Hence 4248 becomes the well-known port for osmo-bsc's Neighbor
Resolution Service.
Related: SYS#4909
Change-Id: Ic77a8cff022c2f939a684ebd1f9f62a82e0de510
The libosmocore TLV parser had a number of insufficient bounds checks
leading to reads beyond the end of the respective input buffer.
This patch
* adds proper out-of-bounds checks to all TLV types
* simplifies some of the existing checks
* introduces test cases to test all the corner cases
where either TAG, or length, or value are not fully contained
in the input buffer.
Thanks to Ilja Van Sprundel for reporting these problems.
Change-Id: I98b02c914c9e3ecf56050af846292aa6979d7508
This structure is needed in order to identify a given cell within the
BSS during RIM transactions.
The naming was made up by myself since I couldn't find any naming
reference for this kind of data (RAI + CI).
Since LAI + CI = CGI, then RAI + CI = CGI-PS
osmo_rai_name2 family of functions get a "2" suffix due to already
existing functions handling struct struct gprs_ra_id in gsm48.h
Change-Id: If48f412c32e8e5a3e604a78d12b74787a4786374
Both LAC and TAC take 2 octets and follow MCC/MNC fields on the wire.
We abuse gsm48_encode_ra() for encoding of MCC/MNC, but it can also
be abused to encode TAC in bssgp_create_rim_ri(). There is no need
to encode '0000'O and then override it with osmo_store16be().
Change-Id: I986552aa52cf38b1c5290d2e5cd3ff2d1c36a4e5
This reverts commit 2253224b33.
Reason for revert: Causes massive build failure for osmo-pcu and osmo-sgsn on all the distributions/architectures we build for
Change-Id: I6dbe4507701bee013b29dcc26f32c4e1a3c23613
Closes: OS#4936
This is no event from an incoming message so rx is NULL, and we can't send a
status PDU. Also blocking the signalling BVC is not allowed (unblocking it is already
forbidden).
Change-Id: I3e384b71d57e939efc1596ac1d92380ed5eb916d
Fixes: CID#215716
The dependency on mnl breaks builds of osmo-pcu et al if mnl is used for
libosmogb, but not linked in for lib users
Change-Id: Ib4df95d5c922f8edfa33e68645652fd30d321ff8
3GPP TS 48.018, section 11.3.65 describes an IE to transfer some control
flags via a RIM container. The IE is essentially just a bitfield, so it
can be parsed by overlaying it with a C-struct. Lets add an appropiate
struct to protocol/gsm_08_18.h
Change-Id: I781ab838bd02ac1b13d384ce3f4259e26cedb61e
Related: SYS#5103
Prior to this patch, it was not possible to gather SET/GET reply
information when implementing a CTRL client using libosmocontrol. This
is specially important when using the GET command, since one wants to
receive the queried value.
CTRL traps can also be handled this way by extending this patch in the
future if needed.
Change-Id: Id3c4631cd32c13e78e11b6e8194b8c16307ec4f1
This adds an inter-thread queue "it_q" to libosmocore. With it_q,
one can perform thread-safe enqueing of messages to another thread,
who will receive the related messages triggered via an eventfd
handled in the usual libosmocore select loop abstraction.
Change-Id: Ie7d0c5fec715a2a577fae014b0b8a0e9c38418ef
Writing a configuration that will be rejected by the VTY parser
is not the best solution, but still better than printing values
from previous iterations or the stack garbage. In any case,
this is unlikely to happen, just making Coverity happy.
Change-Id: I26644fe544c82c90767ec1a9709918474bd1be53
Fixes: CID#215852
In 'struct gsmtap_hdr' field 'snr_db' is defined as a signed integer,
however all functions that fill this structure accept an unsigned
integer. This is wrong, because SNR can be negative.
Let's use 'int8_t' instead of 'uint8_t'. Changing from unsigned
to signed should be relatively safe compared to the opposite.
Most of the callers I am aware of always do pass 0 anyway.
Change-Id: I9f432be5c346d563bf518111c14ff04d4a63f592
Related: SYS#5073
Some averaging methods may have additional parameters, so let's
make it easier to access them for the API user.
Change-Id: I2f4ed56837dd479dbbd10c0a7df0ed7565d3946a
Related: SYS#4918
We used to suppress/drop any "zero length" messages, but we didn't
include the header when computing the length. However, in CBSP there
are messages (at least KEEP-ALIVE-COMPLETE) which only consist of the
header without any information elements. We cannot simply drop such
messages.
This also fixes the return value of osmo_cbsp_recv_buffered() to be
the total number of received octets (including the header).
Change-Id: Ib620128a167cb77f061ee57e8f8ad707b96b1c0d
This is a fixed-length Tag-Value IE. Our decoder already parsed
it correctly, but the encoder encoded it as TLV, which is wrong.
Change-Id: I7e1d7eab8b8e51acd9a24c38e2d3d30bbf00847a
A dummy client to do integration tests of the ns2 layer.
It drop all unit data. But allows vty tests.
Change-Id: I127c178426bc1a3da8de251740eda93853030d6d
This function is called automatically on the main thread, but needs to
ba called explicitly in order to run the select loop on another thread.
Make it available for applications through talloc.h
Change-Id: Ie710ca9ad01d3fadb9f4ff344a55d6c01004727b
When a dahdi device hasn't been set up yet, ioctl IF_GET_PROTO fails
with invalid argument.
Also fix the device check to skip ioctl's if the device is also in the
correct state.
Change-Id: I398d056546e35465a2944e1b4a86a8c93b3e5f7a
For frame relay the traffic will be even distributed across
all NS-VCs. Do not differentiate between signalling and
data traffic.
Change-Id: I6c060941db335a7a6a555ac8d1b9269fa8fb2023
This reverts commit c9eab828ea.
The initial code was correct, which has also been used in osmo-bsc until
recently, where it moved to use this function from libosmocore and
errors started to show up in TTCN3 tests.
See 3GPP TS 44.018 Section 10.5.2.34 / Table 10.5.2.34.1: "SI 3 Rest
Octets information element":
"""
<SI3 Rest Octet> ::=
...
<3G Early Classmark Sending Restriction>
...
<3G Early Classmark Sending Restriction>::= L | H;
"""
Change-Id: I0ee48d3240c62c4d2e15063b26da7a2a617f383e
Related: OS#3075
Related: SYS#4021
The IP-SNS need to do a reselection of the IP-SNS remote
for testing. Freeing all nsvc will force this.
Change-Id: I367c215a830c02eae2a470cba314828b5e0fb5c9
IP-SNS NSVC are unconfigured and not started when the IP-SNS is doing the SNS configuration.
If those NSVC would be started it would result in unsolicitated NS-Alive PDUs.
Change-Id: Ifec7288dbe71f10109e8b5c3849bf8f23ac7b557
We must always send the RELEASE.{indication,confirm} last before
returning from a function. We cannot rely on the datalink to
still be around after the call, as the SAP user might have destroyed
the data link meanwhile.
This fixes a heap use-after-free (at least) with RBS2000 when the BTS
is fully brought up and the OML data link is lost, see OS#1762
Change-Id: I8ccca8d5e5d07b666557afe12ab8ac4910ddfb00
Related: OS#1761
Related: OS#1762
Fixes following ASan runtime errors while running vty tests:
command.c:730:27: runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
Somehow we didn't catch this one in Ie11ff18d6fd9f6e1e91a51b6156fb6b0b7d3a9a8
Change-Id: I601caf7daa947f3cf391316f1011007ef9188c90
This is a helper function to broadcast an event to all of the
siblings of a specified FSM instance.
Change-Id: I2ce398741a8672d7b7c4058d056f46e2fe7353c1
A hdlc can be used in different modes. Also a FR device can be used
with lmi and certain settings as without it.
ns2 will use FR with no lmi in the kernel.
Related: SYS#5169
Change-Id: I04786d2b864860b08c2e1afdb199470f4b80cc3b
Daniel Willmann
Pau Espin
Harald Welte
Vadim Yanitskiy
Eric Wild
Philipp Maier
Pau Espin Pedrol