|Age||Commit message (Collapse)||Author||Files||Lines|
On DT messages we directly write into the tracked SCCP
connection. This means "imsi" will always be NULL at
this check. Change the code to use con->imsi
Fixes: Coverity CID 1293151
$ bsc_control.py -d localhost -p 4250 -s net.0.save-configuration 0
We want to have a program add entries to the allow list
this can be done using:
$ bsc_control.py -d localhost -p 4250 -s net.0.add.allow.access-list.NAME "^IMSI$"
In case one wants to monitor the access lists one
there is now a trap for the IMSI.
bsc_stat_reject is treating -1 as parsing failure but for the
global barring. Change it to another return value so it is
not counted as parsing failure.
I used strdup in case the data would not be valid from after
the call to getopt and this creates a potential leak if a user
is specifying multiple configuration files. If I depend on the
fact that the string is a pointer into the argv array I can
kill the strdup and fix the unlikely leak.
Fixes: Coverity CID 1206578
The per BSC code didn't guard against the init already having
been executed. This lead to:
Adding a osmo_fd that is already in the list.
<000b> bsc_nat_vty.c:1200 Setting up OSMUX socket
So a new socket got created and the old one leaked. Luckily
Linux appears to allow to bind multiple times so we were able
to just read from the new one. Use the same guard that is used
on the MGCP MGW. Re-order the log message to say "Setting up"
before we actually do that. I manually verified that osmux_init
is called at most once.
The log message was spotted by Roch
Since it is planned to use struct gsm_subscriber to manage subscriber
data in the SGSN, this file which contains the generic subscriber
related methods is moved to libcommon.
Sponsored-by: On-Waves ehf
We might be offered multiple codecs by the remote and need to
switch between them once we receive data. Do this by moving it
to a struct so we can separate between proposed and current
codec. In SDP we can have multiple codecs but a global ptime.
The current code doesn't separate that clearly instead we write
it to the main codec.
The talloc_free on the nat lead to the freeing of the bsc_config
which lead to freeing of the rate_ctr_group. The rate_ctr_group
remained in a global list and the next creation of a bsc_config
would access dead memory. Fix it.
The free routine is only meant to be used by the test, for the
real nat we would need to make sure that all connections and
other state that refers to the cfg is removed/closed first.
Fix various memleaks in the test while we are at it. There are
still some to fix.
==7195== Invalid write of size 4
==7195== at 0x4043171: rate_ctr_group_alloc (linuxlist.h:65)
==7195== by 0x804D893: bsc_config_alloc (bsc_nat_utils.c:174)
==7195== by 0x804B5D2: main (bsc_nat_test.c:954)
==7195== Address 0x4311cbc is 52 bytes inside a block of size 208 free'd
==7195== at 0x4029D28: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==7195== by 0x4048D98: _talloc_free (talloc.c:609)
==7195== by 0x4052806: talloc_free (talloc.c:578)
==7195== by 0x804B58A: main (bsc_nat_test.c:940)
bsc_nat_ctrl.c: In function ‘set_net_cfg_cmd’:
bsc_nat_ctrl.c:360:3: warning: implicit declaration of function ‘bsc_replace_string’ [-Wimplicit-function-declaration]
bsc_replace_string(bsc_cfg, &bsc_cfg->acc_lst_name, cmd->value);
Remove redundant information log message:
<000b> bsc_mgcp_utils.c:647 BSC doesn't want to use Osmux, failing back to RTP
<000b> bsc_mgcp_utils.c:669 bsc didn't accept to use Osmux (cid=0)
One single log message is just fine. The error path already indicates
the precise reason not to accept the request to use Osmux.
This patch includes several osmux fixes that are interdependent:
1) This adds Osmux circuit ID, this is allocated from the bsc-nat. This
announces the circuit ID in the CRCX MGCP message. This aims to resolve
the lack of uniqueness due to the use of endp->ci, which is local to
the bsc. This ID is notified via X-Osmux: NUM where NUM is the osmux
2) The dummy load routines are now used to setup osmux both in bsc and
bsc-nat to resolve source port NAT issues as suggested by Holger. The
source port that is used from the bsc is not known until the first
voice message is sent to the bsc-nat, therefore enabling osmux from
the MGCP plane breaks when a different source port is used.
3) Add refcnt to struct osmux_handle, several endpoints can be using the
same input RTP osmux handle to perform the batching. Remove it from the
osmux handle list once nobody is using it anymore to clean it up.
4) Add a simple Osmux state-machine with three states. The initial state
is disabled, then if the bsc-nat requests Osmux, both sides enters
activating. The final enabled state is reached once the bsc-nat sees
the dummy load message that tells what source port is used by the bsc.
5) The osmux input handle (which transforms RTP messages to one Osmux batch)
is now permanently attached to the endpoint when Osmux is set up from the
dummy load path, so we skip a lookup for each message. This simplifies
After this patch, the workflow to setup Osmux is the following:
|<------ CRCX ----------|
| X-Osmux: 3 | (where 3 is the Osmux circuit ID
| | that the bsc-nat has allocated)
|------- resp --------->|
| X-Osmux: 3 | (the bsc confirm that it can
| | use Osmux).
setup osmux |----- dummy load ----->| setup osmux
| Osmux CID: 3 |
In two steps:
1st) Allocate the Osmux Circuit ID (CID): The bsc-nat allocates an unique
Osmux CID that is notified to the bsc through the 'X-Osmux:' extension.
The bsc-nat annotates this circuit ID in the endpoint object. The bsc
replies back with the 'X-Osmux:' to confirm that it agrees to use Osmux.
If the bsc doesn't want to use Osmux, it doesn't include the extension
so the bsc-nat knows that it has to use to RTP.
2nd) The dummy load is used to convey the Osmux CID. This needs to happen
at this stage since the bsc-nat needs to know what source port the bsc
uses to get this working since the bsc may use a different source
port due to NAT. Unfortunately, this can't be done from the MGCP signal
plane since the real source port is not known that the bsc uses is not
This patch also reverts the MDCX handling until it is clear that we need
this special handling for this case.
In the bsc-nat side, the osmux socket initialization can be done from
the vty. This ensure that the osmux socket is available by the time the
bsc-nt receives the dummy load that confirms that the osmux flow has
been set up.
This change is required by the follow up patch. This change ensures that
the Osmux socket in the bsc-nat is already in place by the time this
receives the dummy load.
.. as defined in libosmocore
... which happened during recent migration of IPA functionality from
libosmo-abis into libosmocore.
Jacob pointed out that "free_endp" refers to the memory of
the endpoint being freed. What we want is actually a way to
release an endpoint (and the resource it allocated) or in
the case of the testcase/testapp initialize the data structure
correctly. Introduce two names for that.
Documentation error (missing docs):
<command id='osmux (on|off)'>
<param name='off' doc='(null)' />
foo = *((uintXX_t *) TLVP_VAL(...) can lead to unaligned access. To
prevent that use tlvp_valXX_unal() to get the values.
This patch adds the voice muxer. You can use this to batch RTP
traffic to reduce bandwidth comsuption. Basically, osmux transforms
RTP flows to a compact batch format, that is later on decompacted
to its original form. Port UDP/1984 is used for the muxer traffic
between osmo-bsc_nat and osmo-bsc_mgcp (in the BSC side). This
feature depends on libosmo-netif, which contains the osmux core
Osmux is requested on-demand via the MGCP CRCX/MDCX messages (using
the vendor-specific extension X-Osmux: on) coming from the BSC-NAT,
so you can selectively enable osmux per BSC from one the bsc-nat.cfg
file, so we have a centralized point to enable/disable osmux.
First thing you need to do is to accept requests to use Osmux,
this can be done from VTY interface of osmo-bsc_nat and
osmo-bsc_mgcp by adding the following line:
osmux batch-factor 4
This just initializes the osmux engine. You still have to specify
what BSC uses osmux from osmo-bsc_nat configuration file:
In this case, bsc 1 and 3 should use osmux if possible, bsc 2 does
not have osmux enabled.
Thus, you can selectively enable osmux depending on the BSC, and
we have a centralized point for configuration from the bsc-nat to
enable osmux on demand, as suggested by Holger.
At this moment, this patch contains heavy debug logging for each
RTP packet that can be removed later to save cycles.
The RTP ssrc/seqnum/timestamp is randomly allocated for each MDCX that
is received to configure an endpoint.
The code in the BSC/NAT called ipaccess_rcvmsg_base without
checking if the protocol is IPA. This lead the BSC to respond
to SCCP messages with an "ID ACK". From a quick look neither
the code of ipaccess_rcvmsg_base in OpenBSC nor the copy of
libosmo-abis ever checked the protocol header. So this code
has been wrong since initially being created in 2010.
Coverity complains about checking connection->cfg in
bsc_close_connection() at one place but not at the second.
This patch fixes this by adding a check before accessing cfg when
generating the 'partial message' log message.
Fixes: Coverity CID 1195180
Sponsored-by: On-Waves ehf
The log message lacked a lot of context. A SCCP connection is
created on behalf of a configured BSC. This way we should be
able to always list this information.
The old ipa_msg_recv() implementation didn't support partial receive,
so IPA connections got disconnected when this happened.
This patch adds the handling of the temporary message buffers and uses
It has been successfully tested by jerlbeck with osmo-nitb and
Sponsored-by: On-Waves ehf
For GPRS the look-up via bts/trx does not make any sense and would
introduce bad depdencies for the SGSN. Move the look-up code to a
new file and introduce new setup methods.
For operation we want to switch the access-list of a BSC at runtime
in a programatic way.
Sponsored-by: On-Waves ehf
Add two optional arguments to the imsi-deny rule
for the reject cause and verify that it is saved
The filtering architecture already allowed to specify a reject
reason but this has not been used for the access-lists. Extend
the access-list to include a reject reason and extend the test
case to honor it.
So far the payload type used in RTP streams has been taken from the
trunk configuration in NAT mode.
This patch changes the implementation to use the payload type
announced in the SDP part of MGCP messages and responses. SDP
descriptions more than one m=audio line are not yet supported
properly (always the last one is taken).
Sponsored-by: On-Waves ehf
Remove ournode_exit_cmd, ournode_end_cmd, and bsc_install_default()
since this functionality is provided by the current libosmocore.
Replace calls to bsc_install_default() by call to
vty_install_default() with the following semantic patch:
Sponsored-by: On-Waves ehf
In case of the RLSD coming from the MSC we are patching the address
in-situ but for local calls set con = NULL. We then answered the RLSD
with the wrong reference and the MSC kept on trying.
This wrong log message appears to be the result of copy and paste
Assign a static name to a MSC Connection and use it. In case there
are multiple connections we can now more easily identify them.
This is only used for the NAT right now, the BSC could start to
name the various MSC connections too.
Currently the 'mgcp' command fails in the 'config-nat' node, because
it get confused with 'mgcp-through-msc-ipa' which is executed
instead because of the prefix based command selection. Thus the
latter command is renamed by this patch to avoid the common prefix.
The workaround in the test suite is removed.
Add bsc_install_default() and replace all install_default()
This patch adds bsc_install_default() which calls install_default()
and add 'exit' and 'end'. All other calls to install_default() are
replaced by calls to bsc_install_default().
Since 'exit' and 'end' are now added automatically to each node, the
explicit registrations of these commands are removed by this patch,
The related tests succeed now without work-arounds (except for the
'config' node itself which is part of libosmocore).
Rename methods to be like bsc_ussd_ACTION.
This enum indicates if the mgcp is running on the BSC or the BSC-NAT.
This command returns the current state of the connection to the USSD
side channel provider. It shows whether a provider has been connected
and authorized or not.
Spotted while going through the code with Jacob. We could have
leaked the msgb in case of error.
* Spell Configure correctly
* Use %s and VTY_NEWLINE instead of \n
* The post-routing is applied after the first re-writing. To do this
the new number is copied back into the called data structure.
* Add a testcase that goes from 0172 to 0049 and then back to 0049
using the post rule with a table lookup.
* Increase the rewritten rule to five digits (this is the easiest
for the unit test). This will add another 40kb to the runtime size.
* Create a unit test that tests adding and removing the prefix rules.
* Use the regexp match to replace from one package
* It is a trie. The max depth of the trie is the length of the
longest prefix. The lookup is O(lookuped_prefix), but as the prefix
length is limited, the lookup time is constant.
* Each node can hold the entire prefix, has place for the rewrite
rule with up to three digits.
* A trie with 20k entries will take about 3MB ram.
* Filling the trie 100 times takes ~800ms on my i7 laptop
* 10.000.000 lookups take 315ms.. (for the same prefix).
* 93/99 lines are tested, 6/6 functions are tested, 49 of 54 branches
are tested. Only memory allocation failures are not covered
* A late addition is to handle the '+' sign and to increase the number
of chars in the rewrite prefix. The timing/line coverage has not
been updated after this change.
The test is just testing the invocation but does not verify that
the side effect of this call. It is good enought for now.
Coverity pointed out that this code is logically dead. Quickly
judging the code we will forward the RSLD message anyway. Remove
the code for now and next time I work on the NAT/USSD bridge I
will have a look at the flow of the RLSD messages.
Fixes: Coverity CID 1042327