As outlined in the test case, we pull a total of 50 bits from the
transmitter in two rounds, pulling 25 bits at a time. In the default
8-N-1 configuration, 50 bits should ideally comprise 5 characters.
However, as observed, only a total of 4 characters are retrieved
from the application, leaving the remaining 10 bits (5 + 5) unused.
Change-Id: Ic2539681a4adf6c1822e0bc256e4c829813d0e21
This problem can only happen if the user is flush()ing the Rx buffer
manually by calling osmo_soft_uart_flush_rx(). Let's demonstrate it
in the unit test, so that we don't forget about it (add FIXME).
Change-Id: Iad932a505d6fd98360f90510651501f8708ff5d2
Coverity tells us that with the current logic it's possible (in theory)
that we may dereference NULL pointer in osmo_soft_uart_flush_rx(). This
is highly unlikely, because the Rx buffer gets allocated once when the
Rx is enabled and remains even after the Rx gets disabled. The Rx flags
cannot be anything than 0x00 before the Rx gets enabled.
Even though this NULL pointer dereference is unlikely, the Rx flushing
logic is still not entirely correct. As can be seen from the unit test
output, the Rx callback of the application may be called with an empty
msgb if the following conditions are both met:
a) the osmo_soft_uart_flush_rx() is invoked manually, and
b) a parity and/or a framing error has occurred previously.
We should not be checking suart->rx.flags in osmo_soft_uart_flush_rx(),
since this is already done in suart_rx_ch(), which is calling it.
Removing this check also eliminates a theoretical possibility of the
NULL pointer dereference, so we're killing two birds with one stone.
- Do not check suart->rx.flags in osmo_soft_uart_flush_rx().
- Add a unit test for various flush()ing scenarios.
Change-Id: I5179f5fd2361e4e96ac9bf48e80b99e53a7e4712
Fixes: CID#336545
This is a convenience helper to reetrieve the whole set of remote
addresses and call getsockopt() on them, making it easy for users to
analyse the full set of remote addresses of a socket simply providing an
fd.
Related: SYS#6636
Change-Id: I3e1c84526b006baff435bbbca49dc6cf7d201cf5
In the _output_buf() we explicitly initialize only the 'buf' and 'len'
fields of the struct osmo_strbuf, leaving the 'pos' field implicitly
initialized to NULL. Later, in this function, 'sb.pos' is passed to
ctime_r() and strlen(), leading to a NULL pointer dereference (segfault)
in certain scenarios.
This situation can occur when color logging is disabled or when
a specific logging subsystem has no associated color. Any application
using libosmocore's logging API would crash with the following config:
log stderr
logging filter all 1
logging timestamp 1
logging color 0
Fix this by initializing the 'pos' field explicitly.
Change-Id: I7ec9badf525e03e54e10b725d820c636eaa3fd1c
Fixes: d71331bc "logging: fix nul octets in log output / use osmo_strbuf"
Fixes: CID#336550
The goto tag was wrong, probably due to a copy-paste mistype while
reimplementing the function.
Closes: Coverity CID#336546
Change-Id: I06b810fde7bf750fcb42d6d9e6223883e26f5f0b
According to Coverity, we check return value of this function in
all other cases except this one (9 out of 10 times), so let's add
the missing assert(), just to be sure.
Change-Id: I675f4089cc990be5fcda792276b6808742f6f0d7
Fixes: CID#336557
If the given queue is empty, queue->list.next points to &queue->list.
Current implementation would call llist_del() on the queue's llist_head,
decrement queue->current_length (which will be 0), and return a pointer
to &queue->list to the caller. This is completely wrong.
- Use the existing item_dequeue(), which does exactly what we need.
- Do not decrement the current_length if nothing was dequeued.
- Uncomment code in the unit test, we should not crash anymore.
Change-Id: I63094df73b166b549616c869ad908e9f4f7d46d1
Fixes: CID#336557
This patch is adding a simple testcase, which does the following:
* enqueue up to the limit (12 items),
* dequeue up to the limit (12 items).
Everything works as expected, unless you attempt to dequeue from
an empty queue: the test binary segfaults. The problem is explained
and fixed in a subsequent patch.
Change-Id: Ie0edbf00e656fbe231952bdbccfd37d143e8b2b1
Related: CID#336557
I am seeing this when building with gcc v13.2.1:
tests/coding/coding_test.c: In function ‘test_pdtch’:
tests/coding/coding_test.c:444:23: warning: ‘*result[<unknown>]’
may be used uninitialized
444 | result[len - 1] &= 0x7f;
| ~~~~~~^~~~~~~~~
tests/coding/coding_test.c:448:23: warning: ‘*result[39]’
may be used uninitialized
448 | result[len - 1] &= 0x07;
| ~~~~~~^~~~~~~~~
The idea here is to pre-clear some bits in the resulting buffer,
because they're not going to be set during decoding of the burst
bits. The problem is that result[] holds uninitialized data, so
we're basically taking a 'garbage' octet and clear some of its
bits. The remaining 'garbage' bits of that octet are overwritten
by the decoder, so in the end we still get deterministic results.
Let's make GCC happy by clearing all bits in the last octet.
Change-Id: I24d79de8b3a5f4184b71414504657e5857498e0e
This patch brings decoding of the CS1 in consistency with the other
three coding schemes, for which we support decoding USF independently.
Change-Id: I61a3628741c0ac68374fc7f077cf3a07e51277c3
The USF (Uplink State Flag) field is present in the MAC header of all
Downlink PDCH blocks. It is used by the network to indicate which MS
can transmit on subsequent Uplink PDCH block(s). This field is of a
high importance for the MS, thus the decoder API allows the caller
to obtain USF value separately from the actual data bits.
In the case of gsm0503_pdtch_decode(), if the 'usf_p' pointer is not
NULL, the USF value would be assigned for CS2/CS3/CS4 (but not CS1)
even if the CRC check fails (negative return value). A subsequent
patch is to bring the CS1 in consistency with CS2/CS3/CS4.
In the case of gsm0503_pdtch_egprs_decode(), decoding of the USF
field separately from data bits is not implemented, and moreover
the function itself cannot be used for decoding Downlink blocks.
Change-Id: I43e8bfb4003f34766ace7c5c6080ca583ce5efbb
An extra osmo_multiaddr_ip_and_port_snprintf() API is introduced which
is used by osmo_sock_multiaddr_get_name_buf() but which will also be
used by other app uers willing to use
osmo_sock_multiaddr_get_ip_and_port() according to its needs (eg. only
printing the local side).
Related: SYS#6636
Change-Id: I48950754ed6f61ee5ffa04a447fab8903f10acc0
This API will be used internally by osmo_sock_multiaddr_get_name_buf()
in a follow-up patch.
This API can also be used directly by user who wish to obtain a list of
local/remote IP addresses and port from an SCTP socket.
Related: SYS#6636
Related: OS#5581
Change-Id: I19d560ab4aadec18a4c0f94115675ec1d7ab14d7
Patch [1] merged few weeks ago, for yet unknown reasons, sprinkles nul
characters at seemingly randomly chosen log line ends.
Trying to figure out why that happens, i got tired of the unreadable
cruft, and decided to migrate the _output_buf() implementation to
osmo_strbuf first.
With osmo_strbuf in use and implementing 1:1 what the previous code did,
the odd nul octets have disappeared. So the bug was caused by unreadable
code.
[1] 11a416827d
Ia7de9d88aa5ac48ec0d5c1a931a89d21c02c5433
"logging: ensure ANSI color escape is sent in same line/before newline"
Related: OS#6284
Related: Ia7de9d88aa5ac48ec0d5c1a931a89d21c02c5433
Change-Id: Ib577a5e0d7450ce93ff21f37ba3262704cbf4752
Upcoming patch adopts osmo_strbuf in logging.c, which sometimes needs to
steal and re-add trailing newline characters, and also needs to let
ctime_r() write to the buffer before updating the osmo_strbuf state.
Related: OS#6284
Related: Ib577a5e0d7450ce93ff21f37ba3262704cbf4752
Change-Id: I997707c328eab3ffa00a78fdb9a0a2cbe18404b4
This code already exists twice, and upcoming patch will need this as
well in logging.c. Add a macro to remove the code dup.
Related: OS#6284
Related: Ib577a5e0d7450ce93ff21f37ba3262704cbf4752
Change-Id: I6f2991125882bff948708bbb4ae218f9f3d1e50c
Those parameters are not related to binding and hence should be
applicable before binding. This allows a caller setting them while not
caring about explicit binding (OSMO_SOCK_F_BIND).
Until recently calling this function without OSMO_SOCK_F_BIND was not
really supported, so the previous placement setting these params in the
function didn't matter much. It does now.
Change-Id: Ia32510e8db1de0cc0dc36cebf8a94f09e44fda70
This is an attempt to fix several downsides of current
osmo_sock_init2_multiaddr() API, mainly the requirement to pass an explicit
local address (!NULL). It also now works fine if OSMO_SOCK_F_BIND flag
is not used.
This reimplementation is based on the follwing logic:
- If caller passed family=AF_INET or family=AF_INET6, that same family
is used and kernel will fail if something is wrong.
- If caller passes family=AF_UNSPEC, the function will try to find the
required family to create the socket. The decision is taken on the
assumption that an AF_INET6 socket can handle both AF_INET6 and AF_INET
addresses (through v4v6 mapping). Hence, if any of the addresses in the
local or remote set of addresses resolves through getaddrinfo() to an
IPv6 address, then AF_INET6 is used; AF_INET is used otherwise.
Related: OS#6279
Change-Id: I2641fbaca6f477404b094dbc53c0c1a3dd3fd2fd
This is a partial revert of 0887188c6b.
We actually want to return number of bits pulled, because in the upcoming
commit implementing the flow control we want to be able to signal to the
caller that the buffer was not completely filled, but only partly.
Change-Id: I47a56f0fc36f2bc8f5a797d7fec64dfb56842388
Related: OS#4396
Check it once rather than doing this in a loop. Return -EAGAIN if
Rx or Tx is not enabled when calling osmo_soft_uart_{rx,tx}_ubits().
This [theoretically] improves performance by reducing the number of
conditional statements in loops. In the Tx path, this also prevents
calling the .tx_cb() when the transmitter is disabled, so that we
don't loose the application data.
Change-Id: I70f93b3655eb21c2323e451052c40cd305c016c8
Related: OS#4396
This code implements a decoder and encoder for the RLP (Radio Link
Protocol) as used in the bearer channel of GSM CSD (Circuit Switched
Data).
Change-Id: I2d9bd8eb4f0cd0f72c436996767b199429596917
RTS based polling in LAPDm code is disabled by default. Make libosmogsm
stay compatible with existing applications that do not use RTS based
polling.
This patch fixes the issue that LAPDM_ENT_F_POLLING_ONLY did enable RTS
based polling too, which breaks existing applications like older
versions of osmo-bts.
Change-Id: I2a75c192bbc24e85bfc1656b2be21cea7a92814a
All bit fields in a union will overlap in memory, as all elements in a
union do. To prevent the bit fields from overlapping, wrap them into a
packed structure.
Change-Id: I5ef5aa62be8310da4ebe9ea73ebbedcbcc2ba49c
Our class/instruction tables (used mainly by simtrace cardem host
software) only contain support for those instructions permitted
in the related card specification.
Microsoft blindly tries CLA=0xCA with INS=0x00 which is not somethin
that the GSM SIM, ETSI UICC or 3GPP USIM specs specify, and which
hence results in log output like this:
DLINP DEBUG [0] <= osmo_st2_cardem_request_sw_tx(sw=6a88)
DLGLOBAL INFO => DATA: flags=0x01 (HDR ), 00 ca 7f 68 00
DLGLOBAL ERROR Unknown APDU case 0
DLGLOBAL FATAL Failed to recognize APDU, terminating
Let's adjust to microsoft and *always* support their instructions
no matter which osim_cla_ins_card_profile was used.
Special thanks to Eric Wild for pointing me to this unexpected
behaviour of PC/SC on modern Windows.
Change-Id: I424964c0afab643e6a5d7824d91c2c86b0d3f25b
Related: SYS#6617
The INS tables always must be declared with 256 elements, even
if they only use some of them. We never know which random INS
code might be used to index them.
This was not discovered until now as the only known user of those
tables is always using the SIM/UICC/USIM table and not the plain
ISO7816 table.
Change-Id: I6739f469f6e84eed9aab403cc481ebff86df0181
The CEIA interface is an interface between osmo-epdg and
strongswan.
It is used by the osmo-epdg to synchronize state.
Related: OS#6091
Change-Id: I6f7c20340c99f94b1326a8a7dc99c86cf6a0dbc3
Similar to Change ID Iade3310e16b906efb6892d28f474a0d15204e861, add
BFI support to TCH AFS and TCH AHS encoder.
Every BTS needs to have some graceful handling for the scenario
where it is time to send out a speech frame on TCH DL, but there is
no frame to be sent. One possible solution is to transmit dummy
FACCH, but this option is unattractive for TCH/AHS where FACCH
displaces two speech frames rather than one. A more elegant solution
is to emit a speech frame with inverted CRC6, causing the MS receiver
to declare a BFI condition to trigger substitution and muting procedure.
Setting all u(k) bits to 0 is one way to produce such an inverted-CRC
speech frame (normal TCH FR/HR CRC6 for an all-zeros frame would be
111111). This patch adds the abiliy to gsm0503_tch_{afs,ahs}_encode()
functions, indicated by payload length of 0.
See §6.2 of 3GPP TS 26.191 for substitution and muting procedure.
Related: OS#6049
Change-Id: I82ce2adf995a4b42d1f378c5819f88d773b9104a
First indicated the received data in an I frame, if possible. Then
indicate the sequence error using MDL-ERROR-INDICATION. This way the
data is delivered before the error is handled by BSC.
Also there is no reason to indicate sequence error on supervisory
frames.
See §8.7.4 of 3GPP TS 44.006.
Related: OS#5968
Change-Id: I535c18018bf0df4124a5e9618238028fa31be289
This behaviour was default in earlier versions of LAPDm/LAPD. Because it
is only required for osmocom-bb, a flag is added to enable it there.
Related: OS#5969
Change-Id: I93994dbbd1fc2c9edb8f3015c6b18ecd0fce0565
The extra queue is used to transmit the UI frame only when there is no
frame in the regular TX queue. This allows to give LAPD frames prioity
over UI frame.
Related: OS#4074
Change-Id: I00c8ee73be8b7c564a4dee3fca3e893484f567da
The lower layer must set the 'POLLING_ONLY' flag and provide frame
number when polling a frame. If T200 is pending, it is started with a
timeout frame number in advance to given frame number.
The lower layer must call lapdm_t200_fn() after a frame has been
received or if a frame has not been received. Also it must be called
after a TCH frame has been received. LAPDm uses this to check the T200
timeout condition.
A new function is used to set the frame number based timeout values.
Related: OS#4074
Change-Id: I6ebe83f829d7751ea9de1d90eb478c7a628db64c
The T200 timer is started when the current frame is polled at
PH-READY-TO-SEND event.
A flag is used to enable this feature. The user of LAPD core must track
frame numbers to check the timeout condition. Then it must call the
external timeout function.
Related: OS#4074
Change-Id: Ib961b5a44911b99b0487641533301749c0286995
The current code does not check the value range of the 'mode' parameter
and would later run into OSMO_ASSERT(), rather than rejecting such a
mode from the very beginning.
Change-Id: I10dd612487638f456d0ad59c2cca203f1e098da3
Related: OS#5751
The two functions of the SCTP socket interface we use in osmo-* are
sctp_send() and sctp_recvmsg(). We do not use sctp_sendmsg() at all,
so let's make sure the mode is named correctly.
Change-Id: Ie2d1c7ce6f211dbe025a0e843ad733443102ea15
Related: OS#5751
The function is basically a shortcut for getaddrinfo with storing the
output data into our 'struct osmo_sockaddr'.
Change-Id: I6b5c0bf8ca97e6358d992fb2ff45ffd53ba15197
Related: SYS#6657
Vadim Yanitskiy
Pau Espin
Neels Hofmeyr
Alexander Couzens
Daniel Willmann
Harald Welte