Age | Commit message (Collapse) | Author | Files | Lines |
|
Change-Id: I67cb04cfacdc4f2efa8bd829ecf66f0040bf430a
|
|
sel_si structure tracks content of SI5* and SI6 messages. The informations
will change after handover, so they do not refer to the origin cell.
The list of scanned cells is not affected. The sel_si structure will be
overwritten with the selected cell after leaving dedicated mode.
Change-Id: Idd6a35c13de56115645e0861d95c256ebf9257f8
|
|
* Flag to enter dedicated mode with TX disabled
* Flag to use sync info of neighbor cell
* Flag to use sync info of previous serving cell
* Index of neighbor cell
All these parameters are required to handover to a new channel.
Change-Id: Iadbc47f006d1f8a019822aedee180814de13cb2d
|
|
Change-Id: I792b52d9bf115a2def9720eed3d62982d8cdbe00
|
|
Change-Id: I03918bd864c711b377a795186123c85bb6f4dc4a
|
|
sap_fsm.c: In function ‘sap_negotiate_msg_size’:
sap_fsm.c:103:15: warning: passing argument 1 of ‘__bswap_16’ makes integer from pointer without a cast [-Wint-conversion]
size = ntohs((uint16_t *) param->value);
^~~~~~~~~~~~~~~~~~~~~~~~~
Change-Id: Ie58af6162c67ae377809b42daa897ca3f3d72af1
|
|
Change-Id: Id5c325ffcfea8175bc5d5499a0904c0984e00349
Fixes: OS#198542
|
|
Change-Id: Ie5843c8adafc37da0d69c335c97b422552b85049
|
|
This change fixes the following compiler warning:
sim.c: In function ‘gsm_sim_reply’:
sim.c:149:11: warning: variable ‘payload’ set but not used
[-Wunused-but-set-variable]
uint8_t *payload;
Change-Id: I3767b23bb1b28d3f4bb515d399bce160ba2eee09
|
|
Change-Id: Id539c2a3477526b816918070bab93b26c900998a
|
|
The (BT)SAP (Bluetooth SIM Access Profile) is a part of Bluetooth
specifications, that defines the protocol and procedures that
shall be used to access a smart card (usually GSM SIM) via
a Bluetooth link.
The profile defines two roles:
- Server - the side that has direct access to a smart card.
It acts as a SIM card reader, which assists the Client
in accessing and controlling the smart card.
- Client - the side that accesses and controls the smart card
inside the Server through the connection with Server.
Typical examples of a Server are a simple SIM card holder or
a portable phone in the car environment. A typical example of
a Client is a car phone, which uses a subscription module in
the Server for a connection to the cellular network.
OsmocomBB implements the Client role providing abstract SAP
interface API to the higher layers. Instead of Bluetooth,
a UNIX socket is used to communicate with a Server.
The previous implementation of (BT)SAP interface was incomplete
and hard to maintain. This change (re)implements it almost from
scratch on top of the Osmocom FSM framework.
Besides that, the most significant changes are:
- The implementation is separated into three parts:
- sap_interface.{c|h} - public SAP interface API,
- sap_proto.{c|h} - SAP protocol definition,
- sap_fsm.{c|h} - SAP FSM implementation.
- Both 'sap_message' and 'sap_param' structures follow the
SAP message format definition according to 5.1 and 5.2.
- The message parsing is done more carefully in order to
prevent buffer overflow and NULL-pointer dereference.
- Introduced public API for getting / adding message
parameters, and checking the ResultCode.
- Introduced public API for opening / closing a connection
with the server, powering on / off and resetting the SIM
card, sending ATR and APDU.
- Introduced a call-back for handling the response message.
- Card reader state is also a part of the public API.
The new implementation was tested against softsim [1]. The
only limitation is Server-initiated Release, that allows the
Server to 'ask' a Client to release connection as soon as
communication with the smart card is finished. This is not
implemented (yet), and leads to immediate release.
[1] https://git.osmocom.org/softsim/
Change-Id: I77bb108615bb2c94c441568f195b04e0a5421643
|
|
Change-Id: Iad9b3d88b02cc7ec4cf64483bbc85e3a61c9ad10
|
|
The 'osmo' prefix is usually used by libosmo-* symbols.
Change-Id: Id37d8553c2f2c20012fb1b729967b92a9a03f612
|
|
Change-Id: I4ba5a8a42bf25d04b152ac3f1f0e4d7eac7f068f
|
|
Change-Id: I0776bc43360dfa2229243fb022cd318242ca6400
|
|
Change-Id: Ib3aa81986987027718e2a8b461afd28787bda4c2
|
|
Passing NULL to sap_msg_free() is not only meaningless, but also
would result in NULL pointer dereference. We should call it in
successful case only, so let's fix this.
Change-Id: Icf868c4299e292a17c4b7aad1f9e728ea3653494
|
|
Change-Id: I054be24666fcd5eb8a70cfcac0e7ed566e909b90
|
|
Change-Id: I683f87ae09393c45377c39317b08c613055ceb16
|
|
Change-Id: I408b3e1fa40e9b5daf88fa6ed5f3930b83dffe6f
|
|
Change-Id: Ie3040c75bb61094b9b601aef9d699db603d292f4
|
|
Change-Id: I3965843c4d49e31b1b5156d9ee8439eef6ecaab1
|
|
Change-Id: I8cab7cc72f026947859cc607f65d925803424cf7
|
|
Change-Id: I3a2908bf11300ec681beddb5a54f9a62ca5430ae
|
|
Almost all layer23 applications, excluding mobile, have nothing
to do with SAP interface. Moreover, the current implementation
does initialize SAP connection automatically, as soon as the
first message is sent.
Change-Id: I62cc69c06fa15468a55bb0a9d408267d0745174c
|
|
Log via LOGP() like the rest of the file instead of fprintf() for
consistency. While at it, also print error cause.
Change-Id: Id205bcd9bdb7c3e4b96493d50be8381a6fa80ac6
|
|
Fixes following ASan warning:
git/osmocom-bb/src/host/layer23/src/misc/../common/main.c:146:2: runtime error: null pointer passed as argument 2, which is declared to never be null
The warning however is harmless since in that case, app_len = 0 and thus
size to copy is 0.
Change-Id: I009a5b53f1e5be72ce347d64d3a7cb1d95d37ea3
|
|
Change-Id: I0e97d3e8c3688064c959ea60ecef50cfbbc1bcd6
|
|
Change-Id: I5c1a6d98079ad846d114584a17ba9d80d95e0595
|
|
Unlike the DATA messages, traffic frames may have different length.
Instead of having fixed payload (i.e. TCH frame) length, let's
introduce a flexible array member. This would allow one to
calculate the frame length using the MSGB API.
Change-Id: I119fa36c84e95c3003d57c19e25f8146ed45c3c6
|
|
Change-Id: Iad00eebf03b38b9c4fc2d7ed66697d23a953d8b2
|
|
L1CTL implementation (i.e. l1ctl.c) is not a good place for the
SIM specific stuff. Let's move it to the proper place (i.e. sim.c).
As a bonus, this change fixes a possible problem of loosing the
cached APDUs if two or more L2&3 applications are using a single
LAPDm connection. The APDU buffer is dedicated per MS now.
Change-Id: I564c610e45aa3b630ca5d1ec6bc1cace0dc9c566
|
|
Change-Id: Ib63e1205d7b845c8779eb511635f26bae3a18085
|
|
Almost all handlers for received L1CTL messages are also affected
by the bug fixed in I7fe2e00bb45ba07c9bb7438445eededfa09c96f3. In
short, they do verify the length of 'msg->l2h' or 'msg->l3h', but
not the 'msg->l1h'. Let's fix this, and also add missing checks.
Change-Id: I866bb5d97a1cc1b6cb887877bb444b9e3dca977a
|
|
As we assign the payload following L1CTL header to 'msg->l1h',
it makes sense to avoid possible naming confusion.
Change-Id: I5d21ca8664b3445f472d3ffde90d0e11805dcb16
|
|
The actual L1CTL header is pointed by 'msg->l1h', not 'l2h'!
Since msg->l2h is NULL (because nobody set it), the result of
msgb_l2len() would always be bigger than size of L1CTL header,
as it is calculated in the following way:
return msgb->tail - (uint8_t *)msgb_l2(msgb);
So, in case if 'msg->l2h' is NULL, it turns into:
return msgb->tail - 0;
Change-Id: I7fe2e00bb45ba07c9bb7438445eededfa09c96f3
|
|
In l1ctl_recv() we actually expect to 'see' the L1CTL header
instead of the DL info header. Let's fix this.
Change-Id: Ic7d017bef04f3c186565d5dade36959df1019bd8
|
|
There is no need to keep the L1CTL header in messages being sent
towards the upper layers, but the L1 info header can be used by
L2&3 to obtain some information, e.g. TDMA frame number.
Change-Id: Id64249f1b7a1c2be578263ba62aa195c452ab7e8
|
|
Change-Id: I863fb668500b2010dfef7a63217255fd010c06d7
|
|
Change-Id: I02bc581afb5a76c51fdef50ed40e2669c3eb3f2e
|
|
Despite the correct range of Timing Advance value is [0..63],
there is a special feature in OsmocomBB which allows one to
simulate the distance between both MS and a BTS by playing
with the signal delay.
It was discovered that l1ctl_tx_param_req() is using an unsigned
'uint8_t' type for Timing Advance value, while other code and
L1CTL protocol is using signed 'int8_t'. This may result in
distortion of negative values, so let's fix this!
Change-Id: I6ee42b5fa2ca9ebe187f0b933465c49f840a55c2
|
|
We don't need to hand-code unix domain socket initialization but
can simply use our library function for it. As an added benefit,
the library code already contains corner case handling for non-NUL
terminated unix domain socket path.
Change-Id: I57c724c78dbbbce0546ebe914e370f32c8c89703
|
|
This gives us working/safe zero termination without overflowing
the destination string size.
Change-Id: Ica6098ceba2bd01ce3b216085442cc5eed0ca507
|
|
This fixes the following alignment issue uncovered by asan:
l1l2_interface.c:169:7: runtime error: store to misaligned address 0x61600001ab99 for type 'uint16_t', which requires 2 byte alignment
0x61600001ab99: note: pointer points here
00 00 00 00 00 00 06 0a 01 19 19 40 18 00 07 00 01 03 49 06 15 00 40 01 c0 00 00 00 00 00 00 00
^
Change-Id: Ie65b428107d35bac99bc870fdbc4dc509ca2f33c
|
|
When starting multiple mobile in the same second, the libc random number
generator will be seeded to exactly the same value.
The random bits inside the RACH request(s) will be exactly the same
across multiple mobile and when the channel fails they all pick the same
randomized back-off timing.
Use stronger random numbers and replace all calls to random(2) with
osmo_get_rand_id. Add a fallback to try random().
[v2: Add helper to make sure the result is int and between 0 and
RAND_MAX]
Change-Id: Icdd4be88c62bba1e9d954568e48f0c12a67ac182
|
|
Previously, TCH frames coming from L1 were reordered to the RTP
format. Moreover, the implementation had a few problems:
- L1CTL is not the best place for such manipulations;
- payloads with other than FR codec were corrupted.
Let's use RTP-ordered payloads on the L1CTL interface,
performing TCH frame reordering at the firmware.
Please note, that actual FR reordering was moved to the firmware
as is, without any codec determination. This could be fixed in
a separate change.
Change-Id: I81ec8ed3c9e72a62b22c1720c299cdc68b733cf1
|
|
Previously, the L1CTL_CRYPTO_REQ message contained only a ciphering
algorithm and actual Kc key to be used. The key length was
calculated manually using the MSGB API.
Let's avoid manual calculations here, as it may cause unexpected
behavior if the message structure is changed. Also, let's fill
the UL header with minimal information about a channel, which
is going to be encrypted.
Change-Id: I5fab079907c5276322d3ec2b46cab81f10c7ed09
|
|
Change-Id: Id2d266c48d30c06dfdc3b8c84d875038b43f2ad8
|
|
We want the script interface to interface through a primitive
interface. This will allow to move it to a different thread or
a process in the future. The script interface will just use the
primitives.
It is not clear how "sap" will be used here. I am keeping it
at 0 right now. The first primitive is starting a timer with a
request and then getting an indication as a response.
Change-Id: Id2456b7fae35546553c4805f12a40c0812d9255c
|
|
Add a mobile application logging category and replace printf with
a LOGP. The code is sadly still using exit in the middle of handling.
Change-Id: I71e7f6e6375a485b45bad76ada2be17b0901577d
|