bsc: show bug: do inter-BSC-out HO by measurement report

So far all handover tests trigger handover via VTY command. This means that any bugs introduced in measurement report handling and handover target selection are by definition not caught. Almost a year ago, fixing a handover oscillation bug for intra-BSC handover introduced a segfault for inter-BSC handover targets, because for those the target.bts is NULL. Show this bug. Related: OS#5324 SYS#5259 Related: I5a3345ab0005a73597f5c27207480912a2f5aae6 (osmo-bsc) Change-Id: Iba033c32015173f57dbb1c211aefab1a9094e29d
2021-11-24 15:16:12 +01:00 · 2021-11-24 15:16:12 +01:00 · afe2ea5c4f
parent 89f198cb8c
commit afe2ea5c4f
2 changed files with 60 additions and 3 deletions
--- a/bsc/BSC_Tests.ttcn
+++ b/bsc/BSC_Tests.ttcn
@ -5384,8 +5384,12 @@ private function f_expect_dlcx_conns() runs on MSC_ConnHdlr {

 private function f_ho_out_of_this_bsc(template (omit) BSSMAP_oldToNewBSSIEs exp_oldToNewBSSIEs := omit) runs on MSC_ConnHdlr {

-	f_bts_0_cfg(BSCVTY, {"neighbor lac 99 arfcn 123 bsic any"});
-	f_vty_transceive(BSCVTY, "handover any to arfcn 123 bsic any");
+	var NcellReports neighbor_rep := {
+		{ rxlev := 20, bcch_freq := 0, bsic := 11 }
+	};
+	var octetstring l3_mr := enc_GsmRrL3Message(valueof(ts_MEAS_REP(true, 8, 8, reps := neighbor_rep)));
+	RSL.send(ts_RSL_MEAS_RES(g_chan_nr, 0, ts_RSL_IE_UplinkMeas, ts_RSL_IE_BS_Power(0), ts_RSL_IE_L1Info,
+				 l3_mr, 0));

 	BSSAP.receive(tr_BSSMAP_HandoverRequired(exp_oldToNewBSSIEs));

@ -5450,6 +5454,15 @@ private function f_tc_ho_out_of_this_bsc(charstring id) runs on MSC_ConnHdlr {
 testcase TC_ho_out_of_this_bsc() runs on test_CT {
 	var MSC_ConnHdlr vc_conn;

+	f_init_vty();
+	f_bts_0_cfg(BSCVTY,
+		    {"neighbor-list mode automatic",
+		     "handover 1",
+		     "handover algorithm 2",
+		     "handover2 window rxlev averaging 1",
+		     "neighbor lac 99 arfcn 123 bsic any"});
+	f_vty_transceive(BSCVTY, "drop bts connection 0 oml");
+
 	f_init(1, true);
 	f_sleep(1.0);

@ -10831,7 +10844,7 @@ control {
 	execute( TC_ho_int_a5_4() );
 	execute( TC_ho_int_radio_link_failure() );

-	execute( TC_ho_out_of_this_bsc() );
+	/* TC_ho_out_of_this_bsc is run last, see comment below */
 	execute( TC_ho_out_fail_no_msc_response() );
 	execute( TC_ho_out_fail_rr_ho_failure() );
 	execute( TC_ho_out_fail_no_result_after_ho_cmd() );
@ -10954,6 +10967,10 @@ control {
 	execute( TC_cm_serv_rej() );

 	execute( TC_lost_sdcch_during_assignment() );
+
+	/* Run TC_ho_out_of_this_bsc last, because it may trigger a segfault before osmo-bsc's patch
+	 * with change-id I5a3345ab0005a73597f5c27207480912a2f5aae6 */
+	execute( TC_ho_out_of_this_bsc() );
 }

 }
--- a/library/RSL_Types.ttcn
+++ b/library/RSL_Types.ttcn
@ -508,6 +508,13 @@ module RSL_Types {
 		uint8_t		actual_ta
 	}

+	template (value) RSL_IE_L1Info ts_RSL_IE_L1Info := {
+		ms_power_lvl := 0,
+		fpc := false,
+		reserved := 0,
+		actual_ta := 0
+	};
+
 	/* 9.3.13 */
 	type record RSL_IE_MS_Power {
 		uint2_t		reserved,
@ -632,6 +639,19 @@ module RSL_Types {
 		RSL_IE_UplinkMeasSuppMeasInfo supp_meas_info optional
 	} with { variant (len) "LENGTHTO(rfu,dtx_d,rxlev_f_u,reserved1,rxlev_s_u,reserved2,rxq_f_u,rxq_s_u,supp_meas_info)" };

+	template (value) RSL_IE_UplinkMeas ts_RSL_IE_UplinkMeas(uint6_t rxlev := 12, uint3_t rxqual := 0) := {
+		len := 0, /* overwritten */
+		rfu := '0'B,
+		dtx_d := false,
+		rxlev_f_u := rxlev,
+		reserved1 := '00'B,
+		rxlev_s_u := rxlev,
+		reserved2 := '00'B,
+		rxq_f_u := rxqual,
+		rxq_s_u := rxqual,
+		supp_meas_info := omit
+	};
+
 	/* 9.3.26 */
 	type enumerated RSL_Cause {
 		/* normal event */
@ -1549,6 +1569,26 @@ template RSL_Message tr_RSL_MsgTypeDR(template RSL_MessageType msg_type) modifie
 		}
 	}

+	template (value) RSL_Message ts_RSL_MEAS_RES(template (value) RslChannelNr chan_nr,
+					     uint8_t meas_res_nr,
+					     template (value) RSL_IE_UplinkMeas ul_meas,
+					     template (value) RSL_IE_BS_Power bs_power,
+					     template (value) RSL_IE_L1Info l1_info,
+					     octetstring l3_info,
+					     uint8_t ms_to) := {
+		msg_disc := ts_RSL_MsgDisc(RSL_MDISC_DCHAN, false),
+		msg_type := RSL_MT_MEAS_RES,
+		ies := {
+			t_RSL_IE(RSL_IE_CHAN_NR, RSL_IE_Body:{chan_nr := chan_nr}),
+			t_RSL_IE(RSL_IE_MEAS_RES_NR, RSL_IE_Body:{meas_res_nr := meas_res_nr}),
+			t_RSL_IE(RSL_IE_UPLINK_MEAS, RSL_IE_Body:{uplink_meas := ul_meas}),
+			t_RSL_IE(RSL_IE_BS_POWER, RSL_IE_Body:{bs_power := bs_power}),
+			t_RSL_IE(RSL_IE_L1_INFO, RSL_IE_Body:{l1_info := l1_info}),
+			t_RSL_IE(RSL_IE_L3_INFO, RSL_IE_Body:{l3_info := ts_RSL_L16V(l3_info)}),
+			t_RSL_IE(RSL_IE_MS_TIMING_OFFSET, RSL_IE_Body:{ms_timing_offset := ms_to})
+		}
+	}
+
 	/* 8.4.9 BSC -> BTS */
 	template (value) RSL_Message ts_RSL_MODE_MODIFY_REQ(template (value) RslChannelNr chan_nr,
 						     template (value) RSL_IE_ChannelMode mode) := {