Fix re-initialize issue of the GPRS NS. This was found while
working on the GB Proxy tests.
==27800== Invalid write of size 4
==27800== at 0x403C263: rate_ctr_group_alloc (linuxlist.h:65)
==27800== by 0x4050974: gprs_nsvc_create (gprs_ns.c:209)
==27800== by 0x405320D: gprs_ns_instantiate (gprs_ns.c:1330)
==27800== by 0x804B212: main (gbproxy_test.c:797)
==27800== Address 0x434173c is 52 bytes inside a block of size 784 free'd
==27800== at 0x4029DA8: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==27800== by 0x4041BBD: _talloc_free (talloc.c:609)
==27800== by 0x40432B2: talloc_free (talloc.c:578)
==27800== by 0x40532D3: gprs_ns_destroy (gprs_ns.c:1363)
==27800== by 0x804B1FE: main (gbproxy_test.c:791)
If the read callback closes the connection conn is already freed so we
can't derefernce it. Instead return -EBADFD in the read function if it
closed the connection and check for that.
If the FD is both readable and writable and the read callback closes the
connection (and frees the surrounding structure) we shouldn't call the
write callback (or check anything else in the read fd).
With this patch callback functions can return -EBADFD if they don't want
the FD to be handled any more.
This adds support for A-over-IP and LCLS related message/IEI
definitions.
Old definitions are in decimal, which is very hard (at least for me)
to compare with the binary tables in the spec. Hex is much easier
to manually compare for completeness/correctness. I didn't touch
the existing definitions, but think they should move to hex, too.
The code is lacking a "," at the end of a string and we ended up
doing string concatination instead of having an invalid state.
Fixes Coverity CID 1206564
The code would have used an uninitialized current_time in case
"now" was not NULL. As now is const and timersub expects a non
const parameter I decided to copy now into current_time.
Fixes: CID #1040661
Rename NM_ATT_O_REDUCEPOWER to NM_ATT_OSMO_REDUCEPOWER, which
makes it more clear that this is an osmcoom specific attribute.
Also, we cannot simply overload 0x01 as an already defined OML
attribute. The problem is quite simple: When we use abis_nm_att_tlvdef
during the TLV parse, 0x01 will match to NM_ATT_ABIS_CHANNEL,
which is defined as { TLV_TYPE_FIXED, 3 }.
So instead, we need to introduce a new abis_nm_osmo_att_tlvdef[],
which has to be patched into abis_nm_att_tlvdef[] by the means of
tlv_def_patch(), exactly how we do it for bs-11 and nanobts specific
attributes.
I'm using 0xfe for the attribute, as 0xfe doesn't overlap with the IPA
specific attribues (and we might want to combine/merge the 12.21 plus
IPA plus osmocom spefici attributes)
FreeBSD 10.0 ships an execinfo.h but one needs to link to an
additional library for the backtrace functions. Check if there
is a backtrace symbol in libexecinfo and if so link to that
library.
This should fix long delays when sending a long SMS on an encrypted
channel. It is the most minimal change to the polling mode. One
option we discussed internally is to queue a higher level representation
and generate the actual LAPDm frames later.
If LAPDm receives an I-Frame while there already is an I-Frame in the
tx_queue the code generates an additional RR (to acknowledge the
received I-Frame). Instead, N(R) of the I-Frame in the tx_queue should
be updated to ACK the data.
When debugging an issue that involves SAPI=0 and SAPI=3 the
log file does not have enough context. Add the SAPI to this
message so we at least understand which SAPI we are talking
about.
Currently it takes 3s to establish a SAPI 3 SACCH connection with
osmo-bts. This is due to the fact, that a broken SABME request is
sent first and and is ignored by the MS. Then, after a T200 timeout
(2s) the SABME command is sent again (this time correctly) and
answered by the MS.
The first SABME message is broken (it has a length field of 3 and
ends with 3 bytes from the tail of the original RSL message),
because of it is expected throughout lapdm.c that msg buffers
containing RSL have msg->l2h == msg->data. Some abis input drivers
fulfill this but IPA doesn't, thus the 3 bytes of the IPA header
are still part of the msg and confuse length computation.
Since internal fields of the msg are modified directly, this is
difficult to see.
This patch adds a new function msgb_pull_to_l3() that explicitely
skips over all headers prepending L3 and therefore resets l1h and
l2h. This function is then used instead of msgb_pull_l2h() which
only worked correctly when msg->l2h == msg->data. In addition,
code manipulating msg->tail and msg->len directly has been replaced
by calls to msgb_trim().
Note that this patch does not fix all issues of this case in the LADP
related code.
Ticket: SYS#192
Sponsored-by: On-Waves ehf
Since e.g. the IPA input driver leaves it's specific header in front
of msg->l2h, so that msg->l2h != msg->data. The lapdm code does not expect this at least in
rslms_rx_rll_est_req().
This patch modifies the test program to add a dummy L1 header to
generated messages (unless the test would abort when doing so).
Note that the ok file reflects the current state which is not
correct.
Sponsored-by: On-Waves ehf
This function works like osmo_hexdump() and returns a static buffer
containing hex bytes along with markers for the layers.
Note that it uses osmo_hexdump() internally, thus a call to
msgb_hexdump() invalidates the buffer that has been returned by an
earlier call to osmo_hexdump(). In short: don't mix them in a single
call printf().
Sponsored-by: On-Waves ehf
This test case processes RSL establish requests for SMS (SAPI 3)
on the SDCCH and the SACCH channels. The TX queues are checked
after processing each message.
Ticket: SYS#192
Sponsored-by: On-Waves ehf
Currently w[14]/w[15] and w[18]/w[19] are swapped in range 256 format
decoding in gsm48_decode_freq_list().
This patch fixes this.
Sponsored-by: On-Waves ehf
The legacy 7bit conversion functions (those without the '_n_' in the
name) gave wrong return values on 64 bit platforms due to unproper
signed/unsigned conversions and the usage of SIZE_MAX.
This patch fixes this by using a smaller max size (see
GSM_7BIT_LEGACY_MAX_BUFFER_SIZE, currently set to 64k) for the legacy
wrappers and by using unsigned int for max_septets.
In addition, there are tests now that check the return values of
legacy encoding and decoding.
Sponsored-by: On-Waves ehf