AgeCommit message (Collapse)AuthorFilesLines
2016-12-09Fix TCH/F_PDCH: no need to check ts subslots for PDCHNeels Hofmeyr1-0/+7
For TCH/F_PDCH in PDCH mode, directly return the lchan to use, in order to switch it to TCH/F. To check the pchan type in chan_alloc.c, make ts_pchan() public in gsm_data_shared.h. Commit c3f72f63afde926dfc46827d6880055597515fb6 broke TCH/F_PDCH, as a fallout of setting the GSM_PCHAN_PDCH subslots number to 0. This is sane and correct, but the chan_alloc code failed to see a ts as available if it has no subslots. Explanation: _lc_find_trx() checks each timeslot. For normal, static TCH timeslots we determine the number of logical subslots contained and check whether one of them is free. For dynamic TS, we can do the same when in TCH mode, but when in PDCH mode, we already know that it is available for immediate switchover for voice and hence can return it right away. TCH/F_TCH/H_PDCH already has a special check for that. TCH/F_PDCH doesn't, but this worked for TCH/F_PDCH as long as ts_subslots() returned 1 for PDCH: the for-loop at the bottom of _lc_find_trx() checked one subslot, which succeeded on an lchan in PDCH mode, since PDCH lchans are always marked type == NONE and state == NONE. Now we more accurately acknowledge that a PDCH timeslot has zero subslots and that a dynamic timeslot in PDCH mode can always be switched to voice immediately, without checking lchan type or state. So, above mentioned commit set PDCH to zero subslots, and the for-loop to check the (zero) subslots never ran and hence never returned the lchan. This fix adds a special condition for TCH/F_PDCH in PDCH mode, same as TCH/F_TCH/H_PDCH. (Todo: ts_pchan() can probably be used in other places as well to remove some code dup. Leaving that for another patch.) Fixes: OS#1868 Change-Id: I5d555d018a5bcb8d948e54059d32ec4c9b3070d0
2016-12-09cosmetic: chan_alloc: use switch instead of if-cascadeNeels Hofmeyr1-9/+12
Preparing cosmetically for a subsequent commit which will add another pchan kind to be checked, rather use a "switch (pchan) {}". Also reverse one if() branch to "early-exit" style. Change-Id: Ie5eb0fa859c4f225616095dc56d52ce0f2dc8bdc
2016-12-09Replace duplicated code with macro callMax1-10/+10
Use already defined GSM48_LEN2PLEN for computing SI length. Change-Id: I2020417119c844b886f89e34dbfd75e716743dc4
2016-12-09lchan release in error state: SACCH deact only for SACCH pchansNeels Hofmeyr3-2/+17
This is useful particularly in case where we deactivate PDCHs which don't have a SACCH associated. The existin code would always attempt to deactivate a SACCH even in those cases, leading to the BTS responsding with related error messages. Change-Id: Iaf46782329b38ba8f3d438e6c75c2d467b852734
2016-12-05LLC: Fixup element order in LLC-XIDPhilipp1-2/+2
When the LLC-XID request is constructed the order of the elements in the TLV structure is reversed. This is in theory not a problem, but differs from what we know from our practical experience. This commit fixes the problem. Change-Id: I1d71c947350d3c5a85ff36b71c1b8f036071d162
2016-12-02abis_om2k: fix typo that declared non-existent struct gsm_bts_trx_sNeels Hofmeyr1-1/+1
The typo was recently committed in 80ccb952676cb4a068410991c5d53d19f228f695, "OM2000: Fix missing dynamic TCH initialization" Change-Id: I8e3eec8cf63494962fa31d85a0ec9db9a9e5df46
2016-12-02gsm_subscriber_connection: mark BSC specific itemsNeels Hofmeyr1-6/+6
This is intended to prepare for splitting gsm_subscriber_connection into BSC and MSC specific structs, to make the splitting patch more readable. Change-Id: Ib9666225fb9bfec2cf1e364343560571869fe6a7
2016-12-02osmo-nitb: exit when MNCC socket init failedNeels Hofmeyr1-3/+7
Change-Id: Icef97bb5da9840b810fe6f4b4da6abd4baa66915
2016-12-02split subscr_con_allocate()/_free() in bsc_ and msc_Neels Hofmeyr7-13/+42
Rename current subscr_con_allocate() and subscr_con_free to bsc_*, and add two separate msc_subscr_con_allocate() and _free(). The msc_subscr_con_free() ignores all lchan members. In libbsc use bsc_*, in libmsc use msc_*. Change-Id: I3cf7c7cafdf4672ec7b26058bba8a77159855257 Future: there will be distinct subscr conns for libbsc and libmsc.
2016-12-02move to libcommon-cs: net timezone VTY configNeels Hofmeyr2-64/+64
Leave the timezone VTY output in libbsc's config_write_net(), until the BSC/MSC separation of struct gsm_network is completed. Change-Id: I9712b2e07b4f1ab8d2e4ad40a8d771e98ed25b20
2016-12-02Move timezone settings up to network levelNeels Hofmeyr9-99/+98
Time zone used to be configurable per-BTS. In the upcoming MSC-split, no BTS structures will be available on the MSC level. To simplify, drop the ability to manage several time zones in a core network and place the time zone config on the network VTY level, i.e. in gsm_network. If we are going to re-add fine grained time zone settings, it should probably be tied to the LAC. Adjust time zone VTY config code (to be moved to libcommon-cs in subsequent commit). Adjust time zone Ctrl Interface code. Change-Id: I69848887d92990f3d6f969be80f6ef91f6bdbbe8
2016-12-02reinvent connection_for_subscr() and move to libmscNeels Hofmeyr3-35/+14
Implement connection_for_subscr() from a completely different angle: instead of looking up lchans in bts structs, look up the subscriber in the global list of gsm_subscriber_connection. static lchan_find() is thus obsoleted. All callers of connection_for_subscr() live in libmsc, so move to libmsc. The move and edit are done in a single commit since the old and new implementation have nothing in common. Future: osmo-cscn will use this, without bts being present. Remove implementation of connection_for_subscr() from channel_test.c -- it is possible that the abort() in there was intended for a regression test, but actually it seems the implementation was merely added for linking reasons, and the abort() added to guard against the NULL return value: no comment nor the commit log indicate that the abort() is test critical; the addition was the only change in channel_test.c for that commit; at the same time a connection_for_subscr() call was added in libmsc. Change-Id: I5e0ba0ecf1726ebd540800f4e98fdfc937c904ff
2016-12-02bsc vty: rename show_net_cmd to bsc_show_net_cmdNeels Hofmeyr1-2/+2
Future: there will be an MSC-land show-net-cmd, so rename to something with bsc in its name. Change-Id: Ifb86698cd57a09f03b935b6d3fcea87eff4cd397
2016-12-02move to libcommon-cs: network VTY that isn't BSC-specificNeels Hofmeyr3-194/+211
Keep only BSC specific bits of the 'network' VTY node in bsc_vty.c, move more general VTY commands to common_cs_vty.c. Add arg to common_cs_vty_init() to pass a config_write_net() function. Pass a libbsc specific config_write_net() function. Future: upcoming omso-cscn will re-use the VTY bits moved to libcommon-cs and pass a different config_write_net() function. Change-Id: I871b7b32a0c56fdce983e409cf244ec487d24e71
2016-12-02move to libcommon-cs: global vty gsm_network pointerNeels Hofmeyr3-17/+32
Move gsmnet_from_vty() and the bsc_gsmnet global to common_cs_vty.c. Rename bsc_gsmnet to vty_global_gsm_network and make it static to common_cs_vty.c, to clearly mark the global variable for VTY use only. Introduce common_cs_vty_init() to set vty_global_gsm_network. Change-Id: I26c5c47de08f899b896813d09612d5cb2f8e42d6
2016-12-02global gsm_network: move allocation further upNeels Hofmeyr2-23/+25
Now that bsc_network_alloc() is separate, move it to before the VTY init (a subsequent patch will pass the gsm_network instance as a parameter to vty_init()). bsc_hack.c: drop the comment that says about the VTY init: "This needs to precede handle_options()" -- it is not accurate. Actually move the handle_options() above both vty_init() and the bsc_network_alloc() calls, to be able to decide which mncc callback to pass to bsc_network_alloc. It would make sense to set this later on, but that would require further refactoring of the bsc_network_init() and gsm_network_init() signatures, so not in this patch. Change-Id: Ie6a7037e703b5a2d08ceeb20d35f197aaddc9d1b
2016-12-02split bsc_bootstrap_network() in alloc and configNeels Hofmeyr4-13/+33
For patch clarity, keep some code dup to be removed in a subsequent patch. In the same sense don't change the fact that mncc_sock_init()'s return value is ignored. The global gsm_network instance 'bsc_gsmnet' is basically only used by the VTY, and a future patch will "hide" that global in a vty .c file. In a nutshell, I want to - first allocate a gsm_network, - then initialize the VTY passing the gsm_network pointer, - and then read the config file using the initialized VTY. So far, bsc_bootstrap_network() allocates the gsm_network and reads the config file right away, which only works by sharing the extern bsc_gsmnet pointer, which I would like to uncouple. Change-Id: I480a09a31a79766ad07b627dd5238b7e37f3be7a
2016-12-02tests: drop unused libmsc, unneeded duplicate libbsc linkingNeels Hofmeyr3-5/+0
Because of libcommon-cs, tests/gsm0408,subscr,trau no longer need libmsc. Change-Id: I9073eba41a1cd3136ed7a9def6fe8aaf282eaa18
2016-12-02sms_next_rp_msg_ref(): use direct pointer to next_rp_ref counterNeels Hofmeyr6-43/+20
libbsc and libmsc will have separate subscriber connection structs. Hence don't rely on gsm_subscriber_connection, but work on a direct pointer to the counter for the next RP reference. The only very thin function in gsm_04_11_helper.c thus becomes obsolete: drop the entire file. Change-Id: I2a2e9ba6a981a385d1f8f07acbe03536ffed0072
2016-12-02factor out & introduce struct gsm_encr, in common_cs.hNeels Hofmeyr2-6/+11
Factor out encryption info from struct gsm_lchan as struct gsm_encr, placed in common_cs.h. Change-Id: I94015fb9dd511c37c1e3058a0963c780b3f700ac Future: this will be used by libmsc's subscriber connection, for osmo-cscn.
2016-12-02factor out gen of USSD notify and release complete to libosmocoreNeels Hofmeyr10-38/+64
Both libmsc and libbsc will need distinct gsm0480_send_ussdNotify() and gsm0480_send_releaseComplete() functions, since there will be distinct subscriber connection structs. Rename to msc_send_ussd_notify() and msc_send_ussd_release_complete(), and add the same in libbsc with bsc_ prefix in new file gsm_04_80_utils.c. In preparation of this patch, the message generation part of these functions has been added to libosmocore as gsm0480_create_ussd_notify() and gsm0480_create_ussd_release_complete(). Use these. Adjust all libmsc and libbsc callers according to use the msc_* or bsc_* implementation, respectively. Change-Id: I33a84e3c28576ced91d2ea24103123431f551173
2016-11-28IuPS: properly update ra_id on GMM Attach RequestNeels Hofmeyr1-4/+2
For new MM contexts, the ra_id was correctly obtained from the ue_ctx, but in case an MM ctx is re-used and the ra_id changed, the new ra_id was not copied to the MM context; instead, the ra_id was overwritten with uninitialized data. Always initialize the local ra_id variable from the ue_ctx->ra_id for Iu connections; it is used further below to update the ctx->ra_id. For the case of a brand new Iu MM ctx, the ctx->ra_id then gets initialized a second time. We could technically drop the init in sgsn_mm_ctx_alloc_iu(), but it doesn't hurt either way. Fixes: CID#57936 Change-Id: Ia06458758362e76925690b1757d8ced95e9609e4
2016-11-27sndcp: fixup for coverity scan defect CID 149097Philipp2-0/+2
Coverity scan detects a Null pointer deref (FORWARD_NULL) in gprs_sndcp_comp.c: 67 in gprs_sndcp_comp_create(). The reason for this is that gprs_sndcp_dcomp_init() and also gprs_sndcp_pcomp_init() rely on the comp_entity->algo algo flag. If the program logic is correct a null pointer deref should never occur. This commit adds OSMO_ASSERT() statements to ensure a null pointer deref is catched if if the ...comp_init() functions are used with incorrect parameters. Change-Id: I7748f06d1739a697edad5100a031e5aa1ef11ed1
2016-11-26bsc_msc.c: Check setsockopt() return valueHarald Welte1-1/+7
Change-Id: I79a8fe9c025772e51560503504f517485b0ace34 Fixes: Coverity CID 57644
2016-11-26abis_nm: ceck fseek() return code in is_last_line()Harald Welte1-1/+3
Change-Id: I8ed4e703625c9da959e0938cd1eb3f0c73a2d4d0 Fixes: Coverity CID 57643
2016-11-26ipaccess-proxy: Check setsockopt() return valueHarald Welte1-1/+7
Change-Id: I34b082907b6f0b25fe2779f3a1f0a642a9002664 Fixes: Coverity CID 57642
2016-11-26ipaccess-config: Handle setsockopt return valueHarald Welte1-1/+6
Change-Id: I8c2082f9a9c865cc663ad2abb63ee0f70914dabe Fixes: Coverity CID 57640
2016-11-26Fix possible non-null-terminated bufferHarald Welte1-0/+1
Change-Id: I22100c260856991b9a836135b3650e5b8c5449ca Fixes: Coverity CID 57623
2016-11-26libmsc/db: avoid subscr->name without terminating NULL charHarald Welte1-1/+3
Change-Id: Ic8944ac4c5e940c9d835c52f1701461f274238db Fixes: Coverity CID 57621
2016-11-26abis_nm: Fix non-null terminated bufferHarald Welte1-0/+1
Unrealistic case (filename of 4096 bytes) Change-Id: Icf7b835f9edaf66976556fce1e9e0f66aa2010bc Fixes: Coverity CID 57620
2016-11-26abis_nm: Fix possible not-null-terminated bufferHarald Welte1-0/+1
Unrealistic case with file name of 4096 bytes length. Change-Id: I503200b879b854cf2dc218d5fe3059a555732d92 Fixes: Coverity CID 57619
2016-11-24move to libcommon-cs: gsm48_create_mm_serv_rej(), gsm48_create_loc_upd_rej()Neels Hofmeyr3-34/+34
Used by libbsc, libmsc as well as osmo-bsc and osmo-bsc_nat. Moving gsm48_create* to libcommon-cs affects linking of osmo-bsc_nat, resulting in undefined references to gsm48_extract_mi() and gsm48_paging_extract_mi(); fix that by placing libfilter.a left of libbsc.a upon linker invocation. Change-Id: I212c2567b56191022b683674c1c4daf842839946
2016-11-24move to libcommon-cs: net init 3: actual moveNeels Hofmeyr15-35/+84
Reincarnate gsm_network_init() as the parts not specific to libbsc. Move from bsc_network_init() those bits that are not BSC specific (and useful for upcoming osmo-cscn). Add libcommon-cs to all linkages that use gsm_network_init(). Note: the only requirement to allow linking gsm_network_init() without libbsc is to keep the call to gsm_net_update_ctype() out of libcommon-cs. The other items are kept out of libcommon-cs because it makes sense semantically. But the separation is not strong in that the BSC specific data members are of course still omnipresent in struct gsm_network. If bsc_network_init() is not called, these are not initialized properly -- for now no users of uninitialized members exist. So this is just a first step towards a sensible split of the BSC and MSC gsm_network structs. The long term aim should be to have entirely separate structs with some common general items. Change-Id: If06316b97002390dc9a434686750cb96193ea63b
2016-11-24move to libcommon-cs: net init 2: move bsc_network_init decl to new .hNeels Hofmeyr9-8/+17
bsc_network_init() is more fit to live in a BSC specific header, move it to new common_bsc.h. It will probably also absorb the BSC-specific part of gsm_network in the future. Adjust header includes across the board. Particularly, fix abis_nm.h by explicitly including gsm_data.h: it so far relied on other headers to do that, which now is no longer always given. Change-Id: I9edfb1e748bb1cb484fadd48b0406f5b3098e89b
2016-11-24move to libcommon-cs: net init 1: rename to bsc_network_initNeels Hofmeyr7-8/+10
The gsm_network_init() function initializes a whole lot of BSC specific stuff. Aiming to move some of it to libcommon-cs, first rename it to bsc_network_init(). This will retain the BSC specific stuff when the move is done. Adjust all callers. Future: osmo-cscn will call the more generic part and not the BSC specific part. Change-Id: I4816ae19374390fc5c64972f7cad2e9ec3d8bcc3
2016-11-24define mncc_recv_cb_t to avoid code dupNeels Hofmeyr5-7/+13
Put mncc_recv_cb_t in common_cs.h to avoid header include complications: if placing right above struct gsm_network, one must include gsm_data.h to use mncc_recv_cb_t as function parameter in a header, which will include gsm_data_shared.h, which will include common_cs.h (future knowledge). Since I will need to use mncc_recv_cb_t in common_cs.h, including gsm_data.h from there would introduce an #include loop. Avoid that and define mncc_recv_cb_t in common_cs.h to begin with. Change-Id: I2e64cffa563750ce9f3172ffba6f9cf5b9280e9c
2016-11-24Add empty libcommon-csNeels Hofmeyr7-0/+62
This will gradually soak up code shared by libbsc and libmsc. Change-Id: If34e2bd38a099d0799238337468d56e0305ab8ae
2016-11-23Add support for pdpctx_timer_stopPravin Kumarvel1-1/+10
Timer T3395 starts at the transmission of Deactivate PDP request using pdpctx_timer_start but there was no corresponding stop function. The timer is stopped when Deactivate PDP Context Accept is received. This according to 3gpp spec reference 24.008 section Change-Id: I825c0a47d39e784dd1b8251f564609262530a5c6
2016-11-18ussd: Add band-aid for interrogationSSHolger Hans Peter Freyther3-12/+20
This is a speculative change for interrogateSS and by not answering the request the radio connection would remain open long. The SS/USSD code is from a time where none of knew much about GSM. We do not support SS but should reject it. We have checked for an empty string in the text field to guess if it is a result/release to not send more information. The right way forward is to decode the ASN1 into the fields REQUEST/RESULT(last). Fix an issue and make the code worse. Assume ss_code > 0 to see if this is a interrogate invoke. The issue is that code 0 is a well defined value but unlikely to be used. MAP ASN1 definition: SS-Code ::= OCTET STRING (SIZE (1)) -- This type is used to represent the code identifying a single -- supplementary service, a group of supplementary services, or -- all supplementary services. The services and abbreviations -- used are defined in TS 3GPP TS 22.004 [5]. The internal structure is -- defined as follows: -- -- bits 87654321: group (bits 8765), and specific service -- (bits 4321) allSS SS-Code ::= '00000000'B Change-Id: Ib0dc4485388f030eb172fe21f5327b7ab94751f5
2016-11-17Correct Logging macro for pdpctx_timer_startPravin Kumarvel1-1/+1
This commit corrects the Logging macro used in pdpctx_timer_start. Change-Id: Id4e3a7fb934ed82af8096fda9ddd3f4550e05844
2016-11-16OM2000: Fix missing dynamic TCH initializationHarald Welte1-0/+12
When OM2000 has confirmed that a TS is started, call dyn_ts_init() on the timeslot to start the processing for fully dynamic (osmocom style) TCH/F_TCH/H_PDCH. This should in turn trigger the activation of idle timeslots as PDCH until we want to allocate any of them for TCH/F or TCH/H. Change-Id: I1a1fd61d6afd85449cacad4bacfb830252dab6b1
2016-11-16OM2000: Add three IEs to TCH activation about which we have no clueHarald Welte1-0/+4
Change-Id: Ie3067606033e894c558659ddf0025d01b8198cf9
2016-11-16rsl: support for ericssons propritary SI13 formatPhilipp1-2/+11
Ericsson has introduced a propritary format to issue the S13 BCCH information. Normally the system info type field for SI13 would be encoded as 0x28. Ericsson encodes that field as 0x02 and ads a bcch mapping parameter, (IEI=F2) This patch sets the BCCH mapping to 0x00 (=BCCH Normal) statically (0xF200) The new constands are added to libosmocore, see commit: f0f9c8c29daaefbf9cff19177ade4a13ffb2e36c Change-Id: Ie0900f9b810744172b3090ce1b0ef7b7a1132946
2016-11-16OM2000: Fixup based on Coverity Scan suggestionPhilipp1-2/+2
This commit fixes Coverity Scan defect: CID 151901: Insecure data handling (TAINTED_SCALAR) Passing tainted variable "tag_len" to a tainted sink. Change-Id: Ic71ed6a3bbb228bc03e95bfc4a6f5fe09cf5a021
2016-11-16rbs2000: Add missing bts feature definitionsPhilipp1-0/+2
function bts_model_rbs2k_start() in bts_ericsson_rbs2000.c lacks the feature definition for GPRS and EGPRS. Change-Id: I777a67862084aa6cca39cfc43f5708e47608b0e6
2016-11-15abisip-find: use protocol constantMax1-2/+2
Use library define instead of directly using hardcoded value. Change-Id: Ie9b8bc55bf40cf005434f27e205d47ffab959413
2016-11-15SNDCP: Fixup based on Coverity Scan suggestionPhilipp1-1/+1
This commit fixes Coverity Scan defect: CID 151900: Null pointer dereferences (FORWARD_NULL) Passing null pointer "comp_field->v42bis_params->nsapi" to "memcpy", which dereferences it. Change-Id: Iff83e21168a267dd4b4c401ab7c603e029b3ac39
2016-11-15test/gbproxy: Test for possible memory corruption when link_info is freedDaniel Willmann2-0/+276
This test is to trigger the use-after free issue in commit bff7b0d80972. If compiled with address-sanitizer the test will abort without the fix. Change-Id: I5e8c6626ba43342740f08d699383bdded739079f Ticket: OW#3049 Sponsored-by: On-Waves ehf
2016-11-15gbproxy: Check whether gbproxy_update_link_state_after() deletes the link_infoDaniel Willmann3-13/+27
In case the link_info is deleted we have to stop handling the stored messages inside link_info. Not doing so can lead to invalid memory being accessed. Change-Id: Ieb8503e9e94e7a5ac450ad8aa1713ec4f21cdea5 Ticket: OW#3049 Sponsored-by: On-Waves ehf
2016-11-13OM2000: CON MO: Allow larger range for CCP and CI valuesHarald Welte1-2/+2
it seesm more recent RBS2000 models have much larger CCP and CI value ranges than those of older models. Change-Id: Ib116c1fac901b293929fce34223d1fd0af15d2bc