The length check of the decoder functions is not entirely
correct. The check also checks for values below zero,
which does not make sense, since the length is encoded
as uint8_t.
For some elements a minimum length is known (in most cases
this is 1), so checking for zero is sufficient but in some
cases (e.g. channel type) the spec mentions a minimum and
maximum length. This is now also reflected in the code.
Tweaked-by: nhofmeyr
Change-Id: I78bc887f68d1963d28c6fcd631ac20ccd893d6d6
The contents of the speech codec element (struct gsm0808_speech_codec),
that is also used in the speech codec list element (struct
gsm0808_speech_codec_list) can be generated directly from the
permitted speech parameter in the channel type field (struct
gsm0808_channel_type) when full AoIP with compressed speech via
RTP/UDP/IP is assumed and when the codec configuration on the air
interface exactly matches the codec configuration on the IP backhaul.
This patch adds a function that can be used as a helper to fill
out spech codec fields by only giving a permitted speech parameter
as input.
Change-Id: I257c972e9fdf0dfe940a8d483447085bd62e50a2
The permitted speech field used in channel type element (struct
gsm0808_channel_type) uses a different representation as
the type field in the speech codec element (struct
gsm0808_speech_codec)
This patch adds a function to convert from permitted speech to
speech codec type.
Change-Id: Ib26a9c20864459b2baaa04f49b6e7902ba44b7cb
The implementation of the parser/generator for the speech codec
information element slightly wrong, making it impossible to use
it properly.
(See also: 3GPP TS 48.008, 3.2.2.103)
Change-Id: Idabb0f9620659557672e1c6b90c75481192e5c89
It's a pity that even with this patch we still are fare away from having
the whole API documented. However, at least we have a more solid
foundation. Updates not only extend the documentation, but also make
sure it is rendered properly in the doxygen HTML.
Change-Id: I1344bd1a6869fb00de7c1899a8db93bba9bafce3
Previously MCS0 was incorrectly set for some of type1 header values
while according to 3GPP TS 44.060 it can only be set for type3. Fix
this:
* use EGPRS_MCS* constants instead of magic values
* do not set MCS0 for reserved bits values in EGPRS header type1
* return different error codes for invalid and unsupported MCS as well
as for other decoding errors
Note: there's no need to adjust tests because MCS0 decoding is not
supported but it's better to explicitly distinguish between unsupported
and invalid values nevertheless.
Change-Id: Id665d5c0cf50efa18b1bcbf4f17359418a380f9e
Related: OS#1524
In tightly embedded builds (--enable-embedded), we want the ability to
replace talloc with a very simple heap allocator to avoid the complexity
of talloc without modifying all our code that assumes talloc.
This will break the hierarchical notion of the allocator, but
libosmo{core,gsm,coding,codec} don't rely on that anyway.
Change-Id: Ie341034076f242a813f081919dd09d845775ad35
* add osmo_earfcn_bit_size_ext() function which allows to specify how many
EARFCNs we should skip when estimating required bit size for SI2quater
* make old osmo_earfcn_bit_size() into wrapper over newly added function
and mark it as deprecated
This is necessary to properly estimate necessary space for EARFCNs when
they are spread over several SI2q messages with different index.
Change-Id: I92e12e91605bdab9916a3f665705287572434f74
Related: RT#8792
Table 10.5.157 in 10.5.6.6 of 3GPP TS 04.08 is badly formatted. The first
value 0x19 "LLC or SNDCP failure" is in the same line as the heading and has
not been included in the struct_value so far.
Table 10.5.157 in 10.5.6.6 of 3GPP TS 24.008 fixes this formatting issue and
also defines two more values 0x08 and 0x18 which are now added to the struct
value_string.
Change-Id: I5bcc52f739ff0677011d024448afcc2a54869638
Add a new function timer function to set up the timer, similar to what
we have in the Linux kernel. This patch also converts existing opencoded
timer setup in the libosmocore tree as initial client of this new
function.
This patch implicitly removes function callback passed by reference that
defeat compile time type validation.
Compile-tested only, but I ran make check that reports success when
testing timer infrastructure.
Change-Id: I2fa49972ecaab3748b25168b26d92034e9145666
Coverity Scan reported a control flow issue in line 206:
CID 166898: Control flow issues (DEADCODE)
The second branch of the if statement can not be reached. The
purpose of the second if branch was to filter out zero length
elements if the header states that it is a non extended speech
codec type. This makes no sense, since the header needs at
least one byte.
This patch removes the second if branch, zero length elements
are catched by the already existing zero length check at the
beginning of the function
Change-Id: I89751fc0d598734c64ef1fdced75b7c4fa77c616
* data structure representing 3GPP TS 52.021 §9.4.62 SW Description
* function to serialize it into msgb
* function to deserialize it from buffer
* functions to extract/estimate buffer size for SW Description
* test harness (partially taken from OpenBSC)
There are several similar functions to deal with SW Description in
OpenBSC, there's also need to use similar functionality in
OsmoBTS. Hence it's better to put the code into common library with
proper tests and documentation.
Change-Id: Ib63b6b5e83b8914864fc7edd789f8958cdc993cd
Related: OS#1614
We are allocating a buffer on the stack without initializing it, and
then passing it into ipa_ccm_make_id_resp(). There is no real danger
from this, as the buffer is only uninitialized if num_ies is 0, but
let's memset() it for good style
Change-Id: If5761a47b8cba73ddcc02a88cfa5c87c1970c04e
Fixes: coverity CID#167040
The ipa.c file already contained code to parse an ID RESPONSE into the
'struct ipaccess_unit', but it didn't so far contain code to put
together an ID RESPONSE packet based on that structure. Let's change
that with ipa_ccm_make_id_resp() and a helper wrapper
ipa_ccm_make_id_resp_from_req().
Change-Id: Icbcd8827a75fd5f3393351c1ca372de85275ad35
The create function to generate the RESET ACKNOWLEDGE
message is not accessible from outside, as it does not
appear in limosmogsm.map. It also has not testcase.
This commit adds gsm0808_create_reset_ack() to the
map file and also adds a testcase.
Change-Id: I82d3411484f82b4a9205d407fa0442244678f183
gsm0808.h/c lacks functionality to generate BSS_MAP_MSG_ASSIGMENT_RQST messages.
These messages are required if the code is used in an MSC implementation.
This commit adds a gsm0808_create_assignment() function, that generates an
A/AoiP BSS_MAP_MSG_PAGING message.
Change-Id: I4d1d455a1e1cf95407e23ded7b7defbcf2dd6ff0
gsm0808.h/c lacks functionality to generate BSS_MAP_MSG_PAGING messages. These
messages are required if the code is used in an MSC implementation.
This commit adds a gsm0808_create_paging() function, that generates an A/AoiP
BSS_MAP_MSG_PAGING message.
Change-Id: I9afecf0109305ca5153bf081bb29cd94071dd2b7
gsm0808.h/c lacks functionality to generate CIPHER MODE COMMAND messages. These
messages are required if the code is used in an MSC implementation.
This commit adds a gsm0808_create_cipher() function, that generates an A/AoiP
CIPHER MODE COMMAND message.
Change-Id: I8eb1c357860c3e740b0f5d17e1c256bc87920958
The planned support for true A over IP requires the encoding of
the a Cell Identifier List element (see also BSS_MAP_MSG_PAGING).
This commt adds encoding/decoding functionality and tests for
the element mentioned above, however, it is not yet actively used.
Change-Id: I625245dd1dd396fc2bc189e8cd2c444a33042528
The planned support for true A over IP requires the encoding of
the an Encryption Information element (see also BSS_MAP_MSG_CIPHER_MODE_CMD).
This commt adds encoding/decoding functionality and tests for
the element mentioned above, however, it is not yet actively used.
Change-Id: I8262050a9d9fd3f17462cfbb046c6e034dccc6fb
The planned support for true A over IP requires the encoding of
the a Channel Type element (see also ASSIGNMENT REQUEST).
This commt adds encoding/decoding functionality and tests for
the element mentioned above, however, it is not yet actively used.
Change-Id: Id0e2164d84b8cbcc6fe6a090fc7f40a1251421d7
the classic A implementation in libosmocore lacks support for AoIP
message elements. This patch adds support for AoIP by adding a set
of new gsm0808_create_..., which support the missing AoIP message
elements
Change-Id: I77f866abec1822d19871052f3c647ad782785b34
The planned support for true A over IP requires the encoding and
decoding of a so called "Speech Codec Element" element.
This commt adds parsing functionality and tests for the element
mentioned above, however, it is not yet actively used.
Change-Id: I0e1e2edf47adaa45b22d4b0bcae3640dba7ca200
The planned support for true A over IP requires the encoding and
decoding of a so called "AoIP Transport Layer Address" element.
This commt adds parsing functionality and tests for the element
mentioned above, however, it is not yet actively used.
Change-Id: I57933b0a06a3f54ec2a41e6ecb6ced9fbbc89332
The state check in lapd_dl_reset causes some buffers
never to be released. Using talloc report LAPD UA
message buffers are never released after each call
and cause a memory leak.
Change-Id: I2799b70623f2ec4dbc725eb213e332e98da02a3e
Expand 3GPP TS 52.021 §9.4.43 Probable Cause with Osmocom-specific value
for PCU version reporting to enable sending it via OML alarms.
Change-Id: If57459c0610f2c7b36d599b13087c8deef8bdd9e
Related: OS#1614
Ensure that a changed conv_gen.py and/or conv_codes_gsm.py result in
regeneration of the gsm0503* generated sources. Before this patch, manual
cleaning of the generated files was necessary to benefit from a code update.
Change-Id: Ib4328662c21280c0ea6aa9391a64ada2c6598704
Composing the message type string requires knowing the protocol discriminator.
To ease printing the message type, add this function to switch between the
defined value_string[]s depending on pdisc.
Also publish the message type value_string[]s -- without inline functions to
access them because it is anyway more convenient to use
gsm48_pdisc_msgtype_name() instead.
Since gsm48_pdisc_msgtype_name() is nontrivial, do not add as inline function
-- in case the message type is not known, it needs a static string buffer.
Change-Id: I0fca8e95ed5c2148b1a7440eff3fc9c7583898df
I often want to log the protocol discriminator in the openbsc debug log. It's
more useful to get the name directly instead of looking it up every time.
Change-Id: I0f053e2a4360b27ffccda7cf82469fb1b1cbb3ae
To ensure that the IND index appended to SEQ does not affect the SEQ, the check
should read '>= seq_1', not '>'.
Change-Id: Ib1251159eee02aa07fae1b429ffec2e4604bf6a8
So far we incremented SQN by 1, which doesn't match the procedures described in
3GPP TS 33.102. An IND (index) denotes a non-significant part of SQN, and the
significant SEQ part needs to be incremented.
In OsmoHLR we furthermore want to use the "exception" suggested in annex C.3.4,
so that each HLR's client has a fixed IND index. In other words, we will not
assign IND cyclically, but keep IND unchanged per auth vector consumer.
Add 'ind_bitlen' and 'ind' to the osmo_sub_auth_data.u.umts structure and
increment SQN accordingly.
Add a comment explaining the details.
Because 'ind_bitlen' is still passed as zero, the milenage_test does not change
its behavior, which is a feature I want to clearly show in this patch. The test
will be expanded for the newly implemented SQN scheme in a subsequent patch.
Adjust osmo-auc-gen.c to still show the right SQN and SQN.MS -- because it is
passing ind_bitlen == 0, osmo-auc-gen can rely on single increments and know
SQN.MS is sqn - 1. Note that osmo-auc-gen_test output remains unchanged.
Related: OS#1968
Change-Id: Ibc97e1736a797ffcbf8c1f7d41c5c4518f4e41bf
Prepare for the implementation of splitting SQN increments in SEQ and an IND
part; particularly to clearly show where the changes in auth/milenage_test's
expectations originate.
Rationale: the source of UMTS auth vectors, for us usually OsmoHLR, typically
stores the last used SQN, not the next one to be used. Particularly with the
upcoming fix of the SQN scheme, this change is important: the next SQN will
depend on which entity asks for it, because each auth consumer may have a
particular slot in the IND part of SQN. It does not make sense to store the
next SQN, because we will not know which consumer that will be for.
The milenage_test has always calculated a tuple for SQN == 34. To account for
the increment now happening before calculating a tuple, lower the test_aud->sqn
by one to 0x21 == 33, so that it is still calculating for SQN == 34.
Because we are no longer incrementing SQN after the tuple is generated,
milenage_test's expected output after doing an AUTS resync to 31 changes to the
next SQN = 32, the SQN used for the generated tuple.
(BTW, a subsequent patch will illustrate AUTS in detail.)
osmo-auc-gen now needs to pass the user requested SQN less one, because the SQN
will be incremented befor generating the auth vector. Also the SQN remains the
same after generating, so SQN output needs less decrementing. Note that the
expected output for osmo-auc-gen_test remains unchanged, hence the same input
arguments (particularly -s <sqn> and -A <auts>) still produce the same results.
Note: osmo-hlr regression tests will require adjustments when this patch is
merged, because it must now pass desired_sqn - 1 instead of just desired_sqn.
See osmo-hlr change-id I4ec5a578537acb1d9e1ebfe00a72417fc3ca5894 .
Related: OS#1968
Change-Id: Iadf43f21e0605e9e85f7e8026c40985f7ceff1a3
We don't really use state numbers without bounds check into string
tables since March 2010, when value_string became part of libosmocore.
It's time to catch up, 7 years later...
Change-Id: I1dac7b4cb441a1119cc167112521e8b8aae62e63
There are some projects, such as GR-GSM and OsmocomBB, which would
benefit from using one shared implementation of GSM 05.03 code. So,
this commit introduces a new sub-library called libosmocoding, which
(for now) provides GSM, GPRS and EDGE transcoding routines, migrated
from OsmoBTS.
The original GSM 05.03 code from OsmoBTS was relicensed under
GPLv2-or-later with permission of copyright holders (Andreas Eversberg,
Alexander Chemeris and Tom Tsou).
The following data types are currently supported:
- xCCH
- PDTCH (CS 1-4 and MCS 1-9)
- TCH/FR
- TCH/HR
- TCH/AFS
- RCH/AHS
- RACH
- SCH
Change-Id: I0c3256b87686d878e4e716d12393cad5924fdfa1
Previously lapdm_datalink->entity->mode was dereferenced without
checking if correct entity is present. This might lead to
segfault. Check it explicitly before dereferencing, log error and
gracefully return if necessary.
Change-Id: I0361e3731e86712b415a370cab1128d611988f56
Related: OS#1898
It is in the public header file and allows to easily bind it from
other languages (without having to go through the abstraction).
Change-Id: I0128d529c52ec030cfb87b0aff3c69cadf2c59d2
This change makes the conv_gen application more interactive
and flexible, allowing to generate not only code definitions
but also the test vectors and header files in the future.
Moreover, it becomes possible to select exact code family,
such as GSM, GMR etc.
Change-Id: I0b476b00234c17f78b41d695cf3bfd13edb64c28
FreeBSD 11.0 uses clang version 3.8.0 which spits various warnings
during libosmocore compilation. Let's clean this up a bit.
Change-Id: Ic14572e6970bd0b8916604fabf807f1608fa07e5
in lapd_t200_cb() The RELEASE INDICATION is transmitted before
the MDL ERROR INIDCATION, this prevents the MDL ERROR INDICATION
from being sent because the RELASE INDICATION close to connection
eraly. This commit puts the messages into the correct order.
Change-Id: Iae74777138fc27828f511e3aa321d1981861f4a5
when the lapd core is in state LAPD_STATE_SABM_SENT, and the
retransmission counter exceeds (link down) lapd_t200_cb() will
send an RELASE_INDICATION and an MDL_ERROR_INDICATION to L3.
This action is done before the state is processed. This seems
to be no problem with standard retransmission counts (n200),
but may cause timing problems that lead to deadlock states when
custom timer configurations are in use. (Ericsson RBS).
This commit moves the functions calls for sending the indications
mentioned above to the very end of the if branch to relax the
timing again. (See lapd_t200_cb())
Change-Id: I1c1beb3701b19744a3ce9946abca7767d20a0b6a
milenage_gen_vec() has parameter ordering of (..., auts, rand_auts, rand).
osmo_auth_gen_vec_auts() has (..., rand_auts, auts, rand), but actually feeds
args in the same order, so that its rand_auts becomes auts, and its auts
becomes rand_auts.
Interestingly enough, API user osmo-gen-vec.c also adheres to this misordering
and in turn passes auts for osmo_auth_gen_vec_auts()'s rand_auts and vice
versa, so that it matches milenage_gen_vec().
So both the implementation (milenage_*) and the API user use the same ordering,
just osmo_auth_gen_vec_auts() and osmo_auth_impl{ .gen_vec_auts() } in-between
have the argument names swapped.
Any current user of this API would need to adhere to this swapping or will not
get successful AUTS resolution to a SQN. So the least impact fix is to rename
the args without any actual functional change.
So swap the names rand_auts and auts for osmo_auth_gen_vec_auts() and
osmo_auth_impl{ .gen_vec_auts() }. (Also adjust API doc ordering)
Change-Id: I0dcbd49759fc32d3b8974102dbd1d6703364ebf4
The debug output of lapd core has no references to the dl objects,
since we have multiple links, seeing which action is for which
object is impossible. This commit adds pointer references (dl=%p)
to each log line.
Change-Id: I3024d1cbd58631e2abac4ce5822528e2e6e15fda
GSUP transmits AUTS for UMTS authentication procedures, and OAP uses the same
procedures to authenticate. osmo-gen-vec is a utility program that passes AUTS
to our osmo_auth_gen_vec_auts() API.
According to 3GPP 33.102 6.3.3, AUTS = SQN^AK || MAC-S, which are 6 || 8 == 14
bytes. This is confirmed by 24.008 9.2.3a where the TLV has 16 bytes, TL = 2
and AUTS being the V = 14.
It is not harmful for milenage_gen_vec_auts() to pass two more AUTS bytes. But
writing 16 bytes to a GSUP struct is a potential problem when passing in a 14
byte long AUTS buffer to the GSUP API, which then reads past the AUTS buffer.
The API implies the length, so far to be 16, so passing in a 14 byte buffer to
GSUP would require copying to a larger buffer first.
Fix this by using a length of 14 for AUTS everywhere instead.
This constitues an ABI breakage, we may handle it as a "fix before an official
release", otherwise we need a version bump.
The OAP protocol document has also been updated, needs an update in the
osmo-gsm-manuals as well.
Change-Id: If25b173d9ec57ea4c504d860954912b7d82af455
It accept fixed number of arguments including va_list instead of variable
number of arguments in abis_nm_fail_evt_rep() - similar to vprintff() vs
printf().
Related: OS#1615
Change-Id: Ib293dec1c2de9b664584a8456c782ea7b6dd8555
Add 3GPP TS 12.21 § 8.8.2 Failure Event Report function which pack given
vararg string and parameters into msgb.
Change-Id: I58c198d8ea588432c62520928b08f0b2a7035e93
Related: OS#1615
This resolves
gprs_cipher_core.c:118:37: runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
Change-Id: Ib1866595030ad9d11c886621ce69632462befa3a
* update debian/changelog
* update TODO-RELEASE
* add comments to Makefile.am and TODO-RELEASE to simplify the process
in future
* add link to libtool docs to Makefile.am to simplify LIBVERSION
maintenance
Related: OS#1861
Change-Id: I22c257e357f597519120232d742d6a61289db021
In the process, also:
* Change the license from AGPLv3 to GPLv2-or-later;
* correct spelling of 'sysmocom' to lowercase;
* add '2016' to the copyright;
* rename to osmo_*;
* add API docs;
* add logging category DLOAP: define id and add to internal_cat;
* redirect all oap.c logging to DLOAP.
A unit test will follow in a subsequent patch, since it needs a minor tweak for
decoding of boolean values.
The related openbsc change-id is I2f06aaa6eb54eafa860cfed8e72e41d82ff1c4cf.
Tweaked-by: Neels Hofmeyr
Change-Id: If5099e60681a215e798b6675f21813f26769c253
The G used to mean GPRS, but the scope is larger now. To satisfy the curious
reader, give the G a name in gsup files' header comments. BTW, logging.h and
gsup_test.c already mentioned "Generic" before this.
Change-Id: I6ac5cf94c215e156ceff6a58da3d9e520ca942d9
The copyright in gsup.h differed from the one in gsup.c: gsup.c names the GNU
Affero GPL, gsup.h only the GNU GPL. Change both to GPL-v2-or-later.
In gsup.c/h's copyright notice, 'sysmocom' should be spelled lower case.
Change-Id: Ia5748c275501889b9086aef7d20ccb5c9edb8031
Add two functions to create USSD messages. Moves and generalizes code from
openbsc. Pending: use the new functions in openbsc.
It looks like _release_complete() should also set trans_id and direction flag;
but since this is moving code from openbsc that is apparently working, just
place a fixme comment and don't change the functionality.
Change-Id: Ia80e32c7105359915bfad3cc5621a1c09caf20f0
Add function gsm0480_l3hdr_push() to push a struct gsm48_hdr to the start of a
msgb. Use in gsm0480.c and gsm0411_utils.c. Further callers of the new function
will follow in openbsc as well as another libosmocore patch for ussd.
Change-Id: I54fce6053ab8362015686fe22dbcd38bf1366700
gsm48_encode_bcd_number() can theoretically return a length in excess of
the size of the bcd_buf, but only in case an overly-long IMSI is passed
into the function (which would be illegal in the first place).
Change-Id: If3dc68ee13ff784b487bbc686b777cec9057d537
Fixes: Coverity CID 135216
Output more information in case of IPA protocol errors to make debugging
easier.
Change-Id: I7632d6e679e076bfbec9abc12da4a46cc27ccea1
Related: SYS#3028
It is actually listed in libosmogsm.map, but still used to be a static
symbol. That couldn't have worked.
Change-Id: I6f3f04b683d906674ee7da9bab5762bb00cea916
- Add missing message types to be up to date with the
latest specification release (3GPP TS 04.18)
- Add value strings to translate RR message type identifiers
into human readable strings. (see gsm48_rr_msg_name() in
gsm48.h
Change-Id: I3ceb070bf4dc8f5a071a5d43c6aa2d4e84c2dec6
rr_cause_name() is located a far of from
value_string rr_cause_names[] while other value string
functions are located right below their related value
string definitions. This commit moves rr_cause_name()
below rr_cause_names[] as it should be
Change-Id: Ie6c03a6ea02c370d8733db5ba2a709610cd70ce7
Instead of generating every convolutional code into a separate
file (such as conv_xcch_gen.c, conv_cs3_gen.c), it is better to
have a single file, containing all definitions, because as many
convolutional codes we add, as many entries we will have to add
into 'src/gsm/Makefile.am'. This approach increases readability
of the Makefile.am, and also makes us able to share some data
between some convolutional code definitions.
For example: xCCH, RACH, SCH, TCH/F, both CS2 and CS3 may use
the same *_state[][2] and *_output[][2] arrays within a single
file. This optimization is currently WIP.
Change-Id: Ib4e4ee5fdde38429e68e3b2fa50ec03a18f59daa
This fixes the conv*gen.c targets when building in a different directory
than the source tree.
Notably, building in a different dir worked when the generated sources were
already present from a previous build inside the source directory.
Change-Id: I5a9b780ad4ba607ea39854dcf7207ed05f5447bc
See 04.80[1], section 3.4: the highest two bits are used as counter or ignored
and do not contribute to the SS "Miscellaneous message group". Previous mask of
0xbf included the highest bit, fix to 0x3f.
Observed a value of 0xbb that should mean 0x3b="Register" during testing of 3G
USSD requests, which seem to be the first to send a nonzero highest bit to our
code. The erratic mask of 0xbf lead to an unhandled message type of 0xbb.
[1] 3GPP TS 24.080 version 7.2.0 Release 7 / ETSI TS 124 080 V7.2.0 (2006-09)
Change-Id: I299001a9e36c16f55622a0acd5d4a55ca49d0055
When lapd_dl_flush_hist() was called before we actually had started a
transmit history from lapd_dl_init(), we woul segfault before this
patch.
Change-Id: Ifa677c9b335dd2884b4f3e44699d901957a0500b
Includes EGPRS coding and puncturing scheme (CPS) tables from 3GPP
TS 04.60. Currently osmo-bts-trx is the only user of CPS table
values, but this may change with gprsdecode and other utilities.
Change-Id: I09fe6514a0e2e51bb3206f8387633f7e0255345f
osmo_auth_vector's first member is an array, so for a zero initializer, we
should add a second set of array braces.
Change-Id: Iace448caca8152e46244f26c3af250f2035c99eb
Corresponding test code include both official test vectors from the
specs and data from over-the-air tests.
This obsoletes libosmo-crypt-a53 as it was last missing piece
unimplemented in libosmogsm.
Change-Id: I939e4f6b91b4a7c591ef3761fe2d46ed1c2fb2d3
Related: OS#1582
Check if particular GMM message can be encrypted according to 3GPP TS
24.008 § 4.7.1.2
Related: OS#1582
Change-Id: I7ad0e03c2c738d174dd6bc3453f332eeb8da1e7d
If lapd_dl_flush_hist() is called after lapd_dl_exit(), dl->tx_hist has
already been free'd and set to NULL. Check for this before attempting
to de-reference a NULL pointer.
This bug breaks OpenBSC with any E1 based BTSs using DAHDI.
Change-Id: I117ba3445fa5e8097e21c11c5a6337de6ba46c7d
Related: OS#1760
Add function which parses MS network capability IE value for bits
indicating support for particular version of GEA.
Change-Id: I785cef37dd272a2fab9b172f6e1392f865174e9a
Relates: OS#1582
This function perform 64 -> 128 bit key expansion which useful for
converting between UMTS CK and GSM Kc, A5/3 and A5/4, GEA3 and GEA4
keys.
Change-Id: I5a6c6deef6027cd6af144c9062d4c9166be26904
Related: OS#1582
Encoding auth vectors worked fine for GSM authentication, but didn't
yet include the new IEs for UMTS authentication yet.
Change-Id: I7fa5ba1c950292bd0a9874b3102a27f221ce390d
Reviewed-on: https://gerrit.osmocom.org/302
Reviewed-by: Harald Welte <laforge@gnumonks.org>
Tested-by: Jenkins Builder
Context: in osmo-bts, I want to look up an RSL message name in rsl_msgt_names
and fall back to rsl_ipac_msgt_names if not found, because the IPAC PDCH ACT
and DEACT messages are sent in a standard ABIS_RSL_MDISC_DED_CHAN.
Change-Id: Ic9ba721a1469cf51aed97ab0f44a7fe055c94b1f
Reviewed-on: https://gerrit.osmocom.org/231
Reviewed-by: Harald Welte <laforge@gnumonks.org>
Tested-by: Jenkins Builder
This is a "flag" day change. Old OpenBSC break with new libosmocore
because suddenly there is the 0x in front. I am afraid we need to
find a better solution here. I think we will need to create a
gsm48_mi_to_string variant that takes a mode parameter to enable the
TMSI mode and deprecate the old method.
Right now we should not break old versions of OpenBSC.
This reverts commit 78ad042f94.
Change-Id: I2f61e626f2f9088b492e1b643c3dcc9bce77d52b
Reviewed-on: https://gerrit.osmocom.org/86
Tested-by: Jenkins Builder
Reviewed-by: Holger Freyther <holger@freyther.de>
Previously, we traditionally displayed a TMSI in its integer
representation, which is quite unusual in the telecom world.
A TMSI is normally printed as a series of 8 hex digits.
Review at https://gerrit.osmocom.org/57/
Change-Id: Ifd25365bfa3b4ee95b16979740c3229948ce17f2
Reviewed-on: https://gerrit.osmocom.org/57
Tested-by: Jenkins Builder
Reviewed-by: Harald Welte <laforge@gnumonks.org>
Reviewed-by: Holger Freyther <holger@freyther.de>
It assembles RSL Uplink Measurement IE according to 3GPP TS 08.58
§9.3.25. The function is based on lchan_build_rsl_ul_meas() from OsmoBTS
but optionally includes DTX information.
Change-Id: Ib37107bcc9909e5105ea711de42d3fb1db7e8d9e
Reviewed-on: https://gerrit.osmocom.org/44
Tested-by: Jenkins Builder
Reviewed-by: Harald Welte <laforge@gnumonks.org>
* rename field of struct gsm48_cell_options to better match the spec
* add comments with spec references
* add function for setting DTX in cell options struct
* add necessary enum type
Change-Id: I5a8924f57669c951b2e51b663d95f1d360062a54
Reviewed-on: https://gerrit.osmocom.org/39
Reviewed-by: Harald Welte <laforge@gnumonks.org>
Tested-by: Jenkins Builder
Add various missing \returns doxygen entries.
In osmo_auth_3g_from_2g(), also adjust two comment-closing instances to
match common style and add a period to end a sentence.
(The recent addition of osmo_auth_3g_from_2g() raised my attention, and I added
more return value docs while at it.)
Change-Id: Iea71eb666bc061acb6b14215f398bd38d17b3ad3
Reviewed-on: https://gerrit.osmocom.org/33
Tested-by: Jenkins Builder
Reviewed-by: Holger Freyther <holger@freyther.de>
In the autentication re-sync case, we need not only the AUTS from
the MS/UE, but also the RAND that we sent as part of the failed
authentication challenge.
Move those routines from OpenBSC to libosmogsm, so they can be
re-used from other programs. I think it was a mistake to add them only
inside the openbsc repository in the first place. We need to pay more
attention to this in the future.
The definitions in this header file (and associated strings in the
c file) are generic about the GPRS Layer3 signalling protocols, and
thus should be part of the library.
The script does not work with python3:
$ python3 utils/conv_gen.py
File "utils/conv_gen.py", line 124
def _print_term(self, fi, num_states, pack = False):
Second there is no 'python' on FreeBSD and one needs to select
the major version to use.
GEN conv_cs3_gen.c
GEN conv_xcch_gen.c
GEN conv_cs2_gen.c
python: not found
python: not found
python: not found
By using python2 we solve both issues. On Debian python2 is located
inside the python-minimal package.
Add python utility to generate .c code with convolutional
encoder/decoder based on polynomial description of the code. If argument
given it'll be interpreted as intended output directory, otherwise
current working directory is used.
Codes for *CCH, CS2/3 and TCH/AFS are generated. Corresponding manual
implementations are removed from tests. This introduce build-time
dependency on python.
The main work for this patch was generously contributed by Sylvain
Munaut.
Fixes: OS#1629
Extend the u8 to u32 before going to shift it.
Fixes:
milenage/aes-internal.c:799:4: runtime error: left shift of 128 by 24 places cannot be represented in type 'int'
#0 0x7f84e9fe86a2 in rijndaelKeySetupEnc (/home/builder/jenkins/workspace/Osmocom_Sanitizer/source/libosmocore/src/gsm/.libs/libosmogsm.so.5+0xfa6a2)
#1 0x7f84e9febad8 in aes_encrypt_init (/home/builder/jenkins/workspace/Osmocom_Sanitizer/source/libosmocore/src/gsm/.libs/libosmogsm.so.5+0xfdad8)
#2 0x7f84e9fe7d14 in aes_128_encrypt_block (/home/builder/jenkins/workspace/Osmocom_Sanitizer/source/libosmocore/src/gsm/.libs/libosmogsm.so.5+0xf9d14)
#3 0x7f84e9febe7d in milenage_f1 (/home/builder/jenkins/workspace/Osmocom_Sanitizer/source/libosmocore/src/gsm/.libs/libosmogsm.so.5+0xfde7d)
#4 0x7f84e9fee2ce in milenage_generate (/home/builder/jenkins/workspace/Osmocom_Sanitizer/source/libosmocore/src/gsm/.libs/libosmogsm.so.5+0x1002ce)
#5 0x7f84e9fe76d7 in milenage_gen_vec (/home/builder/jenkins/workspace/Osmocom_Sanitizer/source/libosmocore/src/gsm/.libs/libosmogsm.so.5+0xf96d7)
#6 0x7f84e9fe6c08 in osmo_auth_gen_vec (/home/builder/jenkins/workspace/Osmocom_Sanitizer/source/libosmocore/src/gsm/.libs/libosmogsm.so.5+0xf8c08)
#7 0x401441 in main (/home/builder/jenkins/workspace/Osmocom_Sanitizer/source/libosmocore/tests/auth/.libs/lt-milenage_test+0x401441)
#8 0x7f84e8e33a3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x20a3f)
#9 0x400e58 in _start (/home/builder/jenkins/workspace/Osmocom_Sanitizer/source/libosmocore/tests/auth/.libs/lt-milenage_test+0x400e58)
For 3G, I need a BCD composer/parser similar to gsm48_generate_lai()/
gsm48_decode_lai(). Those functions also handle a trivial extra
member (lac) which I don't need in this way for 3G.
So create new functions to take on the MCC+MNC BCD handling and call those
from gsm48_generate_lai() and gsm48_decode_lai(). In this way, the 3G code
in openbsc can use only the BCD functionality without code duplication.
Add inline functions for both release <= 98 and release >= 99 as well as a
default define. Use the release 98 by default since the current code base uses
the r98 bitmasks.
These inline functions relieve callers of the decision on masking bits of the
protocol discriminator and message type octets.
Also add a define for the protocol discriminator extension to one octet length
(GSM48_PDISC_EXTEND).
Apply new pdisc function in gsm0480.c.
[hfreyther: Make the hdr param const]
Include the headers mentioned by the manpage
ipa.c:346:9: warning: implicit declaration of function 'recv' is invalid in C99
[-Wimplicit-function-declaration]
ret = recv(fd, msg->tail, needed, 0);
This code dealing with bit shifting sometimes gets 1 byte beyond array
boundary while calculating index. This is now explicitly checked and prevented.
Ticket: OW#1198
Sponsored-by: On-Waves ehf
These functions are currently part of openbsc but also needed by
other projects.
The function have been renamed as follows:
gprs_apn_to_str -> osmo_apn_to_str
gprs_str_to_apn -> osmo_apn_from_str
Sponsored-by: On-Waves ehf
The primitives for SUSPEND, RESUME and RECONNECT are only permitted on
the MS side of the LAPDm link, not on the BTS side. So we should check
for this and reject, accordingly.
Shipping our own private copy of talloc was a good idea in 2008,
when it was not readily available on most target platforms. Today,
the situation is quite different, as it is a standard library on
major Linux distributions.
When using configure --disable-static, no libosmogsm.a will be
created, and the tests fail to link because symbols like _a5_3 and
_a5_4 are not exported through the only remaining libosmogsm.so.
A method to overcome this is an intermediate private non-distributed
library, examples of which are present in e.g. libabc, kmod and
systemd.
With this, disable-static can now be the default and practical compile
time be halved.
Addresses:
CCLD utils/utils_test
utils_test.o: In function `test_idtag_parsing':
git/libosmocore/tests/utils/utils_test.c:64: undefined reference to `ipa_ccm_idtag_parse_off'
Sponsored-by: On-Waves ehf
For some reason the structure is closer to be a LV (length
and value). The value is actually a tag but it is counted
inside the length. Introduce an overload of the parse function
to provide an offset for the length. This will be taken from
the returned length.
The current functions are used to 'qualify' an APN from the
user-supplied APN name (name identifier) towards the fully-qualified
APN name which is used in the .grps DNS zone.
In some places, the return value of msgb_alloc/msgb_alloc_headroom
is not checked before it is dereferenced.
This commit adds NULL checks to return with -ENOMEM from the calling
functions if the alloc function has failed.
Fixes: Coverity CID 1249692, 1293376
Sponsored-by: On-Waves ehf
These types were compatible so simply remove one.
Fixes:
gsm0808.c:323:37: warning: initializer overrides prior initialization CC gsm0480.lo
of this subobject
CC abis_nm.lo
[-Winitializer-overrides]
[GSM0808_IE_LSA_INFORMATION] = { TLV_TYPE_TLV },
^~~~~~~~~~~~
gsm0808.c:316:36: note: previous initialization is here
[GSM0808_IE_LSA_INFORMATION] = { TLV_TYPE_TLV },
^~~~~~~~~~~~
These patches enhance the Supplementary Service (SS) processing from
only being able to handle USSD to other SS, specifically activation,
deactivation and interrogation of those SS. Registration is not yet
implemented.
include/osmocom/gsm/protocol/gsm_09_02.h has been added with needed
values for SS.
Modified by Harald Welte to keep the old ussd-only functiosn for API/ABI
stability.
Currently, the ipa_send function returns -1 in one execution branch
to indicate an error and -EIO in another. This is not consistent and
can lead to a misinterpretation of the error code, since -1 is -EPERM
and in general, EPERM is not returned by write(2).
This patch changes the return code to -errno instead of -1 for the
case that write(2) fails for same reason. So -rc is always a sensible
error value if there is a failure.
Sponsored-by: On-Waves ehf
this fixes some compilation issues with libosmocore under NuttX,
particularly as some #defines are missing or some header files are
slightly different.
libosmocore.{so,a} should always have been GPLv2+. However, when
migrating some code from OpenBSC or OsmocomBB, we sometimes introduced
it with a wrong license header.
the bits/crc files are not inside the sourcedirectory but will end
in the build directory. Go and look there as well. This somehow
doesn't fail with make distcheck but when building for Yocto Dizzy.
The element following the identifier list was the
GSM0808_IE_LSA_INFORMATION. It is a TLV type as well
and the issue got introduced in
92107dfd3b.
Fixes:
gsm0808.c:316:40: warning: initializer overrides prior initialization of this subobject
[-Winitializer-overrides]
[GSM0808_IE_LSA_IDENTIFIER_LIST] = { TLV_TYPE_TLV },
^~~~~~~~~~~~
gsm0808.c:315:40: note: previous initialization is here
[GSM0808_IE_LSA_IDENTIFIER_LIST] = { TLV_TYPE_TLV },
As we are breaking builds by moving functions from libosmo-abis to
libosmocore anyway, we might as well give functions more appropriate
names. ipaccess is a company, while IPA is the multiplex protocol, and
CCM is the protocol used for establishing identities on the IPA
multiplex.
libosmo-abis is about forming A-bis interfaces/lines by means
of E1 or the IPA multiplex (or possibly other link layers).
The IPA multiplex is used in other contexts, such as the Control
interface, or the A interface. In that context, it makes sense to
have generic IPA related functions in libosmocore.
This adds support for A-over-IP and LCLS related message/IEI
definitions.
Old definitions are in decimal, which is very hard (at least for me)
to compare with the binary tables in the spec. Hex is much easier
to manually compare for completeness/correctness. I didn't touch
the existing definitions, but think they should move to hex, too.
The code is lacking a "," at the end of a string and we ended up
doing string concatination instead of having an invalid state.
Fixes Coverity CID 1206564
Rename NM_ATT_O_REDUCEPOWER to NM_ATT_OSMO_REDUCEPOWER, which
makes it more clear that this is an osmcoom specific attribute.
Also, we cannot simply overload 0x01 as an already defined OML
attribute. The problem is quite simple: When we use abis_nm_att_tlvdef
during the TLV parse, 0x01 will match to NM_ATT_ABIS_CHANNEL,
which is defined as { TLV_TYPE_FIXED, 3 }.
So instead, we need to introduce a new abis_nm_osmo_att_tlvdef[],
which has to be patched into abis_nm_att_tlvdef[] by the means of
tlv_def_patch(), exactly how we do it for bs-11 and nanobts specific
attributes.
I'm using 0xfe for the attribute, as 0xfe doesn't overlap with the IPA
specific attribues (and we might want to combine/merge the 12.21 plus
IPA plus osmocom spefici attributes)
If LAPDm receives an I-Frame while there already is an I-Frame in the
tx_queue the code generates an additional RR (to acknowledge the
received I-Frame). Instead, N(R) of the I-Frame in the tx_queue should
be updated to ACK the data.
When debugging an issue that involves SAPI=0 and SAPI=3 the
log file does not have enough context. Add the SAPI to this
message so we at least understand which SAPI we are talking
about.
Currently it takes 3s to establish a SAPI 3 SACCH connection with
osmo-bts. This is due to the fact, that a broken SABME request is
sent first and and is ignored by the MS. Then, after a T200 timeout
(2s) the SABME command is sent again (this time correctly) and
answered by the MS.
The first SABME message is broken (it has a length field of 3 and
ends with 3 bytes from the tail of the original RSL message),
because of it is expected throughout lapdm.c that msg buffers
containing RSL have msg->l2h == msg->data. Some abis input drivers
fulfill this but IPA doesn't, thus the 3 bytes of the IPA header
are still part of the msg and confuse length computation.
Since internal fields of the msg are modified directly, this is
difficult to see.
This patch adds a new function msgb_pull_to_l3() that explicitely
skips over all headers prepending L3 and therefore resets l1h and
l2h. This function is then used instead of msgb_pull_l2h() which
only worked correctly when msg->l2h == msg->data. In addition,
code manipulating msg->tail and msg->len directly has been replaced
by calls to msgb_trim().
Note that this patch does not fix all issues of this case in the LADP
related code.
Ticket: SYS#192
Sponsored-by: On-Waves ehf
Currently w[14]/w[15] and w[18]/w[19] are swapped in range 256 format
decoding in gsm48_decode_freq_list().
This patch fixes this.
Sponsored-by: On-Waves ehf
The legacy 7bit conversion functions (those without the '_n_' in the
name) gave wrong return values on 64 bit platforms due to unproper
signed/unsigned conversions and the usage of SIZE_MAX.
This patch fixes this by using a smaller max size (see
GSM_7BIT_LEGACY_MAX_BUFFER_SIZE, currently set to 64k) for the legacy
wrappers and by using unsigned int for max_septets.
In addition, there are tests now that check the return values of
legacy encoding and decoding.
Sponsored-by: On-Waves ehf
abis_nm_pchan4chcomb will return a pchan for a given channel
combination but returned a value of the channel combination.
Fix it to return the physical channel combination.
Fixes: Coverity CID 1040767
This information element has been added to the MM Information
message in GSM24.008. This patch adds it to the tlv_definition
to keep the TLV parser from breaking.
Ticket: OW#978
The number of digits is the number of used octets times two (two
digits per octet). The result has been successfully dissected by
wireshark. It has not been tested with real phones.
The 7bit<->8bit encoding/decoding functions didn't check whether
there is still enough space in the destination buffer. Therefore a
buffer size parameter has been added to each of the functions which
is used to truncate the output if the buffer is too small.
In addition, the return value of the decoding functions has been
changed to number of characters written (excluding \0), so this
value is always equal to strlen(decoded).
The old functions are still available as wrapper functions.
if (ptr)
msgb_free(ptr)
extends to:
if (ptr)
talloc_free(ptr)
And according to the talloc documentation a talloc_free(NULL)
will not crash: "... Likewise, if "ptr" is NULL, then the function
will make no modifications and returns -1."
Handling 7-bit coding is a little different for USSD, as TS 03.38
states:
To avoid the situation where the receiving entity confuses 7 binary
zero pad bits as the @ character, the carriage return or <CR>
character shall be used for padding in this situation [...].
If <CR> is intended to be the last character and the message
(including the wanted <CR>) ends on an octet boundary, then another
<CR> must be added together with a padding bit 0. The receiving entity
will perform the carriage return function twice, but this will not
result in misoperation as the definition of <CR> [...] is identical to
the definition of <CR><CR>.
The receiving entity shall remove the final <CR> character where the
message ends on an octet boundary with <CR> as the last character.
Jacob has verified the fix with fakeBTS and the wireshark dissector.
Fixes: OW#947
Reviewed-by: Jacob Erlbeck <jerlbeck@sysmocom.de>
lapdm.c takes the re-establishment message and forwards it to lapd_core.c,
so we can assume that msgb is set at primitive. In case there is data in
the re-establishment msg, it is moved into send_buffer. In case of no
data (0 length), it must be freed.
Fixes an issue spotted by Coverity Scan.
This reverts commit f996b05dbd
and 2b0cac4ef8. A detailed
explanation can be found here:
http://lists.osmocom.org/pipermail/openbsc/2013-July/004737.html
The short description is that:
1.) The API should return (as out parameter) the number of
octets used.
2.) The handling for the <CR> encoding only applies to USSD
and it is incomplete. On top of that it broke the SMS test.
To avoid the situation where the receiving entity confuses 7 binary zero pad
bits as the @ character, the carriage return or <CR> character shall be used
for padding in this situation.
If the datalink fails or if handover or assignment to a new channel fails,
it is re-establised by sending SABM again. The length of establish message
is 0 in this case. The length is used to differentiate between
re-establishment and contention resolution, which has to be handled
differently.
See TS 04.06 Chapter 5.4.2.1
The &buf[3] is unlikely to be aligned properly. Use memcpy instead
of an assignment. Add a small testcase that verifies that I didn't
mess up the conversion.
Alignment trap: osmo-nitb (3293) PC=0x492b7094 Instr=0xe5803003 Address=0xbeb259db FSR 0x801
When a SABM(E) frame arrives, we have to trim the L2 padding (0x2b for
gsm) before handing the data off to L3, just like we do with I frames.
Also, we should use mggb_trim() or even msgb_l3trim() instead of
manually fiddling with msgb->length and ->tail pointers.
After reception of SABM, the network responds with UA and enters the
establised multiframe state. If UA is not received by mobile, the SABM
is transmitted again, and the network must respond with UA again, unless
it is from a different mobile.
Add LAPDm collision test (contention resolution on network side).
Only the Gb library relies on having undefined references to a
symbol that needs to be provided by the host application. For
all other libraries we can link with -no-undefined.
this will avoid printing 'abis_nm.c' as the filename in the log, which
is pretty useless during debugging. We want to know where
abis_nm_debugp_foh() is being used from, not where it is implemented.
This was found while implementing handover on a sysmobts. When we
receive a channel release request for a channel that was never really
activated (set_lapdm_context() was not called) we segfault in
lapd_recv_dlsap().
We now return early with -EINVAL in rslms_rx_rll() if we receive a
message that assumes set_lapdm_context() was already called.
These are:
* RSL_MT_UNIT_DATA_REQ
* RSL_MT_DATA_REQ
* RSL_MT_SUSP_REQ
* RSL_MT_REL_REQ
A test case was added to trigger the issue.
GCC 4.7.2 was already smart enough to see that the table is const
so there is no change in the generated assembly code. For some reason
the dispatch is still going through one relocation.
When OpenBSC is handling more than one message at a time it is difficult
to see which log message belongs to which SMR instance. Introduce a
uint64_t id that can be set to the row_id/message_id and prefix all
log messages with SMR(ID).
This change is ABI and API incompatible with previous versions of
libosmogsm.
When OpenBSC is handling more than one message at a time it is difficult
to see which log message belongs to which SMC. Introduce a uint64_t id
that can be set to the row_id/message_id and prefix all log messages
with SMC(ID).
This change is ABI and API incompatible with previous versions of
libosmogsm.
Example:
SMC(100) instance created
SMC(100) message MNSMS-EST-REQ received in state IDLE
When the connection may not released print the name of the current
state to ease with debugging and verification that this is not a
valid state transition.
The comment explains why we don't care about the content of z,
stop storing it.
gsm_utils.c: In function 'gsm_7bit_encode':
gsm_utils.c:253:13: warning: variable 'z' set but not used [-Wunused-but-set-variable]
This was fixed in 9c3dc90d16a40789081c84e46620f4d66689fec1 of
openbsc.git, after the sms code had been migrated here:
introduce HAVE_TM_GMTOFF_IN_TM
Not all architectures have the tm.tm_gmtoff member. This fixes cygwin builds.
This new TLV type is specific to TS 44.318. Contrary to the TvLV type
of TS 08.16/08.18, it has an inverted meaning of the extension (0x80)
bit:
* if the extension bit is not set, 1-byte length
* if the extension bit is set, 2-byte length
Futhermore, it has support for variable-length tags, where the tag part
can be optionally two bytes in length. As this esoteric option hasn't
been seen in the wild yet, we only add encoding support but skip
decoding for now.
Philipp Maier
Vadim Yanitskiy
Harald Welte
Daniel Willmann
Neels Hofmeyr
Holger Freyther
Sylvain Munaut
Alexander Huemer