gcc-8.2 is printing the following warning, which is an error
when used -Werror like our --enable-werror:
In file included from gprs_bssgp.c:34:
In function ‘tl16v_put’,
inlined from ‘tvlv_put.part.3’ at ../../include/osmocom/gsm/tlv.h:156:9,
inlined from ‘tvlv_put’ at ../../include/osmocom/gsm/tlv.h:147:24,
inlined from ‘msgb_tvlv_push’ at ../../include/osmocom/gsm/tlv.h:386:2,
inlined from ‘bssgp_tx_dl_ud’ at gprs_bssgp.c:1162:4:
../../include/osmocom/gsm/tlv.h:131:2: error: ‘memcpy’ forming offset [12, 130] is out of the bounds [0, 11] of object ‘mi’ with type ‘uint8_t[11]’ {aka ‘unsigned char[11]’} [-Werror=array-bounds]
memcpy(buf, val, len);
Where "130" seems to be the maximum value of uint8_t, shifted right one +
2. But even as we use strnlen() with "16" as maximum upper bound, gcc
still believes there's a way that the return value of gsm48_generate_mid_from_imsi()
could be 130. In fact, even the newly-added OSMO_ASSERT() inside
gsm48_generate_mid() doesn't help and gcc still insists there is a problem :(
Change-Id: I0a06daa19b7b5b5badbb8b3d81a54c45b88a60ec
The longest BCd-digit type identity is the IMEISV with 16, so there's
no point in trying to parse up to 255 decimal digits, which will do
nothing but to overflow the caller-provided output buffer.
Let's also clearly define the required minimum size of the output
buffer and add a reltead #define for it.
Change-Id: Ic8488bc7f77dc9182e372741b88f0f06100dddc9
To reset the state of BSSGP allow to flush the BSSGP queues.
When testing (with TTCN3) the test object should be resetted between
each test.
Introduce the functions:
bssgp_fc_flush_queue() - flushs a single flow control object
bssgp_flush_all_queues() - flushs queues of all BSSGP connections
Change-Id: I29b6ad6742ddf9b0b58b4af37d9a1cf18e019325
Return "invalid mandatory information" error status to
the sender in case bssgp_tlv_parse() failed.
To avoid loops, do not respond with an error status to
STATUS PDUs which failed parsing.
Change-Id: If73719b75a94d6742bdefc9b6572525cb00a96ee
Related: OS#3178
The return code from bssgp_tlv_parse() was not checked for a parsing
error. In case of a parsing error the stored return code could have
been overwritten later in this function.
Explicitly check for a parsing error and log corresponding packets.
Change-Id: Id3d7c52ec3df2bcf4efcee0e0b14fe22ef96964e
Related: OS#3178
Enable representing three-digit MNC with leading zeros. The MNCs 23 and 023 are
actually different; so far we treated both as 23. Re-encode an incoming BCD or
string of 023 as it were, i.e. not dropping the leading zero as 23.
Break ABI compatibility by changing the size and ordering of structs
gprs_ra_id, osmo_plmn_id, osmo_cell_global_id, ... by adding an mnc_3_digits
flag.
Change ordering in gprs_ra_id because the canonical oder is {Mobile Country
Code, Mobile Network Code}, so have the mcc member first.
ABI compatibility cannot be maintained for struct gprs_ra_id, since it is a
direct member of structs bssgp_bvc_ctx and bssgp_paging_info, and even just
adding a flag to the end would cause ABI changes of those structs. Similarly,
osmo_plmn_id is a direct member of osmo_location_area_id, and so forth.
Add new API to set and read this additional flag to preserve leading zeros:
- osmo_plmn_to_bcd(), osmo_plmn_from_bcd() after
gsm48_mcc_mnc_to_bcd() and gsm48_mcc_mnc_from_bcd().
- gsm48_decode_lai2(), gsm48_generate_lai2() after
gsm48_decode_lai(), gsm48_generate_lai().
- gsm0808_create_layer3_2() after gsm0808_create_layer3() and gsm0808_create_layer3_aoip().
- various osmo_*_name() functions in gsm23003.h (osmo_rai_name() still in
gsm48.h close to struct gprs_ra_id definition). The amount and duplication of
these may seem a bit overboard, but IMO they do make sense in this way.
Though most code will soon see patches unifying the data structures used, in
some cases (vty, ctrl) they are required singled out. Without these
functions, the formatting ("%0*u", mnc_3_digits ? 3 : 2, mnc) would be
duplicated all over our diverse repositories.
In various log output, include the leading MNC zeros.
Mark one TODO in card_fs_sim.c, I am not sure how to communicate a leading zero
to/from a SIM card FS. The focus here is on the core network / BSS.
To indicate ABI incompatibility, bump libosmogsm and libosmogb LIBVERSIONs;
adjust debian files accordingly.
Implementation choices:
- The default behavior upon zero-initialization will be the mnc_3_digits flag
set to false, which yields exactly the previous behavior.
- I decided against packing the mnc with the mnc_3_digits field into a
sub-struct because it would immediately break all builds of dependent
projects: it would require immediate merging of numerous patches in other
repositories, and it would make compiling older code against a newer
libosmocore unneccessarily hard.
Change-Id: Id2240f7f518494c9df6c8bda52c0d5092f90f221
Add gsm48_encode_ra() which takes appropriate struct as [out] parameter
instead of generic buffer. Using uint8_t buffer instead of proper struct
type prooved to be error-prone - see Coverity CID57877, CID57876.
Old gsm48_construct_ra() is made into tiny wrapper around new
function. The test output is adjusted because of the change in function
return value which was constant and hence ignored anyway.
Related: OS#1640
Change-Id: I31f9605277f4945f207c2c44ff82e62399f8db74
All successful and all error code paths of bssgp_fc_in() free the msgb, except
the code path calling fc_enqueue() when the msg is dropped (due to queue being
full, or failure to allocate).
Callers could theoretically catch the -ENOSPC return value and discard the
msgb. However, in other code paths, a callback's return value is returned,
which is expected to free the msgb, so such callback would have to never return
-ENOSPC when it freed the msgb. Much simpler semantics would be to free the
msgb in every code path, no matter which kind of error occurred.
Who is currently calling bssgp_fc_in and how do they handle the return value?
- bssgp_fc_test.c ignores the return value (and hits a mem leak aka sanitizer
build failure if the queue is full).
- fc_timer_cb() ignores the return value.
- bssgp_tx_dl_ud() returns the bssgp_fc_in() rc.
- which is returned by a cascade of functions leading up to being returned,
for example, by gprs_llgmm_reset(), which is usually called with ignored
return code.
At this point it is already fairly clear that bssgp_fc_in() should always free
the msgb, since the callers don't seem to distinguish even between error or
success, let alone between -ENOSPC or other errors.
bssgp_fc_test: assert that no msgbs remain unfreed after the tests.
Adjust expected results.
Helps fix sanitizer build on debian 9.
Change-Id: I00c62a104baeaad6a85883c380259c469aebf0df
Let's fix some erroneous/accidential references to wrong license,
update copyright information where applicable and introduce a
SPDX-License-Identifier to all files.
Change-Id: I39af26c6aaaf5c926966391f6565fc5936be21af
The rate_ctr.c code would do this mangling automatically, but let's
avoid using this from new versions of our code for
simplicity/explicitness.
Change-Id: I24a556f447cfac25efb6e83cac2d0c2972d98fe3
That's necessary for SGSN to properly handle BSS response to reset
procedure initiated by SGSN (foe example via 'bssgp bvc nsei 101 bvci 0
reset' command).
According to 3GPP TS 48.018 §8.4 "after performing the BVC Reset
procedure all affected BVCs are assumed to be unblocked at the SGSN" so
there's no need in any special handling.
Change-Id: I90dfbd0195a8403406429ccc746299d072445f7b
Related: OS#1638
Considering the various styles and implications found in the sources, edit
scores of files to follow the same API doc guidelines around the doxygen
grouping and the \file tag.
Many files now show a short description in the generated API doc that was so
far only available as C comment.
The guidelines and reasoning behind it is documented at
https://osmocom.org/projects/cellular-infrastructure/wiki/Guidelines_for_API_documentation
In some instances, remove file comments and add to the corresponding group
instead, to be shared among several files (e.g. bitvec).
Change-Id: Ifa70e77e90462b5eb2b0457c70fd25275910c72b
Add a new function timer function to set up the timer, similar to what
we have in the Linux kernel. This patch also converts existing opencoded
timer setup in the libosmocore tree as initial client of this new
function.
This patch implicitly removes function callback passed by reference that
defeat compile time type validation.
Compile-tested only, but I ran make check that reports success when
testing timer infrastructure.
Change-Id: I2fa49972ecaab3748b25168b26d92034e9145666
My recent logging patch was merged to master a bit too soon. Accomodate the
request for naming that matches the general "LOG" prefix instead of "LOGGING".
libosmocore will not be backwards-compatible with the few commits from
change-id I5c343630020f4b108099696fd96c2111614c8067 up to this one. This and
following commits are backwards compatible with those before that short window.
See also:
* openbsc change-id Ib2ec5e4884aa90f48051ee2f832af557aa525991
* osmo-pcu change-id I4db4a668f2be07f3d55f848d38d1b490d8a7a685
Change-Id: I424fe3f12ea620338902b2bb8230544bde3f1a93
It is too easy for calling code to use the same filter and context indexes for
different filters and structs. For example, openbsc's IMSI filter and libgb's
GPRS_BVC filter both fall on index 1 even though there are plenty more indexes
to choose from. To alleviate this, have one central definition here, sort of
like ports.h does for VTY and CTRL port numbers.
Add static asserts to make sure the indexes fit in the available array and bit
mask space.
Calling code like openbsc.git and osmo-pcu need adjustments and/or should move
to using these enum values instead of their local definitions.
Taking this opportunity to also prepare for a split of struct gsm_subscriber in
openbsc into bsc_subsciber and vlr_subscriber with appropriate separate filter
index constants for both subscriber types.
Include previous LOG_FILTER_ALL in the LOGGING_FILTER_* enum, and replace its
use by (1 << LOGGING_FILTER_ALL).
Change-Id: I5c343630020f4b108099696fd96c2111614c8067
gprs_bssgp.c:461:9: runtime error: load of misaligned address
0x62100001a66b for type 'uint32_t', which requires 4 byte alignment
gprs_ns.c:937:16: runtime error: load of misaligned address
0x61d00002a97f for type 'uint16_t', which requires 2 byte alignment
This commit adds class_id fields to the rate_ctr and stat_item group
descriptions. The stats reporter code is extended to only process
groups whose class_id does not exceed a per reporter max_class level.
If the class_id is not set, the code assumes 'global' for groups with
idx == 0 and 'subscriber' otherwise.
The following vty command is added to config-stats:
level (global|peer|subscriber) Set the maximum group level
Sponsored-by: On-Waves ehf
Currently the DL sometimes hangs and sometimes a lot of messages
(still not able to send PDU) are logged. This is caused by an invalid
timer delay computation, setting msecs either to 0 or to some big value.
This is due to an '&' operator at the wrong place, accessing some
parts in fc instead of the first element of the list.
This commit fixes that issue.
Sponsored-by: On-Waves ehf
Currently bssgp_rx_ptp might be called with bctx being NULL, when the
NS BVCI is neither BVCI_SIGNALLING nor BVCI_PTM, but the message is
a BVC_RESET or it contains an BVCI IE != BVCI_SIGNALLING where the
BVCI is not known.
This patch ensures that bssgp_rx_ptp will only be called with a
non-NULL bctx. A log message will be issued, if the bctx is NULL when
this was not expected.
Fixes: Coverity CID 1040674
Sponsored-by: On-Waves ehf
Currently the implementation of bssgp_tx_dl_ud conditionally adds
some optional IE if dup != NULL. Later on is dereferences dup to
access qos_profile and fc, but this without checking dup in advance.
This may lead to an segmentation violation fault.
This commit changes the value range of the function to only accept
dup != NULL. An assertion will fail otherwise. All other explicit
checks for non-NULL are removed.
Fixes: Coverity CID 1040673
Sponsored-by: On-Waves ehf
Currently incoming BSSGP STATUS messages are just logged and no other
action is taken. This makes it impossible for higher layers to react
to failures which are indicated by corresponding STATUS messages
unless a timeout is triggered as a result of that failure later on.
This commit adds a bssgp_rx_status() function and calls it on
incoming STATUS messages. That function logs a message, increments the
new BSSGP_CTR_STATUS counter if the bctx context exists and invokes
an NM_STATUS status indication. The latter will allow the application
to handle failures immediately. Since all STATUS messages should be
handled, the function is already called in bssgp_rcvmsg and the
message is no longer handled in (and will not reach) bssgp_rx_sign
and bssgp_rx_ptp.
Ticket: OW#1414
Sponsored-by: On-Waves ehf
Currently each incoming PtP BSSGP STATUS message is handled as 'not
yet implemented' and a BSSGP STATUS message (cause
BSSGP_CAUSE_PROTO_ERR_UNSPEC) is sent back to the peer. This will
cause endless messages loops if both peers use this BSSGP stack
implementation. This does not apply to signalling messages.
This commit changes the implementation of bssgp_rx_ptp() to just do
logging in this case.
Sponsored-by: On-Waves ehf
The copyright holders Harald Welte, Holger Freyther, Andreas Eversberg
and sysmocom - s.f.m.c. GmbH (represented by Holger and Harald) agree
that the license of libosmogb should be GPLv2+ and not AGPLv3+.
The reason the source files stated AGPLv3+ is due to the history, as
they were moved from OpenBSC to libosmocore at the time we needed to use
them from osmo-pcu. It was an oversight back then to not re-license
them accordingly.
Currently sending SUSPEND/RESUME messages to this function (like it
is done in the osmo-sgsn) results in STATUS messages complaining
about an unknown BVCI. The reason is, that these messages rely on a
TLLI/RAI pair to identify the context and do not contain an explicit
BVCI.
This patch modifies bssgp_rcvmsg() to only complain about and unknown
BVCI if one is given but a matching context is not found (except for
RESET messages). The ctx argument is removed from the functions
handling SUSPEND and RESUME since it will always be NULL then.
Sponsored-by: On-Waves ehf
In the OsmoSGSN we have a crash with a DEAD/BLOCKED GPRS-NS and
segmented SN-UNITDATA. For the caller it is not easy to know if
the passed msg buffer has been freed or not. The most easy solution
is to always take the ownership and either pass it on or free it
in case of an error.
Adjust indirect and direct callers of gprs_ns_sendmsg. I found
the following call-chains with an external msgb parameter.
gprs_ns_sendmsg
<- _bssgp_tx_dl_ud
<- bssgp_fc_in
<- bssgp_tx_dl_ud
Update the test to allocate a real msgb because for the test with
'1000' we will msgb_free it right away.
Sponsored-by: On-Waves ehf
Currently BSSGP messages with an NS BVCI of 0 (signalling) are
discarded if they aren't RESET messages. Thus valid signalling
messages (e.g. BLOCK) are not handled properly, because the BVCI IE
is ignored if it present. Instead a STATUS message referring to BVCI
0 (instead of the BVCI used in the BLOCK message) is returned.
This patch changes the implementation to use the BVCI contained in
the BVCI IE if that is present in a signalling message.
It fixes BSSGP BLOCK/UNBLOCK for the osmo-sgsn.
Note that signalling messages without an BVCI IE (e.g.
SUSPEND/RESUME) are still rejected.
Ticket: OW#1205
Sponsored-by: On-Waves ehf
Currently the BVCI is not set in all invocations to bssgp_tx_status()
when the cause is UNKNOWN_BVCI.
This patch adds the argument where it is missing.
It also adds a check for compliance (GSM 08.18, 10.4.14.1) to
bssgp_tx_status() to emit errors when the following requirement is
not fulfilled: The BVCI must be included if (and only if) the cause
is either "BVCI blocked" or "BVCI unknown".
Sponsored-by: On-Waves ehf
If the BTS tells us to not send any data at all anymore (bucket leak
rate of 0 bits per second), then we should respect this and not run into
a divide-by-zero. However, as this indicates complete overload, we
print a log message to that regard.
* add more comments on units of struct members
* make sure to parsre FC-BVC message correctly
* add error message in case user passes PDU larger than bucket size
* add new function to initialize flow control struct
This code is supposed to implement the BSSGP flow control algorithm,
both for the per-BSS and for the per-MS flow control.
The code currently has no test cases, they will come in a separate
commit.
Harald Welte
Alexander Couzens
Neels Hofmeyr