diff options
author | Pau Espin Pedrol <pespin@sysmocom.de> | 2016-02-29 08:49:22 -0500 |
---|---|---|
committer | Harald Welte <laforge@gnumonks.org> | 2017-12-10 14:44:19 +0000 |
commit | 9dd3bf0cb4e780b54772f4abe1e2966b09f99301 (patch) | |
tree | e8f78dcb2927b9ce4e1a53323c956849d400afa9 | |
parent | 893979cb08848aed23cc542ca73db8ce268143aa (diff) |
Fix malformed Abis/RSL messages with extra L3 Information field
Some Abis/RSL messages such as "Release Indication" contained 3 extra
bytes from an L3 Information header which should not be there according
to specs in GSM 08.58 (section 8.3 "Radio link layer management
messages"). Other RSL messages were affected by the same issue, except
for "Establish Indication", which had already a workaround in
send_rslms_dlsap.
This commit fixes the issue in a generic way, removes the "Establish
Indication" and fixes the test accounting for the bug, as it otherwise
fails after applying the changes.
Fixes: OS#1635, OS#2336
Change-Id: Ibb116214e8b1798d65a8b0917150496a3c14f344
-rw-r--r-- | src/gsm/lapd_core.c | 4 | ||||
-rw-r--r-- | src/gsm/lapdm.c | 5 | ||||
-rw-r--r-- | tests/lapd/lapd_test.c | 8 | ||||
-rw-r--r-- | tests/lapd/lapd_test.ok | 2 |
4 files changed, 3 insertions, 16 deletions
diff --git a/src/gsm/lapd_core.c b/src/gsm/lapd_core.c index 48476266..5d871546 100644 --- a/src/gsm/lapd_core.c +++ b/src/gsm/lapd_core.c @@ -379,9 +379,7 @@ static int send_dl_l3(uint8_t prim, uint8_t op, struct lapd_msg_ctx *lctx, static inline int send_dl_simple(uint8_t prim, uint8_t op, struct lapd_msg_ctx *lctx) { - struct msgb *msg = lapd_msgb_alloc(0, "DUMMY"); - - return send_dl_l3(prim, op, lctx, msg); + return send_dl_l3(prim, op, lctx, NULL); } /* send MDL-ERROR INDICATION */ diff --git a/src/gsm/lapdm.c b/src/gsm/lapdm.c index 7ca2b3e3..80c0d178 100644 --- a/src/gsm/lapdm.c +++ b/src/gsm/lapdm.c @@ -414,11 +414,6 @@ static int send_rslms_dlsap(struct osmo_dlsap_prim *dp, switch (OSMO_PRIM_HDR(&dp->oph)) { case OSMO_PRIM(PRIM_DL_EST, PRIM_OP_INDICATION): - if (dp->oph.msg && dp->oph.msg->len == 0) { - /* omit L3 info by freeing message */ - msgb_free(dp->oph.msg); - dp->oph.msg = NULL; - } rll_msg = RSL_MT_EST_IND; break; case OSMO_PRIM(PRIM_DL_EST, PRIM_OP_CONFIRM): diff --git a/tests/lapd/lapd_test.c b/tests/lapd/lapd_test.c index fd92cac3..e627ba68 100644 --- a/tests/lapd/lapd_test.c +++ b/tests/lapd/lapd_test.c @@ -350,19 +350,13 @@ static int ms_to_bts_tx_cb(struct msgb *msg, struct lapdm_entity *le, void *_ctx struct abis_rsl_rll_hdr hdr; printf("MS: Verifying incoming primitive.\n"); - OSMO_ASSERT(msg->len == sizeof(struct abis_rsl_rll_hdr) + 3); + OSMO_ASSERT(msg->len == sizeof(struct abis_rsl_rll_hdr)); /* verify the header */ memset(&hdr, 0, sizeof(hdr)); rsl_init_rll_hdr(&hdr, RSL_MT_EST_CONF); hdr.c.msg_discr |= ABIS_RSL_MDISC_TRANSP; OSMO_ASSERT(memcmp(msg->data, &hdr, sizeof(hdr)) == 0); - - /* Verify the added RSL_IE_L3_INFO but we have a bug here */ - OSMO_ASSERT(msg->data[6] == RSL_IE_L3_INFO); - #pragma message ("RSL_IE_L3_INFO 16 bit length is wrong") - /* This should be okay but it is actually 0x0, 0x9c on ia-32 */ - /* OSMO_ASSERT(msg->data[7] == 0x0 && msg->data[8] == 0x0); */ } else if (state->ms_read == 1) { printf("MS: Verifying incoming MM message: %d\n", msgb_l3len(msg)); OSMO_ASSERT(msgb_l3len(msg) == 3); diff --git a/tests/lapd/lapd_test.ok b/tests/lapd/lapd_test.ok index e188e27e..835ca2b3 100644 --- a/tests/lapd/lapd_test.ok +++ b/tests/lapd/lapd_test.ok @@ -7,7 +7,7 @@ BTS: Verifying CM request. Confirming Took message from DCCH queue: L2 header size 3, L3 size 20, SAP 0x1000000, 0/0, Link 0x00 Message: [L2]> 01 73 41 [L3]> 05 24 31 03 50 18 93 08 29 47 80 00 00 00 00 80 2b 2b 2b 2b -ms_to_bts_tx_cb: BTS->MS(us) message 9 +ms_to_bts_tx_cb: BTS->MS(us) message 6 MS: Verifying incoming primitive. Sending back to MS |