| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Change-Id: Ib89f45b5c8612ed6c9a8dedb7d3b7aa712c17feb
|
|
Previously the vty bind config parameter was always ignored. Fix this by using proper
default value from the config unless it's explicitly set via command-line parameter.
Change-Id: I32517567847fd5c54b1742f18bf409ff81e316fa
|
|
Remove locally defined function which conflicts with the one in
libosmocore.
Change-Id: I1be1d39f7c93c959ca33f6296ecda71996865cca
|
|
Log via LOGP() like the rest of the file instead of fprintf() for
consistency. While at it, also print error cause.
Change-Id: Id205bcd9bdb7c3e4b96493d50be8381a6fa80ac6
|
|
Change-Id: I18eb46743e4c0e4e8f8032883f39fec355f03c78
|
|
This makes reading code easier and simplifies further modifications.
Change-Id: I7eff2a61495ff167dc19fc9a41882a7a11fbf32d
|
|
This simplifies adding new functions and re-using them from other parts
of the code.
Change-Id: Ibad400a99afe052f011f54fc706836b6bf89f4b9
|
|
Fixes following ASan warning:
git/osmocom-bb/src/host/layer23/src/misc/../common/main.c:146:2: runtime error: null pointer passed as argument 2, which is declared to never be null
The warning however is harmless since in that case, app_len = 0 and thus
size to copy is 0.
Change-Id: I009a5b53f1e5be72ce347d64d3a7cb1d95d37ea3
|
|
Change-Id: I0e97d3e8c3688064c959ea60ecef50cfbbc1bcd6
|
|
Change-Id: I5c1a6d98079ad846d114584a17ba9d80d95e0595
|
|
Unlike the DATA messages, traffic frames may have different length.
Instead of having fixed payload (i.e. TCH frame) length, let's
introduce a flexible array member. This would allow one to
calculate the frame length using the MSGB API.
Change-Id: I119fa36c84e95c3003d57c19e25f8146ed45c3c6
|
|
Change-Id: Iad00eebf03b38b9c4fc2d7ed66697d23a953d8b2
|
|
L1CTL implementation (i.e. l1ctl.c) is not a good place for the
SIM specific stuff. Let's move it to the proper place (i.e. sim.c).
As a bonus, this change fixes a possible problem of loosing the
cached APDUs if two or more L2&3 applications are using a single
LAPDm connection. The APDU buffer is dedicated per MS now.
Change-Id: I564c610e45aa3b630ca5d1ec6bc1cace0dc9c566
|
|
Change-Id: Ib63e1205d7b845c8779eb511635f26bae3a18085
|
|
Almost all handlers for received L1CTL messages are also affected
by the bug fixed in I7fe2e00bb45ba07c9bb7438445eededfa09c96f3. In
short, they do verify the length of 'msg->l2h' or 'msg->l3h', but
not the 'msg->l1h'. Let's fix this, and also add missing checks.
Change-Id: I866bb5d97a1cc1b6cb887877bb444b9e3dca977a
|
|
As we assign the payload following L1CTL header to 'msg->l1h',
it makes sense to avoid possible naming confusion.
Change-Id: I5d21ca8664b3445f472d3ffde90d0e11805dcb16
|
|
The actual L1CTL header is pointed by 'msg->l1h', not 'l2h'!
Since msg->l2h is NULL (because nobody set it), the result of
msgb_l2len() would always be bigger than size of L1CTL header,
as it is calculated in the following way:
return msgb->tail - (uint8_t *)msgb_l2(msgb);
So, in case if 'msg->l2h' is NULL, it turns into:
return msgb->tail - 0;
Change-Id: I7fe2e00bb45ba07c9bb7438445eededfa09c96f3
|
|
In l1ctl_recv() we actually expect to 'see' the L1CTL header
instead of the DL info header. Let's fix this.
Change-Id: Ic7d017bef04f3c186565d5dade36959df1019bd8
|
|
There is no need to keep the L1CTL header in messages being sent
towards the upper layers, but the L1 info header can be used by
L2&3 to obtain some information, e.g. TDMA frame number.
Change-Id: Id64249f1b7a1c2be578263ba62aa195c452ab7e8
|
|
In some conditions it's required to maintain continuous burst
transmission (e.g. on C0). If there is nothing to transmit at
a given moment, either a LAPDm func=UI fill frame,
or a "dummy" Paging Request is used.
In case of 'ccch_scan' application, they are useless.
Let's detect and omit them.
Change-Id: I6ccecb1a78bdac3e467bdc14b7a01afbe17aa53c
|
|
Change-Id: I81d6558525e7f68c4fcd6c6272224d58532e2efb
|
|
Change-Id: Ic88f5d4b263610a376bbb9729e882097393ef2be
|
|
Change-Id: I8c2594920fcad8a3e346b938bd0c20409f4d01c9
|
|
Change-Id: I03da1329501ce9b3c5cca49a1654ba68e9bb6a98
|
|
By definition, 'ccch_scan' application is intended to be used for
monitoring of CCCH channels on C0/TS0. There is no need to send
RACH requests, therefore there is no need to care about the
mobile allocation from SI1 message.
Most likely, this "dead" code was copy-pasted from mobile
application. Let's clean it up!
Change-Id: I7c2f47cbc825a5e5a50863d842729d3d8408b9dd
|
|
Change-Id: I863fb668500b2010dfef7a63217255fd010c06d7
|
|
Change-Id: I02bc581afb5a76c51fdef50ed40e2669c3eb3f2e
|
|
Same as the "network search" VTY command but implemented as primitive
and exposed to LUA.
Change-Id: I096233a2ca9dd7daa358cebed0523cb8c0dbf593
|
|
Despite the correct range of Timing Advance value is [0..63],
there is a special feature in OsmocomBB which allows one to
simulate the distance between both MS and a BTS by playing
with the signal delay.
It was discovered that l1ctl_tx_param_req() is using an unsigned
'uint8_t' type for Timing Advance value, while other code and
L1CTL protocol is using signed 'int8_t'. This may result in
distortion of negative values, so let's fix this!
Change-Id: I6ee42b5fa2ca9ebe187f0b933465c49f840a55c2
|
|
We don't need to hand-code unix domain socket initialization but
can simply use our library function for it. As an added benefit,
the library code already contains corner case handling for non-NUL
terminated unix domain socket path.
Change-Id: I57c724c78dbbbce0546ebe914e370f32c8c89703
|
|
To have bi-directional communication we can pass credentials to the
registry server and now we can register a callback when the registry
is sending data to us.
The callback needs to return if the fd should continue to be selected
as I found no way to push the userdata as parameter on the stack. Lua
code will look like:
local host, port = "www.osmocom.org", 80
local tcp = socket.tcp()
tcp:connect(host, port);
tcp:send("GET / HTTP/1.0\r\n\r\n");
local cb = function()
local s, status, partial = tcp:receive()
print(s)
if status == 'closed' then
tcp:close()
return 0
end
return 1
end
local foo = osmo.register_fd(tcp:getfd(), cb)
Change-Id: I8254bdda1df2f8fe0a5eac894b931e7de5b426df
|
|
Don't try to unref something else after we have given up our
spot in the table.
Change-Id: I4e8db297e816d3d07a46147d5d3bdc0e8fae6c9a
|
|
This gives us working/safe zero termination without overflowing
the destination string size.
Change-Id: Ica6098ceba2bd01ce3b216085442cc5eed0ca507
|
|
settings.c: In function ‘gsm_random_imei’:
settings.c:188:26: warning: ‘sprintf’ may write a terminating nul past the end of the destination [-Wformat-overflow=]
sprintf(rand + 8, "%07ld", random() % 10000000);
^
settings.c:188:2: note: ‘sprintf’ output between 8 and 9 bytes into a destination of size 8
sprintf(rand + 8, "%07ld", random() % 10000000);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Change-Id: Id949487111235cd4af5ff068f1dce2f4b0801480
|
|
settings.c:191:2: warning: ‘strncpy’ output may be truncated copying 15 bytes from a string of length 15 -Wstringop-truncation]
strncpy(set->imeisv, set->imei, 15);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
CC subscriber.o
CC support.o
CC transaction.o
CC vty_interface.o
CC voice.o
CC mncc_sock.o
CC primitives.o
mncc_sock.c: In function ‘osmo_unixsock_listen’:
mncc_sock.c:318:2: warning: ‘strncpy’ specified bound 108 equals destination size [-Wstringop-truncation]
strncpy(local.sun_path, path, sizeof(local.sun_path));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
CC script_lua.o
vty_interface.c: In function ‘cfg_gps_device’:
vty_interface.c:1144:2: warning: ‘strncpy’ specified bound 32 equals destination size [-Wstringop-truncation]
strncpy(g.device, argv[0], sizeof(g.device));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
AR libmobile.a
Change-Id: Id52978f3bf7a8abea62237d7c32f8f87e1bb34a1
|
|
This fixes the below warnings:
gsm322.c: In function ‘gsm322_cs_ba_range’:
gsm322.c:3480:3: warning: ‘strncpy’ specified bound 10 equals destination size [-Wstringop-truncation]
strncpy(lower_text, gsm_print_arfcn(index2arfcn(lower)), ARFCN_TEXT_LEN);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
gsm322.c:3480:3: warning: ‘strncpy’ specified bound 10 equals destination size [-Wstringop-truncation]
gsm322.c:3480:3: warning: ‘strncpy’ specified bound 10 equals destination size [-Wstringop-truncation]
gsm322.c:3480:3: warning: ‘strncpy’ specified bound 10 equals destination size [-Wstringop-truncation]
gsm322.c:3481:3: warning: ‘strncpy’ specified bound 10 equals destination size [-Wstringop-truncation]
strncpy(higher_text, gsm_print_arfcn(index2arfcn(higher)), ARFCN_TEXT_LEN);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
gsm322.c: In function ‘gsm322_cs_powerscan’:
gsm322.c:2862:2: warning: ‘strncpy’ specified bound 10 equals destination size [-Wstringop-truncation]
strncpy(s_text, gsm_print_arfcn(index2arfcn(s)), ARFCN_TEXT_LEN);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
gsm322.c:2863:2: warning: ‘strncpy’ specified bound 10 equals destination size [-Wstringop-truncation]
strncpy(e_text, gsm_print_arfcn(index2arfcn(e)), ARFCN_TEXT_LEN);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Change-Id: I08f938cfb2589574e90d5831a00c0140f71d5bfe
|
|
gsm322.c:366:22: warning: ‘sprintf’ may write a terminating nul past the end of the destination [-Wformat-overflow=]
sprintf(string, "-%d", 110 - rxlev);
^
gsm322.c:366:2: note: ‘sprintf’ output between 3 and 6 bytes into a destination of size 5
sprintf(string, "-%d", 110 - rxlev);
Change-Id: I7b19fef89ba0cb0c1edbdd62c46ad8395e44145b
|
|
This fixes the following alignment issue uncovered by asan:
l1l2_interface.c:169:7: runtime error: store to misaligned address 0x61600001ab99 for type 'uint16_t', which requires 2 byte alignment
0x61600001ab99: note: pointer points here
00 00 00 00 00 00 06 0a 01 19 19 40 18 00 07 00 01 03 49 06 15 00 40 01 c0 00 00 00 00 00 00 00
^
Change-Id: Ie65b428107d35bac99bc870fdbc4dc509ca2f33c
|
|
When starting multiple mobile in the same second, the libc random number
generator will be seeded to exactly the same value.
The random bits inside the RACH request(s) will be exactly the same
across multiple mobile and when the channel fails they all pick the same
randomized back-off timing.
Use stronger random numbers and replace all calls to random(2) with
osmo_get_rand_id. Add a fallback to try random().
[v2: Add helper to make sure the result is int and between 0 and
RAND_MAX]
Change-Id: Icdd4be88c62bba1e9d954568e48f0c12a67ac182
|
|
Change-Id: I231ac9987ff3c13fafcd272b7d9aae3938ab5972
|
|
It was decided to migrate to osmo_get_rand_id() and use random()
as a fall-back. But there is a critical difference between both
functions: osmo_get_rand_id() fills an input buffer with random
bytes (0x00 - 0xff), while *random() returns a value in range
between 0 and RAND_MAX.
osmo_get_rand_id() was used in a wrong way, so in some cases we
could get a negative value (how about IMEI starting from '-'?),
what isn't expected in many cases and could lead to unexpected
behaviour and segmentation faults...
This reverts commit 6d49b049ee304f1ea0e4801df61e69713b01f0f8.
Change-Id: I7b2a8a5c63cf64360a824926a2219fd7e419b1bb
|
|
When starting multiple mobile in the same second, the libc random number
generator will be seeded to exactly the same value.
The random bits inside the RACH request(s) will be exactly the same
across multiple mobile and when the channel fails they all pick the same
randomized back-off timing.
Use stronger random numbers and replace all calls to random(2) with
osmo_get_rand_id. Add a fallback to try random().
Change-Id: Ie0cc64663cd4b90c027b79545dc5d3ac9d87b9dd
|
|
This can be useful to have bidirectional communication between the
mobile lua script an external control script.
Change-Id: Ib4a5eef611f524f5d21cb6a7f4eace22b8ba60d0
|
|
Disable storing the SMS on disk. This is useful when scripting mobile.
Keep the default of attempting to store it to disk.
Change-Id: I6353447343d98ebaa5e12ab63f995750f81c8500
|
|
It seems the original code didn't allocate \0 for the string. Just use
talloc_asprintf and get a new string...
Change-Id: I8ffb50b04d2d6196caf0231711f3467abc8c5ea5
|
|
Before jumping to the failure handling code free the sms_file.
Change-Id: Ifce2bc130fe3a5bd49ad457ee61002952dd496ba
|
|
When no cell was found during the PLMN search the camp on any cell
state will be entered. LUs are prevented in this state and it will be
left after the start_any_timer has timedout. Even if camping on the
home network the state will not be left before the expiry of the timer.
For systematic tests this is producing a too high upper bound. Make it
configurable so we can succeed with a UL more quickly.
Change-Id: I25bc985cd4360d5e37d05a7b16b39eefb75ce20f
|
|
Previously, TCH frames coming from L1 were reordered to the RTP
format. Moreover, the implementation had a few problems:
- L1CTL is not the best place for such manipulations;
- payloads with other than FR codec were corrupted.
Let's use RTP-ordered payloads on the L1CTL interface,
performing TCH frame reordering at the firmware.
Please note, that actual FR reordering was moved to the firmware
as is, without any codec determination. This could be fixed in
a separate change.
Change-Id: I81ec8ed3c9e72a62b22c1720c299cdc68b733cf1
|
|
Previously, the L1CTL_CRYPTO_REQ message contained only a ciphering
algorithm and actual Kc key to be used. The key length was
calculated manually using the MSGB API.
Let's avoid manual calculations here, as it may cause unexpected
behavior if the message structure is changed. Also, let's fill
the UL header with minimal information about a channel, which
is going to be encrypted.
Change-Id: I5fab079907c5276322d3ec2b46cab81f10c7ed09
|
|
The primitives are still allocated and dispatched but there was
no script handler to delete them. Change the ownership to delete
it at the end of the dispatch.
Change-Id: I510af13bcbb46f73a0a289f26a4921cc90bd986a
Fixes: OS#2925
|
