| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
This adds a minimalistic ACL by which certain, individual roaming IMSIs
can be authorized to use the SGSN. So you can selectively bypass the
'MCC+MNC == first 5 digits of IMSI' checking for a couple of IMSIs
|
|
elements.
Original code was inconsistent about lengths and could lead to out
of bounds write. Lengths were also inconsistent with the TS 24.008.
Fixes: Coverity CID 1040714.
|
|
It might be that we're deleting structures instead of properly cleaning
up the attached libgtp handles...
|
|
This also removes the dependency to osmo_sock() inside libcommon and
replaces it with osmo_sock_* from libosmocore
|
|
There is no explicit BSSGP RESUME in case the MS sends a RA UPD REQ
after being in SUSPEND previously.
|
|
In case a MS (of which we have no MM context) sends us anything but a
GMM ATTACH REQUEST, we need to send it a LLC XID RESET (by means of
issuing LLGMM-RESET.req). Otherwise the phone will expect us to send a
specific unacknowledged sequence number that we don't know.
Thanks to Holger for pointing this bug out to me.
It seems to commonly occur when a MS is doing network re-selection and
(erroneously) sends a RA UPD REQ instead of an ATTACH REQ. The RA UPD
REJ that we sent was never seen by the GMM entity in the MS, as the LLC
entity discarded it due to sequence number mis-match.
|
|
gprs_gmm.c:240:2: warning: passing argument 4 of ‘gprs_llc_tx_ui’ discards qualifiers from pointer target type
../../include/openbsc/gprs_llc.h:151:5: note: expected ‘void *’ but argument is of type ‘const struct sgsn_mm_ctx *’
gprs_gmm.c:349:11: warning: unused variable ‘ptsig’
gprs_gmm.c:601:5: warning: too many arguments for format
gprs_gmm.c:987:25: warning: initialization discards qualifiers from pointer target type
gprs_gmm.c:1010:6: warning: ‘rc’ may be used uninitialized in this function
|
|
The byte ordering is a bit odd: The least significant byte is ahead of
the most significant byte, different from everything else in GSM that
seems to be big-endian.
Thanks to Seungju Kim <admin@manateeshome.com> for repoerting the bug.
|
|
The MS Radio Access Capability IE can be _very_ long in some recent
high-end mobile phones, way beyond the old 14-byte limit. We increase
our array to 52 bytes, and make sure not to overflow that buffer.
|
|
Detected by Smatch:
/home/laforge/projects/git/openbsc/openbsc/src/gprs/gprs_gmm.c +757 gsm48_rx_gmm_att_req(133) warn: variable dereferenced before check 'ctx'
|
|
Summary of changes:
s/bcd2char/osmo_bcd2char/g
s/char2bcd/osmo_char2bcd/g
s/hexparse/osmo_hexparse/g
s/hexdump/osmo_hexdump/g
s/hexdump_nospc/osmo_hexdump_nospc/g
s/ubit_dump/osmo_ubit_dump/g
s/static_assert/osmo_static_assert/g
|
|
Summary of changes:
s/struct timer_list/struct osmo_timer_list/g
s/bsc_add_timer/osmo_timer_add/g
s/bsc_schedule_timer/osmo_timer_schedule/g
s/bsc_del_timer/osmo_timer_del/g
s/bsc_timer_pending/osmo_timer_pending/g
s/bsc_nearest_timer/osmo_timers_nearest/g
s/bsc_prepare_timers/osmo_timers_prepare/g
s/bsc_update_timers/osmo_timers_update/g
s/bsc_timer_check/osmo_timers_check/g
|
|
The last patch changed the osmocore include paths, this fixes some build
problems caused by it
|
|
libosmogsm is a new library that is distributed in the libosmocore.
Now, openbsc depends on it. This patch gets openbsc with this
change.
This patch also rewrites all include path to the new
osmocom/[gsm|core]
Signed-off-by: Pablo Neira Ayuso <pablo@gnumonks.org>
|
|
In case we get a RA UPD REQ on a new cell (both served by the same
SGSN), the LLC stack should not allocate a ne LLE/LLME, as the latter
would reset the V(u)sent / V(u)recv to zero and make the MS discard
our responses.
Instead, whenever the LLC stack sees a foreign TLLI, it should always
convert it to the local TLLI before doing any lookup for a LLE/LLME.
|
|
The reason for this is quite simple: We want to make sure anyone
running a customized version of OpenBSC to operate a network will
have to release all custom modifiations to the source code.
|
|
|
|
If the GGSN restarts, its restart counter will increase. We can
detect that and accordingly release/delete all PDP contexts for
that GGSN.
|
|
As we do not yet use the HLR from the SGSN, we allow all MS to
attach to our GPRS network. However, if this is running in a public
environment, it could cause service interruption to users of commercial
GPRS networks.
Thus, we now check if the first 5 digits of the IMSI match the MCC/MNC
of the cell that they want to register to. Thus, any subscribers with
SIM cards from real operators will no longer be accepted.
|
|
If a MS changes RA, the RA will arrive in the new cell using the old
TLLI (masked as foreign TLLI). So we need to look-up the TLLI
in a special way, using the old RA as indicated in the 04.08 GMM
message.
There is still another bug remaining: As we somehow create a new LLC,
the sequence numbers of our responses start from 0 again, which is not
what the MS expects. This needs to be fixed in a follow-up patch.
|
|
The original length checks were based on 04.08, but 24.008 allows
longer IEs.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
In case our PDP CTX ACT ACK gets lost on the Gb or Um link,
the MS re-transmits the PDP CTX ACT REQ. We have to ACK it
again instead of REJecting it..
|
|
|
|
Once The TLLI (or P-TMSI of which it is derived) change has been
confirmed by the MS, we need to unassign the old TLLI but keep
the new TLLI _without_ re-setting the LLC entity structure such
as VUsend /VUrecv counters.
|
|
|
|
|
|
|
|
|
|
|
|
Some phones (notably a Ericsson Mobile Platform based E-TEN M800)
insist on sending PDP CTX DEACT messages for contexts that have already
been deactivated. The spec doesn't really say what we should do in
this case. But since there is no "reject", we simply acknowledge it.
|
|
* separate the LLME and LLE state in the LLC layer
* introduce gprs_llgmm_assign() function for LLGMM-ASSIGN.req primitive
* change QoS profile to match 'real' SGSN
* Update the new TLLI when assigning a P-TMSI
The result now is that the LLC layer is notified of TLLI changes, which in turn
means it doesn't allocate a new LLE structure every TLLI change, which again
in turn means that the UI frame sequence number does not reset to zero.
As a result, MS should no longer ignore frames based on wrong UI sequence number.
|
|
Commands initiatied by the SGSN have to set C/R = 1
|
|
When we send a downlink unit-data request via BSSGP, there is a lot
of information that needs to be copied from the mm context, such as
the IMSI, DRX parametes, MS radio access parameters, ...
This is a quite strange layering violation, since we now need to pass
a pointer to the MM ctx from GMM through LLC into BSSGP :(
|
|
Our state transitions and timers now reflect 04.08 for GMM much
better than before. Also, we allocate a new P-TMSI on every ATTACH
and RA UPDATE, as some phones seem to get confused if they don't
get a P-TMSI.
|
|
|
|
|
|
|
|
|
|
It's really strange. In GTP those 4 bits are 1, in 04.08 they are
zero. Otherwise the IE is exactly the same :/
|
|
|
|
|
|
|
