For 3G, I need a BCD composer/parser similar to gsm48_generate_lai()/
gsm48_decode_lai(). Those functions also handle a trivial extra
member (lac) which I don't need in this way for 3G.
So create new functions to take on the MCC+MNC BCD handling and call those
from gsm48_generate_lai() and gsm48_decode_lai(). In this way, the 3G code
in openbsc can use only the BCD functionality without code duplication.
Add inline functions for both release <= 98 and release >= 99 as well as a
default define. Use the release 98 by default since the current code base uses
the r98 bitmasks.
These inline functions relieve callers of the decision on masking bits of the
protocol discriminator and message type octets.
Also add a define for the protocol discriminator extension to one octet length
(GSM48_PDISC_EXTEND).
Apply new pdisc function in gsm0480.c.
[hfreyther: Make the hdr param const]
Include the headers mentioned by the manpage
ipa.c:346:9: warning: implicit declaration of function 'recv' is invalid in C99
[-Wimplicit-function-declaration]
ret = recv(fd, msg->tail, needed, 0);
This code dealing with bit shifting sometimes gets 1 byte beyond array
boundary while calculating index. This is now explicitly checked and prevented.
Ticket: OW#1198
Sponsored-by: On-Waves ehf
These functions are currently part of openbsc but also needed by
other projects.
The function have been renamed as follows:
gprs_apn_to_str -> osmo_apn_to_str
gprs_str_to_apn -> osmo_apn_from_str
Sponsored-by: On-Waves ehf
The primitives for SUSPEND, RESUME and RECONNECT are only permitted on
the MS side of the LAPDm link, not on the BTS side. So we should check
for this and reject, accordingly.
Shipping our own private copy of talloc was a good idea in 2008,
when it was not readily available on most target platforms. Today,
the situation is quite different, as it is a standard library on
major Linux distributions.
When using configure --disable-static, no libosmogsm.a will be
created, and the tests fail to link because symbols like _a5_3 and
_a5_4 are not exported through the only remaining libosmogsm.so.
A method to overcome this is an intermediate private non-distributed
library, examples of which are present in e.g. libabc, kmod and
systemd.
With this, disable-static can now be the default and practical compile
time be halved.
Addresses:
CCLD utils/utils_test
utils_test.o: In function `test_idtag_parsing':
git/libosmocore/tests/utils/utils_test.c:64: undefined reference to `ipa_ccm_idtag_parse_off'
Sponsored-by: On-Waves ehf
For some reason the structure is closer to be a LV (length
and value). The value is actually a tag but it is counted
inside the length. Introduce an overload of the parse function
to provide an offset for the length. This will be taken from
the returned length.
The current functions are used to 'qualify' an APN from the
user-supplied APN name (name identifier) towards the fully-qualified
APN name which is used in the .grps DNS zone.
In some places, the return value of msgb_alloc/msgb_alloc_headroom
is not checked before it is dereferenced.
This commit adds NULL checks to return with -ENOMEM from the calling
functions if the alloc function has failed.
Fixes: Coverity CID 1249692, 1293376
Sponsored-by: On-Waves ehf
These types were compatible so simply remove one.
Fixes:
gsm0808.c:323:37: warning: initializer overrides prior initialization CC gsm0480.lo
of this subobject
CC abis_nm.lo
[-Winitializer-overrides]
[GSM0808_IE_LSA_INFORMATION] = { TLV_TYPE_TLV },
^~~~~~~~~~~~
gsm0808.c:316:36: note: previous initialization is here
[GSM0808_IE_LSA_INFORMATION] = { TLV_TYPE_TLV },
^~~~~~~~~~~~
These patches enhance the Supplementary Service (SS) processing from
only being able to handle USSD to other SS, specifically activation,
deactivation and interrogation of those SS. Registration is not yet
implemented.
include/osmocom/gsm/protocol/gsm_09_02.h has been added with needed
values for SS.
Modified by Harald Welte to keep the old ussd-only functiosn for API/ABI
stability.
Currently, the ipa_send function returns -1 in one execution branch
to indicate an error and -EIO in another. This is not consistent and
can lead to a misinterpretation of the error code, since -1 is -EPERM
and in general, EPERM is not returned by write(2).
This patch changes the return code to -errno instead of -1 for the
case that write(2) fails for same reason. So -rc is always a sensible
error value if there is a failure.
Sponsored-by: On-Waves ehf
this fixes some compilation issues with libosmocore under NuttX,
particularly as some #defines are missing or some header files are
slightly different.
libosmocore.{so,a} should always have been GPLv2+. However, when
migrating some code from OpenBSC or OsmocomBB, we sometimes introduced
it with a wrong license header.
the bits/crc files are not inside the sourcedirectory but will end
in the build directory. Go and look there as well. This somehow
doesn't fail with make distcheck but when building for Yocto Dizzy.
The element following the identifier list was the
GSM0808_IE_LSA_INFORMATION. It is a TLV type as well
and the issue got introduced in
92107dfd3b.
Fixes:
gsm0808.c:316:40: warning: initializer overrides prior initialization of this subobject
[-Winitializer-overrides]
[GSM0808_IE_LSA_IDENTIFIER_LIST] = { TLV_TYPE_TLV },
^~~~~~~~~~~~
gsm0808.c:315:40: note: previous initialization is here
[GSM0808_IE_LSA_IDENTIFIER_LIST] = { TLV_TYPE_TLV },
As we are breaking builds by moving functions from libosmo-abis to
libosmocore anyway, we might as well give functions more appropriate
names. ipaccess is a company, while IPA is the multiplex protocol, and
CCM is the protocol used for establishing identities on the IPA
multiplex.
libosmo-abis is about forming A-bis interfaces/lines by means
of E1 or the IPA multiplex (or possibly other link layers).
The IPA multiplex is used in other contexts, such as the Control
interface, or the A interface. In that context, it makes sense to
have generic IPA related functions in libosmocore.
This adds support for A-over-IP and LCLS related message/IEI
definitions.
Old definitions are in decimal, which is very hard (at least for me)
to compare with the binary tables in the spec. Hex is much easier
to manually compare for completeness/correctness. I didn't touch
the existing definitions, but think they should move to hex, too.
The code is lacking a "," at the end of a string and we ended up
doing string concatination instead of having an invalid state.
Fixes Coverity CID 1206564
Rename NM_ATT_O_REDUCEPOWER to NM_ATT_OSMO_REDUCEPOWER, which
makes it more clear that this is an osmcoom specific attribute.
Also, we cannot simply overload 0x01 as an already defined OML
attribute. The problem is quite simple: When we use abis_nm_att_tlvdef
during the TLV parse, 0x01 will match to NM_ATT_ABIS_CHANNEL,
which is defined as { TLV_TYPE_FIXED, 3 }.
So instead, we need to introduce a new abis_nm_osmo_att_tlvdef[],
which has to be patched into abis_nm_att_tlvdef[] by the means of
tlv_def_patch(), exactly how we do it for bs-11 and nanobts specific
attributes.
I'm using 0xfe for the attribute, as 0xfe doesn't overlap with the IPA
specific attribues (and we might want to combine/merge the 12.21 plus
IPA plus osmocom spefici attributes)
If LAPDm receives an I-Frame while there already is an I-Frame in the
tx_queue the code generates an additional RR (to acknowledge the
received I-Frame). Instead, N(R) of the I-Frame in the tx_queue should
be updated to ACK the data.
When debugging an issue that involves SAPI=0 and SAPI=3 the
log file does not have enough context. Add the SAPI to this
message so we at least understand which SAPI we are talking
about.
Currently it takes 3s to establish a SAPI 3 SACCH connection with
osmo-bts. This is due to the fact, that a broken SABME request is
sent first and and is ignored by the MS. Then, after a T200 timeout
(2s) the SABME command is sent again (this time correctly) and
answered by the MS.
The first SABME message is broken (it has a length field of 3 and
ends with 3 bytes from the tail of the original RSL message),
because of it is expected throughout lapdm.c that msg buffers
containing RSL have msg->l2h == msg->data. Some abis input drivers
fulfill this but IPA doesn't, thus the 3 bytes of the IPA header
are still part of the msg and confuse length computation.
Since internal fields of the msg are modified directly, this is
difficult to see.
This patch adds a new function msgb_pull_to_l3() that explicitely
skips over all headers prepending L3 and therefore resets l1h and
l2h. This function is then used instead of msgb_pull_l2h() which
only worked correctly when msg->l2h == msg->data. In addition,
code manipulating msg->tail and msg->len directly has been replaced
by calls to msgb_trim().
Note that this patch does not fix all issues of this case in the LADP
related code.
Ticket: SYS#192
Sponsored-by: On-Waves ehf
Currently w[14]/w[15] and w[18]/w[19] are swapped in range 256 format
decoding in gsm48_decode_freq_list().
This patch fixes this.
Sponsored-by: On-Waves ehf
The legacy 7bit conversion functions (those without the '_n_' in the
name) gave wrong return values on 64 bit platforms due to unproper
signed/unsigned conversions and the usage of SIZE_MAX.
This patch fixes this by using a smaller max size (see
GSM_7BIT_LEGACY_MAX_BUFFER_SIZE, currently set to 64k) for the legacy
wrappers and by using unsigned int for max_septets.
In addition, there are tests now that check the return values of
legacy encoding and decoding.
Sponsored-by: On-Waves ehf
abis_nm_pchan4chcomb will return a pchan for a given channel
combination but returned a value of the channel combination.
Fix it to return the physical channel combination.
Fixes: Coverity CID 1040767
This information element has been added to the MM Information
message in GSM24.008. This patch adds it to the tlv_definition
to keep the TLV parser from breaking.
Ticket: OW#978
The number of digits is the number of used octets times two (two
digits per octet). The result has been successfully dissected by
wireshark. It has not been tested with real phones.
The 7bit<->8bit encoding/decoding functions didn't check whether
there is still enough space in the destination buffer. Therefore a
buffer size parameter has been added to each of the functions which
is used to truncate the output if the buffer is too small.
In addition, the return value of the decoding functions has been
changed to number of characters written (excluding \0), so this
value is always equal to strlen(decoded).
The old functions are still available as wrapper functions.
if (ptr)
msgb_free(ptr)
extends to:
if (ptr)
talloc_free(ptr)
And according to the talloc documentation a talloc_free(NULL)
will not crash: "... Likewise, if "ptr" is NULL, then the function
will make no modifications and returns -1."
Handling 7-bit coding is a little different for USSD, as TS 03.38
states:
To avoid the situation where the receiving entity confuses 7 binary
zero pad bits as the @ character, the carriage return or <CR>
character shall be used for padding in this situation [...].
If <CR> is intended to be the last character and the message
(including the wanted <CR>) ends on an octet boundary, then another
<CR> must be added together with a padding bit 0. The receiving entity
will perform the carriage return function twice, but this will not
result in misoperation as the definition of <CR> [...] is identical to
the definition of <CR><CR>.
The receiving entity shall remove the final <CR> character where the
message ends on an octet boundary with <CR> as the last character.
Jacob has verified the fix with fakeBTS and the wireshark dissector.
Fixes: OW#947
Reviewed-by: Jacob Erlbeck <jerlbeck@sysmocom.de>
lapdm.c takes the re-establishment message and forwards it to lapd_core.c,
so we can assume that msgb is set at primitive. In case there is data in
the re-establishment msg, it is moved into send_buffer. In case of no
data (0 length), it must be freed.
Fixes an issue spotted by Coverity Scan.
This reverts commit f996b05dbd
and 2b0cac4ef8. A detailed
explanation can be found here:
http://lists.osmocom.org/pipermail/openbsc/2013-July/004737.html
The short description is that:
1.) The API should return (as out parameter) the number of
octets used.
2.) The handling for the <CR> encoding only applies to USSD
and it is incomplete. On top of that it broke the SMS test.
To avoid the situation where the receiving entity confuses 7 binary zero pad
bits as the @ character, the carriage return or <CR> character shall be used
for padding in this situation.
If the datalink fails or if handover or assignment to a new channel fails,
it is re-establised by sending SABM again. The length of establish message
is 0 in this case. The length is used to differentiate between
re-establishment and contention resolution, which has to be handled
differently.
See TS 04.06 Chapter 5.4.2.1
The &buf[3] is unlikely to be aligned properly. Use memcpy instead
of an assignment. Add a small testcase that verifies that I didn't
mess up the conversion.
Alignment trap: osmo-nitb (3293) PC=0x492b7094 Instr=0xe5803003 Address=0xbeb259db FSR 0x801
When a SABM(E) frame arrives, we have to trim the L2 padding (0x2b for
gsm) before handing the data off to L3, just like we do with I frames.
Also, we should use mggb_trim() or even msgb_l3trim() instead of
manually fiddling with msgb->length and ->tail pointers.
After reception of SABM, the network responds with UA and enters the
establised multiframe state. If UA is not received by mobile, the SABM
is transmitted again, and the network must respond with UA again, unless
it is from a different mobile.
Add LAPDm collision test (contention resolution on network side).
Only the Gb library relies on having undefined references to a
symbol that needs to be provided by the host application. For
all other libraries we can link with -no-undefined.
this will avoid printing 'abis_nm.c' as the filename in the log, which
is pretty useless during debugging. We want to know where
abis_nm_debugp_foh() is being used from, not where it is implemented.
This was found while implementing handover on a sysmobts. When we
receive a channel release request for a channel that was never really
activated (set_lapdm_context() was not called) we segfault in
lapd_recv_dlsap().
We now return early with -EINVAL in rslms_rx_rll() if we receive a
message that assumes set_lapdm_context() was already called.
These are:
* RSL_MT_UNIT_DATA_REQ
* RSL_MT_DATA_REQ
* RSL_MT_SUSP_REQ
* RSL_MT_REL_REQ
A test case was added to trigger the issue.
Max
Harald Welte
Neels Hofmeyr
Sylvain Munaut
Daniel Willmann
Alexander Huemer