| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
| |
In some places, the return value of msgb_alloc/msgb_alloc_headroom
is not checked before it is dereferenced.
This commit adds NULL checks to return with -ENOMEM from the calling
functions if the alloc function has failed.
Fixes: Coverity CID 1249692, 1293376
Sponsored-by: On-Waves ehf
|
|
|
|
|
|
|
| |
If LAPDm receives an I-Frame while there already is an I-Frame in the
tx_queue the code generates an additional RR (to acknowledge the
received I-Frame). Instead, N(R) of the I-Frame in the tx_queue should
be updated to ACK the data.
|
|
|
|
|
| |
This API allows you to get the lapdm_datalink for a SAPI. It's needed in
the lapdm_test, so make it public.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently it takes 3s to establish a SAPI 3 SACCH connection with
osmo-bts. This is due to the fact, that a broken SABME request is
sent first and and is ignored by the MS. Then, after a T200 timeout
(2s) the SABME command is sent again (this time correctly) and
answered by the MS.
The first SABME message is broken (it has a length field of 3 and
ends with 3 bytes from the tail of the original RSL message),
because of it is expected throughout lapdm.c that msg buffers
containing RSL have msg->l2h == msg->data. Some abis input drivers
fulfill this but IPA doesn't, thus the 3 bytes of the IPA header
are still part of the msg and confuse length computation.
Since internal fields of the msg are modified directly, this is
difficult to see.
This patch adds a new function msgb_pull_to_l3() that explicitely
skips over all headers prepending L3 and therefore resets l1h and
l2h. This function is then used instead of msgb_pull_l2h() which
only worked correctly when msg->l2h == msg->data. In addition,
code manipulating msg->tail and msg->len directly has been replaced
by calls to msgb_trim().
Note that this patch does not fix all issues of this case in the LADP
related code.
Ticket: SYS#192
Sponsored-by: On-Waves ehf
|
| |
|
|
|
|
| |
It is used to transfer PHYSICAL INFORMATION message to the MS.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This was found while implementing handover on a sysmobts. When we
receive a channel release request for a channel that was never really
activated (set_lapdm_context() was not called) we segfault in
lapd_recv_dlsap().
We now return early with -EINVAL in rslms_rx_rll() if we receive a
message that assumes set_lapdm_context() was already called.
These are:
* RSL_MT_UNIT_DATA_REQ
* RSL_MT_DATA_REQ
* RSL_MT_SUSP_REQ
* RSL_MT_REL_REQ
A test case was added to trigger the issue.
|
|
|
|
|
|
| |
When we send DISC frames (especially generated from RSL), we don't want
any remaining bytes from the RSL message showing up as bogus DISC
payload.
|
|
|
|
| |
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
|
|
|
|
|
|
| |
In rsl_rll_error() we don't need to re-set the msg->l2h as that would
corrupt the message. The recipient would interpret any cause value
as 0.
|
|
|
|
|
|
|
|
|
|
| |
This code should not play with the internals of the msgb like this,
this code got introduced in af48bed55607931307 and is breaking the
osmo-bts usecase of forwarding an RSL message.
Add a test case that fails without the new code. I would prefer if
we could get rid of the manipulating the msgb like this, it is prone
to errors like this one.
|
|
|
|
|
| |
Written-by: Andreas Eversberg <jolly@eversberg.eu>
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
|
|
|
|
|
|
|
|
|
|
| |
This is part of a set of commit to fix LAPDm to handle datalink
connection on ACCH (SAPI 3)
This is required to transfer SMS on SACCH of TCH/f or SDCCH/8 (4).
Written-by: Andreas Eversberg <jolly@eversberg.eu>
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Timing advance and power level indicated by MS (measurement reports)
and BTS (SI 5/6) are now stored for use at ACCH data link connection.
This is part of a set of commit to fix LAPDm to handle datalink
connection on ACCH (SAPI 3)
This is required to transfer SMS on SACCH of TCH/f or SDCCH/8 (4).
Written-by: Andreas Eversberg <jolly@eversberg.eu>
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
|
|
|
|
|
|
|
|
|
|
| |
This is part of a set of commit to fix LAPDm to handle datalink
connection on ACCH (SAPI 3)
This is required to transfer SMS on SACCH of TCH/f or SDCCH/8 (4).
Written-by: Andreas Eversberg <jolly@eversberg.eu>
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
|
|
|
|
|
|
|
|
|
|
| |
This is part of a set of commit to fix LAPDm to handle datalink
connection on ACCH (SAPI 3)
This is required to transfer SMS on SACCH of TCH/f or SDCCH/8 (4).
Written-by: Andreas Eversberg <jolly@eversberg.eu>
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
|
|
|
|
|
| |
Written-by: Andreas Eversberg <jolly@eversberg.eu>
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of mixing together the GSM layer 1 interface and RSL interface
with the implementation of LAPD, the core function of LAPD is now
extracted from LAPDm. The core implementation is now in lapd_core.c
and lapd_core.h respectively.
The lapd_core.c implements exactly one datalink instance for one SAP.
The surrounding implementation "lapdm.c" codes/decodes the layer 2
headers and handles multiplexing and datalink instances, as well as
translates primitives from/to RSL layer.
lapd_core.c can now be used for other LAPD implementations. (ISDN/ABIS)
|
| |
|
| |
|
|
|
|
| |
detected by Smatch
|
|
|
|
|
| |
this fixes a memory leak where the final UA would always remain
in memory after a LAPDm entity has been disconnected.
|
| |
|
|
|
|
| |
We have to determine the SAPI ourselves inside the LAPDm header.
|
|
|