| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Currently out-of-memory is not handled by bssgp_msgb_alloc, leading
to SEGV failures if msgb_alloc_headroom returns NULL.
This commit adds an OSMO_ASSERT to catch this case, which improves
the situation only slightly. But bssgp_msgb_alloc is used in many
places without checking the return value, so just adding a
conditional early NULL return would not fix the issue either.
Fixes: Coverity CID 1293377
Sponsored-by: On-Waves ehf
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently the return value of the gprs_ns_tx family of functions is
often ignored. This is not a serious issue, since the successful
delivery of the messages is neither guaranteed nor acknowledged by
the network layer anyway.
Nevertheless this commit adds logging (level INFO) to gprs_ns_tx and
gprs_ns_msgb_alloc. The definition of the latter has been moved from
the header file to gprs_ns.c.
Fixes: Coverity CID 1040678, 1040679, 1040680, 1040681, 1040682,
1040683, 1040684, 1040686, 1040687, 1040688, 1111545,
1240203, 1240204
Sponsored-by: On-Waves ehf
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently bssgp_rx_ptp might be called with bctx being NULL, when the
NS BVCI is neither BVCI_SIGNALLING nor BVCI_PTM, but the message is
a BVC_RESET or it contains an BVCI IE != BVCI_SIGNALLING where the
BVCI is not known.
This patch ensures that bssgp_rx_ptp will only be called with a
non-NULL bctx. A log message will be issued, if the bctx is NULL when
this was not expected.
Fixes: Coverity CID 1040674
Sponsored-by: On-Waves ehf
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently the implementation of bssgp_tx_dl_ud conditionally adds
some optional IE if dup != NULL. Later on is dereferences dup to
access qos_profile and fc, but this without checking dup in advance.
This may lead to an segmentation violation fault.
This commit changes the value range of the function to only accept
dup != NULL. An assertion will fail otherwise. All other explicit
checks for non-NULL are removed.
Fixes: Coverity CID 1040673
Sponsored-by: On-Waves ehf
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently incoming BSSGP STATUS messages are just logged and no other
action is taken. This makes it impossible for higher layers to react
to failures which are indicated by corresponding STATUS messages
unless a timeout is triggered as a result of that failure later on.
This commit adds a bssgp_rx_status() function and calls it on
incoming STATUS messages. That function logs a message, increments the
new BSSGP_CTR_STATUS counter if the bctx context exists and invokes
an NM_STATUS status indication. The latter will allow the application
to handle failures immediately. Since all STATUS messages should be
handled, the function is already called in bssgp_rcvmsg and the
message is no longer handled in (and will not reach) bssgp_rx_sign
and bssgp_rx_ptp.
Ticket: OW#1414
Sponsored-by: On-Waves ehf
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Currently each incoming PtP BSSGP STATUS message is handled as 'not
yet implemented' and a BSSGP STATUS message (cause
BSSGP_CAUSE_PROTO_ERR_UNSPEC) is sent back to the peer. This will
cause endless messages loops if both peers use this BSSGP stack
implementation. This does not apply to signalling messages.
This commit changes the implementation of bssgp_rx_ptp() to just do
logging in this case.
Sponsored-by: On-Waves ehf
|
| |
|
|
|
|
|
|
|
|
| |
Currently this command segfaults (at least when ASAN is enabled),
because when getting the NSEI the index to argv is wrong and out of
bounds.
This patch fixes the offset.
Sponsored-by: On-Waves ehf
|
| |
|
|
|
|
|
|
|
|
|
| |
The copyright holders Harald Welte, Holger Freyther, Andreas Eversberg
and sysmocom - s.f.m.c. GmbH (represented by Holger and Harald) agree
that the license of libosmogb should be GPLv2+ and not AGPLv3+.
The reason the source files stated AGPLv3+ is due to the history, as
they were moved from OpenBSC to libosmocore at the time we needed to use
them from osmo-pcu. It was an oversight back then to not re-license
them accordingly.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently sending SUSPEND/RESUME messages to this function (like it
is done in the osmo-sgsn) results in STATUS messages complaining
about an unknown BVCI. The reason is, that these messages rely on a
TLLI/RAI pair to identify the context and do not contain an explicit
BVCI.
This patch modifies bssgp_rcvmsg() to only complain about and unknown
BVCI if one is given but a matching context is not found (except for
RESET messages). The ctx argument is removed from the functions
handling SUSPEND and RESUME since it will always be NULL then.
Sponsored-by: On-Waves ehf
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the OsmoSGSN we have a crash with a DEAD/BLOCKED GPRS-NS and
segmented SN-UNITDATA. For the caller it is not easy to know if
the passed msg buffer has been freed or not. The most easy solution
is to always take the ownership and either pass it on or free it
in case of an error.
Adjust indirect and direct callers of gprs_ns_sendmsg. I found
the following call-chains with an external msgb parameter.
gprs_ns_sendmsg
<- _bssgp_tx_dl_ud
<- bssgp_fc_in
<- bssgp_tx_dl_ud
Update the test to allocate a real msgb because for the test with
'1000' we will msgb_free it right away.
Sponsored-by: On-Waves ehf
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently the NS-VC's state is updated from within gprs_ns_tx_reset,
which can lead to an inconsistent state when the RESET_ACK is lost.
In this state, the NSE_S_RESET bit is set but the Tns-reset timer is
not started.
This patch moves the state update into gprs_nsvc_reset. This way, the
state flags are consistent with the timer.
Addresses:
SGSN -> BSS NS_ALIVE
BSS -> SGSN NS_ALIVE_ACK
BSS -> SGSN BVC_RESET
SGSN -> BSS NS_STATUS, Cause: NS-VC blocked, NS VCI: 0x65
and there is no BSS->SGSN NS_ALIVE
Ticket: OW#1213
Sponsored-by: On-Waves ehf
|
| |
|
|
|
|
|
|
|
|
| |
Currently gprs_nsvc_reset does not return any value.
This patch changes the function to return an integer, where a value
less than zero indicates an error. The value is taken from the
gprs_ns_tx_reset function. In case of failure, an error message is logged.
Sponsored-by: On-Waves ehf
|
| |
|
|
|
| |
Preprocessor flags are best placed in AM_CPPFLAGS. Remove use of the
unused all_includes variable, which is never set.
|
| |
|
|
|
|
| |
the bits/crc files are not inside the sourcedirectory but will end
in the build directory. Go and look there as well. This somehow
doesn't fail with make distcheck but when building for Yocto Dizzy.
|
| |
|
|
|
|
|
|
|
|
| |
Currently the bssgph field is not set when using the bssgp_tx_*
functions. This hinders unit testing of generated messages.
This patch initializes the bssgph field directly after allocation a
new bssgp msgb in bssgp_msgb_alloc() so that it is set by default.
Sponsored-by: On-Waves ehf
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently BSSGP messages with an NS BVCI of 0 (signalling) are
discarded if they aren't RESET messages. Thus valid signalling
messages (e.g. BLOCK) are not handled properly, because the BVCI IE
is ignored if it present. Instead a STATUS message referring to BVCI
0 (instead of the BVCI used in the BLOCK message) is returned.
This patch changes the implementation to use the BVCI contained in
the BVCI IE if that is present in a signalling message.
It fixes BSSGP BLOCK/UNBLOCK for the osmo-sgsn.
Note that signalling messages without an BVCI IE (e.g.
SUSPEND/RESUME) are still rejected.
Ticket: OW#1205
Sponsored-by: On-Waves ehf
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently the BVCI is not set in all invocations to bssgp_tx_status()
when the cause is UNKNOWN_BVCI.
This patch adds the argument where it is missing.
It also adds a check for compliance (GSM 08.18, 10.4.14.1) to
bssgp_tx_status() to emit errors when the following requirement is
not fulfilled: The BVCI must be included if (and only if) the cause
is either "BVCI blocked" or "BVCI unknown".
Sponsored-by: On-Waves ehf
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix re-initialize issue of the GPRS NS. This was found while
working on the GB Proxy tests.
==27800== Invalid write of size 4
==27800== at 0x403C263: rate_ctr_group_alloc (linuxlist.h:65)
==27800== by 0x4050974: gprs_nsvc_create (gprs_ns.c:209)
==27800== by 0x405320D: gprs_ns_instantiate (gprs_ns.c:1330)
==27800== by 0x804B212: main (gbproxy_test.c:797)
==27800== Address 0x434173c is 52 bytes inside a block of size 784 free'd
==27800== at 0x4029DA8: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==27800== by 0x4041BBD: _talloc_free (talloc.c:609)
==27800== by 0x40432B2: talloc_free (talloc.c:578)
==27800== by 0x40532D3: gprs_ns_destroy (gprs_ns.c:1363)
==27800== by 0x804B1FE: main (gbproxy_test.c:791)
|
| |
|
|
|
|
| |
Okay. this comment thing has not worked (I totally forgot about it).
I think either we try to find ABI breakages with tools or we use
#error macros and check for a version...
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently the field nsvci_is_valid is set to 0 in the NSVC object
returned by gprs_nsvc_create(). This was a semantic change probably
introduced by commit 5e6d679d. As a result, NSVC created via the VTY
have this flag set to 0 causing RESET_ACK messages to be rejected.
This patch changes the default behaviour of gprs_nsvc_create() to
always set this flag. So it must be set to 0 explicitely if needed
which is more intuitive and thus less error prone.
It fixes breaking connections from the Gbproxy to the SGSN.
Ticket: OW#874
Sponsored-by: On-Waves ehf
|
| |
|
|
|
|
|
|
|
|
|
| |
Currently those messages are answered by a NS_STATUS message when
received on an uninitialised (no NS_RESET hat been seen yet) NS_VC
which violates GPP TS 08.16 7.3.1 and 7.4.1.
This patch adds checks to gprs_ns_vc_create() and eventually returns
before the error NS_STATUS message is generated.
Sponsored-by: On-Waves ehf
|
| |
|
|
|
|
| |
Add a #define for the check and use this in this path as well.
Fixes: Coverity CID 1103092
|
| |
|
|
| |
Fixes: Coverity CID 1111545
|
| |
|
|
|
|
|
| |
We could consider creating a CHECK MACRO that will print a message
in case of a tx failure.
Fixes: Coverity CID 1111544
|
| |
|
|
| |
Fixes: Coverity CID 1107253
|
| |
|
|
|
|
|
|
|
| |
When a RESET is received on the same link with a different NSVCI from
a BSS on a dynamically created NS connection do not patch the nsvc
object but create a new one instead. Thus the NSVCI is never modified
at a nsvc object after the NS-VC has been established.
Sponsored-by: On-Waves ehf
|
| |
|
|
|
|
|
|
|
| |
This modifies the NS stack's behavior to accept RESET and RESET_ACK
NSEI changes for NS-VC dynamically created by RESET messages from
BSSes. This feature is not used for NS-VC configured via VTY or NS-VC
to a SGSN.
Sponsored-by: On-Waves ehf
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This changes the implementations for the reception of RESET and
RESET_ACK to be compatible with 3GPP TS 08.16, 7.3.1:
- Just send a RESET_ACK with correct values back to the SGSN when a
RESET with an invalid NSVCI or NSEI has been received.
- Check RESET_ACK for matching NSEI and NSVCI.
- Ignore unexpected RESET_ACKs.
In addition, use RESET_ACK from a BSS to update the BSS source
address based on the NSVCI to be tolerant with changing UDP source
addresses/ports.
Sponsored-by: On-Waves ehf
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes a SEGV error that happens the next time the statistics
are updated.
Addresses:
Program terminated with signal 11, Segmentation fault.
#0 0xb7711fa5 in rate_ctr_group_intv (grp=<optimized out>) at
rate_ctr.c:107
107 for (i = 0; i < grp->desc->num_ctr; i++) {
#0 0xb7711fa5 in rate_ctr_group_intv (grp=<optimized out>) at
rate_ctr.c:107
#1 rate_ctr_timer_cb (data=0x0) at rate_ctr.c:129
#2 0xb770ec59 in osmo_timers_update () at timer.c:243
#3 0xb770ef7a in osmo_select_main (polling=0) at select.c:133
#4 0x08049987 in main (argc=3, argv=0xbfba8084) at
gb_proxy_main.c:306
Sponsored-by: On-Waves ehf
|
| |
|
|
|
|
|
| |
Use 'config-ns' instead of plain 'ns' and append a blank after the
'#' to make the vty python test script work.
Sponsored-by: On-Waves ehf
|
| |
|
|
|
|
|
|
|
| |
This adds a 'nsvc nsvci <0-65535> (block|unblock|reset)' vty
command. It selects the NS-VC based on the nsvci instead of using the
first with a matching NSEI, like it is done when the 'nsei' keyword
is used instead.
Sponsored-by: On-Waves ehf
|
| |
|
|
|
|
|
| |
The state matching condition is inverted. This is corrected by this
fix.
Sponsored-by: On-Waves ehf
|
| |
|
|
| |
New interfaces and ABI incompatible changes in the GB library
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Under special circumstances (see below) receiving a NS-RESET leads to
duplicated NS-VC entries.
This happens when the source port of a NS-VC changes to a new one
that has already been used by another NS-VC.
This patch changes gprs_ns_rx_reset() to check for this case and to
use the existing NS-VC object. The NS-VC object that was associated
with the source address before is detached from this source but kept
in the NS-VC list so that it can be reattached when a correspondent
NS-RESET is received later on. Meanwhile it will have a cleared link
layer address which will not match a real link info.
A new counter NS_CTR_REPLACED is incremented each time when the NS-VC
object is replacing another one. A new signal S_NS_REPLACED is added
which gets dispatched in this case, too.
Another new counter NS_CTR_NSEI_CHG is incremented each time when the
NSEI of a NS-VC object (with fixed NSVCI) changes.
Ticket: OW#874
Sponsored-by: On-Waves ehf
|
| |
|
|
|
|
|
|
| |
Adds the functions gprs_ns_ll_copy() and gprs_ns_ll_clear(). Renames
gprs_ns_format_peer() to gprs_ns_ll_str(). All of these functions
uniformly access the link layer part within the NS-VC objects.
Sponsored-by: On-Waves ehf
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Currently this first NS-VC with a matching NSEI is always used to
send a UNITDATA message via gprs_ns_sendmsg(). If the NS-VC found is
either dead or blocked, an error is returned.
This patch changes to code to skip blocked or dead NS-VCs while
searching and return the error if no usable NS-VC is found. This
makes it possible to have several NS-VCs per connection group.
Sponsored-by: On-Waves ehf
|
| |
|
|
|
|
|
| |
Register an osmo signal handler to print a short notice about every
SS_L_NS signal that is generated while processing the tests.
Sponsored-by: On-Waves ehf
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently when a NS-RESET is recevied over a link that has not yet
been associated with a NS-VC, the NSEI is used to find an existing
NS-VC. If one is found, the reset procedure is initiated.
This behaviour is not conformant with 3GPP TS 08.16 (see chapter
4.2.3) which allows to use several NS-VC between two endpoints in
parallel.
The patch changes the implementation to use the NSVCI instead
of the NSEI to search for an existing NS-VC object.
Ticket: OW#874
Sponsored-by: On-Waves ehf
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
According to 3GPP TS 08.16, 7.3 "Reset procedure" the entity
receiving a NS-RESET PDU responds with a NS-RESET-ACK and 'then'
starts the test procedure which essentially means, that a NS-ALIVE
gets sent and a timer is started.
Currently the NS-ALIVE is sent before the NS-RESET-ACK.
This patch fixes the implementation by reversing the order in which
these messages are sent.
Sponsored-by: On-Waves ehf
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This patch refactors gprs_ns_rcvmsg() by moving the parts relevant to
the NS messages into the new functions gprs_ns_vc_create() (nsvc
object creation) and gprs_ns_process_msg() (main NS automaton). These
do not contain code that directly depends on the link layer (they
call other functions that still do). This reduces the gprs_ns_rcvmsg()
function to calling these two functions and optionally setting up the
link layer specific fields of the nsvc.
Sponsored-by: On-Waves ehf
|
| | |
|
| |
|
|
|
|
|
| |
If the BTS tells us to not send any data at all anymore (bucket leak
rate of 0 bits per second), then we should respect this and not run into
a divide-by-zero. However, as this indicates complete overload, we
print a log message to that regard.
|
| |
|
|
| |
Allow to tag the NS service with a custom DSCP.
|
| | |
|
| |
|
|
| |
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
|
| |
|
|
|
| |
Add a check to not use --version-script linker flag if compiled on OSX
since it doesn't exist there
|
| |
|
|
|
|
|
|
|
|
| |
Use FreeBSD struct iphdr definition for OSX also. From the commentary in
the source file:
On BSD the IPv4 struct is called struct ip and instead of iXX
the members are called ip_XX. One could change this code to use
struct ip but that would require to define _BSD_SOURCE and that
might have other complications. Instead make sure struct iphdr
is present on FreeBSD.
|
| | |
|
| | |
|
