AgeCommit message (Collapse)AuthorFilesLines
2016-11-26Replace local make_sock() function with libosmocore osmo_fd_init_ofd()laforge/coverityHarald Welte7-147/+40
The local 'make_sock()' function should have been deprecated since 2011, when we started to have general socket related utility functions in libosmocore. Fixes: Coverity CID 57645 Change-Id: I2329da82d2b6612e281086ca67c7836b97e03d3d
2016-11-26libmsc/db: Prevent subscr->extension without NULL terminationHarald Welte1-1/+3
Change-Id: Ic1ae7b2d9dde8dab8f7795e5baa8918424f5f393 Fixes: Coverity CID 57622
2016-11-26channel_mode_from_lchan(): Add missing break statementHarald Welte1-0/+1
GSM48_CMODE_DATA_6k0 was not properly terminated and thus resulted in a bug. Change-Id: I4000f06d0b49c4afb0446beddd150521c4ba3cf0 Fixes: Coverity CID 148207
2016-11-26gsm0408_test.c: Don't pass negative value to strerror()Harald Welte1-1/+1
Change-Id: I4fcf24ec1bc974a3189486d2372b9713d7fdab70 Fixes: Coverity CID 135192
2016-11-26bsc_vty: Fix missing break statements in switch()Harald Welte1-0/+2
Change-Id: Ifd48e8d56c845603d320748144b4d7c3c24022a0 Fixes: Coverity CID 135188 Fixes: Coverity CID 135190
2016-11-26cfg_bts_si2quater_neigh_add(): Don't call strerror() on negative valueHarald Welte1-1/+1
Change-Id: I1300eede3f22df812b7e83902327ce4cde21aa35 Fixes: Coverity CID 135185
2016-11-26mgcp_protocol: Ensure we don't call strtok_r with NULL dataHarald Welte1-0/+1
Change-Id: I1dce4df6a49fe95db592b0598194e3a8b8b1b994 Fixes: Coverity CID 135181
2016-11-26bsc_ctrl: Ensure we don't pass NULL string into strtok_r()Harald Welte1-0/+1
Change-Id: I03bea132377c0136b55b6fdad99a5d92da12e692 Fixes: Coverity CID 135180
2016-11-26sgsn_test: Fix missing = in == type checkHarald Welte1-1/+1
Change-Id: I696a7d25d2f4d19922e05a7e83c4aeec5c44fb07 Fixes: Coverity CID 135156
2016-11-26abisip-find: check bsc_fd_register() resultHarald Welte1-1/+5
Change-Id: I72d713725d287d32ec90506099751aeb9b15ef15 Fixes: Coverity CID 70462
2016-11-26mgcp_network.c: Use libosmocore socket functionsHarald Welte1-23/+4
Use libosmocore osmo_sock_init_ofd() in mgcp_create_bind(), rather than using a hand-coded version using OS socket functions. The locally implemented verison of the code didn't check setsockopt() return value. Change-Id: I1de4de12245847a6d30d1bf7c91dc813d2178dee Fixes: Coverity CID 57646
2016-11-26bsc_msc.c: Check setsockopt() return valueHarald Welte1-1/+7
Change-Id: I79a8fe9c025772e51560503504f517485b0ace34 Fixes: Coverity CID 57644
2016-11-26abis_nm: ceck fseek() return code in is_last_line()Harald Welte1-1/+3
Change-Id: I8ed4e703625c9da959e0938cd1eb3f0c73a2d4d0 Fixes: Coverity CID 57643
2016-11-26ipaccess-proxy: Check setsockopt() return valueHarald Welte1-1/+7
Change-Id: I34b082907b6f0b25fe2779f3a1f0a642a9002664 Fixes: Coverity CID 57642
2016-11-26ipaccess-config: Handle setsockopt return valueHarald Welte1-1/+6
Change-Id: I8c2082f9a9c865cc663ad2abb63ee0f70914dabe Fixes: Coverity CID 57640
2016-11-26Fix possible non-null-terminated bufferHarald Welte1-0/+1
Change-Id: I22100c260856991b9a836135b3650e5b8c5449ca Fixes: Coverity CID 57623
2016-11-26libmsc/db: avoid subscr->name without terminating NULL charHarald Welte1-1/+3
Change-Id: Ic8944ac4c5e940c9d835c52f1701461f274238db Fixes: Coverity CID 57621
2016-11-26abis_nm: Fix non-null terminated bufferHarald Welte1-0/+1
Unrealistic case (filename of 4096 bytes) Change-Id: Icf7b835f9edaf66976556fce1e9e0f66aa2010bc Fixes: Coverity CID 57620
2016-11-26abis_nm: Fix possible not-null-terminated bufferHarald Welte1-0/+1
Unrealistic case with file name of 4096 bytes length. Change-Id: I503200b879b854cf2dc218d5fe3059a555732d92 Fixes: Coverity CID 57619
2016-11-24move to libcommon-cs: gsm48_create_mm_serv_rej(), gsm48_create_loc_upd_rej()Neels Hofmeyr3-34/+34
Used by libbsc, libmsc as well as osmo-bsc and osmo-bsc_nat. Moving gsm48_create* to libcommon-cs affects linking of osmo-bsc_nat, resulting in undefined references to gsm48_extract_mi() and gsm48_paging_extract_mi(); fix that by placing libfilter.a left of libbsc.a upon linker invocation. Change-Id: I212c2567b56191022b683674c1c4daf842839946
2016-11-24move to libcommon-cs: net init 3: actual moveNeels Hofmeyr15-35/+84
Reincarnate gsm_network_init() as the parts not specific to libbsc. Move from bsc_network_init() those bits that are not BSC specific (and useful for upcoming osmo-cscn). Add libcommon-cs to all linkages that use gsm_network_init(). Note: the only requirement to allow linking gsm_network_init() without libbsc is to keep the call to gsm_net_update_ctype() out of libcommon-cs. The other items are kept out of libcommon-cs because it makes sense semantically. But the separation is not strong in that the BSC specific data members are of course still omnipresent in struct gsm_network. If bsc_network_init() is not called, these are not initialized properly -- for now no users of uninitialized members exist. So this is just a first step towards a sensible split of the BSC and MSC gsm_network structs. The long term aim should be to have entirely separate structs with some common general items. Change-Id: If06316b97002390dc9a434686750cb96193ea63b
2016-11-24move to libcommon-cs: net init 2: move bsc_network_init decl to new .hNeels Hofmeyr9-8/+17
bsc_network_init() is more fit to live in a BSC specific header, move it to new common_bsc.h. It will probably also absorb the BSC-specific part of gsm_network in the future. Adjust header includes across the board. Particularly, fix abis_nm.h by explicitly including gsm_data.h: it so far relied on other headers to do that, which now is no longer always given. Change-Id: I9edfb1e748bb1cb484fadd48b0406f5b3098e89b
2016-11-24move to libcommon-cs: net init 1: rename to bsc_network_initNeels Hofmeyr7-8/+10
The gsm_network_init() function initializes a whole lot of BSC specific stuff. Aiming to move some of it to libcommon-cs, first rename it to bsc_network_init(). This will retain the BSC specific stuff when the move is done. Adjust all callers. Future: osmo-cscn will call the more generic part and not the BSC specific part. Change-Id: I4816ae19374390fc5c64972f7cad2e9ec3d8bcc3
2016-11-24define mncc_recv_cb_t to avoid code dupNeels Hofmeyr5-7/+13
Put mncc_recv_cb_t in common_cs.h to avoid header include complications: if placing right above struct gsm_network, one must include gsm_data.h to use mncc_recv_cb_t as function parameter in a header, which will include gsm_data_shared.h, which will include common_cs.h (future knowledge). Since I will need to use mncc_recv_cb_t in common_cs.h, including gsm_data.h from there would introduce an #include loop. Avoid that and define mncc_recv_cb_t in common_cs.h to begin with. Change-Id: I2e64cffa563750ce9f3172ffba6f9cf5b9280e9c
2016-11-24Add empty libcommon-csNeels Hofmeyr7-0/+62
This will gradually soak up code shared by libbsc and libmsc. Change-Id: If34e2bd38a099d0799238337468d56e0305ab8ae
2016-11-23Add support for pdpctx_timer_stopPravin Kumarvel1-1/+10
Timer T3395 starts at the transmission of Deactivate PDP request using pdpctx_timer_start but there was no corresponding stop function. The timer is stopped when Deactivate PDP Context Accept is received. This according to 3gpp spec reference 24.008 section Change-Id: I825c0a47d39e784dd1b8251f564609262530a5c6
2016-11-18ussd: Add band-aid for interrogationSSHolger Hans Peter Freyther3-12/+20
This is a speculative change for interrogateSS and by not answering the request the radio connection would remain open long. The SS/USSD code is from a time where none of knew much about GSM. We do not support SS but should reject it. We have checked for an empty string in the text field to guess if it is a result/release to not send more information. The right way forward is to decode the ASN1 into the fields REQUEST/RESULT(last). Fix an issue and make the code worse. Assume ss_code > 0 to see if this is a interrogate invoke. The issue is that code 0 is a well defined value but unlikely to be used. MAP ASN1 definition: SS-Code ::= OCTET STRING (SIZE (1)) -- This type is used to represent the code identifying a single -- supplementary service, a group of supplementary services, or -- all supplementary services. The services and abbreviations -- used are defined in TS 3GPP TS 22.004 [5]. The internal structure is -- defined as follows: -- -- bits 87654321: group (bits 8765), and specific service -- (bits 4321) allSS SS-Code ::= '00000000'B Change-Id: Ib0dc4485388f030eb172fe21f5327b7ab94751f5
2016-11-17Correct Logging macro for pdpctx_timer_startPravin Kumarvel1-1/+1
This commit corrects the Logging macro used in pdpctx_timer_start. Change-Id: Id4e3a7fb934ed82af8096fda9ddd3f4550e05844
2016-11-16OM2000: Fix missing dynamic TCH initializationHarald Welte1-0/+12
When OM2000 has confirmed that a TS is started, call dyn_ts_init() on the timeslot to start the processing for fully dynamic (osmocom style) TCH/F_TCH/H_PDCH. This should in turn trigger the activation of idle timeslots as PDCH until we want to allocate any of them for TCH/F or TCH/H. Change-Id: I1a1fd61d6afd85449cacad4bacfb830252dab6b1
2016-11-16OM2000: Add three IEs to TCH activation about which we have no clueHarald Welte1-0/+4
Change-Id: Ie3067606033e894c558659ddf0025d01b8198cf9
2016-11-16rsl: support for ericssons propritary SI13 formatPhilipp1-2/+11
Ericsson has introduced a propritary format to issue the S13 BCCH information. Normally the system info type field for SI13 would be encoded as 0x28. Ericsson encodes that field as 0x02 and ads a bcch mapping parameter, (IEI=F2) This patch sets the BCCH mapping to 0x00 (=BCCH Normal) statically (0xF200) The new constands are added to libosmocore, see commit: f0f9c8c29daaefbf9cff19177ade4a13ffb2e36c Change-Id: Ie0900f9b810744172b3090ce1b0ef7b7a1132946
2016-11-16OM2000: Fixup based on Coverity Scan suggestionPhilipp1-2/+2
This commit fixes Coverity Scan defect: CID 151901: Insecure data handling (TAINTED_SCALAR) Passing tainted variable "tag_len" to a tainted sink. Change-Id: Ic71ed6a3bbb228bc03e95bfc4a6f5fe09cf5a021
2016-11-16rbs2000: Add missing bts feature definitionsPhilipp1-0/+2
function bts_model_rbs2k_start() in bts_ericsson_rbs2000.c lacks the feature definition for GPRS and EGPRS. Change-Id: I777a67862084aa6cca39cfc43f5708e47608b0e6
2016-11-15abisip-find: use protocol constantMax1-2/+2
Use library define instead of directly using hardcoded value. Change-Id: Ie9b8bc55bf40cf005434f27e205d47ffab959413
2016-11-15SNDCP: Fixup based on Coverity Scan suggestionPhilipp1-1/+1
This commit fixes Coverity Scan defect: CID 151900: Null pointer dereferences (FORWARD_NULL) Passing null pointer "comp_field->v42bis_params->nsapi" to "memcpy", which dereferences it. Change-Id: Iff83e21168a267dd4b4c401ab7c603e029b3ac39
2016-11-15test/gbproxy: Test for possible memory corruption when link_info is freedDaniel Willmann2-0/+276
This test is to trigger the use-after free issue in commit bff7b0d80972. If compiled with address-sanitizer the test will abort without the fix. Change-Id: I5e8c6626ba43342740f08d699383bdded739079f Ticket: OW#3049 Sponsored-by: On-Waves ehf
2016-11-15gbproxy: Check whether gbproxy_update_link_state_after() deletes the link_infoDaniel Willmann3-13/+27
In case the link_info is deleted we have to stop handling the stored messages inside link_info. Not doing so can lead to invalid memory being accessed. Change-Id: Ieb8503e9e94e7a5ac450ad8aa1713ec4f21cdea5 Ticket: OW#3049 Sponsored-by: On-Waves ehf
2016-11-13OM2000: CON MO: Allow larger range for CCP and CI valuesHarald Welte1-2/+2
it seesm more recent RBS2000 models have much larger CCP and CI value ranges than those of older models. Change-Id: Ib116c1fac901b293929fce34223d1fd0af15d2bc
2016-11-13Support configuration of CON MO Groups/Paths from VTYHarald Welte5-69/+235
The code for supporting the configuration of the OM2000 CON (LAPD Concentrator) MO was so far incomplete and not used from the OM2000 FSM initialization. This patch adds * VTY commands for configuration of CON Groups and Paths * The FSM integration to actually configure the CON MO Change-Id: I56dc1b5e35adef3a2078bcf9536537eb0f454192
2016-11-11RBS2000: Ensure the is-connection-list command is only used on RBS2000Harald Welte1-0/+6
... and not on other BTS models. Change-Id: I8882ca9a9ab974b0bbdcbd5c3bab0eadf4bc0927
2016-11-11RBS2000: Avoid segfault if ts->lapd instance doesn't existHarald Welte1-0/+2
This happens e.g. with DAHDI driver, when the DAHDI device cannot be opened. Let's not prematurely seg-fault early in the RBS2000 signal handler, but take the proper error handlign for this. Change-Id: I9223fb1568d3db7e278f07240c4be334c6602a13
2016-11-11bs11_config: remove compiler waring about unused variableHarald Welte1-2/+2
bs11_config.c:78:22: warning: ‘too_fast’ defined but not used [-Wunused-const-variable=] static const uint8_t too_fast[] = { 0x12, 0x80, 0x00, 0x00, 0x02, 0x02 }; ^~~~~~~~ Change-Id: I1fdb9645128c2dfeb489bf75e89ab0adea919d2b
2016-11-11talloc_cxt: Fix compiler warning / missing #includeHarald Welte1-0/+1
talloc_ctx.c: In function ‘talloc_ctx_init’: talloc_ctx.c:40:2: warning: implicit declaration of function ‘msgb_talloc_ctx_init’ [-Wimplicit-function-declaration] msgb_talloc_ctx_init(ctx_root, 0); ^~~~~~~~~~~~~~~~~~~~ Change-Id: Ib8ebc02d5cf0d2b4019473d3750ae7c6f8a32896
2016-11-10OM2000: disallow ip.access style TCH/F_PDCH pchan typeNeels Hofmeyr1-0/+9
For TCH/F_PDCH, return an invalid chan comb (0) and print an error message that hints at the proper pchan type to use instead: TCH/F_TCH/H_PDCH Change-Id: Ibe0f944573f0a6d1be4bf7cf4986c4b2b3bd6d0d
2016-11-10OM2000: for TS conf of dyn TS, always send TCH/F chan combNeels Hofmeyr1-5/+1
When OM2K sets up the timeslots with the BTS, the dynamic channel state is not yet resolved to any particular pchan type. Instead of using the dyn state, always advertise dynamic timeslots as pchan2comb(TCH/F). In the past, the Ericsson dynamic timeslots were handled as pchan type TCH/F_PDCH. This is a mistake, as this pchan type is intended for the ip.access dynamic PDCH way of dynamic channels. In any case, in the initial state of this pchan type, the timeslot was initialized as pchan2comb(TCH/F) because the ts->flags do not reflect an active PDCH yet. In short, this patch does not change the behavior of TCH/F_PDCH timeslots, only clarifies it. It would in fact make sense to disallow use of TCH/F_PDCH for OM2K, but that should probably be a separate patch. The proper pchan to use for Ericsson dynamic timeslots is TCH/F_TCH/H_PDCH. These do not use ts->flags, but ts->dyn.* as state, which first reflects pchan_want == pchan_is == GSM_PCHAN_NONE. Hence the timeslot was initialized by OM2K as pchan type zero, which is unknown / invalid. So, instead of using pchan_is, which is not yet reflecting anything meaningful, always initialize as TCH/F chan comb, as Ericsson hardware apparently expects it. Change-Id: If0693f7c5c85977b0e4acbc701ee5d635434d0d1
2016-11-10fix use after free in bsc_config_freeNeels Hofmeyr1-1/+1
talloc_free the cfg only after asserting num_bsc count sanity. This caused a failure in the 'bsc-nat' test with -fsanitize build. Should fix the Osmocom_Sanitizer build on Change-Id: Ic20aacaccffcaa58ccec6d24c884727dc1bc50e6
2016-11-09OM2000: Throw error when MO can not be enabledPhilipp1-0/+10
Throw warning message in case the MO state does not change to enabled after sendeing an Enable-Request message. Change-Id: Idfde8d6f71526e8acfea51835732515a4bee858e
2016-11-09om2000: added support for ericssons sabm negotiationPhilipp1-0/+3
This patch adds support for ericssons sambm negotiation. This patch depends on libosmo-abis commit: 2788c7eacab91cd39d68e316fc8ee87763bbfeb4 Change-Id: I56b1c1cef07a61143fc0e8058480805cddfeff96
2016-11-09OM2000: Add fault report parsingPhilipp1-1/+129
This patch adds parsing for OM2000 MO fault report map parsing, the bits in the fault maps are counted out and displayed. Change-Id: I6e2928f39b09bc08e9ab78bc10bc81e07f7eb55d
2016-11-09RBS2000: re-establish any lost signalling linksHarald Welte1-0/+12
Contrary to standard A-bis, in the RBS2000 case the BSC connects the signalling data links (LAPD) to the BTS. In case one of them drop, we need to attempt to re-establish them. This requires libosmo-abis with Change-Id I07f0f79e0cda09766f357032ffb4e7ad643d448a Change-Id: I710b5af5d0acbdd3febd314849340f2adb7abd80