Be consistent with osmo-ggsn, and set the state dir to
/var/lib/osmocom/osmo-sgsn. Without this patch, it defaults to the
current directory, which means in case of running with the systemd
service, /var/lib/osmocom.
Copy osmo-sgsn.cfg and osmo-sgsn-accept-all.cfg to the tests dir and do
not set the state-dir there. Usually the user that runs the VTY and CTRL
tests is not allowed to write to /var/lib/osmocom. (I've also tried
generating these on the fly, but that breaks in 'make distcheck', as I
would need to write to the source dir or would need to change
osmo-python-tests etc. to read the config file from another directory.)
Related: osmo-ggsn I5b51529b4f8bd2462e54f58a1ce2e2d7c76ff46a
Depends: osmo-python-tests Ic312d546da1c21f68a80b6a188616ef9bc84f4c6
Change-Id: I309807ff0bc125d4653222b2b4ba69ded3bbff70
Remove SysV init scripts. These are not really maintained anymore and
this makes it consistent with other Osmocom projects.
Avoids synchronizing with SysV scripts on debian:
# systemctl enable osmo-gtphub
Synchronizing state of osmo-gtphub.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable osmo-gtphub
Change-Id: I9008944369314a4cbb345bfbf01bdb57aa7590fb
Prepare to change the state-dir in the default config in a follow-up
commit. Create the directory if it does not exist.
Change-Id: I8db4898cdaa2fcbd6bbf7c543764b9cdf828de83
Do not attempt to change permissions/ownership if the package gets
upgraded from a version higher than the next release.
Do not fail if the user deleted the config file.
Be verbose when changing permissions.
Related: OS#4107
Change-Id: I2b01a7625cf66fbb7d203f939ddcc1cbab43cf33
As was reported in OS#6442, nano3g S16 is unhappy when CS and PS
domains use different UEA configuration for simultaneous RANAP
connections. Bring osmo-sgsn in sync with osmo-msc to avoid this.
Change-Id: I4eb9451b4267fc1436ed90a55ff200cf36f16bf6
Related: OS#6442
* Explicitly chown /var/lib/osmocom to osmocom:osmocom, instead of
relying on systemd to do it when the service starts up. This does not
work with the systemd versions in debian 10 and almalinux 8.
* deb: Use "useradd" instead of the interactive "adduser" perl script
from Debian. This makes it consistent with how we do it in rpm, and
avoids the dependency on "adduser".
* deb: Consistently use tabs through the file, instead of mixing tabs
and spaces.
* deb: Remove support for the "dpkg-statoverride --list" logic. This
seems to be a rather obscure feature to override permissions for
certain files or directories, for which it does not seem to be a good
idea to make the postinst script less maintainable. Something similar
can be achieved by using your own Osmocom config file in a different
path with different permissions.
Related: OS#4107
Change-Id: I406ff0d625b02991d580c8382aa4be04dba45a00
This turns errors like:
DMM ERROR MM(262420000000038/e2ff704e) Stopping MM timer 3350 but 0 is running
into warnings with a more accurate reason:
DMM NOTICE MM(262420000000037/e2ff704e) Stopping *inactive* MM timer 3350
Change-Id: I56ecad9d8f1049974b0896f6d0e7fc61580155ec
Add the missing "%if 0%{?suse_version}" around %service_del/add
commands, as these are only available on opensuse.
Fix for:
error: line 106: Too many names: %preun -n osmo-gtphub %service_del_preun osmo-gtphub.service
Fixes: a07e6d9c (".deb/.rpm: add osmocom user during package install")
Change-Id: I89802f926bfccc0f7b4bb1ff64115b232b1db022
Create osmocom user & group during package installation.
Fix the configuration dir/files permission to match.
Related: OS#4107
Tweaked-By: Oliver Smith <osmith@sysmocom.de>
Change-Id: I55ce205d4b314d01b2641c8f3d52455c051d6282
This also makes sure it doesn't compile against older libosmogsm gsup
versions which would break ABI.
Change-Id: I0d03d368e73ab62ec631420769f6af91f2ff9987
Related: OS#6091
Depends: libosmocore.git Change-Id 70be3560659c58f24b8db529c4fc85da4bb0ec04
At the moment we parse the RAN TRANSPARENT CONTAINER to look at the
destination RIM ROUTING INFORMATION. This is not correct. The SGSN
should not decode the RAN TRANSPARENT CONTAINER and use the RIM ROUTING
ADDRESS / RIM ROUTING ADDRESS DISCRIMINATOR IE to make the routing
decision.
Related: OS#6095
Depends: libosmocore.git Ibca1f08906c4ffeecdae80d4e91c6c7b05fe4f8a
Change-Id: Ifd2b915ed2f05130cff8ee77714b82005c17de3d
When we forward RIM messages from GTP to BSSGP, we do not have to check
the origin of the message since it does not matter from which origin the
message came when we are forwarding it.
Related: OS#6095
Change-Id: Iea8176dcfe64c25d207bafc0ef61ca9d9ad415be
There is no point in checking the MME any further. When the message has
reached this code path it is about to be forwarded to BSSGP, so the MME
does not play a role in the following code pathes.
The check also relys on the source RIM ROUTING INFORMATION IE inside the
RAN TRANSPARENT CONTAINER, which we are not supposed to decode.
Change-Id: I97c89aeb11537ae54d1fbea48c75619d8a92af61
Related: OS#6095
The DRX params where already parsed in GMM Attached Req and transmitted
to PCU over BSSGP DL UD packets, but it was not being updated if the MS
changed it during RAU Req.
TS 24.008 9.4.14.3 DRX parameter:
"This IE shall be included if the MS changes the access network
from GSM to UMTS, or the MS wants to indicate new DRX parameters
to the network."
Change-Id: I1dd7f8f161280dd017c337eacc3aa2be4ccd65ea
As per 3GPP TS 24.008:
* 10.5.1.2 Ciphering Key Sequence Number
* Table 9.4.9/TS 24.00
The IE is so far being encoded manually, hence why it worked fine until
now.
Change-Id: Ic220113f30377a14cbe3550a04cd04f3caef49cf
This option should be used for any executables which are used only
for testing, or for generating other files and are consequently never
installed. By specifying this option, we are telling Libtool that
the executable it links will only ever be executed from where it is
built in the build tree. Libtool is usually able to considerably
speed up the link process for such executables.
Change-Id: I8af6a38d7abbf06aa8268981c80c3bfda2f80a27
The load of plugins will eventually be moved to libosmo-gprs
implementation, and path will be passed as a parameter. Once it's moved
inside libosmo-gprs, it will be more strict on load failures, which can
cause internally if the path doesn't exist (unless NULL is passed).
Hence, add a VTY config to allow configuring the right path, and have it
disabled by default.
Change-Id: I4f965c7afafa193f4d7486750dd3e43cca22bb65
Some level of split already existed, like sgsn_auth.c, but headers were
entangled together.
Let's clearly separate application centric code (sgsn.c/h), auth related
code (auth.c/h) and mmctx related code (mmctx.c/h).
Change-Id: I048a082851c1275c959649942904205b02acce2a
It is only really needed to import define GSM_APN_LENGTH, which is
actually also available in libosmogsm. Hence simply use the one from
libosmogsm.
Change-Id: I4c6110feeeaa1adfb6b1f0147eeb56dfe34636ec
sgsn.h is the main header containing all misc app related contents.
This is another step towards shrinking gprs_sgsn.h mess.
Change-Id: I80e3a68e2e368d8c73135c850e4728bdf6cf5f09
This way pdp contexts are managed by the lifcycle of the main global struct
sgsn_instance automatically.
Change-Id: I725218fd54adcc68dceded5eb43675f25771bb96
This further shrinks the mess in gprs_sgsn.h, and allows to easily see
layer violations (like pdpctx.c requiring llc.h)
Change-Id: Iad4da06efee7d8514ff48423bdaebc0f26413cc1
Move them to the correct header where they belong, so that the all the
related protocol stuff is placed together.
Change-Id: I9052f48a0af125bb445194f4ae94ebbe49508fda
Beforehand the function handling the LL-UNITDATA primitive from LLC was
already submitting the packet to GTP code which had an SNDCP related
name, so everything was really confusing and layer separation was not
clean.
Change-Id: Ia544a9dd4c0c7647b0c1b64ca110351f40820618
The functions driving its lifcyecles are already in gprs_subscriber.c,
and are used mainly by functions in the same file, hence move it to the
related header to further shrink gprs_sgsn.h.
Change-Id: Iff7be91af130a3317d57d3649c17e3d5d2540e7a
This allows further shrinking of gprs_sgsn.{c,h} and also being able to
use GSM_APN_LENGTH on different headers easily (needed by follow-up
patch).
Change-Id: Id225ed8b84e1376f4a30f17dd4b153b6b1a6efa8
Rework initialization and destruction of several sgsn subsystems to be
allocated & released together with the struct sgsn_instance.
This makes it easier to destroy and recreate the entire context and
allows us to start moving global variables scattered around to be under
struct sgsn_instance.
Change-Id: Idf60519b8e475b94d38bbb69e737132a5afaefab
It will be used to store all stuff relatd to libgtp use and GTP
protocol, similar to what we already do for other protocols.
Change-Id: I4aae35cd0ea401856cd822cb507d668350d07a89
Similar to what we already have for struct sgsn_mme_ctx in
gtp_mme.{c,h}.
This is just the nth step of properly splitting different
protocol layers, data model, etc.
Change-Id: Iad1895f09e43e299df7bb126bf52fdb98268392e
That function is only used in the test. Let's hence move the function to
the same test file in order to simplify osmo-sgsn code.
Change-Id: I69d80810362d75eb93974af34f61639514f99f8a
All remaining code in that file is NS protocol related, hence let's
rename it so that we end up with one file per protocol in the Gb stack.
Change-Id: I8312c8a70d60cab48764950c5b57ca02964e9db2
This leaves only NS protocol related code in gprs_gb.[c,h], which will
be renamed to gprs_ns.[c,h] in a follow up patch.
Change-Id: I3dcbe1d0f75cb91ec8b700e239e2ba16fff030a2
Right now there's no much code there since the related code is totally
entangled with the LLC one.
This will eventually change in the future when we switch to use
libosmo-gprs.
Hence, this commit is a preparation to have already some place to put
new BSSGP specific code in the future.
Change-Id: I816396ab5ccb86032bbc21b41a959934a7768780
That big file is really only used by tests/sgsn/sgsn_test nowadays, so
let's keep it out of osmo-sgsn app code base.
Change-Id: Ia5a639832f52b2f015a2800bd0d94a28d7bc689b
Change bind-to-ggsns from 127.0.0.2 to 127.0.0.20, so osmo-gtphub's
default config does not confligt with the osmo-ggsn default config. This
change is for the effort of making the configs of all Osmocom programs
not conflict with each other.
A similar change was made in Id892e1f4ab2daabbe9824b819b5fed985373b97a
with bind-to-sgsns.
Related: OS#5817
Change-Id: I57ee457b62139d831707b6ebd6baaea8d33c2d9c
Log an error message and drop the packet instead of asserting if
mm state fsm is in ST_MM_IDLE while the gmm fsm is in
ST_GMM_REGISTERED_NORMAL.
Fixes: OS#5725
Change-Id: I9dab98917c622b36dae22399bb359d747a598208
Now that the warnings in osmo-iuh have been fixed, we should be able to
build the IU version of OsmoSGSN with --enable-werror too.
Related: OS#4462
Change-Id: I8cc4e209e21acfe513bef72927499f1ccdead783
The FSM might be moved out of ST_GMM_COMMON_PROC_INIT state either
by E_GMM_ATTACH_SUCCESS or by E_GMM_COMMON_PROC_SUCCESS events
which are not mutually exclusive. Hence the later event will arrive when we're already in
the ST_GMM_REGISTERED_NORMAL state.
Let's have both events permitted to keep the logs clean from useless error.
Related: OS#5349
Change-Id: Ia97b50aac6c665812ddca9010de7f97b17b78bd5
The gtp_set_cb_recovery3() is similar to gtp_set_cb_recovery2()
with extra parameter representing GSN.
Change-Id: I8b46cf8c52e36b0312eddf37f3e136662b95732e
By default systemd will execute service with root directory (or home directory for user instance) which might result in
attempts to create files in unexpected place. Let's set it to 'osmocom' subdir of state directory (/var/lib for system instance) instead.
Related: OS#4821
Change-Id: I950d84853c6737276d02b3275127b499ae567c38
* convert to markdown syntax
* bring in-line with other osmo-* README.md files, in terms of
links to git, mailing list, manuals, etc.
Change-Id: Ia4a4329c6ef6b8c833aa26832776dad662cdc7e9
When using 'check_PROGRAMS', autoconf/automake generates smarter
Makefiles, so that the test programs are not being compiled during
the normal 'make all', but only during 'make check'.
Change-Id: I8118ee3d3da9bdcd0c691471ef91b95dba21004a
Add vty 'encryption uea 0 1 2', defaults to 'encryption uea 0' to yield
previous behavior.
If any UEA above 0 is enabled, include the UEA key in the Iu Security
Mode Command.
I noticed that only the code bit in st_iu_security_cmd_on_enter()
affects the test. The same code in gsm48_gmm_authorize() seems to be
dead code? But applying the patch there as well just to be safe.
We cannot yet verify the chosen UEA to match a configured UEA level,
because the iu_client.c does not send us message details with the
RANAP_IU_EVENT_SECURITY_MODE_COMPLETE.
Also we cannot yet send the set of configured UEA to the hNodeB, since,
again, iu_client.c does not provide the proper API for it.
The proper solution here is to completely dissolve iu_client.c and do
all Iu handling in osmo-sgsn itself -- see OS#5487.
Related: SYS#5516
Related: I1a7c3b156830058c43f15f55883ea301d2d01d5f (osmo-ttcn3-hacks)
Change-Id: I27e8e0078c45426bf227bb44aac82a4875d18d0f
will add uea_encryption_mask, and find that the name
'cipher_support_mask' is not concise enough.
Related: SYS#5516
Change-Id: Ie8d4a0534c5b751f698bce425427bb1d28ddea31
This reverts commit 4bd931f96d.
The commit was wrong, and previous code is correct.
Relevant specs:
* TS 29.060 7.7.34 Quality of Service (QoS) Profile
* TS 24.008 10.5.6.5 Quality of service
As can be seen in TS 24.008 10.5.6.5, OSMO_IE_GSM_REQ_QOS never comes
with the the ARP byte prepended. This is actually always prepended when
sending the GTP message, as explained in TS 29.060 7.7.34.
As a result, the Qos Service sent in Create PDP Context Request sent to
the GGSN contained wrongly formatted Qos Profile IE, which was observed
checking wireshark with a real phone. This was found due to open5gs-smfd
being more strict about the possible lengths of the IE, since the
wrongly formatted IE send in GTP had length=14, which is incorrect due
to folllowing TS 24.008 10.5.6.5 wording:
"Octets 15-22 are optional. If octet 15 is included, then octet 16 shall also be included, and octets 17-22may be
included."
In this case, due to the wrong format it was seen as including octet 15
but not 16.
Change-Id: I4fc5ab823a27d27482858a7459337a2f8ae593c3
Related: SYS#5793
Remove the paragraph about writing to the Free Software Foundation's
mailing address. The FSF has changed addresses in the past, and may do
so again. In 2021 this is not useful, let's rather have a bit less
boilerplate at the start of source files.
Change-Id: I9bc57a7152015e0f37e3d1573921d6d5d3c0449b
Fix crash in vty_dump_sne when sndcp->lle has already been deallocated.
Context:
* sndcp->lle is set only once in gprs_sndcp_entity_alloc()
* sndcp->lle is a struct gprs_llc_lle, which gets allocated and
deallocated together with struct gprs_llc_llme. From gprs_llc.h:
struct gprs_llc_llme {
...
struct gprs_llc_lle lle[NUM_SAPIS];
Fixes: OS#4824
Change-Id: I707029f78222bc6335837241e5a08c54c5ae6eb3
Do not turn some compiler warnings into errors by default. This patch
was added before --enable-werror was available.
We build with --enable-werror during development and in CI. If the code
is built with a different compiler that throws additional warnings, it
should not stop the build.
This reverts commit 34f012639d.
Related: OS#5289
Change-Id: I24e0a0d7f93f196dc642e37b03f68464024c09d4
We were not handling the case of PDP_TYPE_N_IETF_IPv4v6
in gprs_pdpaddr2str() and showed "invalid" for these addresses.
Depends: libosmocore Change-Id: I1f82f9d8fc13dcc4474760329bd74ae9685b9031
Change-Id: Id36b7520677e4a0af40d05dc503b26d1b0b74a26
Use list_first_entry_or_null instead of llist_first, which has been
present in libosmocore since the 0.10.0 release.
Use llist_last_entry instead of llist_last (also present since
libosmocore 0.10.0). This macro does not have a check for an empty
list, however the only user is already checking for an empty list
before using the macro.
This solves a build error, as llist_last was defined in libosmocore
Icf455bf6ba9d60bd311af17c9e80febaa42cacc9 (should probably be reverted
for backwards compatibility with previous osmo-sgsn versions?):
gtphub.c:68:0: error: "llist_last" redefined [-Werror]
#define llist_last(head, type, entry) \
In file included from /build/deps/install/stow/libosmocore/include/osmocom/core/timer.h:46:0,
from /build/deps/install/stow/osmo-ggsn/include/gtp.h:17,
from gtphub.c:32:
/build/deps/install/stow/libosmocore/include/osmocom/core/linuxlist.h:245:0: note: this is the location of the previous definition
#define llist_last(head) (head)->prev
Change-Id: Ia0496c24386cd13b1e9e604aa2d425d3fa28d352
The old command is deprecated since [1] has been merged.
Change-Id: Iac985f373de98206fdfb3196295ebec160189780
Related: [1] Ie6700c4e9d2df1eb5fde1b971e287b62668cc2de
Related: SYS#5324
The vty is randomly including the pdp context when the vty
command 'show mm-context all' is issued without the pdp
parameter.
I do not know why, but I assume that relying on a true/false
test of argv[0] has unpredictable results.
Change-Id: Idcde4dd30a39625b24a1c3a38901349875e0949a
MMEs connect over Gn interface using GTPCv1 towards the SGSN in order to
exchange RIM PDUs by using "RAN Information Relay" GTPCv1 message type.
For more info, see 3GPP TS 29.060 sec 7.5.14.1 "RAN Information Relay"
In order to support it, this commit does the following:
* Uses new libgtp APIs to rx and tx RAN Information Relay messages. The
same "gsn" object is reused, ie. the local GTPCv1 socket address used
for exchanging messages against GGSN is reused.
* Adds a new "sgsn_mme_ctx" struct holding information about MMEs
allowed by the SGSN, each one containing information about the GTP
address it uses, the in/out routing based on TAI requests, etc. The
set of MMEs and their config can be set up using new VTY node introduced
in this commit.
* The RIM related code in SGSN is refactored to allow forwarding from
and to several types of addresses/interfaces.
Depends: osmo-ggsn.git Change-Id Iea3eb032ccd4aed5187baca7f7719349d76039d4
Depends: libosmocore.git Change-Id I534db7d8bc5ceb19a2a6866f07d5f5c70e456c5c
Related: SYS#5314
Change-Id: I396450b8d8b66595dab8ff7bf41cbf964bb40d93
The E_(P)MM_IMPLICIT_DETACH event was actually sent and handled when the
UE was considered to be detached, no matter the reason, be it due to
implicit detach, or Detach Request received, etc.
So, let's properly name the event to avoid confusions in the code.
Related: SYS#5389
Change-Id: I224ea9db80b4d96696934cea06349dab036f919b
Let's always send the event to the FSM and keep logic of whether it's a
good event to sent or not inside the FSM, not in the caller.
The logic is kept the same: if the event is not expected (not handled),
keep forcing free of the IU connection.
In theory this should never happen since only a PMM in Connected state
should have a established connection (hence only a PMM in Connected
state can have it released). In any case let's keep the safety check,
but let the FSM receive the event and log an error about unexpected
event, which is more interesting from debug point of view.
While at it, clean up the related logging line: There's no need to print
the imsi explicitly, since LOGMMCTXP already does it. Furthermore, print
the exact low level event which triggered the code path.
Related: SYS#5389
Change-Id: I45017562ea7f27c2248b7de56f99ce7ca88e89b2
This Iu timer is Osmocom specific, but is made to resemble T3314
timer from GERAN (also named READY timer).
The idea of this activity timer was to arm it whenever PMM state
transitions to CONNECTED, and then rearm it every time there's some
sort of activity, until there's none for some time, then we send a
Release Command to close the conn with the HNGBW/RNC. That's the
same principle as per spec-defined READY timer T3314.
However, there's still a fundamental problem with it: GTP-U in
GERAN passes through the SGSN, but in UTRAN, the GTP-U stream
goes directly from the HnodeB to the GGSN. Hence, there's no proper
way to re-arm this timer upon activity in UTRAN, basically because
the SGSN will never see (userplane data) activity. That explains why
the E_MM_PDU_RECEPTION event exists for mm_state_gb_fsm, but doesn't
exist for mm_state_iu_fsm.
As a result, the timer is currently never rearmed, which means it
will transition to IDLE always after 44 seconds (default value) once
it went into CONNECTED state.
In UTRAN, there is a SCCP connection for each subscriber between
RNC/hNB and SGSN. If the subscriber is no longer in the respective
state, the RNC/hNB should release that IuPS SCCP connection, whcih
in turn means the SGSN cleans up its state.
Furthermore, SCCP has a built-in IT (inactivity timer). So should
the RNC/hNB die, that timer would time out, and the SGSN-side local
SCCP stack (provider) wold send a RELEASE.ind for that connection
to the user (SGSN).
TLDR; this timer is not really needed and cannot be implemented
properly in UTRAN, so let's remove it.
Related: OS#5116
Change-Id: Ibc71829e417bf2dd0c27deb842369dd4f17010d6
This Iu timer is Osmocom specific, but is made to resemble T3314 timer
from GERAN (also named READY timer). The READY timer mission is to make
the MM state transition from READY to STANDBY, which in PMM (UTRAN)
matches the transition from CONNECTED to IDLE.
Instead, the patch introducing the timer was making it transition to
DETACHED directly, but this was clearly not the intention:
* Detaching a UE after 44 seconds (default value for T3314) is overkill.
* The comment describing it says: "Iu User inactivity timer. On expiry
release Iu connection". The release of Iu connection happens during
the CONNECTED->IDLE transition (that's basically the difference between
both states).
The transition CONNECTED->IDLE is done by means of calling
sgsn_ranap_iu_release_free(), which will eventually answer with a event
RANAP_IU_EVENT_IU_RELEASE from lower layers when the Release Complete is
received. At that point, osmo-sgsn code frees the connection and
transitions to IDLE state. This way we maintain the state according to
the connection existance.
Related: SYS#5389
Related: osmo-iuh.git Change-Id Iac822c74e56750dc40e94573eae0e20853ff68c0
Fixes: 3bad31bcb4
Change-Id: I7279102ad51b0c39eb6d04c129986984112d15cc
It can happen that the MS tries to attach while SGSN's MM Iu state is
ST_PMM_IDLE (eg because UE was hard rebooted). Since Attach is a
specific case of getting a Connection Established, also allow it as a
trigger to transit to state ST_PMM_CONNECTED.
Related: SYS#5389
Change-Id: Ia74a062ddc3052faad569f1428f0ddd02e5b188d
Attach event should only be triggered by rx Attach Request, not other
messages. Furthermore, currently E_PMM_PS_CONN_ESTABLISH is defined and
expected in FSM but not sent by anyone.
Also, The opposite transition is done by E_PMM_PS_CONN_RELEASE:
"""
MM_STATE_Iu(0)[0x81379b0]{Connected}: Received Event E_PMM_PS_CONN_RELEASE
MM_STATE_Iu(0)[0x81379b0]{Connected}: state_chg to Idle
...
MM(001010123456063/c8b8bd08) -> GMM SERVICE REQUEST MI(3367550216) type="signalling"
MM_STATE_Iu(0)[0x81379b0]{Idle}: Received Event E_PMM_PS_ATTACH
MM_STATE_Iu(0)[0x81379b0]{Idle}: Event E_PMM_PS_ATTACH not permitted
"""
Related: SYS#5389
Change-Id: Ica00891f91834522f4dea2508b62af34e4c4eca7
Due to whatever errors, the MS may re-init the Common Procedure by
retransmitting a GPRS Attach Request while we are for instance aiting
for Identity to be resolved.
See this log:
MM(---/ffffffff) -> GMM ATTACH REQUEST MI(3903513414) type="GPRS attach"
GMM(gmm_fsm)[0x8136110]{Deregistered}: Allocated
GMM_ATTACH_REQ_FSM(gb_gmm_req)[0x81383c0]{Init}: Allocated
MM_STATE_Gb[0x8138ac0]{Idle}: Allocated
MM_STATE_Iu[0x8138bb0]{Detached}: Allocated
GMM(gmm_fsm)[0x8136110]{Deregistered}: Received Event E_GMM_COMMON_PROC_INIT_REQ
GMM(gmm_fsm)[0x8136110]{Deregistered}: state_chg to CommonProcedureInitiated
GMM_ATTACH_REQ_FSM(gb_gmm_req)[0x81383c0]{Init}: Received Event E_ATTACH_REQ_RECV
GMM_ATTACH_REQ_FSM(gb_gmm_req)[0x81383c0]{Init}: state_chg to CheckIdentity
MM(/fba673a2) <- GPRS IDENTITY REQUEST: mi_type=IMEI
UE(0x2){001-01-10422-99} Received GSM 04.08 message type 0x16, but no MM context available
GMM_ATTACH_REQ_FSM(gb_gmm_req)[0x81383c0]{CheckIdentity}: Timeout of T3370
MM(/fba673a2) <- GPRS IDENTITY REQUEST: mi_type=IMEI
[Failure to handle GSM48_MT_GMM_ID_RESP and subsequent retransmission of GPRS IDENTITY REQUEST happens a couple times here]
MM(---/ffffffff) -> GMM ATTACH REQUEST MI(3903513414) type="GPRS attach"
GMM(gmm_fsm)[0x8136110]{CommonProcedureInitiated}: Received Event E_GMM_COMMON_PROC_INIT_REQ
GMM(gmm_fsm)[0x8136110]{CommonProcedureInitiated}: Event E_GMM_COMMON_PROC_INIT_REQ not permitted
GMM_ATTACH_REQ_FSM(gb_gmm_req)[0x81383c0]{CheckIdentity}: Received Event E_ATTACH_REQ_RECV
[Here IDENTITY REQUEST is sent again, and this time MS answers ID RESPONSE back and goes forward]
Related: SYS#5389
Change-Id: I93d7d6bc694c84223a11d075d24c234b82b73389
This logging category has been removed completely in [1], and now
osmo-sgsn fails to start with old configuration files:
There is no such command.
Error occurred during reading the below line:
logging level ns info
Let's accept it and print a deprecation warning.
Change-Id: I2036170af41db89484c299e18e0b703c97427dc1
Fixes: [1] Ia4723ab344ad6a1927029a2d5d0dda020266b39d
When we switched to the libosmogb NS2 implementation, we should have
removed the DNS category, as NS2 uses DLNS internally and hence DNS
is unused.
Change-Id: Ia4723ab344ad6a1927029a2d5d0dda020266b39d
Closes: OS#5058
We must have initialized e.g. the NS protocol stack before calling
handle_options(), as that might want to dumpy the VTY XML, and it
can obviously only dump those nodes that are registered at that
point.
Change-Id: Icd1b8fb3f466cdace67ff0d4f7c85183d8266c41
Move 'doc' subdir further down to "make sure" the osmo-bsc binary is built
before the docs
Rremove sgsn_vty_reference from the source tree.
In manuals//Makefile.am use the new BUILT_REFERENCE_XML feature recently added
to osmo-gsm-manuals, and add a build target to generate the XML using the new
osmo-sgsn --vty-ref-xml cmdline switch.
Change-Id: Ied75fdd13283aa592350994fb4febce06c213d3a
Depends: I613d692328050a036d05b49a436ab495fc2087ba
msgid2mmctx() was already being called for signalling messages in
gsm0408_gprs_rcvmsg_gb() before calling gprs_gb_recv_pdu(), but it was
not called in sndcp_llunitdata_ind().
Let's move msgid2mmctx() inside gprs_gb_recv_pdu() since we want to
always update the nsei+bvci, regardless of message containing data or
control content.
This commit fixes the scenario where an MS changes to a new cell (PCU)
and then continues transmitting UL data. Prior to this patch, the SGSN
kept sending DL content to the old cell (PCU nsei+bvci) instead of the
new one even after the MS transmitted Ul content fro mthe new cell.
Related: SYS#4909
Change-Id: I2c14e1d65575f54212924f7c5f0a2f4c1b76ec81
The SGSN currently does not forward BSSGP RIM messages.
Related: SYS#5103
Depends: libosmocore Icd667f41d5735de56cd9fb257670337c679dd258
Change-Id: I6fde8ab8955660b48000ca1b650cfc7c7b2e24ba
The call gprs_ns2_dynamic_create_nse has been removed because it
was a workaround for the old/dropped vty api.
Depends-on: Ie924ead6da17657f3da334068c8ada82c8845495 (libosmocore)
Change-Id: Ie636cfd18d6d43da0e42f2c2de68dfa5c571d55c
Change the whole vty configuration for NS to be more flexible
and support more setups. Old configurations are invalid.
API change which must be synchronized with libosmocore
For further information see:
https://osmocom.org/projects/libosmocore/wiki/Network_service_(NS)
Depends-on: I8c3f2afecc74b78f7f914f7dce166cbcb63444eb (libosmocore)
Change-Id: Ie9306ab4d4738c2c57a69987086e22771b30657e
The gprs_ns2_vty2 has been renamed to gprs_ns2_vty. The old
vty has been complete dropped.
API change which must be synchronized with libosmocore.
Depends-on: I8c3f2afecc74b78f7f914f7dce166cbcb63444eb (libosmocore)
Change-Id: If5bd6b86e130772e6c93d640b0c637985416136d
Mostly just change the chapter so it makes sense for gbproxy. Some todos
are still left
Change-Id: I905835c2be7be43fe376fbc9d743107948c7e6d4
Related: SYS#5115, SYS#5005
* Remove mention of features that are no longer supported
* Update the data model
Related: SYS#5115, SYS#5005
Change-Id: Icb9095f4002f2a0a4562fccecae109075cb93c7b
The last remaining functin of the SGSN code base we used was
gprs_gb_parse_tlli().
Let's simply copy this function over and become self-contained.
This would allow migrating osmo-gbproxy to a separate repository.
Change-Id: I6f3f86581b47ad71a3d97f07611a2e2709876d69
All gprs_ns2 enums have now GPRS_NS2 as prefix.
API change which must be synchronized with libosmocore
Depends-on: I548ff12f7277cbb7e1a630a3dc02b738ce89be72 (libosmocore)
Change-Id: I1af704cdd62ddaff4304479b837dc185b80d7dd6
If a radio status message contains a TMSI it should be routed as if it
was a TLLI. Convert the TMSI to (foreign) TLLI so NRI-routing works.
Both foreign and local TLLIs are routed the same.
Fixes: OS#4954
Change-Id: Ifd64f02fa16b44f8e2e19eb8ba973f50a829ead5
Some code was missing to support PAGING_REJECT and DUMMY_PAGING_PS over both PTP
and signalling. This commit adds the missing pieces, notably:
* Use and route according to the IMSI cache for paging on PTP
* Ensure DUMMY_PAGING_PS is broadcast if no routing area is included
Change-Id: I7243e0d4470cb62fa6db36d26002ccd6542b5147
Related: OS#4951, OS#4472
DPCU is defined in debug.h, but never registered as log subsystem,
so we shall not use it. Also remove other similar "orphan" log
subsystems from debug.h
Change-Id: I8be54ee49e10d4004128352613923c4700063aa3
When SGSN pooling is enabled we need to route some responses based on
IMSI back to the correct SGSN, e.g. PAGING_PS_REJECT.
The IMSI cache keeps track of this IMSI <-> NSE(SGSN) mapping.
Change-Id: If0a8d6cc1d63f2fb2c395cc5d4373a915bc2cb87
Related: OS#4951, OS#4472
The range of SUSPEND/RESUME timers T3/T4 is up to 10s so we should keep
the cache entries valid for this time.
Fixes: OS#4895
Change-Id: I9e88e49981098831f3255938deb868f4503f650f
Related: SYS#5235
When routing a SUSPEND/RESUME we need to keep track of where it came
from so we can send the (N)ACK back to the correct BSS. Use the TLLI
which is present in both messages to cache and retrieve the correct BSS.
A timer runs every two seconds and expires entries that are older than
the timeout (hardcoded to 5 seconds for now).
Related: SYS#4865, OS#4472
Change-Id: I42adf70f560d2bb358a9e1c7614281e8d2967568
This is useful for logging and configuration to identify an SGSN by name
Change-Id: I2a3410dd9bebb242957e13a63ed70e447204203c
Related: SYS#5115, OS#4472
The new gprs_ns2 vty2 support ip-sns and reorganize the
network service configuration
Depends: I163279cf57e84198dc8c53e1c109f5a9474670e9 (libosmocore)
Change-Id: I2a18dcf035f1fc7304a0c7c7c83b5e8e15429d2b
The new NS2 api supports NSE with multiple NS-VC and contains a NS-VC
fsm. FR/GRE support is not working.
The configuration is compatible except for FR/GRE.
Relates: OS#4629
Depends-on: Iaad7b53d44338e5dd81dc2202f23bdcb715af804 (libosmocore)
Depends-on: I6cef42749555e577d5573f2ed8b8bce4cf842a98 (libosmocore)
Change-Id: I92a3bcaf166b091a22d74c7c1586964d33d7cc9d
[ 258s] CC gb_proxy.o
[ 258s] gb_proxy.c: In function 'gbproxy_select_sgsn_bvc':
[ 258s] gb_proxy.c:293:2: error: 'for' loop initial declarations are only allowed in C99 or C11 mode
[ 258s] for (int i = 0; i < ARRAY_SIZE(cell->sgsn_bvc); i++) {
[ 258s] ^
[ 258s] gb_proxy.c:293:2: note: use option -std=c99, -std=gnu99, -std=c11 or -std=gnu11 to compile your
code
Change-Id: I717410b11f1ee38d49e9ca5af593cb59a244ae0a
In order to support SGSN pooling we need to configure the various NRI
parameters such as the bitlen, NULL NRI, and which NRIs are assigned to
which SGSN.
Related: OS#4890, OS#4472
Change-Id: Id67592aa7712e5e04e7264b2fb8f26d57eb7e69e
This function is now used to transmit messages in both directions,
BSS->SGSN and SGSN->BSS.
Print the actual direction in the logs
Change-Id: I31682156dfe88f7ca121a711968e625caed8bd5e
Related: OS#4472
gprs_subscr_get_or_create() can return NULL if no memory can
be allocated. Detected by the compiler on Ubuntu s390x.
Signed-off-by: Steve Langasek <steve.langasek@ubuntu.com>
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
Change-Id: I86b3652d46bdd581fe6cbab16b52395a0daaa082
* allow to print not only BSS-side BVCs, but also SGSN-side
* differentiate between SIG and PTP BVC
* print the actual BVC FSM state name instead of just UNBLOCKED/nothing
Change-Id: I8e09a9dc296b15094d191b0451d04457c815d116
When there are multiple SGSNs inside a pool, we need to decide
how much of the per-BVC capacity advertised by the BSS in its
BVC-FLOW-CONTROL we should announce to each of the pool members.
A conservative approach would be to advertise 1/num_sgsn, but
there may also be use case where over-provisioning (announcing more
than an equal share of the capacity) is useful.
Hence, let's introduce "pool bvc-flow-control-ratio <1-100>" in order
to allow the administrator to decide.
Related: OS#4891
Change-Id: Ibe5addf657e7237499ca0205bacfe999ecd1e771
The 'nse' variable had been used both as the input argument of the
SGSN-side NSE, as well as a loop iteration variable. Let's separate
this clearly.
Closes: OS#4904
Change-Id: I375a219cd72eb11a9a0cb7d55a3efb7b83b771ac
After a SGSN-side RESET of the SIG-BVC, all PTP BVC on the SGSN side
are gone. However, the CELLs and the BSS side BVCs continue to exist
(as there may be other SGSNs).
So if a PTP-BVC RESET from the BSS side arrives in such a situation,
and we can find a matching CELL, we still need to check if we need
to create any SGSN-side PTP BVCs instead of simply being happy with
the CELLs already existing.
Change-Id: I1d1562e421082fa4399c73ac31290e4c95718e49
Closes: OS#4903
We must locally terminate + acknowledge any inbound BSSGP-FC-BVC,
and ourselves trigger the transmission of BSSGP-FC-BVC to each
SGSN in the pool.
Related: OS#4891
Depends: libosmcoore.git Ie59be6761177c43456898be9148727f15861a622
Change-Id: Ib6495e5de4bfcf748a98e08743d1a8f2565f8b69
That copy may have made sense while we were doing patching/buffering,
but we're not doing any of that anymore.
Related: OS#4472
Change-Id: I207a869ffac8bf60104f80f9ed58faf0021e5e95
As we now have gbproxy_bvc on both the SGSN and the BSS side
with the same BVCI, using the BVCI alone will no longer render
unique indexes.
Related: OS#4472
Change-Id: I13f3c9e69562a56ad7d3742fdeb2ba48f134fdaa
Rewrite of a large part of osmo-gbproxy in order to prepare
for SGSN pool support. The amount of changes are of such fundamental
nature that it doesn't make sense to try to split this into hundreds
of individual changesets.
Related: OS#4472
Change-Id: Ie0746f17927a9509c3806cc80dc1a31d25df7937
We recently introduced code to libosmocore which allows us to validate
the mandatory IE presence (and length) in a generic way. Let's use it.
Change-Id: I0ea3f5f9566d9bf5a8429c3ee748e3e90cda6cd7
Depends: libosmocore.git I7e4226463f3c935134b5c2c737696fbfd1dd5815
gbprox_relay2peer() is a small wrapper around gbprox_relay2nse(),
but as it manages the transmit error counter, we should use it whenever
possible.
Change-Id: I85ab49ca0a25dd7c54b88c4fdc8838843e6d2209
* ensure the BSSGP PDU header length before reading pdu_type field
* ensure we never process uplink PDUs in downlink and vice-versa
* ensure we never proceses PTP PDUs on SIGNALING BVCI and vice-versa
Change-Id: I6e40aed0283f1a0860ab273606605f7fb28717cf
Depends: libosmocore.git I7e4226463f3c935134b5c2c737696fbfd1dd5815
The test is actually performing invalid operations such as
sending empty NS packets without even a BSSGP header - and assumes
that gbproxy should route those.
Given that we have a much more comprehensive tset suite in
GBProxy_Tests.ttcn in osmo-ttch3-hacks.git, it makes sense to remove
the testsuite. It may contain many more wrong assumptions, or
assumptions that no longer hold true with the "gbproxy 2020".
Change-Id: I053aebab6bf5d0ee955f2221bf27925b36140cf3
Those features were introduced a long time ago for one specific use
case at one specific user, and they are not needed anymore. They
complicate the code base significantly and are hard to maintain with
all the upcoming modifications regarding SGSN pool supoprt.
Change-Id: Id9cc2e1c63486491ac5bb68876088a615075fde6
For the common lookup-by-bvci, this should reduce the computational
complexity significantly.
Depends: libosmocore.git I8ef73a62fe9846ce45058eb21cf999dd3eed5741
Change-Id: Ic8e9279fd61a3c514fc3203429f36a468f0e81d3
For the common lookup-by-nsei, this should reduce the computational
complexity significantly.
Depends: libosmocore.git I8ef73a62fe9846ce45058eb21cf999dd3eed5741
Change-Id: Idbb6a362332bb6e3ce22102e7409ae80d0980f44
We will soon also have a list of sgsn-side NSEs, and we need to
differentiate those.
Change-Id: If5accec0c70c01b88927ea07beba6f6488bd9d5a
Related: OS#4472
I cannot really read the code while it contains its historical weird
naming. A "peer" used to be a strange amalgamation of NSE + BVC,
while in reality we can have any number of BVC on top of each NSE.
We recently started to split the peer into a gbproxy_nse_peer + gbproxy_peer.
This takes it one step further and renames gbproxy_peer to gbproxy_bvc,
as that's really what it is.
Change-Id: Iae01067282a6401f6af4cab731202872d2cdb080
With TLVP_PRESENT we only check if a tiven TLV/IE is present,
but don't verify that it's length matches our expectation. This can
lead to out-of-bounds reads, so let's always use TLVP_PRES_LEN.
Change-Id: I1519cff0f6b2fe77f9a91eee17e0055d9df1bce6
The gbproxy_nse is created when the signalling BVC is resetted. When
we delete all bvcs of an nsei we need to remove it as well.
Change-Id: I997b29fef93188565f81bd403bc68840473958c3
Related: SYS#5002
Calling free() with a null-pointer is usually supported and does
nothing. Change gbproxy_{peer,nse}_free() to reflect that behaviour.
Change-Id: Ia32084f81ca8f8cb9ddea3adabd4b44fd766f1c7
Since gbproxy doesn't use bssgp_rcvmsg from libosmocore we need to
implement our own filtering.
Change-Id: I4d1b57b89990945d307f27a58a7f630be0253d5b
Related: SYS#5232
* explicit else clause rather than implicit
* don't continue processing if mandatory BVCI missing from message
Change-Id: I038576b91ae1ece149149d8663de7b8495d24e06
The switch clause was getting a bit too long/nested, let's add
a separate gbprox_rx_bvc_reset_from_bss() function.
Change-Id: If262566e275cca96035045d1194ce102c0942eb6
Both BSSGP messages appear from the SGSN in downlink on BVCI=0.
We must send a copy of this message to each of the BSS side NSEs.
Change-Id: Ia19791b143989eb1490f461d88b9edbd8e3b82be
Closes: OS#4875
We actually need to alter our compiler flags to avoid -Werror=trigraphs
creating trouble:
gb_proxy.c: In function ‘block_unblock_peer’:
gb_proxy.c:875:37: error: trigraph ??) ignored, use -trigraphs to enable [-Werror=trigraphs]
875 | LOGP(DGPRS, LOGL_ERROR, "BVC(%05u/??) Cannot find BSS\n",
|
Fixes: SYS#5233
Change-Id: I93296353dd964602699480faae1248096e331c6a
* use string representations instead of magic numbers whenever possible
* make text actually describe the specific case, rather than copy+paste
* proper order (foobar indication) not (indication ..... foobar)
Change-Id: I232038da26a9963763c5fc9051b87c9182b27d94
We want this level of indirection to support multiple BVCs per NSE. The
current code assumes that an NSE only has one BVC which breaks messages
on the signalling BVC which should only be sent once to an NSE
regardless of the number of BVCs it contains.
Change-Id: I97cc6c8f8c0f1b91577ab8f679c4ae217cc88076
Related: SYS#5226
This was overlooked in commit 82182d which already removed lots of
NS-specific code in gbproxy_test.c
From that commit message:
"""
Since NS2 has a different abstraction we mock up the prim send/recv
functions and don't test NS like the old tests did.
"""
Change-Id: Ic1d7e646e633c9fa62812f5005ed10c0108a06f2
Related: SYS#5226
Previous code relied on abort() switching sigaction to SIG_FDL +
retriggering SIGABRT in case the signal handler returns, which would
then generate the coredump + terminate the process.
However, if a SIGABRT is received from somewhere else (kill -SIGABRT),
then the process would print the talloc report and continue running,
which is not desired.
Change-Id: I65f70a53b6982bff9ea4bd6ff786d8a2f8181eac
Fixes: OS#4865
Previous code relied on abort() switching sigaction to SIG_FDL +
retriggering SIGABRT in case the signal handler returns, which would
then generate the coredump + terminate the process.
However, if a SIGABRT is received from somewhere else (kill -SIGABRT),
then the process would print the talloc report and continue running,
which is not desired.
Change-Id: I1cab4a716cf2fda6353f698888edbcec6228d78b
Fixes: OS#4865
Previous code relied on abort() switching sigaction to SIG_FDL +
retriggering SIGABRT in case the signal handler returns, which would
then generate the coredump + terminate the process.
However, if a SIGABRT is received from somewhere else (kill -SIGABRT),
then the process would print the talloc report and continue running,
which is not desired.
Change-Id: I97559b29328101c7cf340aaf1052c0c406634065
Fixes: OS#4865
This will be needed to use the TLLI as link selector parameter
in osmo-gbproxy in an upcoming patch.
Depends: libosmocore.git I397b32a6e6ea3e9d218446138cceafa9b27685dd
Change-Id: Ia6d5300e63ad23987cbdca824db620305bd583d7
When we receive a PAGING for PS or CS with destination to the entire
BSS area, we need to iterate over all peers and send one copy of the
paging to each of them.
Change-Id: Iecf244238500a354d5a5b40c76f0c0bb8f8c2511
There may very well be many PCUs connected within the same RAC or LAC.
This means we'll need to iterate the list of peers and dispatch it to
each matching peer.
Change-Id: I2c44959661fb53730586f4347cbfbbcece065e13
The python scripts already use #!/usr/bin/env python3 so it was pure
coincidence that the tests are working.
Change-Id: I96ac31e7862fe102e5baee0c2e25458ff0451a50
Commit cce88282388f in libosmocore changed the msg ownership model - the
callback that the user registers is now responsible for freeing the msg.
Change-Id: Iee940aba7d94afefb5957dbe5f0b04dcf951b31c
Related: SYS#4998
* is_config_node is deprecated, so don't set it
* go_parent_cb is only used if we want to do special stuff upon exiting
a node, in osmo-sgsn and gtphub only osmo_ss7_vty_go_parent() needs to
be called
Change-Id: I2008dd9026922d29ee703c59e70d3fecced0ee18
Currently the code reports routing the message to a BVCI but never even
tries to get the peer for it.
Change-Id: Ic72f0f03e5886ab76404915fc60a2796e6881a7a
Related: SYS#4998
When we receive a signalling BVC RESET from the SGSN we want to reset
the signalling BVCs for every peer.
Change-Id: I98c1a53d0e4b9a988e9ddec97ce0c67ded6f6326
Related: SYS#4998
Since NS2 has a different abstraction we mock up the prim send/recv
functions and don't test NS like the old tests did.
Related: SYS#4998
Change-Id: Iecfd0408a35a11638d254c1db3c1d477b1a11524
sgsn_delete_pdp_ctx() should never be called without checking if the GTP
side is available, since it may happen that it has already been released
by the time the mmctx tells us the pdp ctx is gone on the MS side.
Fixes: OS#4817
Change-Id: Ie618874545172ec98355174a2ee041fc4a8bec16
This function is only expected to be called if the GTP side of the PDP
ctx is still alive, since it will tear down the GTP side and then finish
the pending MS side if needed.
The asserts are added to ease debugging since it was noted that a few
callers were using this function without properly checking the status of
the pdp ctx.
Related: OS#4817
Change-Id: I4248e2e9846fec5ae2c8557384da2deb86668c50
The SGSN initialises GTP with gtp_statedir of "./" which may
not be the desired path for writing the gsn_restart file.
When starting from systemd for example, we might write
to the system root.
This patch allows override via the config file.
Closes: OS#4820
Change-Id: Ib3ffb7fd6ea1d9b0286111d8c2cba9da5394ca58
Scenario:
1- For an unknwon reason, sgsn sends DeletePdpCtxReq on GTP towards GGSN.
2- GGSN answers with Error Indication to that pdp ctx which calls
gtp_freepdp()
3- gtp_freepdp() calls libgtp callback cb_delete_context() before freeing the
pointer, in osmo-sgsn callback points to cb_delete_context(), which
removes pctx->ggsn and tries to drop the pdp on the NS side by sending a
DeactPdpReq.
4- While waiting for DeactPdpAck, the MS/PCU sends a DeactPdpReq, and
code was unconditionalyl trying to release the gtp side without checking
if it was alreay released, using pctx->ggsn==NULL and crashing.
This is basically the same logic already in place in regular path
gsm48_rx_gsm_deact_pdp_ack.
Related: OS#4817
Change-Id: I02587a3dc812823d893fc00b904142b75fd190b9
gtphub.c:2915:2: error: ‘snprintf’ argument 4 may overlap destination object ‘buf’ [-Werror=restrict]
2915 | snprintf(pos, len, " port %s", portbuf);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Be better safe and use the stack instead of byte counting in the buffer.
Change-Id: Ied9665ce6bd2633797bbc3a2171e911ada357a22
When compression is turned on, an extra buffer "expnd" is allocated in
the context of msg. This means that when msg is freed, expnd is freed as
well and there is no need for freein it explcicitly, which, when it is
done after freeng msg, causes talloc to abort.
Change-Id: I8959b75e241ffabf9fa34c4cf014721584372b26
3GPP TS 24.008 Section 10.5.7.2 Radio Priority states that the Radio Priority IE is
3 bits as follows:
--------------------------------------------
0 0 1 priority level 1 (highest)
0 1 0 priority level 2
0 1 1 priority level 3
1 0 0 priority level 4 (lowest)
All other values are interpreted as priority
level 4 by this version of the protocol.
--------------------------------------------
However at least the MediaTek MT6753 and MT6592 have been
observed to interpret a value of 0 0 0 in an undetermined way
resulting in lack of access to RACH in the cell.
Fixes: OS#4506
Change-Id: I810cd541eb5764ee3f2c238bcd3a10836228d0b5
As long the SGSN doesn't support PS handover treat unknown RA as invalid
and do an implicit detach.
Fixes ttcn3 crash when an RAU happen within an Attach Request
Change-Id: I6a0b335d51f58c26349f7e0a62b2107d7d351d07
"127.0.0.1" is changed to "localhost" to let local NSS decide whether to
use IPv4 or IPv6. In newish systems, IPv6 ::1 will be selected since
IPv6 takes precedence over IPv4.
Similarly, the default source addr needs to be changed from NULL to "localhost"
since for some yet unknwon reason, getaddrinfo(AF_UNSPEC, NULL) returns
first IPv4 "0.0.0.0" and later "::", which is inconsistent with
getaddrinfo("localhost") result, resulting in src=IPv4(0.0.0.0) and
dst=IPv6(::1), which is incompatible and will fail. In any case, since
the default remote address is a local one and it's the client side,
there's no real logical change since the kernel would anyway should have
taken a local address anyway.
Change-Id: I2f599e1aa449d44136ef20ba5f516ca9b61f3223
3GPP TS 48.018 Section 8.4:
> After any failure affecting the NSE, the party (BSS or SGSN) where
> the failure resided shall reset the signalling BVC. After sending or
> receiving a BVC-RESET PDU for the signalling BVC, the BSS shall stop all
> traffic and initiate the BVC-RESET procedure for all BVCs corresponding
> to PTP functional entities of the underlying network service entity. The
> BSS must complete the BVC-RESET procedure for signalling BVC before
> starting PTP BVC-RESET procedures.
TODO: We should not just trigger a single outbound BVC-RESET message,
but we should re-transmit them until we get a response. This would
likely entail adding FSMs to libosmogb, which we will leave for a later
point - it's anticipated that the NS + BSSGP code is undergoing quite
some changes in the coming months anyway, so leave it for then.
Change-Id: I0b46035b40709c38bb9ab9493c11031a577e3ee0
Closes: OS#4629
Depends: libosmocore.git I353adc1aa72377f7d4b3336d2ff47791fb73d62c
The osmo_ prefix should be only used for official struct/apis of libosmocore.
This commit was done via `sed -i 's/osmo_sockaddr/sgsn_sockaddr/g'`.
In prepartion of introducing a different api of osmo_sockaddr to
libosmocore.
Change-Id: Ibb1ddce9ff1ffe7494de5cdb8ea1843c45fe4566
The MS notifies movement to GMM SUSPEND state because it is for instance
handling a call and cannot use PDCH anymore. Once it releases the TCH it
will ASAP move to either dedicated mode or trigger RAU, which means it
will get out of SUSPEND state. So it doesn't make sense to try paging
the MS when in that state.
This change makes test TC_suspend_nopaging pass.
Related: OS#4616
Change-Id: Ia245899eb9f16c7f839785def4ceb721a1c3a11b
Fix the final nibble of all IMSI BCD digits to 0xf, since it is a filler digit.
The encoded IMSI has an even amount of digits (14) and must contain a 0xf
filler nibble at the end. The test data looked correct due to repeated '1'
digits.
wrong hex: 11 12 13 14 15 16 17 18
correct: 11 12 13 14 15 16 17 f8
order: 1T 32 54 76 98 ba dc Xe T = type, X = filler, 1..e = 14 digits
This error was found when applying the new osmo_mobile_identity API.
Change-Id: Ia006a3da6779ad1984f642e8ea29790a4daeb8b9
We so far only resumed from suspend upon receiving an explicit BSSGP
RESUME message from the BSS. The latter is only possible in
BSC-colocated PCU, where the BSC can trigger the message when releasing
the dedicated channel. In BTS-colocated PCUs, this is not possible,
and we have to rely on the MS resuming by RAU.
See 3GPP TS 23.060 section 16.2.1.1.1 clause 6:
The MS shall resume GPRS services by sending a Routeing Area Update Request message to the SGSN:
* if the BSS did not successfully request the SGSN to resume GPRS services,
* if the RR Channel Release message was not received before the MS left dedicated mode,
* if the MS locally determines that the conditions for the GPRS suspension have disappeared
Without this patch, the GMM state would forever be stuck in SUSPEND,
which in turn causes the SGSN to page the MS all the time.
Change-Id: I3c09187a27483d95fa0070bbb467f94a2ea3978f
Related: OS4616
As msgb ownership is not passed along, we need to free the message
buffer memory we allocate in defrag_segments() after calling
sgsn_rx_sndcp_ud_ind().
Change-Id: I1185b1aa99bb167d616eb469e5445e4ed5ad949d
Closes: OS#4603
Remove OpenSUSE bug report link, set version to @VERSION@, make it build
with CentOS 8 etc.
Related: OS#4550
Change-Id: I824b67f2d590ac2aa9f2e4fa4387a5283cf22521
At 36c3, osmo-hlr was run with a patch that records the RAN type of attached
subscribers. Even though this is not in osmo-hlr master, it is nice information
to send along.
Change-Id: I5dbe610738aed7ea1edf6b33543b1c03818cc274
This caused frequent crashes at 36c3. The "proper" fix is probably elsewhere
(lynxis mentions an unfinished patch), but at least this prevented some crashes
during active operation.
Once this is merged, we can (re)enable SGSN_Tests_Iu.TC_geran_attach_iu_rau,
which tests exactly for this scenario: A Subscriber / MM context that is so
far attached via GERAN, but now receives a RAU via UTRAN/Iu.
Closes: OS#4339
Change-Id: Ifde15dc4151d84748f0e67b32c9c260cb2d9d8fc
New define is available since libosmocore 1.1.0, and we already require
1.2.0, so no need to update dependenices.
Let's change it to avoid people re-using old BSC_FD_* symbols when
copy-pasting somewhere else.
Change-Id: Iaebd049e383b02204a12f39cc6c932a53d25fd72
/usr/bin/ld: ../../src/gtphub/gtphub.o:/home/laforge/projects/git/osmo-sgsn/src/gtphub/gtphub.c:50: multiple definition of `osmo_gtphub_ctx'; gtphub_test.o:/home/laforge/projects/git/osmo-sgsn/tests/gtphub/gtphub_test.c:57: first defined here
collect2: error: ld returned 1 exit status
See also https://alioth-lists.debian.net/pipermail/debian-mobcom-maintainers/Week-of-Mon-20200413/000653.html
Change-Id: I19c1eef6649d2747f0b624f5292d7ae47c4ca839
As pointed out at https://github.com/libexpat/libexpat/issues/312
libtool does not play nice with clang sanitizer builds at all.
For those builds LD shoud be set to clang too (and LDFLAGS needs the
sanitizer flags as well), because the clang compiler driver knows how
linking to the sanitizer libs works, but then at a later stage libtool
fails to actually produce the shared libraries and the build fails. This
is fixed by this patch.
Addtionally LD_LIBRARY_PATH has no effect on conftest runs during
configure time, so the rpath needs to be set to the asan library path to
ensure the configure run does not fail due to a missing asan library,
i.e.:
SANS='-fsanitize=memory -fsanitize-recover=all -shared-libsan'
export CC=clang-10
ASANPATH=$(dirname `$CC -print-file-name=libclang_rt.asan-x86_64.so`)
export LDFLAGS="-Wl,-rpath,$ASANPATH $SANS $LDFLAGS"
Change-Id: I7402b019c191304f639806a3c29e6bb698b398ed
Add 'cs7' default configuration, link to the
osmo-gsm-manuals/common/cs7-config.adoc chapter to fully explain the 'cs7'
client configuration.
Related: OS#2767
Depends: Ia2508d4c7b0fef9cdc57e7e122799a480e340bf7 (osmo-gsm-manuals)
Change-Id: If0f7c8fc4b94eb40b62570cf90999d5074dc00ee
Make build and external tests work with python3, so we can drop
the python2 dependency.
This should be merged shortly after osmo-python-tests was migrated to
python3, and the jenkins build slaves were (automatically) updated to
have the new osmo-python-tests installed.
Related: OS#2819
Depends: osmo-python-tests I3ffc3519bf6c22536a49dad7a966188ddad351a7
Change-Id: I8c07d99c1bc9f0383e4bce17544e0998998cc54d
Do not only update the VTY reference and counters of osmo-sgsn, but also
the VTY reference of gbproxy.
This was not possible with the old code path of calling "regen_doc.sh"
inside docker-playground.git, as it expects the program to be updated to
have the same name as the docker image. Using the docker-playground
script also has the disadvantage, that one must push the development
branch to git.osmocom.org before updating the VTY reference/counters,
because that script would build a new docker container with a freshly
cloned repository, check out the same commit that we have already
locally, build that and then finally regenerate the docs.
So instead of adding another parameter for the docker image to the
script in docker-playground.git and calling it twice, simplify the
process by rewriting the regen_doc.sh script in osmo-sgsn.git. Make it
start the locally installed osmo-sgsn and osmo-gbproxy binaries and
call osmo_interact_vty.py on them.
Related: OS#4292
Change-Id: I8b5bd5347ea34266ad650383372630f2a84d5cce
This adds a very basic manual consisting of nothing more than
the common chapters and a high-level description of what it is
all about.
Change-Id: I80d4ea016376c59995ccfcd8685c7c0e86745bd2
The N201 values are negotiated per SAPI, and there are default values
per each SAPI. Let's use those rather than hard-coded values.
Closes: OS#3954
Change-Id: I447a3c6dd85311772a6e219c62dc820d2726857f
Otherwise lower layers will end up using a TLLI from PTMSI which was not
yet announced to the MS if it is still not in GMM attached state, as
showcased by SGSN_Tests.TC_attach_req_id_req_ra_update.
Related: OS#3957, OS#4245
Change-Id: Ide51726abb82f5784eca4ab8d62b2ad8512be843
Output:
20191107021548500 DMM <0002> gprs_gb.c:40 MM_STATE_Gb(2596296189)[0x6120000084a0]{Idle}: Received Event E_MM_PDU_RECEPTION
20191107021548500 DMM <0002> gprs_gmm.c:1531 MM(/d4b6d7af) -> GMM RA UPDATE REQUEST type="RA updating"
20191107021548501 DMM <0002> gprs_gmm.c:1615 MM(/d4b6d7af) The MM context cannot be used, RA: 901-70-2758-208
Assert failed mmctx->gb.llme == NULL gprs_gmm.c:1620
Scenario reproducing the crash can be triggered with TTCN3
SGSN_Tests.TC_attach_req_id_req_ra_update.
Basically, SGSN first receives an ATTACH REQ with a given RA ID, then
SGSN switches to state CommonProcedureInitiated and sends GMM ID REQ,
and MS/PCU answers immediatelly with a RA Update instead with a new RA
ID.
Related: OS#3957, OS#4245
Change-Id: I64fa5cf1b427d3abb99e553e584897261a827ce6
Since osmo-ggsn.git c94837c6a401bf0f80791b619a9b4cfbe9160afd, those
APIs are a no-op since timers are tracked internally through osmocom
APIs (and at the same time, new implementation fixes some timing related
bugs).
As a result, osmo-sgsn depends now on at least that libgtp commit. Since
it's not yet avaiable on latest libgtp release, let's track it down in
TODO-RELESE to not forget to update libgtp requirements during osmo-sgsn
release.
Related: OS#4178
Change-Id: Ia9a93d4a6ed63cd0c736f9a99d81d730b958d82e
When the MS is in MM_STANDBY, the Routing Area is known,
but not the exact cell.
Start the paging procedure. (Even this is only supported
for the last known cell, not the Routing Area. Routing Area
paging is not yet supported.)
Change-Id: Icc2c6ba70f8f74054546a1e31741fc90b232a23c
GCC warns us that 'pmm_state_fsm_timer_cb' is defined but not used.
This function was introduced in [1], but was not assigned to the FSM.
[1] I66c2ac0350cb074aefd9a22c5121acf723f239d3
Change-Id: Ib040befc87b2676aad2b8fe3671404fb3f5b030b
When the SGSN releases a RANAP connection, it sends a Release Command
and waits for a Release Complete. Use X1001 to release the Iu connection
when the Release Complete is lost/never received.
Change-Id: I39a0169c22a4ac430b3d6f3c281d1f381eaa4756
When moving between RANs we need them at a later point.
Allocate them always to not make the code (more) complex.
Change-Id: I1724790335b0820f153a0cbdb5cfd1cfea36d1e9
After processing the event, set the return code to success.
Thanks to manatails (redmine).
Change-Id: I73b3b3c3dd330bc953835737758854cf68539495
Fixes: #3969
In IDLE there is not further context with the MS. Prevents the Timer from sending
packages to a MS which can not respond
Change-Id: Ibdd913173af11d0e6d04aa392e047d5d9aee1243
The user inactivity timer is similiar to the Gb READY timer and reduces
the resources taken by an idle UE.
Change-Id: I66c2ac0350cb074aefd9a22c5121acf723f239d3
PMM Connected defines a Iu signaling connection. The 2 other
PMM states do not have an active Iu signaling connection.
Change-Id: Ie05d2bdf8dfb593b4c7e837107a3a06f22e90119
When receiving a PDU, the GMM fsm will change to state MM_READY
and will re-arm the T3314
Relates: OS#1941
Change-Id: I78f40762fb17bbd4a6f35608a793f8e5271e9b86
It's going to be useful to track new dependency APIs being used which
require dependency version release and version bump during release of
osmo-sgsn.
Change-Id: Ia495a8577001c6a223c31f4ddd7eee289e3523c7
After Security Mode Complete, the sender has been authenticated.
Send a CommonId to enable paging coordination between CS and PS.
Change-Id: If195c26e87ba3054e159746671babf93a12e7013
It could happen that SGSN drops GTP side of a pdp ctx (pdp->lib=NULL)
while still maintaing the other side (to notify about the entire pdp ctx
being torn down). If a PdpActReq arrives during that time, we need to
account for that situation, otherwise osmo-sgsn crashes accessing
pdp->lib.
If no pdp->lib is found at that time, let's reject the request and
expect at some point later in time the entire pdp context will be
destroyed and reestablished.
Related: OS#4173
Change-Id: I6dd87557ebb26fdbd280504abde10d976acecf64
State machine inspired in the one from TS 24.008 4.1.3.3.1. Some state
transitions are inroduced in the code but are still commented out since
we lack some functionalitites or improvements in the code to handle
different scenarios.
Most of the logic is still outside of the FSM, but at least now the
states are handled in a sane way triggered by events.
Change-Id: Idecb43c10d66224d4f9ba9320825040ce6cf9a07
Build files shared by osmo-sgsn, osmo-gbpy and osmo-gtphub into a .la
library, so we can later split each application into its own subdir and
clearly identify what's used by who.
Due to a dependency error with .Po files, I cannot depend on the specific
.o files directly in LDADD for each binary, but it works fine on follow up
commits when binaries are splitted into different makefiles, so it will be
done later.
Change-Id: Ib7665c530c086a5f3135c395bb8bf19ed4a882b6
Implement TS 23.060 6.1.2 Mobility Management States (Iu mode) using
osmocom FSM and drop old implementation.
Most of the logic on each state is still kept in gprs_gmm.c, will be
inserted into the FSM later.
Change-Id: I4c9cf8c27194817c56e8949af0205e1cc14af317
Implement TS 23.060 6.1.1 Mobility Management States (A/Gb mode) using
osmocom FSM and drop old implementation.
Most of the logic on each state is still kept in gprs_gmm.c, will be
inserted into the FSM later.
Change-Id: I04004423e993107374d5a3549b8a93ac169251dd
INET(6)_ADDRSTRLEN already contains the required extra null byte at the
end, no need to add +1 to it.
Change-Id: I5a16659e007c6883fe21582cce5dac544e6d4bb9
inet_ntop manual states:
"inet_ntoa(3) is now considered to be deprecated in favor of
inet_ntop()".
Change-Id: I0c708d047122f349acf46797a9e5973040e7ae04
This way it's easier to add new common functionalitites without
forgetting to add it on both sides, and simplifies the code.
Change-Id: Ib6c0427ac7b35295cf1caf2f28cb2a5c155b9d9c
Those two state sets are not part of the same state machine, and are
used in different scenarios, so let's split them and handle them in Gb
and Iu specific parts of struct sgsn_mm_ctx. This is required in order
to improve related code (for instance, use osmocom fsm).
Change-Id: I6100d607da316da0595886c6968704dd9ccfbde9
Now that we have RANAP/Iu handling specificities in its own file, let's
have also Gb specific glue code for messages coming from llc up to MM/SM
layer in its own file. This way same entry points in gprs_gmm.c are used
by Gb and Iu: gsm0408_rcv_gmm() (for MM) and gsm0408_rcv_gsm() (for SM).
Change-Id: Iaf57922a0970c1d03f6f1d6337d27ae3d4aaf32c
RANAP related functionalities were splitted among several files
(gprs_gmm.c, gprs_sgsn.c and sgsn_libgtp.c). Let's move it into its own
file to shrink complexity/size of existing files.
It also allows to keep a lot of conditionally enabled code (BUILD_IU)
and its dependencies (osmo-iuh) together.
Change-Id: I549042aaff045a378de77d657cc396ee08f22f33
There's no real need to use -1 to indicate echo timer as disabled, since
0 can also be used (it doesn't make sense to have a timer timeout of 0).
This way code is simplified.
Change-Id: I689034887188a53590eddeffda781629694eb5ed
When a MS MM state is READY its exact location is known (PCU).
On Gb, T3314 (aka TS 23.060 "READY timer") sets the MM state from
READY to STANDBY, where only the RA is known.
Introduce a second set of timer variables, because state timer
can run while another packet state timer is timing out.
Related: OS#1941
Change-Id: I4ce23ebe50d141076c20c9c56990b7103cd25e55
Add a few commands to make sure it's working fine, and print all
available timers with default values.
Change-Id: Ifd092b9561d49be1f62769d95ba49f6e4aeb4066
FSM doesn't expect receiving event names containing spaces (log lines
generated are confusing).
Similar for enums, it's better using code names to match easily and make
log lines more clear.
Change-Id: I16ede8bf8352b09bc772fd7b43fad2c2274b3ec1
For new readers it's very confusing why PMM states and MM states are in
the same enum, but handled with different functions, and sometimes
called one right after the other with different enums. Calling them when
on a different ran_type makes the function early return, so let's better
conditionally call the function to make it clear in the flow when the
function is expected to do something.
Change-Id: I65ad9e180177bc9fc7c4a037cd85cfe33b161f73
Implementation of osmo_sccp_simple_client() API internally uses ss7 id
1, which is confusing since there's no 0 in use in osmo-sgsn. Let's
explicitly use the 0 one so it is configured by "cs7 instance 0" in the
VTY.
Related: OS#4157
Change-Id: I0e23a6a76ebcba0b1b424e3d3b20d06c1da44cbe
This may well be the culprit of OS#3957, were already freed llme is accessed from
mmctx context later on, upon some timer is triggered in mmctx.
Related: OS#3957
Change-Id: I8e1eaeb9b3ebee8e45704b4fe007190c7db609e4
Recent commit added an assert to make sure unexpected conditions were
happening in sgsn_mm_ctx_cleanup_free(). Old code was passing
mm->gb.tlli to gprs_llgmm_assign with "new tlli" being all-1's (aka
unassign mm->gb.tlli).
The commit changed the code to use gprs_llgmm_unassign, which uses
llme->tlli instead of mm->gb.tlli, and the assert was used to make sure
no behavior change occured with the commit.
It seems TTCN3 test TC_attach_auth_id_timeout triggers that assert, and
after closer debug it seems mm->gb.tlli == llme->old_tlli, which makes
sense since there's a mm->gb.tlli_new which is expected to be
llme->tlli.
When TLLI changes in GMM (Attach Request or RA Update), it is stored
into mm->gb.tlli_new and assigned on the LLC layer using gprs_llgm_assign(),
and upon completion signalling from MS, (after handling response to initial request)
it is assigned to mm->gb.tlli (and value kept in mm->gb.tlli_new).
So mm->gb.tlli and mm->gb.tlli_new usually contain the same value unless
a new TLLI is allocated, and during the span of
Request->Response->Complete it is kept different, the LLC layer having assigned
the value of mm->gb.tlli_new.
So, old code (before the commit adding the assert) was wrongly using
mm->gb.tlli instead of mm->gb.tlli_new at the moment of unassigning (but
not really problematic in practice since behavior is the same as long as
"old TLLI" value is not all-1's.
So we are fine and correct using gprs_llgm_unassign() (which passes llme->tlli
as "old TLLI") instead of what used to be done before.
In any case, the expected behavior is to free the llme object and get
rid of everything...
Fixes: 788863cda5
Change-Id: I482acdbdf05ce0cb0a5804206672512854067f5b
TS 04.64 sec 7.2.1.1 LLGMM-ASSIGN specifies:
"""
If TLLI Old all 1's and TLLI New all 1's then TLLI Old and TLLI New are assigned, and TLLI New shall
be used when (re-)transmitting LLC frames. Both TLLI Old and TLLI New shall be accepted when received
from the peer. It shall be treated as a TLLI change according to subclause 8.3.2.
"""
Change-Id: I3a17715bf2dba7b03c1335ad106307eb4d5f564a
May be useful to detect unexpected conditions which could end up in
memory leaks.
Related: OS#3957
Change-Id: I0d175501083ce458ff1c07ad38761d2cbf4ea470
New APIs only available since libgtp 1.4.0 are needed, and in turn that
libgtp version requires newer libosmocore 1.1.0.
osmo-sgsn itself requires libosmocore 1.2.0 since it uses GSM23003_TMSI_SGSN_MASK.
Change-Id: I1c67d3e7dda093b4869756c7a63dc7a4549084ae
Since March 15th 2017, libosmocore API logging_vty_add_cmds() had its
parameter removed (c65c5b4ea075ef6cef11fff9442ae0b15c1d6af7). However,
definition in C file doesn't contain "(void)", which means number of
parameters is undefined and thus compiler doesn't complain. Let's remove
parameters from all callers before enforcing "(void)" on it.
API osmo_stats_vty_add_cmds never had a param list but has seem problem
(no "void"), so some users decided to pass a parameter to it.
Change-Id: Ic4af704958819e6f65ac01be33ef5b3d69628ad0
Related: OS#4138
Fix some typos, correct data compression command, add example to turn
off compression.
Change-Id: I6beff8c66eacf12f1081d51dd6b124bdd4478558
Related: OS#1720
Listen on 127.0.0.100 by default, so there is no conflict on
127.0.0.1:23000. This allows starting both services with their default
configuration, like we are doing it in the Osmocom-Debian-install-*
jenkins jobs.
Related: OS#3369
Change-Id: I6e3053de8885a7954296d820c6a069d06276e4df
Quite a few features that are listed as not-implemented in the overview
section are actually implemented now.
Change-Id: I8d499a25293b69babc2aebb2d697438f8ba8141f
Related: OS#1720
osmo-sgsn was missing the help text of the -V option
gb_proxy still thought of itself as OpenBSC
Omit the name of the program in the help text to avoid such issues in
the future.
Related: OS#1720
Change-Id: Ib57694b6bff7c98a269dc4b4dbb7173349a57b81
Change bind-to-sgsns from 127.0.0.1 to 127.0.0.10, so osmo-gtphub's
default config does not conflict with the osmo-sgsn default config. The
value of bind-to-ggsns does not clash with osmo-ggsn's config, so it was
left unchanged.
Related: OS#3369
Change-Id: Id892e1f4ab2daabbe9824b819b5fed985373b97a
There is unfortunately no way to suppres this witha pragma,
and gcc 9 uncovers quite a few new instaces with enabled LTO that can't/won't be fixed
"error: potential null pointer dereference"
Related: OS#4123
Change-Id: I4d1219bf84d3b8dcaf925a60cf54abe733fba263
GCC 9 complains that variable 'gsm_cause' in do_act_pdp_req() may
be uninitialized. This may happen if sgsn_mm_ctx_find_ggsn_ctx()
would return NULL due to no static GGSN configured.
Change-Id: I09c608045dd35b9898b82e236a306ab9a6c2c0b9
Previous commit introduced command "authentication (optional|required)",
which is only meaningful if auth-policy is remote. Upon adding the cmd,
it changed the default logic for remote policy to not require
authentication, which broke TTCN3 tests because sgsn no longer tries to
authenticate the users.
Since it's actually good to enable authentication by default where
possible, let's enable it by default when on auth-policy remote.
In order to do so, let's simply not care about the value of variable
require_authentication if auth_policy is not REMOTE. As a result, we
drop parts of the previous patch and remove unneeded checks (which are
only partially useful based on order of commands during VTY read).
Fixes: 794f446a28
Change-Id: Ic707a95af178b44f08809df3d3bc8354bf34273c
It may be useful to have 'remote' authorization policy, but do not
require authentication in GERAN at the same time, e.g. in combination
with 'subscriber-create-on-demand' feature of OsmoHLR.
This change introduces a new VTY parameter similar to the one
that we already have in OsmoMSC:
authentication (optional|required)
Please note that 'required' only applies if 'auth-policy' is 'remote'.
Change-Id: I9909145e7e0af587c28827e16301a61b13eedaa9
Commit 176a4d2f33 moved echo timer related
code to its own function but did some mistakes when moving the logic
from several places into its own function. As a result, echo timer was
only enabled after the 2nd pdp ctx was created, instead of the expected
1st.
First, let's be consistent and always call the function *after* changing
state, since that's what the function expects. This fixes the issue.
Finally make the logic in the function more intuitive by checking in the
if clause the only case where actually the echo timer should be enabled:
Only if policy specifies so and we have at least 1 pdp ctx against that ggsn.
Fixes: 176a4d2f33
Change-Id: I826030978edb61ea5a172c2b72f63758206a6246
In I73fd54ad3a4ab8be5aff0fee5c722597ad766e9d incorrect fix was added
which only initialize first element of array. Fix this by using explicit
index to initialize entire array.
Change-Id: I26e4aa44f159d1b5b91dda4a586fd4e809711245
Look at PDP Context Status IE: if there are any PDP contexts which are
ACTIVE on MS side and there are no PDP contexts which are ACTIVE on the
network side, then send Service Reject with the cause "NO PDP
ACTIVATED". This forces MS to reactivate the PDP contexts.
3GPP TS 24.008 Section 4.7.13.4 Service request procedure not accepted
by the network. Cause # 40.
Fixes: OS#3937
Change-Id: If610cbef17c25ec44e65d4f1b2340d102c560437
After Activate PDP Context request, Motorola KRZR
sends a zero length XID-Field of Type L3 Parameters
If this is not echoed back, the phone will send
Deactivate PDP Context request with SM Cause:
LLC or SNDCP failure(A/Gb only) (25)
Closes: OS#3426
Change-Id: Ibd75f7b943c84ed7264481fa2e4bc3cb2f6745d4
gprs_sndcp_dcomp_term asserts if compclass is not
SNDCP_XID_DATA_COMPRESSION, so this way by checking in the caller too we
easily now if the unexpected value is in compclass or in algo.dcomp.
Change-Id: I4600e6a137f42f20fdf69637e4a9048b265c1748
When the patching and routing features were introduced, a lot of the
new structures were not documented at the same level as the pre-existing
code. Let's fix that.
Change-Id: I61bdd3b1cec037bce825c234a8a274b70629adc8
For every logical session between a MS and the SGSN, there is one LLME
(LLC Management Entity) and a set of LLEs (Logical Link Entities): One
for each SAPI.
The XID procedure used to establish LLC configuration values such as
N201 (MTU) parameters happens on each LLE separately. The negotiated
parameters only affect that one LLE (SAPI) and are not global.
Still, the OsmoSGSN LLC code has the "struct llist_head *xid" member as
part of the gprs_llc_llme, and not as part of the gprs_llc_lle. This
list is a cache of the XID fields we have sent with the last XID
request, which is used in processing the response from the MS.
If two XID handshakes were to occur concurrently on two LLEs, the state
between them would get messed up. It must be maintained separately for
each LLE.
Closes: OS#3955
Change-Id: Iaeb54ca5ac58391be45e56c2e721f531969f3a9e
According to Section 6.4.1.4 of 3GPP TS 04.64
The DM unnumbered response shall be used by an LLE to report to
its peer that the LLE is in a state such that ABM operation
cannot be performed. An LLE shall transmit a DM response to any
valid command received that it cannot action.
Closes: OS#3953
Change-Id: Ie8b8e16d5a68f19f21dc4fdb5703c8a794e0173c
A MS sending LLC NULL frames on cell change is a perfectly normal event,
and we shouldn't log any cryptic NOTICE messages about it.
Change-Id: I6be0b9c8813dfb40a7955422fd8e7cebf94d189c
In reality, only UI, I, SABM, UA and XID frames carry payload. All
other frames will have llhp.data == NULL.
Let's therefore not do any msgb adjustments unless we actually know
there is a user payload field.
Change-Id: I51bbd0f2c618d477a037af343ff41de1c8a5a3ae
Closes: OS#3952
A security command is part of multiple procedures to ensure
integrity (optional also encryption) between MS and RNC.
It should be used for all Iu connections once.
With the rewrite of the GMM Attach FSM the use of the security command
procedure was broken for all procedures e.g. Service Request except GMM
Attach Request.
Relates: OS#3920
Change-Id: I50e8e316f06ae1a6171a6b07e4e2f0761322b779
UE expects to receive Iu-ReleaseCommand after Attach Complete. If it
doesn't receive it, then it sends Iu-ReleaseRequest after a timeout
which makes the "PS Activation" process long.
Change-Id: Ib5053e3cd655d08ff3fd0fefa48325fabb1797c8
Related: OS#3908
gprs_ns_rcvmsg() in old libosmocore returns "number of bytes transmitted
by any response PDU we sent as a result of the received message", while
modern libosmocore simply retunrs '0' for any successfully received
message. Let's make sure any non-negative responses lead to a
reproducible test output with both old and new libosmocore.
Change-Id: I7a48d14aed19825b87a02ccf9ee9cbfe0853342c
This fixes following error:
DMM gprs_gmm.c:1126
GMM_ATTACH_REQ_FSM(gb_gmm_req)[0x5589e78dded0]{WaitAttachComplete}:
Event VLR answered not permitted
There seems to be a race condition in FSM when MS establishes MM context
which isn't immediately followed up by PDP context (for example when no
APN is configured in MS).
This does not affect actual functionality because in this case MS won't
be able to use GPRS anyway but it's still nice to get our FSM fixed even
in this corner case.
Change-Id: I14d234632224e20faf865d2273c83cfff31abf61
* don't use spaces when printing hex data like RAND, SRES etc to
increase the chance that it'll fit onto single line which will improve
readability
* don't print non-existent QoS value
Change-Id: I0a09063f30c1116803994117f49df9d02bcc9181
Add a 'gsup ipa-name' VTY command which overrides the default
IPA name used by the SGSN on the GSUP link towards the HLR.
This is required for GSUP routing in multi-SGSN networks.
The 'gsup ipa-name' option can only be set via the config file
because changing the IPA name at run-time conflicts with active
GSUP connections and routes configured in the HLR. The osmo-sgsn
program must be restarted if its IPA name needs to change.
Related: OS#3356
Change-Id: Ib2f65fed9f56b9718e8a9647e3f01dce69870c1f
We were passing a NULL pointer of type struct gsm_network * to
ctrl_interface_setup_dynip(). Remove the pointless declaration
of this struct. Also, replace the sgsn_controlif_setup() helper
function with a direct call to ctrl_interface_setup_dynip().
The helper fnuction was just a thin wrapper around the latter.
Change-Id: Ib4151afa5bff01e63b462cca517fb60ac0503759
Related: OS#3356
Use OSMO_MIN macro to check for MSISDN length. This makes the code
cleaner and will, hopefully, aid static analysis tools.
Change-Id: Ic0fbeb8d248c74e54bfb51ba2cdea55c4f386ac7
Fixes: CID57879
We do not install any libraries so we don't need it: most likely it's a
forgotten leftover from pre-split repo time.
Change-Id: Ifabb26d1e6384659789061bc2abe23cb5ceca4cb
This requires I414e67a3de733fab407161b3264d3b89070ba537 in libosmocore
to avoid warning about discarded const.
Change-Id: Ie92637dd900b0f9eba891d5aad0b4ba0ee69c08c
Add new environment variables WITH_MANUALS and PUBLISH to control if
the manuals should be built and uploaded. Describe all environment vars
on top of the file.
When WITH_MANUALS is set, install osmo-gsm-manuals like any other
dependency and add --enable-manuals to the configure flags (for "make"
and "make distcheck"). Add the bin subdir of the installed files to
PATH, so osmo-gsm-manuals-check-depends can be used by ./configure.
Related: OS#3385
Change-Id: Ic45322c809f9f65d0fd24b828dab0cd929fa6267
Set AM_DISTCHECK_CONFIGURE_FLAGS in Makefile.am instead of
DISTCHECK_CONFIGURE_FLAGS. This is the recommended way from the
automake manual, as otherwise the flag can't be changed by the user
anymore.
Related: OS#3718
Change-Id: I5bf96adcf06f1844ffc888d8690d2cc0df48e3f9
Moved to doc/manuals/, with full commit history, in preceding merge commit.
Now incorporate in the build system.
Build with:
$ autoreconf -fi
$ ./configure --enable-manuals
$ make
Shared files from osmo-gsm-manuals.git are found automatically if
- the repository is checked out in ../osmo-gsm-manuals; or
- if it osmo-gsm-manuals was installed with "make install"; or
- OSMO_GSM_MANUALS_DIR is set.
Related: OS#3385
Change-Id: I0477d7c871413bd90b365d3064bac3cba23a0883
This is the first update since the libosmocore changes to the 'show
online-help' generated output. Hence the produced document now benefits from
the structural improvements:
- not repeating common commands for every node;
- using section names that match the VTY prompt.
Drop most of the sgsn_vty_additions.xml -- they merely repeat what the online
VTY doc already explains. Many of these more verbose explanations have been
absorbed into the VTY online doc in osmo-sgsn.git change-id
I35984014424412e91437b7ed71576aef3819cb1e.
Adjust remaining sgsn_vty_additions.xml to match the new node ID scheme.
Change-Id: I71863e5056ad369d2055e9882a52a00fa999ab04
Since the NITB split, GSUP is used in all three network elements, so
make the protocol a shared chapter
Change-Id: Id2d7c27ef16eb0ebe5f60d625a1fcf42f1603f4f
The initial goal was to make sure we don't have overall FORCE rules causing
unnecessary rebuilds -- annoying while writing documentation. As I looked
through possible dependencies, I finally understood what's going on here.
Remove code dup and nicely sort which belongs where in build/Makefile.*.inc. In
each, describe in a top comment how to use it, and also unify how they are
used:
- Rename Makefile.inc to Makefile.docbook.inc and refactor
- Add Makefile.vty-reference.inc
- Add Makefile.common.inc
Make sure that we accurately pick up all dependencies.
Drop use of the macro called 'command', that silenced the actual command lines
invoked and replaced them with short strings: it obscures what is actually
going on and makes the Makefiles hard to read and understand.
Each manual's makefile is greatly reduced to few definitions and a Makefile
include, e.g. one for asciidoc, one for VTY reference.
Move common/bsc_vty_additions.xml to OsmoBSC/vty/libbsc_vty_additions.xml, link
from OsmoNITB. It applies only to OsmoBSC and OsmoNITB.
Add a script that combines a VTY reference file with *all* additions files
found in a manual's vty/ dir. Call this from Makefile.vty-reference.inc.
Change-Id: I9758e04162a480e28c7dc83475b514cf7fd25ec0
All parts referencing GFDL can be easily disabled by removing the
'gfdl-enabled' attribute from the document.
Change-Id: I2489726ad2e90301bceadfada926e31ae0f85986
Reserve a new IE for the charging characteristics. We need to handle
them as a GGSN might otherwise reject the PDP context creation. For
the SGSN it is enough to send the two octets as it.
Pick the 0x1X range for the IEs as it is used with the PDP contexts.
Change-Id: I1d7423582e154728a240cf15c32772a06822f4ad
The arrow style used to desribe the flowcharts in gsup.adoc does not match
the arrow style used in the protocol descriptions which are included from
the common directory (gb.adoc, control_if.adoc, oap.adoc). This patch changes
the arrow style to match the already existing common parts.
Change-Id: I7faa0c97ee3705a64289a47bc63f311d05f988b3
The explaination of the access policy is a bit unclear. Users
that come from osmo-nitb might have trouble to grasp the functionality
of the access control list based approack correctly.
Change-Id: Iaae3035c4de3cb082f097441eff99289ee6dfc53
Add semicoli in fig-gprs-pcubts digraph.
Remove section from GMM Implementation about non-existence of HLR.
The SGSN can access osmo-hlr via GSUP (and will have to do so in the
libvlr future).
Change-Id: I0164f418e453672321eed00bbc454c1e223ea158
Unfortunately a glob like osmo-x__*.{svg,png} doesn't work, so have the
suffixes in separate globs.
Add dashes to indicate that failure should be ignored.
Change-Id: I6bc4d9ea72b43a573acbc860c23397f748de2c7b
Generate *.check files from asciidoc output and grep for WARNINGs.
Add *.check files to gitignore and to 'make clean'.
Change-Id: Ibccc83a3415930a528f2e8e4e4dda3b81c6d0b64
The GSUP protocol has been enhanced with
* Support for UMTS AKA in 'Auth Tuple' / SAI operations
* Authentication Failure Report
* CN Domain indicator
Let's update the documentation accordingly.
The manuals existed in different form for several years in an internal
sysmocom repository. However, since they had just recently been
converted from docboox-xml to asciidoc and all files have been
re-shuffled for enabling the public release, there's not much point in
keeping the history with git-filter-branch.
Log line actually makes more sense out of the function where IMSI acq is
resolved. We can then get rid of msg param which may cause confusion and
add complexitiy to code for no good reason.
Change-Id: I6716a260e12a3cf36af0501ce611c6c1e608f537
It makes no sense to print every stored_msg with BVCI from msg, same for
routing. This will allow getting rid of "msg" completelly in next
commit.
Change-Id: I95eafbf41012be3e02c68fc996773dd02b174fe6
The only use inside the function is only to log information which should
actually be provided by tmp_parse_ctx of each stored msg.
Change-Id: Ic186b92fa9bd0a2b853a0cf525c6f6feb9493897
gbproxy process was aborted with following message during APN patching:
<000e> gb_proxy_patch.c:129 Patching ACT_PDP_REQ to SGSN: Replacing APN 'foo' -> 'bar'
msgb(0x5555558797d0): Sub area is not fully contained in the msg data
During osmo-sgsn 107fb59e84 old copy of
gprs_msgb_resize_area was replaced by more modern libosmocore version
called msgb_resize_area. They are mostly identical but the later has
some extra verification asserts. One of this asserts was triggering the
process abort, but the bug has always been there as far as I could see
in git history.
The assert triggers because the bssgp buffer and parse_ctx point to
"stored_msg", while the data buffer comes from a different msbg "msg",
which is clearly wrong behavior.
In the modified line, "msg" (the one which provided the imsi now already
stored in link_info through gbproxy_update_link_state_ul()->gbproxy_assign_imsi())
is really not needed anymore, and we want to patch the stored msg going
to be forwarded.
Related: SYS#4397
Change-Id: I7226fc5bcfbf58c349431d0a39cdb904fefd9e9c
In case of multiple bts peers we use '\n' as individual entries
separator.
This reverts commit fffd6cb0d8.
Change-Id: I1ea17919ec3ed7e26044df8b5f8324717ee9e32c
Return number of BTS peers. This is especially useful when no peers are
available because "gbproxy-state" command returns empty sstring in this
case.
Change-Id: I29b0664e60f7c81c3c7b495c1c8f2700e3f7e033
Related: SYS#2655
In ctrl protocol we don't need any explicit formatting as it might
interfere with client processing our response. Let's drop trailing '\n'.
Change-Id: I3f32e01dd50a53991c292aeee57a78d81cdc5429
Related: SYS#2655
Coverity points out we forgot to check the return value of
osmo_shift_v_fixed() in some places. Add checks which verify
the expected length of data which is skipped by the parser.
Change-Id: I20406f411810e966443d6fd5a4620b9a66cd9809
Related: CID#135160
libosmocore commit 797558ea1768e464f9559c5f7a4f3f4285c5de25
changed the order of NS_UNBLOCK_ACK transmission dispatching
of the NS_UNBLOCK signal. Update expected output of gbproxy
tests accordingly to make these tests pass again.
Change-Id: Ia3df811755b1c88cf7a27a466677b24a6c32fd8e
Related: OS#2388
Avoid explicit memset which confuses coverity, use strnlen() and
osmo_strlcpy() to handle strings.
Change-Id: I73fd54ad3a4ab8be5aff0fee5c722597ad766e9d
Fixes: CID163626
The two existing enums defined in gprs_sndcp_xid.h, for protocol
and data compression algorithm numbers respectively, were assigned
to 'int' variables when their values were copied to other structures.
This prevented the compiler from checking the enum value coverage
during switch statements and also tripped up Coverity scans looking
for enum value mismatch problems.
So instead of copying enums to ints, make use of the enums throughout.
Structures which can contain values from both enums now use a union
of both, forcing us to be very explicit about which set of values
we are dealing with.
Change-Id: I3771a5c59f4e6fee24083b3c914965baf192cbd7
Depends: If6f3598cd6da4643ff2214e21c0d21f6eff0eb67
Depends: I8444c1ed052707c76a979fb06cb018ac678defa7
Related: CID#149102
The function gprs_sndcp_get_compression_class() returns -EINVAL
upon error, not -1, so an existing assertion would never trigger.
Instead, check for the values we want first (PROTOCOL_COMP or
DATA_COMP) and assert(false) in case the returned value doesn't
match either of these.
Found by: Neels
Change-Id: I8444c1ed052707c76a979fb06cb018ac678defa7
osmo-hlr has recently (as of Change-Id
Iad227bb477d64da30dd6bfbbe1bd0c0a55be9474) a working shared library
implementation of libosmo-gsup-client.
We can remove the local implementation in osmo-sgsn and use the
system-installed shared library instead.
Change-Id: I6f542945403cf2e3ddac419186b09ec0e2d43b69
After checking the FCS, it's no use. The FCS should also not
appear on `hexdump(msgb_l3(MSG), msgb_l3len(MSG))`.
Change-Id: I27e061ead86395a336b67c7aead93d305a0f2ae8
When a MS does the following
- MS: GMM Attach
- MS: Activate PDP CTX
- SGSN: send PDP CTX Request to GGSN which GGSN does not answer
- GMM Detach (MM ctx get freed)
- libgtp retrans timeout of the first answer
- sgsn_libgtp.c: create_pdp_conf() which ignores this ctx because of emtpy MM ctx
Change-Id: I4575f7f80f785a62ae3b7f165d236a9dd818aabf
Introduce a new FSM step in GMM Attach to send the
Security Command to the RNC after completing the
Authentication.
Fixes: f7198d7dbb ("gprs_gmm: introduce a GMM Attach Request FSM")
Change-Id: I1e12b0a32e58c6f78dba7b548f7d7016567229db
NET_FAIL will result in asking again and again. Reject with IMPL_DETACHED to drop the
MS completely.
Change-Id: I195d533e330a4b577cad80c7e757d481f9c837df
Document all keywords of the 'reset sgsn state' command: set the same doc
string for all three.
Also fixes the build after libosmocore
I1f18e0e41da4772d092d71261b9e489dc1598923, which resulted in HIDDEN commands
coming up in the VTY reference dumping. Note that libosmocore
I92c3c66ff69c186234276c64478d6342e061d25e will again remove this breakage by
omitting hidden commands.
Change-Id: I8b6e8615e409266910f2f76a10ced9ab33e4de91
Move the check of the echo timer into an own function.
The gtp echo timer must be re-check everytime the
echo-timer has been modified or deactivated via vty.
Fixes the TTCN3 SGSN_Tests.TC_attach_restart_ctr_echo
Change-Id: Ia33471a9a9cfc3887facb665c82094b99932052a
The GMM ctx->gmm_att_req.auth_reattempt is used to track
multiple UTMS re-sync attempt of a MS.
Change-Id: I708226cec9e131dcda4234f42ed3689f4f6750e8
Fixes: f7198d7dbb ("gprs_gmm: introduce a GMM Attach Request FSM")
Fixes: OS#3556
When the GGSN crashs, the SGSN will be notified after
it comes back. Because of the async operation,
the mm ctx could be already gone.
Change-Id: I507a8c2193c84f8dff7f5d669adcd3583331f289
Allow ttcn3 to flush the gtp queue between each test.
Fixes ttcn3 test SGSN_Tests.TC_attach_pdp_act_deact_mt_t3395_expire
Change-Id: I49d70cb7abe5cbe92ea68882fa68eccec0e79586
The old GMM Attach Request handling used a recursive function
which can not handle certain states and is quite complex and hard to
extend.
The new FSM handles such request in a FSM and can be called multiple
times.
Change-Id: I58b9c17be9776a03bb2a5b21e99135cfefc8c912
The test cases now implemented by TTCN3 which should not be as fragile
as the unit tests. Because the unit tests expect a quite strong internal
state to be happen.
Change-Id: Iac1c8854b5ea4aa03279990390ebc110c979aac2
It was discovered during OBS debian build that --enable-ui was not being
passed despite being defined. Comparing with other similar projects it
became clear that this override tag was not correct and it was being
omitted.
Change-Id: I0ad1009100fd7c2798bcf22aa84a0d90fbe41a55
The intention was to use the file's basename, but __BASE_FILE__ means "the root
file that is being parsed and contains #include statements".
If we had a function using __BASE_FILE__ and that was defined in an #included
file, __BASE_FILE__ would indicate the first file where the #include is, and
not the file where the function is defined. __BASE_FILE__ works for us because
we don't ever include function definitions that log something, so __BASE_FILE__
always coincides with __FILE__ for our logging; but still __BASE_FILE__ is
semantically the wrong constant.
Related: OS#2740
Change-Id: Icdf7af7a31fbba9197b3711eaf102fc0ae333bcc
The '.' is illegal character in counter names, as they are exported
via CTRL interface, where '.' has a special meaning that cannot be
used by strings comprising the variable name.
Change-Id: I66a7e044c027672adf77fbd6c0a111c43ee31b4f
This timer allows periodically cleaning up stale links in link-list of
each gbproxy_peer. Previous to this patch, this kind of cleanup
(gbproxy_remove_stale_link_infos) was being done only as a consequence
of external events being triggered, such as a message from that peer
being received.
It was found in a production network agreggating several BSS that some
of them were offline for a longtime but gbproxy was still caching big
amounts of really old link_info for the NSEI assigned to those BSS,
because since they were probably turned off abruptely, no new messages
were received from it which would trigger the cleanup.
As a consequence, it has been observed that a timer to periodically
clean up old entries (link-list max-age) is requird in case w don't
receive messages from that NSEI periodically.
Related: SYS#4431
Change-Id: Ic777016f6d4f0e30fb736484774ca46878f17b7a
It was discovered in some prod setups that some TLLIs can maintain quite
long queues of msgb in case its IMSI is not acquired and the tlli is not
pruned due to link-list max-{age,length} being set to 0. As a result,
the osmo-gpbroxy steadly increases the list size of maintained TLLIs, and
some TLLI was found without IMSI catching already 1211 msgb.
Let's allow setting a maxiumum length for the queue storing those msgb
in a per TLLI base. If the limit is reached, oldest msgb are removed
before adding a new one.
Depends: libosmocore Change-Id I33b501e89a8f29e4aa121696bcbb13d4b83db40f
Related: SYS#4297
Change-Id: I4473be8604f80302df03ffdd5a13280dc072f824
gprs_msgb_resize_area was introduced in libosmocore 0.94
(f78ec5ce0d0f6038147d9b9e14d81094309ba5d5) as msgb_resize_area. Let's use
that one to avoid code duplication.
Change-Id: Ib80f7b2b186d87f21d63d9b0bec58175170c905c
gprs_msgb_copy was introduced in libosmocore 0.94
(f78ec5ce0d0f6038147d9b9e14d81094309ba5d5) as bssgp_msgb_copy. Let's use
that one to avoid code duplication.
Change-Id: I42a65fd8e4045fafadf5694f2d8d0c5e7ab350a0
Reset the SGSN internal state. Useful when testing the SGSN via TTCN3.
Depends on the libosmocore commit:
I29b6ad6742ddf9b0b58b4af37d9a1cf18e019325
Change-Id: I92096f3f6ea49e75676e30e9921d00210bac5382
This seems to b remaining from ancient days. The code
in there is either no longer needed, or has been moved to libosmocore.
Change-Id: I9307f9da7f48dd0a2e1cb213072068736e569722
libosmogsm in libosmocore.git from Change-Id
Ie36729996abd30b84d1c30a09f62ebc6a9794950 onwards contains oap_client.c,
so we don't need our local copy here in this repo anymore.
Change-Id: I7b194f98ef3f925b6178d8a8dbd9fcf2f0c6e132
Requires: libosmocore.git Change-Id Ie36729996abd30b84d1c30a09f62ebc6a9794950
This check is not in all our repos that use git-version-gen. Indeed it
seems to be a leftover of openbsc where I think it wanted to ensure
being called in the openbsc subfolder or something? libosmocore e.g.
doesn't have it.
In any case .git being a directory is not always true (if using git
worktree) so remove this check.
Change-Id: I4385cc4fb87ca4354a3c608a18aa3d2eb03a744f
The '.' is illegal character in counter names, as they are exported
via CTRL interface, where '.' has a special meaning that cannot be
used by strings comprising the variable name.
Change-Id: I93a2e5b6ec66c9edb6e93d95032e788f552af44b
When PDP CTX CREATE ACK is received with an increased RestartCtr, cb_recovery2
is called first, which will dettach ggsn from al pdp ctx (free the
pdp_t). But when giving control back from the ctrl, libgtp still uses
that freed ctx and sends it back to osmo-sgsn through cb_conf().
As specs state in any case that we need to handle the message containing
the increased RestartCtr as valid, we then need to avoid freeing the pdp
ctx and leave handling for later in cb_conf.
Depends: osmo-ggsn (libgtp) Change-Id I53e92298f2f6b84d662a3300d922e8c2ccb178bc.
Change-Id: I0989c00e18ca95a099e1a312940eaac71957b444
Previous API freed the ctx immediatelly after sending the packet, which
triggered a call to cb_delete_context() and dropped the entire
sgsn_pdp_ctx before the PDP DEL CTX ACCEPT was received. This new API
won't free the pdp ctx and we can tear down everything once we receive
the ACCEPT in cb_conf.
cb_conf is not automatically freed at cb_conf, user needs to free it, so
we need to remove setting pctx->lib to NULL in cb_conf to avoid leaking the
pdp ctx, as it needs to be freed inside sgsn_pdp_ctx_free().
Depends: osmo-ggsn (libgtp) Change-Id I29d366253bb98dcba328c7ce8aa3e4daf8f75e6c.
Change-Id: I304c59de5d137b81de3c6df0fdbe911ae3dbd1f3
if pdp->ggsn==NULL, sgsn_addr was not initialized and caused asan report
during snprintf:
==19459==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fffffffbe31 at pc 0x7ffff6e563fe bp 0x7fffffffb130 sp 0x7fffffffa8a8
READ of size 31 at 0x7fffffffbe31 thread T0
...
Address 0x7fffffffbe31 is located in stack of thread T0 at offset 337 in frame
#0 0x55555573a7b0 in cdr_snprintf_pdp osmo-sgsn/src/gprs/sgsn_cdr.c:154
...
[320, 337) 'sgsn_addr' <== Memory access at offset 337 overflows this variable
...
Change-Id: I97bc56a4e3e76725eb2717b74b3ac125b68bbf0a
field pdp->num_T_exp was being reset to 0 every time
pdpctx_timer_start() was called from gsm48_tx_gsm_deact_pdp_req().
Take the chance to test max amount of retrans to 4 as detailed in specs.
Change-Id: Iacce3c66f61578ebee37abaa287f7e183f985c1c
Scenario and behaviour before this commit:
- Received Echo Reply from GGSN has incremented RestartCounter
- func sgsn_ggsn_ctx_drop_all_pdp() is called to dettach all pdp ctx
from GGSN and request the MS to deact all related ctx.
- DEACT ACCEPT is received from MS, and then it tries to send DEL PDP CTX
to GGSN, expecting to receive a Confirmation and only then freeing the
pdp ctx.
The problem is that since the initial cause of triggering was a GGSN
restart, the GGSN doesn't know anything about that pdp ctx anymore, so
it's not useful sending it. We can instead dettach the GGSN and libgtp
ref at drop_all_pdp() time and then when we receive DEACT ACCEPT from MS
we can free the pdp ctx directly.
Change-Id: I1c74098e181552c218e152bf4ac5035cea770428
According to 3GPP TS 24.008 Section 6.1.3.4, the tear down indicator IE
maybe included in the DEACTIVATE PDP CONTEXT REQUEST message in order
to indicate whether only the PDP context associated with this specific
TI or all active PDP contexts sharing the same PDP address and APN as
the PDP context associated with this specific TI shall be deactivated.
As we don't permit/support establishing multiple PDP contexts using
the same APN and PDP address, it shouldn't really make any difference.
Nevertheless, we want to clear everything, so let's include it.
Change-Id: Ia9bc2d0e93362a8473eac5cf4c7e8ffa41c79e5b
60 seconds is used by default, which is the minimum accepted value for
this timer as per 3GPP TS 29.060 section "7.2.1 Echo Request".
Having it low by default is good for lab use in which a lot of stuff
changes over time.
Change-Id: Ia1898d172482bf6a25d829f8fc9a47824f49456f
In sgsn_pdp_ctx_terminate, a pdp ctx is terminated and the mm ctx is
detached. However, T3395 may still be armed and then pdpctx_timer_cb
will trigger, and attempt to use the pdp->mm ctx which was already
detached (set to NULL) when calling
gsm48_tx_gsm_deact_pdp_req()->mmctx2msgid().
Following list of log lines shows the scenario+crash, in which osmo-sgsn
is trying to deactivate the ctx all the time but the PCU doesn't ACK it,
and then at some point the PDP context is forced released.
osmo-sgsn/src/gprs/gprs_gmm.c:2294 MM(901700000015254/d7e9ab95) <- DEACTIVATE PDP CONTEXT REQ
osmo-sgsn/src/gprs/gprs_gmm.c:1464 MM(901700000015254/d7e9ab95) -> GMM DETACH REQUEST TLLI=0xd7e9ab95 type=GPRS detach Power-off
osmo-sgsn/src/gprs/gprs_gmm.c:313 MM(901700000015254/d7e9ab95) Cleaning MM context due to GPRS DETACH REQUEST
osmo-sgsn/src/gprs/gprs_sgsn.c:332 MM(901700000015254/d7e9ab95) Dropping PDP context for NSAPI=5
osmo-sgsn/src/gprs/gprs_sgsn.c:434 PDP(901700000015254/0) Forcing release of PDP context
osmo-sgsn/src/gprs/gprs_sndcp.c:508 SNSM-DEACTIVATE.ind (lle=0x62100001bca0, TLLI=d7e9ab95, SAPI=3, NSAPI=5)
osmo-sgsn/src/gprs/sgsn_libgtp.c:310 PDP(---/0) Delete PDP Context
osmo-sgsn/src/gprs/gprs_gmm.c:2294 MM(---/ffffffff) <- DEACTIVATE PDP CONTEXT REQ
osmo-sgsn/src/gprs/gprs_gmm.c:305:25: runtime error: member access within null pointer of type 'const struct sgsn_mm_ctx'
Program received signal SIGSEGV, Segmentation fault.
0x0000555555698c1b in mmctx2msgid (msg=0x61d0000172e0, mm=0x0)
at /home/pespin/dev/sysmocom/git/osmo-sgsn/src/gprs/gprs_gmm.c:305
305 msgb_tlli(msg) = mm->gb.tlli;
(gdb) bt
#0 0x0000555555698c1b in mmctx2msgid (msg=0x61d0000172e0, mm=0x0)
at osmo-sgsn/src/gprs/gprs_gmm.c:305
#1 0x00005555556b170a in _gsm48_tx_gsm_deact_pdp_req (mm=0x0, tid=0 '\000',
sm_cause=38 '&')
at osmo-sgsn/src/gprs/gprs_gmm.c:2297
#2 0x00005555556b1a2e in gsm48_tx_gsm_deact_pdp_req (pdp=0x6140000008a0,
sm_cause=38 '&')
at osmo-sgsn/src/gprs/gprs_gmm.c:2311
#3 0x00005555556b876c in pdpctx_timer_cb (_pdp=0x6140000008a0)
at osmo-sgsn/src/gprs/gprs_gmm.c:2717
#4 0x00007ffff355eb3e in osmo_timers_update ()
at libosmocore/src/timer.c:257
#5 0x00007ffff356255c in osmo_select_main (polling=0)
at libosmocore/src/select.c:254
#6 0x00005555556f17cb in main (argc=3, argv=0x7fffffffe298)
at osmo-sgsn/src/gprs/sgsn_main.c:531
Change-Id: I2120e53ade6cabad37f9bd99e6680a453411821b
Before this commit, echo req/rsp logic was implemented in libgtp but
never used in osmo-sgsn.
This commit adds a timer which periodically sends a GTP ECHO Request to
every GGSN if there's at least one pdpd context associated with it. This
way by checking the restart counter in the ECHO Reply it can be known if
the GGSN was restarted. In this case, logic already present in osmo-sgsn
will terminate all pdp contexts associated with that GGSN.
Change-Id: I9d714726785407859f26bbef052cd0efc28e8dae
This way we can easily track all pdp context associated to a specific
ggsn, which is useful to handle some scenarios, such as the one
implemented in next commit, in which specs references that GSNs should
ping only other GSNs with at least one pdp ctx in common. So the list
of pdp ctx per GGSN is really useful too (and cheap computationally)
to check if we should arm or disarm the echo procedure timer.
So this commit can be seen as a preparation for next commit.
Change-Id: I3bbcc0883df2bf1290ba8d4bd70db8baa494087a
The message this test is trying to parse is indeed invalid.
Add a comment showing the message in decoded form, and assert
that the parser rejects it.
Also, add a missing call to cleanup_test().
Change-Id: I2a86432d080c38d3c95626372a0129499d7146dd
Related: OS#3178
The flag cannot be enabled in all cases because current osmo-iuh header
contain compilation warnings which are then propagated to this project
when building against them.
Change-Id: Ia4285a88af6d4adfba08c055c6734f9d82c1a5a4
This patch adds a control interface to osmo-gbproxy as well as the first
two commands to query the state of each NSVC and gbproxy peer.
The "nsvc-state" command replies with
nsei, nsvci, local state, role, remote state of all NSVCs.
The "gbproxy-state" command replies with
nsei, bvci, mcc, mnc, lac, rac, and state of each peer.
Entries are separated by a newline '\n' character. If there are no
entries an empty list is returned. This behaviour is similar to that of
the subscriber-list-active-v1 command in osmo-sgsn.
$ ./osmo_ctrl.py -d 127.0.0.1 -p 4263 -g nsvc-state
Got message: b'GET_REPLY 23 nsvc-state 101,101,DEAD,BLOCKED,SGSN,DEAD,UNBLOCKED\n'
$ ./osmo_ctrl.py -d 127.0.0.1 -p 4263 -g gbproxy-state
Got message: b'GET_REPLY 4871085901306801158 gbproxy-state '
Change-Id: I82c74fd0bfcb9ba4ec3619d9fdaa0cae201b3177
Ticket: OS#3281, SYS#4235
Sponsored-by: On-Waves ehf
Add a test which reproduces the parsing problem. Whether this problem
is due to an invalid message or a parser bug is yet to be determined.
Until then, this test helps with analyzing the problem further.
Change-Id: I39189701a57c785ffdacc3ae26d7aa93bb06cde6
Related: OS#3178
The detach type network side is defined as
- Reattach required
- Reattach not required
- IMSI detach (after VLR failure)
IMSI detach seems to be more close. Howeever the standard
isn't clear about this.
Change-Id: I27da6dc5165819cccd1ae0a98b132b45a01f38bb
There is no way to recover from "PROTOCOL_ERRORS".
As long the error_cause is not set, the
SGSN won't send out a GMM Request Reject.
Fixes: TTCN: SGGN_Tests.TC_attach_auth_sai_reject
Change-Id: Iefe8f05686ef4acac721f3c0672910704f3b0ff8
Store the established security context type (GSM or UMTS) instead of the
boolean flag is_authenticated. Provide the previous boolean query with thin
sgsn_mm_ctx_is_authenticated() function.
Knowing which security context was established will be necessary for OS#3224,
i.e. using the proper ciphering key, which is not yet tested properly, and
probably not correct at this stage.
This change will make new SGSN_Tests.TC_attach_umts_aka_gsm_sres pass.
Related: OS#3193 OS#3224
Change-Id: I36807bad3bc55c0030d4f09cb2c369714f24bec7
Particularly gbproxy_test.c had various mem leaks, which (will) show up with
gcc (Debian 7.3.0-15) 7.3.0 address sanitizer. Fix those leaks to verify that
we don't have memleaks in the production code.
Change-Id: Ia4204c8b3d895b42c103edecb61b99d3d22bd36f
Use the proper enum ranap_nsap_addr_enc instead of int, and properly exclude
that member when we're building without Iu support:
sgsn_vty.c:1323:31: error: passing argument 2 of ‘ranap_iu_vty_init’ from incompatible pointer type [-Werror=incompatible-pointer-types]
ranap_iu_vty_init(SGSN_NODE, &g_cfg->iu.rab_assign_addr_enc);
Add const to a local var to silence compiler warning retrieving TLVP_VAL:
gprs_gmm.c:1657:18: error: initialization discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers]
uint8_t *mi = TLVP_VAL(&tp, GSM48_IE_GMM_ALLOC_PTMSI);
^~~~~~~~
Change-Id: I1168ce6425c31db3f6c3bf1f3682ae96b028c59b
Like we did in osmo-sgsn in If804da17a7481e79e000fe40ae0d9c4be9722e61, move
from 'osmo_gbproxy.cfg' to 'osmo-gbproxy.cfg' as default config file name.
Still look for the legacy file name to not break old setups.
Change-Id: I9448908d94a23001f04b6334a78739a839b91313
Add 3-digit flags and use the new RAI and LAI API from libosmocore throughout
the code base to be able to handle an MNC < 100 that has three digits (leading
zeros).
Note that in gbproxy_test.ok, 0-0 changes to 000-000 instead of 000-00, because
the parsed ra buffer is 000000 which results in 000-000, while 00f000 would
result in 000-00. IOW this is expected.
Change-Id: I7437dfaa586689e2bef0d4be6537e5577a8f6c26
Provide a sane means of adding the -Werror compiler flag.
Currently, some of our jenkins.sh add -Werror by passing 'CFLAGS="-Werror"',
but that actually *overwrites* all the other CFLAGS we might want to have set.
Maintain these exceptions from -Werror:
a) deprecation (allow upstream to mark deprecation without breaking builds);
b) "#warning" pragmas (allow to remind ourselves of errors without breaking
builds)
As a last configure step before generating the output files, print the complete
CFLAGS and CPPFLAGS by means of AC_MSG_RESULT.
Change-Id: Ifea235feb073a276302436936e908d9125c77a82
The osmo-gsm-manuals/vty/sgsn_vty_additions.xml contained many command
explanations that are redundant with the VTY online doc. Some however are more
verbose / easier to understand. Absorb these into the online VTY doc here.
This matches the removal in osmo-gsm-manuals change-id
I71863e5056ad369d2055e9882a52a00fa999ab04.
Change-Id: I35984014424412e91437b7ed71576aef3819cb1e
sgsn_test initializes various struct gprs_ra_id without naming the actual
members, which is vulnerable to struct member re-ordering. Name the members
explicitly.
An upcoming ABI change in libosmocore would cause test failures here without
this patch.
Change-Id: I517ed9edf77fac37d9de7a39df24c419a8a65d96
Both library are required to build osmo-sgsn.
The optional dependency was correct when osmo-sgsn
was part of openbsc.
Change-Id: Id608165ae490cb6c84aac1fe70412b2cb2b2587b
It has stricter type signature which increase the chance of spotting
misuse either via compiler warning or with automated scan. This also
paves the way for gsm48_construct_ra() deprecation in libosmocore.
Change-Id: I2c0f082dc7214ed57a40dad0788e34b838dfac97
Related: OS#1640
On 34c3, osmo-sgsn keeps restarting. At least once, it hits the assertion that
this patch replaces with an error message, to not disrupt operation.
Change-Id: I07a40960920dbc594192530c3a145f9a5d2a9c81
The gsm48_construct_ra() expect 6-byte buffer while ra_id.digits is
3-byte buffer. The function fills in LAC and RAC as well so we should
pass entire struct, not just 'digits' part which only store MCC/MNC.
Related: OS#1640
Change-Id: I3bfda930012c792452f9fd695ed7acf46365f1df
Fixes: CID57877, CID57876
Fixes following compilation warning:
osmo-sgsn/src/gprs/gprs_gmm.c: In function ‘gsm48_rx_gmm_service_req’:
osmo-sgsn/src/gprs/gprs_gmm.c:1786:10: warning: variable ‘ciph_seq_nr’ set but not used [-Wunused-but-set-variable]
uint8_t ciph_seq_nr, service_type, mi_len, mi_type;
^~~~~~~~~~~
Change-Id: If0819026a99f45df96ee6de26a71c16128e79cb8
Fixes following compilation warnings:
osmo-sgsn/tests/sgsn/sgsn_test.c: In function ‘test_gmm_attach_subscr’:
osmo-sgsn/tests/sgsn/sgsn_test.c:1110:30: warning: assignment from incompatible pointer type [-Wincompatible-pointer-types]
subscr_request_auth_info_cb = my_subscr_request_auth_info;
^
osmo-sgsn/tests/sgsn/sgsn_test.c: In function ‘test_gmm_attach_subscr_fake_auth’:
osmo-sgsn/tests/sgsn/sgsn_test.c:1144:30: warning: assignment from incompatible pointer type [-Wincompatible-pointer-types]
subscr_request_auth_info_cb = my_subscr_request_auth_info_fake_auth;
^
osmo-sgsn/tests/sgsn/sgsn_test.c: In function ‘test_gmm_attach_subscr_gsup_auth’:
osmo-sgsn/tests/sgsn/sgsn_test.c:1275:30: warning: assignment from incompatible pointer type [-Wincompatible-pointer-types]
subscr_request_auth_info_cb = my_subscr_request_auth_info_gsup_auth;
^
Change-Id: I5fcb3d460d8becb4cc917fc8d27bfc7e49d50b90
This avoids potential licensing incompatibility and makes integration of
Debian packaging patches easier.
The libosmocore version requirements are fine already but for jenkins
tests to pass we have to have Ic77866ce65acf524b768882c751a4f9c0635740b
merged into libosmocore master.
Related: OS#1694
Change-Id: I2b687b7f07ef05bbd861b8479cad5a958a3dde92
Due to recent libosmocore's change we can't allocate rate counters with
the same name and index which are already allocated. This causes
sgsn_mm_ctx_alloc_iu() failure for multiple subscribers.
Fix this by using conn_id parameter from ranap_ue_conn_ctx.
Change-Id: I1062ffdcac96c82269cab6f4e7ae50e28dc3aa44
Related: OS#2757
The '.' is illegal character in counter names, as they are exported
via CTRL interface, where '.' has a special meaning that cannot be
used by strings comprising the variable name.
Change-Id: I4eb6851d3577f5942ae1a9ab28d3b3ca7ab8e208
This counter allocation error I hit uncovers a segfault when allocating an MM
context fails in the GSM_MI_TYPE_TMSI case:
DRANAP <001a> ../../../src/osmo-iuh/src/iu_client.c:509 handle_co_initial(dir=1, proc=19)
DRANAP <001a> ../../../src/osmo-iuh/src/iu_client.c:229 RNC 23: new LAC 24358 RAC 22
DMM <0002> ../../../../src/osmo-sgsn/src/gprs/gprs_gmm.c:1271 MM(---/ffffffff) -> GMM ATTACH REQUEST MI(3427325924) type="GPRS attach"
DLGLOBAL <001d> ../../../src/libosmocore/src/rate_ctr.c:195 counter group 'sgsn:mmctx' already exists for index 0
DMM <0002> ../../../../src/osmo-sgsn/src/gprs/gprs_sgsn.c:272 MM(/00000000) Cannot allocate counter group
Program received signal SIGSEGV, Segmentation fault.
gsm48_rx_gmm_att_req (llme=0x0, msg=0x555555886950, ctx=0x0) at ../../../../src/osmo-sgsn/src/gprs/gprs_gmm.c:1375
1375 ctx->p_tmsi = tmsi;
Fix it with a bit of code already present for the GSM_MI_TYPE_IMSI case just
above the segfault.
Change-Id: I49aa95b610f2faec52dede2e4816da47ca1dfb14
The ipa.py has been moved to osmo-python-tests as osmo_ipa - use it for
vty and ctrl tests instead of local copy. The soap.py and twisted_ipa.py
are not SGSN-specific: leftovers from repository split which are now
available in osmo-python-tests as well.
Change-Id: I3ef4ca790878921a5846f64942a8de8a6ff9c11c
Previously we've tried to convert addresses manually which lead to
wrongly displayed GTP addresses (e. g. '4.0.0.0' instead of
'127.0.0.2'). Use libgtp function for conversion to fix it.
Change-Id: I695a9c9497d675564a088b002299096e0dcd267d
Default behavior is to have them disabled, and can be explicitly
disabled too by using 'no cdr trap' cmd.
Tested with osmo_ctrl.py that messages are send successfully:
TRAP 0 cdr-v1 20171129125950222,901700000015254,357737055592090,555,0,5,,pdp-periodic,2731,127.0.0.2,127.0.0.1,internet,176.16.222.3,20793,10045,1
Related: OS#2360
Change-Id: I1d144d87effd934d991257a65e19cf046a938907
According to documentation (and personal experience), AM_PATH_PYTHON
selects the highest version of python, no matter if major version is
different, which means if both python2 and 3 are available, 3 will be
chosen an PYTHON will point to "/.../python" which is python3. Apparently,
the macro cannot be easily used to pick highest python2 version.
As {vty,ctrl}_test_runner.py require python2 and are incompatible with
python3, let's instead rely on the system having a "python2" binary
available, which is the case in most distros.
Change-Id: If8e57924ed2c8da7ab7692f58a4bb5c5a970484f
'.' is an illegal character in counter names, as they are exported
via CTRL interface, where '.' has a special meaning that cannot be
used by strings comprising the variable name.
Change-Id: Ie7734cc42151581897d220b445984448ceb57aed
'.' is an illegal character in counter names, as they are exported
via CTRL interface, where '.' has a special meaning that cannot be
used by strings comprising the variable name.
Change-Id: Iec382ec4ee54beb2937431f5a9d8d1171224eebb
vty_install_default() and install_default() will soon be deprecated.
Depends: I5021c64a787b63314e0f2f1cba0b8fc7bff4f09b
Change-Id: Iee1b582a62921cb3205de01ff87d94881e8d411b
All other Osmocom programs I know of have a default config file using a dash.
Comply.
Be backwards compatible: when a legacy osmo_sgsn.cfg exists but no
osmo-sgsn.cfg, use the old config file instead. (Verified to work by manual
tests.)
Change-Id: If804da17a7481e79e000fe40ae0d9c4be9722e61
d.addCallback(collect,partial(handle_reply,ctx.process_reply,self.transport.write,self.factory.log))# treq's collect helper is handy to get all reply content at once using closure on ctx
d.addErrback(lambdae,bsc:self.factory.log.critical("HTTP POST error %s while trying to register BSC %s"%(e,bsc)),bsc)# handle HTTP errors
# Ensure that we run only limited number of requests in parallel:
yieldself.factory.semaphore.acquire()
yieldd# we end up here only if semaphore is available which means it's ok to fire the request without exceeding the limit