a program being developed right now crashed at this point, without
providing any meaningful information on where did it crash.
Change-Id: Ia14f43142e7409f72eb9efd5c9131bea5eed6e82
This patch addes support for GlobalPlatform command. Android is using
STORE DATA commands on a logical channel.
simtrace2-cardem-pcsc is failing otherwise e.g. on an Pixel 4 with Android 12.
Change-Id: Ib734fc852e7b63b9efdc414adccbd796a572eb55
Once the IuUP FSM moved away from Init state, it stopped handling
Initialization messages received from peers and simply ignored them
starting from that point. As a result, if the first IuUP Init ACK it
sent to the peer was lost, the peer would keep retrying with more IuUP
Init and getting no answer.
In any case, it seems possible and desirable that a peer may send an
IuUP Init at a later point, as pointed out vaguely in 3GPP TS 25.415.
sec 6.5.2.1:
"""
Upon reception of a frame indicating that an Initialisation procedure is
active in the peer Iu UP entity, the Iu UP protocol layer forwards the whole
protocol information contained in the INITIALISATION control frame to the
upper layers. It also stores the RAB sub-Flow Combination set (and thus
replaces a possible previous set) in order to control during the transfer of
user data, that the Iu UP payload is correctly formatted (e.g. RFCI matches
the expected Iu UP frame payload total length). The peer Iu UP entity
receiving the INITIALISATION control frame shall choose a version that it
supports among the proposed versions indicated by the sender for which it
has enough initialisation information.
"""
sec B.2.2 "Initialisation State":
"""
After sending a positive acknowledgement of the last INITIALISATION control
frame, the Iu UP instance enters SMpSDU data transfer ready state. Note that
CN does not know if the initialisation ACK was correctly received by the RNC
(and Initialisation procedure successfully completed) until it receives RAB
assignment response, or use data from the RNC. The CN must therefore be able
to continue receiving INITIALISATION control frames by re-entering the
Initialisation state (from Support Mode Data Transfer Ready State), if the CN
has started to send user data before receiving the indication that
Initialisation was successfully completed
"""
sec B.2.3 "Support Mode Data Transfer Ready State":
"""
In case of handover or relocation, Initialisation procedures may have to be
performed and Iu UP instance may have to enter the initialisation state.
"""
Related: SYS#5995
Change-Id: I5cb740702805693cc7f0a550e2e093f9bfdd507c
Those events are not realy used there and they are not even present in
the FSM definition. Let's drop them.
Change-Id: I4beec96ac4bdf047ebf144a8b009b297b47cacdc
The event is expected since the user of the IuUP stack can send a
CONFIGURE.req to transition to state null. The handling was already
there in the function, but the bit was missing in the FSM definition.
Change-Id: I830835a5b8b98f8b91b866f5280f508098c9ae7e
These functions can be re-used for parsing in-band data from DTX
specific frames like SID_FIRST, SID_UPDATE, SID_ONSET, etc.
Change-Id: I0106de7a7f87517006e323299b2dc08457d1c6cf
Related: OS#5570
The new functions accept an additional mode_id poiner, which is
currently set for the following frames: AFS_ONSET, AHS_ONSET,
AHS_SID_FIRST_P2 with N * 16 - M bit pattern.
Also, the new API accepts soft-bits instead of hard-bits.
Converting bits from soft to hard is now performed internally.
Change-Id: Ibcac395f800bb64150c97fcdaca3523ecfc5fcee
Related: OS#5570
The initially merged IuUP API and implementation assumed that RFCI with
ID was always in the position of its ID inside the list of RFCIs. This
was the case for messages sent by ip.access nano3g as well as our own
osmocom implementation. However it was noticed that other nodes from
other vendors actually use other order, as allowed by the IuUP message
format.
Hence, we need to break the assumption and provide explicit ID
information in the list.
NOTICE: This commit breaks API and ABI compatibility with older versions
of libosmogsm, but not with any previous release of libosmocore since
the API is only available in master so far (it was added in
9fe1f9fb0b).
Similary, it's only user (osmo-mgw) only uses the API in master, so
there's no API breakage with older releases.
Related: SYS#5969
Change-Id: Ib21cee2e30bf83dff4e167f79541796007af9845
Parsing of CMI/CMC/CMR from AMR's special DTX frames is currently
not implemented. It's better to keep the old stored value rather
than resetting it to 0 every time we receive such a frame.
Add TODO comments for each DTX frame type.
Change-Id: Ic4edbb8ab873fe0bdd69a8710803628bc4f447d0
Related: OS#5570
As was demonstrated in [1], there is a TCH/AHS specific problem in
libosmocoding causing unexpected BER ~50% in decoded AHS_SID_UPDATE
frames. The reason is that A[H]S_SID_UPDATE employs quite tricky
interleaving algorithm, which is different from the algorithm used
by normal TCH/AHS speech frames or A[F]S_SID_UPDATE frames.
An AHS_SID_UPDATE frame consists of two halves (228 bits each):
+---------+--------------------|---------+--------------------+
| in-band | SID marker | in-band | coded data |
+---------+--------------------|---------+--------------------+
| 16 bits | 212 bits | 16 bits | 212 bits |
The first half contains coded in-band signalling data (16 bits) and
the identification marker (212 bits), which allows to detect that
it's an AHS_SID_UPDATE. This half is carried by even bits of the
first two bursts and odd bits of the last two bursts.
The other half also contains the in-band data (16 bits), while the
remaining 212 bits contain encoded SID_UPDATE (212 bits). This
half is carried by even bits of the last two bursts and odd bits
of the first two bursts.
Current implementation does not use odd bits of the first two
bursts at all, so buffer cB[] in gsm0503_tch_ahs_decode_dtx()
contains only 114 out of 228 bits.
This patch changes the logic, so that gsm0503_tch_ahs_decode_dtx()
would not split AHS_SID_UPDATE onto two frames anymore like its
TCH/AFS equivalent does, but attempt to deinterleave the second
half and attempt to decode the payload immediately.
Change-Id: I8686d895e96fa0e606c1898b6574cc80a8f46983
Related: [1] I434157e2091a306c039123cea08d84bd8533c937
Related: SYS#5853
At the moment msgb_apdu_de(resp) is used to check if the msgb that is
handed over to get_sw is properly populated with data.
However, since msgb_apdu_de() is just adding an offset, which cannot be
0 to ->l2h the returned value also can never be NULL. This means that we
cannot use msgb_apdu_de() to detect if resp contains a nullpointer.
Lets check if ->l2h is not NULL instead. This will make sure that ->l2h
is populated.
Change-Id: I32bc56c9264c01911a4f4b4f911b09e955205010
Related: OS#5560
Both gsm0503_tch_a[fh]s_decode_dtx() functions accept an optional
'dtx' pointer, which is used to indicate type of a received AMR
block to the caller in DTX mode of operation. If not NULL, it's
expected to be updated by gsm0503_detect_a[fh]s_dtx_frame() every
time one of the mentioned functions is called.
However, in case of FACCH both functions return early, so the value
of dtx remains unchanged and thus FACCH frames may be misinterpreted
as AMR's special DTX frames. This is rather critical during the DTX
silence periods, when all special DTX frames (e.g. SID_UPDATE) are
being treated as SUB frames. Each unsuccessful FACCH decoding
attempt will 'poison' SUB measurements, causing unexpected RxQual-
SUB values in the Uplink measurement reports.
Fix this by resetting *dtx to AMR_OTHER in the FACCH specific path.
Change-Id: I2e6f4b748c6445725211e264ab5f3f5a2712087a
Related: SYS#5853
There are two similar values in enum gsm0503_amr_dtx_frames:
* AFS_SID_UPDATE - precursor of SID UPDATE,
* AFS_SID_UPDATE_CN - the actual SID UPDATE.
The former is internally used by libosmocoding to mark the current
frame as a precursor of the actual SID UPDATE frame - the later.
+---+---+---+---+---+---+---+---+
| _ | _ | _ | _ | a | b | c | d | AFS_SID_UPDATE
+---+---+---+---+---+---+---+---+
| a | b | c | d | _ | _ | _ | _ | AFS_SID_UPDATE_CN
+---+---+---+---+---+---+---+---+
This is required because function gsm0503_tch_afs_decode_dtx() is
invoked by TDMA scheduler on every 4th received burst, while the
burst buffer is 8 bursts wide.
Currently, whenever gsm0503_detect_afs_dtx_frame() detects an
AFS_SID_UPDATE frame, we still attempt to decode it as a speech
or data below in gsm0503_tch_afs_decode_dtx(). This is indeed
a bug, which results in unexpected BER values:
* expected BER 0/212,
* actual BER 252/448.
We should return immediately once we have detected an AFS_SID_UPDATE.
This patch fixes unexpected BER-SUB values during DTXu silence periods.
Change-Id: I813081a4c0865958eee2496fe251ae17235ac842
Related: SYS#5853
"""
/libosmocore/src/coding/gsm0503_coding.c: In function 'osmo_conv_decode_ber_punctured':
/libosmocore/src/coding/gsm0503_coding.c:563:31: error: 'coded_len' may be used uninitialized [-Werror=maybe-uninitialized]
563 | *n_bits_total = coded_len;
| ~~~~~~~~~~~~~~^~~~~~~~~~~
/libosmocore/src/coding/gsm0503_coding.c:541:21: note: 'coded_len' was declared here
541 | int res, i, coded_len;
| ^~~~~~~~~
"""
This error is really a false positive. However, it is true that the code
used to be a bit more complex than required, since the 2 later conditions
could be inside the first one.
Let's simply do early termination to simplify the function, and get rid
of the gcc warning.
Change-Id: I31ebf0c4be61daf6395d9a9fac05c7fdceb8bcb9
The point of having a public API to register further stats reporters
is to enable applications or other libraries to do so. As we in
libosmocore don't know anything about the parameters of such a stats
reporter, don't try to do a partial save of them when saving the config
file.
Change-Id: I2986313375daec1c4959a6a914e3fb2980a5d7ca
We should either handle talloc returning NULL, or we should
OSMO_ASSERT(). Doing neither of the two is a bad idea.
Change-Id: I5e8d1cc22cf597f7f50c0f92bf86cb1f1413434c
In many cases, a lot of the counters are zero, and we're likely
not interested in those, but only the non-zero counters. Add a version
of the 'show stats' command which dumps only those items with a non-zero
total value.
Change-Id: Ie4df1c139e3c82deca1dd3cdab5d3909e0513684
It was recently found that several IEs which were added in the header
file were not actually added to the tlv_definition, and hence the tlv
parser failed to decode them. Let's make sure we don't foget to add new
IEs in the future.
Related: SYS#5915
Change-Id: Id8a679ca43eb0fcc4882780e9a95ec21c7f51972
There are cases where we want to be notified of a successful BVC reset,
e.g. for a signalling because we can then start resetting the PtP-BVCs.
With this hook it's now possible to do that.
Change-Id: If240dd13f0f674693018c93390386b2c8afb97af
Related: SYS#5908
pthread_getname_np() is a non-portable extension of pthreads. While
it exists in glibc, for example musl didn't have it until rather
recently (April 2021) and there still hasn't yet been a musl release
with this change, resulting even current OpenWRT not yet supporting
pthread_getname_np.
So let's check if pthread_getname_np is supported, and only use it
in that case.
Change-Id: Ibd01485af24e2fe574006f8d049bf37226dda966
Ever since Change-Id If76a4bd2cc7b3c7adf5d84790a944d78be70e10a in 2020
(part of libosmocore >= 1.4.0) we have introduced cpu_sched_vty.c, which
directly uses libpthread. As a result, libosmovty should be using
pthread compiler flags and link against libpthread.
This missing dependency is causing osmocom applications to
fail to link on OpenWRT (at leats for ath79-generic).
Change-Id: I7febbf88cbe61eacd05f46a9316e773b5c148e77
Related: SYS#4986
According to TS 101 318, section 5.2.2, a SID frame is identified
by a SID codeword consisting of 79 bits (r34..r112) which are all 1.
Given that there are no gaps in the codeword, we don't really need
to use bitvec_get_bit_pos() and check each field individually.
This brings additional complexity and negatively affects performance.
Instead, let's use bitvec_get_bit_pos() to check all bits in a row.
Change-Id: I678f8ff92317fe87f1aca511a3a062ad898e55cc
Related: SYS#5853
Make sure that osmo_time_cc counts exactly the same, regardless of a
rate_ctr being present or not. Only skip sending counter increments when
there is no rate counter, do not affect anything else.
In osmo-bsc, we are discussing a patch where an lchan redirects
osmo_time_cc counter increments to different rate counters depending on
its current type. In my comments I am also claiming that osmo_time_cc
works the same regardless of a rate_ctr being present or not. Looking at
the code, this is not actually the case.
Before this patch, when there is no rate_ctr, the reported_sum would
freeze, and as soon as a rate_ctr shows up, all counter increments from
the previous reported_sum would be sent to the newly set rate_ctr.
Instead, we want counter increments to simply be lost while there is no
rate_ctr set. IOW, rate_ctr == NULL should mean >/dev/null.
Related: I1b0670c47cb5e0b7776eda89d1e71545ba0e3347 (osmo-bsc)
Change-Id: I380b28d7ab0a6c8aab6c7e2a64bc73cab14863d2
If there's only a single device with matching VID/PID attached,
we don't need to insist that either the path or the address of the
device matches. Those are only needed to disambiguate multiple
devices with identical VID/PID.
Change-Id: I2ef245a56dfcf22758a0216b86d2a5c602ee5588
If an API user has defined a name for this particular
stat, we should consider it unique and not append ip and
port information from the connection.
By appending ip and port information to all tcp stat
names, we end up creating unique stat names every
time a reconnection occurs and the source port changes.
This makes the statistic impossible to track over time
as it is continually using a different name.
A quick example from the field over the course of a
day:
tcp.ipa-rsl-0,r=192.168.55.88.33056<->l=192.168.0.1.3003.tcp.rtt
tcp.ipa-rsl-0,r=192.168.55.88.33311<->l=192.168.0.1.3003.tcp.rtt
tcp.ipa-rsl-0,r=192.168.55.88.35510<->l=192.168.0.1.3003.tcp.rtt
tcp.ipa-rsl-0,r=192.168.55.88.35958<->l=192.168.0.1.3003.tcp.rtt
tcp.ipa-rsl-0,r=192.168.55.88.36110<->l=192.168.0.1.3003.tcp.rtt
tcp.ipa-rsl-0,r=192.168.55.88.39269<->l=192.168.0.1.3003.tcp.rtt
tcp.ipa-rsl-0,r=192.168.55.88.40394<->l=192.168.0.1.3003.tcp.rtt
tcp.ipa-rsl-0,r=192.168.55.88.40397<->l=192.168.0.1.3003.tcp.rtt
tcp.ipa-rsl-0,r=192.168.55.88.42920<->l=192.168.0.1.3003.tcp.rtt
tcp.ipa-rsl-0,r=192.168.55.88.43839<->l=192.168.0.1.3003.tcp.rtt
This change would treat tcp stats like other stats
around the system. A unique name must be set by the
API user. This would let us set a unique name like
the following to avoid the situation above:
bts.0.rsl.0.tcp.rtt
Matching the existing rsl related stats:
bts.0.rsl.delete_ind
bts.0.rsl.ipa_nack
bts.0.rsl.unknown
...they retain a constant name regardless of the underlying
connectivity situation.
Change-Id: Ib04c2f5bfcbd6c19dd87debf1fc053abf0b9bef2
Those are available in 3GPP TS 48.008 version 16.0.0 Release 16, section
3.2.2.17 Cell Identifier. It can be seen that we have a collision
between the osmocom non-standard format and the SAI standard one.
This is because CGI-PS is not really a TS 48.008 Cell Identifier, but only
specified in TS 48.018 and has no ID number assigned. The CGI-PS was
added there because the whole osmo-bsc neighbour configuration works
with CellIds to manage neighbours, so it felt natural to extend the APIs
to also provide means to use CGI-PS format (TS 48.018 even refers 48.008
existance and mentions there's no explicit ID).
At the time this Cell Identifier was added, the firstly available number
(11) was taken, which was of course a really bad idea since newer
versions of the spec can at some point use it, which is the case if one
checks for instance TS 48.008 Release 16 SAI Cell Id.
There no perfect way to fix this bad decision at the time, but the
CGI-PS is only used in osmo-bsc and only for RIM related purposes, so by
changing the ID of CELL_IDENT_WHOLE_GLOBAL_PS, we only break RIM under
some specific CIs being used, and when an osmo-bsc is built against
older libosmocore and then used at runtime against a newer libosmocore
(which should be rare).
Hence, the downside is acceptable, and by moving the new ID number to be
ouside of the spec proto TS 48.008 range (4 bits), we make sure we don't
have the same problem again in the future.
Related: SYS#5838
Fixes: ca33a71ca8
Change-Id: Id25e563febdb7640174540136225f399515a0089
Shorthand for the INET/INET6 switch() to get/put the addr part, useful
for encoding and decoding message buffers.
Related: OS#5599
Change-Id: Ie9e33bfac525c59c30714663d2bfcc62ec9eeb81
There already are osmo_quote_str_buf() and osmo_quote_str_buf2(), same
for _escape_, but none of them return the snprintf() like string length.
A private function does, publish this in the API.
The returned chars_needed is required to accurately allocate sufficient
size in string functions that call osmo_quote_str/osmo_escape_str. I am
adding such in osmo-upf.git.
Related: SYS#5599
Change-Id: I05d75a40599e3133da099a11e8babaaad0e9493a
The OSMO_SOCKADDR_STR_FMT() and _ARGS() macros properly place square
braces around IPv6 addresses, so that the port nr is clearly
distinguishable.
before: 1:2::3:4:5
after: [1:2::3:4]:5
When using a struct reference, the macro resolves to '(&sastr) ? .. : ..',
which the compiler complains about as "condition is always true". Shim
around that error with a pointer variable.
I considered using osmo_sockaddr_to_str_c() instead, but here in
socket.c we cannot assume that osmo_select_main_ctx() is being used and
hence can't just use OTC_SELECT for log string composition. The
struct osmo_sockaddr_str is a string representation in a local variable,
and hence doesn't need talloc for log strings.
I considered adding log_check_level() around the log string conversion,
but since all of these instances are on LOGL_ERROR, I didn't bother.
Related: SYS#5599
Change-Id: Idbe7582b2b7f14540919e911dad08af6d491f68f
It seems it is insufficient to register file-descriptor call-backs
with libusb_set_pollfd_notifiers(), but we also need to call
libusb_get_pollfds() once to get the initial set of file descriptors
which may have been created already during libusb_init().
As we don't have a libusb context before libusb_init() returns,
we cannot call libusb_set_pollfd_notifiers() early enough to be
active already during libusb_init().
Change-Id: Icf81014d689ffa738719af68120fa2dedbeec689
As was demonstrated in I54bf5e5c036efb1908232fe3d8e8e2989715fbb3,
when the logging is configured to print the filename *after* the
logging message, each logging line contains an artifact - '\0'.
The problem is that the 'len' variable is not updated. Fix this.
Change-Id: I5c920a0d5c1cf45bcdd327b39e33d63346b4f51c
Fixes: I393907b3c9e0cc1145e102328adad0a83ee13a9f
To easily log and print a sockaddr using OTC_SELECT, add
osmo_sockaddr_to_str_c().
Implement osmo_sockaddr_to_str_buf2() using osmo_strbuf, so that we can
return the chars_needed which osmo_sockaddr_to_str_c() uses.
From previous osmo_sockaddr_to_str_buf(), call
osmo_sockaddr_to_str_buf2() and return NULL if the buf_len was
insufficient, to mimick previous behavior. This makes it more
consistently returning NULL for insufficient buf_len, as shown in the
tweak that is needed in socket_test.c. Before osmo_sockaddr_to_str_buf()
would return a truncated port number, now it's all or NULL.
I will use osmo_sockaddr_to_str_c() in the new osmo-upf implementation.
Related: SYS#5599
Change-Id: I12771bf8a021e6785217b1faad03c09ec1cfef0e
In general, it's safe not to use talloc API here because those are
internal allocations, and there are no 'return' statements between
calloc() and free(). However, we don't really need to initialize
the heap memory with 0, so let's use the 'normal' malloc().
Change-Id: I6956cbd83b2999dbcf8e2d210134b0a166c33efb
When the logging framework is not initialized we get an error:
"ERROR: osmo_log_info == NULL! You must call log_init() before
using logging in ..."
There are sometimes situations where some code tries to log before
logging was initialied. This is a problem because the actual log
line with the debug info we need is covered up by the error message
from the logging framework.
Lets introduce a fallback logging function that is called when the
the logging framework is not available. This function can just use
fprintf to output to stderr.
Change-Id: I9b1b0988e02322e3e44fd4ceea3e1bc2d4df3c45
The event names contain '.', and there are spaces ' ' in the state
names. This is a problem since states and events can also be monitored
via the CTRL interface. Unfortunately the CTRL interface does not allow
certain reserved characters. So lets rename the states and event names
to make them compatible with the CTRL interface.
Change-Id: Id19973b56f9d7b1e3d0b0d7c7d0be7beba5428fc
Related OS#4149
Change-Id: I5ebc9ab5b1456fee29aa4e254fae862dc053f0aa
The parameters described in the docstrings for osmo_plmn_from_bcd() do not match the actual parameter list.
Change-Id: Ic0999dbe096a98418db7482bd110e20497d8e4a5
The identifier of stats item STATS_TCP_REORD_SEEN is tcp:sndbuf_limited,
it should be tcp:reord_seen.
Change-Id: If3539ceb570ae784cc9b6567c59da7afd11acf82
Related: OS#5701
This allows init-passive users to get the configured sizes for the RFCIs
and other similar information once engotiated with the peer.
Realted: OS#1937
Change-Id: I63ee780b4aa162ea097410b234e73984000c0965
When picking the end state, looking only at the path metric
is highly suboptimal because in a tail biting code, we _know_ that
whatever treillis path is correct, it must start and end at the same
state. So we only consider path meeting that condition. We know any
path that doesn't isn't the right one. We only fallback to only
path metric if no path met that condition.
Fixes OS#4508
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
Change-Id: I87e51d3880c0fe7bf3d6cd08fd46517a424a230c
The function clearly specified in its documentation that the number of
bytes written to the out buffer were being returned. However, the value
returned was "the number of characters (excluding the terminating null
byte) which would have been written to the final string if enough space
had been available.", aka snprintf-style.
The 2 callers of that function were not expecting it, so if a long
enough buffer was passed, the program asserted.
Closes: OS#5383
Change-Id: I8d71bd1a0dad37606acb8302b05c2ae338112e57
The use of an unsinged integer as for loop counter variable doesn't
work when counting down and comparing with >= 0. The existing code
would be an infinite loop if it wasn't for the (data dependent) break
condition:
>>> CID 243259: Control flow issues (NO_EFFECT)
>>> This greater-than-or-equal-to-zero comparison of an unsigned value is always true. "i >= 0U".
572 for (i = 15; i >= 0; i--) {
573 if (match_mask & (1<<i)) {
574 iui->mode_version = i;
575 break;
576 }
Change-Id: I019d0f0d8f2b167575a2883a13cca692c96961cf
Closes: CID#243259
This is to fix the following compile error on CentOS 7:
[ 74s] stats_tcp.c: In function 'fill_stats':
[ 74s] stats_tcp.c:138:15: error: 'struct tcp_info' has no member named 'tcpi_notsent_bytes'
[ 74s] tcp_info.tcpi_notsent_bytes);
[ 74s] ^
Closes: OS#5374
Change-Id: Icde6651baeb0828477dbf540a02b16a1a5f91797
osmocom applications are deployed in a variety of different situations.
Dependung on the medium that interconnects the network components
unexpected behaviour may occur. To debug problems with the
interconnection between network components it might help to monitor the
health of the related TCP connections.
Change-Id: I1416f95aff2adcf13689646b7574845de169fa3d
Related: SYS#5701
Only support for SMpSDU mode is introduced in this commit.
Not supported explicit list:
- Transparent mode
- ATM/AAL2 based Transport layer
- GTP-U based Transport Layer
- Iu Rate Control procedure
- Time Alignment procedure
APIs are provided to allocate the primitives properly inside the related
msgb. This way primitives can be placed in the headroom, leaving the
data part of the msgb for the IuUP payload, hence allowing re-use of the
msgb and 0 copy of IuUP payload when forwarding data over RNL<->TNL.
Since RNL and TNL primitives relu struct osmo_prim_header, which is not
packed, they cannot be set to packed, and hence proper memory alignment
in the msgb must be done to avoid misaligned accesses (Asan errors about
it otherwise).
Related: SYS#5516
Change-Id: Ibe356fa7b1abaca0091e368db8478e79c09c6cb0
Just like rate_ctr_group_free, osmo_stat_item_group_free should tolerate
it when the argument is NULL
Change-Id: I23323833e7268356a50c4fc6a19639c4ecd2a101
Remove the paragraph about writing to the Free Software Foundation's
mailing address. The FSF has changed addresses in the past, and may do
so again. In 2021 this is not useful, let's rather have a bit less
boilerplate at the start of source files.
Change-Id: I5050285e75cf120407a1d883e99b3c4bcae8ffd7
gsmtap_sendmsg() places the burden of freeing the msgb in case of
erroneous return codes on the caller. A review of existing users
shows that this is overly optimistic and many calls get it wrong,
opening up memory leaks.
Let's add a new function gsmtap_sendmsg_free() which behaves like
gsmtap_sendmsg() but always takes ownership: Either it is sent + freed,
or it is just freed.
Change-Id: I106b09f2a49bf24ce0e8d11fd4d4ee93e9cafdf5
Related: OS#5329
This kind of API will likely cause memory leaks in case the caller fails
to check the return value of the function and knows he must free the
message.
Change-Id: I7e61c19d32a75e28f08b74a8e3d9d63a2d8bf3d7
Related: OS#5329
In case osmo_wqueue_enqueue_quiet() fails, msgb ownership is not
transferred to the queue, but the caller is responsible for freeing
the message buffer that we just failed to enqueue.
Change-Id: I6306e34dc7289864c889e72adf31d74d4581a810
Closes: OS#5328
Related: OS#5329
The log message is very confusing if printed for PtP-BVCI as well. Move
it into the correct if branch.
Change-Id: I0359443ddc52108b492f741005c4699e06b40183
gcc complains because our char might or might not be signed depending on
arch and phase of the moon:
error: array subscript has type 'char' [-Werror=charsubscripts]
Change-Id: I7c76f9a2318c4f0e5eedeea00ec380824b86567e
The bitvec_read_field() is used in performance critical places,
such as the CSN.1 decoder in osmo-pcu. Thus the less conditional
statements we have in the parsing loop, the better.
The bitvec_get_bit_pos() alone is quite a complex function, which
does check the boundaries and even supports the L/H syntax. Even
if it gets inlined by the compiler, we don't really want to run
redundant checks and run bitval2mask() on each iteration.
Change-Id: I438fc82d33ab2edbabd4215ec7bc46afb07d50ab
While running a sanitized version of the bitvec_test I get:
bitvec.c:492:24: runtime error: shift exponent 64 is too large
for 64-bit type 'long unsigned int'
This error is triggered by the following line in the bitvec_test:
_bitvec_read_field(0, 8 * 8 + 1); /* too many bits */
which basically tries to parse more bits (65) than the test vector
actually has (64). The problem is that we don't check if the
given vector has enough data *before* entering the parsing loop,
so we end up doing weird bit-shifts and getting weird values:
bitvec_read_field(idx=0, len=65) => bd5b7ddffdd7b5db (error)
Unfortunately, this problem remained unnoticed so far because in
'tests/testsuite.at' we don't check if stderr is empty. This is
fixed in a follow up change [1].
Rather than checking for errors in every loop iteration, do this
once and return early if the overrun is possible with the given
offset and length arguments.
Change-Id: I4deeabba7ebb720cdbe7c85b37bc011d05bdfa65
Related: [1] Ia82b92eddb18dc596881abcef2f098dc7385538b
This function returns an *unsigned* integer (uint64_t), so returning
a negative value on error is a bad idea. A negative value turns into
a huge positive value, what was demonstrated in the bitvec_test:
bitvec_read_field(idx=512, len=16) => ffffffffffffffea
bitvec_read_field(idx=0, len=65) => ffffffffffffffea
bitvec_read_field(idx=64, len=16) => ffffffffffffffea
The 0xffffffffffffffea above is basically:
(uint64_t) -EINVAL, or
(uint64_t) -22 + 1, or
0xffffffffffffffff - 0x16 + 1.
Let's make use of the errno in order to indicate an error to the caller.
Change-Id: I2cc734caa3365d03c2ae2b3f2cd9544933c25e9e
Related: OS#4388
It's the usual naming for unit test binaries. Without the '_test' endig,
the tdef_vty_test_{config_root,config_subnode,dynamic} binaries do not
match the 'tests/*/*_test' pattern and appear as untracked files in git.
Change-Id: I828fa45132e11a41c527d4b25df850c19871cb75
There might be library code that has rate counters, and if the main
program calls rate_ctr_init() a second time, we can skip the second
initialization.
Change-Id: I6f5342a77518599eb5ac9a0f0605917a78fcc387
alive_timeout_handler() changes the state to RECOVERING which calls
ns2_st_alive_onenter()->ns2_nse_notify_unblocked(unblocked=false)->
ns2_sns_notify_alive(unblocked=false)
When all (signalling) NSVCs have failed and gss->role is SGSN and not
persistent sns_failed() calls gprs_ns2_free_nse() which talloc_free()s
the nse before returning.
The next line in ns2_nse_notify_unblocked() tries to read nse->alive which then causes the
use-after-free.
Change-Id: I0486a77fd3e21fd3904bd19e4e0225ffbf654935
Related: OS#5302
Pau Espin
Karsten Ohme
Vadim Yanitskiy
Philipp Maier
Harald Welte
Daniel Willmann
Neels Hofmeyr
Sylvain Munaut
Oliver Smith
Eric Wild