Commit Graph

84 Commits

Author SHA1 Message Date
Holger Hans Peter Freyther 49880ddf74 mncc: Fix use after free on mncc socket disconnection
When the MNCC socket breaks down we would release all callds but when
there is no remote call the call would be released before

	if (call->remote)
		...

is being executed leading to a use after free. Fix it by copying the
legs first and assuming the call will be gone after that.

==3618== Invalid read of size 4
==3618==    at 0x804A18A: app_mncc_disconnected (app.c:49)
==3618==    by 0x804B52D: close_connection (mncc.c:255)
==3618==    by 0x804BCFA: mncc_rtp_send.constprop.13 (mncc.c:145)
==3618==    by 0x804CC86: check_setup (mncc.c:435)
==3618==    by 0x804CC86: mncc_data (mncc.c:795)
==3618==    by 0x42FCF94: osmo_fd_disp_fds (select.c:167)
==3618==    by 0x804D1F2: evpoll (evpoll.c:92)
==3618==    by 0x4205053: ??? (in /lib/i386-linux-gnu/libglib-2.0.so.0.4200.1)
==3618==    by 0x4205478: g_main_loop_run (in /lib/i386-linux-gnu/libglib-2.0.so.0.4200.1)
==3618==    by 0x8049AA6: main (main.c:171)
==3618==  Address 0x47f3258 is 64 bytes inside a block of size 76 free'd
==3618==    at 0x402A3A8: free (vg_replace_malloc.c:473)
==3618==    by 0x42E7FD1: ??? (in /usr/lib/i386-linux-gnu/libtalloc.so.2.1.5)
==3618==    by 0x804A3FD: call_leg_release (call.c:87)
==3618==    by 0x804A186: app_mncc_disconnected (app.c:48)
==3618==    by 0x804B52D: close_connection (mncc.c:255)
==3618==    by 0x804BCFA: mncc_rtp_send.constprop.13 (mncc.c:145)
==3618==    by 0x804CC86: check_setup (mncc.c:435)
==3618==    by 0x804CC86: mncc_data (mncc.c:795)
==3618==    by 0x42FCF94: osmo_fd_disp_fds (select.c:167)
==3618==    by 0x804D1F2: evpoll (evpoll.c:92)
==3618==    by 0x4205053: ??? (in /lib/i386-linux-gnu/libglib-2.0.so.0.4200.1)
==3618==    by 0x4205478: g_main_loop_run (in /lib/i386-linux-gnu/libglib-2.0.so.0.4200.1)
==3618==    by 0x8049AA6: main (main.c:171)
==3618==

Change-Id: I1889013ed315f896e4295358f6daf76ce523dc2a
2017-03-06 21:10:07 +00:00
Holger Hans Peter Freyther 068f547954 call: Fix call release handling on mncc connection loss
The app_mncc_disconnected will be called when the MNCC socket is down
and lead to all calls being released. It directly released the call but
did not stop the MNCC CMD timer. Go through the call release callback.

==3618==    at 0x804A18A: app_mncc_disconnected (app.c:49)
==3618==    by 0x804B52D: close_connection (mncc.c:255)

This lead to the timer not being removed:

==3593== Invalid read of size 4
==3593==    at 0x4305D42: rb_first (rbtree.c:294)
==3593==    by 0x42FCB37: osmo_timers_update (timer.c:220)
==3593==    by 0x804D1D5: evpoll (evpoll.c:89)
==3593==    by 0x4205053: ??? (in /lib/i386-linux-gnu/libglib-2.0.so.0.4200.1)
==3593==    by 0x4205478: g_main_loop_run (in /lib/i386-linux-gnu/libglib-2.0.so.0.4200.1)
==3593==    by 0x8049AA6: main (main.c:171)
==3593==  Address 0x47f3380 is 232 bytes inside a block of size 272 free'd
==3593==    at 0x402A3A8: free (vg_replace_malloc.c:473)
==3593==    by 0x42E7FD1: ??? (in /usr/lib/i386-linux-gnu/libtalloc.so.2.1.5)
==3593==    by 0x804A3C4: call_leg_release (call.c:83)
==3593==    by 0x804A188: app_mncc_disconnected (app.c:48)
==3593==    by 0x804B52D: close_connection (mncc.c:255)
==3593==    by 0x804BCFA: mncc_rtp_send.constprop.13 (mncc.c:145)
==3593==    by 0x804CC86: check_setup (mncc.c:435)
==3593==    by 0x804CC86: mncc_data (mncc.c:795)
==3593==    by 0x42FCF94: osmo_fd_disp_fds (select.c:167)
==3593==    by 0x804D1F2: evpoll (evpoll.c:92)
==3593==    by 0x4205053: ??? (in /lib/i386-linux-gnu/libglib-2.0.so.0.4200.1)
==3593==    by 0x4205478: g_main_loop_run (in /lib/i386-linux-gnu/libglib-2.0.so.0.4200.1)
==3593==    by 0x8049AA6: main (main.c:171)

Change-Id: I2e8e14b3983f84c9be046bbd96bbcd1e5766993e
2017-03-06 21:10:07 +00:00
Holger Hans Peter Freyther 7166d0f448 contrib: Add Dockerfile to build and configure a FreeSWITCH
Rhizomatica is using FreeSWITCH and we should have an easy way to
test against it. A docker container with exposed ports seems like
the easiest. FreeSWITCH by default is giving us some exmaple numbers:

	* 5000 a menu... that allows DTMF
	* 9195 an echo test
	* 9198 tetris.

The config is copied on top of the default/big config that is
installed. If this PBX should be reached from the outside one needs
to change 127.0.0.1 to the external address and maybe configure the
acl as well to add more CIDRs.

Besides that
	make container
	make run

Will build it and start the container. Takes a bit of time and requires
docker. With it configure one can see things like:

2017-03-05 15:32:49.913912 [INFO] switch_channel.c:515 RECV DTMF 3:2000
2017-03-05 15:32:50.952752 [INFO] switch_channel.c:515 RECV DTMF 2:2000

Now to test DTMF in the system.

Change-Id: I7f3aa8c81b9e8698df090a05d2e41a41b67d8e3c
2017-03-05 17:01:21 +01:00
Holger Hans Peter Freyther 42b073a233 evpoll: Don't try to be more smart than g_poll
gpoll.c:g_poll maps G_IO_PRI (which is POLLPRI) to the errorfds of
the select call. Let's do the same.

Change-Id: I8c9163f7495e0b237bde2d48beffea3b0776a1dd
Related: OS#1934
2017-02-11 13:06:32 +07:00
Holger Hans Peter Freyther e19f9ce39f evpoll: Always initialize revents for the output
Even if we have not selected the fd (e.g. fd < 0), initialize revents
to 0. This seems to match gpoll.c:g_poll of glib.

Change-Id: I9e16a6d5a74a204c85808ba67a8f0f7af3045059
2017-02-11 13:01:12 +07:00
Holger Hans Peter Freyther 70926c8bb5 evpoll: Use {} in the middle of the if/else if/else block
Curly braces are used the lines above and below, don't make the middle
stick out like this.

Change-Id: I48a15a8665a47db206f8a7ccbc792f6bec8549c2
2017-02-11 13:00:19 +07:00
Holger Hans Peter Freyther 14488c1c46 sip: Treat SIP 183 as progress too
It doesn't fix early media yet but brings us one step
closer to it:

   The 183 (Session Progress) response is used to convey information
   about the progress of the call that is not otherwise classified.  The
   Reason-Phrase, header fields, or message body MAY be used to convey
   more details about the call progress.

Change-Id: Ibf264f251e41c06a7b4839acc0d0853e6400291c
2017-02-11 04:53:16 +01:00
Neels Hofmeyr fffc742777 jenkins.sh: use osmo-build-dep.sh, log test failures
Like in libosmo-abis' and other jenkins.sh

Change-Id: I1b03786069cc4373dec73711e3a31ec05dfac2e3
2016-10-07 01:54:33 +02:00
Neels Hofmeyr ff8ca58821 configure: check for pkg-config presence
Change-Id: Iaca22089bcb21b56048fa541f588c4ad4bed8f6d
2016-10-01 01:07:11 +02:00
Neels Hofmeyr ecacdc65c3 build: be robust against install-sh files above the root dir
Explicitly set AC_CONFIG_AUX_DIR.

To reproduce the error avoided by this patch:

  rm install-sh        # in case it was already generated.
  touch ../install-sh  # yes, outside this source tree
  autoreconf -fi

This will produce an error like

  ...
  configure.ac:16: error: required file '../ltmain.sh' not found
  configure.ac:5: installing '../missing'
  src/Makefile.am: installing '../depcomp'
  autoreconf: automake failed with exit status: 1

See also automake (vim `which automake`) and look for 'sub locate_aux_dir'.

Change-Id: I9c96c087bffb41533ef6fb9b1d00bd903d71693e
2016-10-01 01:07:11 +02:00
Neels Hofmeyr c403ed69cd log VTY telnet bind only once
After libosmocore 55dc2edc89c1a85187ef8aafc09f7d922383231f which outputs
'telnet at <ip> <port>' from telnet_init_dynif(), there's no need to log the
telnet VTY bind here anymore.

Change-Id: I7db7f7a2e61ba676c2712bcc149a5fd5a69b80b2
2016-09-26 22:56:27 +02:00
Holger Hans Peter Freyther 550264987f sip: Start the application even if sofia-sip is broken
In case of solely managing the application through the VTY we
want/need to have the application running besides a wrong config
has been entered. SIP will be broken but a user will be able to
see the log message and can fix it.
2016-05-07 11:52:24 +02:00
Holger Hans Peter Freyther e4bd8d42e9 jenkins: Make it find the libosmocore library as well 2016-04-25 08:41:19 +02:00
Holger Hans Peter Freyther 5be5044895 jenkins: Use separate check invocation tor un the tests 2016-04-24 22:35:13 +02:00
Holger Hans Peter Freyther 5f4c6f3a04 jenkins: Try to enable the vty tests as well 2016-04-24 22:32:49 +02:00
Holger Hans Peter Freyther e932949ac0 distcheck: Package the logging.h file as well 2016-04-24 22:30:26 +02:00
Holger Hans Peter Freyther f896df6b8e distcheck/tests: Add the referenced osmoappdesc.py for testing
distcheck fails because the file is not present. Write it out to
get our standard vty checking to work. Add simple Makefile and
call it.
2016-04-24 22:28:35 +02:00
Holger Hans Peter Freyther 9a333be20b jenkins: Add first CI script for the SIP connector 2016-04-24 21:58:07 +02:00
Holger Hans Peter Freyther d1c11b1e97 vty: Add VTY command about the state of the mncc connection
Add VTY command with the state of the MNCC connection. It gives
a simple state and is connected in case of the READY state.
2016-04-04 20:17:29 +02:00
Holger Hans Peter Freyther 02b19354e4 mncc: Use strcpy for these routines and not memcpy
We need to stop on the first occurence of a \0 in the address
provided by SIP. Do not copy the full amount of bytes.
2016-04-04 20:16:27 +02:00
Holger Hans Peter Freyther 79538fc220 vty: Add extended show calls command with all information
Print everything we know about the call. This can be useful to debug
stuck calls or similiar events.
2016-04-04 20:09:02 +02:00
Holger Hans Peter Freyther 211ad859de sip/call/mncc: Move source/dest into the call structure
In preparation of a better show calls VTY command it is of interest
to know which number has been dialed by whom. For that store the
source/dest in there.

MNCC: Change the talloc root context to the call and don't try to
free the strings after calling the routing code

SIP: Use talloc_strdup to duplicate them.

Call: Add null check because the talloc_strdup of the SIP layer
could have failed.
2016-04-04 19:52:41 +02:00
Holger Hans Peter Freyther 32162fe7c8 vty: Fix the number of documented arguments 2016-04-04 18:31:34 +02:00
Holger Hans Peter Freyther c39c3df251 vty: Add simple VTY output for current calls
Start with a show call summary that lists simple data about the
current set of calls:

Call(5002) initial(type=SIP,state=CONFIRMED) remote(type=MNCC,state=INITIAL)
Call(5001) initial(type=MNCC,state=PROCEEDING) remote(type=SIP,state=CONFIRMED)

Related: OS#1680
2016-04-04 17:09:30 +02:00
Holger Hans Peter Freyther b2b13f69ae mncc: Use snprintf correctly create format specifier
I was focusing so much on the length that I didn't notice the
wrong usage of snprintf. Correct it.

Warning on Ubuntu:
mncc.c:679:3: warning: format not a string literal and no format arguments [-Wformat-security]
   snprintf(mncc.imsi, 15, called);
2016-04-04 16:26:50 +02:00
Holger Hans Peter Freyther 270c73c11f mncc: Reject hold requests for now
MNCC hold to sip has not been implemented, so let me reject the
request right now. A ticket (OS#1686) has been filed to track
implementing call holding.
2016-04-04 12:38:10 +02:00
Holger Hans Peter Freyther 6d7d7f2cd3 mncc: Have all release go through a local method
Have all release go through a local method first. This way we can
make sure to stop the timer. I have seen something odd (a busy loop
in the RB tree of the timer code) and we can easily avoid having a
timer run on a page of memory that has been "freed".
2016-04-04 12:38:01 +02:00
Holger Hans Peter Freyther c313ab0f6b mncc: Only copy 15 chars to leave the last one as NULL
Right now we are lucky the next byte after imsi is already set
to NUL here but we should not rely on that.
2016-04-01 15:42:41 +02:00
Holger Hans Peter Freyther 3d2787646b app/mncc: Add "use-imsi" to allow calling by IMSI
In case one is using a PBX it might be the easiest just to
call based on IMSI. Add a VTY option to enable/disable this
feature. It can be used to keep the number assignment outside
of the HLR database.
2016-04-01 15:35:29 +02:00
Holger Hans Peter Freyther 0e9434184e debian: Add dh-autoreconf required by the debian packaging 2016-03-31 20:04:54 +02:00
Holger Hans Peter Freyther bec32eb207 coverity: Address two issues found by coverity
Add NULL check in the case of MNCC disconnect that was missing and
add an assert to show that at this point the other leg must exist.

Fixes: CID#80799, CID#80800, 80801
2016-03-31 19:36:27 +02:00
Holger Hans Peter Freyther adc7484a0c debian: Initial packaging of the osmo-sip-connector
It installs a service file but requires a user to create a config
file. We will not provide a sysv start script.
2016-03-31 19:12:56 +02:00
Holger Hans Peter Freyther 2a7cfb5c93 sip/sdp: Hack to get a GSM codec call connected
Extract IP and port once we have received the INVITE. In the near
future we need to improve this!
2016-03-31 16:28:21 +02:00
Holger Hans Peter Freyther c2474dc0be mncc: Add handling to connect a MNCC MT call
This will go through the stage of:

* MNCC_CALL_CONF_IND (to which we create a RTP socket)
* then we might receive a MNCC_ALERT_IND
* and finally the MNCC_SETUP_CNF

For the last two we inform the other leg about the progress.
2016-03-31 16:06:04 +02:00
Holger Hans Peter Freyther 8763cf8850 sip: Pass to not enable media on our 200 response
In case we send a 200 but don't have this tag, a 500 response will
be sent and the call will be dropped.
2016-03-31 16:04:47 +02:00
Holger Hans Peter Freyther 275571ff20 mncc: Introduce direction and start to handle it separetely
For releasing a MT-Call we will need to send a release request
and then wait for the release confirmation. Add if/else to it.
If this turns out to be too ugly we will be able to create one
MO and one MT leg.
2016-03-31 14:17:58 +02:00
Holger Hans Peter Freyther 4bfaf60ed2 mncc: Convert ip address so BTS sends it to the right place 2016-03-31 14:17:33 +02:00
Holger Hans Peter Freyther b8e802851d mncc: Handle REJ_IND from the NITB
In case a call can not be connected we will receive a REJ.IND.
Inform the other leg and release the call.
2016-03-27 17:05:48 +02:00
Holger Hans Peter Freyther a4970327f2 mncc: Stop timer when starting the release process 2016-03-27 17:05:48 +02:00
Holger Hans Peter Freyther 00a43e20ab mncc: On timeout release the other leg as well
In case we don't receive the response we had expected let us
take down the other part of the call as well.
2016-03-27 17:05:48 +02:00
Holger Hans Peter Freyther 916348b7dc mncc: Begin to implement MT call handling for SIP->MNCC
Initiate the setup request that should result in the call getting
all the way to the connected state at some point in time. The device
I test with sadly rejects the call too soon.
2016-03-27 17:02:39 +02:00
Holger Hans Peter Freyther 80880d45b7 sip: Refactor sdp file creation and implement alert+connect
The codec negotiation is still a huge todo and the initial version
will be far from perfect. We will use whatever MNCC has decided on
and then see if it is compatible in the end.
2016-03-26 22:11:06 +01:00
Holger Hans Peter Freyther dac13bed50 sip/app: Route call from SIP to MNCC and deal with the release
Fix releasing of the leg in case it is not routable and make the
differentation if we initiated the invite (send CANCEL) or send
a final error. The error code was randomly picked and once we have
an enum of causes we can decide where to map it to.
2016-03-26 21:09:07 +01:00
Holger Hans Peter Freyther 7a30c94030 sip: Continue SIP->MNCC (MO or SIP Originated) implementation
Copy out to/from numbers, copy the sdp file, set the magic for the
nh handle. With the incoming cancel the leg and the entire call will
be terminated.
2016-03-26 20:55:02 +01:00
Holger Hans Peter Freyther 5f29be5acf sip: Actually return after having rejected the new call 2016-03-26 20:30:14 +01:00
Holger Hans Peter Freyther 392313ff73 sdp: Extract SDP traversing into a separate module
The code will still know about SIP and the sip_call_leg but is
now separate of the call handling logic.
2016-03-26 20:02:06 +01:00
Holger Hans Peter Freyther b723cceee9 call: Create a call with a SIP leg
Clone the MNCC code and create a call with a SIP leg.
2016-03-26 19:51:33 +01:00
Holger Hans Peter Freyther 586abf9f0f sip: Handle incoming message and screen the SDP file
Check if the SDP file has any codec potentially supported by GSM.
The topic of codec selection is a complicated one and we will not
support it correctly in the beginning.
2016-03-26 19:44:03 +01:00
Holger Hans Peter Freyther 6f039c158d sip: Mark call as MT call in preparation for incoming calls 2016-03-26 19:03:04 +01:00
Holger Hans Peter Freyther b927a0bbde call: It is call_create and not sip_create
It is not creating anything related to sip at all. Remove the
prefix in preparation to creating a call from a sip_call_leg.
2016-03-26 18:52:22 +01:00