This is essentially http://patchwork.diac24.net/patch/271/ forward
ported to libosmovty
Original-by: Paul Jakma <paul@quagga.net>
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
The second loop in osmo_revbytebits_buf() in src/bits.c grabs
4 bytes each iteration, which can easily go past the supplied
input in some cases.
Compiled with -fstack-protector , I get a "stack smashing detected"
in the bits test.
From: Nils O. Selåsdal <noselasd@fiane.dyndns.org>
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
This was found while implementing handover on a sysmobts. When we
receive a channel release request for a channel that was never really
activated (set_lapdm_context() was not called) we segfault in
lapd_recv_dlsap().
We now return early with -EINVAL in rslms_rx_rll() if we receive a
message that assumes set_lapdm_context() was already called.
These are:
* RSL_MT_UNIT_DATA_REQ
* RSL_MT_DATA_REQ
* RSL_MT_SUSP_REQ
* RSL_MT_REL_REQ
A test case was added to trigger the issue.
GCC 4.7.2 was already smart enough to see that the table is const
so there is no change in the generated assembly code. For some reason
the dispatch is still going through one relocation.
When OpenBSC is handling more than one message at a time it is difficult
to see which log message belongs to which SMR instance. Introduce a
uint64_t id that can be set to the row_id/message_id and prefix all
log messages with SMR(ID).
This change is ABI and API incompatible with previous versions of
libosmogsm.
When OpenBSC is handling more than one message at a time it is difficult
to see which log message belongs to which SMC. Introduce a uint64_t id
that can be set to the row_id/message_id and prefix all log messages
with SMC(ID).
This change is ABI and API incompatible with previous versions of
libosmogsm.
Example:
SMC(100) instance created
SMC(100) message MNSMS-EST-REQ received in state IDLE
When the connection may not released print the name of the current
state to ease with debugging and verification that this is not a
valid state transition.
Use FreeBSD struct iphdr definition for OSX also. From the commentary in
the source file:
On BSD the IPv4 struct is called struct ip and instead of iXX
the members are called ip_XX. One could change this code to use
struct ip but that would require to define _BSD_SOURCE and that
might have other complications. Instead make sure struct iphdr
is present on FreeBSD.
Prior to this fix, a persistent file or syslog log configuration
didn't work across an application re-start, as the
"logging filter all 1" was never saved and thus no messages were
logged.
Introduce a print_filename attribute for each logtarget. Initialize it
with 1 to be backward compatible with earlier versions. The bit is taken
from an existint bitfield. There were at least six bits left of the byte.
Include ctype.h to have a declaration of tolower.
utils.c: In function 'vty_cmd_string_from_valstr':
utils.c:95:6: warning: implicit declaration of function 'tolower' [-Wimplicit-function-declaration]
The comment explains why we don't care about the content of z,
stop storing it.
gsm_utils.c: In function 'gsm_7bit_encode':
gsm_utils.c:253:13: warning: variable 'z' set but not used [-Wunused-but-set-variable]
Applications should keep the log area in a static const area. Mark
the pointer as const to address compiler warnings in OpenBSC, cast
the const away for the osmo_log_info as it is not declared as const.
* add more comments on units of struct members
* make sure to parsre FC-BVC message correctly
* add error message in case user passes PDU larger than bucket size
* add new function to initialize flow control struct
This code is supposed to implement the BSSGP flow control algorithm,
both for the per-BSS and for the per-MS flow control.
The code currently has no test cases, they will come in a separate
commit.
This was fixed in 9c3dc90d16a40789081c84e46620f4d66689fec1 of
openbsc.git, after the sms code had been migrated here:
introduce HAVE_TM_GMTOFF_IN_TM
Not all architectures have the tm.tm_gmtoff member. This fixes cygwin builds.
The OpenSUSE build is not happy about the uint8_t to uint8_t*
assignment. As the suspend_ref is a mandatory field we can make
it a plain uint8_t. Increase the LIBVERSION as the ABI has changed.
When building the doxygen documentation do not remove the other
VTY documentation files in the doc/vty folder. Create a command
that can be installed to dump all nodes and commands as XML on
the given VTY. Create a schema for the XML file and a XSL-T script
that can merge the generated file with additional information.
This is a 24bit integer value, and thus we need to encode the three
least significant octets of the network-byte-order 32bit value, not the
three most significant octets.
Holger wrote that function and I made the logging version of it. The
header was copied during the separation of backtrace.c from gsm_utils.c
in the past, and of course gsm_utils.c had more people involved...
I recently discovered that we can only print backtraces to stdout, which
is of course useless in a daemon environment. We'd rather want to use
the libosmocore logging framework instead.
This new TLV type is specific to TS 44.318. Contrary to the TvLV type
of TS 08.16/08.18, it has an inverted meaning of the extension (0x80)
bit:
* if the extension bit is not set, 1-byte length
* if the extension bit is set, 2-byte length
Futhermore, it has support for variable-length tags, where the tag part
can be optionally two bytes in length. As this esoteric option hasn't
been seen in the wild yet, we only add encoding support but skip
decoding for now.
Make sure the declaration and definition match, add const to
the functions called by logp/logp2.
Compile output:
logging.c:317: error: conflicting types for 'logp'
../include/osmocom/core/logging.h:34: note: previous declaration of 'logp' was here
logging.c:327: error: conflicting types for 'logp2'
../include/osmocom/core/logging.h:168: note: previous declaration of 'logp2' was here
make[3]: *** [logging.lo] Error 1
This actually allows for the user to override the decision and at the
same time supports compilers that might not be able to use -fPIC at
all.
Signed-off-by: Diego Elio Pettenò <flameeyes@flameeyes.eu>
no_password_check was the only initialized, non-relocated data in the
set of libraries, inverting its logic let us keep it in .bss
(non-initialized data, which is mapped to the zero page).
Signed-off-by: Diego Elio Pettenò <flameeyes@flameeyes.eu>
When declaring them constant, they are written on the .rodata section
instead of .data, which means that they can be mapped directly from
disk to memory.
Signed-off-by: Diego Elio Pettenò <flameeyes@flameeyes.eu>
The old method used raw writes to the telnet FD, which is bad for
several reasons:
a) we don't know if we can actually write that many bytes to the
socket at the given time
b) the socket is still in blocking mode, so we could stall the entire
process
c) there may be weird interaction with the buffered writes of the
vty_out
Now, the print_welcome() functionality has moved to vty_hello() instead,
where we can use normal vty_out() in buffered mode.
This commit is expected to fix the garbled welcome message on arm-eglibc
targets.
It might still be a good idea to migrate the entire telnet interface to
libtelnet - but at some later time ;)
There is now a "libosmogsm.map" file containing an explicit list of
to-be-exported symbols. This should prevent us from leaking non-static
symbols into the global namespace.
A similar scheme should be adopted by all other osmocom libraries
No idea where I copied the original from but here we use the
other notation. (matches wikipedia and sources)
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
Rather than manually hard-coding numbers and using byte-arrays, we use
the msgb_*_{push,put}() function family of libosmocore/libosmogsm.
This is currently untested.
This code should not play with the internals of the msgb like this,
this code got introduced in af48bed556 and is breaking the
osmo-bts usecase of forwarding an RSL message.
Add a test case that fails without the new code. I would prefer if
we could get rid of the manipulating the msgb like this, it is prone
to errors like this one.
DATA REQ with a msgb_l3len(msg) == 0 message does not make any
sense, log an error and return immediately before attempting to
send an empty I frame in lapd_send_i.
If a sequence error is received, the N(R) variable must still be used to
acknowledge previously transmitted frames.
If there are two subsequent sequence errors received, ignore it. (Ignore
every second subsequent error.) This happens if our reply with the REJ is
too slow, so the remote gets a T200 timeout and sends another frame with
a sequence error. Test showed that replying with two subsequent REJ
messages could the remote L2 process to abort. Replying too slow shouldn't
happen, but may happen over serial link between BB and LAPD.
Written-by: Andreas.Eversberg <jolly@eversberg.eu>
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
Note that this breaks the ABI and the low level API. But it shouldn't
break the high level API, nor the conv code definitions (because fields
default to 0, and for new fields '0' is the previous behavior)
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
This should have been done with 1dd7c84733
but somehow was missed and only applied to the 'finish' method and
not the 'scan' method.
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
As it turns out, the previous fix didn't cover the case of a
timer X being re-scheduled inside a timer call back expiring at
the same time as the previous X instance.
Written-by: Pablo Neira Ayuso <pablo@gnumonks.org>
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
The SMR process is used to transfer SMS TPDUs. It is now extracted from
OpenBSC. It includes a real state machine now for easier debugging.
Also it implements the TR1M and TR2M timers. The memory notification
procedure is missing, but not required for network side.
Written-by: Andreas Eversberg <jolly@eversberg.eu>
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
The SMC process is used to transfer RP frames. It is now extracted from
OpenBSC. It includes a real state machine now for easier debugging.
Written-by: Andreas Eversberg <jolly@eversberg.eu>
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
This is part of a set of commit to fix LAPDm to handle datalink
connection on ACCH (SAPI 3)
This is required to transfer SMS on SACCH of TCH/f or SDCCH/8 (4).
Written-by: Andreas Eversberg <jolly@eversberg.eu>
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
Timing advance and power level indicated by MS (measurement reports)
and BTS (SI 5/6) are now stored for use at ACCH data link connection.
This is part of a set of commit to fix LAPDm to handle datalink
connection on ACCH (SAPI 3)
This is required to transfer SMS on SACCH of TCH/f or SDCCH/8 (4).
Written-by: Andreas Eversberg <jolly@eversberg.eu>
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
This is part of a set of commit to fix LAPDm to handle datalink
connection on ACCH (SAPI 3)
This is required to transfer SMS on SACCH of TCH/f or SDCCH/8 (4).
Written-by: Andreas Eversberg <jolly@eversberg.eu>
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
This is part of a set of commit to fix LAPDm to handle datalink
connection on ACCH (SAPI 3)
This is required to transfer SMS on SACCH of TCH/f or SDCCH/8 (4).
Written-by: Andreas Eversberg <jolly@eversberg.eu>
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
When using ^D at config nodes above the CONFIG_NODE, the
go_parent_cb function is used to go down by one node. This
is equivalent to "exit" command.
Written-by: Andreas.Eversberg <jolly@eversberg.eu>
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
See kernel commit 4b324126e0c6c3a5080ca3ec0981e8766ed6f1ee
----
Furthermore, notice that the initial checks:
if (!node->rb_left)
child = node->rb_right;
else if (!node->rb_right)
child = node->rb_left;
else
{
...
}
guarantee that old->rb_right is set in the final else branch, therefore
we can omit checking that again.
Signed-off-by: Wolfram Strepp <wstrepp@gmx.de>
Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
----
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
See kernel commit 4c60117811171d867d4f27f17ea07d7419d45dae
----
There are two cases when a node, having 2 childs, is erased:
'normal case': the successor is not the right-hand-child of the node to be erased
'special case': the successor is the right-hand child of the node to be erased
Here some ascii-art, with following symbols (referring to the code):
O: node to be deleted
N: the successor of O
P: parent of N
C: child of N
L: some other node
normal case:
O N
/ \ / \
/ \ / \
L \ L \
/ \ P ----> / \ P
/ \ / \
/ /
N C
\ / \
\
C
/ \
special case:
O|P N
/ \ / \
/ \ / \
L \ L \
/ \ N ----> / C
\ / \
\
C
/ \
Notice that for the special case we don't have to reconnect C to N.
Signed-off-by: Wolfram Strepp <wstrepp@gmx.de>
Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
----
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
See kernel commit 16c047add3ceaf0ab882e3e094d1ec904d02312d
----
First, move some code around in order to make the next change more
obvious.
[akpm@linux-foundation.org: coding-style fixes]
Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Signed-off-by: Wolfram Strepp <wstrepp@gmx.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
----
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
See kernel commit 55a63998b8967615a15e2211ba0ff3a84a565824
----
Tfour 4 redundant if-conditions in function __rb_erase_color() in
lib/rbtree.c are removed.
In pseudo-source-code, the structure of the code is as follows:
if ((!A || B) && (!C || D)) {
.
.
.
} else {
if (!C || D) {//if this is true, it implies: (A == true) && (B == false)
if (A) {//hence this always evaluates to 'true'...
.
}
.
//at this point, C always becomes true, because of:
__rb_rotate_right/left();
//and:
other = parent->rb_right/left;
}
.
.
if (C) {//...and this too !
.
}
}
Signed-off-by: Wolfram Strepp <wstrepp@gmx.de>
Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Andrea Arcangeli <andrea@qumranet.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
----
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
See kernel commit f4b477c47332367d35686bd2b808c2156b96d7c7
----
The 'rb_first()', 'rb_last()', 'rb_next()' and 'rb_prev()' calls
take a pointer to an RB node or RB root. They do not change the
pointed objects, so add a 'const' qualifier in order to make life
of the users of these functions easier.
Indeed, if I have my own constant pointer &const struct my_type *p,
and I call 'rb_next(&p->rb)', I get a GCC warning:
warning: passing argument 1 of ?~@~Xrb_next?~@~Y discards qualifiers from pointer target type
Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
----
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>