summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* vty: fix use-after-free and memleaks in is_cmd_ambiguous()Neels Hofmeyr2018-07-111-20/+43
| | | | | | | | | | | | | | | | | | | | | | | vty_test: add test against ambiguous cmd causing use-after-free and memory leaks. Add this test along with the fix, because the new test triggers the memory use-after-free and leaks, causing build failures. Add cmd_deopt_with_ctx() to allow passing a specific talloc ctx. is_cmd_ambiguous(): keep all cmd_deopt() allocations until the function exits. Add a comment explaining why. Before this, if a command matched an optional "[arg]" with square brackets, we would keep it in local var 'matched', but we would free the string it points to at the end of that loop iteration; upon encountering another match, we would attempt to strcmp against the freed 'matched'. Instead of adding hard-to-read and -verify free/alloc dances to keep the 'matched' accurately freed/non-freed/..., just keep all cmd_deopt() string allocated until done. Needless to say that this should have been implemented on a lower level upon inventing optional args, but at least this is fixing a program crash. Related: OS#33903390 Change-Id: Ia71ba742108b5ff020997bfb612ad5eb30d04fcd
* vty: cosmetic: cmd_deopt(): use talloc_strndup(), not memcpy()Neels Hofmeyr2018-07-091-8/+1
| | | | Change-Id: Ibf870ae02be706f802482f7cff6589a70cde8320
* vty/command.c: talloc from tall_vty_cmd_ctx, not NULLNeels Hofmeyr2018-07-091-3/+3
| | | | Change-Id: Iaa409b4f63557c8fb028bbb322b5e7253393c05c
* Don't enforce Python 2 for utilitiesVadim Yanitskiy2018-07-021-1/+1
| | | | | | | | | | | The conv_gen.py utility was tested against both Python 2 and 3, so there is no need to enforce Python 2. Also, having: #!/usr/local/bin/python{2|3} is a bad idea, because Python may be installed in a different location. Change-Id: I6007d481047b584db13d6eda70fb99f11f9ddaa1
* osmo_panic(): Annotate as __attribute__ ((noreturn))Harald Welte2018-06-291-1/+8
| | | | | | | | | | In Change-Id I5a70eb65952cbc329bf96eacb428b07a9da32433 we redirected all OSMO_ASSERT() via osmo_panic(). However, this caused various applications to have build failures, as OSMO_ASSERT() now appeared to be able to return to the call site. Let's inform the compiler explicitly that there's no return from osmo_panic(). Change-Id: I8adf4c7b0ee6a4581cef8dd4e9f6a1dfde70ee55
* Don't call abort() directly, always use osmo_panic()Harald Welte2018-06-282-2/+3
| | | | | | | | | A loooong time ago, we introduced osmo_panic() as a wrapper around abort(). The advantage is, that this wrapper can be overridden, and that it will also work in embedded (bare iron) targets, where the abort simply translates to an infinite loop. Change-Id: I5a70eb65952cbc329bf96eacb428b07a9da32433
* Fix embedded (arm-none-eabi) buildsHarald Welte2018-06-284-0/+26
| | | | | | | | | Due to OS#3360, build testing for arm-none-eabi was unfortunately skipped for a long time. This is a number of fixes that make the compile test pass again. Related: OS#3360 Change-Id: I88e3c8e1a8786ca2a6a023b0d27c74be200a8588
* return error to sender upon bssgp_tlv_parse() failureStefan Sperling2018-06-251-0/+2
| | | | | | | | | | Return "invalid mandatory information" error status to the sender in case bssgp_tlv_parse() failed. To avoid loops, do not respond with an error status to STATUS PDUs which failed parsing. Change-Id: If73719b75a94d6742bdefc9b6572525cb00a96ee Related: OS#3178
* check bssgp_tlv_parse() return code in bssgp_rcvmsg()Stefan Sperling2018-06-251-0/+5
| | | | | | | | | | | The return code from bssgp_tlv_parse() was not checked for a parsing error. In case of a parsing error the stored return code could have been overwritten later in this function. Explicitly check for a parsing error and log corresponding packets. Change-Id: Id3d7c52ec3df2bcf4efcee0e0b14fe22ef96964e Related: OS#3178
* add and tweak inter-BSC HO APINeels Hofmeyr2018-06-182-2/+87
| | | | | | | | | | | | | | | | | | Add: gsm0808_create_handover_detect() gsm0808_create_handover_complete() gsm0808_create_handover_failure() To existing structs gsm0808_old_bss_to_new_bss_info and gsm0808_handover_required, add a final 'more_items' flag that makes future extensions API and ABI compatible. Fix the msgb string for Handover Request Ack. Extend some API doc comments. Related: OS#2283 (inter-BSC Handover, BSC side, MT) Change-Id: I03ee7ce840ecfa0b6a33358e7385528aabd4873f
* gsm: lapdm.c: Add missing new line char in notice log stringPau Espin Pedrol2018-06-181-1/+1
| | | | Change-Id: I92c78ea01570dc1f4be11b113c07f0aa3b342c8f
* gsm 04.80: Add value_string for component type and op codeHarald Welte2018-06-162-0/+34
| | | | Change-Id: I2615a88db5224d65f37c7cc505e183ec8b196e8a
* gsup: Add value_string for Session State IEHarald Welte2018-06-162-0/+9
| | | | | | | | In Change-Id I1cee271fed0284a134ffed103c0d4bebbcfde2a8 we added support for a new session state IE, but we didn't add any value_string array for string conversion of it. Let's fix this. Change-Id: I3d9f087786dc37c42498fa9a2be07483ec93ba7b
* Add function gprs_nsvc_state_appendDaniel Willmann2018-06-142-0/+23
| | | | | | A common function to append the nsvc state from osmo-sgsn or osmo-gbproxy Change-Id: I7f0eaff7329ab98cad792d30b20ab053007aab85
* gsup: Add osmo_gsup_get_err_msg_type() functionHarald Welte2018-06-112-0/+24
| | | | | | | | This function can be used to resolve the error message type for a given message type. Can be used by generic error handlers that work for any incoming message type. Change-Id: Ic637bec53dd7fe3ec83da99b49b4eae34d5602b2
* gsm/gsm0480: refactor and expose gsm0480_parse_facility_ie()Vadim Yanitskiy2018-06-112-16/+31
| | | | | | | | | | | | | | This function can be used when there is only a part of GSM 04.80 message available - Facility IE, e.g. when a message is carried over GSUP/MAP. Let's expose it. Refactoring includes the following: - adding the 'gsm0480_' prefix; - correcting inverted return value; - cosmetic code style changes. Change-Id: I623c39ffbe6cdee65eade8435a2faa04d0da193e
* gsm/gsm0480.c: introduce gsm0480_extract_ie_by_tag()Vadim Yanitskiy2018-06-112-0/+89
| | | | | | | | In some cases, there is no need to parse the whole message, e.g. during the conversion from DTAP to GSUP/MAP. This function can be used to extract given IE from a message. Change-Id: I3989d061903352473305f80712f1a1560d05df3d
* vty: Add logging_vty_add_deprecated_subsysHarald Welte2018-06-091-0/+21
| | | | | | | | | | | | | This function permits the user to register deprecated log categories, which will ensure that if log categories are removed from a program, old config files will still load. We simply dynamically allocate a cmd_element and install it at CFG_LOG_NODE. Not registering it at VIEW_NODE or ENABLE_NODE ensures that it's not accessible from the interactive VTY, but only from the config file / configure node. Change-Id: I171f62ea2dc565b3a6c3eecd27fb7853e2529598
* vty: Don't dump deprecated commands in XML exportHarald Welte2018-06-091-2/+4
| | | | | | | we don't want to include deprecated commands in our VTY reference manuals. Change-Id: I5e179c9dca297b8c4bdbdf4e0e5b1d69eecc4232
* Add osmo_isqrt32() to compute 32bit integer square rootHarald Welte2018-06-061-0/+40
| | | | Change-Id: I2b96db6e037e72e92317fec874877e473a1cf909
* gsm0808: Add value_string for LCLS related IEsHarald Welte2018-06-022-0/+36
| | | | Change-Id: I18d7a29496929c761aeaba9c0aee847befc13108
* add osmo_fsm_inst_state_chg_keep_timer()Neels Hofmeyr2018-05-311-30/+64
| | | | Change-Id: I3c0e53b846b2208bd201ace99777f2286ea39ae8
* GSUP: introduce new messages for SS/USSD payloadsVadim Yanitskiy2018-05-311-0/+15
| | | | | | | | | | | | | | | | | In order to be able to transfer SS/USSD messages via GSUP, this change introduces the following new message types: - OSMO_GSUP_MSGT_PROC_SS_*, and the following new IE: - OSMO_GSUP_SS_INFO_IE which represents an ASN.1 encoded MAP payload coming to/from the mobile station 'as is', without any transcoding. Change-Id: Ie17a78043a35fffbdd59e80fd2b2da39cce5e532 Related: OS#1597
* GSUP: implement TCAP-like session managementVadim Yanitskiy2018-05-311-0/+16
| | | | | | | | | | | | | | | | | | | | Unlike TCAP/MAP, GSUP is just a transport layer without the dialogue/context. This prevents us from having session based communication, required e.g. for USSD. But we can emulate TCAP dialogue by adding additional IEs, which would allow to relate each message to a particular session. This change introduces the following IEs: - OSMO_GSUP_SESSION_ID_IE, - OSMO_GSUP_SESSION_STATE_IE, which optionally can be used to indicate that the message is related to a session with given ID, and to manage session state, i.e. initiate, continue, and finish. Change-Id: I1cee271fed0284a134ffed103c0d4bebbcfde2a8 Related: OS#1597
* gsm0808: Add encoding functions for LCLS BSSMAP messagesHarald Welte2018-05-302-0/+63
| | | | Change-Id: Ib83143e467df068b7d462a8e51d94b9d961ce18f
* gsm0480: fix: don't overwrite the data of RELEASE_COMPLETEVadim Yanitskiy2018-05-291-2/+6
| | | | | | | | | | | According to the 3GPP TS 04.80, table 2.5 'Release complete', a RELEASE_COMPLETE message may containg optional FACILITY element. Meanwhile, the 0xff byte is used to indicate that there is no decoded message (legacy field). Let's avoid overwriting of a decoded message. Change-Id: I0c85292222749a48ca0c4b2e93f4fa2d61468c18
* add gsm0808_create_handover_request_ack()Neels Hofmeyr2018-05-272-0/+26
| | | | | Related: OS#2283 (inter-BSC Handover, BSC side, MT) Change-Id: I692292a06c7d66004404560dc4ed933ca9107f9b
* add support for gsm0808 HANDOVER REQUIRED messageNeels Hofmeyr2018-05-272-0/+71
| | | | | Related: OS#2283 (inter-BSC Handover, BSC side, MO) Change-Id: Idb6dc3eab0282158a17091d97ed77c1e2e3eb3c2
* add gsm0808_cell_id_to_list()Neels Hofmeyr2018-05-272-0/+32
| | | | | | | | The idea is to be able to add a gsm0808_cell_id to a gsm0808_cell_id_list2: first convert it to a list, then re-use gsm0808_cell_id_list_add(). It will be used by osmo-bsc to manage neighbor-BSS cell identifiers from VTY. Change-Id: Ibf746ac60b1b1e920baf494b396658a5ceabd788
* ctrl: Add doxygen API documentation; generate html from itHarald Welte2018-05-262-4/+67
| | | | | Closes: OS#3293 Change-Id: I8dc2f24d4bf557ff7bb0f2f46881f9f8d9d7f86f
* ctrl: Introduce libosmoctrl.map to avoid unintended exportsHarald Welte2018-05-262-0/+36
| | | | | | | | There are some symbols for use between control_cmd.c and control_if.c, which are not supposed to be exported publicly. Let's make sure we keep those symbols local. Change-Id: Ia85f36a9c4b2ebf4003718e0a230959638370320
* cosmetic: Whitespace fixes in control_if.cHarald Welte2018-05-261-3/+3
| | | | Change-Id: I24666d0b90a355e9fdefd280d48900b8cac1de64
* remove unused argument from pad_append_ctr() helper functionStefan Sperling2018-05-251-7/+7
| | | | | | Change-Id: Iff5699be1dc306120cc1752b0a892e4fcbc5a8c0 Fixes: 97d3da2c591984b47839fd1d9a5cba24a7f05fa1 Related: OS#3245
* Add a 'show rate-counters' VTY command.Stefan Sperling2018-05-241-0/+17
| | | | | | | | | Add a new VTY command which shows all rate counters registered with libosmocore. Change-Id: Id60a5aa2d961ae99cddf1e776358a5517dbc573d Depends: Idb3ec12494ff6a3a05efcc8818e78d1baa6546bd Related: OS#3245
* introduce vty_out_rate_ctr_group_fmt() functionStefan Sperling2018-05-241-0/+136
| | | | | | | | | | | | This new function can be used to print a rate counter group according to a format string. The intention is to generalize and replace manual printing of counters as implemented for the 'show statistics' VTY command of osmo-bsc. Related: OS#3245 Related: osmo-bsc commit 71d524c059c5a5c90e7cb77d8a2134c1c68b9cde (g#9217) Change-Id: Idb3ec12494ff6a3a05efcc8818e78d1baa6546bd
* mncc: properly export osmo_mncc_name()Harald Welte2018-05-242-4/+1
| | | | | | | For some strange reason, the osmo_mncc_name() inline function was not in the mncc.h header, but in the mncc.c file. Let's fix that. Change-Id: I2c3666510c981dffa4ba25bed517fd7ebd1250f5
* gsm: kasumi: Fix dynamic-stack-buffer-overflow on out buffers not multiple ↵Pau Espin Pedrol2018-05-171-1/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | of 64 bits Fixes following AddressSanitizer report during gea_test run with gcc 8.1.0: ==8899==ERROR: AddressSanitizer: dynamic-stack-buffer-overflow on address 0x7ffc5f1719bb at pc 0x7fe574adc5fe bp 0x7ffc5f171460 sp 0x7ffc5f171450 WRITE of size 1 at 0x7ffc5f1719bb thread T0 #0 0x7fe574adc5fd in osmo_store64be_ext ../../include/osmocom/core/bit64gen.h:75 #1 0x7fe574adc649 in osmo_store64be ../../include/osmocom/core/bit64gen.h:104 #2 0x7fe574ade936 in _kasumi_kgcore libosmocore/src/gsm/kasumi.c:186 #3 0x7fe574ae2532 in gea4 libosmocore/src/gsm/gea.c:44 #4 0x7fe574ae266c in gea3 libosmocore/src/gsm/gea.c:60 #5 0x7fe574a9b616 in gprs_cipher_run libosmocore/src/gsm/gprs_cipher_core.c:95 #6 0x56422d3fb2ee in test_gea libosmocore/tests/gea/gea_test.c:29 #7 0x56422d3fb506 in main libosmocore/tests/gea/gea_test.c:49 #8 0x7fe5730f406a in __libc_start_main (/usr/lib/libc.so.6+0x2306a) #9 0x56422d3fadf9 in _start (libosmocore/tests/gea/.libs/lt-gea_test+0x1df9) The kasumi_test is updated to calculate the entire array of bits according to expected result. Before this commit it worked by writing the entire last 64bit block, and addressSanitizer cannot catch it because the allocated buffer is 64bit aligned too. Change-Id: I7b2a0224a3b5527d5a3ad7e17efc73081b63eac1
* fix spellingThorsten Alteholz2018-05-151-2/+2
| | | | Change-Id: I3ac92217f83279d5f987ab34eb18b2e6cb1c7812
* fsm: guard action callbackPhilipp Maier2018-05-151-1/+3
| | | | | | | | | | | The FSM allows to set individual action callback functions for each state but it does not allow to leave the action callback pointer unpopulated. However, there are cornercases where having no callback function is desirable. - Check if action callback is popolated before executing it. Change-Id: I36d221c973d3890721ef1d376fb9be82c4311378
* isdnhdlc: Port from kernel to userspaceHarald Welte2018-05-112-61/+49
| | | | | | | | | | | * prefix all symbols/constants with osmo_ * use stdint.h types instead of kernel types * use Doxygen API documentation * use Osmocom CRC16-CCITT functions * use Osmocom bit-reversal functions * integrate with Automake Change-Id: I109085ab3e412c20b19cd42fb7137aa0e4167542
* import isdn4linux HDLC code from linux kernelHarald Welte2018-05-111-0/+630
| | | | | | | I've been importing from 94d7dbf108813ea45a91e27e9a8bd231d5a23fa7 but the isdnhdlc code hasn't seen any changes since 2012 anyway. Change-Id: I3c58f9cb6921c2fdd0f2fcb11f622a0be88c7c63
* Add osmo_timerfd_* functions for osmo_fd-wrapped timerfdHarald Welte2018-05-101-0/+66
| | | | | | | | | | | | | | | Linux offers file descriptor based periodic (interval) timers, which can achieve a higher precision than our userspace based timers and which can be slave'd to CLOCK_MONOTINIC or other clock sources. Let's add some code for osmo_fd wrapped versions that integrate well with our select() abstraction. The code has been used in osmo-bts-trx since June 2017 (change-id I51b19adde14ebb7ef3bb863d45e06243c323e22e), and I'm just renaming and moving it to libosmocore here. After a merge, the osmo-bts implementations can be removed in favor if this one. Change-Id: Ibeffba7c997252c003723bcd5d14122c4ded2fe7
* lapdm: don't enforce contention resolution on SAPI0/DCCHHarald Welte2018-05-091-5/+2
| | | | | | | | | | | | | | | | | | | In Change-Id: I8c2c103cdc7f9a45d7b2080c572f559fc3db58e4 we introduced a check to enforce contention resolution always being used in MS-originated LAPDm establishment on the main DCCH / SAPI0. This is only required after RACH request (IMM.ASS.) and not after a normal assignment command which was sent already via a dedicated channel. Hence, we cannot enforce a strict requirement for contention resolution in those cases. We *could* use the RSL Channel Activation type as a constraint on whether or not to enforce contention-resoluiton-only LAPDm establishment, but this is out of the scope of the LAPDm code but would have to be done inside OsmoBTS. Related: OS#3252 Change-Id: Id903492ee90809fe98defcf4abc0419b8150069f
* lapdm: send_rslms_rll_l3_ui(): Don't include B4/SACCH IE unless neededHarald Welte2018-05-081-3/+5
| | | | | | | | | | | | | | The RSL_IE_MS_POWER / RSL_IE_TIMING_ADVANCE is how we communicate the SACCH L1 header values on the MS side between LAPDm and L3 (which is a non-standard use of RSL). However, those IEs only maek sense on the SACCH, where we have B4 frame format and where we actually have a L1 header containing related information. Let's make sure to skip those IEs on regular RLL UNIT DATA INDICATION happening on other channel types. Change-Id: I6f13e02192531479287f71de674d17ca2ceabdc6 Closes: OS#3249
* lapdm: cleanup: send_rslms_rll_l3_ui(): Use msgb_tv_push()Harald Welte2018-05-081-9/+5
| | | | | | | | This is a purely cosmetic clean-up to use the msgb_tv_push() API to pre-pend a Tag-Value IE to a msgb, rather than the existing open-coding approach. Change-Id: I19bbfa1e327a617685ed11d4182e533df33215cb
* add gsm0808 channel enum to IE val conversion functionsNeels Hofmeyr2018-05-082-0/+10
| | | | | | | | | | | | | | | | | Add: - gsm0808_current_channel_type_1() - gsm0808_permitted_speech() - gsm0808_chosen_channel() - gsm0808_channel_type_name() gsm0808_permitted_speech() is moved from osmo-bsc's bssap_speech_from_lchan(); gsm0808_chosen_channel() is moved from osmo-bsc's lchan_to_chosen_channel(); Rationale: will be re-used by inter-BSC handover, makes sense to keep with the other gsm0808 utils. Related: OS#2283 (inter-BSC handover, BSC side) Change-Id: I8a3cc5d4548e9a78d945d54c69ccced251edcec9
* lapdm: Implement SABM related constraintsHarald Welte2018-05-081-0/+45
| | | | | | | | | | * MO SAPI0 establishment *must always* have L3 payload for contention resolution * SAPI3 establishment *must never* use contention resolution * MT establish must never use contention resolution Change-Id: I8c2c103cdc7f9a45d7b2080c572f559fc3db58e4 Closes: OS#2370
* lapdm: Fix back-pointer from lapdm_entity to lapdm_channelHarald Welte2018-05-041-0/+2
| | | | | | | | It seems that during all those years it has never been noted that the back-pointer from the lapdm_entity to the lapdm_channel was never initialized. Let's fix that. Change-Id: Iaca66cd6a2c9f315561e365b51163927868fc346
* configure: Check separately for lib implementing dlopen and dlsymPau Espin Pedrol2018-05-041-1/+1
| | | | | | | | | | Sometimes the library probiding dlopen is not the same one providing dlsym. This is the case when compiling with AddressSanitizer enabled. In this case, AC_SEARCH_LIBS([dlopen]...) reports no lib is required, but tests using dlsym still require to link against -ldl. Change-Id: Ic619b0885688066b60c97caf1e2c7e5402c1d9f7
* control_if: Avoid heap-use-after-free in osmo_wqueue_bfd_cbPau Espin Pedrol2018-05-041-19/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Imagine following scenario: 1- client connects to CTRL iface, a new conn is created with POLL_READ enabled. 2- A non-related event happens which triggers a TRAP to be sent. As a result, the wqueue for the conn has now enabled POLL_WRITE, and message will be sent next time we go through osmo_main_select(). 3- At the same time, we receive the GET cmd from the CTRL client, which means POLL_READ event will be also triggered next time we call osmo_main_select(). 4- osmo_main_select triggers osmo_wqueue_bfd_cb with both READ/WRITE flags set. 5- The read_cb of wqueue is executed first. The handler closes the CTRL conn for some reason, freeing the osmo_fd struct and returns. 6- osmo_qeueue_bfd_cb keeps using the already freed osmo_fd and calls write_cb. So in step 6 we get a heap-use-after-free catched by AddressSanitizer: 20180424135406115 DLCTRL <0018> control_if.c:506 accept()ed new CTRL connection from (r=10.42.42.1:53910<->l=10.42.42.7:4249) 20180424135406116 DLCTRL <0018> control_cmd.c:378 Command: GET bts.0.oml-connection-state 20180424135406117 DLINP <0013> bts_ipaccess_nanobts.c:417 Identified BTS 1/0/0 20180424135406118 DNM <0005> abis_nm.c:1628 Get Attr (bts=0) 20180424135406118 DNM <0005> abis_nm.c:1628 Get Attr (bts=0) 20180424135406118 DCTRL <000e> osmo_bsc_ctrl.c:158 BTS connection (re)established, sending TRAP. 20180424135406119 DLCTRL <0018> control_if.c:173 close()d CTRL connection (r=10.42.42.1:53910<->l=10.42.42.7:4249) ================================================================= ==12301==ERROR: AddressSanitizer: heap-use-after-free on address 0x611000003e04 at pc 0x7f23091c3a2f bp 0x7ffc0cb73ff0 sp 0x7ffc0cb73fe8 READ of size 4 at 0x611000003e04 thread T0 #0 0x7f23091c3a2e in osmo_wqueue_bfd_cb /home/osmocom-build/jenkins/workspace/osmo-gsm-tester_build-osmo-bsc/libosmocore/src/write_queue.c:65 #1 0x7f23091ad5d8 in osmo_fd_disp_fds /home/osmocom-build/jenkins/workspace/osmo-gsm-tester_build-osmo-bsc/libosmocore/src/select.c:216 #2 0x7f23091ad5d8 in osmo_select_main /home/osmocom-build/jenkins/workspace/osmo-gsm-tester_build-osmo-bsc/libosmocore/src/select.c:256 #3 0x56538bdb7a26 in main /home/osmocom-build/jenkins/workspace/osmo-gsm-tester_build-osmo-bsc/osmo-bsc/src/osmo-bsc/osmo_bsc_main.c:532 #4 0x7f23077532e0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202e0) #5 0x56538bdb8999 in _start (/home/jenkins/workspace/osmo-gsm-tester_run-prod/trial-896/inst/osmo-bsc/bin/osmo-bsc+0x259999) Fixes: OS#3206 Change-Id: I84d10caaadcfa6bd46ba8756ca89aa0badcfd2e3
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-03 16:57:51 +0000