Age | Commit message (Collapse) | Author | Files | Lines |
|
The state check in lapd_dl_reset causes some buffers
never to be released. Using talloc report LAPD UA
message buffers are never released after each call
and cause a memory leak.
Change-Id: I2799b70623f2ec4dbc725eb213e332e98da02a3e
|
|
We don't really use state numbers without bounds check into string
tables since March 2010, when value_string became part of libosmocore.
It's time to catch up, 7 years later...
Change-Id: I1dac7b4cb441a1119cc167112521e8b8aae62e63
|
|
in lapd_t200_cb() The RELEASE INDICATION is transmitted before
the MDL ERROR INIDCATION, this prevents the MDL ERROR INDICATION
from being sent because the RELASE INDICATION close to connection
eraly. This commit puts the messages into the correct order.
Change-Id: Iae74777138fc27828f511e3aa321d1981861f4a5
|
|
when the lapd core is in state LAPD_STATE_SABM_SENT, and the
retransmission counter exceeds (link down) lapd_t200_cb() will
send an RELASE_INDICATION and an MDL_ERROR_INDICATION to L3.
This action is done before the state is processed. This seems
to be no problem with standard retransmission counts (n200),
but may cause timing problems that lead to deadlock states when
custom timer configurations are in use. (Ericsson RBS).
This commit moves the functions calls for sending the indications
mentioned above to the very end of the if branch to relax the
timing again. (See lapd_t200_cb())
Change-Id: I1c1beb3701b19744a3ce9946abca7767d20a0b6a
|
|
The debug output of lapd core has no references to the dl objects,
since we have multiple links, seeing which action is for which
object is impossible. This commit adds pointer references (dl=%p)
to each log line.
Change-Id: I3024d1cbd58631e2abac4ce5822528e2e6e15fda
|
|
oap_test.c
Change-Id: Id524327b3f44e22e3aa44c5e8e4965b084cb326a
|
|
Log error cause and state names in case of SABM errors.
Change-Id: I2c7fa276e03f8b14ba41cc1fb6e19d0aae77d127
|
|
When lapd_dl_flush_hist() was called before we actually had started a
transmit history from lapd_dl_init(), we woul segfault before this
patch.
Change-Id: Ifa677c9b335dd2884b4f3e44699d901957a0500b
|
|
If lapd_dl_flush_hist() is called after lapd_dl_exit(), dl->tx_hist has
already been free'd and set to NULL. Check for this before attempting
to de-reference a NULL pointer.
This bug breaks OpenBSC with any E1 based BTSs using DAHDI.
Change-Id: I117ba3445fa5e8097e21c11c5a6337de6ba46c7d
Related: OS#1760
|
|
|
|
If LAPDm receives an I-Frame while there already is an I-Frame in the
tx_queue the code generates an additional RR (to acknowledge the
received I-Frame). Instead, N(R) of the I-Frame in the tx_queue should
be updated to ACK the data.
|
|
When debugging an issue that involves SAPI=0 and SAPI=3 the
log file does not have enough context. Add the SAPI to this
message so we at least understand which SAPI we are talking
about.
|
|
I saw this while playing with talloc pools and wondered why
lapd_core is creating a log_info. Use the right struct for
the array.
|
|
if (ptr)
msgb_free(ptr)
extends to:
if (ptr)
talloc_free(ptr)
And according to the talloc documentation a talloc_free(NULL)
will not crash: "... Likewise, if "ptr" is NULL, then the function
will make no modifications and returns -1."
|
|
lapdm.c takes the re-establishment message and forwards it to lapd_core.c,
so we can assume that msgb is set at primitive. In case there is data in
the re-establishment msg, it is moved into send_buffer. In case of no
data (0 length), it must be freed.
Fixes an issue spotted by Coverity Scan.
|
|
If the datalink fails or if handover or assignment to a new channel fails,
it is re-establised by sending SABM again. The length of establish message
is 0 in this case. The length is used to differentiate between
re-establishment and contention resolution, which has to be handled
differently.
See TS 04.06 Chapter 5.4.2.1
|
|
When a SABM(E) frame arrives, we have to trim the L2 padding (0x2b for
gsm) before handing the data off to L3, just like we do with I frames.
Also, we should use mggb_trim() or even msgb_l3trim() instead of
manually fiddling with msgb->length and ->tail pointers.
|
|
Make detecting use after free of the tx_hist easy and set the
variable to NULL after talloc_free has been freed.
|
|
After reception of SABM, the network responds with UA and enters the
establised multiframe state. If UA is not received by mobile, the SABM
is transmitted again, and the network must respond with UA again, unless
it is from a different mobile.
Add LAPDm collision test (contention resolution on network side).
|
|
Doxygen generates quite a lot of warnings on libosmocore. Some of them
are obvious typos - this patch aims to fix such low-hanging fruit.
|
|
Log message that are either too big or have the C/R bit set as error.
|
|
|
|
lapd_core.c: In function 'lapd_acknowledge':
lapd_core.c:710:38: warning: variable 't200_start' set but not used [-Wunused-but-set-variable]
|
|
DATA REQ with a msgb_l3len(msg) == 0 message does not make any
sense, log an error and return immediately before attempting to
send an empty I frame in lapd_send_i.
|
|
|
|
If a sequence error is received, the N(R) variable must still be used to
acknowledge previously transmitted frames.
If there are two subsequent sequence errors received, ignore it. (Ignore
every second subsequent error.) This happens if our reply with the REJ is
too slow, so the remote gets a T200 timeout and sends another frame with
a sequence error. Test showed that replying with two subsequent REJ
messages could the remote L2 process to abort. Replying too slow shouldn't
happen, but may happen over serial link between BB and LAPD.
Written-by: Andreas.Eversberg <jolly@eversberg.eu>
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
|
|
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
|
|
Written-by: Andreas Eversberg <jolly@eversberg.eu>
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
|
|
|
|
Instead of mixing together the GSM layer 1 interface and RSL interface
with the implementation of LAPD, the core function of LAPD is now
extracted from LAPDm. The core implementation is now in lapd_core.c
and lapd_core.h respectively.
The lapd_core.c implements exactly one datalink instance for one SAP.
The surrounding implementation "lapdm.c" codes/decodes the layer 2
headers and handles multiplexing and datalink instances, as well as
translates primitives from/to RSL layer.
lapd_core.c can now be used for other LAPD implementations. (ISDN/ABIS)
|