| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Currently the keep_subscr flag in gsm_subscriber_group refers to a
whole group of subscribers which makes it difficult to really delete
single entries if the flag is set.
This patch adds a keep_in_ram field to gsm_subscriber which allows for
keeping subscriber objects in RAM while deleting others.
Note that really deleting an entry requires that both flags
(subscr_group->keep_subscr and subscr->keep_in_ram) are set to 0. So
only the latter should be used if a specification requires the
deletion of a subscriber entry.
Sponsored-by: On-Waves ehf
|
|
Remove warnings related to the SGSN specific code.
Sponsored-by: On-Waves ehf
|
|
The trans_alloc function still uses the subscr object to access the
network object.
This patch adds an explicit net parameter to this function and
removes the access to subscr to obtain it.
Sponsored-by: On-Waves ehf
|
|
Currently the SRES value in the Auth & Ciph Response is ignored.
This patch checks the SRES value in response against the value stored
in mm->auth_triplet.sres. If they don't match, an Auth & Ciph Reject
message is sent to the MS. If they match, the mm->is_authenticated
flag is set.
Note that the procedure will not be started yet.
Sponsored-by: On-Waves ehf
|
|
Currently mmctx_timer_start is called from within
gsm48_tx_gmm_auth_ciph_req which differs from the way e.g. the
identification procedure is implemented. It also makes it more
difficult to restart the procedure after timeout, which is not
implemented yet. In addition, the timer is not properly stopped when
an AUTH & CIPH response is received.
This patch removes this timer start from gsm48_tx_gmm_auth_ciph_req,
adds the retransmission of Auth & Ciph requests to the timer callback
function, and properly stops the timer in
gsm48_rx_gmm_auth_ciph_resp.
Sponsored-by: On-Waves ehf
|
|
Currently gsm48_tx_gmm_auth_ciph_req/_rej are commented out. In
addition, gsm48_tx_gmm_auth_ciph_req uses a wrong encoding (two byte TV instead of two nibbles TV) of the CKSN information element.
This patch fixes the encoding of the CKSN IE and enables the
functions mentioned above.
Sponsored-by: On-Waves ehf
|
|
This commit adds test for the generic part of gsm_subscriber like
reference counting and flag usage.
Sponsored-by: On-Waves ehf
|
|
Currently every subcriber object directly refers to the gsm_network
which contains a flag shared by every related subscriber
(keep_subscr). This adds a dependency on gsm_network even if only the
function defined in gsm_subscriber_base.c are used.
This patch adds a new struct gsm_subscriber_group which contains the
keep_subscr flag and a back reference to the network object. The
latter is not dereferenced in gsm_subscriber_base.c, so it can safely
be set to NULL when only that part of the gsm_subscriber API is being
used. It also changes that API to use gsm_subscriber_group instead of
gsm_network parameters.
Since there are some places where a pointer to the gsm_network is
needed but where only a gsm_subscriber is available, a 'net' back
pointer is added to the group struct, too. Nevertheless subscr group
and network could be separated completely, but this is not the topic
of this commit.
Sponsored-by: On-Waves ehf
|
|
Sponsored-by: On-Waves ehf
|
|
Currently the net pointer is obtained from trans->subscr->net. On the
other hand, the list gsm_trans object is managed by the net object.
This patch adds the back pointer to the structure and replaces all
trans->subscr->net by trans->net expressions. In trans_alloc() the
trans->net pointer is obtained from the subscr object.
Sponsored-by: On-Waves ehf
|
|
Related: SYS#798
|
|
Add a command and test to see the current channel load and
available channels per BTS.
Related: SYS#798
|
|
The commit "sgsn: Don't send XID reset after Detach Accept" fixed the
SGSN to not respond to a Detach Accept message when there is no MM
context.
This patch adds a test case to verify, that there is really no
message sent in that case.
The test fails when the commit mentioned aboved is reverted.
Sponsored-by: On-Waves ehf
|
|
Currently the expected P-TMSI generated by the SGSN is hard-coded
into the test. This adds a dependency on the implementation of rand()
and thus the libc used. This breaks the test e.g. on FreeBSD.
This patch modifies test_gmm_attach() to srand(1) first, generate the
P-TMSI, and finally srand(1) again before starting the test.
Sponsored-by: On-Waves ehf
|
|
Currently when the MS does a re-attach without doing a proper detach
first, the gbproxy uses the old local TLLI if patching and the keep
mode are enabled. This leads to a failing attachment procedure when
TLLI patching is also enabled.
This patch changes gbproxy_update_link_state_ul to reset all TLLIs
within the link_info if the message contains an unknown TLLI and an
MI. This is generally the case with Attach Request messages.
The gbproxy_get_link_info_ul gets an additional tlli_is_valid
output parameter that is set, when a TLLI was present and found.
This flag is then used instead of checking tlli.current == 0 to
set TLLI/P-TMSI e.g. Attach Requests when a link_info was already
present for the P-TMSI/IMSI used in such a request.
Ticket: OW#1324
Sponsored-by: On-Waves ehf
|
|
|
|
Increase the bcch_change_mark and generate a new copy of the
system information. Make the method public, add a small test
case. Manually verified using the FakeBTS. I don't know if
the MS will re-read these SIs.
Related: SYS#739
|
|
Store the BCCH change mark inside the BTS structure. This will
allow us increment the number and re-generate the SIs.
Related: SYS#739
|
|
Allow to set the cell-identity through the control interface
and add a small test for it.
Related: SYS#739
|
|
This will drop a specific IP based BTS. It will lead to a
re-connect of the BTS and the new settings will be applied
then.
Fixes: SYS#737
|
|
The session name must be present in a SDP file. The RFC proposes
to use a space for it but the other equipment is using the dash
so I have picked that as well.
RFC 4566:
The "s=" field is the textual session name. There MUST be one and
only one "s=" field per session description. The "s=" field MUST NOT
be empty and SHOULD contain ISO 10646 characters (but see also the
"a=charset" attribute). If a session has no meaningful name, the
alue "s= " SHOULD be used (i.e., a single space as the session
name).
Fixes: RT#2196
|
|
Equipment like AudioCode appears to get upset when we use a
builtin type and then assign a name to it. Allow to completely
omit the name.
|
|
To implement subscriber based authorization a data structure is
needed that keeps the subscriber data. The MSC already uses a similar
struct named gsm_subscriber whose implementation is split into a
generic part (allocation, retrieval, reference counting, list
maintenance) and MSC related parts. For GPRS, only the generic part
will be used and specific fields may be added when needed.
This patch adds a field mm to struct gsm_subscriber that will be used
by the SGSN to store a reference to the current MM context (or NULL
if there is none). This also adds a field subscr to struct
sgsn_mm_ctx that reversely points to a gsm_subscriber (or NULL if
there is none). Either both fields are NULL or both fields are
non-NULL. Note that subscr is being reference counted.
Sponsored-by: On-Waves ehf
|
|
Currently the function in sgsn_auth.c either have an sgsn_config or
an sgsn_instance parameter. Since then global sgsn variable is
already being used in that file and since other parts of the SGSN
related code also rely on a global sgsn singleton, these parameters
pretend to provide a flexibility that is not really supported.
Therefore this patch removes these parameters except for the ACL
related functions, which do not call code that uses the sgsn
variable.
Sponsored-by: On-Waves ehf
|
|
Currently the authorization is done in sgsn_auth_request for ACL
based authorization. This doesn't match the way remote authorization
would work, so that there is a second call to sgsn_auth_state already
present in sgsn_auth_update.
This patch removes the autorization check completely from
sgsn_auth_request which in turn calls sgsn_auth_update directly now.
Sponsored-by: On-Waves ehf
|
|
Currently every time an RA Update Req or an Attach Req is processed, a
new P-TMSI is allocated. When an MS issues another of these messages
before it has completed the first procedure, old_ptmsi is replaced by
ptmsi (and thus lost) and ptmsi is replaced by the newly allocated
P-TMSI. This can confuse the gbproxy, which can loose track of the
logical link then. At least a Blackberry emits a double set of RA Upd
Req messages from time to time which may be just 20ms apart.
This patch adds a check whether mm->ptmsi or mm->old_ptmsi are set.
If both are set, the P-TMSI is not re-allocated. This is only the
case, when the Complete message has not been received yet, since that
message will reset old_ptmsi.
Sponsored-by: On-Waves ehf
|
|
Currently when a Detach Accept is received for an unknown TLLI (which
is in general the case afer the SGSN has requested the detachment),
an XID reset is sent to the BSS, causing a BSSGP Status message. This
happens in gsm0408_rcv_gmm.
This patch moves the corresponding call to gprs_llgmm_reset downwards
so that it is not being called in that case.
Addresses:
SGSN->BSS TLLI: 0xd75b91d9 SAPI: LLGMM, UI (DTAP) (GMM) Detach Request
BSS->SGSN TLLI: 0xd75b91d9 SAPI: LLGMM, UI (DTAP) (GMM) Detach Accept
SGSN->BSS TLLI: 0xd75b91d9 SAPI: LLGMM, U, XID (Reset, IOV-UI)
BSS->SGSN TLLI: --- BSSGP STATUS (Unknown MS)
Sponsored-by: On-Waves ehf
|
|
Currently, the LLME is not cleaned up after sending an RA Update
Reject. This happens after entering a routing area from outside,
since in that case the SGSN sends an RA Update Reject (implicitly
detached) which causes the MS to restart the attach procedure.
The LLME is also not updated if an Attach Request with message errors
(encoding, invalid MI type) is received or if an MM context cannot be
allocated.
This patch changes gsm48_rx_gmm_ra_upd_req and gsm48_rx_gmm_att_req
to unassign the LLME or free the MM context (if available) after a
Reject message has been sent.
Ticket: OW#1324
Sponsored-by: On-Waves ehf
|
|
Currently the VTY 'auth-policy' command results in setting or clearing
the acl_enabled flag. This also enables the matching of the MCC/MNC
prefix of the IMSI.
This patch adds an additional policy 'acl-only' which disables the
MCC/MNC matching and relies on the ACL only.
Sponsored-by: On-Waves ehf
|
|
This patch adds some basic SGSN tests to vty_test_runner.py:
- check for config tree nodes
- check specific show commands
Sponsored-by: On-Waves ehf
|
|
Currently the authorization of an IMSI is done by checking ACLs
synchronously which is not feasible when the subscriber data has to
be retrieved from an external source.
This patch changes this by using a callback when the information is
available. This is also done when only ACL are checked, in this case
the callback is invoked from within sgsn_auth_request(). The callback
function sgsn_update_subscriber_data calls sgsn_auth_update which
in turn calls either gsm0408_gprs_access_granted or
gsm0408_gprs_access_denied. gsm48_gmm_authorize is extended by a call
to sgsn_auth_request when IMSI and IMEI are available but the
auth_state is unknown.
The change has been successfully tested with single phones (E71 and
IPhone 5c).
Sponsored-by: On-Waves ehf
|
|
Currently the IMSI is only checked immediately when an Attach Request
is received that contains an IMSI IE. If it contains a P-TMSI
instead, access is always granted.
This commit moves the IMSI check to gsm48_gmm_authorize where it is
applied when IMSI and IMEI have been acquired. This fixes the
authorization when the Attach Accept doesn't contain an IMSI.
Sponsored-by: On-Waves ehf
|
|
Currently when forceing a reattach by sending a Detach
Request (reattach), the SGSN waits for the Detach Accept until it
frees the MM context (if present) and the LLME. If that message gets
lost or isn't sent by the MS, the LLME is never freed if it isn't
bound to an MM context.
This patch adds code to free the MM context/LLME when forcing a
reattachment.
Sponsored-by: On-Waves ehf
|
|
This patch replaces gsm0408_gprs_force_reattach(msg, mmctx) by two
functions
- gsm0408_gprs_force_reattach(mmctx)
- gsm0408_gprs_force_reattach_oldmsg(msg)
The old function basically consists of the code of the two new
functions, where the code path selected depends on mmctx == NULL,
which is harder to maintain, less obvious to use, and not consistent
with many other SGSN functions.
Sponsored-by: On-Waves ehf
|
|
Currently the MM context isn't always removed when it is
de-registered (mmctx_timer_cb), mm_state is set to GMM_DEREGISTERED
instead. This can lead to left-over MM contexts which are only
cleaned up if the MS reattaches.
This patch replaces all of these assignments by a call to
mm_ctx_cleanup_free.
Ticket: OW#1324
Sponsored-by: On-Waves ehf
|
|
Currently the GMM state is set to GMM-REGISTERED when an Attach
Accept or a RA Update Accept message is sent, even if a new P-TMSI is
included. In this case 04.08 requires (see 4.7.3.1.3 and 4.7.5.1.3),
that the state is set to GMM-COMMON-PROCEDURE-INITIATED when the
Accept is sent. When the Complete is received, the SGSN shall set
the state to GMM-REGISTERED.
This patch modifies the state updates accordingly.
Sponsored-by: On-Waves ehf
|
|
Currently the order of the 'if' clauses in gsm48_gmm_authorize
doesn't match the order in which the conditional parts are entered.
This makes it difficult to maintain. In addition the t3350_mode is
not stored in every path, so that this information is lost when the
identification procedure is started. Since the default value
coincidentally is GMM_T3350_MODE_ATT, this doesn't hurt for Attach
Requests which are the only messages that initially trigger the
authentication yet.
This patch changes the order of the 'if' clause to match the
processing order, it removes the t3350_mode parameter entirely and
introduces a mm->pending_req field. The latter must be set when the
request that causes the authorization before calling
gsm48_gmm_authorize. The gprs_t3350_mode enum is extended by
GMM_T3350_MODE_NONE (value 0, which is the default) to make it
possible to detect related initialisation errors or race conditions.
Sponsored-by: On-Waves ehf
|
|
Since it is planned to use struct gsm_subscriber to manage subscriber
data in the SGSN, this file which contains the generic subscriber
related methods is moved to libcommon.
Sponsored-by: On-Waves ehf
|
|
Currently libcommon depends on libbsc, because gsm_network_init
(libcommon/gsm_data.c) directly calls gsm_net_update_ctype
(libbsc/gsm_04_08_utils.c).
This patch moves gsm_network_init to a new file libbsc/net_init.c.
Sponsored-by: On-Waves ehf
|
|
This test checks the attach procedure until the Attach Complete is
received.
Note that authorization and GMM state updates are not working
properly yet.
Sponsored-by: On-Waves ehf
|
|
This replaces serveral occurences of duplicated code for message
creation and sending (passing to gsm0408_gprs_rcvmsg) into a single
function. In addition, the sgsn_tx_counter is always reset within
send_0408_message to simplify the code that checks for the number of
messages sent.
Sponsored-by: On-Waves ehf
|
|
Currently gbproxy_make_sgsn_tlli always returns a foreign TLLI when
it uses the (SGSN) P-TMSI to generate one.
This patch changes the implementation to return a SGSN TLLI of the
same type like the BSS TLLI in that case.
Sponsored-by: On-Waves ehf
|
|
* osmo-bsc and osmo-bsc-mgcp are needed to run
* with Wants, both are started but can be indepently
controlled via systemctl
Fixes: SYS#738
|
|
Allow to set the LAC of the BTS through the CTRL interface.
The change will not be effective immediately.
Fixes: SYS#738
|
|
Currently the sign_link pointer is dereferenced after a call to
osmo_signal_dispatch, which can indirectly call
e1inp_sign_link_destroy. If that happens, accessing *sign_link is
illegal and can lead to a segmentation violation.
Since only the bts pointer is needed from sign_link after the call to
osmo_signal_dispatch, this patch changes abis_nm_rcvmsg_fom to save
that pointer to a local variable earlier.
Addresses:
<0019> input/ipa.c:250 accept()ed new link from 192.168.1.101 to port 3002
SET ATTR NACK CAUSE=Message cannot be performed
<0005> bsc_init.c:52 Got a NACK going to drop the OML links.
<001b> bsc_init.c:319 Lost some E1 TEI link: 1 0xb351a830
=================================================================
==13198== ERROR: AddressSanitizer: heap-use-after-free on address 0xb5d1bc70 at pc 0x80a6e3d bp 0xbfbb33d8 sp 0xbfbb33cc
Sponsored-by: On-Waves ehf
|
|
In case a BTS is being bootstrapped and one TS can not be
activated prevent the whole BTS from coming up.
When the OML activation is not being done the rest of the BSC
code still assumes these logical channel(s) to be available
and one will see channel activation issues that might be hard
to debug.
Instead of having a half-configured system up and running,
keep the BTS offline.
|
|
They return nothing and not int.
|
|
Add new test message sequences:
- Normal attach (with IMSI) after detach (ok)
- Normal attach (with local TLLI) after detach (ok)
- Unexpected attach (with IMSI) after successful TLLI validation (fails)
- Unexpected attach (with P-TMSI) after successful TLLI validation (fails)
Ticket: OW#1324
Sponsored-by: On-Waves ehf
|
|
The command definition delete_gb_link_by_id_cmd lacks a description
for the sgsn-nsei token.
This patch adds the missing description.
Addresses:
Verifying src/gprs/osmo-gbproxy -c doc/examples/osmo-gbproxy/osmo-gbproxy.cfg, test verify_doc
Documentation error (missing docs):
<command id='delete-gbproxy-link <0-65534> (tlli|imsi|sgsn-nsei) IDENT'>
<param name='IDENT' doc='(null)' />
Sponsored-by: On-Waves ehf
|
|
Currently the LLME is not deleted when a GMM Status message is
received for which a mmctx cannot be found. This can fill the LLME
list with unneeded entries.
This patch adds code to unassign the LLME in that case.
Ticket: OW#1324
Sponsored-by: On-Waves ehf
|
