path: root/openbsc/src
AgeCommit message (Collapse)AuthorFilesLines
2016-04-01bsc: Add code to send ip.access reboot command to nanoBTSHolger Hans Peter Freyther1-0/+39
The nanoBTS continues to be buggy and seems to have broken BSSGP when changing SIs across new OML connections. Add an easy command to force the reboot of the system through OML.
2016-04-01abis: Send the message without enforcing to wait for a responseHolger Hans Peter Freyther1-1/+1
The user might issue restarts while no BTS is connected and we should not block the abis queue because of these messages.
2016-03-31Fix MM Auth: zero-initialize auth tuple before first useNeels Hofmeyr1-1/+10
Make sure a new auth tuple is initialized after db_get_lastauthtuple_for_subscr() returns an error, i.e. if no tuple is present for the subscriber yet. Before this patch, the first key_seq depended on the typically uninitialized value that was present in auth tuple's key_seq upon calling auth_get_tuple_for_subscr(). The very first key_seq used for a new subscriber will now always be 0. Before, it used to be mostly 1 ("(0 + 1) % 7"), but depended on whether the key_seq was indeed initialized with 0, actually by random.
2016-03-31Fix MM Auth: disallow key_seq mismatchNeels Hofmeyr1-0/+1
In auth_get_tuple_for_subscr(), add missing condition to match incoming key_seq with stored key_seq, so that re-authentication is requested for mismatching key_seqs. Add test for this issue.
2016-03-31MM Auth: return AUTH_NOT_AVAIL instead of hardcoded zeroNeels Hofmeyr1-4/+4
AUTH_NOT_AVAIL == 0, so this is no functional change.
2016-03-31MM Auth: introduce AUTH_ERROR constant.Neels Hofmeyr1-3/+3
Instead of using hardcoded -1 for errors, include -1 in the enum auth_action type; apply its use. In the mm_auth test, the string output changes from '(internal error)' to 'AUTH_ERROR', since now the proper enum value is used in auth_action_names[].
2016-03-31Add MM Auth test; add auth_action_str() functionNeels Hofmeyr1-0/+9
Add basic MM Authentication test setup, with fake DB access and RAND_bytes(). So far implement simple tests for IO error during DB access and missing auth entry. To print the auth action during tests, add struct auth_action_names and auth_action_str() inline function in auth.[hc].
2016-03-27osmo-bsc: fix compiler warning: store struct in vty->indexNeels Hofmeyr1-2/+2
Don't store an MSC index number in the vty->index void* value. Instead, store the osmo_msc_data struct directly. Thus avoid warnings about differences in int vs void* sizes, and save some index lookups.
2016-03-17Revert "move to hex TMSI representation"Harald Welte1-8/+7
This reverts commit 044fbe6568f82a12bf4e3addc7e3d6db529b6548.
2016-03-17move to hex TMSI representationVadim Yanitskiy1-7/+8
In OpenBSC, we traditionally displayed a TMSI in its integer representation, which is quite unusual in the telecom world. A TMSI is normally printed as a series of 8 hex digits. This patch aligns OpenBSC with the telecom industry standard. Signed-off-by: Vadim Yanitskiy <>
2016-03-17fix confusing typo in constant (THAN -> THEN)Neels Hofmeyr2-2/+2
2016-03-16mgcp: Fix compiler warnings on size_t on AMD64Holger Hans Peter Freyther1-4/+4
mgcp_transcode.c: In function 'decode_audio': mgcp_transcode.c:332:4: warning: format '%d' expects argument of type 'int', but argument 7 has type 'size_t' [-Wformat=] LOGP(DMGCP, LOGL_ERROR, ^ mgcp_transcode.c:332:4: warning: format '%d' expects argument of type 'int', but argument 8 has type 'long unsigned int' [-Wformat=] mgcp_transcode.c: In function 'encode_audio': mgcp_transcode.c:390:4: warning: format '%d' expects argument of type 'int', but argument 7 has type 'size_t' [-Wformat=] LOGP(DMGCP, LOGL_INFO, ^ mgcp_transcode.c:390:4: warning: format '%d' expects argument of type 'int', but argument 8 has type 'size_t' [-Wformat=] mgcp_transcode.c: In function 'mgcp_transcoding_process_rtp': mgcp_transcode.c:542:5: warning: format '%d' expects argument of type 'int', but argument 9 has type 'size_t' [-Wformat=] LOGP(DMGCP, LOGL_NOTICE, ^ mgcp_transcode.c:571:4: warning: format '%d' expects argument of type 'int', but argument 7 has type 'size_t' [-Wformat=] LOGP(DMGCP, LOGL_NOTICE, ^
2016-03-15bsc_scan_msc_msg: check protocol discriminatorNeels Hofmeyr1-0/+5
The function assumed an MM protocol discriminator without verifying it.
2016-03-15meas: Do not retry to close the databaseHolger Hans Peter Freyther1-11/+2
There is no concurrency involved and if it failed the first time, it will fail the second, third, ... time as well. Simply print that we will leak the database instance.
2016-03-1504.08: apply new transaction id inline functionsNeels Hofmeyr4-7/+7
libosmocore recently added inline functions to relieve callers from applying bitmasks and bit shifts to access the transaction id of a GSM 04.08 header. Apply these functions.
2016-03-1504.08: apply new bitmask functions, fix bitmask useNeels Hofmeyr12-37/+46
Replace hardcoded protocol discriminator and message type bitmasks with function calls recently introduced in libosmocore. Note that the release 98 bitmasks slightly differ from the release 99 bitmasks. This patch uses the "default" gsm48_hdr_msg_type invocation, thus it depends on libosmocore whether 98 or 99 bitmasks are used. In some places, use of the bitmask was erratic. Fix these implicitly by employing the bitmask functions: * silent_call.c: silent_call_reroute(): add missing bitmask for MM. * bsc_msg_filter.c: bsc_msg_filter_initial(): RR vs. MM messages. * osmo_bsc_filter.c: bsc_find_msc() and bsc_scan_bts_msg(): RR vs. MM messages. * bsc_nat_rewrite.c: bsc_nat_rewrite_msg(): SMS vs. CC messages. * bsc_ussd.c: no bitmask is applicable for the message types used here. * gb_proxy.c: gbproxy_imsi_acquisition(): missing bit mask for pdisc. In gprs_gb_parse.c: gprs_gb_parse_dtap(), add a log notice for unexpected message types.
2016-03-01db: evaluate return value of sqlite3_finalize(), tweak log output.Neels Hofmeyr1-4/+10
2016-02-29check return value of sqlite3_close(), retry up to three times.Neels Hofmeyr1-1/+11
2016-02-29use sqlite3_close() instead of sqlite3_close_v2()Neels Hofmeyr1-1/+1
This allows using sqlite3 v3.7.13, used by our current debian installation in the test setup. _v2 was added in v3.7.14.
2016-02-29minor commentNeels Hofmeyr1-0/+1
2016-02-29osmo_bsc_filter.c: add fixme noteNeels Hofmeyr1-0/+3
2016-02-25smpp: refactor initialization, add bind addressNeels Hofmeyr5-55/+167
Make the SMPP bind address configurable (used to be harcoded as ""). Add VTY command smpp local-tcp A.B.C.D <1-65535> while keeping the old command 'local-tcp-port <1-65535>'. Both the old and the new command immediately change the SMPP listening address and port. Add a LOGL_NOTICE log when the SMPP listening address and/or port change. However, to be useful, this patch has to go somewhat further: refactor the initialization procedure, because it was impossible to run the VTY commands without an already established connection. The SMPP initialization procedure was weird. It would first open a connection on the default port, and a subsequent VTY port reconfiguration while reading the config file would try to re-establish a connection on a different port. If that failed, smpp would switch back to the default port instead of failing the program launch as the user would expect. If anything else ran on port 2775, SMPP would thus refuse to launch despite the config file having a different port: the first bind would always happen on Change that. In the VTY commands, merely store address and port if no fd is established yet. Introduce several SMPP initialization stages: * allocate struct and initialize pointers, * then read config file without immediately starting to listen, * and once the main program is ready, start listening. After that, the VTY command behaves as before: try to re-establish the old connection if the newly supplied address and port don't work out. I'm not actually sure why this switch-back behavior is needed, but fair enough. In detail, replace the function smpp_smsc_init() with the various steps smpp_smsc_alloc_init() -- prepare struct for VTY commands smpp_smsc_conf() -- set addr an port only, for reading the config file smpp_smsc_start() -- establish a first connection, for main() smpp_smsc_restart() -- switch running connection, for telnet VTY smpp_smsc_stop() -- tear down connection, used by _start() twice And replace smpp_openbsc_init() smpp_openbsc_set_net() with smpp_openbsc_alloc_init() smpp_openbsc_start() I'd have picked function names like "_bind"/"_unbind", but in the SMPP protocol there is also a bind/unbind process, so instead I chose the names "_start", "_restart" and "_stop". The smsc struct used to be talloc'd outside of smpp_smsc_init(). Since the smsc code internally uses talloc anyway and employs the smsc struct as talloc context, I decided to enforce talloc allocation within smpp_smsc_alloc_init(). Be stricter about osmo_signal_register_handler() return codes.
2016-02-25enable ctrl bind config for various programsNeels Hofmeyr7-20/+56
Add ctrl_vty_init() calls and feed the ctrl_vty_get_bind_addr() return value to ctrl_interface_setup() in the following programs: osmo-bsc osmo-bsc_nat osmo-nitb osmo-sgsn For osmo-sgsn, move the control interface setup invocation below the config parsing, so that the ctrl_vty_get_bind_addr() can return the configured address.
2016-02-25osmo-nitb: be strict about cmdline argsNeels Hofmeyr1-1/+3
Abort upon unknown options and missing option arguments. This came to my attention while rewiring the -m and -M options: passing -M without argument would launch nitb with wrong configuration. So, rather exit immediately. If there are legacy options that should be ignored, they deserve an own 'case:' in the option switch. There are none that I'm aware of though.
2016-02-25osmo-nitb: cosmetic: rename to rf_ctrl_path, following mncc_sock_pathNeels Hofmeyr1-4/+4
Strictly speaking, the unix domain socket location is not a name but a path. The MNCC socket is called path, so it is confusing to call the ctrl socket a 'name'.
2016-02-25osmo-nitb: add -M to pass specific MNCC socket pathNeels Hofmeyr2-10/+16
The old -m option without argument is still available and marked deprecated, to not make users' lives more difficult than necessary.
2016-02-25enable telnet VTY bind address config for various programsNeels Hofmeyr6-16/+43
Following the 'line vty'/'bind A.B.C.D' command added in libosmocore, use the configured address to set the telnet bind for the VTY line. It is now possible to publish the VTY on a specific local interface (including aka "any"). Implement in all of: osmo-gbproxy osmo-gtphub osmo-sgsn osmo-bsc osmo-bsc_nat osmo-bsc_mgcp osmo-nitb In some of these main programs, move the telnet initialization below the configuration parsing. Historically, this was not a good idea for programs using bsc_init.c (aka bsc_bootstrap_network()), since they expected a gsm_network struct pointer in ((struct telnet_connection*)vty->priv)->priv, so that telnet had to be either initialized or replaced by a dummy struct. In the meantime, the gsm_network struct is not actually looked up in a priv pointer but in the static bsc_vty.c scope (bsc_gsmnet), so this limitation is mere legacy (even though said legacy is still there in an "#if 0" chunk). In the other binaries I have briefly looked at the init sequence dependencies and found no reason to initialize telnet above the config file parsing. In any case, I have tested every single one of abovementioned binaries to verify that they still parse the example config successfully and launch, allowing VTY connections on the configured address(es). I hope this suffices. In all of the above, log VTY address and port. LOGL_INFO is disabled by default in some of the logging scopes, and since it is a single log message right at program launch, I decided for the slightly more aggressive LOGL_NOTICE.
2016-02-25gsm340_rx_tpdu: comment-out two unused varsNeels Hofmeyr1-3/+7
Kills two compiler warnings.
2016-02-25ipaccess_rcvmsg: fix returncode, add partial write warningNeels Hofmeyr1-1/+7
Kills a compiler warning.
2016-02-25bsc_nat: fail if VTY telnet port cannot be bound, clarify commentNeels Hofmeyr1-2/+5
2016-02-24minor fixes in bsc_vty.c and bsc_nat.cNeels Hofmeyr2-3/+3
Remove unused talloc.h from bsc_vty.c. In bsc_nat.c, use OSMO_CTRL_PORT_BSC_NAT instead of hardcoding port number, and include ctrl/ports.h for that. Fix comment typo "COMAMND"
2016-02-24osmo-bsc: fix checking wrong pointer for ctrl setup successNeels Hofmeyr1-1/+1
2016-02-23gtphub: tweak default logging levelNeels Hofmeyr1-1/+1
2016-02-23gtphub: include ports.h instead of redefining OSMO_VTY_PORT_GTPHUBNeels Hofmeyr1-5/+1
2016-02-22sgsn: Re-add searching for MM ctx based on TLLI / P-TMSI matchesJacob Erlbeck2-3/+48
If an MM context cannot be found based on BBSGP info and a RA UPDATE REQUEST is received, try to find an MM context with an P-TMSI from which the TLLI could have been derived. This also checks, whether the routing area matches. This is similar to the old behaviour removed by the commits "sgsn: Only look at TLLIs in sgsn_mm_ctx_by_tlli" and "sgsn: Remove tlli_foreign2local", except that this will only be done for RA UPDATE REQUESTs now. Sponsored-by: On-Waves ehf
2016-02-22sgsn: Change handling of missing mmctx in gsm48_rx_gmm_ra_upd_reqJacob Erlbeck1-3/+15
Currently the MM context is just overwritten by a call to sgsn_mm_ctx_by_tlli(msgb_tlli(msg), &old_ra_id) even if it has already been found by using the BSSGP info. With the changes made to sgsn_mm_ctx_by_tlli this will never find a MM context if the routing area has changed. If the routing area has not changed, the mmctx has already been found if it exists. This commit splits searching for an MM context (if it hasn't been found already) from checking, whether a found one can really be used. The actual search is removed, so that the MS will be forced to restart the attach procedure, which is less efficient but safe. Sponsored-by: On-Waves ehf
2016-02-22sgsn: Only look at TLLIs in sgsn_mm_ctx_by_tlliJacob Erlbeck1-30/+1
Currently the code also matches the TLLI against LOCAL and FOREIGN mappings of the P-TMSI, thus eventually finding MM contexts not consistent with the TLLI (both tlli and tlli_new differ). On the other hand, tlli_new is not checked at all. This commit changes the function to only look at mmctx->tlli, mmctx->tlli_new, and the routing area. Sponsored-by: On-Waves ehf
2016-02-22sgsn: Make ra_id_equals available as gprs_ra_id_equalsJacob Erlbeck2-9/+9
The function is moved to gprs_utils.c, renamed, and made non-static to be usable in other modules, too. Sponsored-by: On-Waves ehf
2016-02-22sgsn: Remove tlli_foreign2localJacob Erlbeck1-23/+2
Currently foreign TLLI are sometimes mapped to local TLLI in the hope that they will match. This seems to sometimes introduce inconsisties, possibly leading to a failing assertion in _bssgp_tx_dl_ud. This mapping should probably reduce the allocation of additional LLME during routing area changes. This commit removes tlli_foreign2local. Sponsored-by: On-Waves ehf
2016-02-18Patch to make openbsc find libsmpp34Ruben Undheim2-2/+3
This patch lets the build script for openbsc find the libsmpp34 installation with the help of pkg-config instead of assuming the header files are in /usr/include.
2016-02-18rename ipaccess-find into abisip-findHarald Welte2-4/+4
The tool is not used only to find ip.access devices, but used to find any Abis/IP implementing devices, including those supported by OsmoBTS.
2016-02-10msc: Remove oversimplified todo entry and add a commentHolger Hans Peter Freyther1-1/+5
Add a comment of why we want to accept this connection anyway.
2016-01-30gsm0408: Provide unique strings for the gsm 04.08 messageHolger Hans Peter Freyther6-61/+61
At Rhizomatica we see that some GSM 04.08 messages are leaked and have no other indication if that is Call Control, SMS or something else.
2016-01-28remove src/libgb/Makefile.amNeels Hofmeyr1-9/+0
libgb has been obsolete for years, but the is still there. src/ does not list it as a subdir, so it's just dangling legacy.
2016-01-28fix bsc_vty out: timeslot indented too deeply.Neels Hofmeyr1-8/+8
In 'show running-config', timeslot appears as a sub-element of rsl, but it is a direct child of trx. Fix the timeslot section in vty_out by removing one space of idention. Adjust various config examples. Rationale: it's not relevant for function, but confuses human operators. Fixing it will save the next hacker some time.
2016-01-26gprs: use libgtp cflagsAlexander Huemer1-1/+1
2016-01-23gtphub: Fix use after free on failureHolger Hans Peter Freyther1-1/+3
Even if fclose fails the stream is inaccessible and the second fclose might cause memory violation. Linux manpage says: Upon successful completion 0 is returned. Otherwise, EOF is returned and errno is set to indicate the error. In either case any further access (including another call to fclose()) to the stream results in undefined behavior. Fixes: CID#57958
2016-01-23db: Avoid undefined behavior when copying cm2/cm3 from the dbHolger Hans Peter Freyther1-2/+4
memcpy has both the source and destination marked as non-null and we were still passing NULL (with a zero size) to it. While this makes sense it violates the constraints of the function. Add the check to see if these values are NULL or not. +db.c:583:2: runtime error: null pointer passed as argument 2, which is declared to never be null + #0 0x40d7f7 in get_equipment_by_subscr (/home/builder/jenkins/workspace/Osmocom_Sanitizer/source/openbsc/openbsc/tests/db/db_test+0x40d7f7) + #1 0x40f6d2 in db_get_subscriber (/home/builder/jenkins/workspace/Osmocom_Sanitizer/source/openbsc/openbsc/tests/db/db_test+0x40f6d2) + #2 0x40bfaa in sms_from_result_v3 (/home/builder/jenkins/workspace/Osmocom_Sanitizer/source/openbsc/openbsc/tests/db/db_test+0x40bfaa) + #3 0x40c847 in update_db_revision_3 (/home/builder/jenkins/workspace/Osmocom_Sanitizer/source/openbsc/openbsc/tests/db/db_test+0x40c847) + #4 0x40cbc3 in check_db_revision (/home/builder/jenkins/workspace/Osmocom_Sanitizer/source/openbsc/openbsc/tests/db/db_test+0x40cbc3) + #5 0x40cf85 in db_prepare (/home/builder/jenkins/workspace/Osmocom_Sanitizer/source/openbsc/openbsc/tests/db/db_test+0x40cf85) + #6 0x406f18 in main /home/builder/jenkins/workspace/Osmocom_Sanitizer/source/openbsc/openbsc/tests/db/db_test.c:179 + #7 0x7fd625638a3f in __libc_start_main (/lib/x86_64-linux-gnu/ + #8 0x405598 in _start (/home/builder/jenkins/workspace/Osmocom_Sanitizer/source/openbsc/openbsc/tests/db/db_test+0x405598) + +db.c:590:2: runtime error: null pointer passed as argument 2, which is declared to never be null + #0 0x40da23 in get_equipment_by_subscr (/home/builder/jenkins/workspace/Osmocom_Sanitizer/source/openbsc/openbsc/tests/db/db_test+0x40da23) + #1 0x40f6d2 in db_get_subscriber (/home/builder/jenkins/workspace/Osmocom_Sanitizer/source/openbsc/openbsc/tests/db/db_test+0x40f6d2) + #2 0x40bfaa in sms_from_result_v3 (/home/builder/jenkins/workspace/Osmocom_Sanitizer/source/openbsc/openbsc/tests/db/db_test+0x40bfaa) + #3 0x40c847 in update_db_revision_3 (/home/builder/jenkins/workspace/Osmocom_Sanitizer/source/openbsc/openbsc/tests/db/db_test+0x40c847) + #4 0x40cbc3 in check_db_revision (/home/builder/jenkins/workspace/Osmocom_Sanitizer/source/openbsc/openbsc/tests/db/db_test+0x40cbc3) + #5 0x40cf85 in db_prepare (/home/builder/jenkins/workspace/Osmocom_Sanitizer/source/openbsc/openbsc/tests/db/db_test+0x40cf85) + #6 0x406f18 in main /home/builder/jenkins/workspace/Osmocom_Sanitizer/source/openbsc/openbsc/tests/db/db_test.c:179 + #7 0x7fd625638a3f in __libc_start_main (/lib/x86_64-linux-gnu/ + #8 0x405598 in _start (/home/builder/jenkins/workspace/Osmocom_Sanitizer/source/openbsc/openbsc/tests/db/db_test+0x405598)
2016-01-22gtphub: Make the two setter static as wellHolger Hans Peter Freyther1-2/+2
Same as with the previous gtphub commit. Make these static to deal with the new semantic of inline in gcc5.
2016-01-22gtphub: Fix compilation using gcc5Holger Hans Peter Freyther1-2/+2
The semantic of inline has changed and we need to make it static to not end up with undefined references.