aboutsummaryrefslogtreecommitdiffstats
path: root/tests/emu/gprs_tests.h
diff options
context:
space:
mode:
authorHolger Hans Peter Freyther <holger@moiji-mobile.com>2013-07-31 21:59:29 +0200
committerIvan Kluchnikov <kluchnikovi@gmail.com>2013-09-04 21:29:00 +0400
commit9d938388f678e8c753e128199185f17a35a45247 (patch)
treeece4f4830cef79cd95595db9f4c089926abafbd3 /tests/emu/gprs_tests.h
parentbc1e52cfbf89dc9c669281181f99dc5098ea8364 (diff)
emu: Add a crash re-producer for the SGSN (and the concept of tests)
Introduce the concept of tests that will be ran one after the other. This new test will send static message that will lead to the opening of a PDP context. At this point one should use ping with a large packet size and suspend/stop the emulator. Once the NS connection is considered dead the SGSN will crash with a double free. Reproduce: 0.) Add IMSI 901700000003094 to the ACL 1.) Stop/Suspend the emulation process so the NS Alive times out 2.) Use ping IP -s 2048 This will create a double free... #4 0xb7bb2646 in talloc_abort_double_free () at talloc.c:175 #5 0xb7bbd41a in talloc_chunk_from_ptr (ptr=0x8091208) at talloc.c:190 #6 _talloc_free (ptr=0x8091208) at talloc.c:517 #7 talloc_free (ptr=ptr@entry=0x8091208) at talloc.c:990 #8 0xb7bb319b in msgb_free (m=m@entry=0x8091208) at msgb.c:72 #9 0x0804db54 in sndcp_send_ud_frag (fs=0xbfffcc6c) at gprs_sndcp.c:423 #10 sndcp_unitdata_req (msg=msg@entry=0x808eed8, lle=0x808fbc8, nsapi=5 '\005', mmcontext=mmcontext@entry=0x80903e8) at gprs_sndcp.c:471
Diffstat (limited to 'tests/emu/gprs_tests.h')
-rw-r--r--tests/emu/gprs_tests.h65
1 files changed, 65 insertions, 0 deletions
diff --git a/tests/emu/gprs_tests.h b/tests/emu/gprs_tests.h
new file mode 100644
index 00000000..1f2c3fbd
--- /dev/null
+++ b/tests/emu/gprs_tests.h
@@ -0,0 +1,65 @@
+/* (C) 2013 by Holger Hans Peter Freyther
+ *
+ * All Rights Reserved
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#ifndef tests_h
+#define tests_h
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <osmocom/core/msgb.h>
+#include <string.h>
+
+struct gprs_bssgp_pcu;
+struct tlv_parsed;
+struct msgb;
+
+struct gprs_test {
+ gprs_test(const char *name, const char *description,
+ void (*start)(struct gprs_bssgp_pcu *),
+ void (*data) (struct gprs_bssgp_pcu *, struct msgb *, struct tlv_parsed *parsed))
+ : name(name)
+ , description(description)
+ , start(start)
+ , data(data)
+ {}
+
+ const char *name;
+ const char *description;
+ void (*start)(struct gprs_bssgp_pcu *);
+ void (*data) (struct gprs_bssgp_pcu *, struct msgb *, struct tlv_parsed *);
+};
+
+void gprs_test_success(struct gprs_bssgp_pcu *);
+
+static inline struct msgb *create_msg(const uint8_t *data, size_t len)
+{
+ struct msgb *msg = msgb_alloc_headroom(4096, 128, "create msg");
+ msg->l3h = msgb_put(msg, len);
+ memcpy(msg->l3h, data, len);
+ return msg;
+}
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif