AgeCommit message (Collapse)AuthorFilesLines
2016-02-04sgsn_iu/libgtp: Update pdp context with new IP address after RAB assigndaniel/gprs-iuDaniel Willmann2-7/+7
In the IU case the RNC and ggsn communicate directly on the user plane. Since the IP address of the RNC is not known in our case (it sits behind the hnbgw) we need to update the PDP context with the new IP address after receiving the RAB assignment response (which includes the IP address).
2016-02-04sgsn_iu: Parse the RAB assignemnt response and get pdp ctx form itDaniel Willmann1-9/+26
The RAB assignment response includes the gtp teid that we sent along in the assignment request. Retrieve the correct pdp context from there and activate it.
2016-02-04sgsn: Add a function to return the pdp ctx for an mm ctx and teiDaniel Willmann2-1/+18
2016-02-04sgsn: Get gtp ip and teid from pdp context in gprs_iu_rab_act()Daniel Willmann2-7/+12
2016-02-04gprs_gmm: Apply the auth hack only for UTRAN_Iu RAN typeDaniel Willmann1-6/+7
Try to limit the effect 3G support has on the remaining code base. The sgsn test still fails, but at a later test.
2016-02-04tests/sgsn: Fix compilation of sgsn_testDaniel Willmann1-18/+40
The sgsn test still fails, but at least it is compiling again..
2016-02-04sgsn_libgtp: Use the address provided by the GGSN for RAB activationDaniel Willmann1-1/+3
2016-02-04gprs: Fix some misleading commentsDaniel Willmann2-3/+3
2016-02-04WIP: Wait for radio bearer before sending pdp context acceptDaniel Willmann2-12/+28
2016-02-04HACK: ranap_decode_rab_setupormodifieditemies crashes so disable itDaniel Willmann1-1/+2
2016-02-04sgsn_iu: RABAssignment response is an Outcome, not a Successful oneDaniel Willmann1-5/+7
2016-02-04gprs_gmm: Fix bit mask when determining update/attach typeDaniel Willmann1-2/+6
Bit 4 is reserved in 3GPP TS 04.08 so exclude it from the type. In 3GPP TS 24.008 it indicates if a follow-on request is pending by the MS, but only in Iu mode. According to the spec it is not required to react to that request with a follow-on proceed so this field can be ignored for now. See 3GPP TS 24.008 Ch. 4.4: "Unless it has specific permission from the network (follow-on proceed) the mobile station side should await the release of the RR connection used for a MM specific procedure before a new MM specific procedure or MM connection establishment is started." as well as Ch. "If the network wishes to prolong the RR connection to allow the mobile station to initiate MM connection establishment (for example if the mobile station has indicated in the LOCATION UPDATING REQUEST that it has a follow-on request pending) the network shall send "follow on proceed" in the LOCATION UPDATING ACCEPT and start timer T3255."
2016-02-04remove dead code from Makefile.amHarald Welte1-2/+0
2016-02-04WIP: Really ugly hacks to get up to (and including) PDP CTX ACTHarald Welte10-53/+216
2016-02-04add sgsn_iu.c that was missed in large WIP commitHarald Welte1-0/+425
2016-02-04rtp_proxy.c: Ensure msgb_alloc is large enough for largest AMR frameHarald Welte1-1/+1
In AMR 12.2 (mode 7), the actual RTP payload is 33 bytes. Howeerver, as we store the length of the (dynamically-sized) AMR payload in the first byte, our buffer needs at least 33+1 byte in size.
2016-02-04subscr_name(): Handle case for subscr == NULLHarald Welte3-6/+6
subscr_name() was called from several places: * either without a check for subscr being NULL, which for example was causing a segfault if we hand-over a channel before identifying the subscriber * or with an explicit NULL check and the ternary operator (?). We now simplify the code by checking for the NULL Subscriber in subscr_name() itself.
2016-02-04WIPHarald Welte1-1/+51
2016-02-04gprs_gmm.c: Preform LLME operations only if we have oneHarald Welte1-5/+7
In case the GMM message did not arrive over a Gb interface, there is no LLME (and thus the associated pointer is NULL). Don't try to perform operations on a NULL LLME.
2016-02-04gprs_gmm.c: Make TLLI handling specific to Gb interfaceHarald Welte1-36/+60
Soem of the operations we perform in the GMM layer are specific to the GPRS/EDGE radio access network and its Gb interface. Let's make them conditional to that in preparation of supporting an Iu interface.
2016-02-04gprs_gmm.c: Don't try to de-reference NULL mmctxHarald Welte1-0/+10
There was a comment in the code that certain GMM messages require a valid mmctx pointer. However, nothing actually checked if that pointer was in fact non-NULL. We plainly crashed if a MS would send us the wrong message in the wrong state.
2016-02-04rename gsm0408_gprs_rcvmsg() to gsm0408_gprs_rcvmsg_gb()Harald Welte3-4/+4
This is the entry point for GMM from Gb. We will create a new one for Iu, so let's be explicit rather than implicit.
2016-02-04prepare sgsn_mm_ctx for Gb and Iu mode (UMTS)Harald Welte7-60/+99
Let's explicitly mark those sgsn_mm_ctx members that apply for Gb mode and (upcoming) Iu mode, respectively.
2016-01-30gsm0408: Provide unique strings for the gsm 04.08 messageHolger Hans Peter Freyther7-63/+63
At Rhizomatica we see that some GSM 04.08 messages are leaked and have no other indication if that is Call Control, SMS or something else.
2016-01-28openbsc/README: some fixes, add CSCN and Iu*Neels Hofmeyr1-6/+10
OsmoNITB stated to include BTS, should be BSC. Reword some outdated statements. Add OsmoCSCN and mention IuCS and IuPS interfaces.
2016-01-28Add README.vty-testsNeels Hofmeyr1-0/+11
2016-01-28remove src/libgb/Makefile.amNeels Hofmeyr1-9/+0
libgb has been obsolete for years, but the is still there. src/ does not list it as a subdir, so it's just dangling legacy.
2016-01-28fix bsc_vty out: timeslot indented too deeply.Neels Hofmeyr10-543/+543
In 'show running-config', timeslot appears as a sub-element of rsl, but it is a direct child of trx. Fix the timeslot section in vty_out by removing one space of idention. Adjust various config examples. Rationale: it's not relevant for function, but confuses human operators. Fixing it will save the next hacker some time.
2016-01-26gprs: use libgtp cflagsAlexander Huemer1-1/+1
2016-01-23gtphub: Fix use after free on failureHolger Hans Peter Freyther1-1/+3
Even if fclose fails the stream is inaccessible and the second fclose might cause memory violation. Linux manpage says: Upon successful completion 0 is returned. Otherwise, EOF is returned and errno is set to indicate the error. In either case any further access (including another call to fclose()) to the stream results in undefined behavior. Fixes: CID#57958
2016-01-23db: Avoid undefined behavior when copying cm2/cm3 from the dbHolger Hans Peter Freyther1-2/+4
memcpy has both the source and destination marked as non-null and we were still passing NULL (with a zero size) to it. While this makes sense it violates the constraints of the function. Add the check to see if these values are NULL or not. +db.c:583:2: runtime error: null pointer passed as argument 2, which is declared to never be null + #0 0x40d7f7 in get_equipment_by_subscr (/home/builder/jenkins/workspace/Osmocom_Sanitizer/source/openbsc/openbsc/tests/db/db_test+0x40d7f7) + #1 0x40f6d2 in db_get_subscriber (/home/builder/jenkins/workspace/Osmocom_Sanitizer/source/openbsc/openbsc/tests/db/db_test+0x40f6d2) + #2 0x40bfaa in sms_from_result_v3 (/home/builder/jenkins/workspace/Osmocom_Sanitizer/source/openbsc/openbsc/tests/db/db_test+0x40bfaa) + #3 0x40c847 in update_db_revision_3 (/home/builder/jenkins/workspace/Osmocom_Sanitizer/source/openbsc/openbsc/tests/db/db_test+0x40c847) + #4 0x40cbc3 in check_db_revision (/home/builder/jenkins/workspace/Osmocom_Sanitizer/source/openbsc/openbsc/tests/db/db_test+0x40cbc3) + #5 0x40cf85 in db_prepare (/home/builder/jenkins/workspace/Osmocom_Sanitizer/source/openbsc/openbsc/tests/db/db_test+0x40cf85) + #6 0x406f18 in main /home/builder/jenkins/workspace/Osmocom_Sanitizer/source/openbsc/openbsc/tests/db/db_test.c:179 + #7 0x7fd625638a3f in __libc_start_main (/lib/x86_64-linux-gnu/ + #8 0x405598 in _start (/home/builder/jenkins/workspace/Osmocom_Sanitizer/source/openbsc/openbsc/tests/db/db_test+0x405598) + +db.c:590:2: runtime error: null pointer passed as argument 2, which is declared to never be null + #0 0x40da23 in get_equipment_by_subscr (/home/builder/jenkins/workspace/Osmocom_Sanitizer/source/openbsc/openbsc/tests/db/db_test+0x40da23) + #1 0x40f6d2 in db_get_subscriber (/home/builder/jenkins/workspace/Osmocom_Sanitizer/source/openbsc/openbsc/tests/db/db_test+0x40f6d2) + #2 0x40bfaa in sms_from_result_v3 (/home/builder/jenkins/workspace/Osmocom_Sanitizer/source/openbsc/openbsc/tests/db/db_test+0x40bfaa) + #3 0x40c847 in update_db_revision_3 (/home/builder/jenkins/workspace/Osmocom_Sanitizer/source/openbsc/openbsc/tests/db/db_test+0x40c847) + #4 0x40cbc3 in check_db_revision (/home/builder/jenkins/workspace/Osmocom_Sanitizer/source/openbsc/openbsc/tests/db/db_test+0x40cbc3) + #5 0x40cf85 in db_prepare (/home/builder/jenkins/workspace/Osmocom_Sanitizer/source/openbsc/openbsc/tests/db/db_test+0x40cf85) + #6 0x406f18 in main /home/builder/jenkins/workspace/Osmocom_Sanitizer/source/openbsc/openbsc/tests/db/db_test.c:179 + #7 0x7fd625638a3f in __libc_start_main (/lib/x86_64-linux-gnu/ + #8 0x405598 in _start (/home/builder/jenkins/workspace/Osmocom_Sanitizer/source/openbsc/openbsc/tests/db/db_test+0x405598)
2016-01-22gtphub: Make the two setter static as wellHolger Hans Peter Freyther1-2/+2
Same as with the previous gtphub commit. Make these static to deal with the new semantic of inline in gcc5.
2016-01-22dahdi: The driver has moved to libosmo-abisHolger Hans Peter Freyther1-1/+0
We can remove this check from openbsc as the handling is done in libosmo-abis.
2016-01-22gtphub: Fix compilation using gcc5Holger Hans Peter Freyther1-2/+2
The semantic of inline has changed and we need to make it static to not end up with undefined references.
2016-01-15tests/abis: fix format specifiersAlexander Huemer1-5/+5
2016-01-15tests/oap: depend on libgtpAlexander Huemer1-0/+4
exclude logic copied from src/gprs/
2016-01-15bsc/vty: Provide a hint of available inputHolger Hans Peter Freyther1-1/+1
2015-12-14gtphub VTY: add newlines to some VTY docs' final linesNeels Hofmeyr1-8/+8
2015-12-14gtphub VTY: fix doc strings for show cmdsNeels Hofmeyr1-7/+10
2015-12-14gtphub: Fix the VTY prompt to make the tests move forwardHolger Hans Peter Freyther1-1/+1
2015-12-14gtphub VTY test: use only Hofmeyr2-1/+26
Add a second example config file for gtphub so that the VTY test can use nonstandard ports. fix wrong index introduced by gtphub.Neels Hofmeyr1-1/+1
vty_app should reference osmo-nitb, but by adding gtphub, apps[-1] has changed. Use index 5, which won't change when adding further items.
2015-12-12indicate the GSM 04.08 channel mode in 'show lchan'Harald Welte1-0/+16
2015-12-12mncc: introduce 'struct gsm_mncc_bridge' for MNCC_BRIDGEHarald Welte3-8/+13
When a MNCC handler wants to issue the MNCC_BRIDGE primitive overt the MNCC interface, this was not possible so far via the MNCC socket. This primitive was so far only available from the internal MNCC handler, more or less by accident I suppose. The reason for this is in the way the array of two call references had been passed into mncc_tx_to_cc().
2015-12-12mncc.c: Convert mncc_names[] to 'struct value_string'Harald Welte2-70/+61
2015-12-08gtphub: log: limit length of hex dumps.Neels Hofmeyr2-4/+7
The debug log prints the received/sent bytes in hex. When this data surpasses the buffer size available for the log string (4096), the log is truncated and lacks a newline character. Limit the amount of dumped bytes to 1000. Sponsored-by: On-Waves ehi
2015-12-07gtphub: add VTY show for peers and peer stats.Neels Hofmeyr1-4/+119
Sponsored-by: On-Waves ehi
2015-12-07gtphub: improve handling of restarted peer.Neels Hofmeyr3-20/+60
Handle peer restart earlier, so that all the tunnels are deleted by the restart code path, instead of the first one being deleted due to reused TEI. That caused confusing logging messages. Also, when receiving Delete confirmations from the peer that didn't restart, don't complain about unknown peer, but acknowledge and remove the half invalidated tunnel. This means that the pending delete entry from the restart code path is not needed / not used, so don't bother to add pending delete entries upon peer restart. The test test_peer_restarted_reusing_tei() hits the situation where a tunnel is removed because of a reused TEI rather than the restart counter. Adjust the test to expect the "out-of-band" delete request earlier on, and to still see the half invalidated tunnel around. Enhance the test by adding the delete response from the peer that didn't restart, and add a final tunnels_are() verification. Sponsored-by: On-Waves ehi
2015-12-07gtphub: log most common message type names.Neels Hofmeyr1-14/+63
Sponsored-by: On-Waves ehi
2015-12-07gtphub: simplify/fix: one TEI mapping per tunnel.Neels Hofmeyr4-125/+144
Because the sender is known, one unique TEI per tunnel suffices to map the TEIs that the peers are sending to gtphub, instead of previously 4 (SGSN<->GGSN interaction on User and Ctrl plane, where each had an own unique TEI). Also, previously, a tunnel's endpoints should also have been checked against each other for TEI reuse, not only against the endpoints of other tunnels. This simplification fixes that problem for free. Thus simplify TEI reuse detection and improve VTY show readability and debugging. Adjust log and VTY output for tunnels. Adjust tests accordingly. Suggested-by: Holger Hans Peter Freyther <> Sponsored-by: On-Waves ehi