AgeCommit message (Collapse)AuthorFilesLines
5 hourslibmsc/gsm_04_11.c: properly handle MMTS indicationHEADmasterVadim Yanitskiy5-3/+47
According to 3GPP TS 29.002, section, MMS (More Messages to Send) is an optional IE of MT-ForwardSM-Req message which is used by SMSC to indicate that there are more (multi-part) MT SMS messages to be sent. The MSC needs to use this indication in order to decide whether to keep the RAN connection with a given subscriber open. Related Change-Id: (TTCN) I6308586a70c4fb3254c519330a61a9667372149f Change-Id: Ic46b04913b2e8cc5d11a39426dcc1bfe11f1d31e Related: OS#3587
5 hoursa_iface: Announce Osmux support on RESET (ACK) sendPau Espin Pedrol1-2/+24
Related: OS#2551 Depends: libosmocore.git I28f83e2e32b9533c99e65ccc1562900ac2aec74e Change-Id: Id607f60749e923755cb38179bc283a7957670653
5 hoursbssap: Detect BSC Osmux support on RESET (ACK) recvPau Espin Pedrol2-6/+45
Related: OS#2551 Depends: libosmocore.git I28f83e2e32b9533c99e65ccc1562900ac2aec74e Change-Id: If4f33da9b414ab194098755d2c5be85e1fce5d31
5 hoursvty: Add option to enable osmux towards BSCsPau Espin Pedrol5-0/+40
Change-Id: I6de1be0322ddbdc115074ebb6be2598ebf6c95db
5 hoursbuild osmo-msc: add "missing" LIBASN1C_LIBSNeels Hofmeyr1-6/+2
in osmo-msc/Makefile.am, osmo-msc was actually missing the LIBASN1C_LIBS even though it included LIBASN1C_CFLAGS. Probably libasn1c is implicitly linked from libranap.so, but doesn't hurt to name it. When building without Iu support, the LIBOSMORANAP* and LIBASN1C* vars are empty, so no need to explicitly switch on BUILD_IU, just name them. Change-Id: I39ae5e3f0f7661ca9ee5c17a500be28c461d7ec7
3 dayslibmsc/rtp_stream.c: prevent NULL-pointer dereferenceVadim Yanitskiy1-0/+6
Change-Id: Ie80b9fae490acc9ee8de742e35b6ef59c4388f57 Fixes: CID#198432
3 dayslibmsc/msc_vty.c: use llist_count() in subscr_dump_full_vty()Vadim Yanitskiy1-6/+3
Change-Id: I9e4814d2b2da7d4e75da074e138f423af850ed49
3 dayslibmsc/msc_vty.c: fix documentation of 'show subscriber id'Vadim Yanitskiy1-1/+1
Change-Id: I3357e71ae54e22b97cbb3707712445d7602c1129
3 dayslibmsc/msc_vty.c: fix: use msub_for_vsub() in subscr_dump_full_vty()Vadim Yanitskiy1-1/+1
Change-Id: I8a099b71b10ebb5d2bccfc7e78b6d37a1e60add8 Related: OS#4003
4 daysremove msc specific db countersAlexander Couzens4-94/+4
DB counters has been used to save osmo_counters & osmo_rate_ctr to a local sqlite databases every 60 seconds. This is quite slow e.g. 1000 subscriber might slow the msc down. Change-Id: Id64f1839a55b5326f74ec04b7a5dbed9d269b89c
4 daysran_peer: Move rx_reset_ack logic into its own funcPau Espin Pedrol1-1/+6
Later on we want to do extra steps upon receiving a Rx Reset Ack (checking for Osmux support from peer). Let's move handling of this message into its own function to have handling implementation in one place. Change-Id: I516c4baf6071d26f6c530726d93677bed968efd1
4 daysvlr: optionally send IMEI early to HLROliver Smith16-169/+207
When 'check-imei-rqd 1 early' is set in the config, send the IMEI to the HLR before doing the location update with the HLR. The OsmoHLR documentation referenced in the code will be added in osmo-hlr.git's Change-Id I2dd4a56f7b8be8b5d0e6fc32e04459e5e278d0a9. Related: OS#2542 Change-Id: I88283cad23793b475445d814ff49db534cb41244
4 daysvlr: when setting IMEISV, also set IMEIOliver Smith3-0/+9
Copy IMEISV to IMEI when IMEISV changes. The additional SV digits will get cut off then. This is needed for the subscriber on demand use case, since we can get the IMEISV early (see [1]), but need to send the IMEI to the Check IMEI procedure. While adjusting the tests, I have noticed that there are code paths where we ask the MS for the IMEISV first, and later ask the MS for the IMEI, although we already have the IMEISV. This could be improved in a future patch. [1] Change-Id I256224194c3b8caf2b58a88d11dccd32c569201f Related: OS#2542 Change-Id: I02e7b66848bf7dddb31b105e2ae981432817ae1e
4 daysvlr: fix IMEI lengthOliver Smith7-51/+47
Set the length of vlr_subscr->imei to GSM23003_IMEI_NUM_DIGITS_NO_CHK (14) instead of GSM23003_IMEISV_NUM_DIGITS (16). Note that there is also GSM23003_IMEI_NUM_DIGITS (15), which includes an additional checksum digit. This digit is not intended for digital transmission, so we don't need to store it. Also by not storing it, we can simply copy the IMEI-part from the IMEISV to the IMEI without worrying about the checksum (will be done in a follow up patch). A good overview of the IMEI/IMEISV structure is here: https://en.wikipedia.org/wiki/International_Mobile_Equipment_Identity#Structure_of_the_IMEI_and_IMEISV_(IMEI_software_version) Related: OS#2542 Change-Id: Iaf2569c099874b55acbd748b776394726cc5ce54
4 daysvty: make retrieve-imeisv-early configurableOliver Smith2-8/+22
Prepare for Rhizomatica's subscriber on demand use case, in which the network access is disabled by default for new subscribers, but the IMEI is required in the HLR to find out which user has which IMSI. Due to the network access being disabled, the location update request towards the HLR fails and the MS gets rejected, so we need to get the IMEI early. Related: OS#2542, OS#3755 Change-Id: I256224194c3b8caf2b58a88d11dccd32c569201f
5 dayslibmsc/ran_peer.c: avoid unreasonable use of goto in ran_peer_down_paging()Vadim Yanitskiy1-6/+2
Change-Id: I3320240d8f1dc318e516162bb32e01ddafc7e30e
5 dayslibmsc/ran_peer.c: fix msgb memleaks in ran_peer_down_paging()Vadim Yanitskiy1-0/+6
Change-Id: I1e76b5eab7cfa091375bd9c76d8dcdec8d16ffe5
5 daysmake LOG_TRANS() NULL-safe againSylvain Munaut1-1/+1
Previous patch [1] removed NULL-safety from LOG_TRANS(). Fix that. In case a trans is NULL, it is fine to log in the DMSC category, since the context should still be general (erratic message or other initial problems). [1] 7f85acea9bb9f80e208820958f4cae63625f3689 / I6dfe5b98fb9e884c2dde61d603832dafceb12123 "LOG_TRANS: store subsys in trans, unify USSD logging back to DMM" Change-Id: I6e36c47bf828dd073b36c6301bbeabcc28e101e6
5 daysvlr_lu_fsm.c: assert for invalid eventsOliver Smith1-12/+6
In state machine callback functions, instead of logging an error when an invalid event arrives, do OSMO_ASSERT(0). Change-Id: If5363ae37b414a0ac195e5f89664c75cbad0bb21
6 dayslibmsc/mncc_call.c: fix uninitialized access of stack memoryVadim Yanitskiy1-1/+1
Change-Id: I5f561d9682c9fb87e4837430063095ef2cb7bd5f Fixes: CID#198405
6 dayslibmsc/ran_msg_a.c: prevent chosen_encryption->key buffer overrunVadim Yanitskiy1-1/+3
In ran_a_make_handover_request() we do prevent destination buffer (r.encryption_information.key) overflow, but not source buffer (n->geran.chosen_encryption->key) overrun if an incorrect key length is received. Let's fix this. Change-Id: I278bb72660634c2d535e1bd3d7fce5696da23575 Fixes: CID#198450 Out-of-bounds access
6 dayslibmsc/ran_msg_a.c: refactor ran_a_decode_lcls_notification()Vadim Yanitskiy1-10/+3
We basically need to make sure that one of two possible IEs is not NULL, while another is NULL (eXclusive OR). This can be done using at least two conditional branches. Change-Id: Ie0f9b5c1bbbfb744e0615da07d76037d91b0abc8 Fixes: CID#198444 Logically dead code
6 dayslibmsc/ran_msg_a.c: avoid ternary operator in struct initializationVadim Yanitskiy1-3/+1
For some reason, having ternary operator there makes Coverity think that 'n->geran.chosen_encryption' is dereferenced before checking against NULL. Let's make it happy, and move the assignment. Change-Id: I95051d0f02e2fdd3ec8da3a506109e7b23e99b4b Fixes: CID#198454 Dereference before null check
6 dayslibmsc/gsm_04_11.c: fix NULL-pointer dereference in gsm340_rx_tpdu()Vadim Yanitskiy1-5/+16
Change-Id: I1e9b351e949efe596295d18f98c8a73c8e013763 Fixes: CID#198451
6 dayssms_queue_test: assert return value of osmo_use_count_get_put()Vadim Yanitskiy1-3/+4
Change-Id: I9381e88435ccd856ec619135ca9999c15c25d436 Fixes: CID#198416
6 dayslibmsc/msc_a.c: fix possible NULL-pointer dereferencesVadim Yanitskiy1-7/+25
Change-Id: Id5c95fbf318a2e51e7ffee2e08ceab3042b26cc9 Fixes: CID#198411, CID#198414
6 dayslibmsc/msc_ho.c: fix unreacheable check of MSC-T role allocationVadim Yanitskiy1-7/+8
Change-Id: I46fa37ff27e8a4576fdc8edad894ee16759a6e7a Fixes: CID#198413
6 dayslibmsc/sgs_server.c: do not override rc in case of SCTP_SHUTDOWN_EVENTVadim Yanitskiy1-2/+1
Change-Id: I06215a7d3dc33f2e8adb77fa1b3f2ac5198dee26 Fixes: CID#190867
6 daystests/.../Makefile.am avoid redundant linkage with librtVadim Yanitskiy2-2/+0
The librt is required for old glibc < 2.17 to get clock_gettime(). Since we do check the availability of this function libosmocore and conditionally link it against librt, there is no need to do such unconditional and redundant linkage here. Change-Id: If587d16d2db677b97e3a0641027eb735af9c9c30
7 dayslibmsc/gsm_04_11_gsup.c: cosmetic: drop useless variableVadim Yanitskiy1-3/+1
Change-Id: I102e1bd0f8365e77bbc9203158909aad8dcf214b
7 dayslibmsc/gsm_04_08.c: clarify IMEI rejection in gsm48_rx_mm_serv_req()Vadim Yanitskiy1-1/+2
Change-Id: I65277aee1f52a8b4fd4b970e992482bbadd94d39
7 dayslibmsc/gsm_04_08.c: refactor CM Service Request parsingVadim Yanitskiy1-19/+38
In gsm48_rx_mm_serv_req() we need to make sure that a given message buffer is large enough to contain both 'gsm48_hdr' and 'gsm48_service_request' structures. Comparing msg->data_len with size of pointer if wrong because: - we actually need to compare with size of struct(s), - we need msgb_l3len(), not length of the whole buffer. Moreover, since we have to use the pointer arithmetics in order to keep backwards compatibility with Phase1 phones, we also need to check the length of both Classmark2 and MI IEs. Change-Id: I6e7454d7a6f63fd5a0e12fb90d8c58688da0951e
7 dayslibmsc/gsm_04_08.c: fix: print proper length valueVadim Yanitskiy1-2/+2
Since in parse_umts_auth_resp() we are checking the length of GSM48_IE_AUTH_RES_EXT TLV, we need to print its length, but not the length of the whole L3. Change-Id: I2bfebce6d017be834bfe7628ffa2b341eb82c11c
7 dayssilence error messages about HANDOVER_END not permittedNeels Hofmeyr1-0/+12
The MSC_A_EV_HANDOVER_END exists as parent term event for the msc_ho_fsm, but it is not actually required as functional event, since all cleanup is handled in msc_ho_fsm_cleanup(). That's why I never bothered to add the event to msc_a_fsm, but of course that means we get an error message after each (successful and unsuccessful) handover, that the MSC_A_EV_HANDOVER_END is not permitted. Allow the event and ignore it to silence the error message. Explain in a comment. Change-Id: Ie8dc0c0a631b7da43111f329562007766a21b134
7 daysadd DSS logging categoryNeels Hofmeyr6-17/+23
Change-Id: Id7e04c9f5088334cd5ec6cfdb6a9b3a2a7e7fda0
8 dayslibmsc/gsm_04_11.c: cosmetic: restructure gsm411_mm_send()Vadim Yanitskiy1-4/+2
Change-Id: I22e99f40ab2252a0b716969091e4d24b3b4268a2
8 dayslibmsc/gsm_04_11.c: fix double init of both SMR and SMC FSMsVadim Yanitskiy7-40/+0
Change-Id: I23700a2c575a96057ef22bc5d8ab6271104d619b
9 daysIu: Send SMS over SAPI-3Harald Welte1-1/+3
After neels/ho was merged, SMS over IuCS/RANAP was failing in both MO and MT direction. The reason was that all mobile-terminated SMS-CP layer messages were sent in RANAP with SAPI-0 instaed of SAPI-1. Change-Id: I98e6eddb52d5c61c4e2d34bdfcd43cf460296ad7 Closes: OS#3993
9 dayscall_leg: document the parent_event_* itemsNeels Hofmeyr2-0/+9
Change-Id: Ib099178a0f6ab218646c67c0e7a3d360c81af684
9 dayscall_leg: remove unused event MSC_EV_CALL_LEG_RTP_RELEASEDNeels Hofmeyr6-45/+8
The event is actually never dispatched and useless, because when an RTP stream releases, the call_leg terminates directly anyway (which wasn't apparent when starting to design the call_leg FSM yet). Change-Id: I6b2fc1225c960fa2f7c46adf241520217a07821c
9 daysSMPP: Don't accept password or system-id exceeding spec lengthHarald Welte1-2/+2
The SMPP 3.4 specification defines the password field as a "Variable-length octet string with maximum length of 9", and according to table 3-1 this means including the terminating NUL-byte. However, OsmoMSC allows to configure longer passwords in the ESME configuration. Those passwords will then never match, as libsmpp34 performs length validation and generates a parser error for anyone trying to send a longer password via SMPP. The same applies for system-id, where we have to permit only 15 characters with zero termination, but not 16 characters. Change-Id: I81ef593e84bf1e15f6746386fc145495fae29354 Closes: OS#3166
9 daysLOG_TRANS: store subsys in trans, unify USSD logging back to DMMNeels Hofmeyr3-11/+18
Instead of calling trans_log_subsys() for each LOG_TRANS() log line, rather store in trans->log_subsys once on trans_alloc() and use that. Do not fall back to the RAN's own subsystem (DBSSAP / DIUCS), it makes little sense and may cause logging to switch subsystems depending on the RAN state. In trans_log_subsys(), add missing switch cases: - Log silent call transactions also on CC. - Log USSD on DMM. About USSD: we currently have no dedicated USSD logging category. As a result, after LOG_TRANS() was introduced [1], USSD logged on DBSSAP/DIUCS or DMSC, depending on whether a RAN was associated with the trans or not. Before that change, USSD always logged on DMM, so, until we have a separate logging category for USSD, consistenly use DMM again. [1] in I2e60964d7a3c06d051debd1c707051a0eb3101ba / ff7074a0c7b62025473d8f1a950905ac2cb2f31c Related: coverity CID 198453 Change-Id: I6dfe5b98fb9e884c2dde61d603832dafceb12123
9 daysno HO call forwarding if no RTP streamNeels Hofmeyr1-0/+5
Fixes: coverity CID 198447 Related: OS#3992 (does not fix, just related) Change-Id: Ia223c2e20e625879ab71fc5c8afd0305fd224c58
9 daysmake msc_a_vsub() and others NULL-safeNeels Hofmeyr3-0/+10
Fixes: coverity CID 198451 Change-Id: Icd146ae512236a09cad080ed3eb85944e8f5cee4
9 daysran_a_make_handover_request(): allow no encryptionNeels Hofmeyr1-1/+2
Fixes: coverity CID 198454 Change-Id: Ifb83ab2a8b6148b457224687ffada2dff4c3204f
10 dayslibmsc/gsm_04_11.c: properly handle TP-User-Data-LengthVadim Yanitskiy1-12/+29
As per 3GPP TS 03.40, section "TP-User-Data-Length (TP-UDL)", if the TP-User-Data is coded using the GSM 7-bit default alphabet, the TP-User-Data-Length field indicates the *number of septets* within the TP-User-Data field to follow. Otherwise, i.e. in case of 8-bit or UCS-2 encoded data, the *number of octets* is indicated. Since we store the original TP-UDL value (as received), we might need to convert septets to octets before passing it to memcpy(). Otherwise this would lead to a buffer overrun. Also, as we receive TPDU from untrusted source (i.e. subscriber), the TP-UDL value needs to be checked against the corresponding maximum (160 septets or 140 octets) and truncated if needed. Please note that buffer overrun is still possible, e.g. when an indicated TP-UDL value is grather than the remaining TPDU length. Preventing this would require adding an additional check. Change-Id: I4b08db7665e854a045129e7695e2bdf296df1688 Depends-on: (core) I54f88d2908ac47228813fb8c049f4264e5145241
10 dayslibmsc/ran_peer.c: fix msgb memleak in ran_peer_rx_reset()Vadim Yanitskiy1-0/+4
It was noticed that SCCP_RAN_MSG_RESET_ACK message is not freed after sending. Since ran_peer_rx_reset() calls sccp_ran_down_l2_cl(), which then calls osmo_sccp_user_sap_down_nofree(), which doesn't free the message buffer (what's clear from its name). OsmoMSC# show talloc-context application full filter msgb full talloc report on 'osmo_msc' (total 20155 bytes in 88 blocks) msgb contains 4640 bytes in 5 blocks (ref 0) bssmap: reset ack contains 1160 bytes in 1 blocks (ref 0) bssmap: reset ack contains 1160 bytes in 1 blocks (ref 0) bssmap: reset ack contains 1160 bytes in 1 blocks (ref 0) Let's free it after sending (or in case of error). Change-Id: Ic174f6eecd6254af597dfbdc1c9e3d65716f0a76
10 dayscomment: apply function renames to message cycle explanationNeels Hofmeyr1-12/+12
The misnomed 'nas_decode' and 'nas_encode' APIs have been renamed to 'ran_decode' and 'ran_encode', which was forgotten in the large comment explaining the message path in sccp_ran.h. Apply the rename there. Change-Id: I742fb4844ac8a9ad76f59883ae9447eb8819b82d
10 daysmsub_check_for_release(): Initialize msc_role_a_cHarald Welte1-1/+1
This fixes the following compiler error: msub.c: In function ‘msub_fsm_active’: msub.c:85:35: error: ‘msc_role_a_c’ may be used uninitialized in this function [-Werror=maybe-uninitialized] || (msc_role_a_c && msc_role_a_c->ran->type == OSMO_RAT_EUTRAN_SGS))) ~~~~~~~~~~~~^~~~~ msub.c:59:26: note: ‘msc_role_a_c’ was declared here struct msc_role_common *msc_role_a_c; ^~~~~~~~~~~~ Change-Id: Id518dea77d01ed0518ca7cba6b1b363f1c8e6543
11 daysvty/cfg: add missing write-back of inter-BSC and inter-MSC HO configNeels Hofmeyr2-0/+22
Add missing 'show running-config' test to test_neighbor_ident.vty transcript test. Change-Id: Ie3b084e169da9509b37f6ab91ade79440c1b36d2