Age | Commit message (Collapse) | Author | Files | Lines |
|
Change-Id: I97ce5e758b47ec5cfc53c22362b71070be15aff3
|
|
Log line actually makes more sense out of the function where IMSI acq is
resolved. We can then get rid of msg param which may cause confusion and
add complexitiy to code for no good reason.
Change-Id: I6716a260e12a3cf36af0501ce611c6c1e608f537
|
|
It makes no sense to print every stored_msg with BVCI from msg, same for
routing. This will allow getting rid of "msg" completelly in next
commit.
Change-Id: I95eafbf41012be3e02c68fc996773dd02b174fe6
|
|
Change-Id: I14a90d1957a2cbd8fd53002b035fe481ab3abbbf
|
|
The only use inside the function is only to log information which should
actually be provided by tmp_parse_ctx of each stored msg.
Change-Id: Ic186b92fa9bd0a2b853a0cf525c6f6feb9493897
|
|
gbproxy process was aborted with following message during APN patching:
<000e> gb_proxy_patch.c:129 Patching ACT_PDP_REQ to SGSN: Replacing APN 'foo' -> 'bar'
msgb(0x5555558797d0): Sub area is not fully contained in the msg data
During osmo-sgsn 107fb59e84b12bbf6bdfdd4fc241dbcda7332706 old copy of
gprs_msgb_resize_area was replaced by more modern libosmocore version
called msgb_resize_area. They are mostly identical but the later has
some extra verification asserts. One of this asserts was triggering the
process abort, but the bug has always been there as far as I could see
in git history.
The assert triggers because the bssgp buffer and parse_ctx point to
"stored_msg", while the data buffer comes from a different msbg "msg",
which is clearly wrong behavior.
In the modified line, "msg" (the one which provided the imsi now already
stored in link_info through gbproxy_update_link_state_ul()->gbproxy_assign_imsi())
is really not needed anymore, and we want to patch the stored msg going
to be forwarded.
Related: SYS#4397
Change-Id: I7226fc5bcfbf58c349431d0a39cdb904fefd9e9c
|
|
In case of multiple bts peers we use '\n' as individual entries
separator.
This reverts commit fffd6cb0d8011442bb69974675f86ad087b7d8db.
Change-Id: I1ea17919ec3ed7e26044df8b5f8324717ee9e32c
|
|
It's currently only used in the same file.
Change-Id: I08b51f36263e58f52ef9af2a63a7fcbf06a767c4
|
|
Return number of BTS peers. This is especially useful when no peers are
available because "gbproxy-state" command returns empty sstring in this
case.
Change-Id: I29b0664e60f7c81c3c7b495c1c8f2700e3f7e033
Related: SYS#2655
|
|
In ctrl protocol we don't need any explicit formatting as it might
interfere with client processing our response. Let's drop trailing '\n'.
Change-Id: I3f32e01dd50a53991c292aeee57a78d81cdc5429
Related: SYS#2655
|
|
Coverity points out we forgot to check the return value of
osmo_shift_v_fixed() in some places. Add checks which verify
the expected length of data which is skipped by the parser.
Change-Id: I20406f411810e966443d6fd5a4620b9a66cd9809
Related: CID#135160
|
|
Avoid explicit memset which confuses coverity, use strnlen() and
osmo_strlcpy() to handle strings.
Change-Id: I73fd54ad3a4ab8be5aff0fee5c722597ad766e9d
Fixes: CID163626
|
|
The two existing enums defined in gprs_sndcp_xid.h, for protocol
and data compression algorithm numbers respectively, were assigned
to 'int' variables when their values were copied to other structures.
This prevented the compiler from checking the enum value coverage
during switch statements and also tripped up Coverity scans looking
for enum value mismatch problems.
So instead of copying enums to ints, make use of the enums throughout.
Structures which can contain values from both enums now use a union
of both, forcing us to be very explicit about which set of values
we are dealing with.
Change-Id: I3771a5c59f4e6fee24083b3c914965baf192cbd7
Depends: If6f3598cd6da4643ff2214e21c0d21f6eff0eb67
Depends: I8444c1ed052707c76a979fb06cb018ac678defa7
Related: CID#149102
|
|
The function gprs_sndcp_get_compression_class() returns -EINVAL
upon error, not -1, so an existing assertion would never trigger.
Instead, check for the values we want first (PROTOCOL_COMP or
DATA_COMP) and assert(false) in case the returned value doesn't
match either of these.
Found by: Neels
Change-Id: I8444c1ed052707c76a979fb06cb018ac678defa7
|
|
Fix an obvious logic bug in an assertion in encode_comp_field().
Found by: Neels
Change-Id: If6f3598cd6da4643ff2214e21c0d21f6eff0eb67
|
|
osmo-hlr has recently (as of Change-Id
Iad227bb477d64da30dd6bfbbe1bd0c0a55be9474) a working shared library
implementation of libosmo-gsup-client.
We can remove the local implementation in osmo-sgsn and use the
system-installed shared library instead.
Change-Id: I6f542945403cf2e3ddac419186b09ec0e2d43b69
|
|
Change-Id: I4a83c5799f0dbd5eb762039c6cfba671f6e465be
|
|
Change-Id: I93f0dc721c2eff8a87fb9248882f24768f708713
|
|
Related: OS#3576
Change-Id: Icdb2bd9ec90511b51428800d17f8ce81f6804670
|
|
fix: "src/gprs/gprs_gmm_attach.c:240:6: error: unused variable ‘rc’"
introduced by
"gprs_gmm: Fix missing Security Command for 3G when attaching"
Change Id I1e12b0a32e58c6f78dba7b548f7d7016567229db
Change-Id: I4837c10fed915c558a5374d448af813219087f36
|
|
After checking the FCS, it's no use. The FCS should also not
appear on `hexdump(msgb_l3(MSG), msgb_l3len(MSG))`.
Change-Id: I27e061ead86395a336b67c7aead93d305a0f2ae8
|
|
When a MS does the following
- MS: GMM Attach
- MS: Activate PDP CTX
- SGSN: send PDP CTX Request to GGSN which GGSN does not answer
- GMM Detach (MM ctx get freed)
- libgtp retrans timeout of the first answer
- sgsn_libgtp.c: create_pdp_conf() which ignores this ctx because of emtpy MM ctx
Change-Id: I4575f7f80f785a62ae3b7f165d236a9dd818aabf
|
|
Introduce a new FSM step in GMM Attach to send the
Security Command to the RNC after completing the
Authentication.
Fixes: f7198d7dbb84 ("gprs_gmm: introduce a GMM Attach Request FSM")
Change-Id: I1e12b0a32e58c6f78dba7b548f7d7016567229db
|
|
NET_FAIL will result in asking again and again. Reject with IMPL_DETACHED to drop the
MS completely.
Change-Id: I195d533e330a4b577cad80c7e757d481f9c837df
|
|
Depends: I214ea51fc6bfa2a9a4dd7c34b43add0c77ffe22e (libosmo-sccp)
Change-Id: Ie267aa014812b5c89f2268a65566d5427aa1ad7e
|
|
Document all keywords of the 'reset sgsn state' command: set the same doc
string for all three.
Also fixes the build after libosmocore
I1f18e0e41da4772d092d71261b9e489dc1598923, which resulted in HIDDEN commands
coming up in the VTY reference dumping. Note that libosmocore
I92c3c66ff69c186234276c64478d6342e061d25e will again remove this breakage by
omitting hidden commands.
Change-Id: I8b6e8615e409266910f2f76a10ced9ab33e4de91
|
|
Move the check of the echo timer into an own function.
The gtp echo timer must be re-check everytime the
echo-timer has been modified or deactivated via vty.
Fixes the TTCN3 SGSN_Tests.TC_attach_restart_ctr_echo
Change-Id: Ia33471a9a9cfc3887facb665c82094b99932052a
|
|
When the GGSN crashs, the SGSN will be notified after
it comes back. Because of the async operation,
the mm ctx could be already gone.
Change-Id: I507a8c2193c84f8dff7f5d669adcd3583331f289
|
|
Change-Id: I20e91e196b9d64b6dac11ab47fcef85f8a9ee0b7
|
|
Allow ttcn3 to flush the gtp queue between each test.
Fixes ttcn3 test SGSN_Tests.TC_attach_pdp_act_deact_mt_t3395_expire
Change-Id: I49d70cb7abe5cbe92ea68882fa68eccec0e79586
|
|
The old GMM Attach Request handling used a recursive function
which can not handle certain states and is quite complex and hard to
extend.
The new FSM handles such request in a FSM and can be called multiple
times.
Change-Id: I58b9c17be9776a03bb2a5b21e99135cfefc8c912
|
|
The '.' is illegal character in counter names, as they are exported
via CTRL interface, where '.' has a special meaning that cannot be
used by strings comprising the variable name.
Change-Id: I66a7e044c027672adf77fbd6c0a111c43ee31b4f
|
|
This timer allows periodically cleaning up stale links in link-list of
each gbproxy_peer. Previous to this patch, this kind of cleanup
(gbproxy_remove_stale_link_infos) was being done only as a consequence
of external events being triggered, such as a message from that peer
being received.
It was found in a production network agreggating several BSS that some
of them were offline for a longtime but gbproxy was still caching big
amounts of really old link_info for the NSEI assigned to those BSS,
because since they were probably turned off abruptely, no new messages
were received from it which would trigger the cleanup.
As a consequence, it has been observed that a timer to periodically
clean up old entries (link-list max-age) is requird in case w don't
receive messages from that NSEI periodically.
Related: SYS#4431
Change-Id: Ic777016f6d4f0e30fb736484774ca46878f17b7a
|
|
It was discovered in some prod setups that some TLLIs can maintain quite
long queues of msgb in case its IMSI is not acquired and the tlli is not
pruned due to link-list max-{age,length} being set to 0. As a result,
the osmo-gpbroxy steadly increases the list size of maintained TLLIs, and
some TLLI was found without IMSI catching already 1211 msgb.
Let's allow setting a maxiumum length for the queue storing those msgb
in a per TLLI base. If the limit is reached, oldest msgb are removed
before adding a new one.
Depends: libosmocore Change-Id I33b501e89a8f29e4aa121696bcbb13d4b83db40f
Related: SYS#4297
Change-Id: I4473be8604f80302df03ffdd5a13280dc072f824
|
|
Change-Id: Ic638849c6687c376c4c0c36cc286d499a073d6ca
|
|
gprs_msgb_resize_area was introduced in libosmocore 0.94
(f78ec5ce0d0f6038147d9b9e14d81094309ba5d5) as msgb_resize_area. Let's use
that one to avoid code duplication.
Change-Id: Ib80f7b2b186d87f21d63d9b0bec58175170c905c
|
|
gprs_msgb_copy was introduced in libosmocore 0.94
(f78ec5ce0d0f6038147d9b9e14d81094309ba5d5) as bssgp_msgb_copy. Let's use
that one to avoid code duplication.
Change-Id: I42a65fd8e4045fafadf5694f2d8d0c5e7ab350a0
|
|
Reset the SGSN internal state. Useful when testing the SGSN via TTCN3.
Depends on the libosmocore commit:
I29b6ad6742ddf9b0b58b4af37d9a1cf18e019325
Change-Id: I92096f3f6ea49e75676e30e9921d00210bac5382
|
|
libosmogsm in libosmocore.git from Change-Id
Ie36729996abd30b84d1c30a09f62ebc6a9794950 onwards contains oap_client.c,
so we don't need our local copy here in this repo anymore.
Change-Id: I7b194f98ef3f925b6178d8a8dbd9fcf2f0c6e132
Requires: libosmocore.git Change-Id Ie36729996abd30b84d1c30a09f62ebc6a9794950
|
|
The '.' is illegal character in counter names, as they are exported
via CTRL interface, where '.' has a special meaning that cannot be
used by strings comprising the variable name.
Change-Id: I93a2e5b6ec66c9edb6e93d95032e788f552af44b
|
|
When PDP CTX CREATE ACK is received with an increased RestartCtr, cb_recovery2
is called first, which will dettach ggsn from al pdp ctx (free the
pdp_t). But when giving control back from the ctrl, libgtp still uses
that freed ctx and sends it back to osmo-sgsn through cb_conf().
As specs state in any case that we need to handle the message containing
the increased RestartCtr as valid, we then need to avoid freeing the pdp
ctx and leave handling for later in cb_conf.
Depends: osmo-ggsn (libgtp) Change-Id I53e92298f2f6b84d662a3300d922e8c2ccb178bc.
Change-Id: I0989c00e18ca95a099e1a312940eaac71957b444
|
|
Previous API freed the ctx immediatelly after sending the packet, which
triggered a call to cb_delete_context() and dropped the entire
sgsn_pdp_ctx before the PDP DEL CTX ACCEPT was received. This new API
won't free the pdp ctx and we can tear down everything once we receive
the ACCEPT in cb_conf.
cb_conf is not automatically freed at cb_conf, user needs to free it, so
we need to remove setting pctx->lib to NULL in cb_conf to avoid leaking the
pdp ctx, as it needs to be freed inside sgsn_pdp_ctx_free().
Depends: osmo-ggsn (libgtp) Change-Id I29d366253bb98dcba328c7ce8aa3e4daf8f75e6c.
Change-Id: I304c59de5d137b81de3c6df0fdbe911ae3dbd1f3
|
|
if pdp->ggsn==NULL, sgsn_addr was not initialized and caused asan report
during snprintf:
==19459==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fffffffbe31 at pc 0x7ffff6e563fe bp 0x7fffffffb130 sp 0x7fffffffa8a8
READ of size 31 at 0x7fffffffbe31 thread T0
...
Address 0x7fffffffbe31 is located in stack of thread T0 at offset 337 in frame
#0 0x55555573a7b0 in cdr_snprintf_pdp osmo-sgsn/src/gprs/sgsn_cdr.c:154
...
[320, 337) 'sgsn_addr' <== Memory access at offset 337 overflows this variable
...
Change-Id: I97bc56a4e3e76725eb2717b74b3ac125b68bbf0a
|
|
Fixes: OS#3389
Change-Id: I2d1c01ed8b8d2233ced6d70972183ed4fc99007a
|
|
field pdp->num_T_exp was being reset to 0 every time
pdpctx_timer_start() was called from gsm48_tx_gsm_deact_pdp_req().
Take the chance to test max amount of retrans to 4 as detailed in specs.
Change-Id: Iacce3c66f61578ebee37abaa287f7e183f985c1c
|
|
This commit fixes TTCN3 sgsn test TC_attach_pdp_act_user_deact_mt.
Change-Id: I204209c017aac8a8402cbb8d0a0200540abcc954
|
|
Scenario and behaviour before this commit:
- Received Echo Reply from GGSN has incremented RestartCounter
- func sgsn_ggsn_ctx_drop_all_pdp() is called to dettach all pdp ctx
from GGSN and request the MS to deact all related ctx.
- DEACT ACCEPT is received from MS, and then it tries to send DEL PDP CTX
to GGSN, expecting to receive a Confirmation and only then freeing the
pdp ctx.
The problem is that since the initial cause of triggering was a GGSN
restart, the GGSN doesn't know anything about that pdp ctx anymore, so
it's not useful sending it. We can instead dettach the GGSN and libgtp
ref at drop_all_pdp() time and then when we receive DEACT ACCEPT from MS
we can free the pdp ctx directly.
Change-Id: I1c74098e181552c218e152bf4ac5035cea770428
|
|
According to 3GPP TS 24.008 Section 6.1.3.4, the tear down indicator IE
maybe included in the DEACTIVATE PDP CONTEXT REQUEST message in order
to indicate whether only the PDP context associated with this specific
TI or all active PDP contexts sharing the same PDP address and APN as
the PDP context associated with this specific TI shall be deactivated.
As we don't permit/support establishing multiple PDP contexts using
the same APN and PDP address, it shouldn't really make any difference.
Nevertheless, we want to clear everything, so let's include it.
Change-Id: Ia9bc2d0e93362a8473eac5cf4c7e8ffa41c79e5b
|
|
Change-Id: I0598427257533ce8ae9e9afa787293d7c98fed15
|
|
In sgsn_pdp_ctx_terminate, a pdp ctx is terminated and the mm ctx is
detached. However, T3395 may still be armed and then pdpctx_timer_cb
will trigger, and attempt to use the pdp->mm ctx which was already
detached (set to NULL) when calling
gsm48_tx_gsm_deact_pdp_req()->mmctx2msgid().
Following list of log lines shows the scenario+crash, in which osmo-sgsn
is trying to deactivate the ctx all the time but the PCU doesn't ACK it,
and then at some point the PDP context is forced released.
osmo-sgsn/src/gprs/gprs_gmm.c:2294 MM(901700000015254/d7e9ab95) <- DEACTIVATE PDP CONTEXT REQ
osmo-sgsn/src/gprs/gprs_gmm.c:1464 MM(901700000015254/d7e9ab95) -> GMM DETACH REQUEST TLLI=0xd7e9ab95 type=GPRS detach Power-off
osmo-sgsn/src/gprs/gprs_gmm.c:313 MM(901700000015254/d7e9ab95) Cleaning MM context due to GPRS DETACH REQUEST
osmo-sgsn/src/gprs/gprs_sgsn.c:332 MM(901700000015254/d7e9ab95) Dropping PDP context for NSAPI=5
osmo-sgsn/src/gprs/gprs_sgsn.c:434 PDP(901700000015254/0) Forcing release of PDP context
osmo-sgsn/src/gprs/gprs_sndcp.c:508 SNSM-DEACTIVATE.ind (lle=0x62100001bca0, TLLI=d7e9ab95, SAPI=3, NSAPI=5)
osmo-sgsn/src/gprs/sgsn_libgtp.c:310 PDP(---/0) Delete PDP Context
osmo-sgsn/src/gprs/gprs_gmm.c:2294 MM(---/ffffffff) <- DEACTIVATE PDP CONTEXT REQ
osmo-sgsn/src/gprs/gprs_gmm.c:305:25: runtime error: member access within null pointer of type 'const struct sgsn_mm_ctx'
Program received signal SIGSEGV, Segmentation fault.
0x0000555555698c1b in mmctx2msgid (msg=0x61d0000172e0, mm=0x0)
at /home/pespin/dev/sysmocom/git/osmo-sgsn/src/gprs/gprs_gmm.c:305
305 msgb_tlli(msg) = mm->gb.tlli;
(gdb) bt
#0 0x0000555555698c1b in mmctx2msgid (msg=0x61d0000172e0, mm=0x0)
at osmo-sgsn/src/gprs/gprs_gmm.c:305
#1 0x00005555556b170a in _gsm48_tx_gsm_deact_pdp_req (mm=0x0, tid=0 '\000',
sm_cause=38 '&')
at osmo-sgsn/src/gprs/gprs_gmm.c:2297
#2 0x00005555556b1a2e in gsm48_tx_gsm_deact_pdp_req (pdp=0x6140000008a0,
sm_cause=38 '&')
at osmo-sgsn/src/gprs/gprs_gmm.c:2311
#3 0x00005555556b876c in pdpctx_timer_cb (_pdp=0x6140000008a0)
at osmo-sgsn/src/gprs/gprs_gmm.c:2717
#4 0x00007ffff355eb3e in osmo_timers_update ()
at libosmocore/src/timer.c:257
#5 0x00007ffff356255c in osmo_select_main (polling=0)
at libosmocore/src/select.c:254
#6 0x00005555556f17cb in main (argc=3, argv=0x7fffffffe298)
at osmo-sgsn/src/gprs/sgsn_main.c:531
Change-Id: I2120e53ade6cabad37f9bd99e6680a453411821b
|