It was discovered during OBS debian build that --enable-ui was not being
passed despite being defined. Comparing with other similar projects it
became clear that this override tag was not correct and it was being
omitted.
Change-Id: I0ad1009100fd7c2798bcf22aa84a0d90fbe41a55
The intention was to use the file's basename, but __BASE_FILE__ means "the root
file that is being parsed and contains #include statements".
If we had a function using __BASE_FILE__ and that was defined in an #included
file, __BASE_FILE__ would indicate the first file where the #include is, and
not the file where the function is defined. __BASE_FILE__ works for us because
we don't ever include function definitions that log something, so __BASE_FILE__
always coincides with __FILE__ for our logging; but still __BASE_FILE__ is
semantically the wrong constant.
Related: OS#2740
Change-Id: Icdf7af7a31fbba9197b3711eaf102fc0ae333bcc
The '.' is illegal character in counter names, as they are exported
via CTRL interface, where '.' has a special meaning that cannot be
used by strings comprising the variable name.
Change-Id: I66a7e044c027672adf77fbd6c0a111c43ee31b4f
This timer allows periodically cleaning up stale links in link-list of
each gbproxy_peer. Previous to this patch, this kind of cleanup
(gbproxy_remove_stale_link_infos) was being done only as a consequence
of external events being triggered, such as a message from that peer
being received.
It was found in a production network agreggating several BSS that some
of them were offline for a longtime but gbproxy was still caching big
amounts of really old link_info for the NSEI assigned to those BSS,
because since they were probably turned off abruptely, no new messages
were received from it which would trigger the cleanup.
As a consequence, it has been observed that a timer to periodically
clean up old entries (link-list max-age) is requird in case w don't
receive messages from that NSEI periodically.
Related: SYS#4431
Change-Id: Ic777016f6d4f0e30fb736484774ca46878f17b7a
It was discovered in some prod setups that some TLLIs can maintain quite
long queues of msgb in case its IMSI is not acquired and the tlli is not
pruned due to link-list max-{age,length} being set to 0. As a result,
the osmo-gpbroxy steadly increases the list size of maintained TLLIs, and
some TLLI was found without IMSI catching already 1211 msgb.
Let's allow setting a maxiumum length for the queue storing those msgb
in a per TLLI base. If the limit is reached, oldest msgb are removed
before adding a new one.
Depends: libosmocore Change-Id I33b501e89a8f29e4aa121696bcbb13d4b83db40f
Related: SYS#4297
Change-Id: I4473be8604f80302df03ffdd5a13280dc072f824
gprs_msgb_resize_area was introduced in libosmocore 0.94
(f78ec5ce0d0f6038147d9b9e14d81094309ba5d5) as msgb_resize_area. Let's use
that one to avoid code duplication.
Change-Id: Ib80f7b2b186d87f21d63d9b0bec58175170c905c
gprs_msgb_copy was introduced in libosmocore 0.94
(f78ec5ce0d0f6038147d9b9e14d81094309ba5d5) as bssgp_msgb_copy. Let's use
that one to avoid code duplication.
Change-Id: I42a65fd8e4045fafadf5694f2d8d0c5e7ab350a0
Reset the SGSN internal state. Useful when testing the SGSN via TTCN3.
Depends on the libosmocore commit:
I29b6ad6742ddf9b0b58b4af37d9a1cf18e019325
Change-Id: I92096f3f6ea49e75676e30e9921d00210bac5382
This seems to b remaining from ancient days. The code
in there is either no longer needed, or has been moved to libosmocore.
Change-Id: I9307f9da7f48dd0a2e1cb213072068736e569722
libosmogsm in libosmocore.git from Change-Id
Ie36729996abd30b84d1c30a09f62ebc6a9794950 onwards contains oap_client.c,
so we don't need our local copy here in this repo anymore.
Change-Id: I7b194f98ef3f925b6178d8a8dbd9fcf2f0c6e132
Requires: libosmocore.git Change-Id Ie36729996abd30b84d1c30a09f62ebc6a9794950
This check is not in all our repos that use git-version-gen. Indeed it
seems to be a leftover of openbsc where I think it wanted to ensure
being called in the openbsc subfolder or something? libosmocore e.g.
doesn't have it.
In any case .git being a directory is not always true (if using git
worktree) so remove this check.
Change-Id: I4385cc4fb87ca4354a3c608a18aa3d2eb03a744f
The '.' is illegal character in counter names, as they are exported
via CTRL interface, where '.' has a special meaning that cannot be
used by strings comprising the variable name.
Change-Id: I93a2e5b6ec66c9edb6e93d95032e788f552af44b
When PDP CTX CREATE ACK is received with an increased RestartCtr, cb_recovery2
is called first, which will dettach ggsn from al pdp ctx (free the
pdp_t). But when giving control back from the ctrl, libgtp still uses
that freed ctx and sends it back to osmo-sgsn through cb_conf().
As specs state in any case that we need to handle the message containing
the increased RestartCtr as valid, we then need to avoid freeing the pdp
ctx and leave handling for later in cb_conf.
Depends: osmo-ggsn (libgtp) Change-Id I53e92298f2f6b84d662a3300d922e8c2ccb178bc.
Change-Id: I0989c00e18ca95a099e1a312940eaac71957b444
Previous API freed the ctx immediatelly after sending the packet, which
triggered a call to cb_delete_context() and dropped the entire
sgsn_pdp_ctx before the PDP DEL CTX ACCEPT was received. This new API
won't free the pdp ctx and we can tear down everything once we receive
the ACCEPT in cb_conf.
cb_conf is not automatically freed at cb_conf, user needs to free it, so
we need to remove setting pctx->lib to NULL in cb_conf to avoid leaking the
pdp ctx, as it needs to be freed inside sgsn_pdp_ctx_free().
Depends: osmo-ggsn (libgtp) Change-Id I29d366253bb98dcba328c7ce8aa3e4daf8f75e6c.
Change-Id: I304c59de5d137b81de3c6df0fdbe911ae3dbd1f3
if pdp->ggsn==NULL, sgsn_addr was not initialized and caused asan report
during snprintf:
==19459==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fffffffbe31 at pc 0x7ffff6e563fe bp 0x7fffffffb130 sp 0x7fffffffa8a8
READ of size 31 at 0x7fffffffbe31 thread T0
...
Address 0x7fffffffbe31 is located in stack of thread T0 at offset 337 in frame
#0 0x55555573a7b0 in cdr_snprintf_pdp osmo-sgsn/src/gprs/sgsn_cdr.c:154
...
[320, 337) 'sgsn_addr' <== Memory access at offset 337 overflows this variable
...
Change-Id: I97bc56a4e3e76725eb2717b74b3ac125b68bbf0a
field pdp->num_T_exp was being reset to 0 every time
pdpctx_timer_start() was called from gsm48_tx_gsm_deact_pdp_req().
Take the chance to test max amount of retrans to 4 as detailed in specs.
Change-Id: Iacce3c66f61578ebee37abaa287f7e183f985c1c
Scenario and behaviour before this commit:
- Received Echo Reply from GGSN has incremented RestartCounter
- func sgsn_ggsn_ctx_drop_all_pdp() is called to dettach all pdp ctx
from GGSN and request the MS to deact all related ctx.
- DEACT ACCEPT is received from MS, and then it tries to send DEL PDP CTX
to GGSN, expecting to receive a Confirmation and only then freeing the
pdp ctx.
The problem is that since the initial cause of triggering was a GGSN
restart, the GGSN doesn't know anything about that pdp ctx anymore, so
it's not useful sending it. We can instead dettach the GGSN and libgtp
ref at drop_all_pdp() time and then when we receive DEACT ACCEPT from MS
we can free the pdp ctx directly.
Change-Id: I1c74098e181552c218e152bf4ac5035cea770428
According to 3GPP TS 24.008 Section 6.1.3.4, the tear down indicator IE
maybe included in the DEACTIVATE PDP CONTEXT REQUEST message in order
to indicate whether only the PDP context associated with this specific
TI or all active PDP contexts sharing the same PDP address and APN as
the PDP context associated with this specific TI shall be deactivated.
As we don't permit/support establishing multiple PDP contexts using
the same APN and PDP address, it shouldn't really make any difference.
Nevertheless, we want to clear everything, so let's include it.
Change-Id: Ia9bc2d0e93362a8473eac5cf4c7e8ffa41c79e5b
60 seconds is used by default, which is the minimum accepted value for
this timer as per 3GPP TS 29.060 section "7.2.1 Echo Request".
Having it low by default is good for lab use in which a lot of stuff
changes over time.
Change-Id: Ia1898d172482bf6a25d829f8fc9a47824f49456f
In sgsn_pdp_ctx_terminate, a pdp ctx is terminated and the mm ctx is
detached. However, T3395 may still be armed and then pdpctx_timer_cb
will trigger, and attempt to use the pdp->mm ctx which was already
detached (set to NULL) when calling
gsm48_tx_gsm_deact_pdp_req()->mmctx2msgid().
Following list of log lines shows the scenario+crash, in which osmo-sgsn
is trying to deactivate the ctx all the time but the PCU doesn't ACK it,
and then at some point the PDP context is forced released.
osmo-sgsn/src/gprs/gprs_gmm.c:2294 MM(901700000015254/d7e9ab95) <- DEACTIVATE PDP CONTEXT REQ
osmo-sgsn/src/gprs/gprs_gmm.c:1464 MM(901700000015254/d7e9ab95) -> GMM DETACH REQUEST TLLI=0xd7e9ab95 type=GPRS detach Power-off
osmo-sgsn/src/gprs/gprs_gmm.c:313 MM(901700000015254/d7e9ab95) Cleaning MM context due to GPRS DETACH REQUEST
osmo-sgsn/src/gprs/gprs_sgsn.c:332 MM(901700000015254/d7e9ab95) Dropping PDP context for NSAPI=5
osmo-sgsn/src/gprs/gprs_sgsn.c:434 PDP(901700000015254/0) Forcing release of PDP context
osmo-sgsn/src/gprs/gprs_sndcp.c:508 SNSM-DEACTIVATE.ind (lle=0x62100001bca0, TLLI=d7e9ab95, SAPI=3, NSAPI=5)
osmo-sgsn/src/gprs/sgsn_libgtp.c:310 PDP(---/0) Delete PDP Context
osmo-sgsn/src/gprs/gprs_gmm.c:2294 MM(---/ffffffff) <- DEACTIVATE PDP CONTEXT REQ
osmo-sgsn/src/gprs/gprs_gmm.c:305:25: runtime error: member access within null pointer of type 'const struct sgsn_mm_ctx'
Program received signal SIGSEGV, Segmentation fault.
0x0000555555698c1b in mmctx2msgid (msg=0x61d0000172e0, mm=0x0)
at /home/pespin/dev/sysmocom/git/osmo-sgsn/src/gprs/gprs_gmm.c:305
305 msgb_tlli(msg) = mm->gb.tlli;
(gdb) bt
#0 0x0000555555698c1b in mmctx2msgid (msg=0x61d0000172e0, mm=0x0)
at osmo-sgsn/src/gprs/gprs_gmm.c:305
#1 0x00005555556b170a in _gsm48_tx_gsm_deact_pdp_req (mm=0x0, tid=0 '\000',
sm_cause=38 '&')
at osmo-sgsn/src/gprs/gprs_gmm.c:2297
#2 0x00005555556b1a2e in gsm48_tx_gsm_deact_pdp_req (pdp=0x6140000008a0,
sm_cause=38 '&')
at osmo-sgsn/src/gprs/gprs_gmm.c:2311
#3 0x00005555556b876c in pdpctx_timer_cb (_pdp=0x6140000008a0)
at osmo-sgsn/src/gprs/gprs_gmm.c:2717
#4 0x00007ffff355eb3e in osmo_timers_update ()
at libosmocore/src/timer.c:257
#5 0x00007ffff356255c in osmo_select_main (polling=0)
at libosmocore/src/select.c:254
#6 0x00005555556f17cb in main (argc=3, argv=0x7fffffffe298)
at osmo-sgsn/src/gprs/sgsn_main.c:531
Change-Id: I2120e53ade6cabad37f9bd99e6680a453411821b
Before this commit, echo req/rsp logic was implemented in libgtp but
never used in osmo-sgsn.
This commit adds a timer which periodically sends a GTP ECHO Request to
every GGSN if there's at least one pdpd context associated with it. This
way by checking the restart counter in the ECHO Reply it can be known if
the GGSN was restarted. In this case, logic already present in osmo-sgsn
will terminate all pdp contexts associated with that GGSN.
Change-Id: I9d714726785407859f26bbef052cd0efc28e8dae
This way we can easily track all pdp context associated to a specific
ggsn, which is useful to handle some scenarios, such as the one
implemented in next commit, in which specs references that GSNs should
ping only other GSNs with at least one pdp ctx in common. So the list
of pdp ctx per GGSN is really useful too (and cheap computationally)
to check if we should arm or disarm the echo procedure timer.
So this commit can be seen as a preparation for next commit.
Change-Id: I3bbcc0883df2bf1290ba8d4bd70db8baa494087a
The message this test is trying to parse is indeed invalid.
Add a comment showing the message in decoded form, and assert
that the parser rejects it.
Also, add a missing call to cleanup_test().
Change-Id: I2a86432d080c38d3c95626372a0129499d7146dd
Related: OS#3178
The flag cannot be enabled in all cases because current osmo-iuh header
contain compilation warnings which are then propagated to this project
when building against them.
Change-Id: Ia4285a88af6d4adfba08c055c6734f9d82c1a5a4
This patch adds a control interface to osmo-gbproxy as well as the first
two commands to query the state of each NSVC and gbproxy peer.
The "nsvc-state" command replies with
nsei, nsvci, local state, role, remote state of all NSVCs.
The "gbproxy-state" command replies with
nsei, bvci, mcc, mnc, lac, rac, and state of each peer.
Entries are separated by a newline '\n' character. If there are no
entries an empty list is returned. This behaviour is similar to that of
the subscriber-list-active-v1 command in osmo-sgsn.
$ ./osmo_ctrl.py -d 127.0.0.1 -p 4263 -g nsvc-state
Got message: b'GET_REPLY 23 nsvc-state 101,101,DEAD,BLOCKED,SGSN,DEAD,UNBLOCKED\n'
$ ./osmo_ctrl.py -d 127.0.0.1 -p 4263 -g gbproxy-state
Got message: b'GET_REPLY 4871085901306801158 gbproxy-state '
Change-Id: I82c74fd0bfcb9ba4ec3619d9fdaa0cae201b3177
Ticket: OS#3281, SYS#4235
Sponsored-by: On-Waves ehf
Add a test which reproduces the parsing problem. Whether this problem
is due to an invalid message or a parser bug is yet to be determined.
Until then, this test helps with analyzing the problem further.
Change-Id: I39189701a57c785ffdacc3ae26d7aa93bb06cde6
Related: OS#3178
The detach type network side is defined as
- Reattach required
- Reattach not required
- IMSI detach (after VLR failure)
IMSI detach seems to be more close. Howeever the standard
isn't clear about this.
Change-Id: I27da6dc5165819cccd1ae0a98b132b45a01f38bb
There is no way to recover from "PROTOCOL_ERRORS".
As long the error_cause is not set, the
SGSN won't send out a GMM Request Reject.
Fixes: TTCN: SGGN_Tests.TC_attach_auth_sai_reject
Change-Id: Iefe8f05686ef4acac721f3c0672910704f3b0ff8
Store the established security context type (GSM or UMTS) instead of the
boolean flag is_authenticated. Provide the previous boolean query with thin
sgsn_mm_ctx_is_authenticated() function.
Knowing which security context was established will be necessary for OS#3224,
i.e. using the proper ciphering key, which is not yet tested properly, and
probably not correct at this stage.
This change will make new SGSN_Tests.TC_attach_umts_aka_gsm_sres pass.
Related: OS#3193 OS#3224
Change-Id: I36807bad3bc55c0030d4f09cb2c369714f24bec7
Particularly gbproxy_test.c had various mem leaks, which (will) show up with
gcc (Debian 7.3.0-15) 7.3.0 address sanitizer. Fix those leaks to verify that
we don't have memleaks in the production code.
Change-Id: Ia4204c8b3d895b42c103edecb61b99d3d22bd36f
Use the proper enum ranap_nsap_addr_enc instead of int, and properly exclude
that member when we're building without Iu support:
sgsn_vty.c:1323:31: error: passing argument 2 of ‘ranap_iu_vty_init’ from incompatible pointer type [-Werror=incompatible-pointer-types]
ranap_iu_vty_init(SGSN_NODE, &g_cfg->iu.rab_assign_addr_enc);
Add const to a local var to silence compiler warning retrieving TLVP_VAL:
gprs_gmm.c:1657:18: error: initialization discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers]
uint8_t *mi = TLVP_VAL(&tp, GSM48_IE_GMM_ALLOC_PTMSI);
^~~~~~~~
Change-Id: I1168ce6425c31db3f6c3bf1f3682ae96b028c59b
Like we did in osmo-sgsn in If804da17a7481e79e000fe40ae0d9c4be9722e61, move
from 'osmo_gbproxy.cfg' to 'osmo-gbproxy.cfg' as default config file name.
Still look for the legacy file name to not break old setups.
Change-Id: I9448908d94a23001f04b6334a78739a839b91313
Pau Espin
Neels Hofmeyr
Harald Welte
Daniel Willmann