aboutsummaryrefslogtreecommitdiffstats
path: root/src/gprs
AgeCommit message (Collapse)AuthorFilesLines
2018-09-13gprs_gmm: introduce a GMM Attach Request FSMAlexander Couzens4-9/+443
The old GMM Attach Request handling used a recursive function which can not handle certain states and is quite complex and hard to extend. The new FSM handles such request in a FSM and can be called multiple times. Change-Id: I58b9c17be9776a03bb2a5b21e99135cfefc8c912
2018-08-20gbproxy: Replace '.' in counter names with ':'Pau Espin Pedrol1-7/+7
The '.' is illegal character in counter names, as they are exported via CTRL interface, where '.' has a special meaning that cannot be used by strings comprising the variable name. Change-Id: I66a7e044c027672adf77fbd6c0a111c43ee31b4f
2018-08-17gbproxy: Add new VTY-managed timer: link-list clean-stale-timerPau Espin Pedrol2-2/+62
This timer allows periodically cleaning up stale links in link-list of each gbproxy_peer. Previous to this patch, this kind of cleanup (gbproxy_remove_stale_link_infos) was being done only as a consequence of external events being triggered, such as a message from that peer being received. It was found in a production network agreggating several BSS that some of them were offline for a longtime but gbproxy was still caching big amounts of really old link_info for the NSEI assigned to those BSS, because since they were probably turned off abruptely, no new messages were received from it which would trigger the cleanup. As a consequence, it has been observed that a timer to periodically clean up old entries (link-list max-age) is requird in case w don't receive messages from that NSEI periodically. Related: SYS#4431 Change-Id: Ic777016f6d4f0e30fb736484774ca46878f17b7a
2018-08-17gbproxy: Add VTY parameter: link stored-msgs-max-lengthPau Espin Pedrol2-8/+54
It was discovered in some prod setups that some TLLIs can maintain quite long queues of msgb in case its IMSI is not acquired and the tlli is not pruned due to link-list max-{age,length} being set to 0. As a result, the osmo-gpbroxy steadly increases the list size of maintained TLLIs, and some TLLI was found without IMSI catching already 1211 msgb. Let's allow setting a maxiumum length for the queue storing those msgb in a per TLLI base. If the limit is reached, oldest msgb are removed before adding a new one. Depends: libosmocore Change-Id I33b501e89a8f29e4aa121696bcbb13d4b83db40f Related: SYS#4297 Change-Id: I4473be8604f80302df03ffdd5a13280dc072f824
2018-08-17Use osmo_clock_gettime from libosmocorePau Espin Pedrol6-10/+10
Change-Id: Ic638849c6687c376c4c0c36cc286d499a073d6ca
2018-08-15Drop gprs_msgb_resize_area with libosmocore replacementPau Espin Pedrol2-38/+2
gprs_msgb_resize_area was introduced in libosmocore 0.94 (f78ec5ce0d0f6038147d9b9e14d81094309ba5d5) as msgb_resize_area. Let's use that one to avoid code duplication. Change-Id: Ib80f7b2b186d87f21d63d9b0bec58175170c905c
2018-08-15Drop gprs_msgb_copy with libosmocore replacementPau Espin Pedrol3-54/+5
gprs_msgb_copy was introduced in libosmocore 0.94 (f78ec5ce0d0f6038147d9b9e14d81094309ba5d5) as bssgp_msgb_copy. Let's use that one to avoid code duplication. Change-Id: I42a65fd8e4045fafadf5694f2d8d0c5e7ab350a0
2018-08-13vty: add cmd "reset sgsn state"Alexander Couzens1-0/+32
Reset the SGSN internal state. Useful when testing the SGSN via TTCN3. Depends on the libosmocore commit: I29b6ad6742ddf9b0b58b4af37d9a1cf18e019325 Change-Id: I92096f3f6ea49e75676e30e9921d00210bac5382
2018-07-30migrate to oap_client in libosmogsmHarald Welte3-286/+5
libosmogsm in libosmocore.git from Change-Id Ie36729996abd30b84d1c30a09f62ebc6a9794950 onwards contains oap_client.c, so we don't need our local copy here in this repo anymore. Change-Id: I7b194f98ef3f925b6178d8a8dbd9fcf2f0c6e132 Requires: libosmocore.git Change-Id Ie36729996abd30b84d1c30a09f62ebc6a9794950
2018-07-24gbproxy: Replace '.' in counter names with ':'Pau Espin Pedrol1-6/+6
The '.' is illegal character in counter names, as they are exported via CTRL interface, where '.' has a special meaning that cannot be used by strings comprising the variable name. Change-Id: I93a2e5b6ec66c9edb6e93d95032e788f552af44b
2018-07-24sgsn: Fix crash using new libgtp cb_recovery2 APIPau Espin Pedrol2-8/+15
When PDP CTX CREATE ACK is received with an increased RestartCtr, cb_recovery2 is called first, which will dettach ggsn from al pdp ctx (free the pdp_t). But when giving control back from the ctrl, libgtp still uses that freed ctx and sends it back to osmo-sgsn through cb_conf(). As specs state in any case that we need to handle the message containing the increased RestartCtr as valid, we then need to avoid freeing the pdp ctx and leave handling for later in cb_conf. Depends: osmo-ggsn (libgtp) Change-Id I53e92298f2f6b84d662a3300d922e8c2ccb178bc. Change-Id: I0989c00e18ca95a099e1a312940eaac71957b444
2018-07-19sgsn: gtp: Use new API to send PDP DEL CTX REQ without freeing ctx locallyPau Espin Pedrol1-6/+2
Previous API freed the ctx immediatelly after sending the packet, which triggered a call to cb_delete_context() and dropped the entire sgsn_pdp_ctx before the PDP DEL CTX ACCEPT was received. This new API won't free the pdp ctx and we can tear down everything once we receive the ACCEPT in cb_conf. cb_conf is not automatically freed at cb_conf, user needs to free it, so we need to remove setting pctx->lib to NULL in cb_conf to avoid leaking the pdp ctx, as it needs to be freed inside sgsn_pdp_ctx_free(). Depends: osmo-ggsn (libgtp) Change-Id I29d366253bb98dcba328c7ce8aa3e4daf8f75e6c. Change-Id: I304c59de5d137b81de3c6df0fdbe911ae3dbd1f3
2018-07-19sgsn: cdr: Fix uninitialized string access if ggsn is detachedPau Espin Pedrol1-0/+1
if pdp->ggsn==NULL, sgsn_addr was not initialized and caused asan report during snprintf: ==19459==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fffffffbe31 at pc 0x7ffff6e563fe bp 0x7fffffffb130 sp 0x7fffffffa8a8 READ of size 31 at 0x7fffffffbe31 thread T0 ... Address 0x7fffffffbe31 is located in stack of thread T0 at offset 337 in frame #0 0x55555573a7b0 in cdr_snprintf_pdp osmo-sgsn/src/gprs/sgsn_cdr.c:154 ... [320, 337) 'sgsn_addr' <== Memory access at offset 337 overflows this variable ... Change-Id: I97bc56a4e3e76725eb2717b74b3ac125b68bbf0a
2018-07-17sgsn: subscriber: Avoid calling memcpy with NULL srcPau Espin Pedrol2-11/+22
Fixes: OS#3389 Change-Id: I2d1c01ed8b8d2233ced6d70972183ed4fc99007a
2018-07-16sgsn: Fix T3395 firing foreverPau Espin Pedrol1-4/+13
field pdp->num_T_exp was being reset to 0 every time pdpctx_timer_start() was called from gsm48_tx_gsm_deact_pdp_req(). Take the chance to test max amount of retrans to 4 as detailed in specs. Change-Id: Iacce3c66f61578ebee37abaa287f7e183f985c1c
2018-07-16Forward GGSN originated DEACT PDP CTX REQPau Espin Pedrol2-7/+14
This commit fixes TTCN3 sgsn test TC_attach_pdp_act_user_deact_mt. Change-Id: I204209c017aac8a8402cbb8d0a0200540abcc954
2018-07-16sgsn: Don't attempt to delete GTP pdp ctx if GGSN was restartedPau Espin Pedrol2-7/+21
Scenario and behaviour before this commit: - Received Echo Reply from GGSN has incremented RestartCounter - func sgsn_ggsn_ctx_drop_all_pdp() is called to dettach all pdp ctx from GGSN and request the MS to deact all related ctx. - DEACT ACCEPT is received from MS, and then it tries to send DEL PDP CTX to GGSN, expecting to receive a Confirmation and only then freeing the pdp ctx. The problem is that since the initial cause of triggering was a GGSN restart, the GGSN doesn't know anything about that pdp ctx anymore, so it's not useful sending it. We can instead dettach the GGSN and libgtp ref at drop_all_pdp() time and then when we receive DEACT ACCEPT from MS we can free the pdp ctx directly. Change-Id: I1c74098e181552c218e152bf4ac5035cea770428
2018-07-16Add optional TearDownInd IE in PDP DEACT REQ towards PCUPau Espin Pedrol2-6/+7
According to 3GPP TS 24.008 Section 6.1.3.4, the tear down indicator IE maybe included in the DEACTIVATE PDP CONTEXT REQUEST message in order to indicate whether only the PDP context associated with this specific TI or all active PDP contexts sharing the same PDP address and APN as the PDP context associated with this specific TI shall be deactivated. As we don't permit/support establishing multiple PDP contexts using the same APN and PDP address, it shouldn't really make any difference. Nevertheless, we want to clear everything, so let's include it. Change-Id: Ia9bc2d0e93362a8473eac5cf4c7e8ffa41c79e5b
2018-07-13vty: Add cmd to disable echo loop explictlyPau Espin Pedrol1-0/+17
Change-Id: I0598427257533ce8ae9e9afa787293d7c98fed15
2018-07-13Disarm T3395 when dettaching mmctx from pdpctxPau Espin Pedrol2-3/+11
In sgsn_pdp_ctx_terminate, a pdp ctx is terminated and the mm ctx is detached. However, T3395 may still be armed and then pdpctx_timer_cb will trigger, and attempt to use the pdp->mm ctx which was already detached (set to NULL) when calling gsm48_tx_gsm_deact_pdp_req()->mmctx2msgid(). Following list of log lines shows the scenario+crash, in which osmo-sgsn is trying to deactivate the ctx all the time but the PCU doesn't ACK it, and then at some point the PDP context is forced released. osmo-sgsn/src/gprs/gprs_gmm.c:2294 MM(901700000015254/d7e9ab95) <- DEACTIVATE PDP CONTEXT REQ osmo-sgsn/src/gprs/gprs_gmm.c:1464 MM(901700000015254/d7e9ab95) -> GMM DETACH REQUEST TLLI=0xd7e9ab95 type=GPRS detach Power-off osmo-sgsn/src/gprs/gprs_gmm.c:313 MM(901700000015254/d7e9ab95) Cleaning MM context due to GPRS DETACH REQUEST osmo-sgsn/src/gprs/gprs_sgsn.c:332 MM(901700000015254/d7e9ab95) Dropping PDP context for NSAPI=5 osmo-sgsn/src/gprs/gprs_sgsn.c:434 PDP(901700000015254/0) Forcing release of PDP context osmo-sgsn/src/gprs/gprs_sndcp.c:508 SNSM-DEACTIVATE.ind (lle=0x62100001bca0, TLLI=d7e9ab95, SAPI=3, NSAPI=5) osmo-sgsn/src/gprs/sgsn_libgtp.c:310 PDP(---/0) Delete PDP Context osmo-sgsn/src/gprs/gprs_gmm.c:2294 MM(---/ffffffff) <- DEACTIVATE PDP CONTEXT REQ osmo-sgsn/src/gprs/gprs_gmm.c:305:25: runtime error: member access within null pointer of type 'const struct sgsn_mm_ctx' Program received signal SIGSEGV, Segmentation fault. 0x0000555555698c1b in mmctx2msgid (msg=0x61d0000172e0, mm=0x0) at /home/pespin/dev/sysmocom/git/osmo-sgsn/src/gprs/gprs_gmm.c:305 305 msgb_tlli(msg) = mm->gb.tlli; (gdb) bt #0 0x0000555555698c1b in mmctx2msgid (msg=0x61d0000172e0, mm=0x0) at osmo-sgsn/src/gprs/gprs_gmm.c:305 #1 0x00005555556b170a in _gsm48_tx_gsm_deact_pdp_req (mm=0x0, tid=0 '\000', sm_cause=38 '&') at osmo-sgsn/src/gprs/gprs_gmm.c:2297 #2 0x00005555556b1a2e in gsm48_tx_gsm_deact_pdp_req (pdp=0x6140000008a0, sm_cause=38 '&') at osmo-sgsn/src/gprs/gprs_gmm.c:2311 #3 0x00005555556b876c in pdpctx_timer_cb (_pdp=0x6140000008a0) at osmo-sgsn/src/gprs/gprs_gmm.c:2717 #4 0x00007ffff355eb3e in osmo_timers_update () at libosmocore/src/timer.c:257 #5 0x00007ffff356255c in osmo_select_main (polling=0) at libosmocore/src/select.c:254 #6 0x00005555556f17cb in main (argc=3, argv=0x7fffffffe298) at osmo-sgsn/src/gprs/sgsn_main.c:531 Change-Id: I2120e53ade6cabad37f9bd99e6680a453411821b
2018-07-13osmo-sgsn: ping GGSN periodically and check for restart counterPau Espin Pedrol3-2/+53
Before this commit, echo req/rsp logic was implemented in libgtp but never used in osmo-sgsn. This commit adds a timer which periodically sends a GTP ECHO Request to every GGSN if there's at least one pdpd context associated with it. This way by checking the restart counter in the ECHO Reply it can be known if the GGSN was restarted. In this case, logic already present in osmo-sgsn will terminate all pdp contexts associated with that GGSN. Change-Id: I9d714726785407859f26bbef052cd0efc28e8dae
2018-07-13Maintain per ggsn pdp ctx listPau Espin Pedrol2-13/+14
This way we can easily track all pdp context associated to a specific ggsn, which is useful to handle some scenarios, such as the one implemented in next commit, in which specs references that GSNs should ping only other GSNs with at least one pdp ctx in common. So the list of pdp ctx per GGSN is really useful too (and cheap computationally) to check if we should arm or disarm the echo procedure timer. So this commit can be seen as a preparation for next commit. Change-Id: I3bbcc0883df2bf1290ba8d4bd70db8baa494087a
2018-07-09sgsn_libgtp.c: Log pointer of deleted contextPau Espin Pedrol1-1/+1
Change-Id: I8a4627b54090e72f86a9c5a781670be52522062b
2018-06-20Drop all references of unused MGCPPau Espin Pedrol1-2/+1
Change-Id: I1c023d773bf196d41b4251ca7011a82969acb613
2018-06-15gb_proxy: Add ctrl interface and nsvc-state, gbproxy-state commandsDaniel Willmann3-0/+104
This patch adds a control interface to osmo-gbproxy as well as the first two commands to query the state of each NSVC and gbproxy peer. The "nsvc-state" command replies with nsei, nsvci, local state, role, remote state of all NSVCs. The "gbproxy-state" command replies with nsei, bvci, mcc, mnc, lac, rac, and state of each peer. Entries are separated by a newline '\n' character. If there are no entries an empty list is returned. This behaviour is similar to that of the subscriber-list-active-v1 command in osmo-sgsn. $ ./osmo_ctrl.py -d 127.0.0.1 -p 4263 -g nsvc-state Got message: b'GET_REPLY 23 nsvc-state 101,101,DEAD,BLOCKED,SGSN,DEAD,UNBLOCKED\n' $ ./osmo_ctrl.py -d 127.0.0.1 -p 4263 -g gbproxy-state Got message: b'GET_REPLY 4871085901306801158 gbproxy-state ' Change-Id: I82c74fd0bfcb9ba4ec3619d9fdaa0cae201b3177 Ticket: OS#3281, SYS#4235 Sponsored-by: On-Waves ehf
2018-06-05gprs_gmm: Cancel Location: use detach type IMSIAlexander Couzens1-1/+1
The detach type network side is defined as - Reattach required - Reattach not required - IMSI detach (after VLR failure) IMSI detach seems to be more close. Howeever the standard isn't clear about this. Change-Id: I27da6dc5165819cccd1ae0a98b132b45a01f38bb
2018-06-01gb_proxy: tallocate memory for gbproxy cfg so it can be a talloc ctxDaniel Willmann1-8/+14
Change-Id: Iad7cde5c08daacc3f5c4175d21d89fad25a5c3d7
2018-05-23gprs_gmm: make extract_subscr_msisdn extract_subscr_hlr publicAlexander Couzens1-2/+2
Change-Id: I54168e1a58dd36b38c53c13bbb5cdb4311f34410
2018-05-23gprs_gmm: make functions relating to GMM Attach Request publicAlexander Couzens1-5/+5
GMM Attach Request will be handled in it's own file and will use those functions. Change-Id: Ic90d77f7b0bacd2a8e2e409e82d676772d352749
2018-05-22gprs_subscriber: gsup_auth_error: reject MS in all casesAlexander Couzens1-0/+1
There is no way to recover from "PROTOCOL_ERRORS". As long the error_cause is not set, the SGSN won't send out a GMM Request Reject. Fixes: TTCN: SGGN_Tests.TC_attach_auth_sai_reject Change-Id: Iefe8f05686ef4acac721f3c0672910704f3b0ff8
2018-05-02GMM: dont reply to GMM_DETACH_REQ with POWER OFF when MS is unknownAlexander Couzens1-0/+7
Change-Id: I1d1cf64500f1295ab58d157d4d4dab16fcddbbf3
2018-05-01GERAN: allow GSM SRES on UMTS AKA challengeNeels Hofmeyr2-22/+21
Store the established security context type (GSM or UMTS) instead of the boolean flag is_authenticated. Provide the previous boolean query with thin sgsn_mm_ctx_is_authenticated() function. Knowing which security context was established will be necessary for OS#3224, i.e. using the proper ciphering key, which is not yet tested properly, and probably not correct at this stage. This change will make new SGSN_Tests.TC_attach_umts_aka_gsm_sres pass. Related: OS#3193 OS#3224 Change-Id: I36807bad3bc55c0030d4f09cb2c369714f24bec7
2018-04-30log two RA Update Request failure causesNeels Hofmeyr1-0/+5
Change-Id: Ic9c8a492abf5a707b37d9c8888c59be6e51541b8
2018-04-30auth+ciph: log is_r99 and auth typesNeels Hofmeyr1-2/+4
Change-Id: I9679b7c174df186e05171a059a6b4d870a6f16e6
2018-04-16use osmo_init_logging2(), fix regression test memleaksNeels Hofmeyr3-3/+3
Particularly gbproxy_test.c had various mem leaks, which (will) show up with gcc (Debian 7.3.0-15) 7.3.0 address sanitizer. Fix those leaks to verify that we don't have memleaks in the production code. Change-Id: Ia4204c8b3d895b42c103edecb61b99d3d22bd36f
2018-03-16compiler warnings: use enum ranap_nsap_addr_enc, constify local varNeels Hofmeyr1-1/+1
Use the proper enum ranap_nsap_addr_enc instead of int, and properly exclude that member when we're building without Iu support: sgsn_vty.c:1323:31: error: passing argument 2 of ‘ranap_iu_vty_init’ from incompatible pointer type [-Werror=incompatible-pointer-types] ranap_iu_vty_init(SGSN_NODE, &g_cfg->iu.rab_assign_addr_enc); Add const to a local var to silence compiler warning retrieving TLVP_VAL: gprs_gmm.c:1657:18: error: initialization discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers] uint8_t *mi = TLVP_VAL(&tp, GSM48_IE_GMM_ALLOC_PTMSI); ^~~~~~~~ Change-Id: I1168ce6425c31db3f6c3bf1f3682ae96b028c59b
2018-03-15osmo-gbproxy: use 'osmo-gbproxy.cfg' as default config nameNeels Hofmeyr1-3/+27
Like we did in osmo-sgsn in If804da17a7481e79e000fe40ae0d9c4be9722e61, move from 'osmo_gbproxy.cfg' to 'osmo-gbproxy.cfg' as default config file name. Still look for the legacy file name to not break old setups. Change-Id: I9448908d94a23001f04b6334a78739a839b91313
2018-03-15implement support for 3-digit MNC with leading zerosNeels Hofmeyr8-76/+84
Add 3-digit flags and use the new RAI and LAI API from libosmocore throughout the code base to be able to handle an MNC < 100 that has three digits (leading zeros). Note that in gbproxy_test.ok, 0-0 changes to 000-000 instead of 000-00, because the parsed ra buffer is 000000 which results in 000-000, while 00f000 would result in 000-00. IOW this is expected. Change-Id: I7437dfaa586689e2bef0d4be6537e5577a8f6c26
2018-03-06vty: absorb command explanations from osmo-gsm-manualsNeels Hofmeyr1-15/+38
The osmo-gsm-manuals/vty/sgsn_vty_additions.xml contained many command explanations that are redundant with the VTY online doc. Some however are more verbose / easier to understand. Absorb these into the online VTY doc here. This matches the removal in osmo-gsm-manuals change-id I71863e5056ad369d2055e9882a52a00fa999ab04. Change-Id: I35984014424412e91437b7ed71576aef3819cb1e
2018-02-14Add talloc context introspection via VTYHarald Welte3-0/+9
This requires libosmocore with Change-Id I43fc42880b22294d83c565ae600ac65e4f38b30d or later. Change-Id: I50eb1c5a28efbe4542e177ce3d0a236e75eecdd0
2018-02-13sgsn_libgtp.c: Fix typos and whitespacePau Espin Pedrol1-4/+4
Change-Id: Ic223cf378a83051603f58dacf087cc59d9f03890
2018-02-08mandatory depend on libc-ares and libgtpAlexander Couzens1-6/+0
Both library are required to build osmo-sgsn. The optional dependency was correct when osmo-sgsn was part of openbsc. Change-Id: Id608165ae490cb6c84aac1fe70412b2cb2b2587b
2018-01-30gtphub: check for gsn_addr_from_sockaddr() errorMax1-1/+3
Change-Id: I2d80b5a488e7daa0bc8f57ea304e0e1f10f6c1f5 Fixes: CID182472
2018-01-27gtphub: check for gsn_addr_from_sockaddr() errorsMax1-2/+6
Previously the return value was ignored. Check it and log error message. Change-Id: If6babdad650dc6a84e6a784fc8d3c5abe146ecc1
2018-01-19Use gsm48_encode_ra() for RAI encodingMax3-9/+9
It has stricter type signature which increase the chance of spotting misuse either via compiler warning or with automated scan. This also paves the way for gsm48_construct_ra() deprecation in libosmocore. Change-Id: I2c0f082dc7214ed57a40dad0788e34b838dfac97 Related: OS#1640
2018-01-12gtphub: make rate_ctr uniqueMax1-8/+25
* compute unique rate counter index when allocating new gtphub tunnel * propagate rate counter allocation error to upper layers * log and gracefully handle tunnel allocation error Change-Id: I0e07f95c36de369bcd0691b8d0fd47c844abe5da Related: OS#2757
2018-01-11gprs_llc: tx dl ud: make mismatching LLE not crash osmo-sgsnNeels Hofmeyr1-2/+9
On 34c3, osmo-sgsn keeps restarting. At least once, it hits the assertion that this patch replaces with an error message, to not disrupt operation. Change-Id: I07a40960920dbc594192530c3a145f9a5d2a9c81
2018-01-08Fix RAI constructionMax1-2/+2
The gsm48_construct_ra() expect 6-byte buffer while ra_id.digits is 3-byte buffer. The function fills in LAC and RAC as well so we should pass entire struct, not just 'digits' part which only store MCC/MNC. Related: OS#1640 Change-Id: I3bfda930012c792452f9fd695ed7acf46365f1df Fixes: CID57877, CID57876
2018-01-07gprs_gmm: Convert warning message to pragma messagePau Espin Pedrol1-1/+1
This way we can enable -Werror in builds to disallow new compilation warnings being introduced. Change-Id: If2b9a618f4219df9e013095beff52c20aacbc79e
2018-01-07cosmetic: gprs_gmm: Remove trailing whitespacePau Espin Pedrol1-2/+2
Change-Id: Ie2466268fbc4699a366856d467660b17e3f7e307