aboutsummaryrefslogtreecommitdiffstats
path: root/openbsc
AgeCommit message (Collapse)AuthorFilesLines
2016-11-16rbs2000: Add missing bts feature definitionsPhilipp1-0/+2
function bts_model_rbs2k_start() in bts_ericsson_rbs2000.c lacks the feature definition for GPRS and EGPRS. Change-Id: I777a67862084aa6cca39cfc43f5708e47608b0e6
2016-11-15abisip-find: use protocol constantMax1-2/+2
Use library define instead of directly using hardcoded value. Change-Id: Ie9b8bc55bf40cf005434f27e205d47ffab959413
2016-11-15SNDCP: Fixup based on Coverity Scan suggestionPhilipp1-1/+1
This commit fixes Coverity Scan defect: CID 151900: Null pointer dereferences (FORWARD_NULL) Passing null pointer "comp_field->v42bis_params->nsapi" to "memcpy", which dereferences it. Change-Id: Iff83e21168a267dd4b4c401ab7c603e029b3ac39
2016-11-15test/gbproxy: Test for possible memory corruption when link_info is freedDaniel Willmann2-0/+276
This test is to trigger the use-after free issue in commit bff7b0d80972. If compiled with address-sanitizer the test will abort without the fix. Change-Id: I5e8c6626ba43342740f08d699383bdded739079f Ticket: OW#3049 Sponsored-by: On-Waves ehf
2016-11-15gbproxy: Check whether gbproxy_update_link_state_after() deletes the link_infoDaniel Willmann3-13/+27
In case the link_info is deleted we have to stop handling the stored messages inside link_info. Not doing so can lead to invalid memory being accessed. Change-Id: Ieb8503e9e94e7a5ac450ad8aa1713ec4f21cdea5 Ticket: OW#3049 Sponsored-by: On-Waves ehf
2016-11-13OM2000: CON MO: Allow larger range for CCP and CI valuesHarald Welte1-2/+2
it seesm more recent RBS2000 models have much larger CCP and CI value ranges than those of older models. Change-Id: Ib116c1fac901b293929fce34223d1fd0af15d2bc
2016-11-13Support configuration of CON MO Groups/Paths from VTYHarald Welte5-69/+235
The code for supporting the configuration of the OM2000 CON (LAPD Concentrator) MO was so far incomplete and not used from the OM2000 FSM initialization. This patch adds * VTY commands for configuration of CON Groups and Paths * The FSM integration to actually configure the CON MO Change-Id: I56dc1b5e35adef3a2078bcf9536537eb0f454192
2016-11-11RBS2000: Ensure the is-connection-list command is only used on RBS2000Harald Welte1-0/+6
... and not on other BTS models. Change-Id: I8882ca9a9ab974b0bbdcbd5c3bab0eadf4bc0927
2016-11-11RBS2000: Avoid segfault if ts->lapd instance doesn't existHarald Welte1-0/+2
This happens e.g. with DAHDI driver, when the DAHDI device cannot be opened. Let's not prematurely seg-fault early in the RBS2000 signal handler, but take the proper error handlign for this. Change-Id: I9223fb1568d3db7e278f07240c4be334c6602a13
2016-11-11bs11_config: remove compiler waring about unused variableHarald Welte1-2/+2
bs11_config.c:78:22: warning: ‘too_fast’ defined but not used [-Wunused-const-variable=] static const uint8_t too_fast[] = { 0x12, 0x80, 0x00, 0x00, 0x02, 0x02 }; ^~~~~~~~ Change-Id: I1fdb9645128c2dfeb489bf75e89ab0adea919d2b
2016-11-11talloc_cxt: Fix compiler warning / missing #includeHarald Welte1-0/+1
talloc_ctx.c: In function ‘talloc_ctx_init’: talloc_ctx.c:40:2: warning: implicit declaration of function ‘msgb_talloc_ctx_init’ [-Wimplicit-function-declaration] msgb_talloc_ctx_init(ctx_root, 0); ^~~~~~~~~~~~~~~~~~~~ Change-Id: Ib8ebc02d5cf0d2b4019473d3750ae7c6f8a32896
2016-11-10OM2000: disallow ip.access style TCH/F_PDCH pchan typeNeels Hofmeyr1-0/+9
For TCH/F_PDCH, return an invalid chan comb (0) and print an error message that hints at the proper pchan type to use instead: TCH/F_TCH/H_PDCH Change-Id: Ibe0f944573f0a6d1be4bf7cf4986c4b2b3bd6d0d
2016-11-10OM2000: for TS conf of dyn TS, always send TCH/F chan combNeels Hofmeyr1-5/+1
When OM2K sets up the timeslots with the BTS, the dynamic channel state is not yet resolved to any particular pchan type. Instead of using the dyn state, always advertise dynamic timeslots as pchan2comb(TCH/F). In the past, the Ericsson dynamic timeslots were handled as pchan type TCH/F_PDCH. This is a mistake, as this pchan type is intended for the ip.access dynamic PDCH way of dynamic channels. In any case, in the initial state of this pchan type, the timeslot was initialized as pchan2comb(TCH/F) because the ts->flags do not reflect an active PDCH yet. In short, this patch does not change the behavior of TCH/F_PDCH timeslots, only clarifies it. It would in fact make sense to disallow use of TCH/F_PDCH for OM2K, but that should probably be a separate patch. The proper pchan to use for Ericsson dynamic timeslots is TCH/F_TCH/H_PDCH. These do not use ts->flags, but ts->dyn.* as state, which first reflects pchan_want == pchan_is == GSM_PCHAN_NONE. Hence the timeslot was initialized by OM2K as pchan type zero, which is unknown / invalid. So, instead of using pchan_is, which is not yet reflecting anything meaningful, always initialize as TCH/F chan comb, as Ericsson hardware apparently expects it. Change-Id: If0693f7c5c85977b0e4acbc701ee5d635434d0d1
2016-11-10fix use after free in bsc_config_freeNeels Hofmeyr1-1/+1
talloc_free the cfg only after asserting num_bsc count sanity. This caused a failure in the 'bsc-nat' test with -fsanitize build. Should fix the Osmocom_Sanitizer build on jenkins.osmocom.org https://jenkins.osmocom.org/jenkins/job/Osmocom_Sanitizer/ Change-Id: Ic20aacaccffcaa58ccec6d24c884727dc1bc50e6
2016-11-09OM2000: Throw error when MO can not be enabledPhilipp1-0/+10
Throw warning message in case the MO state does not change to enabled after sendeing an Enable-Request message. Change-Id: Idfde8d6f71526e8acfea51835732515a4bee858e
2016-11-09om2000: added support for ericssons sabm negotiationPhilipp1-0/+3
This patch adds support for ericssons sambm negotiation. This patch depends on libosmo-abis commit: 2788c7eacab91cd39d68e316fc8ee87763bbfeb4 Change-Id: I56b1c1cef07a61143fc0e8058480805cddfeff96
2016-11-09OM2000: Add fault report parsingPhilipp1-1/+129
This patch adds parsing for OM2000 MO fault report map parsing, the bits in the fault maps are counted out and displayed. Change-Id: I6e2928f39b09bc08e9ab78bc10bc81e07f7eb55d
2016-11-09RBS2000: re-establish any lost signalling linksHarald Welte1-0/+12
Contrary to standard A-bis, in the RBS2000 case the BSC connects the signalling data links (LAPD) to the BTS. In case one of them drop, we need to attempt to re-establish them. This requires libosmo-abis with Change-Id I07f0f79e0cda09766f357032ffb4e7ad643d448a Change-Id: I710b5af5d0acbdd3febd314849340f2adb7abd80
2016-11-09om2000: Add support for querying RBS capabilitiesroot3-0/+28
Change-Id: Id1fbaf41286f3651ce8f210eb8da05fb51179c96
2016-11-09lchan: Release channel in case of late activation ackHolger Hans Peter Freyther1-3/+28
In case of the sysmoBTS and receiving a channel activation ack on a channel that was marked as broken, release it again. Use a normal release without SACCH deactivation and release the rqd_ta data. Also add a local variable 'ts' to shorten some lines. The typical situation where this would occur is with high latency between BTS and BSC (or NITB). If a channel activation ack does not arrive in time, a channel is marked broken, and never recovers after that. This patch will release the channel again, which will remove the BROKEN_UNUSABLE state and makes lchan available again. Reported by Rhizomatica. However, in case of packet loss, i.e. when the channel activation ack never arrives at the BSC, this patch does not provide a resolution of the BROKEN_UNUSABLE state. On dynamic timeslots: clearing the dyn ts state could possibly happen in lchan_free() instead of in rsl_rx_chan_act_ack(). That's to be done in a separate patch, if at all. Tweaked-By: nhofmeyr Change-Id: I63dc0deaf15ba7c21e20b1e0c7b85f0437e183ed
2016-11-09SGSN: Use dummy all-zero MSISDN value in PDP Context Act on GTPHarald Welte1-1/+14
The GTP protocol specification requires us to include the MSISDN IE in all non-secondary PDP context activations. However, when no real HLR is used (e.g. via GSUP), we do not have the MSISDN information available and so far simply sent a zero-length MSISDN IE in GTP. The latter is a violation of the spec. So to resolve this, we now send a 15-digit all-zero dummy MSISDN IE, as described in TS 23.003. Change-Id: I8d0a5d52d6cd2a00b5dda060bd41d45056dfa84d
2016-11-09OM2000: Fix state machien for CF/TRXC on START ResultHarald Welte1-1/+1
When receiving the 'Start Result' message, for CF and TRXC MO we directly transition to performing the Operational Info. In that case, we need to return after sending the Operational Info and skip the usual processing for the default case below. Change-Id: I99860d198b337ffe461b240bda20dc10e1b5b2cb
2016-11-08WIP: OM2000: Full state machine implementation using osmo_fsmHarald Welte4-286/+1132
Our existing OM2000 code for initializing all Managed Objects of a BTS at startup was never complete. Rather than trying to fix the old-style code, introudce a hierarchy of osmo_fsm's reflecting the full protocol hand-shake and sequence of bringing up the individual MO's. If this works out well, it mihgt make sense to convert the TS 12.21 OML code for other BTS models, too. Change-Id: I3e11b28ba22b8c227e0401e6207fdda5381dda8c
2016-11-03bsc_vty: include dyn TS info in vty show lchanNeels Hofmeyr1-3/+53
Extend both 'show lchan <bts> <trx> <lchan>' and 'show lchan summary' to include information on dynamic timeslots. Have one common function that prints " as foo" or " switching foo -> bar" to the vty, use it in lchan_dump_full_vty() and lchan_dump_short_vty(). In lchan_dump_short_vty(), split the vty_out call in two in order to interleave the dyn ts info right after the pchan. The summary hence looks e.g. like this for osmocom style dyn ts: BTS 0, TRX 0, Timeslot 5 TCH/F_TCH/H_PDCH as PDCH, Lchan 0, Type NONE, State ACTIVE - L1 MS Power: 0 dBm RXL-FULL-dl: -110 dBm RXL-FULL-ul: -110 dBm or BTS 0, TRX 0, Timeslot 4 TCH/F_TCH/H_PDCH switching NONE -> PDCH, Lchan 0, Type NONE, State BROKEN UNUSABLE - L1 MS Power: 0 dBm RXL-FULL-dl: -110 dBm RXL-FULL-ul: -110 dBm Change-Id: I3eb72ac7f0a520a8eefe171b9fb357f149aa3fda
2016-11-02log: count_codecs(): drop logging of non-TCH lchan typesNeels Hofmeyr1-3/+0
count_codecs() is called on every chan act ack, also for channels other than TCH/F and TCH/H. So this logging happens a lot during normal operation but adds no real information. Also, RSL would be the wrong logging category for this -- RSL is about the RSL communications, not whether our internal code tries to count lchan codecs for the wrong channel types. Change-Id: Ibdac3bbe48745fe6a1c31d6f87369c9066c0374a
2016-11-02mncc_builtin: Properly reject DTMFlynxis/masterHarald Welte1-0/+2
As per TS 23.014, a GSM MSC must implement mobile-originated DTMF generation. We gate the DTMF signalling messages to MNCC, and expect the external MNCC handler to deal with it. However, the internal MNCC handler simply ignored such singalling messages, rather than rejecting DTMF altogether. It turns out failure to respond to START DTMF will cause some phones to behave in interesting ways, particularly with modem firmware v6.01.00, see https://osmocom.org/issues/1817). In this case the phone is not able to release the call as the pending response to the START DTMF is probably keping a reference or lock of some sort. Change-Id: I336f0cd0a6396b522d228479a417fd4d606157ac
2016-11-01Cosmetic: Add missing switch to usage helpPhilipp1-0/+1
Adds the -p --pcap option to the help text. Change-Id: I3e763c30ca13bc51c8b72af8a94558c92439f109
2016-11-01gsm0408: Adding log output for 3g specific RR messagesPhilipp2-7/+11
GSM 04.18, which is the successor of GSM 04.08, describes additional RR 3g specific message types. This commit adds log output for those messages. The behaviour is not changed all affected message types are still forwared to the MSC as they were before. See also 3GPP TS 04.18, section 10.4, table 10.4.1 The change requires to update libosmocore as well, see also commit f48fdb3a108da0dc23d7af4ac021e98e11f07152 in libosmocore.git for details. Change-Id: I41f2242fdf59c3eb4b3f8f7f003c17f7e0df01aa
2016-11-01OML: Improve OML attribute handlingPhilipp12-221/+638
the OML attribute tables are hardcoded. To set variable parameters, the hardcoded data structure (tlv) is patched on byte level during runtime. This patch replaces this mechanism. - Replace hardcoded OML attribute tables with dynamically generated TLV structures. - Add unit tests to check if the OML attribute tables are generated correctly - Put OML attribute table generator code in a separate file: bts_ipaccess_nanobts_omlattr.c Change-Id: Ibeb34a84912d6cf695f553a34c69320fca7d08fa
2016-11-01Decrease count_codecs logging verbosityMax1-2/+2
Use channel type name instead of number and log it with DEBUG facility otherwise it produces lots of irrelevant messages for SDCCH* Change-Id: I11b04e0cb02bf6ed01f6076cb31a56d8921d735e
2016-10-30info log: iu: add line break to and tweak rx RAB Ass Resp logNeels Hofmeyr1-3/+2
Change-Id: I50e701493f3951a43506cc37753a30d47f8d601f
2016-10-28sndcp: Fixups for sndcp layer based on coverity-scan suggestionsPhilipp5-13/+18
- missing break in gprs_sndcp_pcomp.c, line 143 - string overflow in slhc_test.c, line 211 - sizeof mismatch in gprs_sndcp_xid.c, line 1369 and 1378 - mismatching signedness in gprs_sndcp_xid.c, line 1377 - needless < 0 comparison in gprs_sndcp_xid.c, line 477 - needless < 0 comparison in gprs_sndcp_xid.c, line 209 - missing returncode check in v42bis_test.c, line 320 - wrong pointer dereferentialization in gprs_sndcp_comp.c, line 73 Change-Id: I4f9adf251f5119e67ffe76baad6f1f996ac8dbad
2016-10-28DTX DL: Add FACCH cacheMax1-0/+3
When DL DTX is active and silent period is in progress dtx.cache is populated by SID UPDATE message which about to be scheduled next. If at that moment FACCH message arrives (which have higher priority) we have to send ONSET message to L1 but we can't invalidate cache with SID UPDATE as it will be used for SID FIRST message to resume silent period after FACCH transmission is over (provided there were no incoming voice in between). Hence the necessity for separate buffer to store content of FACCH message while we're sending ONSET to L1 while keeping SID UPDATE cached. Change-Id: I316e81af893b24766bf259baaed7a0be75a11694 Related: OS#1801
2016-10-27bsc: count the usage of codec by setting the lchan activeAlexander Couzens2-0/+47
We count the codec when the channel was successful setted up Using sign_link->trx->bts instead of msg->trx to get the bts. Add OSMO_ASSERT for bts within count_codecs() Change-Id: Ib49c7c337980a7d6f189d7a0551ca2e4c3822f45
2016-10-18Replace magic number with defineMax2-1/+5
Value 4 used as magic number by both OpenBSC and OsmoBTS so it make sense to add it to shared header. See ebb483b69a5319e522ba5f713e9cb6f68a814a6a in osmo-bts for details. Change-Id: I9c6ad68f4c6aa72d39ec7e5a6968b36ec20e79f4
2016-10-14fix mistypes, spaces and tabsAlexander Couzens3-17/+17
Change-Id: I651473f638365bbd333c4c80d223cdd023dd2c51
2016-10-13msgb ctx: use new msgb_talloc_ctx_init(), don't access talloc_msgb_ctxNeels Hofmeyr5-13/+7
Drop extern definitions of talloc_msgb_ctx and use msgb_talloc_ctx_init() instead. In sgsn_test.c, use a local variable msgb_ctx to do the talloc report from the return value of msgb_talloc_ctx_init(). Change-Id: I2f9ace855f0ecbdc9adf5d75bcb1a3d666570de4
2016-10-13msgb talloc ctx: initialize in all main() scopesNeels Hofmeyr15-0/+20
Add msgb_talloc_ctx_init() call to many main() functions still lacking a msgb talloc context. Change-Id: Ib0d6751260659cabf18a7ce80680ba2fb4228ea1
2016-10-13gtphub_test.c: remove unused include of msgb.hNeels Hofmeyr1-1/+0
Change-Id: I7a8003a0e0bff803941d7981ffc07cf78c3ae9a9
2016-10-13meas_pcap2db.c: remove unused include of msgb.hNeels Hofmeyr1-1/+0
Change-Id: I2197432c9482537bd5cf06a6c4fc912607ffab53
2016-10-13bs11_config: initialize bs11 tall ctx, use instead of bsc ctxNeels Hofmeyr1-0/+2
Actually initialize tall_bs11cfg_ctx as named const. Change-Id: I3b42b29cd1a688cb4c9d1d4e44208509d936e4ef
2016-10-13ipaccess-config: initialize root talloc ctx with nameNeels Hofmeyr1-0/+2
tall_ctx_config is defined but remains NULL. Instead initialize as named const. Change-Id: Iec708eda2e4f8eb88b9e5bc5f82f6342709760b1
2016-10-13Log use of incompatible BS-AG-BLKS-RES valueMax1-2/+7
There's "channel-descrption bs-ag-blks-res" vty command which sets BS-AG-BLKS-RES which might be too high if CCCH is combined with SDCCHs. Previously proper value was silently enforced. Log this situation explicitly and add spec reference to the comment. Change-Id: I53e2b881fc28472d6709f063fb265a4e6a0fffcd
2016-10-12DTX DL: use FSM for AMRMax1-12/+9
- consolidate all DTX-specific things in a separate struct - rename struct fields to better reflect meaning - add pointer to DL FSM for AMR - remove unused flag - expand buffer to hold cached payload alongside with CMR/CMI Change-Id: Idac8609faf9b5ced818fde899ccfc6ed0c42e8fd
2016-10-10gsm_trx_name(): don't break if trx is NULLNeels Hofmeyr1-2/+5
Just as a general precaution deemed to fit such a convenience function that lives in libcommon, no actual failure observed. Change-Id: I8e77fe1abc402469fd037e2fde2f46e2c8114f59
2016-10-10abis_rsl_rx_dchan(): guard against lchan_lookup() returning NULLNeels Hofmeyr1-0/+2
Found this by coincidence, no actual failure case was observed. lchan_lookup() does have a return NULL code path, so we should not blindly use its returned pointer. Change-Id: I34ce126d36420b8194c88c0faa865294334a6658
2016-10-10Revert "bsc: count the usage of codec by setting the lchan active"Neels Hofmeyr2-45/+0
This reverts commit 38e9ea3f7f385c6660c5958970af5c71adc1682b. Introduced a reproducable segfault, because msg->trx is not actually set/used in the openbsc code paths. Program received signal SIGSEGV, Segmentation fault. count_codecs (lchan=0x1, bts=<optimized out>) at ../../../src/libbsc/abis_rsl.c:104 104 rate_ctr_inc(&bts->network->bsc_ctrs->ctr[BSC_CTR_CODEC_V1_FR]); (gdb) bt #0 count_codecs (lchan=0x1, bts=<optimized out>) at ../../../src/libbsc/abis_rsl.c:104 #1 0x0000000000425661 in abis_rsl_rx_dchan (msg=<optimized out>) at ../../../src/libbsc/abis_rsl.c:1516 #2 abis_rsl_rcvmsg (msg=0x8143f0) at ../../../src/libbsc/abis_rsl.c:2611 #3 0x00007ffff71420d0 in handle_ts1_read (bfd=<optimized out>) at ../../src/input/ipaccess.c:271 #4 ipaccess_fd_cb (bfd=0x815af8, what=1) at ../../src/input/ipaccess.c:386 #5 0x00007ffff7779b62 in osmo_fd_disp_fds (_eset=0x7fffffffe590, _wset=0x7fffffffe510, _rset=0x7fffffffe490) at ../../src/select.c:149 #6 osmo_select_main (polling=polling@entry=0) at ../../src/select.c:189 #7 0x0000000000406fac in main (argc=<optimized out>, argv=0x7fffffffe738) at ../../../src/osmo-nitb/bsc_hack.c:385
2016-10-05DTX: add flag for AMR HR P*Max1-0/+5
Add flag to explicitly track the state of DTX DL for AMR HR whe SID_FIRST_P1 has been sent to L1 already but no next frame available yet: this can be followed by SID_FIRST_P2 or SID_FIRST_INH depending on arrival of voice frame within next 60 ms. Change-Id: Id28b07b8e83cfe5e84de48a2f124084036580cd4
2016-10-05DTX: extend SID cacheMax1-1/+1
In addition to RTP payload SID cache got to store CMR/CMI prefix. Extend the buffer so it can fit in. Change-Id: Ibd4a63604a82cad3ce65f0752bffefa4b083e1b3 Fixes: Coverity CID#149508
2016-10-04gprs/gprs_llc: count UI frames over SAPI in the statisticsAlexander Couzens1-0/+3
Change-Id: I5f38d70e046ce9ca1342e6f862329dc3cded8995