| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
|
|
|
|
| |
Verify 14 digit and 15 digit IMEI strings. OsmoHLR will use the 14
digit version to check IMEIs before writing them to the DB.
Place the Luhn checksum code in a dedicated osmo_luhn() function, so
it can be used elsewhere.
Related: OS#2541
Change-Id: Id2d2a3a93b033bafc74c62e15297034bf4aafe61
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Using an FSM instace's logging context is very useful. Sometimes it makes sense
to log something on a different logging category than the FSM definition's
default category.
For example, an MSC conn has aspects concerning MM, CC, RR, MGCP, ..., and
currently all of those log on DMM.
This came up in I358cfbaf0f44f25148e8b9bafcb9257b1952b35a, where I want to log
an MGCP event using a ran_conn context, and used the conn->fi->id. That of
course omits context like the current conn FSM state...
I remember at least one other place where I recently added logging using some
fi->id as context, so it might turn out useful in various places.
Change-Id: I11b182a03f5ecb6df7cd8f260757d3626c8e945d
|
|
|
|
|
|
|
|
| |
The LOGPFSM macros are in such wide use that they should guard against a NULL
fi pointer. In case of NULL, default to subsys = DLGLOBAL, loglevel =
LOGL_ERROR and state = "fi=NULL".
Change-Id: I9eaf8b7e2cf1e450ae626cb2fc928862008f6233
|
|
|
|
| |
Change-Id: I3bf6500889aa58195f50a726dec0876c0c2baec3
|
|
|
|
|
|
|
|
|
| |
Instead of duplicating the fmt and args in LOGPFSML and LOGPFSMLSRC, rather
make LOGPFSML invoke LOGPFSMLSRC with __FILE__ and __LINE__.
This is a cosmetic preparation for more tweaks coming up.
Change-Id: I2f23c57ebfdb5355919c06ac5ded7732e3b17a97
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Basically, I am applying code review that I would have given had I not been on
vacation when the last osmo_sock_get_name* stuff was merged.
osmo_sock_get_name2() is so far a static internal function. However, it is
nothing like osmo_sock_get_name(), so instead rename it to
osmo_sock_get_ip_and_port(). Also make it public API, no need to hide it. I'm
adding an "and" in the name to hopefully clarify: "ip_port" vs. "ip_and_port"
-- there already are _get_X_ip_port() functions that only return the port
string, despite "ip" in the name.
Add new public osmo_sock_get_name2(), which is like osmo_sock_get_name(),
except it uses a static string instead of talloc, and omits the braces. This
is most convenient for log statement formats, avoiding dyn allocations.
Add new osmo_sock_get_name_buf(), which is like osmo_sock_get_name2() but
writes to a caller provided char buffer.
Use osmo_sock_get_name_buf() in the implementation of osmo_sock_get_name(),
but use another (non-static) local string buffer, because adding braces is too
complex without talloc_snprintf().
Rationale:
I want to improve the logging of socket errors, e.g. change
DLMGCP ERROR Failed to read: 111/Connection refused (mgcp_client.c:720)
to
DLMGCP ERROR Failed to read: r=10.0.99.2:2427<->l=10.0.99.2:2728: 111='Connection refused' (mgcp_client.c:721)
but it is just not handy to compose logging with the current API:
- osmo_sock_get_name() requires a talloc_free().
- all the others require output buffers.
- the only way to conveniently compose a logging string and,
- notably, the only trivial way to skip the string composition if the logging
level is currently muted, is to have a function that returns a static string:
the new osmo_sock_get_name2().
- (I think the osmo_sock_get_{local,remote}_* convenience wrappers should never
have been added, because they encourage the caller to invoke the same code
twice, for IP addr and port, and throw away one half each time.)
Related: Iae728192f499330d16836d9435648f6b8ed213b6 (osmo-mgw)
Change-Id: I8ad89ac447c9c582742e70d082072bdd40a5a398
|
|
|
|
|
|
|
| |
Otherwise struct osmo_stats_config is not defined and compiler fails.
Related: OS#3722
Change-Id: I037c3ca141ecee2d457e0a881a56e32ee24cec4d
|
|
|
|
|
|
|
|
| |
It's often handy to compare certain msgb layer to a given array and
print the position where they differ. Add simple pretty-printer and
corresponding L* wrappers.
Change-Id: I3bc95f2f5ab6e3f4b502647fb3e0aaaf1f7c4cf5
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a standalone bcd-to-string conversion function with generic parameters.
Add a regression test in utils_test.c.
So far there is no single universal implementation that converts a BCD to a
string. I could only find gsm48_mi_to_string(), which also interprets
surrounding bytes, MI type and TMSI as non-BCD value.
The idea is to use this function from gsm48_mi_to_string() and similar
implementations in subsequent commits.
Root cause: in osmo-msc, I want to have an alternative MI-to-string function
for composing an FSM name, which needs the BCD part of gsm48_mi_to_string() but
not the TMSI part.
Change-Id: I86b09d37ceef33331c1a56046a5443127d6c6be0
|
|
|
|
|
|
|
| |
Counting list entires should not alter the list content: let's make this
obvious from type signature.
Change-Id: I414e67a3de733fab407161b3264d3b89070ba537
|
|
|
|
|
| |
Related: OS#3722
Change-Id: If466a64bd44dcb8ae8a9b7f82bc9c9435ba3e640
|
|
|
|
|
|
|
|
|
| |
It's similar to osmo_sockaddr_to_str_and_uint() but does not require odd
typecasting for AF_INET case. Make osmo_sockaddr_to_str_and_uint() into
wrapper around new function and make sure to check for address family
before typecasting. Also use proper return type.
Change-Id: Ie384483124d407a960ab6732e6a7fd90554389d2
|
|
|
|
|
|
|
|
|
| |
* add missing L1 and L4 hexdump
* add msgb_l4() for consistency and convert msgb_sms() into simple alias
Those will be used in follow-up patches for msgb debug/test helpers.
Change-Id: I8d6dd1b1ff3aa98a452711c692ca7dee0449203b
|
|
|
|
|
|
|
|
|
|
| |
The msgb_wrap_with_TL() is generally useful so it make sense to make it
public to facilitate code re-use.
Other helpers can be implemented as trivial wrappers over existing tlv.h
functions. Update headers and code accordingly.
Change-Id: I37e91d031fba28cf1c6735b8069b0265746f55e6
|
|
|
|
|
|
|
|
|
|
| |
There is already a group of similar functions for L1, L2 and L3,
but L4 was missing. The L4 is usually used for parsing of complex
L3 messages, such as SS/USSD and SMS.
This change introduces a similar halper for L4.
Change-Id: I755f2d654bbdad2a8b4f94df9023bdd370b07ae6
|
|
|
|
|
|
|
|
|
|
| |
Return only the IP or port of either the local or remote connection,
not the whole set of IP and port of both the local and remote
connection like osmo_sock_get_name() does it. This is needed for
OS#2841, where we only want to print the remote IP.
Related: OS#2841
Change-Id: I6803c204771c59a2002bc6a0e6b79c83c35f87e1
|
|
|
|
| |
Change-Id: I2e710141ee90ddc8b5336d5f81e99bd918d10106
|
|
|
|
|
|
|
|
| |
Wireshark GSMTAP dissector has LTE NAS subtypes for plain NAS messages
and NAS messages with security header. This commit adds definition for
these subtypes.
Change-Id: I49d15fb13299c1bcbe0fb7e50bf222294c7a49ef
|
|
|
|
|
|
|
| |
Later release of 3GPP TS 36.331 added new LTE RRC channels. This commit
additionally defines LTE RRC message types existing in Release V15.3.0.
Change-Id: Ifa48b2227be15af04c9a4702d2025abcc660f0df
|
|
|
|
| |
Change-Id: If683b1272ad2d5b402b91c52c496aa7975bc6315
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Completely drop the implementations of log_vty_command_{str,description}().
These functions have been public API once, marked as deprecated since
c65c5b4ea075ef6cef11fff9442ae0b15c1d6af7 (March 2017). I considered to keep
them, or reduce them to useless stubs, but it is quite silly, really. These
functions are completely and utterly useless outside of libosmocore. Any
program linking these deserves to fail.
Re-implement vty logging level command gen, in logging_vty.c. logging.c is
simply the wrong place for that.
Introduce logging_internal.h to share logging definitions to logging_vty.c
without publishing as API.
Introduce static gen_logging_level_cmd_strs() to compose a list of category
arguments with their descriptions for VTY commands. Use osmo_talloc_asprintf()
instead of the previous error prone and chaotic strlen() counting method.
Do not dynamically generate log level arguments, just keep static strings. We
are super unlikely to ever change the log levels we have.
No changes in logging_vty_test.vty: proves that there is no functional change.
All of this, besides introducing basic sanity, is cosmetic preparation to be
able to re-use the generic command generation code for arbitrary commands with
category or level args (for deprecated and new keywords).
Rationale: I want to hide 'all' and 'everything' from the VTY command
documentation, by means of deprecating. I first tried to simply define a
deprecated 'logging level CAT everything' command:
logging level (all|rsl|rr|...) (debug|info|notice|error|fatal)
logging level CAT everything # <- deprecated and hidden
But unfortunately, command matching doesn't work as intended when the CAT
argument reflects a valid category; I want it to invoke the deprecated function
as soon as the 'everything' keyword follows, but it stays stuck to the "valid"
command when the category argument matches an explicit keyword in that list,
and will throw an error on the following 'everything' keyword. I.e.:
logging level rsl everything
% Unknown command # <-- leads to config file parse error
logging level unknown_string everything
% Ignoring deprecated 'everything' # <-- works only for invalid categories
So I need to define 'everything' separately, again with a list of each valid
category instead of a generic CAT arg.
Change-Id: I3b083f27e3d751ccec258880ae7676e9af959a63
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We already have osmo_str2lower() and osmo_str2upper(), but these lack:
* proper destination buffer bounds checking,
* ability to call directly as printf() argument.
Deprecate osmo_str2upper() and osmo_str2lower() because of missing bounds
checking.
Introduce osmo_str_tolower_buf(), osmo_str_toupper_buf() to provide
bounds-safe conversion, also able to safely convert a buffer in-place.
Introduce osmo_str_tolower(), osmo_str_toupper() that call the above _buf()
equivalents using a static buffer[128] and returning the resulting string
directly, convenient for direct printing. Possibly truncated but always safe.
Add unit tests to utils_test.c.
Replace all libosmocore uses of now deprecated osmo_str2lower().
Naming: the ctype.h API is called tolower() and toupper(), so just prepend
'osmo_str_' and don't separate 'to_lower'.
Change-Id: Ib0ee1206b9f31d7ba25c31f8008119ac55440797
|
|
|
|
|
|
|
| |
Having all inculdes listed in one place is a common good
practice, which prevents one from adding duplicates.
Change-Id: I3f52189d5e8f9afafc39525e95385a085f8f850a
|
|
|
|
| |
Change-Id: I0979ddda91c4c0aa080b714cf2a698d7634f5091
|
|
|
|
| |
Change-Id: Iee79f5273f32cb9ce4bd7a984e7f0625542e776f
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allow printing the source file information *after* the log information.
Add target->print_filename_pos, log_set_print_filename_pos() and enum
log_filename_pos, and the optional 'last' keyword to the 'logging print file'
vty command. (An enum in case we want to add other positions later.)
Rationale: on log lines, the logging context is usually printed first in the
logging text. Without the source file information, this logging context pretty
much aligns in an easily readable way. When adding the source file information,
each line's logging context info is shifted right by a pretty much random
amount and it is hard to spot recurring logging contexts.
One solution is to switch off source file info, of course, but that's not an
option when actively hacking on bugs and new features.
For example, it is unnecessarily hard to spot lchan FSM related log lines in
this osmo-bsc log snippet:
DRSL NOTICE mgw_endpoint_fsm.c:603 mgw-endpoint(conn0){WAIT_MGW_RESPONSE}: Freeing instance
DRSL NOTICE fsm.c:381 mgw-endpoint(conn0){WAIT_MGW_RESPONSE}: Deallocated
DMSC NOTICE mgw_endpoint_fsm.c:603 SUBSCR_CONN(conn0){CLEARING}: Received Event FORGET_MGW_ENDPOINT
DCHAN DEBUG lchan_rtp_fsm.c:741 lchan(0-0-1-TCH_F-0){WAIT_RLL_RTP_ESTABLISH}: Received Event LCHAN_EV_RTP_RELEASED
DCHAN DEBUG lchan_rtp_fsm.c:520 lchan_rtp(0-0-1-TCH_F-0){ROLLBACK}: Freeing instance
DCHAN DEBUG fsm.c:381 lchan_rtp(0-0-1-TCH_F-0){ROLLBACK}: Deallocated
DCHAN DEBUG lchan_rtp_fsm.c:520 lchan(0-0-1-TCH_F-0){WAIT_RLL_RTP_ESTABLISH}: Received Event LCHAN_EV_RTP_RELEASED
DCHAN DEBUG lchan_fsm.c:1232 lchan(0-0-1-TCH_F-0){WAIT_RLL_RTP_ESTABLISH}: state_chg to WAIT_RF_RELEASE_ACK
DRSL NOTICE handover_fsm.c:762 handover(interBSCin_conn0){WAIT_RR_HO_DETECT}: Terminating (cause = OSMO_FSM_TERM_REGULAR)
DRSL NOTICE handover_fsm.c:762 handover(interBSCin_conn0){WAIT_RR_HO_DETECT}: Freeing instance
DRSL NOTICE fsm.c:381 handover(interBSCin_conn0){WAIT_RR_HO_DETECT}: Deallocated
DCHAN DEBUG lchan_fsm.c:1196 lchan(0-0-1-TCH_F-0){WAIT_RF_RELEASE_ACK}: state_chg to BORKEN
DCHAN DEBUG lchan_fsm.c:354 lchan(0-0-1-TCH_F-0){BORKEN}: (type=TCH_F) Clearing lchan state
DLMGCP DEBUG mgcp_client.c:741 Tx MGCP msg to MGCP GW: 'DLCX 3 2@mgw MGCP 1.0'
DLMGCP DEBUG mgcp_client.c:743 Sending msg to MGCP GW size: 66
DRLL NOTICE mgcp_client_fsm.c:422 MGCP_CONN(to-BTS){ST_DLCX_RESP}: Received Event EV_DLCX_RESP
Placing the source file info behind the log text makes it much easier to
follow, while the source file info is still available:
DRSL NOTICE mgw-endpoint(conn0){WAIT_MGW_RESPONSE}: Freeing instance (mgw_endpoint_fsm.c:603)
DRSL NOTICE mgw-endpoint(conn0){WAIT_MGW_RESPONSE}: Deallocated (fsm.c:381)
DMSC NOTICE SUBSCR_CONN(conn0){CLEARING}: Received Event FORGET_MGW_ENDPOINT (mgw_endpoint_fsm.c:603)
DCHAN DEBUG lchan(0-0-1-TCH_F-0){WAIT_RLL_RTP_ESTABLISH}: Received Event LCHAN_EV_RTP_RELEASED (lchan_rtp_fsm.c:741)
DCHAN DEBUG lchan_rtp(0-0-1-TCH_F-0){ROLLBACK}: Freeing instance (lchan_rtp_fsm.c:520)
DCHAN DEBUG lchan_rtp(0-0-1-TCH_F-0){ROLLBACK}: Deallocated (fsm.c:381)
DCHAN DEBUG lchan(0-0-1-TCH_F-0){WAIT_RLL_RTP_ESTABLISH}: Received Event LCHAN_EV_RTP_RELEASED (lchan_rtp_fsm.c:520)
DCHAN DEBUG lchan(0-0-1-TCH_F-0){WAIT_RLL_RTP_ESTABLISH}: state_chg to WAIT_RF_RELEASE_ACK (lchan_fsm.c:1232)
DRSL NOTICE handover(interBSCin_conn0){WAIT_RR_HO_DETECT}: Terminating (cause = OSMO_FSM_TERM_REGULAR) (handover_fsm.c:745)
DRSL NOTICE handover(interBSCin_conn0){WAIT_RR_HO_DETECT}: Freeing instance (handover_fsm.c:745)
DRSL NOTICE handover(interBSCin_conn0){WAIT_RR_HO_DETECT}: Deallocated (fsm.c:381)
DCHAN DEBUG lchan(0-0-1-TCH_F-0){WAIT_RF_RELEASE_ACK}: state_chg to BORKEN (lchan_fsm.c:1196)
DCHAN DEBUG lchan(0-0-1-TCH_F-0){BORKEN}: (type=TCH_F) Clearing lchan state (lchan_fsm.c:354)
DLMGCP DEBUG Tx MGCP msg to MGCP GW: 'DLCX 3 12@mgw MGCP 1.0' (mgcp_client.c:741)
DLMGCP DEBUG Sending msg to MGCP GW size: 67 (mgcp_client.c:743)
DRLL NOTICE MGCP_CONN(to-BTS){ST_DLCX_RESP}: Received Event EV_DLCX_RESP (mgcp_client_fsm.c:422)
Implementation: for 'last', insert source file info only when an '\n' is found
at the end of the log line composition buffer, so that LOGP()...LOGPC()
constructs also print source file info only when a log line actually ends.
Change-Id: I393907b3c9e0cc1145e102328adad0a83ee13a9f
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When IPPROTO_UDP is used then SO_REUSEADDR omitted since UDP is
connection less we do not have to wait until lingering connections time
out. There were also negative effects such as that two applicatications
could use the same UDP port, normally one of the two applications would
get an error, but with SO_REUSEADDR this is supressed. However, there
are applications (UDP MULTICAST) where two applications must be able to
use the same port. In the osmocom project those are osmo-bts-virtual,
virtphy and gsmtap in general.
Lets introduce a flag that the API user can supply in order to have
SO_REUSEADDR applied.
- Add new flag OSMO_SOCK_F_UDP_REUSEADDR
Change-Id: I94aaf6d5224ab23bde5ea5c4a83569b6145ab32b
Related: OS#3497
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The intention was to use the file's basename, but __BASE_FILE__ means "the root
file that is being parsed and contains #include statements".
If we had a function using __BASE_FILE__ and that was defined in an #included
file, __BASE_FILE__ would indicate the first file where the #include is, and
not the file where the function is defined. __BASE_FILE__ works for us because
we don't ever include function definitions that log something, so __BASE_FILE__
always coincides with __FILE__ for our logging; but still __BASE_FILE__ is
semantically the wrong constant.
Related: OS#2740
Change-Id: Ibc1d3746f1876ac42d6b1faf0e5f83bd2283cdcc
|
|
|
|
|
|
|
|
|
|
| |
It's a common pattern having a list of msgb and having to maintain its
size (for instance, to limit the maximum size of the list). Having the
counter updated at the same time that the msgb is enqueued or dequeued
helps avoiding introducing new bugs by forgetting to update the size
counter at the right places.
Change-Id: I33b501e89a8f29e4aa121696bcbb13d4b83db40f
|
|
|
|
|
|
|
|
|
|
|
|
| |
Otherwise applications need to use "extern void* tall_sigh_ctx" and set
it manually (that symbol is not exported in any header file) or end up
allocating struct signal_handler into the NULL talloc ctx.
API created in a similar way as already existing msgb_talloc_ctx_init(),
but without the pool_size because it's not considered necessary in this
case.
Change-Id: Id58ca18eb826b8f4183a7cf0dbb2b38cba702a09
|
|
|
|
|
|
|
|
|
| |
In SIMtrace 1 the ATR was sent the same way as an APDU.
The ATR is not an APDU, and could be mis-interpreted as valid APDU.
This change allows to make the difference between actual APDU and
the ATR, but also adds sub_types for future SIMtrace 2 use cases.
Change-Id: I5bd0dff5a4a90cfe96d9c4f3dec6657e1d85bf7a
|
|
|
|
|
|
|
|
|
| |
This came from osmo-bsc refactoring patch I82e3f918295daa83274a4cf803f046979f284366
https://gerrit.osmocom.org/#/c/osmo-bsc/+/9671/6/src/osmo-bsc/gsm_data.c@1708
Add regression test in utils_test.c.
Change-Id: I1f2918418c38918c5ac70acaa51a47adfca12b5e
|
|
|
|
|
|
|
|
|
|
| |
In Change-Id I5a70eb65952cbc329bf96eacb428b07a9da32433 we redirected
all OSMO_ASSERT() via osmo_panic(). However, this caused various
applications to have build failures, as OSMO_ASSERT() now appeared
to be able to return to the call site. Let's inform the compiler
explicitly that there's no return from osmo_panic().
Change-Id: I8adf4c7b0ee6a4581cef8dd4e9f6a1dfde70ee55
|
|
|
|
|
|
|
|
|
| |
A loooong time ago, we introduced osmo_panic() as a wrapper around
abort(). The advantage is, that this wrapper can be overridden, and
that it will also work in embedded (bare iron) targets, where the
abort simply translates to an infinite loop.
Change-Id: I5a70eb65952cbc329bf96eacb428b07a9da32433
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The general idea about each osmo_fsm_instance having a separate
log-level was to be able to selectively increase/show/enable logging
for some FSM instances (e.g. of a particular subscriber) while
maintaining normal logging verbosity for all other instances of the
same FSM.
The introduction of LOGPFSML() in Change-Id
If295fdabb3f31a0fd9490d1e0df57794c75ae547 broke that idea, as it would
use a compile-time log level, irrespective of the
osmo_fsm_inst.log_level setting of the given instance.
Let's combine the two:
Use the explicit level stated at LOGPFSML(), _unless_ this instance
has a higher log_level configured.
This way, all FSMs should normally be created with
osmo_fsm_inst.log_level == LOGL_DEBUG. At that point LOGPFSM()
statements would be rendered at debug level, typically below the
threshold of most logging configurations.
Code that has explicit higher log levels like LOGPFSML(fi, LOGL_ERROR)
would always be printed, as it is an error message.
And if we now increase the osmo_fsm_inst.log_level, then even the normal
LOGPFSM() statements would suddenly be logged at that higher level,
selectively increasing log verbosity - like originally intended.
Change-Id: I1820f04d0c6f5d5ff08eb95b8c0e88764534491a
|
|
|
|
| |
Change-Id: I2b96db6e037e72e92317fec874877e473a1cf909
|
|
|
|
| |
Change-Id: I3c0e53b846b2208bd201ace99777f2286ea39ae8
|
|
|
|
|
|
|
|
|
|
|
| |
* prefix all symbols/constants with osmo_
* use stdint.h types instead of kernel types
* use Doxygen API documentation
* use Osmocom CRC16-CCITT functions
* use Osmocom bit-reversal functions
* integrate with Automake
Change-Id: I109085ab3e412c20b19cd42fb7137aa0e4167542
|
|
|
|
|
|
|
| |
I've been importing from 94d7dbf108813ea45a91e27e9a8bd231d5a23fa7
but the isdnhdlc code hasn't seen any changes since 2012 anyway.
Change-Id: I3c58f9cb6921c2fdd0f2fcb11f622a0be88c7c63
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Linux offers file descriptor based periodic (interval) timers,
which can achieve a higher precision than our userspace based
timers and which can be slave'd to CLOCK_MONOTINIC or other clock
sources. Let's add some code for osmo_fd wrapped versions that
integrate well with our select() abstraction.
The code has been used in osmo-bts-trx since June 2017 (change-id
I51b19adde14ebb7ef3bb863d45e06243c323e22e), and I'm just renaming
and moving it to libosmocore here. After a merge, the osmo-bts
implementations can be removed in favor if this one.
Change-Id: Ibeffba7c997252c003723bcd5d14122c4ded2fe7
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Imagine following scenario:
1- client connects to CTRL iface, a new conn is created with POLL_READ
enabled.
2- A non-related event happens which triggers a TRAP to be sent. As a
result, the wqueue for the conn has now enabled POLL_WRITE, and message
will be sent next time we go through osmo_main_select().
3- At the same time, we receive the GET cmd from the CTRL client, which
means POLL_READ event will be also triggered next time we call
osmo_main_select().
4- osmo_main_select triggers osmo_wqueue_bfd_cb with both READ/WRITE
flags set.
5- The read_cb of wqueue is executed first. The handler closes the CTRL
conn for some reason, freeing the osmo_fd struct and returns.
6- osmo_qeueue_bfd_cb keeps using the already freed osmo_fd and calls
write_cb.
So in step 6 we get a heap-use-after-free catched by AddressSanitizer:
[0;m20180424135406115 [1;32mDLCTRL[0;m <0018> control_if.c:506 accept()ed new CTRL connection from (r=10.42.42.1:53910<->l=10.42.42.7:4249)
[0;m20180424135406116 [1;34mDLCTRL[0;m <0018> control_cmd.c:378 Command: GET bts.0.oml-connection-state
[0;m20180424135406117 [1;34mDLINP[0;m <0013> bts_ipaccess_nanobts.c:417 Identified BTS 1/0/0
[0;m[1;36m20180424135406118 [1;34mDNM[0;m[1;36m <0005> abis_nm.c:1628 Get Attr (bts=0)
[0;m[1;36m20180424135406118 [1;34mDNM[0;m[1;36m <0005> abis_nm.c:1628 Get Attr (bts=0)
[0;m20180424135406118 [1;34mDCTRL[0;m <000e> osmo_bsc_ctrl.c:158 BTS connection (re)established, sending TRAP.
[0;m20180424135406119 [1;32mDLCTRL[0;m <0018> control_if.c:173 close()d CTRL connection (r=10.42.42.1:53910< |