Fix re-initialize issue of the GPRS NS. This was found while
working on the GB Proxy tests.
==27800== Invalid write of size 4
==27800== at 0x403C263: rate_ctr_group_alloc (linuxlist.h:65)
==27800== by 0x4050974: gprs_nsvc_create (gprs_ns.c:209)
==27800== by 0x405320D: gprs_ns_instantiate (gprs_ns.c:1330)
==27800== by 0x804B212: main (gbproxy_test.c:797)
==27800== Address 0x434173c is 52 bytes inside a block of size 784 free'd
==27800== at 0x4029DA8: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==27800== by 0x4041BBD: _talloc_free (talloc.c:609)
==27800== by 0x40432B2: talloc_free (talloc.c:578)
==27800== by 0x40532D3: gprs_ns_destroy (gprs_ns.c:1363)
==27800== by 0x804B1FE: main (gbproxy_test.c:791)
If the read callback closes the connection conn is already freed so we
can't derefernce it. Instead return -EBADFD in the read function if it
closed the connection and check for that.
If the FD is both readable and writable and the read callback closes the
connection (and frees the surrounding structure) we shouldn't call the
write callback (or check anything else in the read fd).
With this patch callback functions can return -EBADFD if they don't want
the FD to be handled any more.
This adds support for A-over-IP and LCLS related message/IEI
definitions.
Old definitions are in decimal, which is very hard (at least for me)
to compare with the binary tables in the spec. Hex is much easier
to manually compare for completeness/correctness. I didn't touch
the existing definitions, but think they should move to hex, too.
The code is lacking a "," at the end of a string and we ended up
doing string concatination instead of having an invalid state.
Fixes Coverity CID 1206564
The code would have used an uninitialized current_time in case
"now" was not NULL. As now is const and timersub expects a non
const parameter I decided to copy now into current_time.
Fixes: CID #1040661
Rename NM_ATT_O_REDUCEPOWER to NM_ATT_OSMO_REDUCEPOWER, which
makes it more clear that this is an osmcoom specific attribute.
Also, we cannot simply overload 0x01 as an already defined OML
attribute. The problem is quite simple: When we use abis_nm_att_tlvdef
during the TLV parse, 0x01 will match to NM_ATT_ABIS_CHANNEL,
which is defined as { TLV_TYPE_FIXED, 3 }.
So instead, we need to introduce a new abis_nm_osmo_att_tlvdef[],
which has to be patched into abis_nm_att_tlvdef[] by the means of
tlv_def_patch(), exactly how we do it for bs-11 and nanobts specific
attributes.
I'm using 0xfe for the attribute, as 0xfe doesn't overlap with the IPA
specific attribues (and we might want to combine/merge the 12.21 plus
IPA plus osmocom spefici attributes)
FreeBSD 10.0 ships an execinfo.h but one needs to link to an
additional library for the backtrace functions. Check if there
is a backtrace symbol in libexecinfo and if so link to that
library.
If LAPDm receives an I-Frame while there already is an I-Frame in the
tx_queue the code generates an additional RR (to acknowledge the
received I-Frame). Instead, N(R) of the I-Frame in the tx_queue should
be updated to ACK the data.
When debugging an issue that involves SAPI=0 and SAPI=3 the
log file does not have enough context. Add the SAPI to this
message so we at least understand which SAPI we are talking
about.
Currently it takes 3s to establish a SAPI 3 SACCH connection with
osmo-bts. This is due to the fact, that a broken SABME request is
sent first and and is ignored by the MS. Then, after a T200 timeout
(2s) the SABME command is sent again (this time correctly) and
answered by the MS.
The first SABME message is broken (it has a length field of 3 and
ends with 3 bytes from the tail of the original RSL message),
because of it is expected throughout lapdm.c that msg buffers
containing RSL have msg->l2h == msg->data. Some abis input drivers
fulfill this but IPA doesn't, thus the 3 bytes of the IPA header
are still part of the msg and confuse length computation.
Since internal fields of the msg are modified directly, this is
difficult to see.
This patch adds a new function msgb_pull_to_l3() that explicitely
skips over all headers prepending L3 and therefore resets l1h and
l2h. This function is then used instead of msgb_pull_l2h() which
only worked correctly when msg->l2h == msg->data. In addition,
code manipulating msg->tail and msg->len directly has been replaced
by calls to msgb_trim().
Note that this patch does not fix all issues of this case in the LADP
related code.
Ticket: SYS#192
Sponsored-by: On-Waves ehf
This function works like osmo_hexdump() and returns a static buffer
containing hex bytes along with markers for the layers.
Note that it uses osmo_hexdump() internally, thus a call to
msgb_hexdump() invalidates the buffer that has been returned by an
earlier call to osmo_hexdump(). In short: don't mix them in a single
call printf().
Sponsored-by: On-Waves ehf
Currently w[14]/w[15] and w[18]/w[19] are swapped in range 256 format
decoding in gsm48_decode_freq_list().
This patch fixes this.
Sponsored-by: On-Waves ehf
The legacy 7bit conversion functions (those without the '_n_' in the
name) gave wrong return values on 64 bit platforms due to unproper
signed/unsigned conversions and the usage of SIZE_MAX.
This patch fixes this by using a smaller max size (see
GSM_7BIT_LEGACY_MAX_BUFFER_SIZE, currently set to 64k) for the legacy
wrappers and by using unsigned int for max_septets.
In addition, there are tests now that check the return values of
legacy encoding and decoding.
Sponsored-by: On-Waves ehf
abis_nm_pchan4chcomb will return a pchan for a given channel
combination but returned a value of the channel combination.
Fix it to return the physical channel combination.
Fixes: Coverity CID 1040767
In the osmo-bts and libosmo-abis code the hexdump routine is used
for every incoming/outgoing packet (including voice frames) and the
usage of snprintf showed up inside profiles.
There is a semantic change when more than 4096 characters are used.
The code will now truncate at byte boundaries (and not nibbles).
Code:
static const int lengths[] = { 23, 1000, 52 };
char buf[4096];
int i;
for (i = 0; i < 30000; ++i)
char *res = osmo_hexdump(buf, lengths[i & 3]);
Results:
before: after:
real 0m3.233s real 0m0.085s
user 0m3.212s user 0m0.084s
sys 0m0.000s sys 0m0.000s
The filter_fn has not been copied into the new structure breaking
the imsi and other filters in OpenBSC. Looking at the code we should
also introduce a callback for the reset of the context so we could
use subscr_get/subscr_put on the subscriber structure.
Okay. this comment thing has not worked (I totally forgot about it).
I think either we try to find ABI breakages with tools or we use
#error macros and check for a version...
Currently the field nsvci_is_valid is set to 0 in the NSVC object
returned by gprs_nsvc_create(). This was a semantic change probably
introduced by commit 5e6d679d. As a result, NSVC created via the VTY
have this flag set to 0 causing RESET_ACK messages to be rejected.
This patch changes the default behaviour of gprs_nsvc_create() to
always set this flag. So it must be set to 0 explicitely if needed
which is more intuitive and thus less error prone.
It fixes breaking connections from the Gbproxy to the SGSN.
Ticket: OW#874
Sponsored-by: On-Waves ehf
Currently those messages are answered by a NS_STATUS message when
received on an uninitialised (no NS_RESET hat been seen yet) NS_VC
which violates GPP TS 08.16 7.3.1 and 7.4.1.
This patch adds checks to gprs_ns_vc_create() and eventually returns
before the error NS_STATUS message is generated.
Sponsored-by: On-Waves ehf
When a RESET is received on the same link with a different NSVCI from
a BSS on a dynamically created NS connection do not patch the nsvc
object but create a new one instead. Thus the NSVCI is never modified
at a nsvc object after the NS-VC has been established.
Sponsored-by: On-Waves ehf
This modifies the NS stack's behavior to accept RESET and RESET_ACK
NSEI changes for NS-VC dynamically created by RESET messages from
BSSes. This feature is not used for NS-VC configured via VTY or NS-VC
to a SGSN.
Sponsored-by: On-Waves ehf
This changes the implementations for the reception of RESET and
RESET_ACK to be compatible with 3GPP TS 08.16, 7.3.1:
- Just send a RESET_ACK with correct values back to the SGSN when a
RESET with an invalid NSVCI or NSEI has been received.
- Check RESET_ACK for matching NSEI and NSVCI.
- Ignore unexpected RESET_ACKs.
In addition, use RESET_ACK from a BSS to update the BSS source
address based on the NSVCI to be tolerant with changing UDP source
addresses/ports.
Sponsored-by: On-Waves ehf
This fixes a SEGV error that happens the next time the statistics
are updated.
Addresses:
Program terminated with signal 11, Segmentation fault.
#0 0xb7711fa5 in rate_ctr_group_intv (grp=<optimized out>) at
rate_ctr.c:107
107 for (i = 0; i < grp->desc->num_ctr; i++) {
#0 0xb7711fa5 in rate_ctr_group_intv (grp=<optimized out>) at
rate_ctr.c:107
#1 rate_ctr_timer_cb (data=0x0) at rate_ctr.c:129
#2 0xb770ec59 in osmo_timers_update () at timer.c:243
#3 0xb770ef7a in osmo_select_main (polling=0) at select.c:133
#4 0x08049987 in main (argc=3, argv=0xbfba8084) at
gb_proxy_main.c:306
Sponsored-by: On-Waves ehf
This adds a 'nsvc nsvci <0-65535> (block|unblock|reset)' vty
command. It selects the NS-VC based on the nsvci instead of using the
first with a matching NSEI, like it is done when the 'nsei' keyword
is used instead.
Sponsored-by: On-Waves ehf
Harald Welte
Holger Hans Peter Freyther
Daniel Willmann
Sylvain Munaut
Alexander Huemer