| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the past, the function ipa_ccm_idtag_parse() was used to parse
the payload of IPA CCM ID RESP packets. However, the function was
based on a possible misunderstanding of the message encoding, and
callers actually counted the first (upper) length nibble as part
of the header and passed a pointer to the second
(lower) length nibble of the first TLV into this function. As such,
it was unfixable, and had to be replaced with a new function called
ipa_ccm_id_resp_parse(). At the same time, we also add
ipa_ccm_id_get_parse() to parse the slightly different format of
the IPA CCM ID GET payload.
We can never be 100% sure what is "correct", as our understanding
of the protocol is entirely based on protocol analysis, without any
official documentation available.
This patch also introduces unit test coverage for both of the new
functions.
Revert "ipa: Add libosmogsm.map entry for ipa_ccm_idtag_parse_off"
This reverts commit 7f31c90b80c08fbfe2d84d70d397402fdb38b94c.
Revert "ipa: Properly parse LV stream of a ID_GET request"
This reverts commit f558ed4bb9c0f00997b8f97c2b251a574c1a64c4.
It introduced a function/behavior that was not originally intended:
The parse of IPA CCM ID GET (8bit length followed by 1 byte tag
and variable-length payload) instead of the IPA CCM ID RESP (16bit
length followed by 1 byte tag and variable-length payload).
Change-Id: I1834d90fbcdbfcb05f5b8cfe39bfe9543737ef8f
|
| |
|
|
| |
Change-Id: I1ebeba2067549e0dd1541fa84715d44321ff3b43
|
| |
|
|
|
|
|
| |
As oap_client has moved from osmo-sgsn to libosmogsm, it is only fair
that the related unit test shall also be moved here.
Change-Id: I9d64e10b4bacac9b530cf077841bad762fc6d558
|
| |
|
|
|
|
|
| |
This buffer verifies that all XMAXC fields must be zero before the
entire buffer is considered as silent by osmo_ecu_fr_conceal().
Change-Id: I14a192d001b5e167437cedbe76a1a3dd84dde35c
|
| |
|
|
|
|
|
| |
This makes it easy to debug how XMAXC fields are decreased every
iteration in osmo_ecu_fr_conceal().
Change-Id: I678d4be5e0b15b05873b0d3bf5ea5bbee7bef839
|
| |
|
|
|
|
|
|
|
| |
This came from osmo-bsc refactoring patch I82e3f918295daa83274a4cf803f046979f284366
https://gerrit.osmocom.org/#/c/osmo-bsc/+/9671/6/src/osmo-bsc/gsm_data.c@1708
Add regression test in utils_test.c.
Change-Id: I1f2918418c38918c5ac70acaa51a47adfca12b5e
|
| |
|
|
|
|
|
| |
Recent OS#3407 shows that we should verify stderr to catch sanitizer failures.
(They might not always be ignorable like that one.)
Change-Id: Ic9e437a1cc96ae081e0fd6a9b6e3156987e14c0c
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Multiplying the uint16_t x by itself seems to default to be calculated in
int32_t range, while it obviously needs uint32_t. This causes sporadic
sanitizer barfs:
Testing integer square-root
utils_test.c:445:18: runtime error: signed integer overflow: 60369 * 60369 cannot be represented in type 'int'
The final result is still correct, because it is in fact interpreted as uint32_t.
Cast to uint32_t to make sure the sanitizer doesn't complain.
Related: OS#3407
Change-Id: I83c14e38deaa466d977ee43c9420534ed90f090d
|
| |
|
|
| |
Change-Id: I3c8e95aaa1ca222d4cd1395e548f8461bf9d4cd6
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
vty_test: add test against ambiguous cmd causing use-after-free and memory
leaks. Add this test along with the fix, because the new test triggers the
memory use-after-free and leaks, causing build failures.
Add cmd_deopt_with_ctx() to allow passing a specific talloc ctx.
is_cmd_ambiguous(): keep all cmd_deopt() allocations until the function exits.
Add a comment explaining why. Before this, if a command matched an optional
"[arg]" with square brackets, we would keep it in local var 'matched', but we
would free the string it points to at the end of that loop iteration; upon
encountering another match, we would attempt to strcmp against the freed
'matched'. Instead of adding hard-to-read and -verify free/alloc dances to keep
the 'matched' accurately freed/non-freed/..., just keep all cmd_deopt() string
allocated until done.
Needless to say that this should have been implemented on a lower level upon
inventing optional args, but at least this is fixing a program crash.
Related: OS#33903390
Change-Id: Ia71ba742108b5ff020997bfb612ad5eb30d04fcd
|
| |
|
|
|
|
|
|
|
|
|
| |
The conv_gen.py utility was tested against both Python 2 and 3,
so there is no need to enforce Python 2. Also, having:
#!/usr/local/bin/python{2|3}
is a bad idea, because Python may be installed in a different location.
Change-Id: I6007d481047b584db13d6eda70fb99f11f9ddaa1
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This function can be used when there is only a part of GSM 04.80
message available - Facility IE, e.g. when a message is carried
over GSUP/MAP. Let's expose it.
Refactoring includes the following:
- adding the 'gsm0480_' prefix;
- correcting inverted return value;
- cosmetic code style changes.
Change-Id: I623c39ffbe6cdee65eade8435a2faa04d0da193e
|
| |
|
|
|
|
|
|
| |
In some cases, there is no need to parse the whole message,
e.g. during the conversion from DTAP to GSUP/MAP. This
function can be used to extract given IE from a message.
Change-Id: I3989d061903352473305f80712f1a1560d05df3d
|
| |
|
|
| |
Change-Id: I2b96db6e037e72e92317fec874877e473a1cf909
|
| |
|
|
| |
Change-Id: I3c0e53b846b2208bd201ace99777f2286ea39ae8
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to be able to transfer SS/USSD messages via GSUP,
this change introduces the following new message types:
- OSMO_GSUP_MSGT_PROC_SS_*,
and the following new IE:
- OSMO_GSUP_SS_INFO_IE
which represents an ASN.1 encoded MAP payload coming to/from
the mobile station 'as is', without any transcoding.
Change-Id: Ie17a78043a35fffbdd59e80fd2b2da39cce5e532
Related: OS#1597
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Unlike TCAP/MAP, GSUP is just a transport layer without the
dialogue/context. This prevents us from having session based
communication, required e.g. for USSD. But we can emulate
TCAP dialogue by adding additional IEs, which would allow
to relate each message to a particular session.
This change introduces the following IEs:
- OSMO_GSUP_SESSION_ID_IE,
- OSMO_GSUP_SESSION_STATE_IE,
which optionally can be used to indicate that the message is
related to a session with given ID, and to manage session
state, i.e. initiate, continue, and finish.
Change-Id: I1cee271fed0284a134ffed103c0d4bebbcfde2a8
Related: OS#1597
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
of 64 bits
Fixes following AddressSanitizer report during gea_test run with gcc
8.1.0:
==8899==ERROR: AddressSanitizer: dynamic-stack-buffer-overflow on address 0x7ffc5f1719bb at pc 0x7fe574adc5fe bp 0x7ffc5f171460 sp 0x7ffc5f171450
WRITE of size 1 at 0x7ffc5f1719bb thread T0
#0 0x7fe574adc5fd in osmo_store64be_ext ../../include/osmocom/core/bit64gen.h:75
#1 0x7fe574adc649 in osmo_store64be ../../include/osmocom/core/bit64gen.h:104
#2 0x7fe574ade936 in _kasumi_kgcore libosmocore/src/gsm/kasumi.c:186
#3 0x7fe574ae2532 in gea4 libosmocore/src/gsm/gea.c:44
#4 0x7fe574ae266c in gea3 libosmocore/src/gsm/gea.c:60
#5 0x7fe574a9b616 in gprs_cipher_run libosmocore/src/gsm/gprs_cipher_core.c:95
#6 0x56422d3fb2ee in test_gea libosmocore/tests/gea/gea_test.c:29
#7 0x56422d3fb506 in main libosmocore/tests/gea/gea_test.c:49
#8 0x7fe5730f406a in __libc_start_main (/usr/lib/libc.so.6+0x2306a)
#9 0x56422d3fadf9 in _start (libosmocore/tests/gea/.libs/lt-gea_test+0x1df9)
The kasumi_test is updated to calculate the entire array of bits
according to expected result. Before this commit it worked by writing
the entire last 64bit block, and addressSanitizer cannot catch it
because the allocated buffer is 64bit aligned too.
Change-Id: I7b2a0224a3b5527d5a3ad7e17efc73081b63eac1
|
| |
|
|
|
|
|
|
| |
Before this patch, osmo_hexdump is called stacked in th esame printf
function. As a result, the first returned buffer is overwriten by the
second, which means the printed buffers will show as the same always.
Change-Id: I364328a59da31537c6c9b969e34edd360b685081
|
| |
|
|
|
|
| |
Expect key sizes for GEA are 64-128 bits.
Change-Id: Iaf81992a2901733b630e3046b0c4bdc1fb9a8ace
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes following AddressSanitizer report:
==1983==ERROR: AddressSanitizer: dynamic-stack-buffer-overflow on address 0x7ffc245f47e6 at pc 0x7f3e2deea68c bp 0x7ffc245f4750 sp 0x7ffc245f4740
WRITE of size 1 at 0x7ffc245f47e6 thread T0
#0 0x7f3e2deea68b in osmo_nibble_shift_right libosmocore/src/bits.c:92
#1 0x55c01902e1ab in sh_chk libosmocore/tests/bits/bitrev_test.c:215
#2 0x55c01902ed8f in main libosmocore/tests/bits/bitrev_test.c:305
#3 0x7f3e2c93006a in __libc_start_main (/usr/lib/libc.so.6+0x2306a)
#4 0x55c01902c059 in _start (libosmocore/tests/bits/.libs/lt-bitrev_test+0x5059)
This patch can be seen as a follow-up of commit
4fd6023b0383e7efa3b7b0211104a86ff5d3d4f6, which already fixed the
left-shift case in the same way.
Change-Id: I6e86d0164b7e982bf7b7449d5b3abfb3e1e5da46
|
| |
|
|
|
|
|
|
|
|
| |
Sometimes the library probiding dlopen is not the same one providing
dlsym.
This is the case when compiling with AddressSanitizer enabled. In this
case, AC_SEARCH_LIBS([dlopen]...) reports no lib is required, but tests
using dlsym still require to link against -ldl.
Change-Id: Ic619b0885688066b60c97caf1e2c7e5402c1d9f7
|
| |
|
|
| |
Change-Id: Ia0afecafa8862ffbe2af3c86e5552673f0935eb0
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
In recent Iaa20c59f624fbdc69a018cabd0f7e9c5a1389519 I fixed one missing init
issue and didn't notice the N other similar ones right next to it. Also fix the
remaining missing inits.
Fixes:
../../../../src/libosmocore/src/gsm/gsm0808_utils.c:187:8: runtime error: load of value 13, which is not a valid value for type '_Bool'
../../../../src/libosmocore/src/gsm/gsm0808_utils.c:191:8: runtime error: load of value 119, which is not a valid value for type '_Bool'
Related: OS#3148
Change-Id: Ie8a1a9b3132024135ca70390eae4d21c907b2edc
|
| |
|
|
|
|
|
|
|
|
| |
3GPP TS 48.058 has a very clear definition of which messages are
"transparent" and hence have the T-bit == 1. This is *not* just
all RLL messages, but basically only RLL_DATA.{ind,req} and
RLL_UNITDATA.{ind,req}. All other messages are non-transparent.
Change-Id: I9f83654af189d818563d799bf623325b7fee8e70
Closes: OS#3188
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Provide comprehensive API to obtain string representations of Cell Identifiers
and -Lists.
Change gsm0808_test.c to use the new functions (which simplifies the output a
bit), so that we don't duplicate printing code in gsm0808_test.c, and so that
the not-so-trivial printing code is also tested.
In gsm0808_test, also test gsm0808_cell_id_list_name_buf()'s return value and
truncation behavior.
The rationale for gsm0808_cell_id_list_name(), i.e. printing an entire list of
cell identifiers, is that even though the maximum is 127 elements, a list of
more than a few elements is hardly ever expected in practice (even more than
one element isn't actually expected: either "entire BSS" or a single LAC). It
is thus useful to log the entire list when it shows up in Paging and Handover.
Change-Id: I9b2106805422f96c5cc96ebb9178451355582df3
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The uninitialized members of enc_sc sporadically hit address sanitizer failure
during gsm0808_test, like:
../../../../src/libosmocore/src/gsm/gsm0808_utils.c:187:8: runtime error: load of value 13, which is not a valid value for type '_Bool'
../../../../src/libosmocore/src/gsm/gsm0808_utils.c:191:8: runtime error: load of value 119, which is not a valid value for type '_Bool'
How the test survived so long is a mystery to me; as soon as some uninitialized
members would by coincidence not be zero, the test should always have failed at
OSMO_ASSERT(memcmp(&enc_sc, &dec_sc, sizeof(enc_sc)) == 0).
Related: OS#3148
Change-Id: Iaa20c59f624fbdc69a018cabd0f7e9c5a1389519
|
| |
|
|
| |
Change-Id: I7535166a2827c03a954fe72d5d99217e4f25868f
|
| |
|
|
| |
Change-Id: I81b1ffbe6a5ec566c112492c2cbaf99c018c45bb
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Clarify semantics and micro-optimise for the case of single Cell Identifer IEs.
Test in gsm0808_test.c
So far we have gsm0808_enc_cell_id_list2(), but there also exist instances of
single Cell Identifiers (3GPP TS 48.008 3.2.2.17).
It is possible to decode the same using the cell identifier list API, but this
forces the caller to also keep a full struct gsm0808_cell_id_list2 with all its
127 entries around.
E.g. for handover, there are two Cell Identifiers (Serving and Target); I'd
need two full cell id lists for each, and these would be dynamically allocated
for each handover operation, whether it uses them or not.
Related: OS#2283 (inter-BSC HO, BSC side)
Change-Id: I9f9c528965775698ab62ac386af0516192c4b0cc
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allow passing multiple struct tlv_parsed in an array, to allow parsing as many
repeated IEs as are expected by the caller.
From tlv_parse(), call tlv_parse2() with dec_multiple = 1 to yield the previous
behavior. tlv_parse() remains valid API.
An example of multiple IEs is the BSSMAP Handover Request, containing Cell
Identifier (Serving) and Cell Identifier (Target), both defined by 3GPP TS
48.008 3.2.2.17 with identical IE tags; both are mandatory.
Related: OS#2283 (inter-BSC HO, BSC side)
Change-Id: Id04008eaf0a1cafdbdc11b7efc556e3035b1c84d
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This will be used by the upcoming neighbor_ident API in osmo-bsc, where the vty
interface allows composing neihbor BSS cell identifier lists, and we want to
allow adding individual items from individual user commands.
It will also be useful to accumulate cell identifiers in case a subscriber sees
multiple alternative cells from a neighboring BSS, and we want to pass these on
to the MSC in a Handover Required.
Related: OS#2283 (inter-BSC HO, BSC side)
Change-Id: I5781f5fa5339c92ab2e2620489b002829d206925
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the osmo-msc, I would like to set the subscr conn FSM identifier by a string
format, to include the type of Complete Layer 3 that is taking place. I could
each time talloc a string and free it again. This API is more convenient.
From osmo_fsm_inst_update_id(), call osmo_fsm_inst_update_id_f() with "%s" (or
pass NULL).
Put the name updating into separate static update_name() function to clarify.
Adjust the error message for erratic ID: don't say "allocate", it might be from
an update. Adjust test expectation.
Change-Id: I76743a7642f2449fd33350691ac8ebbf4400371d
|
| |
|
|
|
|
|
|
|
| |
On erratic id in osmo_fsm_inst_update_id(), don't say "Attempting to allocate
FSM instance".
Escape the invalid id using osmo_quote_str().
Change-Id: I770fc460de21faa42b403f694e853e8da01c4bef
|
| |
|
|
|
|
|
|
|
|
| |
Since alloc relies on osmo_fsm_inst_update_id() to set the name, never skip
that.
In osmo_fsm_inst_alloc(), we allow passing a NULL id, and in
osmo_fsm_inst_update_id(), we set the name without id if id is NULL.
Change-Id: I6d6b09a811b82770818f19b189a57d9fc4a8133b
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Place id and name testing in its separate section, test_id_api().
Add a test that actually allocates an FSM instance with a NULL id, which is
allowed, but uncovers a bug of an unset FSM instance name. osmo_fsm_inst_name()
falls back to the fsm struct's name on NULL, but osmo_fsm_inst_find_by_name()
fails to match if the instance's name is NULL (and until recently even
crashed). Show this in fsm_test.c with loud comments.
Add test to clear the id by passing NULL.
Add test for setting an empty id.
Add test for setting an invalid identifier (osmo_identifier_valid() == false).
Change-Id: I646ed918576ce196c395dc5f42a1507c52ace2c5
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In fsm_test.c, we have FSM instance cleanup after the select main loop, but we
exit(0) in the timer cb; hence the final code is never called.
Rather clean up the instance and hence also test that, by using a global flag
to exit the main loop upon timeout.
Adjust expected stderr output.
BTW, in a subsequent commit, I want to move the fsm instance id testing to
below the main loop, to more clearly group the tested bits.
Change-Id: Ia47811ffcc1bd68d2630c86be7ab98fc1f338773
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rationale: with osmo_escape_str(), you get the escaped contents of the string,
but not so graceful handling of NULL strings. The caller needs to quote it, and
for NULL strings not quote it.
osmo_quote_str() is like osmo_escape_str() but always quotes a non-NULL string,
and for a NULL string returns a literal NULL, i.e. it should (tm) give the
exact C representation of a string.
That's useful in testing, to show exactly what char* situation we have, without
jumping through hoops like
if (str)
printf("\"%s\"", osmo_escape_str(str, -1));
else
printf("NULL");
Copy the unit test for osmo_escape_str() and adjust. To indicate that the
double quotes are returned by osmo_quote_str(), use single quotes in the test
printf()s.
I considered allowing to pick the quoting characters by further arguments, but
that complicates things: we'd need to escape the quoting characters. Just
hardcode double quotes like C.
Change-Id: I6f1b3709b32c23fc52f70ad9ecc9439c62b02a12
|
| |
|
|
|
|
|
|
| |
Ironically, when deprecating osmo_init_logging() in
I216837780e9405fdaec8059c63d10699c695b360, I forgot to change the callers
within libosmocore itself, i.e. in the various regression tests.
Change-Id: Ia36c248f99353d5baaa2533f46a2f60a8579bdf8
|
| |
|
|
|
|
|
| |
Add logging to root ctx, add msgb ctx to root ctx, free wqueue to simulate the
msgb being sent, and assert final talloc size.
Change-Id: Ief3d5e7b6c4d781b3854e230e45a67d5281b94cd
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The CTRL interface has a ctrl_cmd_def_* API that allows deferring a CTRL
command reply until later. However, the command handling currently fails to
acknowledge this and deallocates the struct ctrl_cmd anyway.
Fix: in struct ctrl_cmd, add a defer pointer to be populated by
ctrl_cmd_def_make(). A cmd thus marked as deferred is not deallocated at the
end of command handling. This fix needs no change in calling code.
(Another idea was to return a different code than CTRL_CMD_HANDLED when the
command is to be deferred, but that would require adjusting each user of
ctrl_cmd_def_make(). The implicit marking is safer and easier.)
Show that handling deferred commands is fixed by adjusting the expectations of
ctrl_test.c's test_deferred_cmd() and removing the now obsolete exit_early
label.
One symptom of the breakage is that osmo-bts-sysmo crashes when asked to report
a trx's clock-info, which is aggravated by the fact that the sysmobts-mgr does
ask osmo-bts-sysmo for a clock-info.
The crash appears since Id583b413f8b8bd16e5cf92a8a9e8663903646381 -- it looked
like just fixing an obvious memory leak, which it did as shown by the unit
test, but deferred ctrl commands actually relied on that leak. Both fixed now.
Related: OS#3120
Change-Id: I24232be7dcf7be79f4def91ddc8b8f8005b56318
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Handling a deferred command currently deallocates the struct ctrl_cmd upon
exiting the initial command handling, while it should actually stay around for
the asynchronous/deferred handling of the ctrl command.
Show the current bug by means of a ctrl test. The test will be adjusted to
expect the correct result when the bug is fixed in a subsequent commit
(I24232be7dcf7be79f4def91ddc8b8f8005b56318).
Change-Id: Ibbc847fc583bdd8e5e53a008258805e634ea12b4
|
| |
|
|
|
|
|
| |
Recent commit I77cd4b9142510c6914298b720d9c19ab68f9ebef left an obsolete
assertion around. It is already done in the if-body now.
Change-Id: I1bb2ea363e8a9d86b24338df3584abc93ebc6dd4
|
| |
|
|
|
|
|
|
|
| |
Use non-deprecated API to decode encode in gsm0808_enc_cell_id_list2().
Adjust gsm0808_test.c to now expect the correct results instead of previous
failure.
Change-Id: I1ce78883995e0d484368046b69db5afb2b4adc97
|
| |
|
|
| |
Change-Id: I763b18d2922701ad97382269747ff0cbb7bd657b
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The test currently sets the MCC by a hex value, which is a weird choice. The
MCC gets BCD'd and hence we will see the decimal values 1:1 in the encoded
octets as hex digits. Using hex as input obscures that:
Right now it sets mcc = 0x123, which is actually 291 in decimal, and we hence
see "92 .1" in the expected BCD result. Using 0x124 in the test source actually
makes it hard to see where the 0x123 went.
Change the MCC to decimal notation (123, 124, 125) and adjust the expected
encoded output.
Change-Id: I973835c54a90fefe50d2b3581324d12556715f58
|
| |
|
|
|
|
|
|
|
|
|
| |
I am |
