AgeCommit message (Collapse)AuthorFilesLines
2015-03-14debian: Move the package to multi-arch supportHolger Hans Peter Freyther5-11/+14
2015-02-25Fix the compilation on FreeBSD.Nikola Kolev6-0/+8
2015-02-25Fix typo.Nikola Kolev1-1/+1
2014-10-02build: remove all_includesJan Engelhardt6-6/+5
This variable is never set and could therefore be removed.
2014-10-02build: put dependency libraries in the right place in MakefilesJan Engelhardt3-4/+5
Libs must be in _LDADD/_LIBADD and not in _LDFLAGS.
2014-09-11build: rename INCLUDES to AM_CPPFLAGS in Makefile.am to avoid warningsMartin Hauke5-5/+5
2014-09-08Prepare new upstream release0.0.4Holger Hans Peter Freyther4-5/+11
2014-09-08misc: Ignore some build artefactsHolger Hans Peter Freyther1-0/+2
2014-08-29osmux: export OSMUX_BATCH_DEFAULT_MAXPablo Neira Ayuso2-4/+4
This allows you to set the default batch size when initializing the osmux input handle.
2014-08-28osmux: fix more leaks in osmux_xfrm_input() in the error pathPablo Neira Ayuso1-2/+10
Return 0 to the caller, which believes that we have put the message in the batch. But if it is malformed, silently release it.
2014-08-28osmux: stop batch timer in osmux_xfrm_input_fini()Pablo Neira Ayuso1-0/+1
Make sure we don't release a osmux handle with an armed batch timer. ==9753== Invalid read of size 4 ==9753== at 0x4043CA2: rb_first (rbtree.c:293) ==9753== by 0x403E172: osmo_timers_check (timer.c:256) ==9753== by 0x403E69E: osmo_select_main (select.c:124) ==9753== by 0x804EBD3: main (bsc_nat.c:1613) ==9753== Address 0x4302670 is 56 bytes inside a block of size 108 free'd ==9753== at 0x4023B6A: free (vg_replace_malloc.c:366) ==9753== by 0x40494CF: talloc_free (talloc.c:609) ==9753== by 0x40AB279: osmux_xfrm_input_fini (osmux.c:620) ==9753== by 0x80651FC: osmux_disable_endpoint (mgcp_osmux.c:96) ==9753== by 0x805CAFF: mgcp_release_endp (mgcp_protocol.c:1540) ==9753== by 0x805DD35: handle_delete_con (mgcp_protocol.c:1274) ==9753== by 0x805E998: mgcp_handle_message (mgcp_protocol.c:415) ==9753== by 0x804CFF1: mgcp_do_read (bsc_mgcp_utils.c:972) ==9753== by 0x403F96D: osmo_wqueue_bfd_cb (write_queue.c:48) ==9753== by 0x403E724: osmo_select_main (select.c:158) ==9753== by 0x804EBD3: main (bsc_nat.c:1613)
2014-08-28osmux: fix leaks in osmux_xfrm_input() error pathPablo Neira Ayuso1-7/+14
If it is not possible to put the RTP message into the batch in case that: 1) The message is malformed. 2) The message is duplicated. 3) OOM. 4) The batch is already full. Osmux releases the messages and gets back to the upper layer with an OK to give another chance to follow up RTP messages. This patch also fixes a use-after-free that was possible when the batch was full. The message was released and osmux_batch_add() was returning 0 osmux_xfrm_input(), which resulted in accessing the released message when updating the statistics.
2014-08-28osmux: fix osmux_xfrm_output() due to 62d8a18Pablo Neira Ayuso1-1/+1
Fix accidental inclusion of list_add in debugging message area in ("62d8a18 osmux: hide spamming debug log messages behind ifdef") that broke osmux.
2014-08-28osmux: more hide spamming debug logPablo Neira Ayuso1-0/+2
2014-08-28osmux: hide spamming debug log messages behind ifdefPablo Neira Ayuso1-8/+32
This is ugly, with many ifdefs, but they don't want any debug message that can be spamming. I don't want to remove these because there is no dissector for osmux, and this can be useful for troubleshooting.
2014-08-28osmux: add statistics to osmux_in_handle structPablo Neira Ayuso2-0/+15
Add statistics to the osmux input handle, which translates the RTP messages to osmux batch.
2014-08-28osmux: disable timing reconstruction debuggingPablo Neira Ayuso1-0/+3
Should be enabled only in case you consider that Osmux should is lagging when reconstructing RTP messages. I haven't seen any issue regarding this so far. Let's disable it by default.
2014-08-28osmux: allow to specify the osmux frame sizePablo Neira Ayuso2-6/+11
This patch adds a new field to the struct osmux_in_handle that allows you to specify the osmux frame size. If not specified, the default size assumes your nic uses a mtu of 1500 bytes.
2014-08-28osmux: fix leak in osmux_replay_lost_packets()Pablo Neira Ayuso1-2/+1
The original RTP header has been already sanity check. Therefore, we can assume the clone is sane.
2014-08-28osmux: revisit osmux_batch_enqueue() in case of batch fullPablo Neira Ayuso1-5/+12
1) Force batch delivery in case it is full. 2) Skip padding with more RTP clone in case of message lost if the batch is full.
2014-08-28osmux: add osmux_xfrm_input_fini()Pablo Neira Ayuso2-0/+13
To clean up the osmux input handle.
2014-08-26include: define OSMUX_ID_MAXPablo Neira Ayuso1-0/+1
This tells us the maximum osmux circuit ID.
2014-05-22misc: Fix distcheck and refer to the right file0.0.3Holger Hans Peter Freyther3-4/+5
2014-04-29misc: Ignore files that are generatedHolger Hans Peter Freyther2-1/+19
2014-04-28debian: Attempt to build a package with just the DSOHolger Hans Peter Freyther4-4/+5
Follow the debian rule to package the DSOs separately.
2014-04-28debian: Prepare a new debian release and bump SO versionHolger Hans Peter Freyther2-2/+9
2014-04-28debian: Update the changelogHolger Hans Peter Freyther1-1/+2
2014-04-25osmux: cleanup debugging messagePablo Neira Ayuso1-7/+2
Remove message that is printed twice and reword the messages to make it more clear the traffic flow when compressing and decompressing the RTP AMR traffic.
2014-04-25amr: make sure the header is packedPablo Neira Ayuso1-1/+1
2013-12-16osmux: (really) validate AMR FT fieldPablo Neira Ayuso1-10/+12
(dc898ab osmux: don't trust AMR FT field) was not correctly validating the AMR FT field as it was comparing the same value twice calculated in different ways. Use osmo_amr_bytes(amrh->ft) to obtain the expected length and check if it is what we got. Use the output of osmo_rtp_get_payload() as it also includes the RTP payload stripping possible extensions.
2013-12-16osmux: don't trust AMR FT fieldPablo Neira Ayuso1-1/+9
Sanity check that that we have enough bytes in the AMR payload for this frame-type.
2013-12-16osmux: limit RTP messages per batchPablo Neira Ayuso1-9/+38
The ctr field of the osmux header is 3 bits long, make sure we don't run over that boundary. This should not happen in practise unless we have to deal with network congestion or broken RTP stacks, but osmux should not crash in that case.
2013-12-16osmux: fix handling of old RTP messagesPablo Neira Ayuso1-1/+1
Make sure that osmux_replay_lost_packets() doesn't try to fill gaps if we see RTP messages whose sequence number is in the past.
2013-12-16tests: osmux: no need to skip RTP message anymorePablo Neira Ayuso1-6/+4
With the fan-out approach to test multi-batch added int (078d532 tests: osmux: test multi-batch support), this doesn't need the explicit skip as there are already gaps to be filled.
2013-12-16tests: osmux: test multi-batch supportPablo Neira Ayuso1-5/+9
Extend this to test multi-batch in one packet support, eg. OSMUX message (len=158) OSMUX seq=016 ccid=000 ft=1 ctr=6 amr_f=0 amr_q=1 amr_ft=02 amr_cmr=02 ff d4 f9 ff fb e7 eb f9 9f f8 f2 26 33 65 54 ff d4 f9 ff fb e7 eb f9 9f f8 f2 26 33 65 54 ff d4 f9 ff fb e7 eb f9 9f f8 f2 26 33 65 54 ff d4 f9 ff fb e7 eb f9 9f f8 f2 26 33 65 54 ff d4 f9 ff fb e7 eb f9 9f f8 f2 26 33 65 54 ff d4 f9 ff fb e7 eb f9 9f f8 f2 26 33 65 54 ff d4 f9 ff fb e7 eb f9 9f f8 f2 26 33 65 54 ]OSMUX seq=017 ccid=001 ft=1 ctr=2 amr_f=0 amr_q=1 amr_ft=02 amr_cmr=02 ff d4 f9 ff fb e7 eb f9 9f f8 f2 26 33 65 54 ff d4 f9 ff fb e7 eb f9 9f f8 f2 26 33 65 54 ff d4 f9 ff fb e7 eb f9 9f f8 f2 26 33 65 54 ]
2013-12-15osmux: pass rtp header to osmux_batch_add()Pablo Neira Ayuso1-7/+3
This patch is a cleanup. Pass the pointer to the header, so we don't need to obtain it from the message buffer again.
2013-12-15osmux: fix handling of too big RTP message in osmux_xfrm_input()Pablo Neira Ayuso1-1/+1
With this patch, osmux_xfrm_input() returns 0 (means "message has been processed") instead of 1 (means "retry") if the RTP message is too big to fit into one osmux batch. This fixes a likely infinite loop in the caller, which will retry forever for a message does not fit into the batch. Unlikely to happen in normal scenario, as RTP+AMR messages are way smaller than the interface MTU.
2013-12-15debian: New package time for the bug fixesHolger Hans Peter Freyther1-1/+2
2013-12-14amr: use AMR_FT_MAX instead of hardcoded numberPablo Neira Ayuso1-1/+1
Use AMR_FT_MAX instead of 9. This patch is a cleanup.
2013-12-14osmux: don't print messages with wrong AMR FTPablo Neira Ayuso1-0/+6
The AMR FT field is used to infer the length of the payload, if a value higher than 8 (SID) is received, skip it. This fixes a possible crash in osmux_snprintf() in case we receive a malformed osmux header. This is also addresses the crash described in c733ae5b6e.
2013-12-14osmux: fix crash in osmux_snprintf when handling multi-batch messagesPablo Neira Ayuso1-2/+3
valgrind reports the following crash backtrace: !<001c> osmux.c:687 No room for OSMUX payload: only 49 bytes ==12800== ==12800== Process terminating with default action of signal 11 (SIGSEGV) ==12800== Access not within mapped region at address 0xDFA8E473 ==12800== at 0x4073FD2: osmux_snprintf (osmux.c:628) ==12800== by 0x80524F1: osmux_deliver (osmux.c:50) ==12800== by 0x407371C: osmux_xfrm_input_deliver (osmux.c:302) ==12800== by 0x4073792: osmux_batch_timer_expired (osmux.c:312) ==12800== by 0x405A4A0: osmo_timers_update (timer.c:243) ==12800== by 0x405A79A: osmo_select_main (select.c:133) ==12800== by 0x8049A53: main (mgcp_main.c:307) The problem is that osmux_snprintf() is not handling multi-batch messages (ie. messages that contain several osmux batches). More specifically, the offset to print the osmux batches was reset when parsing every osmux batch. The problem also manifested with wrong outputs. Reported by Mattias Lundstrom.
2013-12-13debian: Bump version to build new test packagesHolger Hans Peter Freyther1-1/+2
2013-12-13osmux: delete message from output list before calling tx_cbPablo Neira Ayuso1-2/+1
Valgrind complains about a possible use after free: ==12800== Invalid read of size 4 ==12800== at 0x4073DF6: osmux_tx_sched (linuxlist.h:119) ==12800== by 0x8052B0F: osmux_read_from_bsc_nat_cb (osmux.c:261) ==12800== by 0x453F967: ??? ==12800== Address 0x453f710 is 48 bytes inside a block of size 145 +free'd ==12800== at 0x402750C: free (vg_replace_malloc.c:427) ==12800== by 0x4064ADE: talloc_free (talloc.c:609) ==12800== by 0x405AAAA: msgb_free (msgb.c:72) ==12800== by 0x8052492: scheduled_tx_bts_cb (osmux.c:196) ==12800== by 0x4072CF8: osmux_tx_cb (osmux.c:554) ==12800== by 0x4073F03: osmux_tx_sched (osmux.c:582) ==12800== by 0x8052B0F: osmux_read_from_bsc_nat_cb (osmux.c:261) ==12800== by 0x453F967: ??? The problem is that osmux_tx_sched may immediately call osmux_tx_cb for the first extracted RTP message from the osmux batch, which releases the message after that. Remove the message from our list of messages to be transmitted before the message is passed to the tx callback. Reported by Mattias Lundstrom.
2013-12-12debian: Enable hardening for the libosmo-netif packageHolger Hans Peter Freyther1-0/+2
2013-11-15debian: Build a newer version of the natHolger Hans Peter Freyther1-1/+8
2013-11-15misc: Ignore files generated by autotestHolger Hans Peter Freyther1-0/+3
2013-09-12osmux: add artificial limit for cloned RTP packetsPablo Neira Ayuso1-0/+4
Avoid spamming lots of cloned RTP packets in case of severe gaps.
2013-08-27osmux: sanity check too big RTP/RTCP messages as inputPablo Neira Ayuso1-0/+6
Holger spotted that the caller may loop forever in case it receives big RTP/RCTP packets, that are likely to be spoofed.
2013-08-25ipa_unit: use talloc_strdupPablo Neira Ayuso1-12/+12
Reported by Holger.
2013-05-27tests: osmux-test: double timing validation thresholdPablo Neira Ayuso1-1/+1
Double timing validation to avoid hitting errors easily.