|Age||Commit message (Collapse)||Author||Files||Lines|
See also: https://alioth-lists.debian.net/pipermail/debian-mobcom-maintainers/Week-of-Mon-20200413/000648.html
Backport of osmo-bsc 6b9e0e4e8834428f85f169106ed7b6141f5b185b (1)
and 60d6d530ac6883db4f5c0394541ad654ddfd526c (2)
(1) TS 48.058 sec 8.4.1 CHANNEL ACTIVATION and state:
The BS and MS Power Parameters elements are included to indicate that BS
and/or MS power control is to be performed by BTS. The maximum power to
be used is indicated in the BS and MS Power elements respectively.
Since we always want the BTS to do autonomous MS power control, let's
(2)Send IE MS Power Param to osmocom BTS models only
Since MS Power Param IE content is operator dependant, it's currently
not known which kind of content non-osmocom BTS support/allow, so let's
avod possibily breaking those BTS until each BTS has been checked
Since March 15th 2017, libosmocore API logging_vty_add_cmds() had its
parameter removed (c65c5b4ea075ef6cef11fff9442ae0b15c1d6af7). However,
definition in C file doesn't contain "(void)", which means number of
parameters is undefined and thus compiler doesn't complain. Let's remove
parameters from all callers before enforcing "(void)" on it.
API osmo_stats_vty_add_cmds never had a param list but has seem problem
(no "void"), so some users decided to pass a parameter to it.
The function is never called in osmo-bsc-nat, and logging_vty_add_cmds()
is called directly in main().
RFC3435 states most text (except SDP) must be handled as case
Since we are no longer using strstr(msg->l2h), we need to iterate per
line and call related extract/handle function for that line.
Call to bsc_mgcp_osmux_confirm() is left at the end because it needs to
be called too in case no matching line is found. In that case, it will
release the CID. Similar stuff ocurrs for bsc_mgcp_extract_ci().
There's no real need to allocate it using talloc. Allocating it on the
stack simplifies the code, avoids mem leaks and makes it faster.
In bsc_nat_parse(), parsed is allocated this way:
"""parsed = talloc_zero(msg, struct bsc_nat_parsed);"""
So parsed is a child of msg, and so it's freed when msg is freed.
Since libosmocore c7f52c4c84d6a8898048738c4db9266289c40b45,
osmo_wqueue_enqueue() correctly detects queue full and returns an error,
and then queue_for_msc() calls msgb_free(). Code in osmo-bsc-nat was
probably written before that change in behavior, so that's why probably
the bug was not hit before.
The "if (parsed)" condition is removed since it's actually fine to
Might be useful in the future for its callers, since sometimes actions
need to be taken place based on whether enqueuing failed (and msg was
In verify_ci CI needs to be parsed as hex instead of dec number as well.
Our ttcn3-bscnat-tests would randomly fail. After the CRCX ACK returns
from the MSC the bsc-nat reports it could not find a CI it it and
deletes the connection on the BSC-side.
This happens because the field is parsed as a decimal value instead of
hexadecimal. So a value of 00FED122 is parsed as '0' which is a reserved
value in our program.
This fix parses the field as hexadecimal value and also logs an error if
the value happens to be 0.
make check will now test if a hexadecimal CI is parsed correctly.
The default is [yes] alert-notifications, therefore write
"no alert-notifications" in the case that this has
been set, in order to preserve configuration after
write is called from vty.
ipa_ccm_idtag_parse_off is broken, and can only be used with
len_offset=1 on ID Request messages, otherwise won't work correctly.
Modify ipa_ccm_idtag_parse to at least parse those correctly, and
document the limitations.
Those two functions are already deprecated and only used in openbsc by 3
* ipa_ccm_idtag_parse in ussd_read_cb(): Broken, that function can only
work for Requests and it's used to parse a Response.
* ipa_ccm_idtag_parse_off in forward_sccp_to_msc (NAT): Broken, it can
only be used to parse Requests and it's used to parse a Response.
Furthermore, len_offset=2 is passed which makes no sense and most
probably it fails always, or can even make the program crash.
* ipa_ccm_idtag_parse_off in (answer_challenge): This one is fine and
could actually be replaced with ipa_ccm_id_get_parse after libosmocore
commit (see below) is merged.
See libosmocore I6efc852dfc041192f554e41a58290a0f63298021 for more information.
As a consequence of the fixes, osmo-bsc-nat now parses messages sent
from VTY test correctly and thus it goes into processing them instead of
silently dropping them. As a result, some VTY tests fail because they
are sending incorrect format (missing NULL char in unit id strings) and
osmo-bsc-nat closses its connection (due to bad auth).
There's optional libiu for Iu*S support but it's just a leftover from
pre repo-split times:
* it's not used by any code
* it's not checked by gerrit verification in osmo-ci
* it's disabled by default
* it's not supported in .deb packages
Instead of dragging old code in unknown stage of bit-rotting, let's just
drop it completely.
There's already a public API to allocate libosmocore's signal ctx, so
let's use it instead of accessing the global variable. This will allow
to eventually Make the global variable in libosmocore static and
From journald output:
/usr/bin/osmo-bsc_mgcp: invalid option -- 's'
is not yet bound.
We create a new ESME in smsc->esme_list on establishment
of a TCP connection, yet we do not know the system id or
anything else, until the ESME identifies and authenticates.
So do not send alert notifications until we know the
bind status (and system_id)
The counterparts in OsmoBSC repo are actively maintained and (partially) packaged
for .deb - let's drop old versions to minimize user confusion.
After libosmocore commit
the openbsc master build is broken.
Apply the msgb_wrap_with_TL() rename to msgb_push_tl() to unbreak the build.
Also related is commit e8cd09dd6f3378a8137afb581dcd7ed554daa24c in this
repository, which removed the locally defined msgb_wrap_with_TL() definition.
The libosmocore mistake should have become obvious then and there...
Adds (no) alert-notifications as a per-esme vty command,
in order to allow some ESMEs to be excluded from alerts.
The default is still to send alert notifications to all esme,
so no changes are required to the config file to maintain
identical operation after this patch.
Backport of https://gerrit.osmocom.org/11792/
When using smpp-first, after the ESME accepts our STATUS REPORT,
we were sending it locally into gsm340_rx_sms_submit() anyway.
In the case of the ESME mirroring the report back to us, this
would result in two copies of the status report in the SMS
database, which were also both then delivered to the MS.
Some MS then display the REPORT to the user as if it were
a normal SMS.
With this patch, we check if it is the sms_report that has had
receiver set in sms_route_mt_sms() and not the original SMS we
are reporting on, which of course already has receiver set.
There's increasing gap in functionality between ipaccess utils from this
repo and from osmo-bsc due to ongoing development in new repository. To
avoid potential user confusion let's drop them similar to the way SGSN
was removed earlier.
From RFC 4867:
octet-align: Permissible values are 0 and 1. If 1, octet-aligned
operation SHALL be used. If 0 or if not present,
bandwidth-efficient operation is employed.
Remove locally defined function which conflicts with the one in
Not really critical since only user of this function doesn't check the
Fixes commit: 4a2cc9eb0a0f9424c16b26fcb757483a39d67482
* Refactor code to have unified checks on all paths activating Osmux.
* Improve checkings at activation time and add logging.
* Code now enforces endp osmux status to be enabled before processing
the frame through endp->osmux.out. Before, a delayed or bad pkt could
arrive and be processed by an endp with osmux not enabled, using
endp->osmux.out that was not initialized and ended up crashing:
libosmo-netif/src/osmux.c:281:3: runtime error: member access within null pointer of type 'struct msgb'
This could also happen if a BSC started sending or we received (non legacy dummy) osmux
frames before we received the BSC CRCX ACK agreeing on osmux negotiation
and switching to ACTIVATING state.
State ACTIVATING is set once negotiation between the 2 parts went
Prior to this commit, the check was only done on legacy dummy frames.
Otherwise we end up in a weird state where we have timers set up but
osmux is still flagged as not enabled.
Since that define is already used to allocate size of osmux_cid_bitmap,
let's use it here too instead of hardcoding its value.
A previous commit merged today fixed array size boundary (multiple of 8
bits), but removed a required +1 which should be kept on top, because
OSMUX_CID_MAX specified the maximum number used by a CID, that is
(0,OSMUX_CID_MAX), and as a result we require OSMUX_CID_MAX+1 slots.
It shows up all the time in logs while using "logging level all info",
let's move it to debug.
Right now it's not a big issue since OSMUX_CID_MAX is 255, so 255+1 is
256 which fits array boundaries correctly (multiple of 8). However, if
for example OSMUC_CID_MAX was modified to be 12, 12+1/8 = 1, so we'd
have an undesired memory access when accessing last 4 CIDs.
bsc_msc_lost will close the current fd (without freeing it), so let's
skip possible writes to an already closed fd
bsc_msc_lost will close the current fd (without freeing it), so let's
skip possible writes to an already closed fd..
PONG is being sent a as an answer to PING a few lines above in same
Code is already doing stuff with the connection (fd).
osmux_xfrm_input_open_circuit returns 0 on success and -1 on error.
Confusion comes from that function being implemented by calling
osmux_batch_add_circuit which returns NULL on error.
Back-port from osmo-bsc.git 9862bcb5cdb9ece0acfdfb7c81e00c05fcd33ad3.
ipaccess_drop_oml was being called inside an osmo_fd cb context, were
-EBADF must be returned if the structure holding the osmo_fd is freed.
In the middle of the path (see OS#3495 for path tree) it goes through a
signal dispatch, so it's impossible to make sure we return some value to
the osmo_fd cb. As a result, it is required to defer dropping the OML
Link from current code path and do it through a timer.
Fixes following ASan report:
20180822124927913 <0004> abis_nm.c:787 OC=RADIO-CARRIER(02) INST=(00,00,ff): CHANGE ADMINISTRATIVE STATE NACK CAUSE=Message cannot be performed
20180822124927913 <0004> osmo_bsc_main.c:186 Got CHANGE ADMINISTRATIVE STATE NACK going to drop the OML links.
20180822124927913 <0015> bts_ipaccess_nanobts.c:406 (bts=0) Dropping OML link.
==17607==ERROR: AddressSanitizer: heap-use-after-free on address 0x62e000060a68 at pc 0x7f5ea8e27086 bp 0x7ffde92b6d80 sp 0x7ffde92b6d78
READ of size 8 at 0x62e000060a68 thread T0
#0 0x7f5ea8e27085 in handle_ts1_write input/ipaccess.c:371
#1 0x7f5ea8e27085 in ipaccess_fd_cb input/ipaccess.c:391
#2 0x7f5ea9147ca8 in osmo_fd_disp_fds libosmocore/src/select.c:217
#3 0x7f5ea9147ca8 in osmo_select_main libosmocore/src/select.c:257
#4 0x555813ab79d6 in main osmo-bsc/osmo_bsc_main.c:922
#5 0x7f5ea76d02e0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202e0)
#6 0x555813ab84e9 in _start (/bin/osmo-bsc+0x34d4e9)
Back-port from osmo-bsc.git 24f2f55132f7230e387aef85612dcd6fc59cebe5.
Currently the force_realloc feature is turnd on and of in a
hardcoded way. This patch makes the option available via VTY.
Backport from osmo-mgw.git.