summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPau Espin Pedrol <pespin@sysmocom.de>2016-02-29 08:49:22 -0500
committerHarald Welte <laforge@gnumonks.org>2017-12-10 14:44:19 +0000
commit9dd3bf0cb4e780b54772f4abe1e2966b09f99301 (patch)
treee8f78dcb2927b9ce4e1a53323c956849d400afa9
parent893979cb08848aed23cc542ca73db8ce268143aa (diff)
Fix malformed Abis/RSL messages with extra L3 Information field
Some Abis/RSL messages such as "Release Indication" contained 3 extra bytes from an L3 Information header which should not be there according to specs in GSM 08.58 (section 8.3 "Radio link layer management messages"). Other RSL messages were affected by the same issue, except for "Establish Indication", which had already a workaround in send_rslms_dlsap. This commit fixes the issue in a generic way, removes the "Establish Indication" and fixes the test accounting for the bug, as it otherwise fails after applying the changes. Fixes: OS#1635, OS#2336 Change-Id: Ibb116214e8b1798d65a8b0917150496a3c14f344
-rw-r--r--src/gsm/lapd_core.c4
-rw-r--r--src/gsm/lapdm.c5
-rw-r--r--tests/lapd/lapd_test.c8
-rw-r--r--tests/lapd/lapd_test.ok2
4 files changed, 3 insertions, 16 deletions
diff --git a/src/gsm/lapd_core.c b/src/gsm/lapd_core.c
index 48476266..5d871546 100644
--- a/src/gsm/lapd_core.c
+++ b/src/gsm/lapd_core.c
@@ -379,9 +379,7 @@ static int send_dl_l3(uint8_t prim, uint8_t op, struct lapd_msg_ctx *lctx,
static inline int send_dl_simple(uint8_t prim, uint8_t op,
struct lapd_msg_ctx *lctx)
{
- struct msgb *msg = lapd_msgb_alloc(0, "DUMMY");
-
- return send_dl_l3(prim, op, lctx, msg);
+ return send_dl_l3(prim, op, lctx, NULL);
}
/* send MDL-ERROR INDICATION */
diff --git a/src/gsm/lapdm.c b/src/gsm/lapdm.c
index 7ca2b3e3..80c0d178 100644
--- a/src/gsm/lapdm.c
+++ b/src/gsm/lapdm.c
@@ -414,11 +414,6 @@ static int send_rslms_dlsap(struct osmo_dlsap_prim *dp,
switch (OSMO_PRIM_HDR(&dp->oph)) {
case OSMO_PRIM(PRIM_DL_EST, PRIM_OP_INDICATION):
- if (dp->oph.msg && dp->oph.msg->len == 0) {
- /* omit L3 info by freeing message */
- msgb_free(dp->oph.msg);
- dp->oph.msg = NULL;
- }
rll_msg = RSL_MT_EST_IND;
break;
case OSMO_PRIM(PRIM_DL_EST, PRIM_OP_CONFIRM):
diff --git a/tests/lapd/lapd_test.c b/tests/lapd/lapd_test.c
index fd92cac3..e627ba68 100644
--- a/tests/lapd/lapd_test.c
+++ b/tests/lapd/lapd_test.c
@@ -350,19 +350,13 @@ static int ms_to_bts_tx_cb(struct msgb *msg, struct lapdm_entity *le, void *_ctx
struct abis_rsl_rll_hdr hdr;
printf("MS: Verifying incoming primitive.\n");
- OSMO_ASSERT(msg->len == sizeof(struct abis_rsl_rll_hdr) + 3);
+ OSMO_ASSERT(msg->len == sizeof(struct abis_rsl_rll_hdr));
/* verify the header */
memset(&hdr, 0, sizeof(hdr));
rsl_init_rll_hdr(&hdr, RSL_MT_EST_CONF);
hdr.c.msg_discr |= ABIS_RSL_MDISC_TRANSP;
OSMO_ASSERT(memcmp(msg->data, &hdr, sizeof(hdr)) == 0);
-
- /* Verify the added RSL_IE_L3_INFO but we have a bug here */
- OSMO_ASSERT(msg->data[6] == RSL_IE_L3_INFO);
- #pragma message ("RSL_IE_L3_INFO 16 bit length is wrong")
- /* This should be okay but it is actually 0x0, 0x9c on ia-32 */
- /* OSMO_ASSERT(msg->data[7] == 0x0 && msg->data[8] == 0x0); */
} else if (state->ms_read == 1) {
printf("MS: Verifying incoming MM message: %d\n", msgb_l3len(msg));
OSMO_ASSERT(msgb_l3len(msg) == 3);
diff --git a/tests/lapd/lapd_test.ok b/tests/lapd/lapd_test.ok
index e188e27e..835ca2b3 100644
--- a/tests/lapd/lapd_test.ok
+++ b/tests/lapd/lapd_test.ok
@@ -7,7 +7,7 @@ BTS: Verifying CM request.
Confirming
Took message from DCCH queue: L2 header size 3, L3 size 20, SAP 0x1000000, 0/0, Link 0x00
Message: [L2]> 01 73 41 [L3]> 05 24 31 03 50 18 93 08 29 47 80 00 00 00 00 80 2b 2b 2b 2b
-ms_to_bts_tx_cb: BTS->MS(us) message 9
+ms_to_bts_tx_cb: BTS->MS(us) message 6
MS: Verifying incoming primitive.
Sending back to MS