We must always send the RELEASE.{indication,confirm} last before
returning from a function. We cannot rely on the datalink to
still be around after the call, as the SAP user might have destroyed
the data link meanwhile.
This fixes a heap use-after-free (at least) with RBS2000 when the BTS
is fully brought up and the OML data link is lost, see OS#1762
Change-Id: I8ccca8d5e5d07b666557afe12ab8ac4910ddfb00
Related: OS#1761
Related: OS#1762
Fixes following ASan runtime errors while running vty tests:
command.c:730:27: runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
Somehow we didn't catch this one in Ie11ff18d6fd9f6e1e91a51b6156fb6b0b7d3a9a8
Change-Id: I601caf7daa947f3cf391316f1011007ef9188c90
This is a helper function to broadcast an event to all of the
siblings of a specified FSM instance.
Change-Id: I2ce398741a8672d7b7c4058d056f46e2fe7353c1
A hdlc can be used in different modes. Also a FR device can be used
with lmi and certain settings as without it.
ns2 will use FR with no lmi in the kernel.
Related: SYS#5169
Change-Id: I04786d2b864860b08c2e1afdb199470f4b80cc3b
When reject_stats_msg() fails the code can't do anything about it.
Stick to the original failure code and log it
Change-Id: I105363957e59c41a68835b7a9830c048dba73e93
Thanks to the CLI of nanoBTS, I noticed that upper and lower RxQual
thresholds are sent in wrong order. Only the little-endian variant
needs to be fixed, the big-endian one looks good.
Change-Id: If6ab2377bae6742f871589b529a349498775552f
Related: SYS#4918
This use of strncpy() fails to account for the terminating nul
character. Use OSMO_STRLCPY_ARRAY() instead.
(Interestingly my compiler doesn't complain about this one, though it
failed on another similar use of strncpy().)
Change-Id: Id53e940c7a39ab154966548f4173a179c5bc9151
My gcc (Debian 8.3.0-6) 8.3.0 refuses to build this strncpy() use: it
issues the buffer length as n and thus potentially fails to account for
the terminating nul. The line after that fixes the problem, so it's not
an actual bug. Anyway, we have a policy to never use strncpy(), and have
osmo_strlcpy() and OSMO_STRLCPY_ARRAY() for this.
This strncpy() was introduced last month during first addition of
gprs_ns2_fr.c:
commit 841817ec52
ns2: add support for frame relay
Change-Id Id3b49f93d33c271f77cd9c9db03cde6b727a4d30
Change-Id: I494a6fb7ccd7938a39e8956f73ec4282da38d7fb
When a frame relay interface doesn't exist gprs_ns2_fr_bind() would
detect this but still return a success.
Change-Id: I815b6ef5c3df780ac94461a05975a2b70898b01e
This is required in order to tell MS that osmo-pcu now supports
Network Assisted Cell Change (NACC).
Related: SYS#4909
Change-Id: I2aaa8c1107c977f711c2d7530034f57e36e3a237
The RIM Routing Information IE (see also 3GPP TS 48.018, section
11.3.70) is used to control the flow of BSSGP rim messages at the SGSN.
Change-Id: I6f88a9aeeb50a612d32e9efd23040c9740bc4f11
Related: SYS#5103
Only accept receiving ipaccess style messages when use-reset-block
is selected.
If use-reset-block is disabled allow static NSVCs.
Change-Id: Ia787528b1a6fac6bf1570c21643ef6cd8c209108
In I00e9023a6e7adc6ad48f4016fcaef189ac8b353e we introduced
two new timers, but failed to add the related value_string[]
entries. This caused the VTY code to save something like
timer unknown 0x8 3
timer unknown 0x9 3
which fails to parse on re-start.
Change-Id: If5cfdf1ef68d98933985406d0ac071a0a1185646
In I00e9023a6e7adc6ad48f4016fcaef189ac8b353e we introduced two new
"timers": Number of retries for SNS-CONFIG and for SNS-SIZE.
Yet, the VTY syntax only added one string (tsns-prov-retires), probably
dating back to an earlier version.
Change-Id: I25fa579c7d68a8e4cb1175ae2245f009ab40fda7
According to 3GPP Size and Config procedure can
have retries in case the timeout of the procedure runs out.
Change-Id: I00e9023a6e7adc6ad48f4016fcaef189ac8b353e
In case the first bind is not working the SNS would never build a
succesful connection to the SGSN. Iterate over all binds by
using an offset.
Instead of tracking the binds use an offset instead of a direct pointer.
This might result in skipping the order of the next bind.
Change-Id: I4a0a0608dac6ad8b5769ada2a14ca23f61eb0bcb
The IP-SNS requires at least one initial remote address of the SGSN.
However it should be multiple initial remote address instead of a single
in case the interface might fail.
Rework the SNS to support multiple initial remote addresses.
Change-Id: I71cdbfb53e361e6112fed5e2712236d797ef3ab2
Add gprs_ns2_fr_connect2() and change gprs_ns2_fr_connect() to
be similar to gprs_ns2_ip_connect() and gprs_ns2_connect2().
This is an API break but there wasn't yet a release with NS2.
Change-Id: I4e1374b0e979b3293302c5ed46a91a58f3a5a916
Every bind will have a unique name. Add a name argument
to all bind creating functions and require them to be unique.
This is an API break but there wasn't yet a release with NS2.
Change-Id: I8f1d66b7b3b12da12db8b5e6bd08c1beff085b3e
The allocation of the SNS fsm can be done in create_nse
because the dialect is now known at that time.
Change-Id: I64e1f3dcc63d38e65bb486c9ac08d4032b7ad222
A NS dialect describes how the NS Entity interacts with
different virtual circuits. E.g. ipaccess use reset/block on udp
and is a dynamic connection.
A single NS Entity can only support one dialect. This can be later
used to protect a NS Entity against dynamic NS virtual circuits of a
different type.
It further allows a bind to support multiple dialects at the same time.
Change-Id: Ia118bb6f994845d84db09de7a94856f5ca573404
Commit bd6e7a9f2d did the initial porting
of rest_octet APIs from osmo-bsc, but introduced a bug when moving
bts->e_offset to a generic pointer independent of bts structure.
As a result, using this API from osmo-bsc makes gsm0408 unit test fail
due to bad encoding of several EARFCNs in si2quater.
Fixes: bd6e7a9f2d
Change-Id: I2bf5635b8536b11d69774d17ac1908019633e3af
In rest_octets.c append_earfcn(), the unconditional bits added are 40, not 25.
Removing only 25 bits from the budget resulted in malformed SI2quater starting
with 4 configured EARFCNs, by adding more EARFCNs than fit in 20 bits.
These malformed SI2quater were also expected in gsm0408_test.c. Update the
expected SI2quater to what is being generated now. This patch passes the ttcn3
testing added in I45382f88686ca60e68569e93569fc4cfb63a0e0d, which provides some
confidence that the coding expected in gsm0408_test.c is now correct.
This commit is a cherry-pick of osmo-bsc.git 6589f7c3a8dfdaaf66dda3afa6bbb1118ec825f9
Change-Id: Icc1ece39ad162d09720e104c5cbc12b07d6771a8
Related: OS#4652
When we add an EARFCN to to the SI2quater struct we do not add Serving
Cell Priority Parameters. This essentially causes to MS to ignore the
EARFCN because it is still undefined under which conditions the MS
should change to LTE.
This is a cherry-pick from osmo-bsc.git 295c965c063a8c431507191f6aef1ef78b720685
Related: SYS#4510
Change-Id: If9134759e9bc4ae0920800972632fd8c5dc9c2d9
When opening the socket, use ETH_P_HLDC to restrict the socket to
packet received on HLDC interfaces. This avoids packets from random
other (ethernet, ...) interfaces to appear before we can bind()
it to the actual hdlc-net-device we're interested in.
We still are racing against other HLDC net-devices, but those have
lower PPS and throughput ratese as 1G/10G or even higher speed ethernet
devices that might exist on the same machine.
Change-Id: I6a556e6e2d012c17a2777cc8b30fed0f318db178
An AF_PACKET socket will immediately receive packets of _all_ interfaces
until it is bound to one specific interface. This introduces a race
condition between the socket() and the bind() syscall.
Let's use the ifindex passed for each packet in recvmsg() to drop
any packets received for other interfaces.
Change-Id: I8f708ba4f9b7f76525acce17b24a8f7b125a1c1c
Related: SYS#5245
osmo-pcu unit tests fail ue to this new log line. Let's rather simply
leave a comment there, since anyway known apps will be migrating soon
the new APIs.
Fixes: fde19ed579
Change-Id: Ib9bf528db08f7aaa4adaf7b6a320679a4f11a53d
The FSM doesn't actually implement the flow control logic,
it only decodes / dispatches and encodes messages.
Related: OS#4891
Change-Id: Ie59be6761177c43456898be9148727f15861a622
The 16 ANSI colors we started to use for OpenBSC in 2008 were
sufficient for those few sub-systems that occurred in the BSC/NITB.
Over time, most sub-systems did not get colors anymore. Let's
change that and assign more or less random colors from the 8bit
color palette.
Change-Id: Ia8c0f91a61fbca0441faf66b3f368f45f886187c
Similar to ns2 superseding ns, we now also intoduce a next generation
of BSSGP related code to libosmogb. However, this is not aiming to
be a full implementation yet, but simply those parts that we currently
need from the revamped osmo-gbproxy.
The gprs_bssgp2.[ch] differs in two ways from the old code:
* it separates message encoding from message transmission
* it supports more recent specs / IEs
bssgp_bvc_fsm.c is a genric implementation of the BSSGP BVC
RESET/BLOCK/UNBLOCK logic with support for both PTP and signaling,
both on the SGSN side and the BSS side.
Change-Id: Icbe8e4f03b68fd73b8eae95f6f6cccd4fa9af95a
Historically, BSSGP uses a non-constant, user-configurable integer
varieable for the logging sub-system. Let's replace this with a
statically-allocated library logging constant.
This is required if we want to use the subsystem number in e.g.
static initialized for osmo_fsm.log_subsys.
Change-Id: I506190aae9217c0956e4b5764d1a0c0772268e93
The wrong argument was used to multiply by 4. However it was still
compliant because the SNS code would always supports 16 NSVCs.
Use the correct multiplier.
Fixes: ttnc3 pcu sns test cases
Fixes: 42ad549152 ("gprs_ns2_sns: dynamic calculate the maximum NS-VCs")
Change-Id: I58d706c6fffb4237b90b37cade4dc00c6aba6ac9
Those routines are very useful when puzzling together BSSGP messages
with 16-bit and 32bit sized IEs.
Change-Id: I033f9a708c9d7ffad91336178231dc66233e1693
Alexander Couzens
Harald Welte
Vadim Yanitskiy
Philipp Maier