AgeCommit message (Collapse)AuthorFilesLines
2018-03-13msc_vlr_test_call: reproduce OS#3062neels/os3062Neels Hofmeyr3-0/+89
Change-Id: Ice7197b48d4e163a3c4d97b559fdcd7e88c4107e
2018-03-13msc_vlr_tests: enable CC logging in debugNeels Hofmeyr7-1/+61
Change-Id: I56ac269d46b48b6b85efad81c4d2343bfc41ea90
2018-03-13trans_free: safeguard against a still running CC timer on freeNeels Hofmeyr1-0/+9
Make sure to deactivate trans.cc.timer when freeing a CC transaction. Log an error if should be necessary. This prevents a segfault when we receive a BSSMAP Clear Request from BSC during an ongoing CC operation. The BSSMAP Clear Request currently triggers immediate freeing of the conn, while we should still do a graceful release first. While this patch does not fix the underlying error, it does prevent the MSC from crashing due to a stale timer, whatever the cause might be. Related: OS#3062 Change-Id: I86b666f23402a6d94af2d903e514770d1fd5157f
2018-03-13Track libosmocore API change in osmo-msc.Stefan Sperling1-3/+3
struct gsm0808_cell_id_list in libosmocore is deprecated by https://gerrit.osmocom.org/#/c/6509/ This updates the only API user I am aware of. Change-Id: I67377270cf3b081ac5dc9cd7b4dc28f74143753a Depends: Ib7e754f538df0c83298a3c958b4e15a32fcb8abb
2018-03-13vlr_ciph_result: fix use after free of imeisvNeels Hofmeyr4-6/+4
Define the struct vlr_ciph_result member .imeisv not as a char* but a char[] of appropriate length, to avoid the need to point to external memory. Thus fix a use-after-free in msc_cipher_mode_compl(), which defined the imeisv[] buffer in a sub-scope within that function, so that the .imeisv pointer was already invalid when fed to vlr_subscr_rx_ciph_res(). Did you notice that the commit summary rhymes? Closes: OS#3053 Change-Id: I90cfb952a7dec6d104200872164ebadb25d0260d
2018-03-13configure: add --enable-werrorNeels Hofmeyr1-0/+21
Provide a sane means of adding the -Werror compiler flag. Currently, some of our jenkins.sh add -Werror by passing 'CFLAGS="-Werror"', but that actually *overwrites* all the other CFLAGS we might want to have set. Maintain these exceptions from -Werror: a) deprecation (allow upstream to mark deprecation without breaking builds); b) "#warning" pragmas (allow to remind ourselves of errors without breaking builds) As a last configure step before generating the output files, print the complete CFLAGS and CPPFLAGS by means of AC_MSG_RESULT. Change-Id: I0528dcb14bf79d0920905a718cc2edea1434c0e5
2018-03-10msc_vlr_tests: add test_a5_3_not_supportedNeels Hofmeyr2-0/+152
See also change-id I72a1dbb30e0a39dbf4b81c7e378d5607b62e10d3 in osmo-ttcn3-hacks.git, which adds a similar test to the MSC_Tests.ttcn suite. Writing this test helped me fix the issue faster, why not keep it now that it's there. Related: OS#2947 Change-Id: Iba56556207cf6e79e6531b0e7dd3eaec28fb5eaa
2018-03-10cosmetic: vlr_auth_fsm: log RAN and size along with SRES/RESNeels Hofmeyr8-68/+70
Change-Id: Ib0f9f573ffac2302fbd3ee28f48ccd8fce5fe286
2018-03-10cosmetic: vlr_auth_fsm: clarify decision on UMTS AKA or GSM AKANeels Hofmeyr3-25/+48
The code deciding on whether UMTS AKA is used was cascaded and convoluted. By flattening the decisions, they become easier to read and possibly catch more weird corner cases / log information more clearly. - First decide what AKA the RES length reflects. - Then decide whether all prerequisites for UMTS AKA are satisfied. - Finally, on UTRAN, turn down the auth if we don't have UMTS AKA, and neatly log all of the potential causes. One corner case that should never occur is that the UMTS AKA RES length is actually the same length as the GSM AKA SRES. If this nevertheless occurs, log this as an error, though not turning down authentication because of it. (The effect is that we would favor UMTS AKA when it has a res_len == sizeof(sres) and would not succeed to GSM AKA. At least the log will tell us why, now.) Adjust an expected test output, trivial logging difference. Change-Id: I43f7f301ea85e518bac91f707391a53182e54fab
2018-03-10msc_vlr_test_umts_authen: test response with only SRES half of RESNeels Hofmeyr2-0/+294
Change-Id: I0e9099625bd9d3de3db5ee29fbf81b2d8a30071d
2018-03-10msc_vlr_test_umts_authen: test response with too long RESNeels Hofmeyr2-0/+289
Change-Id: Ie5473f06fc2d04c6a9f343da5764ec95b292a5f9
2018-03-10msc_vlr_test_umts_authen: test response with too short RESNeels Hofmeyr2-0/+290
Change-Id: Ia1bc57b3dc1f3c3c654ba2d907b16ba925cd03e8
2018-03-10cosmetic: gsm48_rx_mm_auth_resp(): log 'UMTS AUTH', not 'R99 AUTH'Neels Hofmeyr4-31/+31
Change-Id: Iba43c685cbe238d96175267e9cc954b2f2f3e7fc
2018-03-10gsm48_rx_mm_auth_resp(): pass is_r99 from classmark, not response sizeNeels Hofmeyr1-10/+8
Do not interpret the SRES/RES length returned in the auth response as the R99 capability bit, instead determine it from the actual Classmark information associated with the conn. This fixes the is_r99 flag passed in to vlr_subscr_rx_auth_resp(), which ends up in the struct vlr_auth_resp_par dispatched to the auth_fi and influences the authentication acceptance. Though the effect of a wrongly-set-to-false R99 flag is not harmful in this code path, let's not get this confused. Change-Id: Ib7f7d89a8b9455d2c022d53d74328fa7488577f4
2018-03-10vlr auth: gracefully reject malformed auth responseNeels Hofmeyr3-2/+179
Instead of just closing down the conn hard, actually feed invalid auth response data to vlr_subscr_rc_auth_resp() in order to trigger all the actions we want to see with a failed authentication: - a GSUP signal that the auth failed, - a LU reject. Verify this in new test_wrong_sres_length() in msc_vlr_test_gsm_authen.c. Note that in gsm48_rx_mm_auth_resp(), the is_r99 flag is falsely derived from the RES length, which upcoming commit Ib7f7d89a8b9455d2c022d53d74328fa7488577f4 will fix. Change-Id: I4179a290069ac61d0662de4ec7ca3edb76988899
2018-03-10vlr: fix GSM AKA in a UMTS AKA capable environmentNeels Hofmeyr4-14/+33
Switch by vsub->sec_ctx to use the proper Kc for ciphering. Even on an R99 capable MS with a UMTS AKA capable USIM, the MS may still choose to only perform GSM AKA, as long as the bearer is GERAN. The VLR already stores whether the MS replied with a GSM AKA SRES or a UMTS AKA RES in vsub->sec_ctx. So far, though, we were always using the UMTS AKA Kc just because the USIM and core net are capable of it, ignoring the choice the MS might have made in the Authentication Response. In msc_vlr_test_gsm_ciph, fix the test expectations to the correct GSM AKA Kc keys, showing that all of LU, CM Service Request and Paging Response now support MS choosing GSM AKA in a UMTS capable environment. Related: OS#2793 Change-Id: I42ce51ae979f42d173a45ae69273071c426bf97c
2018-03-10msc_vlr_test_gsm_ciph: add test for GSM AKA in UMTS environmentNeels Hofmeyr2-0/+725
Even on an R99 capable MS with a UMTS AKA capable USIM, the MS may still choose to only perform GSM AKA, as long as the bearer is GERAN. In that case, we must make sure to send the GSM AKA Kc for ciphering. Add test_gsm_ciph_in_umts_env() to msc_vlr_test_gsm_ciph.c to answer an Auth Request with a GSM AKA response (see the log stating "AUTH established GSM security context" after we sent a UMTS AKA challenge). In the test, show that we currently send the *wrong* Kc, i.e. the UMTS AKA derived Kc for GERAN, instead of the correct Kc for GSM AKA (which was received from the HLR in the auth tuples). Subsequent patch I42ce51ae979f42d173a45ae69273071c426bf97c will fix this and correct the test expectations. Related: OS#2793 Change-Id: I85f12a20dcd701e671188e56811ec7b58d84da82
2018-03-10msc_vlr_tests: clearly separate Ciph Mode from Security Mode checkingNeels Hofmeyr9-48/+98
Clearly distinguish between Ciphering Mode Command on GERAN and Security Mode Control on UTRAN. Cosmetic: explicitly verify the key strings in the testing code (not only in the expected output). Change-Id: Ica93ed06c4c63dc6768736d25231de8068001114
2018-03-10silent call: clarify rc and error messages logged on vtyNeels Hofmeyr2-17/+40
In gsm_silent_call_{start,stop}(), return meaningful error codes and interpret them on the VTY to clearly indicate the result. Change-Id: Id5abb8f2ba901689e03040af8e51483b6c618e7f
2018-03-10msc_main: do not say 'osmo-nitb' in the usageNeels Hofmeyr1-1/+1
Change-Id: I2090097dc0d7e0251c116b95b802076df3419455
2018-03-10vty: add 'subscriber ... paging' cmdNeels Hofmeyr1-0/+26
Allow issuing an empty paging from the VTY, for debugging purposes. Change-Id: I403904cb789ece699f14b4cbd52c336eb02d45e4
2018-03-10vty: add 'msisdn' as alias for 'extension'Neels Hofmeyr1-2/+3
Rationale: in the HLR, it is called 'msisdn' after the database column, so a user going back and forth between osmo-hlr and osmo-msc would appreciate being able to type 'msisdn' in the MSC's vty as well. Change-Id: I7b46f9736421e8edd8a95ae89e025ebe486fde4c
2018-03-10vty: drop unused commandsNeels Hofmeyr1-30/+0
Change-Id: I76d6777ebe9105b8abf37993b86c3749a7e18008
2018-03-10fix: clear vlr_subscr->msc_conn_ref when the conn is discardedNeels Hofmeyr1-0/+1
Before this, it was for example possible to crash the MSC by the vty 'show subscriber' command, which would dereference a potentially stale vsub->msc_conn_ref pointer. Related: OS#3050 Change-Id: Ia4105d9f135ba3216ad3c86157be7658b1d568fb
2018-03-07a_iface: fix BSSMAP reset handlingPhilipp Maier1-15/+17
When osmo-msc restarts it looses all information about the BSC. The BSC will not be aware of the reboot and on the next communication attemt it will notice that something is wrong and start the reset procedure on his side. osmo-msc will receive the reset messages and send a reset. The reset is received. Osmo-msc detects that no context information is created yet. The context is created. Then it is checked if the UNITTDATA message that came in is a reset. If it is one. Nothing happens. The UNITTDATA is passed on and triggers the RESET-ACK some layers above. Unfortunately by the current code this also means that no reset FSM is created and therefore a_reset_conn_ready() can never be true. Which means it will also drop any legitimate reset from the BSC in the future. - Ensure that the reset FSM is always created when a new BSC context is created - Make sure that reset related traffic always passes so that the higher layers can handle the procedure properly Change-Id: I3fdcec5dbeaa0e21fd6a92568a623faa368239be
2018-03-05VLR: fix potential NULL dereferenceMax1-0/+2
The vlr_subscr_get() can return NULL if its argument is NULL (which isn't checked for) so before dereferencing it's result we should check for it. Change-Id: I13632908d0b67323202effa9dd6f29732a12cc91
2018-03-02msc_vlr_tests: improve cipher mode coverageNeels Hofmeyr7-55/+148
Actually call msc_vlr_set_ciph_mode() and wrap away a_iface_tx_cipher_mode() and ranap_iu_tx_sec_mode_cmd(). Hence we'll see decisions and errors in msc_vlr_set_ciph_mode() as well. Change-Id: Id23bc245d4b5707edcd27c44db272fbb211bf9bd
2018-03-02msc_vlr_tests: make all test functions staticNeels Hofmeyr11-71/+71
All functions in the individual msc_vlr_test_*.c files should be static; hence we would be warned if one of them were unused (forgotten to add to the tests array). Change-Id: Ia169c6a1443a48879ab4777e09c2040c48810bf6
2018-03-02msc_vlr_test_gsm_ciph: drop unused functionNeels Hofmeyr1-41/+0
This test is actually in msc_vlr_test_rest.c, shouldn't be copied here, and was anyway unused. Change-Id: I9bba10a05d43f7f94aa2cd6dcb63dd8f2f644d35
2018-03-02msc_vlr_tests: revert IMSI parameter and test nr outputNeels Hofmeyr35-316/+330
Three recently merged commits take the msc_vlr_tests in a wrong direction. The IMSI is usually encoded in the hex streams. The rationale behind hex streams is that it is a) easily copied from a wireshark trace and b) exactly the bytes as sent by an actual phone. It is hard to parameterize the IMSI because we would have to employ our encoding functions, which I intentionally want to keep out of the loop here. The test number should not appear in the normal test output, so that adding a test or changing their order does not affect expected output for following tests. The nr is simply for manual invocation, only seen when invoked with -v. Revert - "VLR tests: always print test parameters" b0a4314911140b1599cccfc8171fcdab4cd9bfab. - "Expand VLR tests" d5feadeee8dd24f991df2892d6bcf0be8b0cf707. - "Move IMSI into test parameters" 093300d141c300651954473d73138b72de04d931. Change-Id: Ie1b49237746751021da88f6f07bbb9f780d077c9
2018-03-02vlr_lu_fsm: guard against using the wrong fiNeels Hofmeyr1-34/+68
Various functions in vlr_lu_fsm.c belong to one of the four FSMs defined in that file. After the recent error was uncovered where the lu_fsm called lu_compl_fsm()'s termination function, I want to make sure it's correct. Introduce distinct inline functions to dereference the respective fi->priv pointers, each asserting that the fi indeed belongs to the proper FSM. Use those *everywhere* to dereference fi->priv. From this patch on, we are sure beyond doubt that we are not inadvertently passing an fi pointer to the wrong FSM's handling functions, though we will only catch this at runtime -- but then will immediately know the reason. vlr_lu_fsm.c is the only file defining more than one FSM, so the other FSM definitions are already reasonably safe. Change-Id: I7419a780ff2d8b02efc4195bb1702818e4df181c
2018-03-02vlr: fix post-auth LU failure handlingNeels Hofmeyr1-2/+2
From the vlr_loc_update() FSM, don't call the vlr_lu_compl_fsm_failure() function. These are two distinct FSMs with distinct priv pointers, but they are defined in the same .c file. In vlr_loc_upd_post_auth(), change two erratic calls of vlr_lu_compl_fsm_failure() to lu_fsm_failure(), so that the proper fi and priv struct are used. Fixes: OS#2947 Change-Id: I7fd2c6fa23254fffd0d526e53541f4068153929f
2018-02-28implement support for 3-digit MNC with leading zerosNeels Hofmeyr8-41/+33
Add 3-digit flags and use the new RAI and LAI API from libosmocore throughout the code base to be able to handle an MNC < 100 that has three digits (leading zeros). Depends: Id2240f7f518494c9df6c8bda52c0d5092f90f221 (libosmocore), Ib7176b1d65a03b76f41f94bc9d3293a8a07d24c6 (libosmocore) Change-Id: I82f0016d9512ee8722a3489a3cb4b6c704a271fc
2018-02-27cosmetic: gsm_network_init(): imply default 001-01 PLMNNeels Hofmeyr4-12/+6
All callers pass mcc=1, mnc=1, so just have it as default. (Prepare for net->country_code etc to be replaced by net->plmn) Change-Id: Ibcd1cc38f170895305ae176a5574384c74a33939
2018-02-26msc_mgcp: Add FSM event namesPhilipp Maier1-0/+13
The FSM (fsm_msc_mgcp) lacks a proper definition of the FSM event names. This causes problems when inspecting the FSM using the VTY. - Add proper FSM Event names Closes: OS#2924 Change-Id: I6823756a63b08a71e5518130e49751aa073dbcd2
2018-02-26a_reset: Add FSM event namesPhilipp Maier1-0/+8
The FSM lacks a proper definition of the FSM event names. This causes problems when inspecting the FSM using the VTY. - Add proper FSM Event names Change-Id: I76d7d9e0accffd433a3f3b5e5f8ab17ecd4a348c Related: OS#2924
2018-02-22enable osmo_fsm vty commands in osmo-msc vtyStefan Sperling1-0/+2
Call osmo_fsm_vty_add_cmds() to make osmo_fsm VTY commands available in osmo-msc's VTY interface. Change-Id: Iaf970f6039c3f668f275dd8c21fb9071774a5d9e Related: OS#2967
2018-02-19drop unused libmsc/meas_feed.hNeels Hofmeyr1-12/+0
Change I0d57ac214e574e267fa9752daf76566197b9aa64 forgot to remove this file along with meas_feed.c. Note also the weirdness: that patch removes the proper include/osmocom/msc/meas_feed.h, but there's also this other one. This libmsc/meas_feed.h always existed from the start as an unused orphan, see: https://git.osmocom.org/osmo-bsc/diff/openbsc/src/libmsc/Makefile.am?id=b4771a6871efb3cf12b371aedc575912984ca528 No need to drop from Makefile.am, since it is already gone from there. (meas_feed from the old osmo-nitb (openbsc.git) has / should have moved to osmo-bsc. There are no measurement reports in the MSC. Refer to osmo-bsc.git instead from now on.) Change-Id: Ib2566013dd30b21ce2774cd4cc7dcba2408f938f
2018-02-19libmsc: Pretend MNCC requested release in handle_error()Daniel Willmann1-0/+11
Send a release request to the MS so the connection does not stay open indefinitely. Change-Id: I7669d29cf5be3e4a60a1d121edbfcf9056f6d82b
2018-02-16libmsc: bssap: Remove fixme and properly update msgb tailPau Espin Pedrol1-3/+2
Change-Id: I28073efd5cff58cd212341bceee784caf08d5ad8
2018-02-16libmsc: Add a function to return a unique ID of the subscriber connDaniel Willmann2-0/+21
The ID will include the type of connection (GERAN_A, UTRAN_IU) followed by the SCCP conn_id. This can be used for the fsm instance ID before we know the IMSI. Change-Id: I4b875772e3994ad3458ee60dbf880604486d9afd
2018-02-16iucs: Add a function to return the connection ID for the IU SCCP connDaniel Willmann3-0/+12
Change-Id: Ica4a7f463fcf1bd67fe082296cecea8d10f2fc5b
2018-02-14libmsc: bssap: Catch TLV parse failuresPau Espin Pedrol1-1/+7
Change-Id: I1d1951f4a5daf200e85c76fea14a35e952491d27
2018-02-14libmsc: bssap: Refactor rx paths to to avoid parse_tlv code duplicationPau Espin Pedrol1-67/+58
Change-Id: I6aef9a94fa5b2e0b62a9c1744b8e18e5985f788f
2018-02-14libmsc: bssap: Fix typo in log messagePau Espin Pedrol1-1/+1
Change-Id: I941cd7f4e9eec3e4f2786100a0e64770d5aee4a7
2018-02-14remove dead code (gsm_parse_reg)Harald Welte2-32/+0
Change-Id: I47b0260561a9c2bad65c50c8164873e4c23d61b7
2018-02-14remove unused "auth policy" VTY commandHarald Welte8-60/+0
This is yet another unsused bit from the OsmoNITB legacy. Related: OS#2528 Change-Id: I825e659da529257e5edec94d9d59f0e10c1b4c63
2018-02-14remove unused "authorized-regexp" VTY commandHarald Welte16-101/+72
This is another left-over VTY command from the OsmoNITB days. If such functionality is desired, it must be implemented in OsmoHLR, but not here. Related: OS#2528 Change-Id: Icf0897c47388e49ba7886b55acc728a6f7d213fe
2018-02-14remove unused VTY command "location updating reject cause"Harald Welte6-23/+0
OsmoMSC is using whatever reject cause is apropriate in the given situation. This user-configurable reject cause only had relevance in OsmoNITB, and hence it is an unused parameter that can be removed in OsmoMSC. Related: OS#2528 Change-Id: Ie1f39e706477aaf42051877b52d4b3ae1c5f138e
2018-02-14osmo-msc: Add talloc context introspection via VTYHarald Welte1-0/+3
This requires libosmocore with Change-Id I43fc42880b22294d83c565ae600ac65e4f38b30d or later. Change-Id: I575500bd911f9792ab5ca76eebb1d2682ee34fa3