| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
To be able to tell at all which DB query failed without introspecting the code
in gdb or similar, wrap the database query functions in local shims that log
the SQL.
Related: OS#2667, OS#2706
Change-Id: I4171dad8ffffbf634a75dedde752d82c51ff7803
|
|
Change-Id: Id91a4299391ff0d0e4e28ed05c2f755b9702146a
|
|
Change-Id: I5157d6c6d0aab469011ea648369f8e743e2cb085
|
|
In case of UMTS AKA, the Kc for ciphering must be derived from the 3G auth
tokens. tuple->vec.kc was calculated from the GSM algorithm and is not
necessarily a match for the UMTS AKA tokens.
So far we were always sending the Kc retrieved from osmo-hlr. If the 2G auth
algo is set to milenage, the 2G Kc coincides with the one derived from 3G
tokens, but if 2G is set to a different algorithm, the Kc received from the
osmo-hlr is not usable for ciphering when UMTS AKA was used for authentication
(on R99 capable GERAN and MS).
Implementation: To decide whether to use UMTS AKA derived Kc or the Kc from the
auth vector, use the umts_aka flag added to set_ciph_mode() in a previous
patch. Use osmo_auth_c3() to derive the GSM AKA Kc from the UMTS AKA CK and KI.
Related: OS#2745
Requires: I85a1d6ae95ad9e5ce9524ef7fc06414848afc2aa (libosmocore)
Change-Id: If04e405426c55a81341747a9b450a69188525d5c
|
|
Change-Id: Icb5b7dbbca3ca0db3d80a4b693c57c6d67fd823e
|
|
Change-Id: If27899c90b7c79f25cd5fd5e2429cb3012d69744
|
|
In case of UMTS AKA, the Kc for ciphering must be derived from the 3G auth
tokens. tuple->vec.kc was calculated from the GSM algorithm and is not
necessarily a match for the UMTS AKA tokens.
To decide (in an upcoming patch) whether to use UMTS AKA derived Kc or the Kc
from the auth vector, the set_ciph_mode() from vlr_ops needs to know whether
UMTS AKA is being used. This could possibly derived from the msc_conn_ref, but
all flags are already available in the vlr_lu_fsm and vlr_access_req_fsm. Hence
add a umts_aka flag to the set_ciph_mode() callback invocation. The VLR FSMs
thus decide whether UMTS AKA or GSM AKA is to be used during Ciphering Mode
Command, which makes more sense than re-implementing the same decision process
in the MSC.
I considered placing the Kc derivation in vlr_set_ciph_mode() and only tell the
MSC's set_ciph_mode() implementation the precise keys it should use, but the
RAN particulars, and whether a Kc is used at all, rather belong with the MSC.
Related: OS#2745
Prepares: If04e405426c55a81341747a9b450a69188525d5c
Change-Id: I983c48347faf4ee1b405d8174b4e006c904157cf
|
|
During Set Ciphering Mode on GERAN, it is required to know whether UMTS AKA is
used to decide which Kc to pick. Change static function is_umts_auth() into
public vlr_use_umts_aka(), so future patches can re-use it.
Prepares: If04e405426c55a81341747a9b450a69188525d5c
Change-Id: I85d784c62ecbabdb6186a3dae4dcd554e7921041
|
|
a_iface_tx_cipher_mode() is a bit too far away from the VLR to be handling its
ciphering enums. Instead, construct the gsm0808_encrypt_info in the
msc_vlr_set_ciph_mode() callback.
Greatly simplify the sanity checking code: a_iface_tx_cipher_mode() no longer
needs to re-verify the presence of the gsm0808_encrypt_info contents.
Change-Id: Id46f9a513b555d0a481f7124c9984c2b5b196b3e
|
|
The bit shifting is performed in gsm0808_enc_encrypt_info(), and must not be
done when populating the gsm0808_encrypt_info struct.
Provide vlr_ciph_to_gsm0808_alg_id() to translate the enum vlr_ciph to the
GSM0808_* constants we need to put in the gsm0808_encrypt_info struct instead.
Related: OS#2745
Change-Id: If75f95e8a5cc8b9979610ce6d746c1f0073ee39a
|
|
Change-Id: Ib19dfd7255bda01ebace62386df4ec89697d9d14
|
|
DLSMS logs SMS pointers, so is not suitable for logging them always. Allow
logging for manual invocation, though.
Change-Id: I1b7d2fd3fb38bf50eeabd6f7ef736d70a17de7a6
|
|
Introduce LOGPCONN() which would also be useful in numerous other places in
this file.
Change-Id: Ib406d6e6784342341e716206997e382c702ac9d2
|
|
Change-Id: I3b8baa9a259704e719ce7f12776f2d2125ebdef0
|
|
Change-Id: I4918b8a8a6f4cbe783f588ebe68a2cf1e7e50ae2
|
|
Apparently, since libdbi 0.9.0 aka 0.9.0-5 on debian-testing, osmo-msc barfs
numerous libdbi warnings whenever a query rightfully returns no rows.
Trivially query whether there are any rows first by adding an inline wrap
function next_row().
Silenced:
DDB <000d> ../../../../src/osmo-msc/src/libmsc/db.c:188 DBI: -6: An invalid or out-of-range index was passed to libdbi
DDB <000d> ../../../src/libosmocore/src/backtrace.c:47 backtrace() returned 11 addresses
DDB <000d> ../../../src/libosmocore/src/backtrace.c:57 /usr/local/bin/osmo-msc(+0xfb81) [0x555555563b81]
DDB <000d> ../../../src/libosmocore/src/backtrace.c:57 /usr/lib/x86_64-linux-gnu/libdbi.so.1(_error_handler+0x99) [0x7ffff63f5c39]
DDB <000d> ../../../src/libosmocore/src/backtrace.c:57 /usr/lib/x86_64-linux-gnu/libdbi.so.1(dbi_result_next_row+0x3d) [0x7ffff63f785d]
DDB <000d> ../../../src/libosmocore/src/backtrace.c:57 /usr/local/bin/osmo-msc(+0x11172) [0x555555565172]
DDB <000d> ../../../src/libosmocore/src/backtrace.c:57 /usr/local/bin/osmo-msc(+0x1e6bc) [0x5555555726bc]
DDB <000d> ../../../src/libosmocore/src/backtrace.c:57 /usr/local/bin/osmo-msc(+0x1e7f6) [0x5555555727f6]
DDB <000d> ../../../src/libosmocore/src/backtrace.c:57 /usr/local/bin/osmo-msc(+0x1f1d2) [0x5555555731d2]
DDB <000d> ../../../src/libosmocore/src/backtrace.c:57 /usr/local/bin/osmo-msc(+0xbb86) [0x55555555fb86]
DDB <000d> ../../../src/libosmocore/src/backtrace.c:57 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1) [0x7ffff5cfe561]
DDB <000d> ../../../src/libosmocore/src/backtrace.c:57 /usr/local/bin/osmo-msc(+0xbfba) [0x55555555ffba]
Related: OS#2667
Change-Id: Ib8993c8db171d1e845a6297deef137d18506cda3
|
|
Related: OS#2706
Change-Id: I793a3863e6f4ccbabafc7dabaff97a8c79bbd8e0
|
|
When the subscriber has no MSISDN, we might construct an invalid SQL statement
such as
... AND dest_addr= AND ...
Instead, don't even query for empty MSISDNs.
Related: OS#2706
Change-Id: I7d6169d774b2da04b3051957e364fe620feed51e
|
|
Related: OS#2522
Change-Id: If7e1af11cdac8587bb4d66fb4eacee4b79945359
|
|
Change-Id: I67b5d797a80b55e01dcdbb8c782748b049cf9199
|
|
The commandline option -m has already been deprecated before the
split. Use the split as an opportunity to get rid of this option.
Change-Id: Ie23d492a839aae85470e39b0d0ad8f57b0d38f7e
|
|
The lchan related struct members do not serve any useful purpose
in the msc code, since the lchan concept is not in the scope of
osmo-msc. However, if removed te struct size will change which
will lead into shortened protocol messages as well. This is
is detected by osmo-sip-connector and eventually leads into
a reject ofthe shortended protocol messages.
Re add the missing struct members in order to maintain
compatibility
This commit reverts the changes made to mncc.h by commit:
e2f24d53e4f80b34ec6d656d93127cb598229a96
Change-Id: Ia02373a36df7605507ee3de49173a9fd6547b726
|
|
The ipa.py has been moved to osmo-python-tests as osmo_ipa - use it for
vty and ctrl tests instead of local copy. The soap.py and twisted_ipa.py
are not MSC-specific: leftovers from repository split which are now
available in osmo-python-tests as well.
Change-Id: Ia3ab77846c9beae7eca32a81079a4a9bfa4dcc75
|
|
The log output of the reset FSM duplicates lots of the built in
FSM log output.
Remove duplicate logging, use more expressive log messages where
needed.
Change-Id: Ie031d947a5b8097bd656c0271081af215605ba02
|
|
The '--enable-vty-tests' is just alias to '--enable-external-tests'
anyway.
Change-Id: I8ab3ac3d9becee6b4e989b4e71d34598ea012f47
|
|
All the CTRL tests were skipped automatically because they were
inherited from before repo split time. This means that MSC CTRL
interface was not tested at all. Add trivial test which uses generic
rate counter introspection so we at least check that MSC's CTRL
interface is not completely broken.
Change-Id: I784feece666b00752a81f2c126e6f255505445be
|
|
Adjust test expectations accordingly.
The error was:
==16084==ERROR: AddressSanitizer: heap-use-after-free on address 0x61500000f5f4 at pc 0x561be639ac2b bp 0x7ffc0aabbe40 sp 0x7ffc0aabbe38
READ of size 4 at 0x61500000f5f4 thread T0
#0 0x561be639ac2a in _msc_subscr_conn_put ../../../../src/osmo-msc/src/libmsc/osmo_msc.c:384
#1 0x561be636070b in rx_from_ms ../../../../src/osmo-msc/tests/msc_vlr/msc_vlr_tests.c:204
#2 0x561be6360b21 in ms_sends_msg ../../../../src/osmo-msc/tests/msc_vlr/msc_vlr_tests.c:217
#3 0x561be635b40a in test_call_mt ../../../../src/osmo-msc/tests/msc_vlr/msc_vlr_test_call.c:328
#4 0x561be6363bb7 in run_tests ../../../../src/osmo-msc/tests/msc_vlr/msc_vlr_tests.c:802
#5 0x561be63524ea in main ../../../../src/osmo-msc/tests/msc_vlr/msc_vlr_tests.c:849
#6 0x7f6eebb3e2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
#7 0x561be6352fb9 in _start (/n/s/osmo/make-3G/osmo-msc/tests/msc_vlr/msc_vlr_test_call+0xdafb9)
Related: OS#2672
Change-Id: If0659a878deb383ed0300217e2c41c8c79b2b6a5
|
|
On MT call, there is a bug in CC conn use which leads to an early free and
use-after-free.
Add msc_vlr_test_call to show both MO and MT call legs separately and reproduce
the failure. It is visible in a sanitizer build (on debian 9).
A subsequent patch will fix the bug: If0659a878deb383ed0300217e2c41c8c79b2b6a5
Related: OS#2672
Change-Id: I6c3ca0c660388b1e2c82df17ec540c846201b0c7
|
|
If a conn is attempted to be used when in release, log an error, but don't skip
tracking.
No current code path apparently hits this, according to msc_vlr_tests. Just
making sure that we will prominently see such errors when we introduce any.
Change-Id: I8dd20ee56ce5ad7a90fcd03a06604c383e5eed54
|
|
When hunting a conn use count bug, it was very hard to figure out who's (not)
using the conn. To ease tracking down this bug and future bugs, explicitly name
what a conn is being reserved for, and track in a bit mask.
Show in the DREF logs what uses and un-uses a conn. See the test expectation
updates, which nicely show how that clarifies the state of the conn in the
logs.
On errors, log them, but don't fail hard: if one conn use/un-use fails, we
don't want to crash the entire MSC before we have to.
Change-Id: I259aa0eec41efebb4c8221275219433eafaa549b
|
|
call to msc_call_connect() lacks spaces in parameter list
Change-Id: I4c11abaeff62749cbc365dfef671c4e15a85fc95
|
|
We usually have both A and IuCS on 0.23.1, using differing SSNs.
0.23.2 was used only if there was a separate cs7 instance for Iu, which is not
practical, and even if used does not conflict with 0.23.1 (since it would be on
a different STP).
Just use 0.23.1 for all SCCP clients.
This needs adjustment of
https://osmocom.org/projects/cellular-infrastructure/wiki/Point_Codes
Change-Id: I3d5466eff5680cb5aa95a76a9e179fdf88ce8aa0
|
|
Change-Id: Ib70360feb82fb9f871461f94982634c11d58f772
|
|
Change-Id: Ie647d93a54aefad5bde8a9411d983cd60714b83d
|
|
Change-Id: I8e9376f20a44f6348bcb85f0ff27a429dc90e1b8
|
|
Change-Id: I477984d5e3bee8aea32419482d6bc48b1e74e6c2
|
|
Change-Id: I5f8b45d6580d42b00de847c8100023b414771939
|
|
Change-Id: I11c5213b90de27dc2606f73c686f263008b6522f
|
|
To avoid sanitizer build failures, ensure that the talloc contexts are empty
when done and free them.
Separate the msgb context from the overall talloc context for clarity: if
nested, the outer one would contain two blocks.
Change the "sms_queue_test" context from 1 byte to 0 in order to get a size of
zero in the end.
Change-Id: If08ba48ab9c28bf3c2db4014837c1304cec04aaf
|
|
The BSC rate counters are a leftover from the nitb split.
Accessing them would result into a null-pointer exception,
because the struct isn't initialized.
Change-Id: I8c72ab8bf781d3f9a436eb1a27ac4d13df5e656b
|
|
If something changed the talloc landscape, it is hard to find out what the test
actually expected when it was written. Add the expectations in an inline
comment.
Change-Id: If92a18bb3dc24c2cf6498aa2da29266267488240
|
|
Terminating one of the FSM instances may effect termination and deallocation of
the others, as well as the vlr_subscr itself. So, reserve the vlr_subscr
locally, and then dispatch events to exactly those FSM instances that exist.
The changes in expected output in the msc_vlr_tests shows that the subscriber
was deallocated from the first FSM termination, and now sticks around until
we've checked both FSMs are gone.
Change-Id: I56551ecc10f5295fe75944bdde4b583b1b621811
|
|
If dispatching a conn timeout, the conn fsm will already have been discarded,
and we cannot fire any more events to it.
The expected test output changes illustrate that we are now omitting event
dispatches that happen *after* the same FSM was already deallocated.
Change-Id: I25af3e5a1b04e3a5c9f41956cbcbbdd8439c6457
|
|
osmo_gsup_decode() doesn't actually decode everything, it does leave quite a
number of pointers into the original msgb. Hence we must not deallocate the
gsup msgb before dispatching GSUP events.
Move msgb_free() to the bottom of vlr_gsupc_read_cb() and use rc and gotos to
early-exit if needed.
Change-Id: I16fc92dcf84e29fcf34712a2e8b0464ef08425ad
|
|
When sub_pres_vlr_fsm_start() is called, it dispatches an event which may in
some cases already cause tear down and free of the parent FSM instance, after
which storing the returned instance pointer in that parent's metadata will use
freed memory. Instead, pass the target pointer to remember the instance at to
sub_pres_vlr_fsm_start() and assign the pointer *before* firing the event.
Explain so in a new comment.
I haven't checked whether that pointer is actually used at all -- this is the
easiest way to fix the use-after-free without getting sucked into semantic
questions.
Change-Id: Ibdc0b64cd12ba3e2b9737e3517d8484e67abcf04
|
|
Use ':' as separator, so that no mangled rate_ctr descriptions are allocated.
When '.' is used, the rate_ctr mangling code creates tallocs of mangled counter
descriptors, and hence affects the amount of expected talloc contexts in
msc_vlr_tests.c.
Change-Id: Ib1db8e3dc6c833174f1b0b1ca051b0861f477408
|
|
The log message after the nullpointer check for conn tricks Coverity
Scan into detecting a nullpointer deref.
Include the log message into else branch to state the program flow
more clearly
Fixes: Coverity CID#178656
Change-Id: If6e962f4033c955ecd3539a719031a83c9b6205a
|
|
The reset context contains a string buffer to allow for setting
a human readable name, that is then displayed in the logs. Since
OSMO-FSMs already have such a feature there is no need for an
extra name variable.
Use LOGPFSML and the name parameter of osmo_fsm_inst_alloc()
to display the name of the FSM
Fixes: Coverity CID#178664
Change-Id: I5b051606791c5e085ca6bb1be20592127d48ceb5
|
|
Change-Id: I6c0c91abc0d3fa737dbe3db1e6473358da64c2a5
|
|
For example:
/usr/share/doc/osmo-msc/examples/osmo-msc/osmo-msc.cfg -> /usr/share/doc/osmo-msc/examples/osmo-msc.cfg
Change-Id: I702cd963d5c3a2f4085ebce5e0dfa1a8a27ea89f
|
