related: OS#4664
Change-Id: I1347ed72ae7d7ea73a557b866e764819c5ef8c42
Move 'doc' subdir further down to "make sure" the osmo-msc binary is built
before the docs.
Remove msc_vty_reference.xml from the source tree.
In manuals/Makefile.am use the new BUILT_REFERENCE_XML feature recently added
to osmo-gsm-manuals, and add a build target to generate the XML using the new
osmo-msc --vty-ref-xml cmdline switch.
Depends: I613d692328050a036d05b49a436ab495fc2087ba (osmo-gsm-manuals)
Change-Id: Ib872e7979c5b5a9da1347a3f326307844cf76536
new_id_ptr should be passed as NULL if encoding the TMSI failed, so initialize
it accordingly.
Also add some bloat to better handle the case of an encoding error, even though
from code analysis that should not be possible here: there is enough buffer,
the MI is a TMSI encoded from a uint32_t...
The problem was introduced by Idfc8e576e10756aeaacf5569f6178068313eb7ea, before
which new_id_len was always 0 when no TMSI was present.
Related: CID#210894
Change-Id: I800c5dca3fdbdedf70a64d9fd5a1bdfd1397f431
ran_peer.c is not the proper place to parse messages, because it should be RAN
agnostic. All parsing and encoding belongs in ran_msg_a.c and ran_msg_iu.c.
Move the Osmux TLV parsing into the is_reset_msg op: add supports_osmux
out-parameter (and add a logging fi pointer). To be able to modify msg->l3h,
also make the msgb arg non-const.
In ranap_is_reset_msg(), always return non-support for Osmux.
In bssmap_is_reset_msg(), return 0 if no TLVs were parsed, 1/-1 if an Osmux TLV
was present/not present.
Update the osmux support flag directly where the ConnectionLess message is
received, so that there is only one place responsible for that.
Related: OS#4595
Change-Id: I1ad4a3f9356216dd4bf8c48fba29fd23438810a7
Adopt the same way to run manual vty transcript tests as in
osmo-bsc/test/Makefile.am.
There are different ways to select a specific test to run in osmo-bsc and here
in osmo-msc. The osmo-bsc way is more convenient when building outside the src
tree, because it does not need the full absolute path of the test file.
Change-Id: If1e2abfa321a5e9fb60358d1f0e4e448b33184af
As soon as the subscriber is authenticated, update the VLR entry with the
MSC-A's full CGI, including the Cell Id received from the Complete Layer 3
Information.
Thus the Cell Id will be shown by vty 'show subscriber cache' and 'show
connection'.
This is tested by osmo-ttcn3-hacks Ie410714a96353f74a52a104c56fa0a08683e0004.
Related: OS#4627
Change-Id: Iee1781985fb25b21ce27526c6a3768bf70d4dc9a
For 'show subscriber cache', we print vsub->cgi. For 'show connection', it
makes more sense to print msc_a->via_cell.
This is tested by osmo-ttcn3-hacks Ie410714a96353f74a52a104c56fa0a08683e0004.
Related: OS#4627
Change-Id: I194271af2acb37b4f8cc2d106ab2fd2b0d443589
Add only a long option to not clutter the cmdline namespace.
To add a long option without a short letter is slightly complex: use the 'flag'
and 'val' mechanism as in 'man 3 getopt' to write an option index to
long_option.
Make sure that all VTY commands have been added before parsing cmdline options:
move various VTY init further above. For msc_vty_init(), the global msc_network
already needs to be allocated, so also move that.
Depends: Ic74bbdb6dc5ea05f03c791cc70184861e39cd492 (libosmocore)
Change-Id: I9146d5a44427509265420f52ae6540ad93eb14fc
When msc_ho_send_handover_request() generates the HANDOVER REQUEST
message, it does not populate the call_id struct member.
In ran_msg_a.c the struct member call_id is used, but the
call_id_present flag is not set, which also prevents the call_id being
added to the message
Change-Id: I6b1b55b3f5a3092d9557dc2512020c766a9ff744
Related: OS#4582
The BSSMAP message ASSIGNMENT REQUEST may contain an optional CALL
IDENTIFIER IE. While this IE is optional some BSC implementions may
require it.
Change-Id: I4288f47e4a6d61ec672f431723f6e72c7c6b0799
Related: OS#4582
This patch served for a manual testing counterpart for osmo-bsc to implement
MSC pooling.
This enables a basic MSC pooling setup, but for a production setup, osmo-msc
would still lack various features related to unloading subscribers to another
MSC as explained in 3GPP TS 23.236.
Change-Id: Iafe0878a0a2c8669080d757b34a398ea75fced36
when the VTY write the config file ist prints the configuration line
for emergency-call in network and in msc, however the presence of the
configuration line in network leads to a parsing error on msc startup.
The vty command probably got moved to node msc and it was forgotten
to remove the printing from network.
Change-Id: I4f3dac27723e7852f8f049fcfca5cccdc027734d
Related: OS#4548
There is an invalid Mobile Identity in the msc_vlr_test_gsm_ciph test data.
This became apparent when applying the new osmo_mobile_identity API (in a
following patch). Current Mobile Identity API ignores the error.
Change-Id: Ib1d54c59acc8b716de471ca275f54f9d22da3574
The SPEC file already included a build dependency to libsmpp34, but
then the compilation of osmo-msc didn't actually pass --enable-smpp
along, resulting in binaries without SMPP support - unlike the Debian
binaries, which do contain that part.
Change-Id: I223be7a735e97b32f7c0ff246cf826f109b0f686
The Mobile Identity type is received on the wire, we asserting on its type
constitutes a DoS vector.
Change-Id: I2b2e25ef8e878e91a165018ba49f1609cfb5cbd0
Remove OpenSUSE bug report link, set version to @VERSION@, make it build
with CentOS 8 etc.
Related: OS#4550
Change-Id: If5499e11d872e629a018fc77d5adf5d0cb863d48
From ASAn on gcc 10.1.0:
+=================================================================
+==269368==ERROR: AddressSanitizer: odr-violation (0x559114a5b880):
+ [1] size=4 'asn1_xer_print' /git/osmo-msc/src/libmsc/ran_msg_iu.c:50:5
+ [2] size=4 'asn1_xer_print' /git/osmo-iuh/src/iu_client.c:85:5
+These globals were registered at these points:
+ [1]:
+ #0 0x7f6208d3869a in __asan_register_globals /build/gcc/src/gcc/libsanitizer/asan/asan_globals.cpp:341
+ #1 0x55911456d221 in _sub_I_00099_1 (/build/new/tmpdir/osmo-msc/tests/msc_vlr/msc_vlr_test_hlr_timeout+0x48d221)
+ #2 0x5591145e8e9c in __libc_csu_init (/build/new/tmpdir/osmo-msc/tests/msc_vlr/msc_vlr_test_hlr_timeout+0x508e9c)
+
+ [2]:
+ #0 0x7f6208d3869a in __asan_register_globals /build/gcc/src/gcc/libsanitizer/asan/asan_globals.cpp:341
+ #1 0x7f6207d8db91 in _sub_I_00099_1 (/build/new/out/lib/libosmo-ranap.so.3+0x47db91)
+ #2 0x7f62096eb0f1 in call_init.part.0 (/lib64/ld-linux-x86-64.so.2+0x110f1)
+
+==269368==HINT: if you don't care about these errors you may set ASAN_OPTIONS=detect_odr_violation=0
+SUMMARY: AddressSanitizer: odr-violation: global 'asn1_xer_print' at /git/osmo-msc/src/libmsc/ran_msg_iu.c:50:5
+==269368==ABORTING
Related: OS#4556
Change-Id: I702e9748eaaf2279c3764ba67f80f00ae9f2526f
New define is available since libosmocore 1.1.0, and we already require
1.3.0, so no need to update dependenices.
Let's change it to avoid people re-using old BSC_FD_* symbols when
copy-pasting somewhere else.
Change-Id: Ifc89fffac0443d94f3e49555684975b293ef90fb
The example configs suggest to use a random ip-address as MGW address.
Lets use a loopback address here. This will suit the usual case where
MGW and MSC run together on the same machine.
Change-Id: Ie2b2094fdcfed45353d9ba22cb07eed626fd143c
As pointed out at https://github.com/libexpat/libexpat/issues/312
libtool does not play nice with clang sanitizer builds at all.
For those builds LD shoud be set to clang too (and LDFLAGS needs the
sanitizer flags as well), because the clang compiler driver knows how
linking to the sanitizer libs works, but then at a later stage libtool
fails to actually produce the shared libraries and the build fails. This
is fixed by this patch.
Addtionally LD_LIBRARY_PATH has no effect on conftest runs during
configure time, so the rpath needs to be set to the asan library path to
ensure the configure run does not fail due to a missing asan library,
i.e.:
SANS='-fsanitize=memory -fsanitize-recover=all -shared-libsan'
export CC=clang-10
ASANPATH=$(dirname `$CC -print-file-name=libclang_rt.asan-x86_64.so`)
export LDFLAGS="-Wl,-rpath,$ASANPATH $SANS $LDFLAGS"
Change-Id: I17d95c416e26dae6ca8bec57df01d3e7b7061058
Do not crash when a Paging Response could not be associated with a VLR
subscriber.
Related: OS#4449
Change-Id: Ie117949dd6da86afaa1a0a6ac57bf2111f6cff43
The problem is that osmo_rat_type_name() calls get_value_string(),
so we first cast -1 to 'const enum osmo_rat_type' and then to
'uint32_t'. Let's rather use OSMO_RAT_UNKNOWN.
Found by GCC with -Wextra in CFLAGS:
warning: operand of ?: changes signedness from ‘int’ to
‘const enum osmo_rat_type’ due to unsignedness
of other operand [-Wsign-compare]
Change-Id: I63ba355102d3cc035ba90121e06aba7cf1776aa0
We unconditionally use logging level of the parent FSM anyway.
All callers of auth_fsm_start() always pass fi->log_level.
Change-Id: If2fdf2564eb56d3d94ec3800bdcb0aabcad4e48d
Since the split of OsmoNiTB, OsmoMSC does not deal with the radio
access network directly. Therefore the only purpose of T3212 is to
control subscriber expiration in the local VLR. The timeout value
indicated in System Information Type 3 needs to be configured
separately in the BSC/RNC.
This means that we don't need to store it in deci-hours anymore.
Let's move T3212 to the group of VLR specific timers, so it can
be configured and introspected using the generic 'timer' command,
and deprecate the old '[no] periodic location update' command.
It should be also noted that in the old code subscriber expiration
timeout was actually set to twice the T3212 value plus one minute.
After this change, we apply the configured value 'as-is', but
keep the old behaviour for 'periodic location update' command.
Change-Id: I9b12066599a7c834a53a93acf5902d91273bc74f
These timers so far were implemented as a list of unsigned integers,
which has never been initialized to any reasonable defaults. Since
they are used as state timeouts in several FSMs, we might end up
staying in some state forever.
Let's migrate to generic osmo_tdef API and use default values from
table 11.2 of 3GPP TS 24.008. This way the user can introspect and
change their values from the VTY / configuration file.
Change-Id: Ia8cf98da0aea0e626c5ff088a833d7359c43847f
Related: OS#4368
This change introduces several new VTY commands letting the user
a possibility to introspect and reconfigure some of the existing
timers implemented using libosmocore's osmo_tdef API.
At the moment this covers the following timers:
- MGW specific timers:
- X1 - MGCP response timeout,
- X2 - RTP stream establishing timeout,
- RAN specific timers (same names for GERAN and UTRAN):
- X1 - Authentication and Ciphering timeout,
- X2 - RAN connection release sanity timeout,
- X3 - Handover procedure timeout.
The following commands are introduced:
- 'enable' node:
- show timer [(mgw|mncc|sccp|geran|utran|sgs)] [TNNNN]
- 'config-msc' node:
- timer [(mgw|mncc|sccp|geran|utran|sgs)] [TNNNN] [(<0-2147483647>|default)]
Both MNCC and SCCP related timer definitions are empty at the
moment. Achieved by using osmo_tdef_group API of libosmovty.
Change-Id: I6024c104b6101666c8aa1108a043910eb75db9a5
Related: OS#4368
There was one libmsc commit to openbsc that was
thus far missing in osmo-msc.
This commit completes the work on delayed response
from an ESME. Without this patch, the SMR sends
an RP-ACK to the mobile station, and subsequently a
DELIVER_SM_REPONSE from the ESME provokes either a second
RP-ACK, or an RP-ERROR; both of which result in
"unhandled at this state (IDLE)" from the SMR
After this patch, we have two things corrected:
1) RP-ERROR respects Deliver-SM error cause.
2) No more "unhandled as this state" error from the SMR
Extract from original commit message:
--------
libmsc: annotate esme route in the sms object from deliver_to_esme()
Annotate this esme route, so we can use it to return -EINPROGRESS to
skip sending premature RP-ACK to the mobile station, in case we're
handling sms routes through SMPP.
--------
Fixes: #OS4351
Change-Id: Ic34d398e0a850856e20380ae35e5c2ae5e3c539b
This commit also, (for what it is worth) removes a
difference to the same file in openbsc, which I found
while looking for changes that affected SMPP delivery.
This is essentially a "forward-port" of [1]
[1] https://gerrit.osmocom.org/#/c/openbsc/+/3899/
Change-Id: I350c19f5bb70b2656171c096334c2ee83f49df7e
d34ed5768c introduced
comparison of GSM411_RP_CAUSE_MO_NUM_UNASSIGNED with
GSM48_CC_CAUSE_UNASSIGNED_NR
For consistency lets use the GSM411_RP constants
in SMS related code.
Change-Id: Ie54966560f66d2dcde905feb2eb19ef90406acd1
During the last congress, we have noticed that OsmoMSC crashes
on receipt of malformed MM Identity Response messages:
BSSAP
Message Type: Direct Transfer (0x01)
Data Link Connection Identifier
00.. .... = Control Channel: not further specified (0x0)
..00 0... = Spare: 0x0
.... .000 = SAPI: RR/MM/CC (0x0)
Length: 11
GSM A-I/F DTAP - Identity Response
Protocol Discriminator: Mobility Management messages (5)
.... 0101 = Protocol discriminator: Mobility Management messages (0x5)
0000 .... = Skip Indicator: No indication of selected PLMN (0)
01.. .... = Sequence number: 1
..01 1001 = DTAP Mobility Management Message Type: Identity Response (0x19)
Mobile Identity - Format Unknown
Length: 8
.... 1... = Odd/even indication: Odd number of identity digits
.... .111 = Mobile Identity Type: Unknown (7) <-- This makes OsmoMSC crash
[Expert Info (Warning/Protocol): Unknown format 7]
[Unknown format 7]
[Severity level: Warning]
[Group: Protocol]
The value '111'B is not a valid Mobile Identity type, and shall be
considered as reserved according to 3GPP TS 24.008, section 10.5.1.4.
Later on it was discovered that '000'B also crashes OsmoMSC in the same way.
The crash itself is provoked by OSMO_ASSERT(0) in vlr_subscr_rx_id_resp().
Let's keep that assert in there, and make sure that:
- on receipt of MM Identity Response, Mobile Identity type
matches the one in MM Identity Request;
- on receipt of RR Ciphering Mode Complete, Mobile Identity
contains IMEI(SV) if present.
Change-Id: Ica4c90b8eb4d90325313c6eb400fa4a6bc5df825
TTCN-3 test case: I62f23355eb91df2edf9dc837c928cb86b530b743
Fixes: OS#4340
We shall not include additional BCD length octet into the value part
of SM-RP-OA (Originating Address) IE. Instead, there should be
ToA/NPI header (1 octet).
Since we do not get ToN/NPI fields from the VLR/HLR, let's assume
the following default values:
1... .... = Extension: No extension
.001 .... = Type of number: International (1)
.... 0001 = Numbering plan: ISDN/telephone (E.164/E.163) (1)
Change-Id: I0f32e2af0ed2d2fea6addf45efbdfee120c2425d
TTCN-3 test case: Ib467eeca6439bc6cce72293fbb5bb48f6d233db9
Related: OS#4324
Make build and external tests work with python3, so we can drop
the python2 dependency.
This should be merged shortly after osmo-python-tests was migrated to
python3, and the jenkins build slaves were (automatically) updated to
have the new osmo-python-tests installed.
Related: OS#2819
Depends: osmo-python-tests I3ffc3519bf6c22536a49dad7a966188ddad351a7
Change-Id: I53ccde96dd3785098df0f7d693c504c8b8302e90
In order for osmo-hlr to be able to 100% guarantee distinct INDs for CS and PS,
set CN-Domain = CS in all SendAuthInfo Requests.
In Milenage auth, it is highly desirable that osmo-hlr guarantees use of
distinct INDs for CS and PS domains. If an MSC and SGSN attached at the same
time use the same IND bucket to generate Milenage SQN, that collision would
rapidly waste SQNs and load osmo-hlr with requesting new auth tuples on each
CS/PS Complete-Layer3.
So far, osmo-msc did not indicate the CN domain in the GSUP SendAuthInfo
Request, which was neither required nor evaluated. The CN-Domain is only sent
for the UpdateLocation Request that usually follows later.
Related: OS#4318
Change-Id: I22f44068268e62801cadbf6542efaf153423cd65
Please note that counter "sms:delivered" assumes "Delivered MT SMS",
but actually counts total number MT SMS delivery attempts. This
change describes its _actual_ (erroneous) behaviour.
Change-Id: I081cf962ce2658ceab02699f3cdee19658d00939
Related: OS#4273
Add a char buffer of 1024 characters length as space for SDP to pass to /
receive from MNCC.
Actually support receiving MNCC without such an SDP tail. The main reason for
this is to avoid the need to adjust the ttcn3 implementation of MNCC: it would
stop working for older osmo-msc.
Older or non-SIP MNCC peers could operate the previous MNCC protocol unchanged
(save the protocol number bump) without having to implement SDP.
The SDP part in the MNCC protocol will be used in upcoming patch
I8c3b2de53ffae4ec3a66b9dabf308c290a2c999f.
This patch must be merged at the same time as osmo-sip-connector patch
Iaca9ed6611fc5ca8ca749bbbefc31f54bea5e925, so that both sides have a matching
MNCC protocol version number.
Change-Id: Ie16f0804c4d99760cd4a0c544d0889b6313eebb7
Rationale: in order to add full SDP to the MNCC protocol (upcoming patch
I8c3b2de53ffae4ec3a66b9dabf308c290a2c999f), we need to parse and compose SDP
messages. Obviously, libosmo-mgcp-client already contains similar code, but
that is unfortunately heavily glued to the actual MGCP implementation. The
simplest solution is to create this separate implementation, copy-pasting from
the existing libosmo-mgcp-client code as is convenient.
This API is added here to probe whether it works well. When it does, the
intention is to "move it up" to osmo-mgw and overhaul the SDP parsing in our
MGCP client and MGCP server APIs using this same API.
Change-Id: If3ce23cd5bab15e2ab4c52ef3e4c75979dffe931
Do not free the CC transaction when an MT subscriber is already being Paged.
Instead, invoke another paging request, which paging.c will correctly add to
the list of pending paging response callbacks to run.
A ttcn3 test is linked in the related patch (s.b.).
Related: OS#4240
Related: Ieeae6322d4e80893ea3408c6b74bf8e32bea8e46
Change-Id: Idd4537b5f4817d17e5c87d9a93775a32aee0e7be
When the CRCX OK returns an invalid RTP address, abort the call; fixes
MSC_Tests.TC_invalid_mgcp_crash.
The original crash happened when adding this error handling without this commit
I08c03946605aa12e0a5ce8b3c773704ef5327a7a ("fsm: use deferred deallocation" for
osmo-mgw I7df2e9202b04e7ca7366bb0a8ec53cf3bb14faf3 "fix use-after-free: require
new fsm deferred dealloc, check for term"). With this error handling added,
even though avoiding a crash, the test does not pass yet, because instead of
rejecting the call, it currently composes an Assignment Command without a
Transport Layer Address. Fix that.
Change-Id: I00c3b5ff74c05bcc2b7c39375c33419916a57193
Actually decode the Codec List (BSS Supported) in BSSMAP, in both the Complete
Layer 3 Information and the Assignment Complete messages.
An upcoming patch improves codec negotiation and requires the BSS supported
codecs, which are so far ignored (which is/was a pity as osmo-bsc goes at great
lengths to compose those IEs).
Change-Id: I66c735c79e982388f06b5de783aa584c9d13569e
Substantial parts of the CC / MNCC call establishment were so far completely
missing from the msc_vlr_test_call.c tests. With my new insights on CC and MNCC
procedures, complete the tests.
Root reason: since I am going to re-order the sequence of events to enable
codec negotiation via SDP in MNCC, I want to have comprehensive tests of the CC
procedures to see the effect as diffs in the test output.
Change-Id: Ie995e264eb1e3dd9558a1753ff6f9b55c1d084e1
Use of this flag was dropped when adding inter-BSC and inter-MSC Handover
support, I forgot to remove it.
Change-Id: I5ec78e30eb36fbe78a3f7c46bfa44af5a4eb7bf2
Add voice_call_full.msc, generated from a real 2G<->3G voice call log fed to
msc_log_to_ladder.py.
The idea is to document how the voice call sequence of events changes in
upcoming patches.
Change-Id: I8a907d6a4ece1f3ad78da75a8c3e3e76afd5418d
Add script that reads in an osmo-msc log output and extracts the interesting
information for displaying a sequence chart of voice call log, in mscgen
format.
I want to visualize how the sequence of messages changes across patches. It is
error prone to do it manually, and re-doing the sequence chart for every patch
(and patch rework) would be prohibitively time consuming.
Change-Id: I2e4d8778f7b83dee558517a9b23450b817ee325d
Fix three 'FIXME: ERROR HANDLING' occurences in the code that reacts upon the
MGW providing (or failing to provide) an RTP port for the RAN side. From an
earlier stage of the code, the cleanup for this situation was extremely
complex, and hence the choice was to simply wait for the call to time out and
fail. But since we have implemented safe deallocation of nested FSMs in
libosmocore, the situation has become rather trivial: simply free the CC
transactions, and all the rest will immediately release, and terminate
correctly without crashing.
A ttcn3 test for this is MSC_Tests:TC_invalid_mgcp_crash, which actually also
needs the change to osmo_sockaddr_str_is_nonzero() in preceding patch
I53ddb19a70fda3deb906464e1b89c12d9b4c7cbd, so that a seemingly valid MGCP
message ends up causing a failure in the on_success() branch of
mgcp_client_endpoint_fsm.c.
Change-Id: I8313bed1d782100bebeac7d8fc040557c4cb653e
Also regard an RTP port as invalid if the IP address is 0.0.0.0.
Achieve this by using osmo_sockaddr_str_is_nonzero() instead of
osmo_sockaddr_str_is_set().
Depends: I73cbcab90cffcdc9a5f8d5281c57c1f87b2c3550 (libosmocore)
Change-Id: I53ddb19a70fda3deb906464e1b89c12d9b4c7cbd
libosmo-mgcp-client recently introduced osmo_mgcpc_ep_cancel_notify() to cancel
notification if a notify target FSM deallocates. Use it for sanity in
rtp_stream FSM cleanup, the notify target for endpoint FSMs.
Depends: I41687d7f3a808587ab7f7520f46dcc3c29cff92d (osmo-mgw)
I14f7a46031327fb2b2047b998eae6ad0bb7324ad (osmo-mgw)
Change-Id: I351bb8e8fbc46eb629bcd599f6453e2c84c15015
Since osmo-bsc uses the MGCP client FSMs, it is required to enable this new
feature to guarantee safe operation. The issue is described in detail in commit
logs linked below.
Notably, osmo-msc currently chooses to omit error handling during MGCP events
(marked "FIXME"). An upcoming patch implements this error handling, and would
make osmo-msc vulnerable to crash from unexpected MGCP messages without this.
Deferred FSM deallocation is a more general, simpler approach to
osmo_fsm_term_safely(), so we can switch that off now.
Depends: Ief4dba9ea587c9b4aea69993e965fbb20fb80e78 (libosmocore),
I0adc13a1a998e953b6c850efa2761350dd07e03a (libosmocore)
Related: I7df2e9202b04e7ca7366bb0a8ec53cf3bb14faf3 (osmo-mgw)
Change-Id: I08c03946605aa12e0a5ce8b3c773704ef5327a7a
Before:
RAN decode: BSSMAP: Rx BSSMAP DT1 COMPLETE LAYER 3
After:
RAN decode: BSSMAP: COMPLETE LAYER 3
This caught my attention while I was writing up a script to parse osmo-msc
logging to produce ladder diagrams.
Change-Id: I387dde8f2eb3edb35d22ce52dc0ed580978dea36
If an incoming MNCC_SETUP_REQ ends up in Paging (as usually it does), the early
return so far skipped logging of that MNCC message. Add this logging.
Change-Id: I1495dd562a06cf6c1e9453a1fe111bdf8f4be081
Fix vty tests that are failing since libosmocore change
Ic225232fbfca49ba868427eaf898e1f6e34e1ca8. If OsmoMSC is built without
IU support, it fails with "cs7-instance-iu" in the config.
Change-Id: Ie56da9167badfd2399b566af91a345103f46c2a1
So far, the logging said only "RAN encode: BSSMAP: DTAP", but not *which* DTAP
message, which is in fact a very interesting detail when reading osmo-msc logs.
Change-Id: I0cb8d1e3307737ffe53730c64bb984adacedb2da
For all CC type transaction logging, log the current trans->cc.state string for
all LOG_TRANS*() logging.
Change-Id: I67be12c74c679ce684f8c0b9b4e0d96299849dc6
The HLR might respond with a specific GMM cause code. E.g. roaming not
allowed which needs to be passed down the layers.
Change-Id: I9af515dc52834b7c57c42fc3a76ee2c682734e2a
When a vlr_subscr receives an Send Auth Info result, properly check whether the
subscriber has an auth_fsm.
Before, a missing auth_fsm would crash osmo-msc with:
vlr.c:762 Trying to dispatch event 1 to non-existent FSM instance!
Related: OS#4191
Change-Id: I1995d8f68cfde1140968fb9a97bd054de950de2e
When pagig for a CS-Call via SGs times out, the MME expects to be
informed about this via an SGsAP-SERVICE-ABORT-REQUEST, make sure this
message is sent, but only for CS-Fallback calls.
Change-Id: I3f8f153afe24cf2efa245713509bdc8488902877
Depends: osmo-ttcn3-hacks I99950a17ccf26aaa0eebded5480f33be4c57586a
Related: OS#3614
3GPP TS 29.118, chapter 7.5 states that unknown TLV elements should be
ignored rather than that the whole message is discarded a STATUS message
is sent. Lets turn the returncode check of the tlv_parse() call into a
log message and continue normally.
Change-Id: Ic6714451ad970043d4765f8420d753daf5294a44
Related: OS#4214
When an MS returns the IMEISV in the BSSMAP Cipher Mode Complete message in
the Layer 3 Message Contents IE, do not re-invoke the decode_cb() a second
time, but instead point to it from the ran_msg.cipher_mode_complete struct.
When the MSC-A decodes the Ciphering Mode Complete message, it always wants to
also decode the enclosed DTAP from the Layer 3 Message Contents IE. However,
when the MSC-I preliminarily decodes messages, it often just wants to identify
specific messages without fully acting on them, let alone dispatching RAN_UP_L2
events more than once. So leave it up to the supplied decode_cb passed to
ran_dec_l2() implementations to decide whether to decode the DTAP.
In msc_a.c hence evaluate the DTAP by passing a msgb to msc_a_up_l3(), which
will evaluate the RR Ciphering Mode Complete message found in the BSSMAP Cipher
Mode Complete's Layer 3 Message Contents IE.
Particularly, the previous choice of calling the decode_cb a second time for
the enclosed DTAP caused a header/length parsing error: the second decode_cb
call tried to mimick DTAP by overwriting the l3h pointer and truncating the
length of the msgb, but subsequently ran_a_decode_l2() would again derive the
l3h from the l2h, obliterating the intended re-interpretation as DTAP, and
hence the previous truncation caused error messages on each and every Cipher
Mode Complete message, like:
DBSSAP ERROR libmsc/ran_msg_a.c:764 msc_a(IMSI-26242340300XXXX:MSISDN-XXXX:TMSI-0xA73E055A:GERAN-A-77923:LU)[0x5563947521e0]{MSC_A_ST_AUTH_CIPH}: RAN decode: BSSMAP: BSSMAP data truncated, discarding message
This error was seen a lot at CCCamp2019.
Modifying the msgb was a bad idea to begin with, the approach taken in this
patch is much cleaner.
Note that apparently many phones include the IMEISV in the Cipher Mode Complete
message even though the BSSMAP Cipher Mode Command did not include the Cipher
Response Mode IE. So, even though we did not specifically ask for the Cipher
Mode Complete to include any identity, many MS default to including the IMEISV
of their own accord. Reproduce: attach to osmo-msc with ciphering enabled using
a Samsung Galaxy S4mini.
Related: OS#4168
Change-Id: Icd8dad18d6dda24d075dd8da72c3d6db1302090d
It's always set to OSMO_TERM_ERROR. Move the assignment to the caller.
In prepartion to use gmm_cause_to_fsm_and_mm_cause() in vlr_auth_fsm.
Change-Id: Ie4720ad40ef7bcfc528d8d63bfc606c9c0545fb2
We sometimes see errors like
libmsc/msc_a.c:361 msc_a(...){MSC_A_ST_RELEASING}: transition to state MSC_A_ST_RELEASING not permitted!
i.e. changing state to the state msc_a is already in.
Ignore re-entering the same state for most state changes. However, there is one
state change in msc_a where re-entering the MSC_A_ST_VALIDATE_L3 is necessary
to start the timeout.
Hence add msc_a_state_chg_always() and use that for re-entering
MSC_A_ST_VALIDATE_L3. Change msc_a_state_chg() to skip no-op state changes.
This should silence all no-op state change error messages for msc_a.
Related: OS#4169
Change-Id: I0c74c10b5fa7bbdd6ae3674926cc0393edf15a35
If an ID Response comes in during a non-LU L3 Complete (Paging or CM Service
Request), no event needs to be dispatched. So far vlr_subscr_rx_id_resp()
logged a NOTICE "gratuitous ID RESPONSE?!?" if no lu_fsm is present.
An ID Response can come in particularly as payload with a BSSMAP Cipher Mode
Complete message, even though osmo-msc didn't explicitly ask for it.
It is not an error to get a Cipher Mode Complete containing an ID Response
during Paging or CM Service Request, so remove the confusing log message.
Related: OS#4168 (only loosely related)
Change-Id: I8a5b8735eb41cd0976c7ab32cdd55440d3ef70ac
Add a network -> callwaiting VTY command as boolean.
When this is enabled (default) there is no change to
operation previous to this commit.
When this switch is disabled with "no call-waiting" in vty
then when a call arrives, we will check if we have an active
call transaction for this subscriber, no matter if it is
establishing, established, or alerting, in any of these cases we
will return USER BUSY to the calling party.
Change-Id: I3eb6f23f7103e3002874fb5d3a30c9de952202ae
To not break the msc_vlr tests by new GSUP IEs added to some of the GSUP
messages, make msc_vlr_tests only match the start of the GSUP message and not
care about extra IEs. The extra IEs are anyway seen in the expected logs.
The reason to drop the msgb_eq_data_print() is because it is useless for
mismatching lengths. It will always print only the length mismatch, instead we
need to be able to compare with what was expected.
Change-Id: I38d51eeafab04ece83e4bb87bfaa967506f97b11
Distinguish the enclosed DTAP RR Ciphering Mode Complete message from the outer
BSSMAP Cipher Mode Complete message in the DEBUG log.
Change-Id: I80c69b491e2ddb932bc4295a01caaf6a903b1fe4
So far we sent CC cause "Unassigned Number"
But the MSC doesn't trivially know whether the HLR has the number assigned or
not: any handset that is currently switched off would cause "Unassigned number"
to be displayed on the caller's handset.
Rather send a temporary failure cause code.
Send this cause code for all cases, because claiming that an assigned number is
unassigned is worse than rejecting an unassigned number with a temporary
failure.
Change-Id: Ia3d4f67b53fcc2654ff048fbc338e92cb763a095
Apparently, if a conn disappears during an ongoing call, the CC code tried to
send a CC REL on a NULL msc_a during cleanup, which lead to a crash
(cccamp2019). Guard against that.
Crash:
#0 msc_a_tx_dtap_to_i (msc_a=0x0, dtap=0x55a4bf2fa0f0) at ../../../../src/osmo-msc/src/libmsc/msc_a.c:1565
#1 0x000055a4be1bb03c in trans_tx_gsm48 (trans=0x55a4bf2d52a0, trans=0x55a4bf2d52a0, trans=0x55a4bf2d52a0, msg=<optimized out>)
at ../../../../src/osmo-msc/src/libmsc/gsm_04_08_cc.c:82
#2 gsm48_cc_tx_release (trans=trans@entry=0x55a4bf2d52a0, arg=arg@entry=0x7ffdd731a0e0) at ../../../../src/osmo-msc/src/libmsc/gsm_04_08_cc.c:1101
#3 0x000055a4be1bee65 in _gsm48_cc_trans_free (trans=trans@entry=0x55a4bf2d52a0) at ../../../../src/osmo-msc/src/libmsc/gsm_04_08_cc.c:278
#4 0x000055a4be1ab654 in trans_free (trans=trans@entry=0x55a4bf2d52a0) at ../../../../src/osmo-msc/src/libmsc/transaction.c:170
#5 0x000055a4be1bd091 in mncc_tx_to_gsm_cc (net=<optimized out>, msg=msg@entry=0x55a4bf2d3b68)
at ../../../../src/osmo-msc/src/libmsc/gsm_04_08_cc.c:1971
#6 0x000055a4be1bf1e5 in mncc_tx_to_cc (net=<optimized out>, arg=arg@entry=0x55a4bf2d3b68)
at ../../../../src/osmo-msc/src/libmsc/gsm_04_08_cc.c:2049
#7 0x000055a4be18ed63 in mncc_sock_read (bfd=0x55a4bf2563b8, bfd=0x55a4bf2563b8) at ../../../../src/osmo-msc/src/libmsc/mncc_sock.c:121
#8 mncc_sock_cb (bfd=0x55a4bf2563b8, flags=1) at ../../../../src/osmo-msc/src/libmsc/mncc_sock.c:189
#9 0x00007fcfad607ce1 in osmo_fd_disp_fds (_eset=0x7ffdd731a9a0, _wset=0x7ffdd731a920, _rset=0x7ffdd731a8a0)
at ../../../src/libosmocore/src/select.c:223
#10 osmo_select_main (polling=<optimized out>) at ../../../src/libosmocore/src/select.c:263
#11 0x000055a4be17dd56 in main (argc=3, argv=<optimized out>) at ../../../../src/osmo-msc/src/osmo-msc/msc_main.c:723
Change-Id: Ia1bb0410ad0618c182a5f6da06af342b6d483eff
All other calls check acl before deref because in a setup
with no access policy, there won't be any acl structure
Change-Id: Ibe0256535b40351594d79baa05a0147a9f89dc26
When a CSFB call is over the MS changes back to LTE after the call is
cleared. However, at the moment the MSC does not change the
cs.attached_via_ran flag. This may cause problems with the next call. Lets
make sure that if there is an SGs association present, the ran type is
set back to SGs when the call is cleared.
Related: SYS#4624
Change-Id: I104adecb0645b81b90ee230c57bf8b463c9e7045
When the VLR/MSC receives an SGsAP-MO-CSFB-INDICATION message it sets
the RAN type back to SGs. This is wrong, the message
SGsAP-MO-CSFB-INDICATION has just an informative character. It informs
the VLR that the UE has initiated an MO CSFB call (service request).
Change-Id: I625574fc42fc915ba483db3bb406922ad6df370d
Related: SYS#4624
Recently, the ability to run UTRAN without encryption was added, but the config
for it was tied to the A5 GERAN encryption configuration. This affected
osmo-msc's default behavior of Iu, breaking osmo-msc ttcn3 Iu tests: the ttcn3
test suite sets A5 to 0 (no encryption) but still expects Iu to enable air
encryption. Fix this "regression".
Add a separate vty config option for UEA encryption, even if it does not
provide full granularity to select individual UEA algorithms yet.
As a result, Iu default behavior remains to enable encryption regardless of the
A5 config. UTRAN encryption can be disabled by the new cfg option
"encryption uea 0" alone.
Even though the new vty command already allows passing various combinations of
the UEA algorithm numbers, only '0' and '1 2' are accepted as valid
combinations, to reflect current osmo-msc capabilities.
Revert most changes to the msc_vlr test suite in commit "do not force
encryption on UTRAN" (I04ecd7a3b1cc603b2e3feb630e8c7c93fc36ccd7): use new
net->iu_encryption instead of net->a5_encryption_mask.
Adjust/add to test_nodes.vty transcript tests.
Related: OS#4144
Change-Id: Ie138f2fcb105533f7bc06a6d2e6deccf6faccc5b
The function mncc_tx_to_gsm_cc() is declared as non static but only used
from within gsm_04_08_cc.c. Lets declare it as static to increase
readability of the code
Change-Id: Icd02c669cfee6dd7e6b154e303cd0f4c148c83c4
Event VLR_ULA_E_ID_IMEISV is listed as permitted in VLR_ULA_S_WAIT_LU_COMPL,
but is missing from the switch() on the incoming event. So, sending an IMEISV
identity during the WAIT_LU_COMPL state would crash osmo-msc.
When receiving an IMEISV, vlr_subscr_set_imeisv() in turn calls
vlr_subscr_set_imei(), so as far as the lu_fsm is concerned, receiving an
IMEISV is identical to receiving an IMEI, and it can continue to send a Check
IMEI request to the HLR. Thus simply add VLR_ULA_E_ID_IMEISV to the
VLR_ULA_E_ID_IMEI switch case.
Change-Id: I11106cb108a4b1406ff9a8b8ff5761440a274dad
mncc_fsm.[hc] were renamed to mncc_call.[hc] during patch review, which failed
to carry through to this sequence chart.
Also fix the MNCC_ST_* to MNCC_CALL_ST_* and MNCC_EV_* to MNCC_CALL_EV_*.
Change-Id: I03ee1b43ab95dca3c43fdb9e92dc158aad5a4203
- add SIP messages, taken from OS#1683
- change some wording and clarify some message ordering
- have a separate sipcon1 and sipcon2 for the MO and MT sides
Change-Id: I6782e416dbd8ee88d093cbef722b0c5084f3865c
Following I04ecd7a3b1cc603b2e3feb630e8c7c93fc36ccd7, have tests for UMTS
authentication both for cases with and without encryption.
- Rename test_umts_authen_utran to test_umts_auth_ciph_utran() (uses
encryption).
- Again add test_umts_authen_utran() not using encryption.
- Likewise with test_umts_authen_resync_utran().
Some permutations are still missing, like UMTS AKA on GERAN with encryption
enabled; not bothering at the moment.
Related: OS#2783
Change-Id: I54227f1f08c38c0bf69b9c48924669c4829b04b9
Remove the conditions that always enable encryption on UTRAN.
We so far lack an explicit configuration for UTRAN encryption, and this patch
does not add any either. Instead, whether UTRAN encryption is enabled is simply
triggered on whether GERAN has A5 encryption enabled (A5/n with n > 0). Though
GERAN and UTRAN encryption are not technically related at all, this makes UTRAN
behave like GERAN for now, until we implement a proper separate configuration
for UTRAN encryption.
Adjust the msc_vlr_test_* configuration by setting the net->a5_encryption_mask
such that the expected output remains unchanged. A subsequent patch
(I54227f1f08c38c0bf69b9c48924669c4829b04b9) will add more tests, particularly
cases of UTRAN without encryption.
Adjust manual and vty doc.
Related: OS#2783
Change-Id: I04ecd7a3b1cc603b2e3feb630e8c7c93fc36ccd7
Since March 15th 2017, libosmocore API logging_vty_add_cmds() had its
parameter removed (c65c5b4ea075ef6cef11fff9442ae0b15c1d6af7). However,
definition in C file doesn't contain "(void)", which means number of
parameters is undefined and thus compiler doesn't complain. Let's remove
parameters from all callers before enforcing "(void)" on it.
Change-Id: Ia2b24ffd7f9cbb271fcdb979b851f3a07b9d6d3e
Related: OS#4138
GSM 04.08 10.5.4.11
The Release indication needs to have the Coding Standard set.
For phones that would display a message on screen, such as
"Number not in use", if the coding standard is not defined,
the display may show "Error in Connection"
Change-Id: Ib28b62a41d433e231cff5910d19455296b284df6
Don't call tx_lu_rej() in the "vlr_lu_compl" FSM. It is always getting
called in the parent "lu" FSM and is therefore redundant:
_vlr_lu_compl_fsm_done(fi, VLR_FSM_RESULT_FAILURE, cause)
-> osmo_fsm_inst_state_chg(fi, LU_COMPL_VLR_S_DONE, 0, 0)
-> vlr_lu_compl_fsm_dispatch_result()
-> lu_fsm_wait_lu_compl()/lu_fsm_wait_lu_compl_standalone()
-> lu_fsm_failure()
-> lfp->vlr->ops.tx_lu_rej()
I have noticed the bug with the TTCN3 tests. This patch fixes
TC_lu_imsi_auth_tmsi_check_imei_{nack,err} after stricter checking
in [1] and also TC_iu_mo_crcx_ran_reject.
[1] I836f76242463789c4c003feec757714827f2a31b (osmo-ttcn3-hacks)
Change-Id: I127b27937613ea0ff29d67991c0414fca6d441d9
There is unfortunately no way to suppres this witha pragma,
and gcc 9 uncovers quite a few new instaces with enabled LTO that can't/won't be fixed
Related: OS#4123
Change-Id: I615bb5be3671022c6b821575a61f945b50e8f2a5
osmo_counter will be soon deprecated. Use the newer and more flexible
osmo_stat_item instead.
Depends on: Id2462c4866bd22bc2338c9c8f69b775f88ae7511 (libosmocore)
Change-Id: I6a20123b263f4f808153794ee8a735092deb399e
The RANAP DirectTransfer message may contain an optional SAPI IE.
Thanks to our TTCN-3 tests (and Wireshark!), it was discovered
that this IE is ignored, so even if the MO SMS related messages
arrive on SAPI 3 (as per GSM TS 04.11, section 2.3) OsmoMSC sends
MT messages on SAPI 0.
In ran_iu_decode_l3() we need to check if the SAPI IE is present,
and tag the NAS PDU message buffer with a proper DLCI value.
This change makes the failing SMS related test cases pass.
Change-Id: I728b55b04e87fc23be6d4f8735e8cad82b6f640e
This change is similar to I6b68a0f0b32eb126e0f7e914a314130254d28467.
If we 100% sure that trans == NULL, it makes more sense to use
generic LOGP(DLSMS, LOGL_*, ...) call, so the logs can reflect
more information than such dummy prefix:
trans(NULL NULL callref-0x0 tid-0) ...
Change-Id: I3c1e633aee5dd7cd0d367404a3def9cffe0b3baa
This change is similar to I5540556b1c75f6873883e46b78656f31fc1ef186.
In gsm411_gsup_rx() we do call vlr_subscr_find_by_imsi(), which
increases subscriber's reference count by one using the function
name as the token. However, we never release this token, so the
reference count grows on every received GSUP FORWARD-SM message.
Change-Id: Ic729beb5f94cbbfbb251bc9ab66a5e7b799286c0
Otherwise when read in a log file it seems it's really going to send 20
sms even if there's none to send.
Change-Id: Ieb9bb61a90f295d2ba5fb67a2abee2d30785876d
When periodic Location Update is disabled (T3212 = 0), it was noticed
that OsmoMSC does expire subscribers quite soon - after 60 seconds
(VLR_SUBSCRIBER_LU_EXPIRATION_INTERVAL) since the last LU.
In order to avoid that, we need to check T3212 timer value in
vlr_subscr_expire_lu(), and if it's equal to 0, do not expire
anybody until the explicit IMSI Detach.
Change-Id: I2ead2241a3394dbdd5417f4554190df3fd698af2
The function name implies OSMO_RAT_GERAN_A, and it has nothing
to do with other OSMO_RAT_* types. Found using clang:
warning: too many arguments in call to 'expect_bssap_clear'
expect_bssap_clear(OSMO_RAT_GERAN_A);
^^^^^^^^^^^^^^^^
Change-Id: Id3a3af33fcc5da4ca4c48a2f589a69f3568d2586
If we 100% sure that trans == NULL, it makes more sense to use
generic LOGP(DSS, LOGL_*, ...) call, so the logs can reflect
more information than such dummy prefix:
trans(NULL NULL callref-0x0 tid-0) ...
Change-Id: I6b68a0f0b32eb126e0f7e914a314130254d28467
In gsm0911_gsup_rx() we do call vlr_subscr_find_by_imsi(), which
increases subscriber's reference count by one using the function
name as the token. However, we never release this token, so the
reference count grows on every received GSUP PROC-SS message.
Change-Id: I5540556b1c75f6873883e46b78656f31fc1ef186
This message can be used by the HLR/EUSE to indicate that something
went wrong, e.g. the connection with EUSE is lost, EUSE or the MS
did not respond in time, etc. OsmoMSC needs to release the SS/USSD
transaction, and send GSM 04.80 RELEASE COMPLETE message to the MS
if there is an active RAN connection.
Change-Id: I076d12ef24d7320eda1df1ee4588da7375ef3d9e
Related: (TTCN-3) I5586a88136c936441a842f49248824680603672e
Related: OS#2931
This check was copy-pasted from the CC handling code during the
initial development of "SS/USSD over GSUP" feature. It probably
makes sense for MT calls, but definitely not for SS/USSD.
Change-Id: I2899a23ee49fd7917443943629603700a5025cf4
This check was copy-pasted either from CC, or from SMS handling
code during the initial development of "SS/USSD over GSUP". Now
this is the only one survived after the recent refactoring.
I doubt this is exactly the right way to check whether subscriber
is attached or not. Moreover, this check should rather be done in
a single place, rather then in each CC/SS/SMS handler separately.
Change-Id: I7bd48860e923cb1f1a5bccc4b0f497ec1a7bcf84
In case of network-originated SS/USSD session establishment, we
need to verify the received GSUP PROC_SS_REQ message and make
sure that all mandatory IEs are present.
There is no sensible need to allocate a new transaction before
doing all the checks, other than the ability to use LOG_TRANS().
This complicates the code, so let's avoid the early allocation.
Change-Id: I4e027b19e8065a39324a1647957cef4066b82ce7
reported by _dev_zero in #osmocom
Change-Id: Ib5679ab5d06b6ef735725b4a68eeb1e9cbcc11ba
Depends-On: libosmocore I52b9f6b5f3e96d85a390ba2af21d7814df8aaeec
During the recent refactoring, some code parts has been moved out
of 'gsm_04_08.c', but the related header files were forgotten.
Change-Id: I61e728069a1e79bf72c01ef9d9fc5fb171d3892e
It is expected that establish_nc_ss_trans() returns an allocated
transaction in successful case, or NULL in case of error. The
function assumes two scenarios:
- the subscriber already has an active RAN connection,
- RAN connection needs to be established (Paging).
In the first case, a pointer to the transaction is returned as
expected, but in case of Paging, NULL has always been returned,
even if there were no errors. Let's fix this.
Change-Id: I9dcee64dd0b435ef29630c223132b81724701f93
The SM-RP-MR (Message Reference for SM Service) value in the response
(no matter result or error) shall match the value from the request.
Change-Id: Ifb6e749928548e6febfe7768aefe9a2a3ecf4de0
Found using the new TC_mt_ussd_for_unknown_subscr test case.
Change-Id: Id00a99b713a6b97c455b8e6ae49abea163e8281f
Related: (TTCN-3) Id35cd3ec15d1bab15260312d7bbb41e2d10349fe
Related: OS#2931
For SS/USSD, it's important to have both session state and ID IEs.
Found using the new TC_mt_ussd_for_unknown_subscr test case.
Change-Id: I57317a7b8036d1ffd36e2021efc146db4633da84
Related: (TTCN-3) Id35cd3ec15d1bab15260312d7bbb41e2d10349fe
Related: OS#2931
I am not a big fan of using such syntax sugar for initializing
structures, and this is one of the reasons: it's much easier
to shoot yourself in the foot.
IMSI was copied to the new GSUP message, but then overridden.
Found using the new TC_mt_ussd_for_unknown_subscr test case.
Change-Id: If81c3fa56951185339f33a523ab6364594101be1
Related: (TTCN-3) Id35cd3ec15d1bab15260312d7bbb41e2d10349fe
Related: OS#2931
The initial idea of the SMS expiry threshold was to avoid storing
SMS messages with too long validity time (e.g. 63 weeks).
Unfortunately, neither this feature was properly documented, nor
the expiry threshold is configurable. Moreover, it has been
implemented in a wrong way, so instead of deleting the oldest
expired message, it would delete the youngest one or nothing:
SELECT ... FROM SMS ORDER BY created LIMIT 1;
while it should be sorted by 'valid_until' in ascending order:
SELECT .. FROM SMS ORDER BY valid_until LIMIT 1;
Thus, if the oldest message is expired, it gets deleted. If the
oldest message is not expired yet, there is nothing to delete.
Change-Id: I0ce6b1ab50986dc69a2be4ea62b6a24c7f3f8f0a
In general, neither TP-User-Data nor decoded text should be
truncated. If the SMSC's database for some reason does contain
such weird messages, let's at least let the user know about it.
Change-Id: I75e852ebe44ba4784572cbffa029e13f0d3c430c
The following functions:
- sms_from_result(),
- sms_from_result_v3(),
- sms_from_result_v4(),
do retrieve the TP-UD, TP-UDL and text in the same way.
A consequence of such duplication is [1], which fixed potential
NULL-pointer dereference for sms_from_result(), but not for two
other functions: sms_from_result_v3() and sms_from_result_v4().
[1] I545967464c406348b8505d1729213cfb4afcd3e2
Change-Id: If67dfb9f7d2a55fa3d45dc4689a2acff9909faf6
The value of 'sms->user_data_len' is fetched from the database:
sms->user_data_len = dbi_result_get_field_length(result, "user_data");
and this is where the problem is. As per the libdbi's documentation
(see 3.5.3), dbi_result_get_field_length() returns the length in
bytes of the value stored in the specified field:
unsigned int dbi_result_get_field_length(dbi_result Result,
const char *fieldname)
so 'unsigned int' is assigned to 'uint8_t', what could lead to an
integer overflow if the value is grather than 0xff. As a result,
if the database for some reason does contain such odd TP-UD,
the truncation of 'user_data' would be done incorrectly.
Let's avoid such direct assignment, and use a separate variable.
Also, let's warn user if TP-UDL value is grether than 140, as
per 3GPP TS 03.40.
Change-Id: Ibbd588545e1a4817504c806a3d02cf59d5938ee2
Related: OS#3684
Newer versions of libdbi print to stderr unconditionally when trying to
load drivers from /usr/lib/dbd. This makes test output to change
depending on host/distro set up (installed modules).
Let's get those messages out to make it easier for people having tests
pass.
We swap stderr/stdout instead of mixing to avoud future possible race
conditions if both get content writen into them.
Change-Id: Iec78826d28435f464be22e81b3776a6ae8326d59
The libdbd-sqlite3 provides SQLite3 driver for libdbi. We use it
by default for the built-in SMS Centre. Since [1], we have unit
test coverage for the db_sms_* API, thus we need libdbd-sqlite3
to be installed at build-time.
[1] Id94ad35b6f78f839137db2e17010fbf9b40111a3
Change-Id: Ice9fb11f5b8a39abecee426d2fadcf62b7ee47c4
man memcp doesn't define exact values for returned integer, it only
specifices a meaning for the sign of it.
So it happens that different versions/implementations actually return
different values when this test is run, making it fail.
Let's simply drop that info from logs since anyways it's not useful.
Change-Id: I771fb8f4fc56f337b16561d005ff1803a386d1c6
Catched by ASan on db_sms_test unit test:
DDB NOTICE test_db_sms_get('Empty TP-UD'): osmo-msc/src/libmsc/db.c:796:2: runtime error: null pointer passed as argument 2, which is declared to never be null
That happens on empty PDU because dbi_result_get_binary returns NULL,
and sms->user_data_len is 0, so it's harmless but we can avoid calling
mempcy and make ASan happy.
Change-Id: I545967464c406348b8505d1729213cfb4afcd3e2
Thanks to db_sms_test, it was discovered that storing an SMS with
empty TP-User-Data (TP-UDL=1) causes buffer overruns in libdbi
and it's SQLite3 driver (libdbdsqlite3):
DDB NOTICE test_db_sms_store('Empty TP-UD'): ==7791== Invalid write of size 2
==7791== at 0x857DC60: dbd_quote_binary (in /usr/lib/x86_64-linux-gnu/dbd/libdbdsqlite3.so)
==7791== by 0x5B2B321: dbi_conn_quote_binary_copy (in /usr/lib/x86_64-linux-gnu/libdbi.so.1.1.0)
==7791== by 0x4073B1: db_sms_store (db.c:701)
==7791== by 0x405BB5: test_db_sms_store (db_sms_test.c:310)
==7791== by 0x405BB5: main (db_sms_test.c:546)
==7791== Address 0x7ed1cf0 is 0 bytes after a block of size 0 alloc'd
==7791== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==7791== by 0x857DC4B: dbd_quote_binary (in /usr/lib/x86_64-linux-gnu/dbd/libdbdsqlite3.so)
==7791== by 0x5B2B321: dbi_conn_quote_binary_copy (in /usr/lib/x86_64-linux-gnu/libdbi.so.1.1.0)
==7791== by 0x4073B1: db_sms_store (db.c:701)
==7791== by 0x405BB5: test_db_sms_store (db_sms_test.c:310)
==7791== by 0x405BB5: main (db_sms_test.c:546)
...
DDB NOTICE test_db_sms_get('Empty TP-UD'): ==8051== Invalid read of size 1
==8051== at 0x5B30510: _dbd_decode_binary (in /usr/lib/x86_64-linux-gnu/libdbi.so.1.1.0)
==8051== by 0x857D957: dbd_fetch_row (in /usr/lib/x86_64-linux-gnu/dbd/libdbdsqlite3.so)
==8051== by 0x5B2C86E: dbi_result_seek_row (in /usr/lib/x86_64-linux-gnu/libdbi.so.1.1.0)
==8051== by 0x40828F: next_row (db.c:188)
==8051== by 0x40828F: db_sms_get (db.c:805)
==8051== by 0x406C29: test_db_sms_get (db_sms_test.c:390)
==8051== by 0x405C14: main (db_sms_test.c:547)
==8051== Address 0x8f74641 is 0 bytes after a block of size 1 alloc'd
==8051== at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==8051== by 0x5DBEB49: strdup (strdup.c:42)
==8051== by 0x857D93C: dbd_fetch_row (in /usr/lib/x86_64-linux-gnu/dbd/libdbdsqlite3.so)
==8051== by 0x5B2C86E: dbi_result_seek_row (in /usr/lib/x86_64-linux-gnu/libdbi.so.1.1.0)
==8051== by 0x40828F: next_row (db.c:188)
==8051== by 0x40828F: db_sms_get (db.c:805)
==8051== by 0x406C29: test_db_sms_get (db_sms_test.c:390)
==8051== by 0x405C14: main (db_sms_test.c:547)
==8051==
success, as expected
DDB NOTICE verify_sms('Empty TP-UD'): user_data_len mismatch: E0 vs A3
Apparently, dbi_conn_quote_binary_copy() doesn't properly handle
zero-length input. Let's guard against this.
Observed with:
- libdbi-dev 0.9.0-1
- libdbd-sqlite3:amd64 0.9.0-2ubuntu2
Change-Id: If0b2bb557118c5f0e520a2e6c2816336f6028661
Since OsmoMSC has built-in SMSC, it needs to store the messages
somewhere. Currently we use libdbi and SQLite3 back-end for that.
For a long time, the db_sms_* API remained uncovered by unit tests.
This change aims to fix that, and does cover the following calls:
- db_sms_store(),
- db_sms_get(),
- db_sms_get_next_unsent(),
- db_sms_mark_delivered(),
- db_sms_delete_sent_message_by_id(),
- db_sms_delete_by_msisdn(),
- db_sms_delete_oldest_expired_message().
Due to performance reasons, the test database is initialized in
RAM using the magic filename ':memory:'. This is a feature of
SQLite3 (and not libdbi), see:
https://www.sqlite.org/inmemorydb.html
Of course, this unit test helped to discover some problems:
1) Storing an SMS with empty TP-User-Data (TP-UDL=0) causes
buffer overruns in both db_sms_store() and db_sms_get().
2) TP-User-Data-Length is always being interpreted in octets,
regardless of DCS (Data Coding Scheme). This results in
storing garbage in the database if the default 7-bit
encoding is used. Fortunately, the 'user_data' buffer
in structure 'gsm_sms' is large emough, so we don't
experience buffer overruns.
3) db_sms_delete_oldest_expired_message() doesn't work
as expected. Instead of removing the *oldest* expired
message, it tries to remove the *newest* one.
The current test expectations do reflect these problems.
All of them will be fixed in the follow-up patches.
Change-Id: Id94ad35b6f78f839137db2e17010fbf9b40111a3
We also need stubs for the upcoming db_sms tests.
Due to a known bug of automake [1], we cannot use 'subdir-objects',
so as a side effect this change introduces some autoreconf warnings.
[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752993
Change-Id: I8846c940f2695fd33e1007fecac83e73f508bb34
In the most cases we need to check whether particular char buffer
is empty or not. Using strlen() for that involves more CPU power,
so let's just check the first character against '\0'.
Change-Id: I8728876b80c870e82247e6e56f719e10ed322a95
The current way of printing subscriber, connection, and transaction
info is ugly (sorry) and has several problems:
- the terminal width should be large enough to fit quite long lines,
otherwise the output is unreadable and looks misaligned;
- some fields (such as subscriber name) can be larger than it's
expected, so either they're getting truncated, or again, the
output is misaligned and unreadable;
- adding new info fields would require one to think about the
alignment and would make the output even more cumbersome.
Here is an example output of 'show connection' command:
_Subscriber_______________________________________ _LAC_ _RAN___________________ _MSC-A_state_________ _MSC-A_use_
IMSI-123456789012345:MSISDN-12345:TMSI-0x12345678 1 GERAN-A-4294967295:A5-3 WAIT_CLASSMARK_UPDATE 2=cm_service,trans_cc
IMSI-123456789012356:MSISDN-234567:TMSI-0x123ABC78 65535 UTRAN-Iu-4294967295 COMMUNICATING 2=cm_service,trans_sms
IMSI-262073993158656:MSISDN-123456:TMSI-0x493026BA 1 GERAN-A-1 MSC_A_ST_COMMUNICATING 1=1 (silent_call)
Another 'show subscriber' command mixes the information about
subscriber, its connections and transactions without any alignment,
what also decreases the readability.
This change introduces a hierarchical approach, based on the old
'field per line' formatting. First of all, the VTY commands were
extended with optional flags:
show connection [trans]
show subscriber cache [(conn|trans|conn+trans)]
show subscriber TYPE ID [(conn|trans|conn+trans)]
so it can be decided, whether to print child connections and/or
transaction, or not. For example:
show connection trans
would print all connections and their child transactions with
hierarchical alignment:
Connection #00:
Subscriber: IMSI-262073993158656:MSISDN-123456:TMSI-0x76760B75
RAN connection: GERAN-A-1
RAN connection state: MSC_A_ST_COMMUNICATING
LAC / cell ID: 1 / 0
Use count total: 1
Use count: 1 (silent_call)
Transaction #00:
Unique (global) identifier: 0x00000000
GSM 04.07 identifier (MT): 0
Type: silent-call
another example is:
show subscriber cache conn+trans
which would print all known subscribers,
their active connections and transactions:
Subscriber #00:
MSISDN: 123456
LAC / cell ID: 1 / 0
RAN type: GERAN-A
IMSI: 262073993158656
TMSI: 76760B75
...
Connection:
RAN connection: GERAN-A-1
RAN connection state: MSC_A_ST_COMMUNICATING
...
Transaction #00:
Unique (global) identifier: 0x00000000
GSM 04.07 identifier (MT): 0
Type: silent-call
Transaction #01:
Unique (global) identifier: 0x00000001
GSM 04.07 identifier (MO): 0
Type: SMS
Transaction #02:
Unique (global) identifier: 0x00000002
GSM 04.07 identifier (MT): 0
Type: SMS
Please note that we don't print redundant info in child nodes
(i.e. connection and transaction info), such as subscriber name
in connection info, nor connection name in transaction info - it
is clear from the hierarchical formatting.
Change-Id: I5e58b56204c3f3d019e8d4c3c96cefdbb4af4d47
The HLR (which is connected via the GSUP interface) may fail and
disconnect. On the next location update the VLR will try to talk to the
HLR and fail. This failure event is not communicated towards the SGs
related code and the SGs-association will remain in the LA-PRESENT state
forever. Lets add code to report the problem to the SGs code and trigger
a RESET an the SGs interface.
- Add a flag to report an HLR problem back to the SGs code
- Fix the FSM that controls the reset
- Make sure the all SGs associations are reset when the failure occurs.
Change-Id: Icc7df92879728bc98c85fc1d5d8b4c6246501b12
Related: OS#3859
According to 3GPP TS 29.002, section 7.6.8.7, MMS (More Messages to Send)
is an optional IE of MT-ForwardSM-Req message which is used by SMSC to
indicate that there are more (multi-part) MT SMS messages to be sent.
The MSC needs to use this indication in order to decide whether to
keep the RAN connection with a given subscriber open.
Related Change-Id: (TTCN) I6308586a70c4fb3254c519330a61a9667372149f
Change-Id: Ic46b04913b2e8cc5d11a39426dcc1bfe11f1d31e
Related: OS#3587
in osmo-msc/Makefile.am, osmo-msc was actually missing the LIBASN1C_LIBS even
though it included LIBASN1C_CFLAGS. Probably libasn1c is implicitly linked from
libranap.so, but doesn't hurt to name it.
When building without Iu support, the LIBOSMORANAP* and LIBASN1C* vars are
empty, so no need to explicitly switch on BUILD_IU, just name them.
Change-Id: I39ae5e3f0f7661ca9ee5c17a500be28c461d7ec7
DB counters has been used to save osmo_counters & osmo_rate_ctr to a local
sqlite databases every 60 seconds.
This is quite slow e.g. 1000 subscriber might slow the msc down.
Change-Id: Id64f1839a55b5326f74ec04b7a5dbed9d269b89c
Later on we want to do extra steps upon receiving a Rx Reset Ack
(checking for Osmux support from peer). Let's move handling of this
message into its own function to have handling implementation in one
place.
Change-Id: I516c4baf6071d26f6c530726d93677bed968efd1
When 'check-imei-rqd 1 early' is set in the config, send the IMEI to
the HLR before doing the location update with the HLR.
The OsmoHLR documentation referenced in the code will be added in
osmo-hlr.git's Change-Id I2dd4a56f7b8be8b5d0e6fc32e04459e5e278d0a9.
Related: OS#2542
Change-Id: I88283cad23793b475445d814ff49db534cb41244
Copy IMEISV to IMEI when IMEISV changes. The additional SV digits will
get cut off then. This is needed for the subscriber on demand use case,
since we can get the IMEISV early (see [1]), but need to send the IMEI
to the Check IMEI procedure.
While adjusting the tests, I have noticed that there are code paths
where we ask the MS for the IMEISV first, and later ask the MS for the
IMEI, although we already have the IMEISV. This could be improved in a
future patch.
[1] Change-Id I256224194c3b8caf2b58a88d11dccd32c569201f
Related: OS#2542
Change-Id: I02e7b66848bf7dddb31b105e2ae981432817ae1e
Set the length of vlr_subscr->imei to
GSM23003_IMEI_NUM_DIGITS_NO_CHK (14)
instead of
GSM23003_IMEISV_NUM_DIGITS (16).
Note that there is also GSM23003_IMEI_NUM_DIGITS (15), which includes
an additional checksum digit. This digit is not intended for digital
transmission, so we don't need to store it. Also by not storing it, we
can simply copy the IMEI-part from the IMEISV to the IMEI without
worrying about the checksum (will be done in a follow up patch).
A good overview of the IMEI/IMEISV structure is here:
https://en.wikipedia.org/wiki/International_Mobile_Equipment_Identity#Structure_of_the_IMEI_and_IMEISV_(IMEI_software_version)
Related: OS#2542
Change-Id: Iaf2569c099874b55acbd748b776394726cc5ce54
Prepare for Rhizomatica's subscriber on demand use case, in which the
network access is disabled by default for new subscribers, but the IMEI
is required in the HLR to find out which user has which IMSI. Due to the
network access being disabled, the location update request towards the
HLR fails and the MS gets rejected, so we need to get the IMEI early.
Related: OS#2542, OS#3755
Change-Id: I256224194c3b8caf2b58a88d11dccd32c569201f
Previous patch [1] removed NULL-safety from LOG_TRANS(). Fix that.
In case a trans is NULL, it is fine to log in the DMSC category, since the
context should still be general (erratic message or other initial problems).
[1] 7f85acea9b / I6dfe5b98fb9e884c2dde61d603832dafceb12123
"LOG_TRANS: store subsys in trans, unify USSD logging back to DMM"
Change-Id: I6e36c47bf828dd073b36c6301bbeabcc28e101e6
In state machine callback functions, instead of logging an error when
an invalid event arrives, do OSMO_ASSERT(0).
Change-Id: If5363ae37b414a0ac195e5f89664c75cbad0bb21
In ran_a_make_handover_request() we do prevent destination buffer
(r.encryption_information.key) overflow, but not source buffer
(n->geran.chosen_encryption->key) overrun if an incorrect key
length is received. Let's fix this.
Change-Id: I278bb72660634c2d535e1bd3d7fce5696da23575
Fixes: CID#198450 Out-of-bounds access
We basically need to make sure that one of two possible IEs
is not NULL, while another is NULL (eXclusive OR). This can
be done using at least two conditional branches.
Change-Id: Ie0f9b5c1bbbfb744e0615da07d76037d91b0abc8
Fixes: CID#198444 Logically dead code
For some reason, having ternary operator there makes Coverity think
that 'n->geran.chosen_encryption' is dereferenced before checking
against NULL. Let's make it happy, and move the assignment.
Change-Id: I95051d0f02e2fdd3ec8da3a506109e7b23e99b4b
Fixes: CID#198454 Dereference before null check
The librt is required for old glibc < 2.17 to get clock_gettime().
Since we do check the availability of this function libosmocore
and conditionally link it against librt, there is no need to do
such unconditional and redundant linkage here.
Change-Id: If587d16d2db677b97e3a0641027eb735af9c9c30
In gsm48_rx_mm_serv_req() we need to make sure that a given message
buffer is large enough to contain both 'gsm48_hdr' and
'gsm48_service_request' structures.
Comparing msg->data_len with size of pointer if wrong because:
- we actually need to compare with size of struct(s),
- we need msgb_l3len(), not length of the whole buffer.
Moreover, since we have to use the pointer arithmetics in order
to keep backwards compatibility with Phase1 phones, we also
need to check the length of both Classmark2 and MI IEs.
Change-Id: I6e7454d7a6f63fd5a0e12fb90d8c58688da0951e
Since in parse_umts_auth_resp() we are checking the length of
GSM48_IE_AUTH_RES_EXT TLV, we need to print its length, but
not the length of the whole L3.
Change-Id: I2bfebce6d017be834bfe7628ffa2b341eb82c11c
The MSC_A_EV_HANDOVER_END exists as parent term event for the msc_ho_fsm, but
it is not actually required as functional event, since all cleanup is handled
in msc_ho_fsm_cleanup().
That's why I never bothered to add the event to msc_a_fsm, but of course that
means we get an error message after each (successful and unsuccessful)
handover, that the MSC_A_EV_HANDOVER_END is not permitted.
Allow the event and ignore it to silence the error message.
Explain in a comment.
Change-Id: Ie8dc0c0a631b7da43111f329562007766a21b134
After neels/ho was merged, SMS over IuCS/RANAP was failing in both
MO and MT direction. The reason was that all mobile-terminated SMS-CP
layer messages were sent in RANAP with SAPI-0 instaed of SAPI-1.
Change-Id: I98e6eddb52d5c61c4e2d34bdfcd43cf460296ad7
Closes: OS#3993
The event is actually never dispatched and useless, because when an RTP stream
releases, the call_leg terminates directly anyway (which wasn't apparent when
starting to design the call_leg FSM yet).
Change-Id: I6b2fc1225c960fa2f7c46adf241520217a07821c
The SMPP 3.4 specification defines the password field as a
"Variable-length octet string with maximum length of 9", and according
to table 3-1 this means including the terminating NUL-byte.
However, OsmoMSC allows to configure longer passwords in the ESME
configuration. Those passwords will then never match, as libsmpp34
performs length validation and generates a parser error for anyone
trying to send a longer password via SMPP.
The same applies for system-id, where we have to permit only 15
characters with zero termination, but not 16 characters.
Change-Id: I81ef593e84bf1e15f6746386fc145495fae29354
Closes: OS#3166
Instead of calling trans_log_subsys() for each LOG_TRANS() log line, rather
store in trans->log_subsys once on trans_alloc() and use that.
Do not fall back to the RAN's own subsystem (DBSSAP / DIUCS), it makes little
sense and may cause logging to switch subsystems depending on the RAN state.
In trans_log_subsys(), add missing switch cases:
- Log silent call transactions also on CC.
- Log USSD on DMM.
About USSD: we currently have no dedicated USSD logging category. As a result,
after LOG_TRANS() was introduced [1], USSD logged on DBSSAP/DIUCS or DMSC,
depending on whether a RAN was associated with the trans or not. Before that
change, USSD always logged on DMM, so, until we have a separate logging
category for USSD, consistenly use DMM again.
[1] in I2e60964d7a3c06d051debd1c707051a0eb3101ba / ff7074a0c7
Related: coverity CID 198453
Change-Id: I6dfe5b98fb9e884c2dde61d603832dafceb12123
As per 3GPP TS 03.40, section 9.2.3.16 "TP-User-Data-Length (TP-UDL)",
if the TP-User-Data is coded using the GSM 7-bit default alphabet,
the TP-User-Data-Length field indicates the *number of septets*
within the TP-User-Data field to follow. Otherwise, i.e. in case
of 8-bit or UCS-2 encoded data, the *number of octets* is indicated.
Since we store the original TP-UDL value (as received), we might
need to convert septets to octets before passing it to memcpy().
Otherwise this would lead to a buffer overrun.
Also, as we receive TPDU from untrusted source (i.e. subscriber),
the TP-UDL value needs to be checked against the corresponding
maximum (160 septets or 140 octets) and truncated if needed.
Please note that buffer overrun is still possible, e.g. when an
indicated TP-UDL value is grather than the remaining TPDU length.
Preventing this would require adding an additional check.
Change-Id: I4b08db7665e854a045129e7695e2bdf296df1688
Depends-on: (core) I54f88d2908ac47228813fb8c049f4264e5145241
It was noticed that SCCP_RAN_MSG_RESET_ACK message is not freed after
sending. Since ran_peer_rx_reset() calls sccp_ran_down_l2_cl(), which
then calls osmo_sccp_user_sap_down_nofree(), which doesn't free the
message buffer (what's clear from its name).
OsmoMSC# show talloc-context application full filter msgb
full talloc report on 'osmo_msc' (total 20155 bytes in 88 blocks)
msgb contains 4640 bytes in 5 blocks (ref 0)
bssmap: reset ack contains 1160 bytes in 1 blocks (ref 0)
bssmap: reset ack contains 1160 bytes in 1 blocks (ref 0)
bssmap: reset ack contains 1160 bytes in 1 blocks (ref 0)
Let's free it after sending (or in case of error).
Change-Id: Ic174f6eecd6254af597dfbdc1c9e3d65716f0a76
The misnomed 'nas_decode' and 'nas_encode' APIs have been renamed to
'ran_decode' and 'ran_encode', which was forgotten in the large comment
explaining the message path in sccp_ran.h. Apply the rename there.
Change-Id: I742fb4844ac8a9ad76f59883ae9447eb8819b82d
This fixes the following compiler error:
msub.c: In function ‘msub_fsm_active’:
msub.c:85:35: error: ‘msc_role_a_c’ may be used uninitialized in this function
[-Werror=maybe-uninitialized]
|| (msc_role_a_c && msc_role_a_c->ran->type == OSMO_RAT_EUTRAN_SGS)))
~~~~~~~~~~~~^~~~~
msub.c:59:26: note: ‘msc_role_a_c’ was declared here
struct msc_role_common *msc_role_a_c;
^~~~~~~~~~~~
Change-Id: Id518dea77d01ed0518ca7cba6b1b363f1c8e6543
While developing the inter-MSC handover refactoring, I was annoyed by the fact
that mncc_tx_to_cc() receives an MNCC message struct containing a msg_type, as
well as a separate msg_type argument, which may deviate from each other. So, as
a first step I wanted to make sure that all callers send identical values for
both by inserting an OSMO_ASSERT(msg_type == msg->msg_type). Later I was going
to remove the separate msg_type argument.
I then forgot to
- carry on to remove the argument and
- to actually test with internal MNCC (it so happens that all of our ttcn3
tests also use external MNCC).
As a result, the "large refactoring" patch for inter-MSC Handover breaks
internal MNCC operation.
Fix that: remove the separate msg_type argument and make sure that all callers
of mncc_tx_to_cc() indeed pass the desired msg_type in msg->msg_type, and hence
also remove the odd duality of arguments.
Various functions in mncc_builtin.c also exhibit this separate msg_type
argument, which are all unused and make absolutely no sense. Remove those as
well.
Related: OS#3989
Change-Id: I966ce764796982709ea3312e76988a95257acb8d
We are just introducing smpp34_set_memory_functions() in libsmpp34
to allow applications like OsmoMSC to provide their own heap allocator
callback functions. Let's used this to integrate with talloc and
hence allow talloc tracking/debugging for libsmpp34 internal
allocations.
Depends: libsmpp34 Change-Id I3656117115e89638c093bfbcbc4369ce302f7a94
Change-Id: Ie2725ffab6a225813e65768735f01678e2022128
Related: OS#3913
Get rid of the legacy name bscconfig.h from osmo-nitb times.
Remove the #include from some of the files that aren't actually using it.
Instead of '#include "../../config.h"', use plain '#include "config.h"'
because we're anyway passing $top_srcdir as -I during compilation.
Change-Id: Id4f683be1f36f0630c83da54e02868aae847aeec
Before, I was testing with osmo-hlr patch
I01a45900e14d41bcd338f50ad85d9fabf2c61405 applied, but that patch is currently
in an abandoned state.
This is the counterpart implemented in osmo-msc: always include the terminating
nul char in the "blob" that is the MSC IPA name.
The dualities in the formats of routing between MSCs is whether to handle it as
a char*, or as a uint8_t* with explicit len (a blob).
In the VTY config to indicate target MSCs for inter-MSC handover, we have
strings. We currently even completely lack a way of configuring any blob-like
data as a VTY config item.
In osmo-hlr, the IPA names used for routing are currently received as a char*
which *includes* the terminating nul char. So in osmo-msc, if we also always
include the nul char, it works.
Instead, we could just send the char* part without the nul char, and apply
above mentioned osmo-hlr patch. That patch would magically match a name that
lacks a nul with a name that includes one. I think it is better to agree on one
format on the GSUP wire now, instead of making assumptions in osmo-hlr on the
format of the source/target names for routing. This format, from the way GSUP
so far transmits the IPA SERNO tag when a client attaches to osmo-hlr, happens
to include the terminating nul char.
Change-Id: I9ca8c9eef104519ed1ea46e2fef46dcdc0d554eb
3GPP TS 49.008 '4.3 Roles of MSC-A, MSC-I and MSC-T' defines distinct roles:
- MSC-A is responsible for managing subscribers,
- MSC-I is the gateway to the RAN.
- MSC-T is a second transitory gateway to another RAN during Handover.
After inter-MSC Handover, the MSC-I is handled by a remote MSC instance, while
the original MSC-A retains the responsibility of subscriber management.
MSC-T exists in this patch but is not yet used, since Handover is only prepared
for, not yet implemented.
Facilitate Inter-MSC and inter-BSC Handover by the same internal split of MSC
roles.
Compared to inter-MSC Handover, mere inter-BSC has the obvious simplifications:
- all of MSC-A, MSC-I and MSC-T roles will be served by the same osmo-msc
instance,
- messages between MSC-A and MSC-{I,T} don't need to be routed via E-interface
(GSUP),
- no call routing between MSC-A and -I via MNCC necessary.
This is the largest code bomb I have submitted, ever. Out of principle, I
apologize to everyone trying to read this as a whole. Unfortunately, I see no
sense in trying to split this patch into smaller bits. It would be a huge
amount of work to introduce these changes in separate chunks, especially if
each should in turn be useful and pass all test suites. So, unfortunately, we
are stuck with this code bomb.
The following are some details and rationale for this rather huge refactoring:
* separate MSC subscriber management from ran_conn
struct ran_conn is reduced from the pivotal subscriber management entity it has
been so far to a mere storage for an SCCP connection ID and an MSC subscriber
reference.
The new pivotal subscriber management entity is struct msc_a -- struct msub
lists the msc_a, msc_i, msc_t roles, the vast majority of code paths however
use msc_a, since MSC-A is where all the interesting stuff happens.
Before handover, msc_i is an FSM implementation that encodes to the local
ran_conn. After inter-MSC Handover, msc_i is a compatible but different FSM
implementation that instead forwards via/from GSUP. Same goes for the msc_a
struct: if osmo-msc is the MSC-I "RAN proxy" for a remote MSC-A role, the
msc_a->fi is an FSM implementation that merely forwards via/from GSUP.
* New SCCP implementation for RAN access
To be able to forward BSSAP and RANAP messages via the GSUP interface, the
individual message layers need to be cleanly separated. The IuCS implementation
used until now (iu_client from libosmo-ranap) did not provide this level of
separation, and needed a complete rewrite. It was trivial to implement this in
such a way that both BSSAP and RANAP can be handled by the same SCCP code,
hence the new SCCP-RAN layer also replaces BSSAP handling.
sccp_ran.h: struct sccp_ran_inst provides an abstract handler for incoming RAN
connections. A set of callback functions provides implementation specific
details.
* RAN Abstraction (BSSAP vs. RANAP)
The common SCCP implementation did set the theme for the remaining refactoring:
make all other MSC code paths entirely RAN-implementation-agnostic.
ran_infra.c provides data structures that list RAN implementation specifics,
from logging to RAN de-/encoding to SCCP callbacks and timers. A ran_infra
pointer hence allows complete abstraction of RAN implementations:
- managing connected RAN peers (BSC, RNC) in ran_peer.c,
- classifying and de-/encoding RAN PDUs,
- recording connected LACs and cell IDs and sending out Paging requests to
matching RAN peers.
* RAN RESET now also for RANAP
ran_peer.c absorbs the reset_fsm from a_reset.c; in consequence, RANAP also
supports proper RESET semantics now. Hence osmo-hnbgw now also needs to provide
proper RESET handling, which it so far duly ignores. (TODO)
* RAN de-/encoding abstraction
The RAN abstraction mentioned above serves not only to separate RANAP and BSSAP
implementations transparently, but also to be able to optionally handle RAN on
distinct levels. Before Handover, all RAN messages are handled by the MSC-A
role. However, after an inter-MSC Handover, a standalone MSC-I will need to
decode RAN PDUs, at least in order to manage Assignment of RTP streams between
BSS/RNC and MNCC call forwarding.
ran_msg.h provides a common API with abstraction for:
- receiving events from RAN, i.e. passing RAN decode from the BSC/RNC and
MS/UE: struct ran_dec_msg represents RAN messages decoded from either BSSMAP
or RANAP;
- sending RAN events: ran_enc_msg is the counterpart to compose RAN messages
that should be encoded to either BSSMAP or RANAP and passed down to the
BSC/RNC and MS/UE.
The RAN-specific implementations are completely contained by ran_msg_a.c and
ran_msg_iu.c.
In particular, Assignment and Ciphering have so far been distinct code paths
for BSSAP and RANAP, with switch(via_ran){...} statements all over the place.
Using RAN_DEC_* and RAN_ENC_* abstractions, these are now completely unified.
Note that SGs does not qualify for RAN abstraction: the SGs interface always
remains with the MSC-A role, and SGs messages follow quite distinct semantics
from the fairly similar GERAN and UTRAN.
* MGW and RTP stream management
So far, managing MGW endpoints via MGCP was tightly glued in-between
GSM-04.08-CC on the one and MNCC on the other side. Prepare for switching RTP
streams between different RAN peers by moving to object-oriented
implementations: implement struct call_leg and struct rtp_stream with distinct
FSMs each. For MGW communication, use the osmo_mgcpc_ep API that has originated
from osmo-bsc and recently moved to libosmo-mgcp-client for this purpose.
Instead of implementing a sequence of events with code duplication for the RAN
and CN sides, the idea is to manage each RTP stream separately by firing and
receiving events as soon as codecs and RTP ports are negotiated, and letting
the individual FSMs take care of the MGW management "asynchronously". The
caller provides event IDs and an FSM instance that should be notified of RTP
stream setup progress. Hence it becomes possible to reconnect RTP streams from
one GSM-04.08-CC to another (inter-BSC Handover) or between CC and MNCC RTP
peers (inter-MSC Handover) without duplicating the MGCP code for each
transition.
The number of FSM implementations used for MGCP handling may seem a bit of an
overkill. But in fact, the number of perspectives on RTP forwarding are far
from trivial:
- an MGW endpoint is an entity with N connections, and MGCP "sessions" for
configuring them by talking to the MGW;
- an RTP stream is a remote peer connected to one of the endpoint's
connections, which is asynchronously notified of codec and RTP port choices;
- a call leg is the higher level view on either an MT or MO side of a voice
call, a combination of two RTP streams to forward between two remote peers.
BSC MGW PBX
CI CI
[MGW-endpoint]
[--rtp_stream--] [--rtp_stream--]
[----------------call_leg----------------]
* Use counts
Introduce using the new osmo_use_count API added to libosmocore for this
purpose. Each use token has a distinct name in the logging, which can be a
globally constant name or ad-hoc, like the local __func__ string constant. Use
in the new struct msc_a, as well as change vlr_subscr to the new osmo_use_count
API.
* FSM Timeouts
Introduce using the new osmo_tdef API, which provides a common VTY
implementation for all timer numbers, and FSM state transitions with the
correct timeout. Originated in osmo-bsc, recently moved to libosmocore.
Depends: Ife31e6798b4e728a23913179e346552a7dd338c0 (libosmocore)
Ib9af67b100c4583342a2103669732dab2e577b04 (libosmocore)
Id617265337f09dfb6ddfe111ef5e578cd3dc9f63 (libosmocore)
Ie9e2add7bbfae651c04e230d62e37cebeb91b0f5 (libosmo-sccp)
I26be5c4b06a680f25f19797407ab56a5a4880ddc (osmo-mgw)
Ida0e59f9a1f2dd18efea0a51680a67b69f141efa (osmo-mgw)
I9a3effd38e72841529df6c135c077116981dea36 (osmo-mgw)
Change-Id: I27e4988e0371808b512c757d2b52ada1615067bd
Avoid deprecation warning: use gsm48_decode_bcd_number2() instead of
gsm48_decode_bcd_number().
Validate the return value and add error handling.
Change-Id: Ibef71c46d72d2d43123e68f73e5ed554a69243d8
When the LU is accepted and the subscriber (vsub) is not claimed as "in
use" in the ref counting system.
- Make sure vlr_subscr_get() is called when the LU is accepted.
Change-Id: Iba90be095569cc5212c61ab8e8a9bfd4ae51fd44
Related OS#3934
This looks like a rudiment from OpenBSC, where we have:
#define BSC_API __attribute__((visibility("default")))
However, we don't use this attribute in OsmoMSC.
Change-Id: Ie2f18e9b47eca478f6e4702606068814546e34ce
In smpp_openbsc.c submit_to_sms(), "get" the appropriate use count upon
assigning sms->receiver, fixing a -1 use count upon sms_free().
Also, avoid a "put" of a NULL subscriber in the same function.
Related: OS#3930
Change-Id: Idaf01cd3cfa08088ce0d543d0576db957dc94262
So far, sms_pending_failed() starts a new sms_queue_trigger() run. The
intention behind that might have been to fill up the queue when sending SMS has
failed, but the practical effect is actually bad:
As current ttcn3-msc-test runs show, a failed MT SMS gets triggered multiple
times in short succession, i.e. osmo-msc repeatedly sends Paging Requests for
the same subscriber.
This special case happens actually only when there are few SMS still in the DB
to be delivered. In the TTCN3 test, there is exactly one MT SMS for one
subscriber, and retriggering the queue brings up the same SMS every time.
See f_tc_lu_and_mt_sms_paging_and_nothing() and f_tc_sgsap_mt_sms_and_nothing()
which say:
"/* Expect the MSC to page exactly 10 times before giving up */"
This is bad because an MSC should send a Paging Request exactly once. Retrying
failed Paging is clearly the task of the BSC, not the MSC. The remaining code
around Paging correctly follows this paradigm, but this retrigger doesn't.
Do not immediately trigger the SMS queue on a failed MT SMS. Instead, leave it
up to the periodical SMS queue trigger to decide.
This patch will cause the MT SMS tests in ttcn3-msc-tests to fail, because the
test expectations are bogus. The patch fixing the test run is listed 'Related'
below.
Related: I7dce12942a65eaaf97f78ca69401c7f93faacb9e (osmo-ttcn3-hacks)
Change-Id: I24bf9f1c1167efe1080ae4cf47ed2ef0bd981e49
Start using osmo_fsm_term_safely(true), the recently added feature of
libosmocore's fsm.c. Deallocates in slightly changed order and with slightly
modified logging. Adjust test expectations.
Depends: I8eda67540a1cd444491beb7856b9fcd0a3143b18 (libosmocore)
Change-Id: I195a719d9ec1f6764ee5a361244f59f0144dc253
The function sgs_tx() is using the sgs connection pointer as context,
even though it has done a check for a nullpointer in the line before.
This is very prone to lead into a segfault when the SGs connection dies.
Change-Id: I88b95e3f8cd35241ad68f08d94c6ad7067b842e6
Related: OS#3859
The libsmpp34 build_tlv() function is allocating dynamic memory
which we need to release again by calling destroy_tlv().
Change-Id: Iacc74c9948fb10fa79c0dd7b0cb72d4adbefdeed
Closes: OS#3912
If subscriber is NULL, vlr_subscr_msisdn_or_name() returns string
"unknown", which is less informative than printing destination msisdn
expected for the queued sms.
This happens for instance if an sms was queued with Store&Forward and
destination subscriber is not currently registered
Change-Id: I4b8b54c9c41b17d4e1fa7ece63aa91a98036ef11
When the subscriber is detached from SGs services (but not from 2g
services). Then the subscriber essentially becomes a regular 2g
subscriber, which means thet the lu expiration timer needs to be
started.
Change-Id: If95c63706dc1c5a537f7cd1b6481252427cbf234
Related: OS#3614
When the subscriber is detached from non EPS services while the
SGs-association is not SGs-NULL, it needs to be removed from the VLR
database.
Change-Id: I575cf6036ad39468f590b2d57a06cd3512a4c31c
Related: OS#3614
As we don't initialize all talloc contects of libmsc, let's make
sure that there is nothing left in the NULL context after the
unit test execution is finished.
Change-Id: I99fd82750aff376e4d90eaa2402ec41f4d59ef86
A memleak has been noticed after executing some of TTCN-3 test
cases. For example, the following ones:
- MSC_Tests.TC_lu_and_mo_sms,
- MSC_Tests.TC_lu_and_mt_sms.
The key point is that MSC_Tests.TC_lu_and_mo_sms basically sends
a MO SMS to a non-attached subscriber with MSISDN 12345, so this
message is getting stored in the SMSC's database.
As soon as the SMSC's queue is triggered, sms_submit_pending() would
retrieve pending messages from the database by calling function
smsq_take_next_sms() in loop and attempt to deliver them.
This function in it's turn checks whether the subscriber is attached
or not. If not, the allocated 'gsm_sms' structure would not be
free()ed! Therefore, every time smsq_take_next_sms() is called,
one 'gsm_sms' structure for an unattached subscriber is leaked.
Furthermore, there is a unit test called 'sms_queue_test', that
actually does cover smsq_take_next_sms() and was designed to
catch some potential memory leaks, but...
In order to avoid emulating the low-level SQLite API, the unit
test by design overwrites some functions of libmsc, including
db_sms_get_next_unsent_rr_msisdn(), that is being called by
smsq_take_next_sms().
The problem is that the original function in libmsc does
allocate a 'gsm_sms' structure on heap (using talloc), while
the overwriting function did this statically, returning a
pointer to stack. This critical difference made it impossible
to spot the memleak in smsq_take_next_sms() during the
unit test execution.
Let's refactor 'sms_queue_test' to use dynamic memory allocation,
and finally fix the evil memleak in smsq_take_next_sms().
Change-Id: Iad5e4d84d8d410ea43d5907e9ddf6e5fdb55bc7a
Closes: OS#3860
The default is [yes] alert-notifications, therefore write
"no alert-notifications" in the case that this has
been set, in order to preserve configuration after
write is called from vty.
Change-Id: I079aea96ee83fbf04f782dcab344d41a4ef04657
It was observed that the SGs server is started before
the actual VTY configuration is parsed. For example:
sgs
local-port 9999
local-ip 127.0.0.1
vlr-name vlr.example.net
produces the following debug output:
<0011> sgs_server.c:185 SGs socket bound to r=NULL<->l=0.0.0.0:29118
DLSS7 NOTICE <001e> osmo_ss7.c:1284 0: ASP Restart for server not implemented yet!
DSGS NOTICE <0011> sgs_server.c:185 SGs socket bound to r=NULL<->l=0.0.0.0:9999
DSGS NOTICE <0011> sgs_server.c:185 SGs socket bound to r=NULL<->l=127.0.0.1:9999
DMNCC DEBUG <0004> msc_main.c:604 Using internal MNCC handler.
The first startup is triggered by sgs_iface_init(), before reading
the VTY configuration, so the logging style is different. The next
two calls to sgs_server_open() are triggered during reading of the
VTY configuration by cfg_sgs_local_port() and cfg_sgs_local_ip().
Let's avoid starting the SGs server three times, and do it once,
after the VTY configuration is parsed. Also, keep the possibility
to change the binding parameters at run-time.
Change-Id: Ie0c31205ac48be7e50d0380a89833771b2708da4
We now have a nicer way to compose strings in a buffer than this.
(Cosmetic preparation for inter-MSC handover patch.)
Change-Id: I7813068032475deb3850af05f7ba5a6f652e7fa2
The symbol GSM0808_SPEECH_FULL_BM is used in msc_vty.c, but gsm_08_08.h,
where the symbol is declared is not included.
Change-Id: I31a8894031aa2321d7dbf2586d076bc303247278
If the key_seq we get in the first messages matches the last_tuple, then
both we and the MS already know the key to use and we don't need the
AUTH REQUEST/RESPONSE cycle.
Security wise ... not so good, and so IMHO the 'auth required' option
in the MSC should always be set. But this allows to turn on ciphering on
a channel without doing any MM transaction, and so the MS doesn't turn
on the T3240 timer which allows to have a ciphered silent-call channel
that won't timeout.
Change-Id: Ief840a2ae7a0ffd2bf0bf726f209a79e3f787646
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
Let's add a safeguard against sending BSSAP messages with invalid length
values. This should never happen, and we'd rather see osmo-msc assert
during the development cycle than ever releasing a version which sends
invalid messages out on the wire.
Change-Id: I94327a0d276c65b528a8c7e33dde61ed53582284
Related: OS#3805
If gsm_silent_call_start() is called with an over long string in
traffic_dst_ip, then the target string might be left unterminated. Lets
use osmo_strlcpy() so that we can be sure the result in scd->traffic_ip
is always terminated.
Fixes: CID#196068
Change-Id: Ic81842175e412ae7d97d023b612412f33411d60c
In ttcn3-msc-tests, so far we leave an intentionally failed MT SMS in the SMS
queue, which may cause it to re-appear in subsequent tests.
Allow removing all SMS for a given subscriber from the SMS database for good.
(I dimly remember a user report where the SMS queue spams failed SMS attempts,
and the only way to get rid of SMS for a given subscriber is to tamper with the
sms.db file directly. This should no longer be necessary with this command.)
Related: I7dce12942a65eaaf97f78ca69401c7f93faacb9e (osmo-ttcn3-hacks)
Change-Id: I637cbd7adc075a192f49752b38779391472ff06d
An earlier code state used the conn to lookup the transaction, but this is now
done by vsub. Hence the conn lookup is not used and not needed.
conn is no longer used since 36c44b2100,
change-Id I093f36d63e671e50e54fc6236e97a777cc6da77b,
"transaction: change arguments of trans_find_by_sm_rp_mr()"
Change-Id: Ia878d70138c883cb1a1d983516aff83efa6488ce
In connection_for_subscriber(), do not return a ran_conn that is not yet
authenticated nor one that is already in release.
Using a ran_conn that is not yet authenticated may cause an auth/ciph
violation.
Using a ran_conn that is already in release may cause a use-after-free, see
OS#3842 for a description.
To be paranoid, upon releasing a conn, go through the transaction freeing
motions again by calling trans_conn_closed(), just in case some odd code path
added another transaction while the conn was already in release.
Related: OS#3842
Change-Id: Id957032e0ae1ff8ba055a75c3523447d3d06cbc3
We create a new ESME in smsc->esme_list on establishment
of a TCP connection, yet we do not know the system id
or anything else, until the ESME identifies and authenticates.
So do not send alert notifications until
we know the bind status (and system_id)
Change-Id: Iec92d4c145ca050c2e212139572eeaae581b99df
Since vsub->sgs.mme_name is allocated statically, comparing it
to null doesn't make sense - it's always != NULL.
Change-Id: Ib2933a20471ebff9dfe1d9fdddf39d177504c951
Fixes: CID#178166 Array compared against 0 (NO_EFFECT)
Comparing an array to null is not useful, because the expression
will always evaluate as true. Let's just always write SGs server
address and VLR name, no mater whether default values are used
or not, same as we do for the HLR address and port.
Change-Id: If045e42fca0315b0777eb86c44bf934ce58b340b
Fixes: CID#190871 Array compared against 0 (NO_EFFECT)
The SGS_STATE_TS11 is not for counters, it's for timers!
Change-Id: Ifbb1a37e644ae8bf8e7959f6f6cd6403ac1f2f1b
Fixes: CID#190872 Out-of-bounds read (OVERRUN)
Make sure that we don't fail at startup with:
<0009> db.c:621 Failed to create database connection to sqlite3 db
'sms.db'; Is the sqlite3 database driver for libdbi installed on this
system?
Tested by building the Debian package and looking at its depends.
Related: OS#3771
Change-Id: I7c099212a6ad7d87978c3dce63ce7385d8076bd1
It may happen that either the MS or an EUSE would become
unresponsive during a call independent SS session, e.g.
due to a bug, or a dropped message. In such cases, the
corresponding transaction would remain unfreed forever.
This change introduces a guard timer, that prevents keeping
'stalled' NCSS sessions forever. As soon as it expires, both
sides (i.e. MS and EUSE) are getting notified, and the
transaction is being released.
By default, the timer expires after 30 seconds. As soon as
either the MS, or an EUSE initiates any activity,
the watchdog timer is rescheduled.
The timeout value can be configured from the VTY:
msc
...
! Use 0 to disable this timer
ncss guard-timeout 30
Please note that changing the timeout value at run-time
doesn't affect the existing NCSS sessions, excepting the
case when the timer is disabled at run-time.
This change makes TC_lu_and_ss_session_timeout pass.
Change-Id: Icf4d87c45e90324764073e8230e0fb9cb96dd9cb
Related Change-Id: (TTCN) I3e1791773d56617172ae27a46889a1ae4d400e2f
Related: OS#3655
For some reason the existing code was using msgb_hexdump_l2() while the
L2 header is not used by the BSSAP transmit code. Let's fix this.
Change-Id: I52a1eb3a867ece63fcfa4c2a720d035ebfb90a7b
We don't want multiple callers to osmo_sccp_tx_data_msg() each having
to hex-dump a log message about the to-be-transmitted message, with
half of the caller sitest missing that printing. Let's centralize
all calls of osmo_sccp_tx_data_msg() in a wrapper function which
takes care of the related OSMO_ASSERT() and the related printing.
Change-Id: I6159ea72cc8e0650eda6c49544acd65e9c15e817
According to GSM 04.07, the TI flag takes one bit and can be
either of the following:
'0'B - transaction is allocated by sender of a message,
'1'B - transaction is allocated by receiver of a message.
Since we store transaction ID in gsm_trans structure, we also store
TI flag (as a part of transaction ID), which in this context means:
'0'B - transaction is allocated by us (OsmoMSC),
'1'B - transaction is allocated by some MS.
In 100% cases, trans_assign_trans_id() is used to assign transaction IDs
to transactions allocated by us (i.e. OsmoMSC) for MT connections. And
there is no need to use it for MO transactions, because they basically
already do contain a valid transaction ID assigned by the MS.
Change-Id: Ie11999900b1789652ee078d34636dcda1e137eb0
The connection ref-counting implementation is specific to RAN
connections, and is not applicable for anything else. Moreover,
the API of this code is declared in 'ran_conn.h', so let's
move the code to a more logical place.
Change-Id: I593675d9bf56eaef12afdaf596ee1337b9a44259
According to GSM 04.80, section 2.5.1, Release complete message
may have an optional Cause IE. Let's add a new function, that
allows to specify cause location and value.
This function will be used by the upcoming changes.
Change-Id: I3b9e8e4f473d113d5b9e9e5d33f7914202077203
Depends Change-Id: (libosmocore) Ie3ac85fcef90a5e532334ba3482804d5305c88d7
The previous implementation of msc_send_ussd_release_complete() was
based on gsm0480_create_ussd_release_complete(), that doesn't
allow to specify GSM 04.07 transaction identifier.
The ability to specify particular transaction identifier
is required for handling multiple SS/USSD transactions.
Change-Id: Id2975c3383f18e83124ba38927c03980d67ddadb
Depends Change-Id: (libosmocore) Ie3ac85fcef90a5e532334ba3482804d5305c88d7
When a call ends that has been established in an CSFB context, we should
add a CSFB Indication IE to the BSSMAP CLEAR COMMAND to instruct the BSC
to add further CSFB related IEs into the RR RELEASE.
- Check if an SGs association exists and add CSFB Indication IE
Change-Id: I6cfa4b3becdd0138d74e2e1eddd83a0b1568c1de
Related: OS#3778
Since we merged the SGs interface, we include <netinet/sctp.h>, which
is provided by libsctp-dev. This means that the Debian package should
depend on this.
It is expected that this will un-break the network:osmocom:nightly
builds.
Change-Id: I092e95ea970763c4008d3c7ff1b7028042574a64
This simplifies tests refactoring by showing exact byte where mismatch
happened. It also makes code more readable.
No changes in expected test output are necessary because the additional
logging will be triggered iff the test fails so the result will be
visible only during debugging of unit test issues.
Change-Id: If9771c973f2bc55580f4c146bdbeeb1609d56786
Add an SGs interface (3GPP TS 29.118) to osmo-msc in order to support
SMS tunneling and Circuit Switched Fallback (CSFB)
Change-Id: I73359925fc1ca72b33a1466e6ac41307f2f0b11d
Related: OS#3615
Initially, it was assumed that if there is no active RAN connection,
we can just start counting from 0x00, as there are no other SMS
related transactions, and transaction itself is allocated using
talloc_zero(). Until now it was looking good, but...
As soon as we establish RAN connection with subscriber, we already
have a transaction with SM-RP-MR 0x00, but conn->next_rp_ref also
remains 0x00 - it isn't being increased!
It means that we can face a SM-RP-MR conflict (or collision) if
another MT SMS would arrive to the MSC (from SMSC over GSUP)
when this transaction is still active, i.e. the first SMS is
still being sent, because conn->next_rp_ref++ would
return 0x00 again.
Moreover, there might be already a MO SMS transaction, and using
the conn->next_rp_ref counter wouldn't prevent us from having
duplicate SM-RP-MR value.
Let's get rid of this per-connection counter, and introduce a
function instead, that would iterate over existing transactions
and look for an unused SM-RP-MR value.
This change makes the following test cases pass:
- TC_gsup_mt_sms_rp_mr,
- TC_gsup_mo_mt_sms_rp_mr.
Discovered by: Neels Hofmeyr
Related Change-Id: (TTCN) I3a52d44f4abde9b6b471b9108c1cee905884c9bc
Related Change-Id: (TTCN) I17cbbaa64d9bce770f985588e93cd3eecd732120
Change-Id: Ife6d954c46b7d8348a4221ab677d0355eb3ee7ac
Previously, SM-RP Message Reference was assigned to MT transactions
only, but not to MO transactions. As a result, this could lead to
having a few transactions with duplicate SM-RP-MR value, because
in case of MO SMS, trans->sms.sm_rp_mr would remain 0x00.
Let's parse SM-RP-MR from MO SMS messages in gsm0411_rcv_sms(),
and assign it to the new transaction after allocation.
Change-Id: I4d07354175444f9764fb0dd6ea188a64494d79fe
The need to pass a pointer to RAN connection in order to find
a transaction limits possible use cases of trans_find_by_sm_rp_mr(),
e.g. when we need to find a transaction, but RAN connection is not
established yet.
Moreover, the pointer to RAN connection was only used to obtain
pointers to gsm_network and vlr_subscr, so we can just
pass them directly.
Change-Id: I093f36d63e671e50e54fc6236e97a777cc6da77b
Log transaction allocation errors as such. While at it, use proper
subsystem to log missing VLR subscriber.
Change-Id: I617be8793b9416ccd49022c72f7d93df7f4fb4d9
After libosmocore commit
If1e851ac605c8d2fde3da565b0bd674ea6350c2e
b27e6feb699712345373e87a48187dc622e4fa92
the osmo-msc master build is broken.
Apply the msgb_wrap_with_TL() rename to msgb_push_tl() to unbreak the build.
Change-Id: I1d4675e0c907b2f92f2ec79b02356391a6d72aa8
After recent changes to vlr_subscr_name() result became variable-length
which messes up old vty code. Fix this by moving it to the very end and
adjusting headers as necessary. While at it, make sure we don't print
headers if we have nothing else to show.
Change-Id: Id06b4277ff790d95457d0cc2f94ef6bf5366bb21
Adds (no) alert-notifications as a per-esme vty command,
in order to allow some ESMEs to be excluded from alerts.
The default is still to send alert notifications to all esme,
so no changes are required to the config file to maintain
identical operation after this patch.
Change-Id: I57f4d268ca6fe6a233f2caaffce62e4aade01274
Move code which allocates transaction for SMS and initializes
corresponding FSM into separate function (shared by MT and MO code
paths) to avoid code duplication and simplify further modifications.
Change-Id: I3563e11bebb58e656592df2ff7db96f41deaf735
There's no need to use 'void *' because we have forward declaration for
'struct gsm_network' in the very same header.
Change-Id: I5078ffcf2706adaca1b5df107f8b6a44062ca28c
The likely reason why it was disabled is due to
paging_cb_mmsms_est_req() logging pointers which results in unstable log
output. Fixing this allows us to track SMS-related regressions properly.
Change-Id: I44ae817d9edb73d182ff33ff5a2fd942e224e344
When check-imei-req is enabled in the VTY config, do not accept IMEIs
sent by the ME directly anymore. Send the IMEI to the EIR/HLR and wait
for its ACK or NACK.
OsmoHLR also accepts all IMEIs at this point, but this allows to
optionally store the IMEI in the HLR DB.
Depends: Ib240474b0c3c603ba840cf26babb38a44dfc9364 (osmo-hlr)
Related: OS#3733
Change-Id: Ife868ed71c36cdd02638072abebf61fc949080a7
The pointers conn, conn->vsub and conn->vsub->last_tuple are checked,
but before the check those pointers are already dereferenced during
assignment. This defeats the purpose of the check. Lets dereference
those pointers after the check.
Fixes: CID#190404
Change-Id: Ice4992606f3799eac13154ec0b9f53e46d2e178e
Instead of
MGW(MGW_99)
use a name of
msc-mgcp(MSISDN:2331_GERAN_A:00000017_trans99)
1. The FSM is communication towards an MGW, not the MGW itself. When reading
combined logging (gsmtap_log), it is confusing to read 'MGW' in a log coming
from the MSC. The API is also called msc_mgcp_*.
2. Calling the FSM instance 'MGW_' again doesn't make sense.
3. Indicate 'trans' before the trans_id (trans_id was already shown, but not
indicated what it was).
4. Also indicate the actual subscriber's identification.
5. Also indicate the RAN connection and conn_id.
This comes up while trying to understand a call coming in on an already
established call: parsing the log with a human brain is near torture without
this info, taking extremely long to get grips on.
Change-Id: Ie5fc1ffb7eba0209fee4666a075655cd24d27473
ran_conn_get_conn_id(): instead of a talloc allocated string, return a static
buffer in ran_conn_get_conn_id(). So far this function had no callers.
Refactor ran_conn_update_id() API: during early L3-Complete, when no subscriber
is associated yet, update the FSM Id by the MI type seen in the L3 Complete
message: ran_conn_update_id_from_mi(). Later on set the vsub and re-update.
Call vlr.ops->subscr_update when the TMSI is updated, so that log context
includes the TMSI from then on.
Enrich context for vlr_subscr_name and ran_conn fi name.
Include all available information in vlr_subscr_name(); instead of either IMSI
or MSISDN or TMSI, print all of them when present. Instead of a short log,
rather have more valuable context.
A context info would now look like:
Process_Access_Request_VLR(IMSI-901700000014706:MSISDN-2023:TMSI-0x08BDE4EC:GERAN-A-3:PAGING_RESP)
It does get quite long, but ensures easy correlation of any BSSAP / IuCS
messages with log output, especially if multiple subscribers are busy at the
same time.
Print TMSI and TMSInew in uppercase hexadecimal, which is the typical
representation in the telecom world.
When showing the RAN conn id
GERAN_A-00000017
becomes
GERAN-A-23
- We usually write the conn_id in decimal.
- Leading zeros are clutter and might suggest hexadecimal format.
- 'GERAN-A' and 'UTRAN-Iu' are the strings defined by osmo_rat_type_name().
Depends: I7798c3ef983c2e333b2b9cbffef6f366f370bd81 (libosmocore)
Depends: Ica25919758ef6cba8348da199b0ae7e0ba628798 (libosmocore)
Change-Id: I66a68ce2eb8957a35855a3743d91a86299900834
When a CM Service Req is being rejected, we should do so before changing the
state of the current conn.
Concerning multiple CM Service Requests: in fact we should store multiple
requests, but first fix the status quo of rejecting multiple requests.
Change-Id: I39209ee6662694aa054a2fc0d21eae76fb33e2f1
For each conn, set a default logging category, to distinguish categories for
BSSMAP and RANAP based conns.
LOG_RAN_CONN(): log with the conn's default category,
LOG_RAN_CONN_CAT(): log with a manually set category (mostly for keeping
previous DMM logging on the same category).
In some places, replace LOGP() using manual context with LOG_RAN_CONN(), and
remove the manual context info, now provided by the conn->fi->id.
This is loosely related to inter-BSC and inter-MSC handover: to speed up
refactoring, I want to avoid the need for manual logging context and just use
this LOG_RAN_CONN().
Change-Id: I0a7809840428b1e028df6eb683bc5ffcc8df474a
In gsm0911_rcv_nc_ss() we sometimes use pdisc parsed from msgb and
sometimes constant. This function is only called when protocol
discriminator is GSM48_PDISC_NC_SS so there's no point in parsing it
again from msgb.
Let's make it consistent and always use constant.
Change-Id: Iae40bf9906fe676ff817c709120015fca4c9e042
Make the vsub argument of both vlr_subscr_msisdn_or_name()
and vlr_subscr_name() a const.
The LOGVSUBP() macro uses vlr_subscr_name() and will not generate a
warning anymore when used with a const vsub.
Change-Id: If609269191f4df6186d823a2eee14012846328e2
Remove vlr_subscr_name() and vlr_subscr_alloc() declarations from
vlr_core.h, as they are already defined in osmocom/msc/vlr.h and vlr.h
gets included on top of vlr_core.h.
Change-Id: I5c029be490577b513395dc3f2c2698f365157e73
Remove "0 =", "1 =" in-front of the boolean descriptions of
auth-tuple-reuse-on-error. The online VTY doc and the pdf manual
prepend the value automatically.
Change-Id: Ifd14c2fb3f58701eaf66570d729a660233fb83ed
Rationale: reading pcaps becomes so much easier when each of osmo-bsc and
osmo-msc address their MGW with differing domain names. Otherwise, both will
have a '0@mgw' endpoint and it gets really confusing.
After this, with according configuration, there can be a '0@bsc' and a '0@msc'
endpoint.
osmo-mgw-for-msc.cfg:
mgcp
domain msc
osmo-msc.cfg:
msc
mgw endpoint-domain msc
Depends: Ia662016f29dd8727d9c4626d726729641e21e1f8 (osmo-mgw)
Change-Id: I87ac11847d1a6d165ee9a2b5d8a4978e7ac73433
Replace locally defined enum ran_type with libosmocore's new enum
osmo_rat_type, and value_string ran_type_names with osmo_rat_type_names.
The string representations change, which has cosmetic effects on the test suite
expectations.
Depends: I659687aef7a4d67ca372a39fef31dee07aed7631 (libosmocore)
Change-Id: I2c78c265dc99df581e1b00e563d6912c7ffdb36b
during code review, I completely overlooked this:
We've added the 'ipa-name', which identifies the MSC on the GSUP link to the
HLR, under the 'msc' section, while all other GSUP/HLR related config is under
the 'hlr' section.
Before we roll that out in a release, move it over to 'hlr'.
Related: OS#3355
Change-Id: I1a572865aa90c5fa43c6f57282a6e2b06776e425
Probably fixes this segfault:
at ../../../../src/osmo-msc/src/libvlr/vlr_lu_fsm.c:957
file=file@entry=0x5611d8f10c28 "../../../../src/osmo-msc/src/libvlr/vlr_lu_fsm.c", line=line@entry=1467)
at ../../../src/libosmocore/src/fsm.c:580
parent_event_failure=parent_event_failure@entry=6, parent_event_data=parent_event_data@entry=0x0, vlr=0x5611d98862b0,
msc_conn_ref=msc_conn_ref@entry=0x5611d9aa8150, type=VLR_LU_TYPE_REGULAR, tmsi=4294967295, imsi=0x7ffd756c1cf0 "262423403004874",
old_lai=0x7ffd756c1ce0, new_lai=0x7ffd756c1ce8, authentication_required=true, ciphering_required=true, is_r99=false, is_utran=false,
assign_tmsi=true) at ../../../../src/osmo-msc/src/libvlr/vlr_lu_fsm.c:1467
at ../../../../src/osmo-msc/src/libmsc/gsm_04_08.c:443
The segfault is indirectly caused by 1fbf45c291,
'enrich context for vlr_subscr_name and ran_conn fi name', which sets auth_fsm
context, on a non-NULL auth_fsm that has been deallocated.
Change-Id: I3c528eed295be2ee673ea295804372f388a0dccd
If Assignment fails in the BSC, trigger an EV_TEARDOWN_ERROR in the mgcp_ctx
FSM instance, so that the call gets torn down immediately. Before this, the
non-call would idle around without anything happening.
Related: OS#3236
Depends: I11b182a03f5ecb6df7cd8f260757d3626c8e945d (libosmocore)
Change-Id: I358cfbaf0f44f25148e8b9bafcb9257b1952b35a
If a call is already busy and another call is coming in, do not try to
immediately assign an lchan (before this patch, it fails because there already
is an mgcp_ctx for the conn). Leave the second CC transaction waiting.
When a call is hung up, as soon as the old mgcp_ctx is discarded, look for
other CC transactions that are waiting. If there is one, trigger assignment, so
a new mgcp_ctx is set up for the new call.
This fixes the following scenario:
- from A, call B.
- from C, call B; B rings during ongoing call.
- in B, pick up the call, choose to drop the old call.
After this patch, and with osmo-bsc patch with change-id
I0c00ec2c120e5008281755adcd4944a3ce4d8355
we are now able to talk to the new caller.
I currently haven't tested yet what happens if there is *three* peers trying to
talk to the same number, running out of lab phones (not really, just not
bothering now). Possibly we should be taking over the particular call indicated
by the CC TI; instead, the current patch version takes on whichever waiting
call it finds first. This is fine if *one* additional call comes in on an
ongoing call, and this is already a huge improvement to what we had before.
Related: OS#3735
Change-Id: I0ba216b737909e92080a722db26e3577726c63cb
The flag is set to true when an assignment has been started, and it is only
relevant for a CC transaction. So fix naming and place in cc struct.
Cosmetic preparation for I1f8746e7babfcd3028a4d2c0ba260c608c686c76 and
I0ba216b737909e92080a722db26e3577726c63cb/
Change-Id: I8dacf46141ba0b664e85b0867ade330c97d8495f
Various places in the code check a flag whether assignment was started and
launch it. To fix incoming-call-during-ongoing-call, I will tweak that logic.
To be able to do that only in one place, remove code dup.
Cosmetic preparation for I1f8746e7babfcd3028a4d2c0ba260c608c686c76 and
I0ba216b737909e92080a722db26e3577726c63cb/
Depends: I11b182a03f5ecb6df7cd8f260757d3626c8e945d (libosmocore: LOGPFSMSL)
Change-Id: I11c0b7dc3f1a747028629b48e522bb3b864884ba
In rare cases, a conn is already associated with a subscriber. So far, we
abort()ed on that, bringing the entire osmo-msc down. Rather log an error and
keep the service running.
In vlr.ops.subscr_assoc, add success/failure return value, and abort the
LU/PARQ on error.
I haven't figured out in detail yet why/how a subscriber would re-launch a
LU/PARQ on a conn that is already associated, so far it is merely clear that we
do not want to crash the MSC if that happens. A log is in OS#3742.
Related: OS#3742, OS#3743
Change-Id: Ic0d54644bc735700220b1ef3a4384c217d57d20f
Do not break the currently ongoing call when rejecting a second incoming
caller.
There may be multiple (up to seven) simultaneous CC transactions, and there is
one mgcp_ctx for the currently active RTP stream.
Release the MGCP context only when the active CC transaction is releasing.
Before this patch, any CC transaction release would destroy the single MGCP
context, possibly breaking the currently ongoing call (another CC trans).
This also fixes a possible use-after-free if there were pending MGCP message
responses for the MGCP context; they are canceled properly for a released
transaction, but since one transaction would free the other transaction's MGCP
state, the clean up did not take place and possibly caused an mgcp client
response handling to access a freed mgcp_ctx.
Related: OS#3735
Change-Id: I1f8746e7babfcd3028a4d2c0ba260c608c686c76
Use local variables instead of writing trans->conn-> all the time.
Cosmetic preparation for I1f8746e7babfcd3028a4d2c0ba260c608c686c76 and
I0ba216b737909e92080a722db26e3577726c63cb/
Change-Id: I99717b3b72a9d7cbc95455ea25b2018ec1755308
As a rudiment of OsmoNiTB, OsmoMSC is still involved in SMS
processing, storage (in SQLite DB), and routing (via SMPP).
In real networks this is done by the external entity called
SMSC (SMS Centre), while the MSC is doing re-encapsulation
of GSM 04.11 SM-TL (Transport Layer) payload (i.e. TPDU)
between SM-RL (Relay Layer) and MAP.
Since OsmoMSC itself is not a 'Network in The Box' anymore, it
makes sense to replicate the 'traditional' behaviour of MSC.
The problem is that this behaviour cannot co-exist with the
current implementation, so the key idea is to rip out the
local SMS storage and routing from OsmoMSC, and (re)implement
it in a separate process (OsmoSMSC?).
As a temporary solution, this change introduces a 'kill-switch'
VTY option that enables routing of SMS messages over GSUP
towards ESME (through VLR and HLR), but breaks the local
storage and routing. This is why it's disabled by default.
As soon as we move the SMS processing and storage away from
OsmoMSC, this behaviour would be enabled by default, and
the VTY option would be hidden and deprecated. At the moment,
this option basically does nothing, and will take an effect
in the follow-up changes.
Change-Id: Ie57685ed2ce1e4c978e775b68fdffe58de44882b
Related: OS#3587
We can check if we're parsing the config file by checking
whether vty->type equals VTY_FILE. This avoids the use of
an extra local variable to track the parsing state.
Change-Id: I85161575e025f7c389832427a434bd8e2d6ecc75
Fixes: 1051c42088
Related: OS#3355
When the VLR subscriber information is shown on the VTY it shows IMSI
and TMSI, but not IMEI and IMEISV. Since in some cases this information
might be helpful, lets display it as well.
Change-Id: Iedd75dbb9850388ec1fedb984ed0b8bf4c62e780
Always use LAC which is part of Cell Global ID otherwise we might end up
in a situation where separately stored LAC differs.
Both are described in 3GPP TS 23.008 $2.4 as temporary subscriber data
to be stored in VLR. Both are defined in 3GPP TS 23.003. The LAC is part
of LAI which is part of CGI so there should be no case when those values
differ for a given subscriber.
Change-Id: I993ebc3e14f25e83124b6d3f8461a4b18f971f8e
When a subscriber is displayed the RAN type is not included in the
overview. Meanwhile the MSC supports multiple different ran types it
becomes important to see in which RAN the subscriber is currently
active.
Change-Id: I000cafd5e41b9951d51b6bd6672ee68a224b8212
Related: OS#3615
When a VLR subscriber is displayed on the VTY we get a lot of meta
information, but there are also some flags to handle the internal
subscriber status e.g. conf_by_radio_contact_ind. Lets display those
flags as well as this information can be very helpful when debugging
problems in the VLR
Change-Id: I59a9145a4daad50d68de3fd5c3291f027256917f
Do not show the VTY command's own use count during 'show subscriber <ID>'.
When using 'show subscriber msisdn 2023', I was surprised to see a use count of
2 and suspected a use count leak. With 'show subscriber cache' however, the use
count is 1.
So I realized it is the vty command's own use count that makes it two, besides
the lu_complete=true one.
Change-Id: Id02b57b7ed299b010b9f8b9e809548eb1e6aa699
Avoid leaking details on accessing data structure for LAC value into
test output: that's irrelevant clutter which forces unnecessary test
output modifications.
Change-Id: I4a1d7884cf47ad513d7d6fb27c5c6f1b829dff2e
To avoid leaking structure details into test we sometimes have to
separate value description from actual value. Introduce new macro which
makes that possible and convert old one into trivial wrapper around it.
Change-Id: Ic462297edac4c55689f93cc45771c8b5e2aed864
There is no state transition from INIT to WAIT_IMEI, only to WAIT_SUB_PRES.
If there were code to skip WAIT_SUB_PRES, the allowed state transitions would
have to be the same as for WAIT_SUB_PRES, i.e. also WAIT_IMEI_TMSI and
WAIT_TMSI_CNF. For now just opt for the status quo.
Change-Id: I18ef9e8c96b52401d98f49dc410f13681231b533
sub_pres_vlr_fsm_start() only ever has an effect if ms_not_reachable_flag ==
true. But there simply is no code that sets this flag. So
sub_pres_vlr_fsm_start() is currently dead code.
Also, examining the FSM, if it should ever be set to true, this would halt the
LU/CM Service/Paging response, since the FSM would merely change its state
without dispatching asynchronous messages. No chance of finishing.
Short of dropping the code entirely, first just mark it. The point being that
this models some FSM definition from 3GPP specs, and we have a couple other
"if (0)" branches in the VLR...
Change-Id: I198d442e9ed288f37c7d4e5ec87b82dc53114e99
They were on DEBUG during early development stages, and it's high time that I
drop those back to NOTICE.
Change-Id: I3b46e9107a7a1d81a44d2a2eb855c10960a1ab6b
The 'ipa-name' option can now only be set via the configuration file
because changing the IPA name at run-time conflicts with active
GSUP connections and routes configured in the HLR. The osmo-msc
program must be restarted if its IPA name needs to change.
Change-Id: I6cff91793e646e0396e8f1bc87d0f52709e5f12a
Related: OS#3355
Two reasons:
- the caller of msc_mgcp_ass_complete() from Iu, iucs_rx_rab_assign(), failed
to be adjusted, breaking IuCS, as an --enable-iu --enable-werror build shows.
Unfortunately our gerrit verification doesn't --enable-werror for osmo-msc.
- the condition of requiring ST_MDCX_RAN is faulty, breaking GSM CS.
This reverts commit 212c0c9bda.
Change-Id: I8348675c2f7c8856ea1682d05ee54160d4cfeb96
Provide software version information to the GSUP peer. The version now
shows up in logs like this: Software_Version='osmo-msc-1.2.0.120-1263b'
Change-Id: I2eba32569349facdbb1fda201067c62cc804ccf4
Depends: I317d6c59f77e92fbb2b875a83dc0ec2fa5cb6006
Related: OS#3355
Add a 'ipa-name' VTY command which overrides the default IPA name
used by the MSC. This is a prerequisite for inter-MSC handover.
Related: OS#3355
Change-Id: I317d6c59f77e92fbb2b875a83dc0ec2fa5cb6006
sub_pres_vlr_fsm_start() starts the FSM, invokes the START event, and then this
FSM invariably always directly terminates when vsub->ms_not_reachable_flag ==
false.
So if it is false, there is not much use in instantiating a whole FSM instance
that just terminates again, we might as well directly issue the
parent-term-event and save some logging space.
The same condition is already in place in the vlr_proc_acc_fsm.c in
_proc_arq_vlr_node2_post_vlr() for CM Service Request and Paging Response. Now
also skip this for LU.
Change-Id: Id2303a795dfd381f76e94ff8ff2f495926ca8ba0
When a subscriber is cancelled, fake an IMSI detach to
ensure that the subscriber gets removed from the VLR.
I am not entirely sure if this change is correct but
it does make TTCN3 test MSC_Tests.TC_gsup_cancel pass.
Change-Id: I5918106e4a94ba2e6c61bcd7b90d3bf0565513cc
Related: OS#2886
It is a message that is initially permitted, but it is in fact not handled in
the L3 code but already before, upon receiving
BSS_MAP_MSG_CIPHER_MODE_COMPLETE.
Change-Id: I0079f07271ca76bd457d0e700f3a736eb9066b47
BSSMAP Assignment Complete: sort MGCP handling upon Assignment Complete to the
proper locations. a_iface_bssap.c is not the right place to invoke the MGCP
related procedures.
- in a_iface_bssap.c only decode the IEs.
- call ran_conn_assign_compl() and pass decoded values.
- drop msc_assign_compl(), it was dead code; instead:
- add ran_conn_assign_compl()
- pass on all MGCP related info to msc_mgcp_ass_complete()
- move all MGCP ctx related handling from a_iface_bssap.c to msc_mgcp.c.
I'm dropping some comments to save some time, because if I adjust them IMHO
they would still anyway restate the obvious.
ran_conn_assign_compl() is now quite a thin shim, but it makes sense to have
it:
- This is the place that should tear down the ran_conn in case assignment
failed, left for a future patch.
- In the light of upcoming inter-MSC handover, ran_conn_assign_compl() will be
the place where the Assignment Complete message might be relayed to a remote
MSC.
Change-Id: I8137215c443239bddf3e69b5715839a365b73b6c
BSSMAP Assignment Complete:
Do not invoke ran_conn_rx_sec_mode_compl(), that's just weird.
Instead this should call msc_assign_compl(), which is currently dead code and
does nothing ... and there are some more strings attached, being resolved in a
subsequent patch.
Change-Id: I448fdb783364628005437b3d866d1a076a9767d7
So far the only way to use external MNCC is to pass the -M cmdline arg:
osmo-msc -M /path/to/socket
However, the osmo-msc.service file for systemd is installed by 'make install',
and hence it is quite impractical to depend on such a config item to be
required in the service file:
- It defies any scheme an operator may have in place to compose the
osmo-msc.cfg file -- this option doesn't go in the .cfg file but needs
separate action to add to the installed service file.
- After a make install or package upgrades / re-installations, this option will
be plain overwritten silently, or lead to the need for resolving file
conflicts.
The initial spark for this came from configuring the 35c3 GSM from cfg
templates.
Change-Id: I2ec59d5eba407f83295528b51b93678d446b9cee
I want to add 'mncc internal' and 'mncc external' commands, and IMHO makes most
sense to have a common 'mncc' keyword to start MNCC config commands with. To
put it in terms of VTY online help:
OsmoMSC(config-msc)# mncc ?
internal Use internal MNCC handler
external Use internal MNCC handler
guard-timeout Set global guard timeout
So far only the 'guard-timeout' exists, I want to add 'internal' and 'external'
in a subsequent commit.
Keep the old command 'mncc-guard-timeout' as deprecated alias. That means it
still works from old config files, but online documentation will omit it.
On 'write', write back the new format instead.
Rationale: see I2ec59d5eba407f83295528b51b93678d446b9cee
Change-Id: I52d69af48e1ddc87b3fb54bf66a01b1b8cbf5abe
First step towards allowing to configure the MNCC socket path by config file.
Rationale: see I2ec59d5eba407f83295528b51b93678d446b9cee
Change-Id: Ifc87c1cacaa809d04fc23e8ccd761bee4509c805
It needs to work whether SMPP,Iu are enable or disabled, hence a bit more
wildcarding than one might expect.
Change-Id: I3a8c50d8d555b6b948d97d6412e17594ee439de0
Separate 'make python-test' into separate make targets, to sensibly add VTY
transcript tests in an upcoming commit.
Feature: even though ./configure was called without --enable-external-tests,
each of the {ctrl,vty}x{python,transcript} tests can be invoked individually by
e.g. 'make vty-python-test'.
Both 'vty-transcript-test' and 'ctrl-transcript-test' are still empty, a
subsequent patch adds a vty-transcript-test.
All of this in preparation of tweaking the 'mncc' vty configuration, to be able
to track it in a vty transcript test.
Change-Id: I688657e56ae469c07b9f25ba37275d38dbd457e2
I'm going to make the external tests manually launchable. For that I first had
an error message if $(PYTHON) was empty. But Pau says I should just use shebang
instead and ignore the autoconf python stuff, since that often fails anyway.
Change-Id: Ie35dd78c42577109a6a3143221a9769e47d361a5
The function msc_paging_request() is only called from within
gsm_subscriber.c but never from outside. Lets make it static.
Change-Id: I2efc8eac01a4dd8733118067eecf566c13062106
Add new environment variables WITH_MANUALS and PUBLISH to control if
the manuals should be built and uploaded. Describe all environment vars
on top of the file.
When WITH_MANUALS is set, install osmo-gsm-manuals like any other
dependency and add --enable-manuals to the configure flags (for "make"
and "make distcheck"). Add the bin subdir of the installed files to
PATH, so osmo-gsm-manuals-check-depends can be used by ./configure.
Related: OS#3385
Change-Id: I42d80dadf28fd54c45b275f2c278225a8e7ea031
Set AM_DISTCHECK_CONFIGURE_FLAGS in Makefile.am instead of
DISTCHECK_CONFIGURE_FLAGS. This is the recommended way from the
automake manual, as otherwise the flag can't be changed by the user
anymore.
Related: OS#3718
Change-Id: I6eb789b34523ed45a3626972f420d409fbab1597
gsm_subscriber.h contains some legacy cruft, part of which is that the VLR's
max MSISDN length should rather be defined in vlr.h. Same for GSM_NAME_LENGTH
-> VLR_NAME_LENGTH.
Adjust some sms_queue stuff that anyway includes vlr.h already.
Drop gsm_subscriber.h from vlr.h.
Add other (more concise) includes that thus become necessary, since the include
chain vlr.h->gsm_subscriber.h->gsm_data.h is no longer in place.
Change-Id: Iab5c507ec04fc2884187cf946f6ae2240e4a31f8
Along goes GSM_KEYSEQ_INVAL as VLR_*.
It's where it logically belongs, and is almost the only reason why vlr.h
includes gsm_data.h. The remaining reason, GSM_EXTENSION_LENGTH, will be moved
by upcoming patch.
Change-Id: I122feae7ee3cbc59e941daef35a954bce29fec76
For hysterical raisins, there are some header files that contain few
declarations, and where the name doesn't reflect the content. Combine them to
new msc_common.h:
- common.h
- common_cs.h
- osmo_msc.h
Change-Id: I9e3a587342f8d398fb27354a2f2475f8797cdb28
With the dawn of inter-BSC,MSC handover, adopting the MSC-A,-I,-T roles from
3GPP TS 49.008, the RAN connection shall soon be a neatly separated corner of
osmo-msc, so gravitate ran_conn decarations to files of matching name.
Also, the current chaos of API defined in files with mismatching/meaningless
names drives me crazy.
Change-Id: Ice31e6c43e46678538c65261f150c67e1d0845e5
Following previous rename of gsm_subscriber_connection:
Some functions and #defines are still called like "msc_conn" or just "msc_",
while they are clearly about a RAN conn.
To avoid confusion with the future separate concepts of MSC roles and a RAN
connection, rename all those to match the common "ran_conn" prefix.
Change-Id: Ia17a0a35f11911e00e19cafb5d7828d729a69640
In preparation for inter-BSC and inter-MSC handover, we need to separate the
subscriber management logic from the actual RAN connections. What better time
to finally rename gsm_subscriber_connection.
* Name choice:
In 2G, this is a connection to the BSS, but even though 3GPP TS commonly talk
of "BSS-A" and "BSS-B" when explaining handover, it's not good to call it
"bss_conn": in 3G a BSS is called RNS, IIUC.
The overall term for 2G (GERAN) and 3G (UTRAN) is RAN: Radio Access Network.
* Rationale:
A subscriber in the MSC so far has only one RAN connection, but e.g. for
inter-BSC handover, a second one needs to be created to handover to. Most of
the items in the former gsm_subscriber_connection are actually related to the
RAN, with only a few MM and RTP related items. So, as a first step, just rename
it to ran_conn, to cosmetically prepare for moving the not strictly RAN related
items away later.
Also:
- Rename some functions from msc_subscr_conn_* to ran_conn_*
- Rename "Subscr_Conn" FSM instance name to "RAN_conn"
- Rename SUBSCR_CONN_* to RAN_CONN_*
Change-Id: Ic595f7a558d3553c067f77dc67543ab59659707a
msc_compl_l3() always returns MSC_CONN_ACCEPT, because the conn FSM handles (or
should handle) all reject cases. The accept/reject return value is a legacy
from libbsc internally passing a conn over to libmsc, in osmo-nitb.
Drop enum msc_compl_l3_rc.
Change msc_compl_l3_rc() to return void.
Change all callers to always act like for acceptance, as they always did anyway.
Drop some local variables now no longer needed.
Adjust the comment to msc_compl_l3().
Drop a bunch of #if-0'd code from msc_compl_l3().
Change-Id: I759d15f4e820d5fc16397ed7210ce92308e52a09
On UTRAN, Security Mode is used instead of Ciphering Command, which does not
feature an A5 algorithm id.
Change-Id: Idc7ca9da1aa13ae16f5db2cb1024676cbc770820
The gsm_subscriber_connection->encr is never used. Use it.
When sending the Ciphering Mode Command, populate the encryption key.
When receivint the Ciphering Mode Complete, populate the chosen alg_id.
Out of paranoia, store the enc key only if the size is large enough.
Hence the vty_dump_one_conn() now reports the actually chosen A5 algorithm ID
used.
For 3G connections, though, this will still remain 0 in the VTY, since there is
no explicit A5 algorithm negotiated on UTRAN. (Security Mode Command and
Security Mode Complete instead of the GERAN Ciphering.)
(Note, 'struct gsm_encr encr' will be renamed to 'struct geran_encr geran_encr'
in Idc7ca9da1aa13ae16f5db2cb1024676cbc770820)
Change-Id: Ice2c470c360612249f97301944c6fdf9443c7dce
Another one of those "what is this still doing here". Not mentioned in
configure.ac nor Makefile.am SUBDIR...
Change-Id: I05880507d9bf029f0ec451efda0ebe54ac09ef12
In I4a07ece80d8dd40b23da6bb1ffc9d3d745b54092 I've introduced a
regression. According to GSM TS 04.11, section 2.3, SAPI 3 shall
be used for both MO/MT SMS transmissions. Due to a mistake,
caused by misunderstanding of the meaning of trans->dlci, SAPI 3
was not assigned to SM transactions if there is already an active
RAN connection with subscriber. Let's fix this.
Let's also drop this misleading comment:
/* FIXME: specify SACCH in case we already have active TCH */
because it's a task of the BSC/BTS to decide which lchan to use.
Change-Id: I08d0801a89d377441e95fb8e3dd27c8d587f89e9
Related: OS#3716
gsm_network contains an int handover.active which is always zero. Drop it.
There is real handover code coming up soon, one part of this is to avoid
confusion.
The internal MNCC code queried it to decide whether to MNCC_BRIDGE or proxy RTP
(MNCC_FRAME_RECV). Since RTP is being handled by osmo-mgw since forever, drop
that entire condition from mncc_builtin.
Change-Id: Ie16e718266882588b38297121364ca0b7fdfe948
According to GSM TS 04.11, the SMC (Short Message Control) state
machine is a part of CM-sublayer of L3, that is responsible for
connection management (establisment and releasing), and SM-RP
(Relay Protocol) message delivery.
For some reason, the connection establisment request from SMC
(GSM411_MMSMS_EST_REQ) was not handled properly - it was
always assumed that connection is already established.
This is why the code initiating a MT (Mobile Terminated) SMS
transfer had to establish a radio connection with subscriber
manually.
Let's benefit from having the SMC state machine, and offload
connection establishment to it. This change makes the local
implementation closer to GSM TS 04.11, and facilitates the
further integration of GSUP transport.
NOTE: the expected unit test output is changed, because now we
always allocate a transaction first, and then establish a
connection, not vice versa.
Change-Id: I4a07ece80d8dd40b23da6bb1ffc9d3d745b54092
According to GSM TS 04.11, section 8.2.3, the RP Message Reference
is a mandatory field for all messages on the SM-RL (SM Relay Layer),
that is used to link an RP-ACK or RP-ERROR message to the associated
(preceding) RP-DATA or RP-SMMA message transfer attempt.
This change extends the transaction state structure with SM-RP-MR,
and introduces a new function for matching transactions within a
given connection by this reference.
Change-Id: Ice47c37ecef4416e65ecee8931d946c915316791
Moved to doc/manuals/, with full commit history, in preceding merge commit.
Now incorporate in the build system.
Build with:
$ autoreconf -fi
$ ./configure --enable-manuals
$ make
Shared files from osmo-gsm-manuals.git are found automatically if
- the repository is checked out in ../osmo-gsm-manuals; or
- if it osmo-gsm-manuals was installed with "make install"; or
- OSMO_GSM_MANUALS_DIR is set.
Related: OS#3385
Change-Id: Ic3c5add3c87f0aadb1ffab668ce16be6d0805d33
Those graphs + message sequence charts are not yet used by any
of our manuals, but they should become used by the OsmoMSC user
manual once SGs interface support is added.
Related: OS#2583
Change-Id: Idfd3a66c18131b5458d183b8e66f62eaaab65991
This is the first update since the libosmocore changes to the 'show
online-help' generated output. Hence the produced document now benefits from
the structural improvements:
- not repeating common commands for every node;
- using section names that match the VTY prompt.
Update msc_vty_additions.xml to match the new node ID scheme.
Change-Id: I6f1698dbc205334cf69234f88b124abfce54cc9a
Since the NITB split, GSUP is used in all three network elements, so
make the protocol a shared chapter
Change-Id: Id2d7c27ef16eb0ebe5f60d625a1fcf42f1603f4f
The initial goal was to make sure we don't have overall FORCE rules causing
unnecessary rebuilds -- annoying while writing documentation. As I looked
through possible dependencies, I finally understood what's going on here.
Remove code dup and nicely sort which belongs where in build/Makefile.*.inc. In
each, describe in a top comment how to use it, and also unify how they are
used:
- Rename Makefile.inc to Makefile.docbook.inc and refactor
- Add Makefile.vty-reference.inc
- Add Makefile.common.inc
Make sure that we accurately pick up all dependencies.
Drop use of the macro called 'command', that silenced the actual command lines
invoked and replaced them with short strings: it obscures what is actually
going on and makes the Makefiles hard to read and understand.
Each manual's makefile is greatly reduced to few definitions and a Makefile
include, e.g. one for asciidoc, one for VTY reference.
Move common/bsc_vty_additions.xml to OsmoBSC/vty/libbsc_vty_additions.xml, link
from OsmoNITB. It applies only to OsmoBSC and OsmoNITB.
Add a script that combines a VTY reference file with *all* additions files
found in a manual's vty/ dir. Call this from Makefile.vty-reference.inc.
Change-Id: I9758e04162a480e28c7dc83475b514cf7fd25ec0
Add OsmoMSC and OsmoHLR to bibliography (even though the OsmoHLR manual does
not yet exist, a reference to it has been added in OsmoMSC's manual).
Change-Id: I9ecff2837fbf5fdc19675a726f6d70c21eb178ee
It's much better to have both RP-DATA header parsing and validation
code in a single function. There is no need to pass all the header
fields (DA, OA, UI) to gsm411_rx_rp_ud() because they are not
used there.
Change-Id: Iaf295949148e2a613c5403d1f7a926fcd6849c15
Passing a message buffer containing the whole encoded message, and
a pointer to the RP header (struct gsm411_rp_hdr) is redundant.
Change-Id: I0eb5c7c485ab7d109966431bd875fa74e00936d7
| ../../../git/src/libmsc/msc_vty.c:1202:44: warning: format '%lu' expects argument of type 'long unsigned int', but argument 3 has type 'uint64_t {aka long long unsigned int}' [-Wformat=]
| vty_out(vty, "Location Update : %lu attach, %lu normal, %lu periodic%s",
| ^
Change-Id: Iae1c0b20a519ce71a21f72cea3c63694ef10adb4
When using smpp-first, after the ESME accepts our STATUS REPORT,
we were sending it locally into gsm340_rx_sms_submit() anyway.
In the case of the ESME mirroring the report back to us, this
would result in two copies of the status report in the SMS
database, which were also both then delivered to the MS.
This causes no visible error to the user but is a waste of radio
resources.
With this patch, we check if it is the sms_report that has had
receiver set in sms_route_mt_sms() and not the original SMS we
are reporting on, which of course already has receiver set.
Change-Id: I3529b89535800eaa1127721d613fa7bbcb8b23be
the function vlr_subscr_req_lu() has a parameter is_ps, which is set
to vsub->vlr->cfg.is_ps by the only caller in vlr_lu_fsm.c. Inside the
function one can see that vsub->vlr->cfg.is_ps is used directly to
decide between PS or CS LU, we could also use is_ps there. Presumably
the parameter is_ps had been abandonned in an early development stage
and was not removed, so lets drop the parameter.
Change-Id: Id239721773b90099d122b232dae1ba457be9d255
the control interface command subscriber-list-active-v1 contains a stray
debug printf, lets remove it.
Change-Id: I085cf7b4a45708ccb883f70f71f4fbcfda58d332
Count COMPLETE and REJECT messages. Besides general troubleshooting
that's also useful for TTCN-3 tests to check that OsmoMSC processed
those messages as expected.
Change-Id: I5822b2b38b64f1a691b26c926a8e2bece21dc624
Related: OS#3187
enum gsm48_gmm_cause is the wrong enum to pass to lu_fsm_failure(). Use enum
gsm48_reject_value instead.
Change-Id: If661f72056decb28c0ee82ad2449630a24d4f31c
The external MNCC handler may hang indefinitely in cases where the remote
end of the MNCC ceases to work properly. Add a global guard timer to
make sure the call reaches ACTIVE state.
Change-Id: I7375d1e17cd746aac4eadfe1e587e82cf1630d3d
Related: OS#3599
The function _handle_error() initalizes a struct gsm_mncc variable
on startup. The initalization accesses mgcp_ctx->trans->callref. All
this is done before the assertion on mgcp_ctx. Later in the code one
finds an if which tests on mgcp_ctx->free_ctx. This is the only part of
the code that accesses the mncc struct variable. We should move the
initalization there as well.
- Move initalization of struct gsm_mncc mncc into the if body
that uses it.
Change-Id: I86983eabd999c4275dcc0e4a169ef2aa1e33c747
Related: OS#3635
Give the HLR a chance to send us updated subscriber data by indicating the CN
domain to be Circuit Switched, only during a LU Request GSUP message.
Adjust msc_vlr_tests to expect the added GSUP CN domain IE to indicate CS, i.e.
append '280102'.
Related: OS#3601
Change-Id: I0c2d33fbfdb4728e480679120d06b7f3a2ccfd76
Move code which needs to test the mgcp_ctx->free_ctx flag upwards
such that it runs before we're calling functions which will
potentially free mgcp_ctx. The code being moved up takes effect
only in case mgcp_ctx won't be freed, so there should be no
functional difference.
Change-Id: I5df17c19e2a68c019f7eaf582b14585caa54b32a
Related: OS#2885
At the moment osmo-msc populates the member ip in struct gsm_mncc_rtp
with the wrong byte ordering. This causes LCR or
osmo-sip-connector to receive the IP address in the wrong order, which
eventually leads into a reversed IP address in the SDP part of the SIP
messages.
Change-Id: I86148179b549b511528e4c65213eb6c204cc609e
Related: OS#3431
This recent patch moves Classmark storage to the VLR subscriber, and introduced
a segfault when a Classmark Update is received during IMSI detach:
commit 986fe7ed18
change-id I27081bf6e9e017923b2d02607f7ea06beddad82a
Mon Sep 17 01:12:13 2018 +0200
"store classmark in vlr_subscr, not conn"
It assumed that we would never accept any Classmark Update messages unless we
also have a valid subscriber for it. Well, that is proven wrong by the
ttcn3-msc-test TC_imsi_detach_by_imsi(), which brings osmo-msc to its knees.
Fix: in case of no valid vlr_subscr being present, store Classmark in the conn
temporarily, and copy any received Classmark to VLR subscriber as soon as it
gets associated with the conn (if at all).
Change-Id: Ib2a2ae6bf86e8f29fc6751a8b5cdb7187cd70290
When the VLR requests a Ciphering Mode with vlr_ops.set_ciph_mode(), and if we
need a ciph algo flag from a Classmark information that is not yet known
(usually CM 2 during LU), send a BSSMAP Classmark Request to get it.
To manage the intermission of the Classmark Request, add
- msc_classmark_request_then_cipher_mode_cmd(),
- state SUBSCR_CONN_S_WAIT_CLASSMARK_UPDATE,
- event SUBSCR_CONN_E_CLASSMARK_UPDATE.
From state AUTH_CIPH, switch to state WAIT_CLASSMARK_UPDATE. Once the BSSMAP
Classmark Response, is received, switch back to SUBSCR_CONN_S_AUTH_CIPH and
re-initiate Ciphering Mode.
To be able to re-enter the Ciphering Mode algo decision, factor it out into
msc_geran_set_cipher_mode().
Rationale:
In the following commit, essentially we stopped supporting A5/3 ciphering:
commit 71330720b6
"MSC: Intersect configured A5 algorithms with MS-supported ones"
Change-Id: Id124923ee52a357cb7d3e04d33f585214774f3a3
A5/3 was no longer supported because from that commit on, we strictly checked
the MS-supported ciphers, but we did not have Classmark 2 available during
Location Updating.
This patch changes that: when Classmark 2 is missing, actively request it by a
BSSMAP Classmark Request; continue Ciphering only after the Response. Always
request missing Classmark, even if a lesser cipher were configured available.
If the Classmark Update response fails to come in, cause an attach failure.
Instead, we could attempt to use a lesser cipher that is also enabled. That is
left as a future feature, should that become relevant. I think it's unlikely.
Technically, we could now end up requesting a Classmark Updating both during LU
(vlr_lu_fsm) and CM Service/Paging Response (proc_arq_fsm), but in practice the
only time we lack a Classmark is: during Location Updating with A5/3 enabled.
A5/1 support is indicated in CM1 which is always available, and A5/3 support is
indicated in CM2, which is always available during CM Service Request as well
as Paging Response. So this patch has practical relevance only for Location
Updating. For networks that permit only A5/3, this patch fixes Location
Updating. For networks that support A5/3 and A5/1, so far we always used A5/1
during LU, and after this patch we request CM2 and likely use A5/3 instead.
In msc_vlr_test_gsm_ciph, verify that requesting Classmark 2 for A5/3 works
during LU. Also verify that the lack of a Classmark Response results in attach
failure.
In msc_vlr_test_gsm_ciph, a hacky unit test fakes a situation where a CM2 is
missing during proc_arq_fsm and proves that that code path works, even though
the practical relevance is currently zero. It would only become interesting if
ciphering algorithms A5/4 and higher became relevant, because support of those
would be indicated in Classmark 3, which would always require a Classmark
Request.
Related: OS#3043
Depends: I4a2e1d3923e33912579c4180aa1ff8e8f5abb7e7 (libosmocore)
Change-Id: I73c7cb6a86624695bd9c0f59abb72e2fdc655131
In the msc_vlr_tests, instead of printing the algo IDs, rather print the
corresponding A5/n name, for clarity.
Change-Id: Ic00f1e54490650bcb40170647b8ffd52ede23fd3
Store all Classmark information in the VLR.
So, we now always know the Classmark 1 (mandatory IE for LU). This is visible
in the msc_vlr_tests -- they no longer indicate "assuming A5/1 is supported"
because classmark 1 is missing, because we now know the Classmark 1.
Rationale:
During Location Updating, we receive Classmark 1; during CM Service Request and
Paging Response, we receive Classmark 2. So far we stored these only for the
duration of the conn, so as soon as a LU is complete, we would forget CM1.
In other words, for anything else than a LU Request, we had no Classmark 1
available at all.
During Ciphering Mode Command, we rely on Classmark 1 to determine whether A5/1
is supported. That is moot if we don't even have a Classmark 1 for any CM
Service Request or Paging Response initiated connections.
The only reason that A5/1 worked is that we assume A5/1 to work if Classmark 1
is missing. To add to the confusion, if a phone indicated that it did *not*
support A5/1 in the Classmark 1, according to spec we're supposed to not
service it at all. A code comment however says that we instead want to heed the
flag -- which so far was only present in a Location Updating initiated
connection. Now we can make this decision without assuming things.
This got my attention while hacking on sending a BSSMAP Classmark Request from
the MSC if it finds missing Classmark information, and was surprised to see it
it lacking CM1 to decide about A5/1.
Change-Id: I27081bf6e9e017923b2d02607f7ea06beddad82a
For networks without Authentication, the conn is already accepted when
SUBSCR_CONN_E_COMPLETE_LAYER_3 is emitted. Mute that misleading error message.
All is actually fine.
Adjust expected test logs.
Change-Id: I2d19d0a7cf3226ee1456f75a68e007ba98232402
The intention was to use the file's basename, but __BASE_FILE__ means "the root
file that is being parsed and contains #include statements".
If we had a function using __BASE_FILE__ and that was defined in an #included
file, __BASE_FILE__ would indicate the first file where the #include is, and
not the file where the function is defined. __BASE_FILE__ works for us because
we don't ever include function definitions that log something, so __BASE_FILE__
always coincides with __FILE__ for our logging; but still __BASE_FILE__ is
semantically the wrong constant.
Related: OS#2740
Change-Id: I1c8122c909938daaf782468c1c5b0262d555c3ce
Otherwise they end up in the NULL ctx.
Depends: libosmocore Change-Id Id58ca18eb826b8f4183a7cf0dbb2b38cba702a09
Change-Id: I5d5b456eb85fbdb0ca2140c56ebf3d207b4a0bba
Tracking NULL memory contexts allows one to detect memory chunks,
allocated outside the application's root context, which in most
cases are results of some mistake.
In b874486e8e the repotring of
NULL-context state was introduced, but without asking talloc
to track the use of NULL memory contexts it doesn't make sense.
Change-Id: I4b5e3946ee21c7d0ed6c66b1059dbce5ad312f88
This is a follow up change before enabling the track of NULL talloc
contexts. Since there is no other way to deinitialize libosmovty,
let's free its root context on exit. Otherwise one would see
lots of memory chunks on exit...
Change-Id: I278f85f023210de6b4626d4493d10d20996f606a
lchan_type was removed from gsm_mncc and the hello message
on initial import from legacy OpenBSC in
Change-Id: Id3705236350d5f69e447046b0a764bbabc3d493c
This patch follows on from Change-Id: Ia02373a36df7605507ee3de49173a9fd6547b726
which reintroduced lchan_type to the gsm_mncc struct.
This patch restores the lchan_type_offset to the hello protocol message
Without this patch, LCR will issue an error and disconnect from the MNCC socket.
Change-Id: I65312082fa5dc0721170f923840e992ef9481a63
Closes: OS#3461
This example configuration files lack port settings for the mgcp
client. Lets explicitly assign a port for the MGW and a local port.
For the local port lets use the IETF port number + 1. The reason
for this is that the default config for osmo-bsc already uses the
IETF port and in osmo-bsc and osmo-msc run on the same machine in
many setups.
Change-Id: I17453e0d30eec757aba9530b63eb5d1539cbdffc
When the assignment completes a choosen codec is returned. At the
moment we do not use this information.
- add struct members for codec info (both, RAN and CN)
- parse codec info in BSSMAP ASSIGNMENT COMPLETE
- use codec info on mgcp
Since the MNCC API is not complete yet, we currently only use the
codec info only on the internal MNCC yet.
Change-Id: I9d5b1cd016d9a058b22a367d0e5e9f2ef447931a
Related: OS#2728
osmo-hlr has recently (as of Change-Id
Iad227bb477d64da30dd6bfbbe1bd0c0a55be9474) a working shared library
implementation of libosmo-gsup-client.
We can remove the local implementation in osmo-msc and use the
system-installed shared library instead.
Change-Id: I6f542945403cf2e3ddac419186b09ec0e2d43b69
Since we don't process SS/USSD requests in OsmoMSC anymore, there
are some useless GSM 04.80 functions remained from the past.
In particular, this change does the following:
- removes both gsm0480_send_{ussd_response|return_error}
functions because they are not used anymore;
- changes symbol prefix from 'gsm0480_' to 'msc_', in order to
avoid possible conflicts with the libosmogsm's GSM 04.80 API;
- cleans up useless includes;
Change-Id: I2990d8627bce0ce6afb1dcf6b11bb194292380d3
libosmogsm in libosmocore.git from Change-Id
Ie36729996abd30b84d1c30a09f62ebc6a9794950 onwards contains oap_client.c,
so we don't need our local copy here in this repo anymore.
Change-Id: Ib6496c35d0ce6eb531e97129dc45a9f68e503b34
Requires: libosmocore.git Change-Id Ie36729996abd30b84d1c30a09f62ebc6a9794950
This change introduces some new rate counters for call-independent
SS/USSD connections. As OsmoMSC doesn't handle the messages itself,
and only responsible for dispatching messages between both
A and GSUP interfaces, the following is taken into account:
- MS-initiated and network-initiated requests to establish
a NC SS/USSD session (transaction) - "nc_ss:m{o|t}_requests";
- successfully established MS-initiated and network-initiated
SS/USSD sessions (transactions) - "nc_ss:m{o|t}_established".
Change-Id: I23c9475abc9951d82f3342fdc5aaa367836f7741
According to GSM TS 02.90, section 4.3, release of the connection
used for SS/USSD is normally the responsibility of the network.
But the user may also initiate connection release, e.g. by
pressing the 'red button'.
TTCN-3 test case: I7936ed5072ed2ae02f039dc90a1fece1e7f70a70
Change-Id: I76fc277bf9db614a97824b1541cd5bb75aa3e29d
This change introduces a possibility to establish network-initiated
SS/USSD transactions with a subscriber in either IDLE, or DEDICATED
state. In the first case, a new transaction is established using
Paging procedure. If a subscriber already has an active connection,
a separate new transaction is established.
TTCN-3 test case: I073893c6e11be27e9e36f98f11c1491d0c173985
Change-Id: Ief14f8914ef013bd6efd7be842f81fbf053f02e2
In order to be able to support external SS/USSD gateway, we should
not terminate the GSM 04.80 messages at OsmoMSC. Instead, we need
to follow the GSM TS 09.11 specification, and forward all messages
unhandled by OsmoMSC to OsmoHLR over GSUP protocol.
This change implements forwarding of MO SS/USSD messages. The
forwarding assumes transcoding between GSM 04.80 messages and
GSUP messages. The payload of Facility IE is carried 'as is'.
As a side-effect, this will disable the osmo-msc internal handler
implementing the "*#100#" for obtaining the subscribers own phone
number. In order to re-gain this functionality, you will need a
modern osmo-hlr (Change-Id I1d09fab810a6bb9ab02904de72dbc9e8a414f9f9)
and the following line in your osmo-hlr.cfg:
hlr
ussd route prefix *#100# internal own-msisdn
TTCN-3 test case: I01de73aced6057328a121577a5a83bc2615fb2d4
Change-Id: Ide5f7e350b537db80cd8326fc59c8bf2e01cb68c
Some internal sub-systems, such as SS/USSD or SMS implementation,
may also need to use GSUP connection with HLR. Previously, it was
only available within the libvlr code, and nowhere else.
Let's introduce the generic GSUP message router, which will
receive messages unhandled by VLR itself, and route them to
a handler depending on the message type.
Change-Id: Ib8146ce5788c8f249dcaa39d61bd0388574bf892
Previously the '*#100#' USSD-request was abused in order to
conclude the current subscriber connection. This makes the unit
tests depend on each other, for example, if one break something
in the GSM 09.11 implementation, a half of tests would fail.
Moreover, the further changes in the GSM 09.11 implementation
will make the results less predictable (i.e. session ID, etc.).
So let's introduce a separate unit test with simple request-
response logic, while more complex tests will be in TTCN.
Change-Id: I40b4caac3113263f5a06c861dff5e10d43c319b5
gcc 8.1.0:
../../../../src/osmo-msc/src/libvlr/vlr_access_req_fsm.c:679:3: error: ‘strncpy’ output may be truncated copying 15 bytes from a string of length 31 [-Werror=stringop-truncation]
strncpy(par->imsi, mi_string, sizeof(par->imsi)-1);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The Mobile Identity is a union of various kinds, but the IMSI is at most 15
digits, so truncation is "intended". I hope other layers validate the correct
length of an IMSI MI.
Change-Id: I0a17a188fc91e42e252ae4bf1d6cd0bf0e5eb077
The CC sub-layer is fairly self-contained, so let's move it to
a separate C source file. The old gsm_04_08.c file now only
contains the 04.07 / DTAP core and MM sub-layer handling.
I did this initially as an experiment to see how self-contained
our CC implementation really is. Given this rather straight-forward
patch builds fine, CC really is self-contained (yay!).
Change-Id: Idb8dd7a8d9d8b4a28c492f12da3cc3305b695cca
This check is not in all our repos that use git-version-gen. Indeed it
seems to be a leftover of openbsc where I think it wanted to ensure
being called in the openbsc subfolder or something? libosmocore e.g.
doesn't have it.
In any case .git being a directory is not always true (if using git
worktree) so remove this check.
Change-Id: I9d895fa90991d47e9626a8e7fa701540b658194c
Overlong IMSIs in ID RESP messages were accepted and used in
truncated form.
Log an error when truncation occurs, and prevent truncated IMSIs
from being installed for a subscriber via ID RESP messages.
Other code paths leading to vlr_subscr_set_imsi() with truncated
IMSIs will only a leave a trail of log entries for now, because
vlr_subscr_set_imsi() is currently unable to return an error code.
Change-Id: I785c994f41a646d8d83d3d82f5a9ae6b572eb641
Related: OS#2864
The flag cannot be enabled in all cases because current osmo-iuh header
contain compilation warnings which are then propagated to this project
when building against them.
Change-Id: I799ae49567c8e9ff7a98d296873ac0b12e926558
There is no need to pass a pointer to a ss_request struct when
calling the gsm0480_send_ussd_* functions, because they only
use both transaction ID and InvokeID from there, which may
be passed directly.
This change allows one to use this API without parsing the
whole GSM 04.80 message, or when parsing is failed. Moreover,
if InvokeID is not available, one can pass any incorrect,
(e.g. negative) value, so the universal NULL tag will be used.
Finally, setting a TI flag is also up to the caller.
Change-Id: I13d5abbfdcf8238ebaf0566c420f09cd9255b648
Previously it was intended that we are always parsing the
whole GSM 04.80 message, including the Invoke ID. But
there is no need to do that, since we are going to
forward the Facility IE payload to HLR in near future.
Moreover, there was a mistake (my bad) - transaction is
being established before parsing of the message, so the
req structure remains uninitialized until that.
Let's just send RELEASE COMPLETE message without any Cause or
Facility IEs. We could indicate a problem using the first one,
but according to GSM TS 04.80, the Cause IE only makes sense
when "its functional handling is specified in the service
description or GSM TS 09.11".
Change-Id: Iecba2dccada9bbcdeb3a9dfd868719aeedc07022
This function could be also used by other parts of code, e.g.
by gsm_04_11.c or by gsm_09_11.c, during initialization of
a new transaction. No need to hide it.
Change-Id: I9a9d17fca4901163dae10d76455aa4cf54497156
During a long time, we had both file and symbol names, actually
related to Supplementary Services, with the 'ussd' abbreviation.
This is not absolutely wrong, but isn't correct at the same time.
USSD is a kind of Supplementary Services, this is only a part
of them. There are also 'structured' Supplementary Services,
which can be call related or call independent.
The "Signalling interworking for supplementary services" is
defined by GSM TS 09.11, and this is exactly what MSC should
implement. Let's use the specification number for naming, as
we do e.g. in the GSM 04.11 (SMS) implementation.
Change-Id: Ic1eaceddb58132318e4e941be542da34b8ebefe1
A subscriber may have a few active transactions at the same time.
For example, one can receive SMS messages during a call, or during
an active SS/USSD session.
We already have connection ref-counting and transactions for CC
and SMS, so let's also use both for SS/USSD.
Change-Id: I21c6777cb88f1f4f80f75dcd39734e952bd4e8b0
Previously the MSC_CONN_USE token for Supplementary Services was
called 'MSC_CONN_USE_TRANS_USSD'. Non-call related Supplementary
Services is not only about USSD, so let's rename it.
Change-Id: I5b3517c87a32fa64dea6b0c912f2b76c5c25a112
There are error and problem codes defined by GSM TS 04.80:
- Error codes are used when a message is structured correctly,
but something is wrong in context of the current operation.
Usually they are carried by 'Return Error' component.
- Problem codes are used when something is wrong with the
message structure, or with carried values. They are
carried by 'Reject' component.
There are three groups of them (see table 3.13):
- General Problem Codes (table 3.14),
- Invoke Problem Codes (table 3.15),
- Return Result Problem Codes (table 3.16),
- Return Error Problem Codes (table 3.17).
The first group is general purpose, and can be sent in
response to any kind of message, excluding 'Reject' itself.
Other ones are bound to specific component types, such as
'Invoke', 'Return Result' and 'Return Error'.
For some reason, a 'Reject' component with the general problem
code 'GSM_0480_GEN_PROB_CODE_UNRECOGNISED' was always used in
OsmoMSC. Even when the message structure is correct.
Let's properly indicate errors in the following way:
- 'Reject' with GSM_0480_GEN_PROB_CODE_UNRECOGNISED
when the gsm0480_decode_ss_request() fails to decode
a message. It can only return 0 or 1, so it's hard to
guess which exact part of message caused the error.
- 'Return Error' with GSM0480_ERR_CODE_ILLEGAL_SS_OPERATION
when the operation code is not related to USSD.
- 'Return Error' with GSM0480_ERR_CODE_UNEXPECTED_DATA_VALUE
when the requested USSD code is unhandled (not supported).
There is a TTCN-3 testcase for this:
https://gerrit.osmocom.org/9470/
Change-Id: I800e7ec98dc9d0bca2d45a8b8255d60253d63e14
Since change If9a81d057f73150e483286472e73c45e7a453a6d removes the
RTP loopback at the beginning. This also means that the Hack we
do to run the IuUP negotiation via looping back the first few
RTP packets will not work anymore. However, we should keep that
hack as long as we do not have IuUP support in the MGW.
- Start RTP connection in loopback mode for IuUP
Change-Id: I4c7d90de4dc87e8baf7cf4a0c69d0e9e8c92e27b
Remove subscribers which fail to send periodic Location Updates from the
list of subscribers known to the VLR. This complements the IMSI detach
procedure: periodic LU expiry triggers an implicit IMSI detach.
Expired subscribers are purged from a periodic timer which iterates
over all subscribers once per minute.
Subscribers with an active connection do not expire. This is controlled
by the subscriber conn FSM which sets a subscriber's the LU expiry timeout
value to GSM_SUBSCRIBER_NO_EXPIRATION while a connection is active.
Add support for fake time with osmo_clock_gettime() to msc_vlr tests.
This functionality existed in OpenBSC but was lost during the nitb split.
This code took some inspiration from the OpenBSC implementation.
Related: OS#1976
Change-Id: Iebdee8b12d22acfcfb265ee41e71cfc8d9eb3ba9
The configure script should only check for libsmpp with --enable-smpp.
Also, disable the build of smpp_mirror with --disable-smpp.
Change-Id: Ic4a8a5c970c04a6257ee4c8e3977e98c4ddfda13
Fixes: a55dda703f
Related: If7e1af11cdac8587bb4d66fb4eacee4b79945359
Related: OS#3232
a_reset.c/h was originally developed to be used in both, bsc and
msc without changes. Unfortunately no suitable library has been
found for a_reset.c/h so the file ended up as duplicated code in
both split brances. Eventually we decided to specialize the
generalized code again, which means some of the functions needed
only by osmo-bsc are removed.
- Remove dead code
- Fix timer identification number (T16)
- use fi->priv to hold context info
- Minor cosmetic fixes
Change-Id: I8e489eb494d358d130e51cb2167929edeaa12e92
Depends: libosmocore I36d221c973d3890721ef1d376fb9be82c4311378
Related: OS#3103
The FSM that controls the VLR ACCESS uses cause code 9
(GSM48_REJECT_MS_IDENTITY_NOT_DERVIVABLE) to signal that the
identity of the MS is currently not known in VLR (MSC-Reboot)
However, this cause code is from the GMM domain and is interpreted
as GSM48_REJECT_SRV_OPT_TMP_OUT_OF_ORDER by the MS, which cauese
the MS not to make a new LOCATION UPDATE on CM SERVICE REQUEST
- use GSM48_REJECT_IMSI_UNKNOWN_IN_VLR and
GSM48_REJECT_IMSI_UNKNOWN_IN_VLR instead of
GSM48_REJECT_IMSI_UNKNOWN_IN_VLR
Change-Id: Ic058c93387f9be9af4940f8961839c02b93ee370
Closes: OS#3266
Catched by osmo-gsm-tester running test voice:octphy.
Fixes following AddressSanitizer report:
==18864==ERROR: AddressSanitizer: heap-use-after-free on address 0x61a000016f18 at pc 0x55f1b29eee5c bp 0x7ffdaa2ac000 sp 0x7ffdaa2abff8
WRITE of size 8 at 0x61a000016f18 thread T0
#0 0x55f1b29eee5b in setup_trig_pag_evt osmo-msc/src/libmsc/gsm_04_08.c:1490
#1 0x55f1b2a086c1 in subscr_paging_dispatch osmo-msc/src/libmsc/gsm_subscriber.c:101
#2 0x7fb88e07c1c9 in osmo_timers_update libosmocore/src/timer.c:257
#3 0x7fb88e07f1b1 in osmo_select_main libosmocore/src/select.c:253
#4 0x55f1b29b600b in main osmo-msc/msc_main.c:694
#5 0x7fb88bebe2e0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202e0)
#6 0x55f1b29b69f9 in _start (osmo-msc/bin/osmo-msc+0xf09f9)
Related: OS#3198
Change-Id: Ie7fdca4d48e247c77a53e81aec2b6bacd8fef678
Take the chance to pass a var of type enum instead, so the compiler
warns us if a new enum value is added. For instance, if we remove
GSM_PAGING_EXPIRED from the switch statement:
src/libmsc/gsm_04_08.c:1463:2: warning: enumeration value ‘GSM_PAGING_EXPIRED’ not handled in switch [-Wswitch]
switch (paging_event) {
^~~~~~
Change-Id: I65d871704b9636c594dc982200fbe7f7ce6784f5
Fixes following error catched by enabling address sanitizer:
==20792==ERROR: AddressSanitizer: heap-use-after-free on address 0x60b000122610 at pc 0x7f9c9c3fe063 bp 0x7ffd2e68f600 sp 0x7ffd2e68edb0
READ of size 11 at 0x60b000122610 thread T0
#0 0x7f9c9c3fe062 (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x3c062)
#1 0x7f9c9beb8ee4 in talloc_strdup (/usr/lib/x86_64-linux-gnu/libtalloc.so.2+0x6ee4)
#2 0x56096a7cf75b in smpp_smsc_conf src/libmsc/smpp_smsc.c:983
#3 0x56096a7cf9df in smpp_smsc_start src/libmsc/smpp_smsc.c:1015
#4 0x56096a7d4935 in smpp_openbsc_start src/libmsc/smpp_openbsc.c:785
#5 0x56096a755ad0 in main src/osmo-msc/msc_main.c:598
#6 0x7f9c9927b2e0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202e0)
#7 0x56096a756979 in _start (/home/jenkins/workspace/osmo-gsm-tester_run-prod/trial-805/inst/osmo-msc/bin/osmo-msc+0xf0979)
Related: OS#3181
Change-Id: Iaf0d251c8d2912266a087ada4d20905146e08592
Since the I697639d8469e5dda617b27995c4a92e1f0c0bead, call
independent SS messages are also supported by
gsm48_pdisc_msgtype_name().
So, instead of 'NCSS:0x3b' it will return 'GSM0480_MTYPE_REGISTER'.
Let's correct the expected message names.
Change-Id: If9e854ee84882d104cf2ffaceb3862fda6862f19
The only reason to use int instead of the enum was the lack of header
iu_client.h when not building with Iu support. Rather use the configure result
properly, include the header when Iu support is built and use the proper enum.
Omit the entire iu sub-struct when building without Iu.
Add LIBOSMORANAP_CFLAGS to libvlr, in order to find the iu_client.h header (now
also included from gsm_data.h).
Rationale: Instead of using a questionable typecast from int* to enum*, we can
now use the enum member directly without needing to silence compiler warnings.
Change-Id: Ic9f8bf53f4b605c166e84cd7edd90c10fe7d7a1f
This bug is super obvious: We cannot first call
sms_pending_free(pending) and then in the next line still dereference
the pending->sms_id member.
This bug was introduced in January with Change-Id: I3749855fe25d9d4e37ec96b0c2bffbc692b66a78
and apparently nobody has tested any MT-SMS with asan enabled since?
Change-Id: Ibf17f270cdeb8153036eda3de274dd163bbff7e6
Closes: OS#3152
We set acl->esme during _process_bind(), but we don't clear it
in case the TCP connection for the ESME is dead. This leads to
a stale acl->esme pointer, which we will attempt to dereference
the next time a SMS is delivered to a route pointing to this acl,
where it will be a heap use-after-free.
This was discovered using AddressSanitizer and MSC_Tests.ttcn
Closes: OS#3168
Change-Id: I1f140d7f9c7d89f200ddbcd81a8df66de69fb3e4
Instead of keeping separate enums for FSM results and translating between those
and the actual 04.08 reject causes that will ultimately reach the MS, just pass
enum gsm48_reject_value cause codes around everywhere.
Collapse some VLR *_timeout() and *_cancel() api to just *_cancel() with a
gsm48 cause arg.
(Hopefully) improve a few reject causes, but otherwise just aim for more
transparent decisions on which cause value is used, for future fixes of
returned causes.
Depends: I6661f139e68a498fb1bef10c266c2f064b72774a (libosmocore)
Change-Id: I27bf8d68737ff1f8dc6d11fb1eac3d391aab0cb1
In the subscr_conn_fsm instance's ID, include the Complete Layer 3 type, so
that we can see on the first glance whether a state transition belongs to MO or
MT.
The huge patch is due to the cosmetic change affecting nearly every single log
line in the msc_vlr_tests, by nature of changing the FSM's ID.
Related: OS#3122
Change-Id: I2a7e27e0f16df1872dcda64cb928c3b8528ea3f7
On receiving a Clear Request, don't send a Clear Command "out of band", let the
FSM do the release handling by invoking msc_subscr_conn_mo_close().
Fixes: ttcn3 MSC_Tests.TC_lu_clear_request
Change-Id: I168b889ac7989641cc679b781dcffb87ff13a710
When sending a BSSMAP Clear or Iu Release, do not immediately discard the conn,
but wait until a BSSMAP Clear Complete / Iu Release Complete has been received.
Hence we will no longer show in the log that an incoming Release/Clear Complete
belongs to an unknown subscriber, but will still be around to properly log the
release.
Related: OS#3122
Change-Id: Ie4c6aaba3866d6e5b98004e8870a215e8cf8ffc1
Refactor:
1. Glue the gsm_subscriber_connection alloc to the subscr_conn_fsm.
2. Add separate AUTH_CIPH state to the FSM.
3. Use conn->use_count to trigger conn release.
4. Add separate RELEASING state to the FSM.
5. Add rate counters for each of the three Complete Layer 3 types.
Details:
1. Glue the gsm_subscriber_connection alloc to the subscr_conn_fsm.
Historically, a gsm_subscriber_connection was allocated in libbsc land, and
only upon Complete Layer 3 did libmsc add the fsm instance. After splitting
openbsc.git into a separate osmo-msc, this is no longer necessary, hence:
Closely tie gsm_subscriber_connection allocation to the subscr_conn_fsm
instance: talloc the conn as a child of the FSM instance, and discard the conn
as soon as the FSM terminates.
2. Add separate AUTH_CIPH state to the FSM.
Decoding the Complete Layer 3 message is distinctly separate from waiting for
the VLR FSMs to conclude. Use the NEW state as "we don't know if this is a
valid message yet", and the AUTH_CIPH state as "evaluating, don't release".
A profound effect of this: should we for any odd reason fail to leave the FSM's
NEW state, the conn will be released right at the end of msc_compl_l3(),
without needing to trigger release in each code path.
3. Use conn->use_count to trigger conn release.
Before, the FSM itself would hold a use count on the conn, and hence we would
need to ask it whether it is ready to release the conn yet by dispatching
events, to achieve a use_count decrement.
Instead, unite the FSM instance and conn, and do not hold a use count by the
FSM. Hence, trigger an FSM "UNUSED" event only when the use_count reaches zero.
As long as use counts are done correctly, the FSM will terminate correctly.
These exceptions:
- The new AUTH_CIPH state explicitly ignores UNUSED events, since we expect the
use count to reach zero while evaluating Authentication and Ciphering. (I
experimented with holding a use count by AUTH_CIPH onenter() and releasing by
onleave(), but the use count and thus the conn are released before the next
state can initiate transactions that would increment the use count again.
Same thing for the VLR FSMs holding a use count, they should be done before
we advance to the next state. The easiest is to simply expect zero use count
during the AUTH_CIPH state.)
- A CM Service Request means that even though the MSC would be through with all
it wants to do, we shall still wait for a request to follow from the MS.
Hence the FSM holds a use count on itself while a CM Service is pending.
- While waiting for a Release/Clear Complete, the FSM holds a use count on
itself.
4. Add separate RELEASING state to the FSM.
If we decide to release for other reasons than a use count reaching zero, we
still need to be able to wait for the msc_dtap() use count on the conn to
release.
(An upcoming patch will further use the RELEASING state to properly wait for
Clear Complete / Release Complete messages.)
5. Add rate counters for each of the three Complete Layer 3 types.
Besides LU, also count CM Service Request and Paging Response
acceptance/rejections. Without these counters, only very few of the auth+ciph
outcomes actually show in the counters.
Related: OS#3122
Change-Id: I55feb379e176a96a831e105b86202b17a0ffe889
So far we hit a running T308 during CC release when caused by a BSSMAP Clear
Request, and we loudly log that as error.
However, now I understand that T308 is a direct cause of the dispatch of a REL
IND towards MNCC, which is used to indicate teardown to MNCC. So during
_gsm48_cc_trans_free(), we first clear all timers, then invoke
mncc_release_ind() which starts another timer (useful for graceful CC Release,
but in this code path the intention is immediate release). Simply immediately
cancel the timer again and release the conn.
A separate question is whether a BSSMAP Clear Request should be less aggressive
in releasing the connections; i.e. instead of calling trans_free() all around,
to rather ask each transaction to "please stop soon", somehow.
Related: OS#3062
Change-Id: I231fdb574a086a206321148474cbdc7ca9cf39f0
If an error on the MGW side occurs, the MSC may send out
a DLCX command that contains a wildcarded endpoint name.
Wildcarded DLCX commands are legal in principle but not
in the context of an error on a single endpoint. Apart
from that osmo-mgw is (not yet) capable to handle
wildcarded DLCX command.
The problem is caused by a wrong error handling. When the
first (RAN) CRCX fails the error handling logic tries to
perform a DLCX, but since we did not receive a specific
endpoint name yet, the buffer containing the endpoint name
is still initalized with the wildcarded enpoint name, but
the error handler and the code that generates the DLCX is
not aware of that.
- Perform a check in the error handler function that
checks if a DLCX can be made (a specific endpoint
name is set
- Correct the flags in the code that handles the first
CRCX so that no DLCX is requested in the case of error
Related OS#2882
Change-Id: I64c2a82016d854ad446fd49a5d76a28324e8bd4b
The logtext currently logs the pointer (address) of the string
variable that holds the endpoint name, rather then the endpoint
name itself.
- Use %s instead of %p in format string
Change-Id: I01b3d07aeedd72be60361249a5bf80fbb68b7bb8
I assumed that trans_free() would always be called before freeing the FSM. But
the actual conn free dance that tries to make sure a release is triggered from
all directions actually may run into a situation where conn->fi is NULL.
The situation is described in OS#3125.
For now simply drop the assert.
The subscr conn and FSM dealloc will soon be glued firmly together; but I want
to add a test against OS#3062 before that, and that would also hit above assertion.
Related: OS#3125 OS#3062
Change-Id: I5c30e0f9545fb76615776ff6cc16b56aeb5b043a
We usually put comments for functions in *.c files, while header
files are usually plain listings of the API without comments.
Change-Id: I6b0d1d9e1a1b1ffb71cb9905e74f6fad2333bb65
In the old days, OsmoNITB couldn't process any SMS that wasn't between
two subscribers on the same NITB.
We've long re-worked the internals in order to process SMS with
arbitrary sender MSISDN (e.g. from SMPP). However, the VTY command
"subscriber ... sms" was never updated, it seems.
Change-Id: I62b17e0a67989484415f0df2c8cb4ff1f94dbf2b
Closes: OS#3151
The DLCI field of the DTAP header indicates the SAPI as well as the
data link (main DCCH or SACCH). We must make sure to use the correct
DLCI when sending DTAP to the BSC.
We achieve this by
* storing the DLCI in the msgb->cb while parsing the DTAP header
* storing the received DLCI (from msgb->cb) in the transaction for
mobile-originated transactions
* using the trans->dlci to sent msgb->cb when transmitting L3
* filling the DTAP DLCI value from msgb->cb when transmitting DTAP
For MSC-originated transactions, we choose a DLCI value corresponding
to the service (SAPI=0 for CC, SAPI=3 for SMS) and store that in
trans->dlci.
Closes: OS#3150
Change-Id: If511b20f52575054cab1346d99a8cb68d827fdbf
The current msc_subscr_con_allocate() was in fact only used by msc_vlr_tests,
while both a_iface_bssap.c and iucs.c did their own duplicate code of
allocating the gsm_subscriber_connection struct. Unify.
Drop the old msc_subscr_con_allocate(), instead add msc_subscr_conn_alloc().
The new function also takes via_ran and lac arguments directly.
The conn allocation will soon be closely tied to the subscr_conn_fsm instance
allocation, so place the new function definition alongside the other
subscr_conn_fsm API, and match its naming ("conn").
Related: OS#3122
Change-Id: Ia57b42a149a43f9c370b1310e2e1f512183993ea
Instead of jumping through hoops to pass the Complete Layer 3 operation that
created this conn via FSM event dispatch parameters, put it right in the
gsm_subscriber_connection struct, where it always belonged.
Move definition of the enum complete_layer3_type to gsm_data.h, where
gsm_subscriber_connection is defined.
Introduce msc_subscr_conn_update_id() to set the complete_layer3_type of the
conn as soon as a Complete Layer 3 message is received.
In msc_subscr_conn_update_id(), already include an mi_string argument to
prepare for an upcoming patch where the FSM will be allocated much earlier when
the Mobile Identity is not known yet, and we'll also update the fi->id here.
The odd logging change in the msc_vlr_tests output uncovers a wrong use of the
osmo_fsm_inst_dispatch() data argument for SUBSCR_CONN_E_CN_CLOSE events: if a
child FSM signals unsuccessful result, instead of the failure cause, it passed
the complete_layer3_type, as requested upon FSM allocation, which was then
misinterpreted as a failure cause. Now a child FSM failure will pass NULL
instead, while other SUBSCR_CONN_E_CN_CLOSE events may still pass a valid cause
value.
Related: OS#3122
Change-Id: Iae30dd57a8861c4eaaf56999f872d4e635ba97fb
'subscr_conn_from' could mean anything: from what, RAN type? BSS identifier? MM
action? Clearly name it as the Complete Layer 3 kind it represents.
Related: OS#3122
Change-Id: I6263a80e6db01c2ca48df6c58b05e2fd19347057
Match osmo-bsc's naming of the subscriber connection's FSM instance; 'conn->fi'
makes more sense anyway than 'conn->conn_fsm'.
BTW, an upcoming commit will do away with the legacy from libbsc/libmsc duality
and firmly glue the conn allocation to the fi.
Related: OS#3122
Change-Id: If442f2ba78d9722b1065ec30c9a13f372b6a8caa
I broke this test during dev and saw the failure being noticed only in the next
test when DTAP is expected again. Verify success right there, instead.
Change-Id: Ifdde3a6fa5835203c34c40db77761f2e90c0d5ff
Since the logging allocations now also show up in the root context report, some
tests need adjusted talloc checks.
In msc_vlr_tests, also output the number of talloc blocks before tests are
started to show that the number didn't change after the tests.
Change-Id: Iae07ae60230c7bab28e52b5df97fa3844778158e
Move gsm48_* functions from common_cs.c to libmsc/gsm_04_08.c.
Drop sms_next_rp_msg_ref(), it is just a bunch of bloat around "next_rp_ref++".
Apply the "++" instead, in gsm_04_11.c.
libcommon-cs is now empty, to be removed in subsequent commit.
Change-Id: Ibc410803ce8e273b626124ab9fc934f04df3ae50
Move to libmsc/osmo_msc.c (for lack of a better place and reluctance to create
an own file just for gsm_network_init()).
Change-Id: I2279eee4db6f6687726bfd55841b3748d4930f15
All that is left in libcommon now are the GSUP and OAP client implementations.
These are duplicated in osmo-sgsn.git and make sense to remain somewhat
separate from libmsc. So now they get their own little lib.
Change-Id: Ic71aa119c233b6a0ae169a5b2a53819903d2be82
classmark_is_r99() is only used in gsm_04_08.c, move there as static.
rrlp_mode_* is only used in msc_vty.c, move there as static.
Move ran_type_names[] to msc_ifaces.c.
Change-Id: I5381c72af6841829fbc65940fd7d6f4d5cf583df
Drop tall_bsc_ctx; in mncc_sock_init(), talloc the mncc_sock_state from
gsm_network.
In tests or utils, move from using an extern tall_bsc_ctx to a local root
context pointer.
Change-Id: I92c252be1d1e7634f1653de47d37c99d77d9501c
Apply more concise logging categories in each main scope. The bulk goes to
msc_main.c, obviously, while tests and utils get a slimmed down bunch of
logging categories.
Change-Id: I969a0662ba273f3721b6820d02151b7a5b8014b8
Now that all VTY definitions are in the same file, we no longer need
gsmnet_from_vty(). Just have one static struct gsm_network *gsmnet populated by
msc_vty_init() and use it in all VTY functions.
Change-Id: I5cb3712a4f4245feb62d42f1b041fe94de5fac1b
From openbsc.git, we still have osmo-msc's VTY definitions spread across
various places. Combine:
- Move the go_parent_cb() and is_config_node() to msc_main.c, drop
common_vty.c.
- Move all of vty_interface_layer3.c into msc_vty.c.
- Move all of common_cs_vty.c into msc_vty.c.
- Move bsc_vty_init_extra() into msc_vty_init().
- Drop some unused definitions
No functional nor cosmetic changes have been made in the moved code, plain
copy-paste moving (even though the unidiff might look like edits in some
places). I might have adjusted some blank lines though.
Change-Id: Ia818c00ab613a19a34080b160d763b55c19f76b1
In trans_free(), call subscr_conn_release_when_unused(), so that we are sure to
clean up after the last transaction is done.
This fixes an error where a conn lingered after a CC failure, because that code
path forgot to trigger cleanup.
Rationale: so far we were triggering the release check after each DTAP dispatch
(compl_l3 and "normal" DTAP), which is sufficient for properly closed
transactions. We also need a check for when a timeout clears an erratic trans.
Adjust test expectation of test_call_mo_to_unknown_timeout to show that the
error is now fixed.
msc_vlr_test_reject_concurrency now sees an additional release checking event
when the SMS transaction is done, which is expected and does not affect the
test otherwise.
Related: OS#2779
Change-Id: I46ff2e9b09b67e4e0d79cccf8c04936f17281fcb
It's pretty amazing that we print error messages anrd return error
codes, but nobody ever looks at the error code and/or closes the
connection. Let's change that.
Change-Id: Iec693d8012a7816d1ded8206c2d979ac0546fb6e
If both sides are sending RESET at the same time, they are not aware
of each other. This leads to synchronization problems in wich
the remote side is transmitting e.g. a COMPL L3 INFO after receiving
a RESET ACK, but before even receiving or processing the RESET in
the inverse direction. So let's treat receiving a RESET as an implicit
RESET ACK to any RESET we may have sent.
Change-Id: I0ae34fbb3735592bb7cffa5aaf421b14a8acc90e
Fixes several of these type of warnings:
include/osmocom/core/fsm.h:123:38: warning: format ‘%x’ expects argument of type ‘unsigned int’, but argument 9 has type ‘char *’ [-Wformat=]
LOGP((fi)->fsm->log_subsys, level, "%s{%s}: " fmt, \
^
src/libmsc/msc_mgcp.c:277:71: note: format string is defined here
"CRCX/RAN: creating connection for the RAN side on MGW endpoint:0x%x...\n", mgcp_ctx->rtp_endpoint);
~^
Change-Id: I17b7bed8fc39612286ba66f250b6b26da01d38c0
The higher layers (gsm_04_08.c) are informed errors occur. But it
is not checked if the call was already released. If an error occurs
after the call control stack calls msc_mgcp_call_release() then
the higher layers might already have cleaned up and the code
accesses memory that is already freed (trans)
- fix use after free by guarding the call to mncc_tx_to_cc()
Change-Id: I78f1b6a9149488a4ad3f120c1e190a83c07d4b89
Related OS#2881
Related OS#2882
These tests helped to debug issue OS#2779. Now that they're here we might as
well keep them.
The test test_call_mo_to_unknown shows that an MS answering to the Release
Request works as it should: the conn is torn down.
The test test_call_mo_to_unknown_timeout currently expects the error: the conn
remains active if the CC Release times out. This bug and the test expectations
will be fixed in I46ff2e9b09b67e4e0d79cccf8c04936f17281fcb.
Change-Id: Ic3c84520bff8c3fc82512d03ff6ab97d21b8fb7a
The naming of "bump" was short and made sense to me at the time of writing, but
it is keeping pretty much everyone else at a distance, no-one intuitively gets
what it is supposed to mean.
Clarify by renaming to "release_when_unused".
Adjust test expectations.
Change-Id: I4dcc55f536f63b13a3da29fff1df5fe16751f83a
There are a number of bad failures in CC teardown handling we're solving. It
helps to see CC logging in the msc_vlr_tests.
Change-Id: I56ac269d46b48b6b85efad81c4d2343bfc41ea90
Also indicate in msc_vlr_test_gsm_authen.c that we're indeed sending no
capability to do R99 in the Classmark 1 during LU request.
Change-Id: Id79a77ca1f218d55dad21d9dd3de92445fb5d6bf
gsm_04_08.c seems to contain some lines of old debug code that
is commented out. Presumably the commented lines are a leftover
from a debug session.
- remove those commented code lines
Change-Id: Ifb84e4b0696fef1326c3f9ebc8427581057db44f
Use the new gsm0808_dec_cell_id_list2() API to decode the cell
identifier in the bssap COMPLETE LAYER 3 information message.
Also, actually compare the MCC-MNC in WHOLE_GLOBAL and LAI_AND_LAC
cell identifiers to the network configuration, and drop messages
with mismatching MCC-MNC (addresses OS#2980).
Related: OS#2847
Related: OS#2980
Change-Id: I855477507e4d65fb9890da0ceea26dd2c4dfaf82
osmo-msc still uses endpoints that are allocated locally by the
MGCP-Client. Since osmo-mgw now supports the more comfortable,
dynamic variant we should make use of it.
- Replace the endpoint numer allocation by the client with a
wildcarded CRCX. Use the endpoint that is assigned by the
MGW.
Related: OS#2710
Change-Id: Iee3e446b6689626516f01c521abe3d4603cd3e13
When a truncation check (osmo_strlcpy()) fails handle_error()
is called with MGCP_ERR_NOMEM as cause code. Which finally
results in an "out of memory" message. MGCP_ERR_NOMEM is only
used for failed truncation checks, so it makes sense to choose
a message that describes the cause of the problem better.
- rename MGCP_ERR_NOMEM to MGCP_ERR_TOOLONG
- replace error message string
Change-Id: Ifedb85c1933a30b2aa491b495119919f45782e2c
Make sure to deactivate trans.cc.timer when freeing a CC transaction.
Log an error if should be necessary.
This prevents a segfault when we receive a BSSMAP Clear Request from BSC during
an ongoing CC operation. The BSSMAP Clear Request currently triggers immediate
freeing of the conn, while we should still do a graceful release first. While
this patch does not fix the underlying error, it does prevent the MSC from
crashing due to a stale timer, whatever the cause might be.
Related: OS#3062
Change-Id: I86b666f23402a6d94af2d903e514770d1fd5157f
When the FSM reaches ST_HALT it frees itsself and all context
information but it is not ensured that there are still pending
MGW transactions that might hit late and eventually cause a use after
free situation.
- if an MGW transaction is still pending, cancel it.
Change-Id: I8ff55e48a95cc4c556a97ad2593bad1cc1aa69bd
When the MGW does not respond to an MGCP message then the mgcp FSM
terminates, but the CC handler (gsm_04_08.c) is not informed. This
lets the CC handler think that the MGCP connection would be successful,
so it also does not take any action to release the non functional
connection.
- make sure the CC handler is always informed on any kind of
error, especially on MGW timeouts
Change-Id: I3fcd0d71fad53274e82f6d87c80042d06283bc5d
Related OS#2881
Related OS#2882
Since commit 2483f1b050 the function
gsm48_tx_mm_info() was not called anymore. No MM info messages were
transmitted to phones even if MM info messages were enabled via VTY.
With this commit, we call gsm48_tx_mm_info() after successfully
processing an IMSI ATTACH location update.
Change-Id: Ice5963d84253eb8c803cd2dfa8b25a4db5382827
Related: OS#2850
struct gsm0808_cell_id_list in libosmocore is deprecated by
https://gerrit.osmocom.org/#/c/6509/
This updates the only API user I am aware of.
Change-Id: I67377270cf3b081ac5dc9cd7b4dc28f74143753a
Depends: Ib7e754f538df0c83298a3c958b4e15a32fcb8abb
Define the struct vlr_ciph_result member .imeisv not as a char* but a char[] of
appropriate length, to avoid the need to point to external memory.
Thus fix a use-after-free in msc_cipher_mode_compl(), which defined the
imeisv[] buffer in a sub-scope within that function, so that the .imeisv
pointer was already invalid when fed to vlr_subscr_rx_ciph_res().
Did you notice that the commit summary rhymes?
Closes: OS#3053
Change-Id: I90cfb952a7dec6d104200872164ebadb25d0260d
Provide a sane means of adding the -Werror compiler flag.
Currently, some of our jenkins.sh add -Werror by passing 'CFLAGS="-Werror"',
but that actually *overwrites* all the other CFLAGS we might want to have set.
Maintain these exceptions from -Werror:
a) deprecation (allow upstream to mark deprecation without breaking builds);
b) "#warning" pragmas (allow to remind ourselves of errors without breaking
builds)
As a last configure step before generating the output files, print the complete
CFLAGS and CPPFLAGS by means of AC_MSG_RESULT.
Change-Id: I0528dcb14bf79d0920905a718cc2edea1434c0e5
See also change-id I72a1dbb30e0a39dbf4b81c7e378d5607b62e10d3 in
osmo-ttcn3-hacks.git, which adds a similar test to the MSC_Tests.ttcn suite.
Writing this test helped me fix the issue faster, why not keep it now that it's
there.
Related: OS#2947
Change-Id: Iba56556207cf6e79e6531b0e7dd3eaec28fb5eaa
The code deciding on whether UMTS AKA is used was cascaded and convoluted. By
flattening the decisions, they become easier to read and possibly catch more
weird corner cases / log information more clearly.
- First decide what AKA the RES length reflects.
- Then decide whether all prerequisites for UMTS AKA are satisfied.
- Finally, on UTRAN, turn down the auth if we don't have UMTS AKA, and neatly
log all of the potential causes.
One corner case that should never occur is that the UMTS AKA RES length is
actually the same length as the GSM AKA SRES. If this nevertheless occurs, log
this as an error, though not turning down authentication because of it. (The
effect is that we would favor UMTS AKA when it has a res_len == sizeof(sres)
and would not succeed to GSM AKA. At least the log will tell us why, now.)
Adjust an expected test output, trivial logging difference.
Change-Id: I43f7f301ea85e518bac91f707391a53182e54fab
Do not interpret the SRES/RES length returned in the auth response as the R99
capability bit, instead determine it from the actual Classmark information
associated with the conn.
This fixes the is_r99 flag passed in to vlr_subscr_rx_auth_resp(), which ends
up in the struct vlr_auth_resp_par dispatched to the auth_fi and influences the
authentication acceptance.
Though the effect of a wrongly-set-to-false R99 flag is not harmful in this
code path, let's not get this confused.
Change-Id: Ib7f7d89a8b9455d2c022d53d74328fa7488577f4
Instead of just closing down the conn hard, actually feed invalid auth response
data to vlr_subscr_rc_auth_resp() in order to trigger all the actions we want
to see with a failed authentication:
- a GSUP signal that the auth failed,
- a LU reject.
Verify this in new test_wrong_sres_length() in msc_vlr_test_gsm_authen.c.
Note that in gsm48_rx_mm_auth_resp(), the is_r99 flag is falsely derived from
the RES length, which upcoming commit Ib7f7d89a8b9455d2c022d53d74328fa7488577f4
will fix.
Change-Id: I4179a290069ac61d0662de4ec7ca3edb76988899
Switch by vsub->sec_ctx to use the proper Kc for ciphering.
Even on an R99 capable MS with a UMTS AKA capable USIM, the MS may still choose
to only perform GSM AKA, as long as the bearer is GERAN. The VLR already stores
whether the MS replied with a GSM AKA SRES or a UMTS AKA RES in vsub->sec_ctx.
So far, though, we were always using the UMTS AKA Kc just because the USIM and
core net are capable of it, ignoring the choice the MS might have made in the
Authentication Response.
In msc_vlr_test_gsm_ciph, fix the test expectations to the correct GSM AKA Kc
keys, showing that all of LU, CM Service Request and Paging Response now
support MS choosing GSM AKA in a UMTS capable environment.
Related: OS#2793
Change-Id: I42ce51ae979f42d173a45ae69273071c426bf97c
Even on an R99 capable MS with a UMTS AKA capable USIM, the MS may still choose
to only perform GSM AKA, as long as the bearer is GERAN. In that case, we must
make sure to send the GSM AKA Kc for ciphering.
Add test_gsm_ciph_in_umts_env() to msc_vlr_test_gsm_ciph.c to answer an Auth
Request with a GSM AKA response (see the log stating "AUTH established GSM
security context" after we sent a UMTS AKA challenge).
In the test, show that we currently send the *wrong* Kc, i.e. the UMTS AKA
derived Kc for GERAN, instead of the correct Kc for GSM AKA (which was received
from the HLR in the auth tuples).
Subsequent patch I42ce51ae979f42d173a45ae69273071c426bf97c will fix this and
correct the test expectations.
Related: OS#2793
Change-Id: I85f12a20dcd701e671188e56811ec7b58d84da82
Clearly distinguish between Ciphering Mode Command on GERAN and Security Mode
Control on UTRAN.
Cosmetic: explicitly verify the key strings in the testing code (not only in
the expected output).
Change-Id: Ica93ed06c4c63dc6768736d25231de8068001114
In gsm_silent_call_{start,stop}(), return meaningful error codes and interpret
them on the VTY to clearly indicate the result.
Change-Id: Id5abb8f2ba901689e03040af8e51483b6c618e7f
Rationale: in the HLR, it is called 'msisdn' after the database column, so a
user going back and forth between osmo-hlr and osmo-msc would appreciate being
able to type 'msisdn' in the MSC's vty as well.
Change-Id: I7b46f9736421e8edd8a95ae89e025ebe486fde4c
Before this, it was for example possible to crash the MSC by the vty 'show
subscriber' command, which would dereference a potentially stale
vsub->msc_conn_ref pointer.
Related: OS#3050
Change-Id: Ia4105d9f135ba3216ad3c86157be7658b1d568fb
When osmo-msc restarts it looses all information about the BSC. The
BSC will not be aware of the reboot and on the next communication
attemt it will notice that something is wrong and start the reset
procedure on his side. osmo-msc will receive the reset messages
and send a reset.
The reset is received. Osmo-msc detects that no context information
is created yet. The context is created. Then it is checked if the
UNITTDATA message that came in is a reset. If it is one. Nothing
happens. The UNITTDATA is passed on and triggers the RESET-ACK
some layers above. Unfortunately by the current code this also
means that no reset FSM is created and therefore a_reset_conn_ready()
can never be true. Which means it will also drop any legitimate
reset from the BSC in the future.
- Ensure that the reset FSM is always created when a new BSC
context is created
- Make sure that reset related traffic always passes so that
the higher layers can handle the procedure properly
Change-Id: I3fdcec5dbeaa0e21fd6a92568a623faa368239be
The vlr_subscr_get() can return NULL if its argument is NULL
(which isn't checked for) so before dereferencing it's result
we should check for it.
Change-Id: I13632908d0b67323202effa9dd6f29732a12cc91
Actually call msc_vlr_set_ciph_mode() and wrap away a_iface_tx_cipher_mode()
and ranap_iu_tx_sec_mode_cmd(). Hence we'll see decisions and errors in
msc_vlr_set_ciph_mode() as well.
Change-Id: Id23bc245d4b5707edcd27c44db272fbb211bf9bd
All functions in the individual msc_vlr_test_*.c files should be static; hence
we would be warned if one of them were unused (forgotten to add to the tests
array).
Change-Id: Ia169c6a1443a48879ab4777e09c2040c48810bf6
Three recently merged commits take the msc_vlr_tests in a wrong direction.
The IMSI is usually encoded in the hex streams. The rationale behind hex
streams is that it is a) easily copied from a wireshark trace and b) exactly
the bytes as sent by an actual phone. It is hard to parameterize the IMSI
because we would have to employ our encoding functions, which I intentionally
want to keep out of the loop here.
The test number should not appear in the normal test output, so that adding a
test or changing their order does not affect expected output for following
tests. The nr is simply for manual invocation, only seen when invoked with -v.
Revert
- "VLR tests: always print test parameters"
b0a4314911.
- "Expand VLR tests"
d5feadeee8.
- "Move IMSI into test parameters"
093300d141.
Change-Id: Ie1b49237746751021da88f6f07bbb9f780d077c9
Various functions in vlr_lu_fsm.c belong to one of the four FSMs defined in
that file. After the recent error was uncovered where the lu_fsm called
lu_compl_fsm()'s termination function, I want to make sure it's correct.
Introduce distinct inline functions to dereference the respective fi->priv
pointers, each asserting that the fi indeed belongs to the proper FSM. Use
those *everywhere* to dereference fi->priv.
From this patch on, we are sure beyond doubt that we are not inadvertently
passing an fi pointer to the wrong FSM's handling functions, though we will
only catch this at runtime -- but then will immediately know the reason.
vlr_lu_fsm.c is the only file defining more than one FSM, so the other FSM
definitions are already reasonably safe.
Change-Id: I7419a780ff2d8b02efc4195bb1702818e4df181c
From the vlr_loc_update() FSM, don't call the vlr_lu_compl_fsm_failure()
function. These are two distinct FSMs with distinct priv pointers, but they are
defined in the same .c file.
In vlr_loc_upd_post_auth(), change two erratic calls of
vlr_lu_compl_fsm_failure() to lu_fsm_failure(), so that the proper fi and priv
struct are used.
Fixes: OS#2947
Change-Id: I7fd2c6fa23254fffd0d526e53541f4068153929f
Add 3-digit flags and use the new RAI and LAI API from libosmocore throughout
the code base to be able to handle an MNC < 100 that has three digits (leading
zeros).
Depends: Id2240f7f518494c9df6c8bda52c0d5092f90f221 (libosmocore),
Ib7176b1d65a03b76f41f94bc9d3293a8a07d24c6 (libosmocore)
Change-Id: I82f0016d9512ee8722a3489a3cb4b6c704a271fc
All callers pass mcc=1, mnc=1, so just have it as default.
(Prepare for net->country_code etc to be replaced by net->plmn)
Change-Id: Ibcd1cc38f170895305ae176a5574384c74a33939
The FSM (fsm_msc_mgcp) lacks a proper definition of the FSM event
names. This causes problems when inspecting the FSM using the VTY.
- Add proper FSM Event names
Closes: OS#2924
Change-Id: I6823756a63b08a71e5518130e49751aa073dbcd2
The FSM lacks a proper definition of the FSM event names. This causes
problems when inspecting the FSM using the VTY.
- Add proper FSM Event names
Change-Id: I76d7d9e0accffd433a3f3b5e5f8ab17ecd4a348c
Related: OS#2924
Call osmo_fsm_vty_add_cmds() to make osmo_fsm VTY commands available
in osmo-msc's VTY interface.
Change-Id: Iaf970f6039c3f668f275dd8c21fb9071774a5d9e
Related: OS#2967
Change I0d57ac214e574e267fa9752daf76566197b9aa64 forgot to remove this
file along with meas_feed.c.
Note also the weirdness: that patch removes the proper
include/osmocom/msc/meas_feed.h, but there's also this other one.
This libmsc/meas_feed.h always existed from the start as an unused
orphan, see:
https://git.osmocom.org/osmo-bsc/diff/openbsc/src/libmsc/Makefile.am?id=b4771a6871efb3cf12b371aedc575912984ca528
No need to drop from Makefile.am, since it is already gone from there.
(meas_feed from the old osmo-nitb (openbsc.git) has / should have moved to
osmo-bsc. There are no measurement reports in the MSC. Refer to osmo-bsc.git
instead from now on.)
Change-Id: Ib2566013dd30b21ce2774cd4cc7dcba2408f938f
The ID will include the type of connection (GERAN_A, UTRAN_IU) followed
by the SCCP conn_id.
This can be used for the fsm instance ID before we know the IMSI.
Change-Id: I4b875772e3994ad3458ee60dbf880604486d9afd
This is another left-over VTY command from the OsmoNITB days.
If such functionality is desired, it must be implemented in OsmoHLR,
but not here.
Related: OS#2528
Change-Id: Icf0897c47388e49ba7886b55acc728a6f7d213fe
OsmoMSC is using whatever reject cause is apropriate in the given
situation. This user-configurable reject cause only had relevance
in OsmoNITB, and hence it is an unused parameter that can be removed
in OsmoMSC.
Related: OS#2528
Change-Id: Ie1f39e706477aaf42051877b52d4b3ae1c5f138e
This belongs into the BSC and has no relevance in the MSC, as the MSC
has no clue about dynamic timeslots.
Related: OS#2528
Change-Id: Iaa41d22db81120572d4cd2c0c4c75d258947a42f
The mncc_rtp_create_pending and mncc_rtp_connect_pending members
were unused, let's remove them.
Related: OS#2528
Change-Id: I417e23ec53323ddd8e1e5d18952566fe8fd6ac24
When we receive bearer capabilities from MNCC and encode thme into
a CC message, we have to also update our "cache" inside 'struct
gsm_trans'. Only that way, the BSSMAP ASSIGNMENT code is aware of
the actual current/present bearer capabilities such as permitted speech
codecs.
This will in practise only work if the related CC/MNCC message with
berer_cap IE will happen before the MSC performs the BSSMAP ASSIGNMENT
procedure. Our logic still needs to change in a way that the CC/MNCC
code in gsm_04_08.c detects if trans->bearer_cap != new bearer_cap, and
in that case triggers a new follow-up BSSMAP ASSIGNMENT.
Change-Id: I6838dc0c8c4c2c6bba385da548c92f3fc91060c1
Closes: OS#2854
When we receive a MNCC_SETUP_REQ primitive from the external MNCC
handler, we must not only encode it into the TS 04.08 CC SETUP, but
also keep it around in the "trans" structure representing this voice
call, as it is needed e.g. at BSSMAP ASSIGNMENT time.
Change-Id: Ib6919d148ff6687112e8166dbde947be19e70a76
Related: OS#2322
Closes: OS#2929
There is no encoding of speech version / preference on Abis, only
on L3. L3 is carried on Um, Abis and A. Hence, referrin to Abis
in function names and comments is irritating.
Change-Id: Id226cd1414ca2a92356801bc71f43102d03ba37e
We cannot use conn->a.conn_id after conn has been free'd inside
msc_clear_request(). Let's store conn_id before that call to
ensure we avoid an use-after-free situation.
A more elegant (but more intrusive) solution would be to
move the SCCP connection clearing into the FSM itself.
Change-Id: Ibe41aa503e9f7cbeb05dce4b1a20b3eac85e619f
Closes: OS#2922
As in GSM/3GPP networks emergency calls carry no explicit destination
number/address, add a VTY commadn to patch in some destination handler
in the EMERGENCY SETUP before delivering to [internal or external] MNCC.
Change-Id: I7c9f43ba312fadda2b9a9483b3cf50e4abca9599
When we receive a msgb-wrapped primitive from the SCCP provider (stack),
it transfers msgb ownership to us (the SCCP user). The existing code
passed the msgb ownership down into all the various downstream
functions, which each then had to take care of msgb free'ing.
Not all of the paths did eventually free the msgb. And at least one
path used data from the primitive *after* the free
Let's restructure this in a way that no msgb ownership is transferred
down the call chain. Instead, there's one common msgb_free() in
sccp_sap_up(). We can do this as nobody is queueing or otherwise
keeping the msgb.
Change-Id: Ie65616ccb55ec58a0224bbe3c8e004e6029ef3e6
SUMMARY: AddressSanitizer: heap-use-after-free /home/laforge/projects/git/osmo-msc/src/libmsc/a_iface.c:538 in sccp_sap_up
Having all BSSAP related logs in the "DMSC" category is overly
generic, and dosn't provide useful granularity.
Change-Id: Id1e52dad03840dfd026fb23f3845a8771c8cc308
There's little point in resolving the gsm_subscriber_connection in each
and every function handling connection-oriented messages. We can
resolve it once and dispatch the already-resolved conn into the
function, instead of passing the raw sccp_user and a_conn_info.
Change-Id: Iea85527ea4d4cde7b36cc28a8027362c1570518f
Clean up the log statements in a_iface*.c, which was very inconsistent.
For example "BSC sending" is very confusing. We are receiving from the BSC,
and it did already send the message, it is no longer in the process of
sending it if we have already received it in the MSC.
Change-Id: Id50e964d86713ae506d4e7657159797e09501d99
During normal operation, regular messages occurring during processing
of a call / transaction should not be higher than LOGL_INFO.
Change-Id: Ibd04ade47b249406696c7d0b660474afc4f4adee
If the BSC is contacting us for the first time and sending a BSSMAP
RESET, then we should simply ACK that and transition into the
"connected" state, where connection-oriented and connectionless
procedures are permitted.
This patch is a bit large for such a seemingly simple behavioural
change, but the existing data model didn't permit a more
straight-forward implementation.
Change-Id: Ie67e7ed20a6c42afe99bafef96d85a4e083dd057
Closes: OS#2914
Using this argument we can create the state machine in the
"already connected" state, i.e. without starting an outbound
RESET procedure.
Change-Id: Ibf569d57300965cd47084fa0bff54aa67679e2a1
It is quite important to have some way of runtime state introspection
about the major objects inside osmo-msc. This patch adds some basic
capabilities to dump the most important information about
subscriber_connections and transactions (like calls/sms).
OsmoMSC> show connection
--ConnId ------------Subscriber RAN --LAC Use --Tokens CSA A5 State
00000001 IMSI:26242000000006 A 23 1 00000004 --- /0 SUBSCR_CONN_S_COMMUNICATING
Change-Id: I1c457c1eac20188f67b8379a36cfda3a085fcef4
The MGCP FSM implements a timeout when waiting for the RAN to complete
the call (assignment complete, alerting, connect...). This timeout
is currently set to 10sec. This means if the other end did not pick
up after 10sec, the MGCP connection will be lost while the phone keeps
ringing. When the other end finally picks up, the call gets
disconnected.
This behavior is odd and requires a proper fix. For now increasing the
timeout to 120sec. will decrese the probability that he problem occurs.
- Increas RAN timeout to 120sec (2 min).
Change-Id: I5a11d53f9701d9b11b18d7026ff2241c7c0b57f5
Check and handle gracefully any error which might appear in
osmo_gsup_encode() - mark corresponding functions with
warn_unused_result attribute to make sure this failure is always checked
against.
Change-Id: I4551212011fb0bd898c020a183756ed7a9afb9e5
Related: OS#2864
That's a preparation step for properly splitting main function of
different tests in follow-up function.
Change-Id: I68a2e94cf79fcb83286eef981a8d88bdbe10ef69
Related: OS#2864
For each test print:
* the test number
* IMSI
Unfortunately tests are organized in such a way that we don't know the
number of particular test in advance. Nevertheless, it make sense to
always print it regardless of -v option presense.
Related: OS#2864
Change-Id: I2e1d7701f5322d2311f32b796148a8b414f53b8e
Having while(0) as a body for for() cycle generate too much WTF while
looking at the code while not serving any obvious purpose. Let's just
drop it to avoid confusing developers.
Change-Id: I1f571ec319ff3231fd9acd4066e470476c3b1f78
Related: OS#2864
Don't fail tests using thwart_rx_non_initial_requests() via
OSMO_ASSERT. Instead log extended error which will fail the test
eventually but allows to gather additional info helpful for debugging.
Change-Id: I2607cb1ac60941dbc22fca532ed2b3738bfbcc63
Related: OS#2864
Print the IMSI used for each test. This enables expansion to tests with
several IMSIs in follow-up patches.
Change-Id: I7958608e5136351f7b7c0c57fe79791d989ce9c3
Related: OS#2864
This makes test routines more flexible and allows to easier re-use them
for tests with different IMSIs.
Change-Id: I74d46fdb7e87dc04c6b82a0b6f3ce6bef60bde58
Related: OS#2864
We don't usually put space before in-place increment or decrement. Let's
make code look similar to other Osmocom projects.
Change-Id: I5962431ad16c97e412939dc1b8949f6361a5c26e
in the current implementation we still use osmo-bsc_mgcp, which
has many problems and is also obsoleted by osmo-mgw.
integrate osmo-mgw and re-implement the current switching using
an osmo fsm.
Depends: osmo-mgw Iab6a6038e7610c62f34e642cd49c93d11151252c
Depends: osmo-iuh I3c1a0455c5f25cae41ee19229d6daf299e023062
Closes: OS#2605
Change-Id: Ieea9630358b3963261fa1993cf1f3b563ff23538
conn_id is modeled as int, but should be uint32_t.
- change conn_id from int to uint32_t
Change-Id: Ibf14d7c9a547c4eeb873975e7dcddef223e7df46
Related: OS#2769
Using following semantic patch:
@@ expression A, B, C; @@
- osmo_strlcpy(A, B, sizeof(A));
+ OSMO_STRLCPY_ARRAY(A, B);
Which was applied using following command:
spatch --dir src -I src --sp-file strlcpy.spatch --in-place --recursive-includes
All the calls to osmo_strlcpy() which use destination buffer obtained
via sizeof() were replaced with the corresponding wrapper macro.
Change-Id: I67b482dedfa11237ac21894fc5930039e12434ab
Related: OS#2864
According to TS 24.007 Section 11.2.3.2.3, it is possible that uplink L3
messages are duplicated in some scenarios, particularly during
assignment/handover procedure.
To avoid L3 entities from seeing duplicated messages, there's a modulo-2
or modulo-4 message sequence counter, based on which the MSC can detect
and suppress such duplicate messages.
It appears that even our unit tests were wrong in that regard so far.
Rather than manually adjusting each and every message, let's make sure
that the sequence number generation always increments as expected, and
that during matching of incoming messages, sequence numbers are masked
out.
Note: the tests will only pass from libosmocore Change-Id
Iec875a77f5458322dfbef174f5abfc0e8c09d464 onwards, due to
gsm48_hdr_msg_type() being broken in earlier versions.
Change-Id: Id15e399ab7e1b05dcd426b292886fa19d36082b1
Closes: #2908
Make the submit_to_sms() funcion aware of the message mode. If the
message does not require real-time "transactional/forward mode" we
can store it in the SMS database even if subscriber B cannot be
found in the VLR at this point in time.
This should should make the esme_ms_sms_storeforward test in
osmo-gsm-tester pass (a tweak to this test's expectations will
be needed as well, because the test currently assumes that an
invalid phone number for subscriber B will fail immediately,
rather than cause the message to eventually expire).
Change-Id: Ic3d78919568ad9252b4d19c3ddab5068d1c52db2
Related: OS#2354
This leads to faster recovery in case of link loss.
It also makes the TTCN-3 test suite run much faster, as each test case
will inherently terminate the GSUP connection.
Change-Id: I16821a26f2c6ff4d0a76926c9212127ab6f6fedf
There's no point of ever asking a MS to perform ciphering using an
algorithm it advertises no support for. Let's hence use CLASSMARK
information to figure out the intersection between MSC policy (VTY
command) and MS-reported CLASSMARK.
Change-Id: Id124923ee52a357cb7d3e04d33f585214774f3a3
So far, the administrator had to pick one particular cipher which
would then be used throughout all subscribers/phones. This is a bit
impractical, as e.g. not all phones support A5/3. Extend the VTY
command syntax in a backwards-compatible way to permit for multiple
ciphers.
NOTE: Like the previous code, OsmoMSC does *not yet check* whether
the configured cipher is compatible with the MS capabilities as
reported in CLASSMARK! The network hence might choose an algorithm
not supported by the phone. Fixing this is subject to another patch.
Closes: OS#2460
Change-Id: I79a4e2892eb5fbecc3d84e11dceffb7149db264b
The VLR code seems to have the assumption that there is one particular
algorithm to be used, as opposed to one of a set of algorithms.
What's missing is basically to decide when/where to pick the best
algorithm within the capabilities of the phone (classmark) and the
network configuration (net->a5_encryption_mask). So far, libvlr has no
notion of classmark. Rather, libmsc has.
Why does the VLR care about the particular algorithm at all? The VLR
should probably simply decide if it should use encryption or not, and if
so, the MSC will figure which algorithm to use.
Change-Id: I5ed80ca2086560a5975a758ec568a034a9a8ab89
Delete expired SMS whenever we are done processing an SMS-related signal.
In order to minimize additional latency only one SMS is removed at a time.
Change-Id: I56cbe716e52b679c4b94f6cbb4a171306975be2e
Related: OS#2354
Accept any SMS and store it in the database, even if the receiver of
the message cannot be determined when the message arrives at the MSC.
This fixes https://osmocom.org/issues/2354 ("SMSC: Store&Forward not
working for subscribed but unregistered MS").
Change-Id: I833c3abd290d2bc5fceec7457e3933c9600e6c24
Depends: Icd6093b7b5d8db84b19a0aa47c68182566113ee2
Depends: I56cbe716e52b679c4b94f6cbb4a171306975be2e
Depends: Icf786f9b1efabfe7407fb6414ec0d326d8f7244a
Related: OS#2354
We already delete SMS which have been sent successfully. However, there
are plans to accept SMS for any subscriber in order to fix the problem
described in https://osmocom.org/issues/2354 ("SMSC: Store&Forward not
working for subscribed but unregistered MS").
This means we may end up storing SMS which never get sent, e.g. because
the B subscriber doesn't actually exist. This could lead to a higher
degree of SMS database growth over time, and therefore we need a way
to keep database size under control.
As a first step, introduce a DB function which removes an expired SMS,
and add a VTY command which removes all expired SMS from the DB.
Later commits will build upon this to remove expired SMS automatically.
The SMS expiry time period is currently hard-coded to 2 weeks.
We could make this configurable in the future if desired.
Change-Id: Icd6093b7b5d8db84b19a0aa47c68182566113ee2
Related: OS#2354
osmo-msc still had large amounts of dead code that came along from
openbsc.git. This commit removes a lot of it, mostly stuff relevant
only to the BSC side of things (or even GPRS).
Change-Id: I247def85da2dc3ec461389fb74414a0d964e7e3c
Related: OS#2528
There's nothing GPRS related left in osmo-msc, and hence no reason
why we should build osmo-ggsn as a build dependency.
Change-Id: I096f63e471dc8fdbd42a78f67d433f61b830615b
We don't have BSC or GPRS related logging filters here.
This is a leftover from the NITB->MSC split
Change-Id: I05f991d1f5b7f89545521a73d79619bee4111094
According to TS 44.008 Section 3.2.1.31, the "Layer 3 Message Contents"
IE of the BSSMAP Cipher Mode Complete is optional. The BSC may hence
inlcude that IE or not include it.
Without this patch, OsmoMSC is crashing if that IE was missing:
<000a> a_iface_bssap.c:699 Rx BSC DT: 00 03 55 2c 02
<000a> a_iface_bssap.c:629 Rx MSC DT1 BSSMAP CIPHER MODE COMPLETE
<001f> a_iface_bssap.c:91 Found A subscriber for conn_id 1
<000a> a_iface_bssap.c:415 BSC sends cipher mode complete (conn_id=1)
==5611== Invalid read of size 8
==5611== at 0x128D0F: msc_cipher_mode_compl (osmo_msc.c:159)
==5611== by 0x114F62: bssmap_rx_ciph_compl.isra.8 (a_iface_bssap.c:432)
==5611== by 0x113267: sccp_sap_up (a_iface.c:520)
Change-Id: I722f9b468b157b3736918f090daaa9489a6028ee
Closes: OS#2871
Even if we're not implementing CM re-establishment, we should give
the MS a clear indication that we don't do and follow the related
procedures of TS 24.008 by sending CM SERVICE REJECT.
Closes: OS#2869
Change-Id: I1c0473647295456fd635b8df6079ee48695dcf2e
In I8de7c01f9ea1d66c384e57449c4140186f5ce6c5, libosmocore introduced
shorter names in gsm48_pdisc_names, which has implications on the
expected test output
Change-Id: I4421872a0d609dd50a6b911b928aa5e111d1ad24
Measurement reporting (and the relate feed) are functions of the BSC,
not the MSC. This code should never have been inherited from OsmoNITB
to OsmoMSC in the first place, let's remove it.
Change-Id: I0d57ac214e574e267fa9752daf76566197b9aa64
When we receive a CM Service Request, OsmoMSC should eventually verify
what kind of service it is the phone requests, and whether we support
that service.
Change-Id: I499730d760dc9ac7f599e09959c6eac4452f2eab
Closes: OS#2668
OsmoMSC rejects an Emergency Call with IMEI as mobile identity with
"semantically incorrect message" which is clearly wrong. According to TS
24.008 4.5.1.5 we should reject with cause 5 "IMEI not accepted"
Found with TTCN-3 test case MSC_Tests.TC_emerg_call_imei
Change-Id: I2f7ab0e32b914a112c0b17c523d149ccd0299099
Closes: #2866
MNCC has a MNCC_F_EMERGENCY flag to indicate that the mncc.emergency
field is present. However, OsmoMSC never sets this flag.
Change-Id: I0ebd8f88e483172988f4a0cb0636b4160688d8ad
Closes: OS#2865
An emergency call should be logged different from a normal call,
and we also increase the log level from INFO to NOTICE in such a
situation.
Change-Id: I83f3b8bd0aeda70f03aa7b8d264a9008d10d5687
There appears to have been no input validation whatsoever on MNCC
messages. Hence it was very easy for an external MNCC handler to
crash OsmoMSC, such as in OS#2853
Change-Id: Idaf3b8e409c84564b1eb26d01a19c605f89b14f4
Closes: OS#2853
Quote the argument to sqlite's datetime(). Otherwise, the timestamp
stored in the database reads back as a negative value for some reason.
Before:
1032 validity_timestamp = dbi_result_get_datetime(result, "valid_until");
(gdb) p validity_timestamp
$2 = -1516814654
After:
1032 validity_timestamp = dbi_result_get_datetime(result, "valid_until");
(gdb) p validity_timestamp
$2 = 1516814654
Change-Id: Icf786f9b1efabfe7407fb6414ec0d326d8f7244a
As the include file gsm_data.h is generic (does not depend on osmo-iuh0s
iu_client.h), rab_assign_addr_enc is declared as "int" instead of "enum ranap_nsap_addr_enc".
osmo-msc/src/libmsc/msc_vty.c: In function ‘msc_vty_init’:
osmo-msc/src/libmsc/msc_vty.c:212:30: warning: passing argument 2 of ‘ranap_iu_vty_init’ from incompatible pointer type [-Wincompatible-pointer-types]
ranap_iu_vty_init(MSC_NODE, &msc_network->iu.rab_assign_addr_enc);
^
Change-Id: I1b63ee350911bdf772a2324fff55035275a455c4
Compute a validity timestamp based on SMS validity time.
Store the computed value in the database and recompute the validity
time when an SMS is read from the database.
Change-Id: Id27c250d3a64cd109416450e8ca155b18a8b9568
Currently the SMS database keeps accumulating entries for each SMS.
These entries are never deleted automatically. With this change, we
start deleting SMS which have successfully been sent to subscriber B.
Change-Id: I3749855fe25d9d4e37ec96b0c2bffbc692b66a78
If we cannot open a connection to the sqlite3 database, show the name of the
database we failed to access, and also hint at the fact that a likely reason
for the problem is a missing sqlite3 driver for libdbi.
Change-Id: If1c0026e882984b4358ce116ec4a7ad40340517c
There is no any significant reason to define static function
'send_own_number' after the code that calls it.
Change-Id: I7f76f278c09489dccd96921610e8d06efa679ff2
This change removes a few USSD specific declarations, which are
not actually used now, and probably accidentally migrated from
legacy OpenBSC.
Change-Id: Id57a24b92790d3ce0f9c7343d060f511e2b979c7
* move log helpers to generic header
* log subscriber update
It's handy for troubleshooting issues with subscriber update via GSUP
from HLR.
Change-Id: I1958aeeb3ea99831c7e2c5ee9a6b59834baf4520
The expire_lu is never used but is printed for every subscriber. Let's
remove it to avoid confusion.
Change-Id: I6f7ad1670836384d1e6a58f47a13464fdbbf8509
This avoids potential licensing incompatibility and makes integration of
Debian packaging patches easier.
Related: OS#1694
Change-Id: I71cd631704a4dc155c6c752fee2a42cd6e2fa336
It's not clear cut which code is responsible for canceling pending requests,
since the requests list is kept in vlr_subscr, but sending out Paging does
certainly not belong in the VLR. Place the requests cleanup in gsm_04_08.c.
Add to test_ms_timeout_paging() in msc_vlr_test_ms_timeout.c to verify that a
pending paging is canceled on IMSI Detach.
Change-Id: Ib8874a9d92f02b0826525b55518332f6899688fd
Currently, if there is no reply from the BSS / RNC, a subscriber will remain as
"already paged" forever, and is never going to be paged again. Even on IMSI
Detach, the pending request will keep a ref count on the vlr_subscr.
Add a paging timeout, as gsm_network->paging_timeout and in the VTY on the
'msc' node as 'paging timeout (default|<1-65535>'. (There is a 'network' /
'T3113' in OsmoBSC, but to not confuse the two, give this a different name.)
Add test_ms_timeout_paging() test to verify the timeout works.
I hit this while testing Paging across multiple hNodeB, when a UE lost
connection to the hNodeB. I noticed that no matter how long I wait, no Paging
is sent out anymore, and found this embarrassing issue. Good grief...
The choice of 10 seconds is taken from https://osmocom.org/issues/2756
Change-Id: I2db6f1e2ad341cf9c2cc7a21ec2fca0bae5b2db5
These rx functions are only used for the A interface, hence the names should
not suggest general SCCP rx (which Iu also has).
Change-Id: I6815c3d4dea4c2abfdff1cf0239ada6a9254f351
Add LOGPBSCCONN for struct bsc_conn.
Use LOGPCONN or LOGPBSCCONN whereever possible.
Tweak a few log messages and remove one redundant log.
Change-Id: If9cb0e7a5cef2ec37a1a7c548aecf11a11c22eec
The target buffer in libsmpp is 16 bytes long, and snprintf() may omit the
terminating zero. There seems to be no handling for unterminated strings, so
osmo_strlcpy() is the safer (and presumably more optimal) choice.
Change-Id: I5845666201f945ea9f83da62f2dd4bec52eb74cf
In case of UMTS AKA, the Kc for ciphering must be derived from the 3G auth
tokens. tuple->vec.kc was calculated from the GSM algorithm and is not
necessarily a match for the UMTS AKA tokens.
So far we were always sending the Kc retrieved from osmo-hlr. If the 2G auth
algo is set to milenage, the 2G Kc coincides with the one derived from 3G
tokens, but if 2G is set to a different algorithm, the Kc received from the
osmo-hlr is not usable for ciphering when UMTS AKA was used for authentication
(on R99 capable GERAN and MS).
Implementation: To decide whether to use UMTS AKA derived Kc or the Kc from the
auth vector, use the umts_aka flag added to set_ciph_mode() in a previous
patch. Use osmo_auth_c3() to derive the GSM AKA Kc from the UMTS AKA CK and KI.
Related: OS#2745
Requires: I85a1d6ae95ad9e5ce9524ef7fc06414848afc2aa (libosmocore)
Change-Id: If04e405426c55a81341747a9b450a69188525d5c
In case of UMTS AKA, the Kc for ciphering must be derived from the 3G auth
tokens. tuple->vec.kc was calculated from the GSM algorithm and is not
necessarily a match for the UMTS AKA tokens.
To decide (in an upcoming patch) whether to use UMTS AKA derived Kc or the Kc
from the auth vector, the set_ciph_mode() from vlr_ops needs to know whether
UMTS AKA is being used. This could possibly derived from the msc_conn_ref, but
all flags are already available in the vlr_lu_fsm and vlr_access_req_fsm. Hence
add a umts_aka flag to the set_ciph_mode() callback invocation. The VLR FSMs
thus decide whether UMTS AKA or GSM AKA is to be used during Ciphering Mode
Command, which makes more sense than re-implementing the same decision process
in the MSC.
I considered placing the Kc derivation in vlr_set_ciph_mode() and only tell the
MSC's set_ciph_mode() implementation the precise keys it should use, but the
RAN particulars, and whether a Kc is used at all, rather belong with the MSC.
Related: OS#2745
Prepares: If04e405426c55a81341747a9b450a69188525d5c
Change-Id: I983c48347faf4ee1b405d8174b4e006c904157cf
During Set Ciphering Mode on GERAN, it is required to know whether UMTS AKA is
used to decide which Kc to pick. Change static function is_umts_auth() into
public vlr_use_umts_aka(), so future patches can re-use it.
Prepares: If04e405426c55a81341747a9b450a69188525d5c
Change-Id: I85d784c62ecbabdb6186a3dae4dcd554e7921041
a_iface_tx_cipher_mode() is a bit too far away from the VLR to be handling its
ciphering enums. Instead, construct the gsm0808_encrypt_info in the
msc_vlr_set_ciph_mode() callback.
Greatly simplify the sanity checking code: a_iface_tx_cipher_mode() no longer
needs to re-verify the presence of the gsm0808_encrypt_info contents.
Change-Id: Id46f9a513b555d0a481f7124c9984c2b5b196b3e
The bit shifting is performed in gsm0808_enc_encrypt_info(), and must not be
done when populating the gsm0808_encrypt_info struct.
Provide vlr_ciph_to_gsm0808_alg_id() to translate the enum vlr_ciph to the
GSM0808_* constants we need to put in the gsm0808_encrypt_info struct instead.
Related: OS#2745
Change-Id: If75f95e8a5cc8b9979610ce6d746c1f0073ee39a
DLSMS logs SMS pointers, so is not suitable for logging them always. Allow
logging for manual invocation, though.
Change-Id: I1b7d2fd3fb38bf50eeabd6f7ef736d70a17de7a6
When the subscriber has no MSISDN, we might construct an invalid SQL statement
such as
... AND dest_addr= AND ...
Instead, don't even query for empty MSISDNs.
Related: OS#2706
Change-Id: I7d6169d774b2da04b3051957e364fe620feed51e
The commandline option -m has already been deprecated before the
split. Use the split as an opportunity to get rid of this option.
Change-Id: Ie23d492a839aae85470e39b0d0ad8f57b0d38f7e
The lchan related struct members do not serve any useful purpose
in the msc code, since the lchan concept is not in the scope of
osmo-msc. However, if removed te struct size will change which
will lead into shortened protocol messages as well. This is
is detected by osmo-sip-connector and eventually leads into
a reject ofthe shortended protocol messages.
Re add the missing struct members in order to maintain
compatibility
This commit reverts the changes made to mncc.h by commit:
e2f24d53e4
Change-Id: Ia02373a36df7605507ee3de49173a9fd6547b726
The ipa.py has been moved to osmo-python-tests as osmo_ipa - use it for
vty and ctrl tests instead of local copy. The soap.py and twisted_ipa.py
are not MSC-specific: leftovers from repository split which are now
available in osmo-python-tests as well.
Change-Id: Ia3ab77846c9beae7eca32a81079a4a9bfa4dcc75
The log output of the reset FSM duplicates lots of the built in
FSM log output.
Remove duplicate logging, use more expressive log messages where
needed.
Change-Id: Ie031d947a5b8097bd656c0271081af215605ba02
All the CTRL tests were skipped automatically because they were
inherited from before repo split time. This means that MSC CTRL
interface was not tested at all. Add trivial test which uses generic
rate counter introspection so we at least check that MSC's CTRL
interface is not completely broken.
Change-Id: I784feece666b00752a81f2c126e6f255505445be
Adjust test expectations accordingly.
The error was:
==16084==ERROR: AddressSanitizer: heap-use-after-free on address 0x61500000f5f4 at pc 0x561be639ac2b bp 0x7ffc0aabbe40 sp 0x7ffc0aabbe38
READ of size 4 at 0x61500000f5f4 thread T0
#0 0x561be639ac2a in _msc_subscr_conn_put ../../../../src/osmo-msc/src/libmsc/osmo_msc.c:384
#1 0x561be636070b in rx_from_ms ../../../../src/osmo-msc/tests/msc_vlr/msc_vlr_tests.c:204
#2 0x561be6360b21 in ms_sends_msg ../../../../src/osmo-msc/tests/msc_vlr/msc_vlr_tests.c:217
#3 0x561be635b40a in test_call_mt ../../../../src/osmo-msc/tests/msc_vlr/msc_vlr_test_call.c:328
#4 0x561be6363bb7 in run_tests ../../../../src/osmo-msc/tests/msc_vlr/msc_vlr_tests.c:802
#5 0x561be63524ea in main ../../../../src/osmo-msc/tests/msc_vlr/msc_vlr_tests.c:849
#6 0x7f6eebb3e2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
#7 0x561be6352fb9 in _start (/n/s/osmo/make-3G/osmo-msc/tests/msc_vlr/msc_vlr_test_call+0xdafb9)
Related: OS#2672
Change-Id: If0659a878deb383ed0300217e2c41c8c79b2b6a5
On MT call, there is a bug in CC conn use which leads to an early free and
use-after-free.
Add msc_vlr_test_call to show both MO and MT call legs separately and reproduce
the failure. It is visible in a sanitizer build (on debian 9).
A subsequent patch will fix the bug: If0659a878deb383ed0300217e2c41c8c79b2b6a5
Related: OS#2672
Change-Id: I6c3ca0c660388b1e2c82df17ec540c846201b0c7
If a conn is attempted to be used when in release, log an error, but don't skip
tracking.
No current code path apparently hits this, according to msc_vlr_tests. Just
making sure that we will prominently see such errors when we introduce any.
Change-Id: I8dd20ee56ce5ad7a90fcd03a06604c383e5eed54
When hunting a conn use count bug, it was very hard to figure out who's (not)
using the conn. To ease tracking down this bug and future bugs, explicitly name
what a conn is being reserved for, and track in a bit mask.
Show in the DREF logs what uses and un-uses a conn. See the test expectation
updates, which nicely show how that clarifies the state of the conn in the
logs.
On errors, log them, but don't fail hard: if one conn use/un-use fails, we
don't want to crash the entire MSC before we have to.
Change-Id: I259aa0eec41efebb4c8221275219433eafaa549b
We usually have both A and IuCS on 0.23.1, using differing SSNs.
0.23.2 was used only if there was a separate cs7 instance for Iu, which is not
practical, and even if used does not conflict with 0.23.1 (since it would be on
a different STP).
Just use 0.23.1 for all SCCP clients.
This needs adjustment of
https://osmocom.org/projects/cellular-infrastructure/wiki/Point_Codes
Change-Id: I3d5466eff5680cb5aa95a76a9e179fdf88ce8aa0
To avoid sanitizer build failures, ensure that the talloc contexts are empty
when done and free them.
Separate the msgb context from the overall talloc context for clarity: if
nested, the outer one would contain two blocks.
Change the "sms_queue_test" context from 1 byte to 0 in order to get a size of
zero in the end.
Change-Id: If08ba48ab9c28bf3c2db4014837c1304cec04aaf
The BSC rate counters are a leftover from the nitb split.
Accessing them would result into a null-pointer exception,
because the struct isn't initialized.
Change-Id: I8c72ab8bf781d3f9a436eb1a27ac4d13df5e656b
If something changed the talloc landscape, it is hard to find out what the test
actually expected when it was written. Add the expectations in an inline
comment.
Change-Id: If92a18bb3dc24c2cf6498aa2da29266267488240
Terminating one of the FSM instances may effect termination and deallocation of
the others, as well as the vlr_subscr itself. So, reserve the vlr_subscr
locally, and then dispatch events to exactly those FSM instances that exist.
The changes in expected output in the msc_vlr_tests shows that the subscriber
was deallocated from the first FSM termination, and now sticks around until
we've checked both FSMs are gone.
Change-Id: I56551ecc10f5295fe75944bdde4b583b1b621811
If dispatching a conn timeout, the conn fsm will already have been discarded,
and we cannot fire any more events to it.
The expected test output changes illustrate that we are now omitting event
dispatches that happen *after* the same FSM was already deallocated.
Change-Id: I25af3e5a1b04e3a5c9f41956cbcbbdd8439c6457
osmo_gsup_decode() doesn't actually decode everything, it does leave quite a
number of pointers into the original msgb. Hence we must not deallocate the
gsup msgb before dispatching GSUP events.
Move msgb_free() to the bottom of vlr_gsupc_read_cb() and use rc and gotos to
early-exit if needed.
Change-Id: I16fc92dcf84e29fcf34712a2e8b0464ef08425ad
When sub_pres_vlr_fsm_start() is called, it dispatches an event which may in
some cases already cause tear down and free of the parent FSM instance, after
which storing the returned instance pointer in that parent's metadata will use
freed memory. Instead, pass the target pointer to remember the instance at to
sub_pres_vlr_fsm_start() and assign the pointer *before* firing the event.
Explain so in a new comment.
I haven't checked whether that pointer is actually used at all -- this is the
easiest way to fix the use-after-free without getting sucked into semantic
questions.
Change-Id: Ibdc0b64cd12ba3e2b9737e3517d8484e67abcf04
Use ':' as separator, so that no mangled rate_ctr descriptions are allocated.
When '.' is used, the rate_ctr mangling code creates tallocs of mangled counter
descriptors, and hence affects the amount of expected talloc contexts in
msc_vlr_tests.c.
Change-Id: Ib1db8e3dc6c833174f1b0b1ca051b0861f477408
The log message after the nullpointer check for conn tricks Coverity
Scan into detecting a nullpointer deref.
Include the log message into else branch to state the program flow
more clearly
Fixes: Coverity CID#178656
Change-Id: If6e962f4033c955ecd3539a719031a83c9b6205a
The reset context contains a string buffer to allow for setting
a human readable name, that is then displayed in the logs. Since
OSMO-FSMs already have such a feature there is no need for an
extra name variable.
Use LOGPFSML and the name parameter of osmo_fsm_inst_alloc()
to display the name of the FSM
Fixes: Coverity CID#178664
Change-Id: I5b051606791c5e085ca6bb1be20592127d48ceb5
Wen there's no SMPP support compiled in, and routing was successful,
we shouldn't return an uninitialized value.
Change-Id: I4abbbb5ab336a7e8da08d682f396baec3b56fa3a
Fixes: Coverity CID#174176
osmo-mgw.git is changing the mgcp_client_vty API to use 'mgw' instead of
'mgcpgw'. Fix example configs after that patch is merged.
Depends: I1d43d42929dc9162e57640499526fb7cadbcfbe6
Change-Id: Ib4c5ec1046a3c7a916ecfb7e5aa83dfe2f5ea8bf
vty_install_default() and install_default() will soon be deprecated.
Depends: I5021c64a787b63314e0f2f1cba0b8fc7bff4f09b
Change-Id: I34708c73d8084db4e6c83a39be8fdaeaa492d743
When using ciphering, the TMSI is an important part of the ciphering. To guard
against users forgetting to set 'assign tmsi' in the config and compromising
their ciphering unknowingly, the default should be to use a TMSI.
To optimize in an unencrypted network, 'no assign tmsi' config can still switch
off TMSI use.
Change-Id: If115e95bebc314bedb50faf3993b52071fee5c1e
The name auth_tuple_max_use_count suggests that if I want to use each auth
tuple exactly once, I need to set it to 1. Curiously, so far you need to set
to intended uses - 1.
Reflect this in its name by renaming to auth_tuple_max_reuse_count.
I first considered to not rename but change the if-conditions so that == 1
means each tuple is used once, and upon struct vlr allocation, set the default
to 1. That would also logically entail that setting to 0 means to re-use
vectors infinitely often, like now a value < 0 does. That means, when
allocating a vlr struct zeroed out, we would by default have the most
dangerous/unsafe configuration. It's no problem to set a default to 1 upon
allocation, but by renaming the variable instead, we get safer alloc-zero
behavior and don't need to change any conditionals in the code (even though the
patch ends up considerably larger from all the renaming).
Change-Id: I0b036cae1536d5d6fb2304f837ed1a6c3713be55
Before this, a code change in libvlr or libmsc would not cause a rebuild of the
tests.
You'd have thought 'AM_LDADD' were the right name for the variable, but
apparently it is just 'LDADD' instead. Tested that it works as intended.
Change-Id: Icbdedc1581fa23abe9ed99cef3918592b25f30b3
I'm using the dame version as in configure.ac to avoid build failures
against older versions of certain packages, such as older libsmpp34.
Change-Id: I83c617fa4e83e2e3d2613e454f517d6031814f21
libmsc/a_iface.c and libmsc/a_iface_bssap.c still include
osmocom/sccp/sccp_types.h to get access to enums defining SCCP
cause values. Until that is resolved, we have to keep the build
dependency to libosmo-sccp-dev
Change-Id: I957dcb2bcce216d0fd81a58bfe869aca0e4624a8
Related: OS#2601
See osmo-ci change I2409b2928b4d7ebbd6c005097d4ad7337307dd93 for rationale.
Depends: I2409b2928b4d7ebbd6c005097d4ad7337307dd93
Change-Id: I6ae80147b2624079b5c364dbce08194215cc4e95
[ Alexander Couzens ]
* debian/rules: show testsuite.log when tests are failing
[ Neels Hofmeyr ]
* build: check for -lgsm
* am: msc_vlr_tests: use AM_LDFLAGS instead of COMMON vars
* jenkins: fix build: osmo-mgw from master, not pre_release
* jenkins: drop unused build matrix vars, always --enable-smpp
* configure.ac: fix to "AC_INIT[osmo-msc]"
* rewrite README
* rename openbsc.pc to osmo-msc.pc
* debian: fix web and VCS links, tweak osmo-msc.install
* drop files unrelated to osmo-msc
* rename include/openbsc to include/osmocom/msc
* doc/examples: add detailed cs7 config examples
* use separated libosmo-mgcp-client, apply rename to mgcp_client_*
* ctrl: subscriber-list-active: list only attached subscribers
* debian: fix dependency to mgcp library
* main: remove cmdline args no longer available for osmo-msc
* vty: fix: missing default cmds at hlr node
* ctrl: remove unimplemented cmds subscriber-{modify,delete}
* fix build: remove obsolete header legacy_mgcp/mgcp.h
* fix debian: fix erratic doc/examples install path
* fix memory leak: vlr: vlr_gsupc_read_cb() must msgb_free()
* fix vty tests: long timeout due to unreachable STP address
* cosmetic: vlr: declare a struct in .h; drop unused header
* add ';' after OSMO_ASSERT()
[ Philipp Maier ]
* a_iface: fix memory leaks
* a_iface: fix typo
[ Max ]
* Remove rest_octets.h
* Remove SI-related code
* Remove BTS-specific attributes
* Remove unused osmo_bsc_rf.h header
* Remove pkg-config file
[ Harald Welte ]
* Update .gitignore for post-nitb-split
* remove further files and autotest/autoconf bits irrelevant to osmo-msc
* Rename osmo_fsm to avoid illegal space in name + more meaningful name
* Debian: remove obsolete Dependencies
* configure.ac: Depend on latest tagged/released libosmo-* versions
* Debian: Build with enabled SMPP support
* osmo-msc: Don't link against libasn1c
* Debian: Include systemd.service in package
* Debian: include all (not just one) example config files
Change-Id: Ic24d937658e5b467c6643ae3cd54e5b6d9db3175
osmo-msc doesn't use any API/symbols of libasn1c directlry. Rather,
we use libosmo-ranap which in turn uses libasn1c. Let the linker
work out that dependency.
This fixes the following dpkg-shlibdeps warning:
Change-Id: I2f840884d8f1cc542de1e26acd3d4215bd2fd899
dpkg-shlibdeps: warning: package could avoid a useless dependency if debian/osmo-msc/usr/bin/osmo-msc was not linked against libasn1c.so.0 (it uses none of the library's symbols)
This is the safe choice, as in absence of automatic testing we don't
know if we actually still build against the [sometimes] ancient
dependencies. Would be great to automatize this, but until we have that,
better be safe.
Change-Id: Idf5cad1dc17a5136d00c970c326cdf3b7ee18e3c
A FSM doesn't need "FSM" in its name, as it is obvious that it is a
FSM. Also, having two that are called RESET is confusing, so let's
try to come up with better names.
Also, after Change-Id I9ef59432f43a3cdb94e4cbb0c44ac3f9b2aac0f2 in
libosmocore, we now enforce that no FSM identifiers contain spaces
or other illegal characters.
Closes: OS#2593
Change-Id: I858a81b8a4e01b2e802e3159f2835e5ca515953d
Currently, OSMO_ASSERT() is defined such that it ends in a semicolon, hence an
added ';' is redundant. However, the usual way this kind of macro should be
defined is
#define OSMO_ASSERT(x) do { ... } while(0)
so that the compiler requires a trailing semicolon.
To prepare for such a change possibly coming up in libosmocore, add ';' to all
OSMO_ASSERT() users.
Change-Id: Ic79c8b8f98a7f3bef761751d55a7e6125cf2c46d
In vlr_core.h, "pre-declare" a struct used in function declaration.
In vlr_lu_fsm.c, gsup.h is not used, drop the #include.
Change-Id: I61d793c3001abbe6d381be1ae0bb350b07403e88
The doc/examples/osmo-msc SCCP config examples with 10.23.42.1 as asp ip-remote
cause >5 minutes timeout for each VTY config test being run before the VTY
becomes available. This hugely elongates the config tests, we didn't spot it
before because it does succeed after that timeout. Rather use link-local
addresses in order to immediately note the lack of connection and carry on with
the VTY config tests.
Related: OS#2333
Change-Id: I5ea4ef8a7e181bd3a38edf9c3b5d098f6ba65ee5
Add required msgb_free() to vlr_gsupc_read_cb().
Adjust msc_vlr_tests.c gsup_rx() to *not* free the msgb again after
vlr_gsupc_read_cb() did.
Related: OS#2476
Change-Id: I347c53f57a7fa79921aed3f6e42599841acf27c0
Since Ifb8f3fc2b399662a9dbba174e942352a1a21df3f libosmo-mgcp-client has its own
definitions in mgcp_common.h, which conflict with legacy_mgcp/mgcp.h. This
cross-inclusion to support libosmo-mgcp-client is no longer necessary.
In the future, including libosmo-mgcp-client together with libosmo-mgcp will be
made possible, but not with libosmo-legacy-mgcp (because we don't care enough).
That is why including libosmo-legacy-mgcp headers would cause build failure.
Depends: Ifb8f3fc2b399662a9dbba174e942352a1a21df3f
Change-Id: I8e3359bedf973077c0a038aa04f5371a00c48fa0
The MSC should not fiddle with low-level SI details like rest octets
anyway. Unfortunately simply removing the header is impossible as it
causes massive fallout due to missing includes. Fixed it as well.
The only other parameter which required removal is cell_ro_sel_par which
is not referenced anywhere in the code anyway.
Change-Id: Ibff77330de056fad4288cd4c48d016aad8105354
osmo-mgw has split the MGCP client to a separate library in
change-id I8e0b2d2a399b77086a36606f5e427271c6242df1
or commit 97df691307e48c39170ac39b2394a7095d7f0ee5.
Change-Id: I9c56c218fce2264fe0acae62caed4d9ff4bfb54c
I would have liked to add a regression test to verify this, but currently there
is no easy way to run CTRL tests and at the same time have access to the
osmo-msc in a way that simulates an attached subscriber.
Related: OS#2285
Change-Id: I003542b208ecf3713e9e67712d84ccb4c61af14e
After osmo-mgw changes I8e0b2d2a399b77086a36606f5e427271c6242df1 and
I99f7faab637cfcc22ece64a1dbcbe590f2042187, apply linking of new
libosmo-mgcp-client and renames to drop the "gw" from mgcp_client_*.
Also rename the gsm_network.mgcpgw to mgw, to indicate that the MGCP client is
used to contact the MGW (Media Gateway).
Depends: I8e0b2d2a399b77086a36606f5e427271c6242df1 (osmo-mgw)
I99f7faab637cfcc22ece64a1dbcbe590f2042187 (osmo-mgw)
Change-Id: I093ad02ca0e532f659447c785e09678b3e6f220d
These either remain from openbsc.git or slipped in while applying recent
patches from openbsc.git and do not belong in osmo-msc.
Empty out contrib: remove things that are either obviously unrelated to
osmo-msc, or seem old and/or esoteric.
Change-Id: I49957769e09eed6d723bf7c3777024b62b3480fd
It was a n00b mistake to define COMMON_LDFLAGS and COMMON_LDADD to pass the
same linker options to each test binary. Instead, use AM_LDFLAGS and remove the
autoreconf warning.
tests/msc_vlr/Makefile.am:66: warning: variable 'COMMON_LDFLAGS' is defined but no program or
tests/msc_vlr/Makefile.am:66: library has 'COMMON' as canonical name (possible typo)
Related: OS#2448
Change-Id: I6efae6e192b22de2c1d706edd55385135142532b
If libosmo-legacy-mgcp is built with --enable-mgcp-transcoding, we need to link
-lgsm here as well. This autodetects whether -lgsm is necessary.
Todo: how about --with-g729?
Todo: osmo-msc is only using the mgcp client and should not actually need
transcoding nor -lgsm.
Change-Id: Iab55a089ae36017b79e7cbc3cac45ef9fd85dd43
The function gsm0408_dispatch() accepts a message buffer pointer
and accesses the l3h pointer. Even in a properly allocated
message buffer, this may lead into a segfault if the user forgets
to set the l3h pointer. This commit adds assertions to popup a
more expressive error message.
Change-Id: I43bd9bd1c170559aaa8dacaef25dba090744bcd5
Rewire build and includes to libosmo-legacy-mgcp.
Drop osmo-bsc_mgcp and related python tests, now found in osmo-mgw.git.
libosmo-legacy-mgcp is installed from osmo-mgw, hence add the dependency to
jenkins.sh (so far using the pre_release branch).
Change-Id: Ic99d681759edce11564da62500c2aac5cf5fffe2
Remove libiu here, use the functions from libosmo-ranap instead, by applying
the ranap_ / RANAP_ prefix.
Corresponding change-id in osmo-iuh.git is I6a3f7ad15be03fb94689b4af6ccfa828c25f45c0
To be able to run the msc_vlr tests for RAN_UTRAN_IU without Iu client headers
available, add iu_dummy.h, containing mere function signatures that match
iu_dummy.c and a mostly empty struct ranap_ue_conn_ctx.
Make sure we can build with and without --enable-iu: include osmo-iuh headers
only with --enable-iu.
Change-Id: Ib8c4fcdb4766c5e575618b95ce16dce51063206b
In SGSN, actually place the port in the SGSN config by default, so that the
gsup port may now be omitted in the VTY config (the IP address suffices).
Adjust the osmo-sgsn.cfg example.
Depends: I4222e21686c823985be8ff1f16b1182be8ad6175 (libosmocore)
Change-Id: I50f2040e2eb0baacb43849e93cfed10cbc2fc156
Currently the force_realloc feature is turnd on and of in a
hardcoded way. This patch makes the option available via VTY.
Change-Id: Ic8740512c5ea0766ff6ceb1c28b9c2b3fe46e75f
This was originally a long series of commits converging to the final result
seen in this patch. It does not make much sense to review the smaller steps'
trial and error, we need to review this entire change as a whole.
Implement AoIP in osmo-msc and osmo-bsc.
Change over to the new libosmo-sigtran API with support for proper
SCCP/M3UA/SCTP stacking, as mandated by 3GPP specifications for the IuCS and
IuPS interfaces.
From here on, a separate osmo-stp process is required for SCCP routing between
OsmoBSC / OsmoHNBGW <-> OsmoMSC / OsmoSGSN
jenkins.sh: build from libosmo-sccp and osmo-iuh master branches now for new
M3UA SIGTRAN.
Patch-by: pmaier, nhofmeyr, laforge
Change-Id: I5ae4e05ee7c57cad341ea5e86af37c1f6b0ffa77
When somebody kills the process, it's best to handle the signal
and to use the opportunity for some cleanup. We always did this
in the NITB on SIGINT, but never on SIGTERM. Let's change it.
Change-Id: Iea6804325a6575ceab5edfd28dd20249462f143b
This option was present in very early versions of the NITB, but
at least since 2011 it is no longer supported. It's still listed
in --help output, which is wrong.
Change-Id: I1d2cceb588ec5fb34ec5e2c05a7d8c93310bee88
Set the time on the status report to the time the message was delivered, as
this may not be the same as the time when we are delivering the report to the
originating MS.
Change-Id: I9056429d40bf02731f004b7833f1de45a0d1add8
libsmpp34 already converts received TLV integer values to native
endianess in libsmpp34_(un)pack.
Converting them again at receive time swaps the 2 bytes of
user_message_reference, then using a wrong value. As GSM03.40 spec
uses only 1 byte for the id, then only the high byte of the initial
value is used and eventually sent back to the ESME. Again, at that time,
htons() is not needed because libsmpp34 already handles that part.
See OS-#2429 for more details.
Change-Id: If748548a4a223e529a1110c89e483b599b406e8b
I already stumbled into 2 compilation environments which had Werror
enabled for -Wmaybe-uninitialized and the build failed, so let's
workaround this warning.
| smpp_openbsc.c: In function 'handle_smpp_submit':
| smpp_openbsc.c:216:9: error: 'sms_msg_len' may be used uninitialized in this function [-Werror=maybe-uninitialized]
| memcpy(sms->user_data, sms_msg, sms_msg_len);
| ^
| smpp_openbsc.c💯15: note: 'sms_msg_len' was declared here
| unsigned int sms_msg_len;
| ^
| cc1: some warnings being treated as errors
Change-Id: I0901ddadb5f72e1585cb1797ac22c8ab95e83146
Commit 058cd573d8 added 2 new pointer parameters to
gprs_subscr_request_auth_info, but forgot to update wraps of the
function in sgsn_test.
I catched this today because openbsc build test sgsn_test was failing.
Closed look up to the logs showed:
Assert failed (auts != NULL) == (auts_rand != NULL) openbsc/openbsc/src/gprs/gprs_subscriber.c:791
Change-Id: Ie9e4af6da0339536fb20ca0b7bbcf6f485bd522c
gsm_04_11.c sms_report_alloc()
Use the sms->text, not the sms->user_data to construct the report body.
This also prevents the potential output of non printable characters to
the log and or vty.
Change-Id: Id51bc9483ad6f52d6da74135605cfd12434c7c96
gsm_04_11.c: gsm340_gen_sms_status_report_tpdu()
When we construct the status report PDU, use sms->src
instead of sms->dst as the destination address
This way we tell the MS that the message was delivered
to the destination and not to itself.
This is relevant for phones that display a textual
representation of the delivery report.
Change-Id: I2d4f87ac777465de9bfb5a775a789a2691755ee9
Use new definitions in libsmpp34 to set the registered_delivery field
accordingly, as provided by I5b3afff1b3b77cccd949e0606914c7ac3ba6114c.
Moreover, do not set this header field to zero if status reports are
off, the deliver_t structure has been already zeroed so this not
required.
Change-Id: Ie78e17323796120f576b9c0e1bc5ccc32da8ee12
In 2015, Jacob moved/copied related functions to libosmocore, but
for some reason didn't remove the copies here. Let's follow-up on
that and remove duplicated code.
The libosmocore commit introducing osmo_apn_to_str() was
8114294bf29ac6e44822c0ae43d4b0819f11b022
Change-Id: I7315ffcbed8a54cca2056f313bb7783ad82d0ee9
We can only print libgtp pdp information if a library context is
attached to this pdp context. This is not always the case,
particuarly during some teardown scenarios.
Change-Id: Ia3184877f9709db65f5f93a98403f2ef5b04a8ca
When converting from GSM_PCHAN_PDCH, we should generate
a RSL channel number IE with the osmocom extension
RSL_CHAN_OSMO_PDCH rather than claiming it is a regular
TCH/F channel.
This is important as this function is used by
osmo-bts, too - and it decides which channel number IE is
put in the GSMTAP header for both GSMTAP tracing as well
as the GSMTAP based osmo-bts-virtual.
In order to avoid any unintended effect on libbsc,
we make sure to modify rsl_ipacc_pdch_activate() to
always use GSM_PCHAN_TCH_F in related RSL message.
Change-Id: Ie34219e64a6d89da4a79f2db8ec73d1909fb8280
In the PDP Context Create from SGSN to GGSN, we include information
about the RAN type (GERAN/UTRAN) and the Cell of the MS. This was
all hard-coded to GERAN, and wasn't updated when we added UTRAN
support to the SGSN.
Change-Id: I6c79e42c5e08b28fe8182555302a5505fbbaa313
Commit 5754206379 introduced
OSMUX_STATE_NEGOTIATING to fix a race condition present in osmo-bsc_nat.
However, after this change osmo-bsc_mgcp cannot switch to
OSMUX_STATE_ACTIVATING anymore, which means during osmux_send_dummy time
it won't call osmux_enable_endpoint(), which in turn won't set endp type
to MGCP_OSMUX_BSC.
If MGCP_OSMUX_BSC is not set, uplink streams are sent using regular RTP
instead of Osmux not matter it is enabled in config or not.
Change-Id: Ibcb59aa1ca25408f82cc88c2d5b81177b5f276dc
In case of successful completion of handover gsm_subscriber_connection could be moved from one bts to another,
so connection link to bts should be replaced by link to bts, which owns new_lchan.
This bug was detected, because conn->bts->nr is used in call control log messages
and wrong number of bts was observed in these messages after handover.
Change-Id: Idc7dd412b7580c451e716b73ef7549826c60b0d9
Fixes regression probably introduced in c696cc28.
For bts>0 logging doesn't show bts number correctly when printing lchan
identification string - it will always show it as "bts=0". The reason for
this is that the identification string is cached before bts->nr value is
set to a proper value.
This patch sets bts->nr as part of the first step of the bts structure
initialization, before caching happens thus making sure the cached
identification string is cached with the correct values.
Change-Id: I61c18a7f021fcb1ec00d34a745f4e3ab03416c2d
Replace magic numbers by esm_class definitions, which
have been added to latest libsmpp34 in Change-Id
I91afd8b462b8fd3b2c4c5b54f4eeb7ec5b730b65
Change-Id: I6c458690da60c8f3637680efbd718f6e8c6feb4c
submit_to_sms() now handles two TLVs, so find_tlv() is suboptiomal and
it can be removed, since it would result in two passes on the TLV list.
Use new smpp34_tlv_for_each() helper to iterate over the list of TLVs
that is available since I446929feed049d0411e1629ca263e2bc41f714cc.
Change-Id: I53a65164a6cc4abc6bf57d9a8dc275cf21c90222
The change-id I7276d356d805a83ebeec72b02c8563b7135ea0b6 added msg_ref to
the databse but forgot to remove the comment stating it's not being
stored.
Change-Id: I204f098c8f2a480405446113e2181b2c53700cf3
gsm340_gen_oa() returns a negative value if the output buffer that the
caller passes is too small, so we have to check the return value of this
function.
Fixes: CID 174178
Fixes: CID 174179
Change-Id: I47215d7d89771730a7f84efa8aeeb187a0911fdb
This patch adds gsm340_sms_send_status_report_tpdu() to build a
status-report. Moreover, set sms->report field if we see a SMPP
SUBMIT_SM with Delivery Acknowledgment esm_class, so this identifies
that this is a delivery report.
MS GSM 03.40 SMSC SMPP 3.4 ESME
| | |
| | SUBMIT-SM |
| | esm_class = Delivery Ack |
| |<-------------------------------|
| | SUBMIT-SM-RESP |
| |------------------------------->|
| | |
| SMS-STATUS-REPORT | |
|<----------------------------| |
| GSM 04.11 RP-ACK | |
|---------------------------->| |
| | |
There is a FIXME message in this patch, that I just copied from
gsm340_gen_sms_deliver_tpdu() since TP-MMS is not supported by OpenBSC.
Change-Id: Ib70e534840308ed315f7add440351e649de3f907
Simple patch to test the new status-report support code, remove previous
code before Delivery Acknowledgement support was in place. Use
LOGL_DEBUG for logging messages here as suggested by Neels and Harald.
Change-Id: I877e228d8e174430f700631edbf9955972da7892
SMPP DELIVER_SM messages with esm_class = Delivery Receipt need to send
this message reference (that the mobile phone allocates) to the ESME.
Thus, the ESME propagates it via SUBMIT_SM with esm_class = Delivery
Acknoledgment so that the SMSC sends the GSM 03.40 status-report to the
origin including this. Given this field is useful for status-reports, we
need to store it in the HLR database.
Moreover, we need a new field that specifies if the entry represents a
SMS status-report, to do the right handling from the gsm411_send_sms() -
such new handling comes in a follow up patch entitled "libmsc: handle
delivery ack via SMPP SUBMIT SM / send GSM 03.40 status report".
This patch includes the migration routines to the new database schema
revision 5, it's quite a bit of dbi boilerplate code - copied-pasted and
adapted.
Change-Id: I7276d356d805a83ebeec72b02c8563b7135ea0b6
If the mobile phone requests a status report via SMS, send a DELIVER_SM
with esm_class = Delivery Receipt to ESME to indicate that the SMS has
been already delivered to its destination.
MS GSM 03.40 SMSC SMPP 3.4 ESME
| | |
| SMS-DELIVER | |
|<----------------------------| |
| GSM 04.11 RP-ACK | |
|---------------------------->| |
| | DELIVER-SM |
| | esm_class = Delivery Receipt |
| |------------------------------->|
| | DELIVER-SM-RESP |
| |<-------------------------------|
| | |
This patch implements "Appendix B. Delivery Receipt Format" as specified
in the SMPP 3.4 specs. This string is conveyed in the SMS message as
data, and it is only meaningful to the ESME, for logging purposes. The
"submit date" and "done date" are not yet set, and other fields are just
sent with dummy values, so they are left to be finished as future work.
The new SMPP TLV tag TLVID_user_message_reference is added to the SMPP
messages inconditionally now since this information is required by
delivery-reports to associate the status-report with the original SMS.
Change-Id: Ic1a9023074bfa938099377980b6aff9b262fab2a
Just munch and log SMPP delivery receipts by now, don't mirror this, it
is going to break things in openbsc.
Follow up patch removes this and mirrors this SMPP message as a
SUBMIT_SM with esm_class = Delivery Acknowledgement.
Change-Id: I78e93bc4034679e238c8642ccf6a0e844b1d6d8b
Propagate the status report request field to the SMPP message through
the registered_delivery field, so the ESME knows that the mobile phone
is asking for explicit delivery acknowledgment is required. See SMPP 3.4
specs section 5.2.17.
Change-Id: I59af60fa89cd10ae973c5e122789e3e03e3728ee
Rationale: allows seeing all timer defaults at once by doing
OsmoBSC(config-net)# timer ?
Before, defaults are visible only by doing on each timer:
OsmoBSC(config-net)# timer t1234 <tab>
Change-Id: I8259234e5c62e058dde56d531071440bbab11462
The VTY parsing already ensures the parameter range being 1..65535, no need to
check the range again.
Change-Id: I1cffa5b01cd5c589f1e42998e32135f1da8c960b
Move the sms message-type-identifier (mti) handling away from the
routing logic. This patch allows us to reuse the sms_route_mt_sms()
function in a follow up patch for sms reports send through SMPP
DELIVER_SM with esm_class = Delivery Receipt whose Change-Id is
Ic1a9023074bfa938099377980b6aff9b262fab2a.
Change-Id: I3f3d30e0762b91e2099243b0be1a4b67cbb5e9c0
No need to cache the sms object, just cache what we need into the
smpp_cmd structure. This simplifies what that I introduced in
93ffbd0029 ("libmsc: send RP-ACK to MS after ESME sends SMPP
DELIVER-SM-RESP").
Change-Id: Iba5f864f9bb963baff95969e306b1b7cff00c1e3
The following branch:
if (!rc && !gsms->receiver)
rc = GSM411_RP_CAUSE_MO_NUM_UNASSIGNED;
at the end of sms_route_mt_sms() always evaluates false.
Just a bit before, in such function, we have this:
if (!gsms->receiver) {
...
#ifdef BUILD_SMPP
...
#else
...
#endif
return rc;
}
So, if there is no receiver, we just stop running code and return the RP
cause via the rc variable. Same applies to the smpp_first check under
the BUILD_SMPP ifdef (that I have removed in this snippet to keep this
commit message small).
Change-Id: Ic3502b5b169bc7a73a67fd6ff53d8b6c0dc045c8
libgtp is calling gtpie_tv2 which will convert this uint16_t from host
to network order. So far libosmogsm and the sgsn treated the charging
characteristics as opaque data. So when moving from byte array to the
uint16_t do the swapping.
Change-Id: I977aec2e2f8d57802e45f591754e5733562d5c2a
We no longer permit timers with a 0 value, so this case can never
happen. Also, if it should happen, I'd rather have a timter expiring
immediately (and breaking something) than not being started in the
first place.
Change-Id: Ibfcdd3ddc0155caee89c501498329bde247621a0
It typically doesn't make sense to configure any of the GSM RR timer
to 0 (Seconds). In fact, accidentially configuring any of the timers
to zero might have severe side effects, such as "stuck channels"
described in https://osmocom.org/issues/2380
Change-Id: I517828f2f0c80ec01cb63648db2626f17a67fe57
A number of the GSM timers (including T3109) had no reasonable
default values if not specified in the VTY / config file. Together
with unconditional writing to the config file, this created
config files with a persistent setting for important timers as '0'.
To make things worse, many of our example cofig files suffered from the
same problem.
Let's avoid this from happening by
* having reasonable defaults if nothing specified in the config file
* conditionally savingg timers only if they differ from default
* reject any timer values that state zero during start-up (see previous
commit)
Change-Id: Iaac0bfca423852b61d8b9eb1438157ef00d0d8c8
Closes: OS#2380
Using this new command (introduced in OsmoBSC + OsmoNITB), you can
simulate the generation of TRAP events for testin purposes.
start the control interface monitor as an example client program:
./openbsc/contrib/bsc_control.py -m -d localhost -p 4249
then start OsmoBSC or OsmoNITB, telnet to the VTY and enter 'enable'
mode and issue the following (example) command:
ctrl-interface generate-trap my.foo.var 2342
As a result, on the bsc_control.py you will see:
Got message: TRAP 0 my.foo.var 2342
Change-Id: Ib1d2ec38290dc94797c1b365d9b733e5215ab7d1
In case the counter group allocation fails, we must handle this
gracefully and fail the allocation of the parent object, too.
The recent change (Id I7dad4a4d52fe05f6b990359841b4408df5990e21) seems
to have missed one instance, so let's follow-up.
Change-Id: I1ee9e3d26dcc18e7f979fd9a786162cbcc50942c
Related: OS#2361
If we previously had a given SI present/active, we must send a
zero-length BCCH FILLING for that SI type to the BTS to stop it from
further transmitting this SI.
Change-Id: I33e356e2fa3a69efac9080813e3e9ef4e6438ed1
Closes: OS#2368
If we want to instruct the BTS to stop sending a given SI, we must be
able to send the respective BCCH INFO / SACCH FILLING with a header but
without any L3 data IE. This patch enables the related functions to do
this whenever their data argument points to NULL.
Change-Id: I88b85614951a108574f05db3b706884afe7e87a9
In commit 8b1a2f8cd7 we started to
initialize bts->si_valid to 0. This means we are skipping the manually
configured static system information.
Instead, we have to initialize bts->si_valid to bts->si_mode_static,
i.e. start with those that are static and not to be auto-generated.
Found while developing
http://git.osmocom.org/osmo-ttcn3-hacks/tree/sysinfo
Change-Id: Iab9cc93cf6d54560a72cc393cc3721a8d10e04bf
Closes: #2367
In case the counter group allocation fails, we must handle this
gracefully and fail the allocation of the parent object, too.
RelateD: OS#2361
Change-Id: I7dad4a4d52fe05f6b990359841b4408df5990e21
This is useful if you are updating some configuration parameters which
affect the content of the SYSTEM INFORMATION messages. Currently, we
only send them at the time the RSL connection is established (i.e. when
the BTS is initialized), so if you change something, you need to bring
down and re-start the BTS.
Using the newly-introduced "bts <0-255> resend-system-information"
command, you can re-generate + re-send SYSTEM INFORMATION without
bringing the BTS down, i.e. without any radio carrier downtime.
Change-Id: I326df47de98f6d36c9a4d2d5475225d1e62bafb5
A valid subscriber is indespensible when allocating a new
transaction. Return NULL if no subscriber is supplied. This
will cause unidentified subscribers to be rejected.
Note: Under normal conditions, the problem does not occour,
but it is still possible that a misbehaving MS might trigger
the problem by sending a SETUP command before authenticating
the subscriber. (unencrypted networks)
Change-Id: Ia8739b6e329ab02c0064270d02ad1d6ee245520d
* fix BTS numbers: use 0 to indicate given BTS and 0xFF to indicate all
BTS' as it's explained in 3GPP TS 52.021 §9.3.
* only request attributes from supported (OsmoBTS) types
Change-Id: I8f43055c38000248033a8ff9ddaf0910d68d794b
Related: OS#2317
TS 04.14 (TS 44.014) specifies a series of commands specific to
conformance testing. Let's add some VTY commands to play (at least
initially) with closing and opening voice loops in the MS.
Change-Id: I38b1ee9dbf26f5689c38cb83b1b3c5e9eaad7678
For some GGSNs we need to insert the PDP Charging Characteristics
that were returned. We receive these values from GSUP and will
fill them into the tlv structure when finding the ggsn context.
Change-Id: I1725bfd2403d29ce3550bfcd6fcc1498426ef906
Necessary since libosmocore I513835be2d931d0a931cdfc996f361a451bc1a15
removes the script from libosmocore/contrib.
Change-Id: I02d7e1c0151c687fd9341d21a09ca15cbf5a1938
For the vty tests, add osmo-sgsn-accept-all.cfg (that does not need an HLR) and
use in vty_test_runner.py, otherwise the 'show sgsn' command will reply that it
could not connect to the HLR, failing the vty test which expects empty.
Change-Id: Ie3b2013198d3e2b780a4e31c36b89b58129dcacd
This helps in providing 3G software packages for the sysmoNITB hardware, which
uses 10.23.24.1 for SGSN and 10.23.24.2 for GGSN.
However, in order to not break the python tests, the osmo-sgsn.cfg example
still uses 127.0.0.1 as local address.
Change the GGSN address to 127.0.0.2, because SGSN and GGSN cannot co-exist on
the same address (the GTP port number is fixed by spec: no IE to communicate a
differing port, so it has to be the standard GTP port for both).
Change-Id: Ie3a25f6771ed6e620cb2b315638c622a9a24e530
On incoming 04.08 messages, we log only the protocol discriminator in
decimal. Enhance: log pdisc and message type in hex, and also log the
protocol and message type as human readable string.
Also adjust the msc_vlr tests' log statements for wrapped rx/tx functions
of dtap from/to the MS.
Adjust the expected output of msc_vlr_tests.
Change-Id: Ida205d217e304337d816b14fd15e2ee435e7397d
Depends: libosmocore change-id I0fca8e95ed5c2148b1a7440eff3fc9c7583898df
The ip.access nano3G needs the first RTP payload's first two bytes to read hex
'e400', or it will reject the RAB assignment. Add flag
patched_first_rtp_payload to mgcp_rtp_state to detect the first RTP payload on
a stream, and overwrite its first bytes with e400. This should probably be
configurable, but seems to not harm other femto cells (as long as we patch only
the first RTP payload in each stream). Only do this when sending to the BTS
side.
Related: OS#2459
Change-Id: I5eff04dcb0936e21690e427ae5e49228cd459bd4
libosmocore change-id I4efdb1eaae43aced33961b64d4f14b0040321c10 changes the
gsm340_gen_scts() from gmtime to localtime, meaning that by feeding a mere zero
as timestamp, we get different results depending on the local machine's
timezone setting. Instead of calling gsm340_gen_scts() with zero, simply write
a bunch of bytes as time so that the tests get identical SMS bytes every time.
Change-Id: I8a50e8963dce80609749571b61fc6ffe1c54660c
osmo-nitb becomes osmo-msc
add DIUCS debug log constant
add iucs.[hc]
add msc vty, remove nitb vty
add libiudummy, to avoid linking Iu deps in tests
Use new msc_tx_dtap() instead of gsm0808_submit_dtap()
libmgcp: add mgcpgw client API
bridge calls via mgcpgw
Enable MSC specific CTRL commands, bsc_base_ctrl_cmds_install() still needs to
be split up.
Change-Id: I5b5b6a9678b458affa86800afb1ec726e66eed88
In an upcoming commit, sgsn_vty_init() will require access to the global sgsn
config struct to initialize a generic VTY command with the proper config
destination address, see Change-Id I5b5b6a9678b458affa86800afb1ec726e66eed88.
Change-Id: Ie6b6e5422987586531a898e0c5b867623dbecb0f
Disable large parts of the code that depend on BSC presence. The code sections
disabled by #if BEFORE_MSCSPLIT shall be modified or dropped in the course of
adding the A-interface.
Don't set msg->lchan nor msg->dst.
Don't use lchan in libmsc.
Decouple lac from bts.
Prepare entry/exit point for MSC -> BSC and MSC -> RNC communication:
Add msc_ifaces.[hc], a_iface.c, with a general msc_tx_dtap() to redirect to
different interfaces depending on the actual subscriber connection.
While iu_tx() is going to be functional fairly soon, the a_tx() is going to be
just a dummy for some time (see comment).
Add Iu specific fields in gsm_subscriber_connection: the UE connection pointer
and an indicator for the Integrity Protection status on Iu (to be fully
implemented in later commits).
Add lac member to gsm_subscriber_connection, to allow decoupling from
bts->location_area_code. The conn->lac will actually be set in iu.c in an
upcoming commit ("add iucs.[hc]").
move to libcommon-cs: gsm48_extract_mi(), gsm48_paging_extract_mi().
libmsc: duplicate gsm0808 / gsm48 functions (towards BSC).
In osmo-nitb, libmsc would directly call the functions on the BSC level, not
always via the bsc_api. When separating libmsc from libbsc, some functions are
missing from the linkage.
Hence duplicate these functions to libmsc, add an msc_ prefix for clarity, also
add a _tx to gsm0808_cipher_mode():
* add msc_gsm0808_tx_cipher_mode() (dummy/stub)
* add msc_gsm48_tx_mm_serv_ack()
* add msc_gsm48_tx_mm_serv_rej()
Call these from libmsc instead of
* gsm0808_cipher_mode()
* gsm48_tx_mm_serv_ack()
* gsm48_tx_mm_serv_rej()
Also add a comment related to msc_gsm0808_tx_cipher_mode() in two places.
Remove internal RTP streaming code; OsmoNITB supported that, but for OsmoMSC,
this will be done with an external MGCP gateway.
Remove LCHAN_MODIFY from internal MNCC state machine.
Temporarily disable all paging to be able to link libmsc without libbsc.
Skip the paging part of channel_test because the paging is now disabled.
Employ fake paging shims in order for msc_vlr_tests to still work.
msc_compl_l3(): publish in .h, tweak return value. Use new libmsc enum values
for return val, to avoid dependency on libbsc headers. Make callable from
other scopes: publish in osmo_msc.h and remove 'static' in osmo_msc.c
add gsm_encr to subscr_conn
move subscr_request to gsm_subscriber.h
subscr_request_channel() -> subscr_request_conn()
move to libmsc: osmo_stats_vty_add_cmds()
gsm_04_08: remove apply_codec_restrictions()
gsm0408_test: use NULL for root ctx
move to libbsc: gsm_bts_neighbor()
move to libbsc: lchan_next_meas_rep()
move vty config for t3212 to network level (periodic lu)
remove unneccessary linking from some tests
remove handle_abisip_signal()
abis_rsl.c: don't use libvlr from libbsc
gsm_subscriber_connection: put the LAC here, so that it is available without
accessing conn->bts. In bsc_api.c, place this lac in conn for the sake of
transition: Iu and A will use this new field to pass the LAC around, but in a
completely separate OsmoBSC this is not actually needed. It can be removed
again from osmo-bsc.git when the time has come.
Siemens MRPCI: completely drop sending the MRPCI messages for now, they shall
be added in osmo-bsc once the A-Interface code has settled. See OS#2389.
Related: OS#1845 OS#2257 OS#2389
Change-Id: Id3705236350d5f69e447046b0a764bbabc3d493c
libvlr now delegates subscriber management to osmo-hlr, so the database no
longer represents a HLR. It basically only stores SMS, so reflect that fact in
the default database name.
Change-Id: I3289d68d3eb63aff940b48a25b584d5e83cd0197
Original libvlr code is by Harald Welte <laforge@gnumonks.org>,
polished and tweaked by Neels Hofmeyr <nhofmeyr@sysmocom.de>.
This is a long series of trial-and-error development collapsed in one patch.
This may be split in smaller commits if reviewers prefer that. If we can keep
it as one, we have saved ourselves the additional separation work.
SMS:
The SQL based lookup of SMS for attached subscribers no longer works since the
SQL database no longer has the subscriber data. Replace with a round-robin on
the SMS recipient MSISDNs paired with a VLR subscriber RAM lookup whether the
subscriber is currently attached.
If there are many SMS for not-attached subscribers in the SMS database, this
will become inefficient: a DB hit returns a pending SMS, the RAM lookup will
reveal that the subscriber is not attached, after which the DB is hit for the
next SMS. It would become more efficient e.g. by having an MSISDN based hash
list for the VLR subscribers and by marking non-attached SMS recipients in the
SMS database so that they can be excluded with the SQL query already.
There is a sanity limit to do at most 100 db hits per attempt to find a pending
SMS. So if there are more than 100 stored SMS waiting for their recipients to
actually attach to the MSC, it may take more than one SMS queue trigger to
deliver SMS for subscribers that are actually attached.
This is not very beautiful, but is merely intended to carry us over to a time
when we have a proper separate SMSC entity.
Introduce gsm_subscriber_connection ref-counting in libmsc.
Remove/Disable VTY and CTRL commands to create subscribers, which is now a task
of the OsmoHLR. Adjust the python tests accordingly.
Remove VTY cmd subscriber-keep-in-ram.
Use OSMO_GSUP_PORT = 4222 instead of 2222. See
I4222e21686c823985be8ff1f16b1182be8ad6175.
So far use the LAC from conn->bts, will be replaced by conn->lac in
Id3705236350d5f69e447046b0a764bbabc3d493c.
Related: OS#1592 OS#1974
Change-Id: I639544a6cdda77a3aafc4e3446a55393f60e4050
Original libvlr code is by Harald Welte <laforge@gnumonks.org>,
polished and tweaked by Neels Hofmeyr <nhofmeyr@sysmocom.de>.
This is a long series of trial-and-error development collapsed in one patch.
This may be split in smaller commits if reviewers prefer that. If we can keep
it as one, we have saved ourselves the additional separation work.
Related: OS#1592
Change-Id: Ie303c98f8c18e40c87c1b68474b35de332033622
Enable various components according to the build matrix during make distcheck.
Add python tests, osmo-bsc, nat, ...
Change-Id: Ic724cf61d44409337414dc58c8795896b4b97a8a
- bscs.config needed by the vty tests was not picked up as a dist file, because
its suffix is not 'cfg'. Rename to *.cfg. Apply this rename in
vty_test_runner.py and osmo-bsc_nat.cfg.
- Remove restart counters after external tests, otherwise distcheck complains
about uncleaned files.
- Add contrib/ipa.py to EXTRA_DIST, hence add a Makefile.am to contrib/.
Otherwise the python tests cannot find that dependency.
Change-Id: I42b55cb1125099afc3a8e3f87c0e398426b2e2a9
Before, each GSUP client would contact the HLR with an identical unit id, i.e.
"SGSN-00-00-00-00-00-00", with the result that some messages were sucked off by
the wrong client.
Pass explicit unit name from each gsup client user, so that OsmoMSC is "MSC"
and OsmoSGSN is "SGSN". Hence the HLR can properly route the messages.
Todo: also set some values instead of the zeros.
Unrelated cosmetic change while editing the arguments: gsup_client_create()'s
definition's oap client config arg name mismatched the one used in the
declaration. Use oapc_config in both.
Change-Id: I0a60681ab4a4d73e26fe8f0637447db4b6fe6eb2
This is the first step in creating this repository from the legacy openbsc.git.
Like all other Osmocom repositories, keep the autoconf and automake files in
the repository root. openbsc.git has been the sole exception, which ends now.
Change-Id: I9c6f2a448d9cb1cc088cf1cf6918b69d7e69b4e7
We are building with libosmo-sccp tag 'old_sua' until the new sigtran has
been applied. Since osmo-iuh commit
0f88c110093935305143987638e46dc6db304a3e
"migrate osmo-hnbgw to libosmo-sigtran's SCCP/M3UA"
osmo-iuh requires libosmo-sccp master. A similar 'old_sua' tag is in place in
osmo-iuh.git, to match libosmo-sccp 'old_sua'. Do that to fix the jenkins
build of --enable-iu.
Change-Id: I70f731db0b74ed48ae6dd713ed4c3247222ef0de
* use LT_INIT instead of AC_PROG_RANLIB
* remove redundant libbsc entries
The default (for both manual and .deb builds) is to use shared build (as
before) - the static build is entirely optional.
Based on work by Sergey Kostanbaev <sergey.kostanbaev@gmail.com> and
Alexander Chemeris <Alexander.Chemeris@gmail.com>.
Change-Id: Ibcd1da98302413182c85e25c4cb7d69d9e38c35a
While fixing potentially incorrect memory access, the check for maximum
number of supported BTS features was incorrectly adjusted instead of
feature vectore length check next to it. Fix this by adjusting checks
properly and adding comments to avoid future confusion.
The error was introduced in a60bb3dd28.
Change-Id: I06d2498d730624d5da535f6add6fa98d004714ae
When we are performing Rx sensitivity testing on a BTS, we want to
deactivate the connection failure criterion / radio link timeout, i.e.
no matter how many SACCH frames in uplink are failed to decode, the BTS
should never close the channel.
OsmoBTS Change-Id I736f21f6528db5c16fa80cdb905af20673797be5 covers a way
how this behavior can be requested from the BTS via an OML attribute.
This patch adds support to the BSC to actually set that attribute.
Do not use this in production networks, as the BTS will keep open radio
channels indefinitely even if the phone is gone and no longer
transmitting anything. This is a pure testing feature.
Change-Id: I6cb94e0f024934f7baeeb728ca9ed3042fbf16d2
Previously the SI generation lead to setting the BCCH SIs for all TRX in
a multi-trx setup. This is because we create the SIs globally but
si_valid appears to be limited to the 'current' trx. Warn if we attempt
to set SIs for the BCCH on a trx that does not have a BCCH.
Change-Id: Ie0e288252a2e7709c4dae16b96a0b1512278847f
Tweaked-by: Max <msuraev@sysmocom.de>
To support segmented SI2quater as per 3GPP TS 44.018 we'll have to
support multiple SI messages (up to 16 for SI2q) for a given type in
contrast to existing 1:1 mapping:
* expand storage space to hold up to 16 SI messages (spec limit)
* add assertions for budget calculations
* generate multiple SI2q messages
* adjust SI2q-related tests
* use precise check for number of SIq messages instead of approximate
estimation
Change-Id: Ic516ec9f0b821557d9461ae9f1c0afdd786f3b05
Related: OS#1660
* move SI2quater related defines to shared header
* add define from OsmoBTS which checks for presence of a given SI
message in gsm_bts struct. Rename it to avoid conflicts with OsmoBTS
code and to match naming conventions of similar macros.
Change-Id: I11432c93c772d1ead6d45a7bb0f1d13d492c82f1
Related: OS#1660
Use sizeof target BTS feature storage to make sure we always fit into
pre-allocated memory. Also use it for log check.
Change-Id: Ib107daa6e8b9bc397a10756071849f8ff82455d5
Fixes: CID 170581
osmo_talloc_replace_string() was introducd into libosmocore in 2014, see
commit f3c7e85d05f7b2b7bf093162b776f71b2bc6420d
There's no reason for us to re-implement this as bsc_replace_string
here.
Change-Id: I6d2fcaabbc74730f6f491a2b2d5c784ccafc6602
In addition to compile-time defined BTS model features we also need
run-time BTS features reported by BTS via OML. This should be shared by
BSC and BTS. To accommodate for this, add following:
* features bitvec to gsm_bts struct
* features descriptions
* comments to avoid confusion between 2 feature sets
* helper functions to set/query particular feature
* upper boundary on number of supported features and assertion for it
Change-Id: I02bd317097ba66585c50ebd4e8fc348f6dc3dad9
Related: OS#1614
Rename gsm_bts_has_feature() -> gsm_btsmodel_has_feature() and adjust
type signature to match gsm_btsmodel_set_feature() function and avoid
confusion with upcoming functions to check/set BTS features reported
over OML.
Change-Id: I97abdedbef568e0c2fbd37c110f7d658cf20e100
Related: OS#1614
Since commit b4999b60d4 we created PCU
sockets at hard-coded paths in the filesystem by default for all BTSs.
This is inflexible and prevents the use of multiple BSC instances on a
single filesystem, or the placement of the sockets in a more secure
location than /tmp.
The new approach with this patch is that
* no PCU sockets are created by default
* only for those BTSs where a 'pcu-socket' is configured via VTY,
the socket will actually be created
Change-Id: Ie9079470584777dcc31f85f9bf0808f479156ccb
Closes: OS#2293
Using this command, one can modify the RTP stream associated with a
given logical channel and (re)direct it to a specified IP:Port.
Change-Id: I63e03b932038a4e2f6d51c5541b52e4a42df27bf
Sometimes it is useful to manually activate (or decativate) a given
logical channel from the VTY. Doing this on the BSC (rather than the
BTS) ensures that the BSC knows that this timeslot / channel is
allocated and there is no risk to have clashes between the BSC "owning"
the resources and the BTS allocating some by itself.
Change-Id: I44fc3904678eb48bd3ab1a3da8c0c265fa082e0d
We can also move the string-to-numeric conversion inside vty_get_ts() to
reduce the amount of work required in the caller.
Change-Id: I2a74ed06e90e39d39f53fff39bb96df172728c0e
Resolving a timeslot based on its numeric identities is a generally
useful function, so lets' factor that out.
Change-Id: Id2570232f82542487a1133be7efb1dc1eb3029a8
We generally use const pointers for input arguments. Also, document
input/output arguments of function and add spec reference.
Change-Id: I2532cde69a18e3b021f7371e68f67a28a43d8b5f
The pcu sends us an already made up MAC-Block that contains the
paging request. pcu_sock.c is parsing this paging request
wrongly and fails silently, which results into a dropping of the
request.
This commit fixes the parsing problems.
Change-Id: Iefef08123bdc351afd8287d3f27ebf0ae58a6e7d
The PCU sends imm.ass messages in response to a rach request. Those
messages need to be forwarded to RSL in order to get them send. This
commit introduces the required functionality for that
Change-Id: Ice099c4ed7008200ed179e581aba1899c6c29455
Ericsson allows to attach a reference to immediate assignments. A
confirmation of the transmission is then sent back, but only containing
the reference, not the whole RLC packet.
Change-Id: I945f49e62e2a74a7906e2d49940927773edd04a9
The BSC-located PCU case looks to the PCU like a BTS-located PCU with
"direct PHY" access, i.e. the data related primitives are communicated
from the PCU directly towards the TRAU Frames or whatever transport
method is used between CCU and PCU.
In order to make the PCU believe that, we need to pass in a 'layer 1
handle'. As we don't use it, we can just pass any non-zero value and be
happy.
Change-Id: I8170bd4134904702b6b272e496100361ba473cbc
Instead of 20, use the actual buffer sizes of struct sw_load, which are 255.
Previous code would truncate a longer string at 20 without(!) NUL termination.
In the _len members, store the actual length copied. In previous code, if the
source string were longer than 20, we would store only 20 (without NUL term)
but still reflect the longer length of the source string.
Fix both of these issues for sw_load.file_id / file_id_len and
sw_load.file_version / file_version_len.
Change-Id: I2e34a1348a290d3f58dd830d08da65b94b3270db
Send SMS RP ERROR with a failure cause that relates to
the status returned by the ESME in the deliver_sm_resp.
Actual mapping array is limited as most phones I tested
don't seem to care about the failure cause anyway,
although some will display a different notification for
GSM411_RP_CAUSE_MO_NUM_UNASSIGNED
Change-Id: I61fb2d9ef4f2d2eabdc49b53d9966ad328d15e51
The newline and $NULL manage to append a trailing space to the 'openbsc' dir.
This was broken in commit 7b6673fa06
"Consistenly format variables in */Makefile.am files"
by Change-Id Ifa21513c007072314097b7bec188579972dc1694
Add a comment to prevent this in the future.
Reported-by: Andreas Mueller <andreas.mueller@criticallabs.org>
Change-Id: I218027459e3b2aaa817d91eb3f69d9c0b10dcd4e
The gsm_data_shared.h header is installable and used by OsmoBTS so it
should not include any private (non-installable headers) to avoid
OsmoBTS' build failures.
Change-Id: Ic25031101fc01bd732fe691132c081ad05fa6a4b
Request BTS attributes via OML on connection and parse the response:
request/parse incoming response as sw-config.
Note: only basic BTS-wide KV attributes wrapped in sw-config are
supported for now.
Change-Id: I589be51daca0cb9e1f3473b93e910e46b06e23ae
Related: OS#1614
Previously only the existance of bts->si_common.si2quater_neigh_list was
checked but not the actual number of EARFCNs in it. Fix it by using
si2q_earfcn_count() and adjust tests accordingly. While at it - reformat
tests to include extra information.
The correctness was checked manually by inspecting GSMTAP output.
Change-Id: Ic4fb2a9e870db66cac58b1e8d113587b30d64ce2
Related: RT#8792
In preparation for extended SI2q messages:
* add SI2q-specific accessor macro
* add *_offset variables to gsm_bts struct
* internalize memory check while generating rest octets - introduce
budget concept (number of bits available in a given message)
* internalize *arfcn_size() functions as they are not needed outside of
si2q_num() anymore
* change rest octets generation to work with gsm_bts struct directly
* do not generate rest octets if no SI2q is necessary
* adjust unit tests accordingly (cosmetic changes only to avoid
regressions)
Requires: I92e12e91605bdab9916a3f665705287572434f74 in libosmocore
Change-Id: Ib554cf7ffc949a321571e1ae2ada1160e1b35fa6
Related: RT#8792
* use define for number of attributes instead of magic number
* add sub_model to gsm_bts struct
* expand number of BTS features
* mark attributes parameter to abis_nm_get_attr() as const
Change-Id: I7ecb0c4339530d3a8354a2f94b34063dda87e030
Related: OS#1614
The VTY config allows above 32bit range extensions, but
db_subscriber_alloc_exten() was unable to generate extensions outside of 32bit.
Add VTY regression test and fix the problem by using proper 64bit types.
Related: OS#2253
Change-Id: I9afe6a8833004ecd2f3f936b2d5aa4de8e7dbcb0
Fix parsing of the 'subscriber-create-on-demand random' VTY: atoi() is not
enough to include the specified range of 1-9999999999.
Use atoll() instead to ensure a large enough number space also on 32bit
systems.
(Note: for me, atoll() truncates at 32 bit when <stdlib.h> is not included.)
Add a VTY regression test for this.
Related: OS#2253
Change-Id: I353e04481ec567adca383d6b51ba8fb865eed73e
* move value_string definition and corresponding functions for BTS type
to shared header to make it re-usable by OsmoBTS
* use consistent function naming
* add similar functions for BTS variant
* add enum to be used by OML Attribute Reporting to distinguish between
type, variant and other info
Change-Id: Ida94725a6fce968443541e3526f48f13758031fd
Related: OS#1614
Hold on with the GSM 04.11 RP-ACK/RP-ERROR that we send to the MS until
we get a confirmation from the ESME, via SMPP DELIVER-SM-RESP, that we
can route this sms somewhere we can reach indeed.
After this change, the conversation looks like this:
MS GSM 03.40 SMSC SMPP 3.4 ESME
| | |
| SMS-SUBMIT | |
|------------------->| |
| | DELIVER-SM |
| |---------------->|
| | |
| | DELIVER-SM-RESP |
| |<----------------|
| GSM 04.11 RP-ACK | |
|<-------------------| |
| | |
Before this patch, the RP-ACK was sent back straight forward to the MS,
no matter if the sms can be route by the ESME or not. Thus, the user
ends up getting a misleading "message delivered" in their phone screen,
when the message may just be unroutable by the ESME hence silently
dropped.
If we get no reply from the ESME, there is a hardcoded timer that will
expire to send back an RP-ERROR to the MS indicating that network is
out-of-order. Currently this timer is arbitrarily set to 5 seconds. I
found no specific good default value on the SMPP 3.4 specs, section 7.2,
where the response_timer is described. There must be a place that
describes a better default value for this. We could also expose this
timer through VTY for configurability reasons, to be done later.
Given all this needs to happen asyncronously, ie. block the SMSC, this
patch extends the gsm_sms structure with two new fields to annotate
useful information to send the RP-ACK/RP-ERROR back to the MS of origin.
These new fields are:
* the GSM 04.07 transaction id, to look up for the gsm_trans object.
* the GSM 04.11 message reference so the MS of origin can correlate this
response to its original request.
Tested here using python-libsmpp script that replies with
DELIVER_SM_RESP and status code 0x0b (Invalid Destination). I can see
here on my motorola C155 that message cannot be delivered. I have tested
with the success status code in the SMPP DELIVER_SM_RESP too.
Change-Id: I0d5bd5693fed6d4f4bd2951711c7888712507bfd
Use textual representation for message type and protocol descriminator
in case of Gb parsing errors.
Change-Id: Ida925258be119619d8705361730c554a130b75bc
Related: SYS#3610
Previously vty always used additional checks even for GEA0 (no
encryption) which resulted in misleading warnings. Fix this by
adding explicit check for GEA0.
Related: SYS#3610
Change-Id: I1ee468ab3298076d4cb5c7b1f6293c07e272417b
Previously we required pcap.h unconditionally which causes embedded
build failure because it's not included in current version of out poky
toolchain. We can add it to toolchain but it's only necessary for
utils/osmo-meas-pcap2db which is not built for sysmobts anyway so it's
easier to just make this dependency optional and build osmo-meas-pcap2db
only if it's available - similar to the way we build osmo-meas-udp2db.
Related: SYS#3610
Change-Id: I77a5f7eafe0282abedacffad6a9bcb0a8f2b5caa
Previously it was only in gsm_bts_model which is not initialized on BTS
side. It's more convenient to have it in the struct which is available
to BTS as well.
Change-Id: I54fde8c4ccd5d994af08074f5864446e79a93a25
Related: OS#1614
Supporting SI2quater as per 3GPP TS 44.018 will require chnages to the
way System Information is stored because it uses 1:n instead of 1:1
mapping between SI type and generated SI content. This should not affect
other SI types though. To facilitate this transition:
* convert the code to always use GSM_BTS_SI helper instead of accessing
buffer directly
* make helper more robust by adding extra parenthesis
* add similar helper for gsm_lchan
* add function estimating number of SI2quater message to hold configured
number of (U|E)ARFCNs
* add SI2q index/count fields and pass them to rest_octets generator
explicitly
* internalize buffer access in generate_si* functions
Change-Id: I74e4e3cb86364cec869a1472a41b4a95af0d50dd
Related: RT#8792
OpenBSC does not produce any installable libraries, only header files so
this section is unnecessary.
Change-Id: I4c563d775a84f41f82404e0eaba1a25fdbaac1a5
* set proper flag when saving MS Timing Offset
* use gsm_subscriber's IMSI or lchan's name if bsc_subscriber is unknown
* add comments with spec reference
* store/display MS Timing Offset instead of raw Timing Offset field from
RSL
* Compute MS Timing Offset [-63; 192] from Timing Offset field [0; 255],
adjust structure gsm_meas_rep with proper type to store it
Change-Id: I7e003d23a6edb714c5f17688fd6a8edac131161d
Related: OS#1574
It is defined in the file and used twice in there, so let's use it for
all of them which makes code smaller and more clear.
Change-Id: I9fac7cabedff74f8f6293ad8b54420229b80aa71
* add version string to gsm_bts
* add PCU version string to gsm_bts
* rename GSM_BTS_TYPE_OSMO_SYSMO -> GSM_BTS_OSMOBTS to avoid confusion
between BTS model and variant
* add variant enum to gsm_bts_model using enum with variants for each
hw vendor of OsmoBTS
* show connected PCU version (if available) in vty via 'show bts'
This will come in handy when logging details regarding particular BTS
reported via OML, see:
Related: OS#1614
Change-Id: I6710d53115f34634a7b70969cc05fd5c72ff8ab2
This option allows to enable or disable TCH/F allocation on the
TCH/F_TCH/H_PDCH timeslots. Until now, source code modification
was required to enable this feature.
Related: OS#1778
Change-Id: Id18cab25844dc854a66b4e2713e90c3f43afa712
From a human admin viewpoint it doesn't make sense to count the messages sent:
When we use TMSIs, we first send a LU Accept with a new TMSI, and then expect
the MS to respond with a TMSI Realloc Complete message. When that fails to come
through, the LU actually ends in failure, even though a LU Accept was sent.
If a conn breaks/vanishes during LU, we cancel the LU without sending any reply
at all, so the failed LU would not be counted.
Instead, count Location Updating results, i.e. completion and failures.
(With the new VLR developments, LU counters need to be triggered in completely
different places, and this patch prepares for that by providing sensible
counters.)
Change-Id: I03f14c6a2f7ec5e1d3ba401e32082476fc7b0cc6
Explicitly check for and log PCU version received from BTS via OML alert
message.
Change-Id: I3c88663d4e2887a4038b4c3f1387128295b8934e
Related: OS#1614
Add python client which converts TRAP messages into SOAP requests and
perform corresponding actions.
It can be used as follows
./soap.py -d -w http://example.com/soapservice/htdocs/wsdl/test.wsdl
See ./soap.py -h for additional options.
Change-Id: I82844ec7a302bac30d6daee9ebca2188fd48ca46
Related: SYS#3028
ericsson can handle a reference at the end of a imm assign command which is used in
the confirm response. The confirm response is only sent if the trailer is present.
Change-Id: I88560291b5a3a3d7a0bac4d3c089b45f1f6b297f
When the BTS is configured to use a SuperChannel and it is using a
unix domain socket based transport towards the L2TP daemon, then
we must instruct the L2TP daemon to instruct the SIU to change the Abis
Lower Transport Mode using the ALTCRQ / ALTCRP L2TP signalling.
Change-Id: I672bfaa09c42fbeb0c8459f24b2222b952de954b
Do not print anything to stdout directly - use proper logger object
instead: either the one supplied by IPAFactory user or default to NO-OP
NullHandler logger.
Change-Id: Ic3417095a6e8848f0acabb46a9e64c0197b736e2
Related: SYS#3028
The VTY tests assume that $top_builddir == $top_srcdir. Use the script's
location from sys.path[0] to find the correct locations of example configs even
when building in another directory.
Change-Id: I2731f361e3b72d0980968e6cf83594ea450db7c2
Previously any OML NACK message will result in BSC dropping OML link to
BTS which makes it impossible to use optional OML messages which might
be unsupported by BTS. Fix this for 3GPP TS 52.021 §8.11.1 Get
Attributes message. Also, log human-readable NACK name to see what
exactly causing OML link drop.
Change-Id: Ib8af2872c27abb793172ec59bdc145b8d54f83da
Related: OS#1614
In change-id Iadf43f21e0605e9e85f7e8026c40985f7ceff1a3, libosmocore changes
from incrementing SQN after tuple generation to incrementing SQN before tuple
generation. Thus we now need to pass desired_sqn - 1 to get the same tuples.
Change-Id: Ifeda71e713bb60dcd31ac651f461b714cfa39b5c
Related: OS#1968 OS#1969
The timer T3186, which is described in 3GPP TS 44.060, is using 3
bits of the si13 mac block. This requires special encoding. In the
case of T3186, the value is encoded by the formula: bits = t/500-1.
Our implementation uses the formula bits=t/500, which is incorrect.
Change-Id: Ifd340c536cff2d1c4b1b3677a358ea95438801eb
Option "logging level ... everything" is broken for quite some time and
might be deprecated in future. Replace it with "logging level ... debug"
in config examples.
Change-Id: I828ef7671b4fb38717526a18ff8e9a5428cd511e
Related: OS#71
bsc_control.py lacks a copyright header. This commit adds the
copyright header from ipa.py to bsc_control.py.
Change-Id: Ie70bf686ee9bb157198e02bf8d946abf56adc82a
Fix uninitialized memory access warning.
"Conditional jump or move depends on uninitialised value"
Found by valgrind.
Change-Id: Ibc2d585c5db899e6af20104211e32faf3822633a
osmo-python-tests now includes code that retries connecting the VTY socket and
needs no external sleep()ing. This flies through most tests without any sleep()
at all.
See osmo-python-tests.git change-id Icc337f52a93d5fe31fc4ff235ccaf4e0fe75fa39
Change-Id: I42161d9716fe5bb0ef1c56e4bfb770bb99bbca7a
In a future commit, gsm_subscriber will be replaced by vlr_subscr, and it will
not make sense to use vlr_subscr in libbsc. Thus we need a dedicated BSC
subscriber: struct bsc_subscr.
Add rf_policy arg to bsc_grace_paging_request() because the bsc_subscr will no
longer have a backpointer to gsm_network (used to be via subscr->group).
Create a separate logging filter for the new BSC subscriber. The implementation
of adjusting the filter context is added in libbsc to not introduce
bsc_subscr_get/_put() dependencies to libcommon.
During Paging Response, fetch a bsc_subscr from the mobile identity, like we do
for the gsm_subscriber. It looks like a duplication now, but will make sense
for the VLR as well as for future MSC split patches.
Naming: it was requested to not name the new struct bsc_sub, because 'sub' is
too ambiguous. At the same time it would be fine to have 'bsc_sub_' as function
prefix. Instead of struct bsc_subscriber and bsc_sub_ prefix, I decided to
match both up as struct bsc_subscr and bsc_subscr_ function prefix. It's fast
to type, relatively short, unambiguous, and the naming is consistent.
Add bsc_subscr unit test.
Related: OS#1592, OS#1594
Change-Id: Ia61cc00e8bb186b976939a4fc8f7cf9ce6aa3d8e
Add MS TIMING OFFSET (3GPP TS 48.058 § 8.4.8) and P offset (3GPP TS
45.010 § 1.2) which can be used to compute MS TO from known TA.
This will be used by osmo-bts (see
I4dfe5c48834a083e757d5de3236a02e15a238b28) to provide MS TO as part of
RSL MEASUREMENT RESULT.
Change-Id: I8bda57c8d6c15bbb803eca708931556dae118a00
Related: OS#1574
When the IMSI ACL is maintained via the VTY, users may enter IMSIs
without leading zeros. Especially in test environments, where
MCC=001 and MNC=01 is common, it is likely that someone enters the
corresponding IMSI (001010000000001) without the two zeros at the
beginning.
This patch fixes the problem by sanitizing the IMSI, eventually
missing zeros in the beginning will be automatically added.
Change-Id: I56ba0da61978bbdce71d0e320166c52b20b42517
* print pdp->address instead of mm->imsi if mm is NULL
* print mm->imsi in debug log (move it below NULL check)
Change-Id: I4fbf5a54019a46612fbc528d61120182738f9205
Add via_ran to gsm_subscriber_connection to indicate whether a conn is coming
in via 2G/GERAN/A-Interface or 3G/UTRAN/Iu-Interface. Prepares for Iu, but
also for libvlr to decide between GSM or UMTS Auth.
Until actual Iu support is merged to master, this indicator will aid VLR unit
testing.
At some point we may also add RAN_GERAN_IU; it's not on the agenda yet, but to
clearly distinguish the names if we want to add it, explicitly name the ones we
have RAN_GERAN_A and RAN_UTRAN_IU.
Change-Id: I93b870522f725170e4265a5543f6b680383d7465
Make NEIGH an array of Javascript objects, otherwise the JSON is not parseable
when neighbours exist
Change-Id: I42029f40bf357adbb2f3c71cdcbafbc21090e348
Remove the fuzzer interface that was partially implemented in
gsm_04_08.c and silent_call.c is causing problems when an
SMS is sent during an active silent call. The reason for this
is that gsm0408_dispatch() in gsm_04_08.c would decide to
rout all uplink traffic to silent_call_rx() in silent_call.c.
silent_call_rx() is a stub function that discards the data.
This patch removes the fuzzer interface code by placing ifdefs
around it, so that it can be re-activated by experimentators.
Change-Id: Id500197d58663b3f4b1756136343670388b0a4bc
Similar to a recent patch in osmo-python-tests for VTY based tests, but this is
for the Ctrl tests.
The TestCtrlBase tests gave a constant sleep(2) grace period for the process to
startup. This causes tests to take minutes for no reason at all.
Add code to TestCtrlBase to try and connect right away, retrying up to three
seconds in .1 second intervals. This flies through most tests without any
sleep() at all.
Change-Id: I06569767153838bd9cd3edac001df5f6c567874c
When running the testBSCreload test in close succession, I get a "Connection
refused" error because the socket is still in TIME_WAIT state. Passing the
SO_REUSEADDR flag allows reusing the addr despite a TIME_WAIT socket.
Change-Id: I941851b062999ab4b962430f7b27c19935993e0a
If a pdp context is created a xid request is sent right after
the pdp-context-ack message. The sending of the pdp-context-ack
and the xid message is triggered from the GGSN via the GTP
interface.
When the pdp-context-ack message is not received by the MS, it will
send the pdp-context-request again. A lost pdp-context-ack is resent
by the SGSN directly so that the mechanism described above does
not work for pdp-context-ack resents.
This commit adds code to trigger the sending of xid messages also
for resent pdp-context-ack messages.
Change-Id: Ice66790803154310a61a70a54be76cec539c97a7
On 'auth-policy remote', the SGSN requires GSUP server address and port. If it
was missing, the SGSN would print a VTY warning and run anyway. Make this error
more fatal: print an error (flattened a bit) to stderr and abort the program.
Move validation of the GSUP server data presence out of the VTY command itself
and into the config reading function. This way the GSUP server config can be
given anywhere, including below the auth-policy config (was required above).
Don't care about setting the auth-policy to remote with a telnet VTY, because
in that case the GSUP client won't be started anyway.
Change-Id: I4d8db910c32abd8579d3c9b9f0b2cb3a9a6dfe4c
The general infrastructure for UMTS AKA is already in place:
* GSUP with capability to send us auth_vectors that contain
either triplets or quintuples
* mm_context that holds such auth_vectors
Add:
* capability to send UMTS AUTN in GMM AUTH REQ
* parse extended UMTS RES
* on auth response, validate expected AKA with vector and received res/sres
* add Auth Failure message to receive resync AUTS token and
* send to HLR
* clear out-of-sync auth tuple
* enter new state for when we're waiting for HLR to resync and send new
tuples so that the next Auth Request will be handled
Original first half of this patch by: Harald Welte <laforge@gnumonks.org>
Full UMTS AKA procedure including AUTS resync tested to work against OsmoHLR
with R99 USIM and Milenage algorithm.
The sgsn_test.c needs adjustment because we're checking the vector's auth_types
now.
Depends: libosmocore change-ids
I277fb3d407396dffa5c07a9c5454d87a415d393f
If943731a78089f0aac3d55245de80596d01314a4
Related: OS#1956
Change-Id: Ie6a0cefba5e4e7f02cc2eaf6ec006ac07d5c1816
Each running test would open up another socket without ever closing unused
ones. Close the sockets after each test is done.
Change-Id: I0a42caab3bb8c9c9d04b033e4de9efe0ca8fd2af
Prepare for replacing gsm_subscriber with vlr_subscriber. vlr_subscriber will
not make sense to be used in gprs, so have a dedicated GPRS subscriber struct.
(Could change if the gprs code were to use libvlr; is currently independent).
Related: OS#1592
Change-Id: Ia8b391ee009c8545763cba04505be3947835120e
With the OsmoMSC program coming up, the name osmo_msc_data becomes even
more confusing than it already is. Clearly indicate it as libbsc's data of
a remote MSC by prefixing with bsc_.
Also, the Osmocom community has in the meantime agreed to have the osmo_
prefix only in libosmocore, to avoid naming conflicts in case things are
moved there. So while renaming anyway, also drop the osmo_ prefix.
Change-Id: I0dfbcb7d1a579211180f71319982820d8700afab
With the OsmoMSC program coming up, the name osmo_msc_data becomes even
more confusing than it already is. Clearly indicate it as libbsc's data of
a remote MSC by prefixing with bsc_.
Also, the Osmocom community has in the meantime agreed to have the osmo_
prefix only in libosmocore, to avoid naming conflicts in case things are
moved there. So while renaming anyway, also drop the osmo_ prefix.
Change-Id: I13554563ce9289de126ba0d4cf329bafcda35607
We're discarding the name OsmoCSCN for the benefit of OsmoMSC. But "CSCN" has
already crept into the master branch in two places; apply the rename.
See OS#1958
Change-Id: Ib4274eb3c172ada1fe7f05746740b456370bc93d
Each running test would open up another socket without ever closing unused
ones. Close the sockets after each test is done.
Change-Id: Ie433c8560de54f9a9d05fa07c44bae3126d19b30
Doesn't make sense to switch this to struct vlr_subscr when it isn't used at
all. So let's remove it.
Change-Id: Ifa5901f8bf1aed3981841d24d4ec8d659f3de7a9
In libosmocore, my patch was merged to master a bit too soon. To accomodate the
request for naming that matches the general "LOG" prefix instead of "LOGGING",
a fixup was committed to libosmocore. Adjust for that.
Original patch: change-id I5c343630020f4b108099696fd96c2111614c8067
The fixup: change-id I424fe3f12ea620338902b2bb8230544bde3f1a93
Change-Id: Ib2ec5e4884aa90f48051ee2f832af557aa525991
The LCHAN and BTS filter contexts are actually never used, so drop them until
someone adds them properly.
For now use only LOGGING_{FILTER,CTX}_VLR_SUBSCR. Some of these will change to
_BSC_SUBSCR once struct bsc_subscriber is introduced, and later on, struct
gsm_subscriber will be replaced by vlr_subscriber so that the names will match.
Depends: libosmocore change-id I5c343630020f4b108099696fd96c2111614c8067
Change-Id: Ifa82f6a461ad4c0eeddb8a38fb3833460432d16b
Handle Delete Subscriber Data GSUP message from HLR to disable Packet
Services for a given IMSI.
Change-Id: I6b9b494fa58bcb95bd550c49f8204f00f8fdf628
Related: OS#1645
To be paranoid, catch a NULL subscriber and/or bts in
subscr_update_expire_lu(): print an error log and avoid segfault.
(I'm not sure this would really happen in a normal situation.)
During aggressive testing of Paging timeout, I came across this segfault in
msc_release_connection() when conn->expire_timer_stopped is set but
conn->subscr is NULL, at the subscr dereference after:
if (conn->expire_timer_stopped)
subscr_update_expire_lu(conn->subscr, conn->bts);
I brought this situation about by a fabricated Paging fault, i.e. in
gsm48_rx_rr_pag_resp() return 0 and don't call gsm48_handle_paging_resp() at
all. Thus conn->subscr is still NULL when expire_timer_stopped is 1.
When looking at CM Service Request handling, the conn->subscr is set before
setting expire_timer_stopped = 1, which is a saner thing to do. But without my
mad 'return 0', there is in fact no way to have a NULL subscriber there.
It looks like all other code paths already do the same, but it's not that
obvious (e.g. _gsm48_rx_mm_serv_req_sec_cb()). So rather catch this case of
NULL conn->subscr, and while at it catch NULL bts as well.
Change-Id: I430dd952b2b928bea7f8360f1e01bb3cccb0a395
* add vty command to set E-UTRAN_PRIORITY, THRESH_E-UTRAN_low and
E-UTRAN_QRXLEVMIN according to 3GPP TS 44.018 Table 10.5.2.33b.1
* remove old command which does not support those parameters
Change-Id: I36dcc79f7b7a02036e74720923d0df1a2a2db504
Fixes: RT#8792
Log more data related to channel allocation:
- channel type
- number of paging attempts
- timers fired
Change-Id: Ib417a9c942c17b902dd80ff555cd9da5f91bff48
Since ce9fec3e896571835ac5bfd2980d6836f2b29f0d libosmocore ignores
parameters to log_vty_command_* functions. Hence parameter of
logging_vty_add_cmds() is ignored too. As we depend on much later
libosmocore version anyway, we can simplify code somewhat by removing
parameters which will be ignored anyway.
Change-Id: I62f752fd88f1d8fefa563648f9864c7c31f87991
This repository contains a C-language implementation of a GSM **Mobile Switching
Centre (MSC)** for 2G (GSM) and 3G (UMTS). It is part of the
[Osmocom](https://osmocom.org/) Open Source Mobile Communications
project.
OsmoMSC exposes
* *A over IP* towards BSCs (e.g. [osmo-bsc](https://osmocom.org/projects/osmobsc/wiki): 3GPP AoIP or SCCPlite
* *IuCS over IP* towards RNCs / HNBGW (e.g. [osmo-hnbgw](https://osmocom.org/projects/osmohnbgw/wiki))
* *MGCP* towards a co-located [osmo-mgw](https://osmocom.org/projects/osmo-mgw/wiki) for the RTP streams
* *[GSUP](https://osmocom.org/projects/cellular-infrastructure/wiki/GSUP)* (instead of 3GPP MAP) towards [osmo-hlr](https://osmocom.org/projects/osmo-hlr/wiki)
* *SMPP* towards any external SMS sending/receiving applications
* *[MNCC](https://osmocom.org/projects/osmomsc/wiki/MNCC)* as external call-control interface towards e.g.