Age | Commit message (Collapse) | Author | Files | Lines |
|
This adds the option to delete all BVC peers and/or NS_VC with a
given NSEI with a single command. Static (configured) NS-VC are not
affected. In addition, all connections for this NSEI that can be
deleted by this command can be listed without deleting them by
appending 'dry-run' to the command.
Sponsored-by: On-Waves ehf
|
|
This just deletes the peer entry based on NSEI and BVCI. The NS-VC
are not touched.
|
|
This also frees the counter group pointed to by peer->ctrg when the
peer gets freed.
Sponsored-by: On-Waves ehf
|
|
Currently such messages lead to a creation of a new peer with the
SGSN's NSEI, which results in echoing the message back to the SGSN.
This patch modifies this by sending a STATUS response (invalid BVCI)
instead back to the SGSN.
Sponsored-by: On-Waves ehf
|
|
This adds a test with a UNITDATA SGSN message that is addressed to an
invalid (unknown) BVCI. The test shows, that the message is echoed to
the SGSN.
Sponsored-by: On-Waves ehf
|
|
This adds counters that are incremented when errors are detected.
It also modifies the VTY command 'show gbproxy' so that
'show gbproxy stats' shows the counters.
Sponsored-by: On-Waves ehf
|
|
Add the unused attribute to peer_free() that isn't used currently.
Change 'RAC' to 'NSEI' in the log message, since the latter has been
examined before the log message is generated.
Sponsored-by: On-Waves ehf
|
|
Currently in most places in gb_proxy.c a reference to a NS-VC object
is used where the peer is meant instead. The patch changes this by
using the NSEI instead in these cases.
Sponsored-by: On-Waves ehf
|
|
This program tests the gbproxy implementation by passing NS messages
to a modified gbproxy that dumps the resulting messages, signals, and
state.
It focusses on testing abnormal situations like port changes.
Ticket: OW#874
Sponsored-by: On-Waves ehf
|
|
Add bsc_install_default() and replace all install_default()
This patch adds bsc_install_default() which calls install_default()
and add 'exit' and 'end'. All other calls to install_default() are
replaced by calls to bsc_install_default().
Since 'exit' and 'end' are now added automatically to each node, the
explicit registrations of these commands are removed by this patch,
too.
The related tests succeed now without work-arounds (except for the
'config' node itself which is part of libosmocore).
|
|
Use old and new tlli as specified by the caller.
WIP
<000f> sgsn_libgtp.c:321 Received DELETE PDP CTX CONF, cause=128(Request accepted)
<0013> gprs_sndcp.c:320 SNSM-DEACTIVATE.ind (lle=0x8095d08, TLLI=e3ddd574, SAPI=11, NSAPI=5)
<0011> gprs_bssgp.c:376 BSSGP TLLI=0xe3ddd574 Rx UPLINK-UNITDATA
<0012> gprs_llc.c:551 LLC SAPI=1 C FCS=0xb85a96CMD=UI DATA
<0011> gprs_bssgp.c:376 BSSGP TLLI=0xe3ddd574 Rx UPLINK-UNITDATA
<0012> gprs_llc.c:551 LLC SAPI=1 C FCS=0xbe5a96CMD=UI DATA
<0002> gprs_gmm.c:214 Starting MM timer 3350 while old timer 3350 pending
<0012> gprs_llc.c:417 LLC TX: unknown TLLI 0xe3ddd574, creating LLME on the fly
Assert failed msgb_tlli(msg) == mmctx->llme->tlli || msgb_tlli(msg) == mmctx->llme->old_tlli || tlli_foreign2local(msgb_tlli(msg)) == mmctx->llme->tlli || tlli_foreign2local(msgb_tlli(msg)) == mmctx->llme->old_tlli gprs_llc.c:123
backtrace() returned 18 addresses
/home/ich/install/openbsc/lib/libosmocore.so.4(osmo_generate_backtrace+0x16) [0xb7bb6a36]
/home/ich/source/gsm/openbsc/openbsc/src/gprs/osmo-sgsn() [0x805224a]
/home/ich/source/gsm/openbsc/openbsc/src/gprs/osmo-sgsn() [0x804a2f6]
/home/ich/source/gsm/openbsc/openbsc/src/gprs/osmo-sgsn() [0x804b687]
/home/ich/source/gsm/openbsc/openbsc/src/gprs/osmo-sgsn() [0x804bc35]
/home/ich/source/gsm/openbsc/openbsc/src/gprs/osmo-sgsn() [0x804bd4e]
/home/ich/source/gsm/openbsc/openbsc/src/gprs/osmo-sgsn() [0x804d20c]
/home/ich/source/gsm/openbsc/openbsc/src/gprs/osmo-sgsn() [0x8052be4]
/home/ich/source/gsm/openbsc/openbsc/src/gprs/osmo-sgsn(bssgp_prim_cb+0x55) [0x804f5a4]
/home/ich/install/openbsc/lib/libosmogb.so.2(bssgp_rcvmsg+0x3b8) [0xb7b626b8]
/home/ich/source/gsm/openbsc/openbsc/src/gprs/osmo-sgsn() [0x804f4f1]
/home/ich/install/openbsc/lib/libosmogb.so.2(gprs_ns_rcvmsg+0x8c7) [0xb7b5ecf7]
/home/ich/install/openbsc/lib/libosmogb.so.2(+0x4311) [0xb7b5f311]
/home/ich/install/openbsc/lib/libosmocore.so.4(osmo_select_main+0x192) [0xb7bb2ed2]
/home/ich/source/gsm/openbsc/openbsc/src/gprs/osmo-sgsn() [0x804fbcd]
/lib/i386-linux-gnu/i686/cmov/libc.so.6(__libc_start_main+0xf5) [0xb796a8f5]
/home/ich/source/gsm/openbsc/openbsc/src/gprs/osmo-sgsn() [0x8049db1]
Program received signal SIGABRT, Aborted.
0xb7fde424 in __kernel_vsyscall ()
(gdb) bt
#0 0xb7fde424 in __kernel_vsyscall ()
#1 0xb797f83f in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#2 0xb7982cf3 in __GI_abort () at abort.c:90
#3 0x0805224f in _bssgp_tx_dl_ud (mmctx=0x80932d0, msg=0x80963a8) at gprs_llc.c:120
#4 gprs_llc_tx_ui (msg=0x80963a8, sapi=1 '\001', command=0, mmctx=0x80932d0)
at gprs_llc.c:496
#5 0x0804a2f6 in gsm48_gmm_sendmsg (msg=0x80963a8, command=0, mm=0x80932d0) at gprs_gmm.c:241
#6 0x0804b687 in gsm48_tx_gmm_ra_upd_ack (mm=0x80932d0) at gprs_gmm.c:851
#7 0x0804bc35 in gsm48_rx_gmm_ra_upd_req (mmctx=0x80932d0, msg=0x8091ce8, llme=0x8095630)
at gprs_gmm.c:1004
#8 0x0804bd4e in gsm0408_rcv_gmm (mmctx=0x80932d0, msg=0x8091ce8, llme=0x8095630)
at gprs_gmm.c:1036
#9 0x0804d20c in gsm0408_gprs_rcvmsg (msg=msg@entry=0x8091ce8, llme=0x8095630)
at gprs_gmm.c:1566
#10 0x08052be4 in gprs_llc_rcvmsg (msg=0x8091ce8, tv=0xbfffdcb0) at gprs_llc.c:882
#11 0x0804f5a4 in bssgp_prim_cb (oph=oph@entry=0xbfffdc8c, ctx=ctx@entry=0x0)
at sgsn_main.c:114
#12 0xb7b626b8 in bssgp_rx_ul_ud (tp=0xbfffdcb0, msg=0x8091ce8, ctx=<optimized out>)
at gprs_bssgp.c:398
#13 bssgp_rx_ptp (bctx=0x8091a08, tp=0xbfffdcb0, msg=0x8091ce8) at gprs_bssgp.c:820
#14 bssgp_rcvmsg (msg=0x8091ce8) at gprs_bssgp.c:1016
#15 0x0804f4f1 in sgsn_ns_cb (event=GPRS_NS_EVT_UNIT_DATA, nsvc=0x8090740, msg=0x8091ce8,
bvci=1801) at sgsn_main.c:92
#16 0xb7b5ecf7 in gprs_ns_rx_unitdata (msg=0x8091ce8, nsvc=0x8090740) at gprs_ns.c:616
#17 gprs_ns_rcvmsg (nsi=nsi@entry=0x807fd38, msg=msg@entry=0x8091ce8,
saddr=saddr@entry=0xbfffedc0, ll=ll@entry=GPRS_NS_LL_UDP) at gprs_ns.c:841
#18 0xb7b5f311 in handle_nsip_read (bfd=0x807fd58) at gprs_ns.c:991
#19 nsip_fd_cb (bfd=0x807fd58, what=1) at gprs_ns.c:1024
#20 0xb7bb2ed2 in osmo_select_main (polling=0) at select.c:158
#21 0x0804fbcd in main (argc=3, argv=0xbffff234) at sgsn_main.c:369
(gdb) frame 5
#5 0x0804a2f6 in gsm48_gmm_sendmsg (msg=0x80963a8, command=0, mm=0x80932d0) at gprs_gmm.c:241
241 return gprs_llc_tx_ui(msg, GPRS_SAPI_GMM, command, mm);
(gdb) p msgb_tlli(msg)
$1 = 3822966132
(gdb) frame 4
#4 gprs_llc_tx_ui (msg=0x80963a8, sapi=1 '\001', command=0, mmctx=0x80932d0)
at gprs_llc.c:496
496 return _bssgp_tx_dl_ud(msg, mmctx);
(gdb) p mmctx
$2 = (void *) 0x80932d0
(gdb) frame 3
#3 0x0805224f in _bssgp_tx_dl_ud (mmctx=0x80932d0, msg=0x80963a8) at gprs_llc.c:120
120 OSMO_ASSERT(msgb_tlli(msg) == mmctx->llme->tlli
(gdb) p mmctx
$3 = (struct sgsn_mm_ctx *) 0x80932d0
(gdb) p *mmctx
$4 = {list = {next = 0x8092e28, prev = 0x805c318 <sgsn_mm_ctxts>},
imsi = "901700000003094\000", mm_state = GMM_REGISTERED_NORMAL, p_tmsi = 296043751,
p_tmsi_old = 2075232571, p_tmsi_sig = 0, imei = "353943044782210\000",
msisdn = '\000' <repeats 14 times>, ra = {mnc = 70, mcc = 901, lac = 1, rac = 0 '\000'},
cell_id = 0, cell_id_age = 0, sac = 0, sac_age = 0, new_sgsn_addr = 0,
ciph_algo = GPRS_ALGO_GEA0, ms_radio_access_capa = {len = 11 '\v',
buf = "4\307\003*\240B|\255\341\030\v", '\000' <repeats 38 times>}, ms_network_capa = {
len = 2 '\002', buf = "\345\200\000\000\000\000\000"}, drx_parms = 3329, mnrg = 0,
ngaf = 0, ppf = 0, recovery = 0, radio_prio_sms = 0 '\000', pdp_list = {next = 0x8093390,
prev = 0x8093390}, llme = 0x8095630, tlli = 3822966132, tlli_new = 3517269223,
nsei = 1801, bvci = 1801, ctrg = 0x8096048, timer = {node = {rb_parent_color = 3082574944,
rb_right = 0x0, rb_left = 0x0}, list = {next = 0x80933b8, prev = 0x80933b8}, timeout = {
tv_sec = 1375260414, tv_usec = 864196}, active = 1, cb = 0x804bfd0 <mmctx_timer_cb>,
data = 0x80932d0}, T = 3350, num_T_exp = 0, t3350_mode = GMM_T3350_MODE_RAU,
t3370_id_type = 1 '\001'}
(gdb) p msgb_tlli(msg)
No symbol "msgb_tlli" in current context.
(gdb) frame 5
#5 0x0804a2f6 in gsm48_gmm_sendmsg (msg=0x80963a8, command=0, mm=0x80932d0) at gprs_gmm.c:241
241 return gprs_llc_tx_ui(msg, GPRS_SAPI_GMM, command, mm);
(gdb) frame 6
#6 0x0804b687 in gsm48_tx_gmm_ra_upd_ack (mm=0x80932d0) at gprs_gmm.c:851
851 return gsm48_gmm_sendmsg(msg, 0, mm);
(gdb) p msgb_tlli(msg)
$5 = 3822966132
(gdb) p mmctx->tlli
No symbol "mmctx" in current context.
(gdb) p mm->tlli
$6 = 3822966132
(gdb) p mm->tlli_new
$7 = 3517269223
(gdb) p mm->llme->tlli
$8 = 3517269223
(gdb) p mm->llme->tlli_old
There is no member named tlli_old.
(gdb) p mm->llme->old_tlli
$9 = 4222716219
(gdb) bt
#0 0xb7fde424 in __kernel_vsyscall ()
#1 0xb797f83f in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#2 0xb7982cf3 in __GI_abort () at abort.c:90
#3 0x0805224f in _bssgp_tx_dl_ud (mmctx=0x80932d0, msg=0x80963a8) at gprs_llc.c:120
#4 gprs_llc_tx_ui (msg=0x80963a8, sapi=1 '\001', command=0, mmctx=0x80932d0)
at gprs_llc.c:496
#5 0x0804a2f6 in gsm48_gmm_sendmsg (msg=0x80963a8, command=0, mm=0x80932d0) at gprs_gmm.c:241
#6 0x0804b687 in gsm48_tx_gmm_ra_upd_ack (mm=0x80932d0) at gprs_gmm.c:851
#7 0x0804bc35 in gsm48_rx_gmm_ra_upd_req (mmctx=0x80932d0, msg=0x8091ce8, llme=0x8095630)
at gprs_gmm.c:1004
#8 0x0804bd4e in gsm0408_rcv_gmm (mmctx=0x80932d0, msg=0x8091ce8, llme=0x8095630)
at gprs_gmm.c:1036
#9 0x0804d20c in gsm0408_gprs_rcvmsg (msg=msg@entry=0x8091ce8, llme=0x8095630)
at gprs_gmm.c:1566
#10 0x08052be4 in gprs_llc_rcvmsg (msg=0x8091ce8, tv=0xbfffdcb0) at gprs_llc.c:882
#11 0x0804f5a4 in bssgp_prim_cb (oph=oph@entry=0xbfffdc8c, ctx=ctx@entry=0x0)
at sgsn_main.c:114
#12 0xb7b626b8 in bssgp_rx_ul_ud (tp=0xbfffdcb0, msg=0x8091ce8, ctx=<optimized out>)
at gprs_bssgp.c:398
#13 bssgp_rx_ptp (bctx=0x8091a08, tp=0xbfffdcb0, msg=0x8091ce8) at gprs_bssgp.c:820
#14 bssgp_rcvmsg (msg=0x8091ce8) at gprs_bssgp.c:1016
#15 0x0804f4f1 in sgsn_ns_cb (event=GPRS_NS_EVT_UNIT_DATA, nsvc=0x8090740, msg=0x8091ce8,
bvci=1801) at sgsn_main.c:92
#16 0xb7b5ecf7 in gprs_ns_rx_unitdata (msg=0x8091ce8, nsvc=0x8090740) at gprs_ns.c:616
#17 gprs_ns_rcvmsg (nsi=nsi@entry=0x807fd38, msg=msg@entry=0x8091ce8,
saddr=saddr@entry=0xbfffedc0, ll=ll@entry=GPRS_NS_LL_UDP) at gprs_ns.c:841
#18 0xb7b5f311 in handle_nsip_read (bfd=0x807fd58) at gprs_ns.c:991
#19 nsip_fd_cb (bfd=0x807fd58, what=1) at gprs_ns.c:1024
#20 0xb7bb2ed2 in osmo_select_main (polling=0) at select.c:158
#21 0x0804fbcd in main (argc=3, argv=0xbffff234) at sgsn_main.c:369
(gdb) frame 3
#3 0x0805224f in _bssgp_tx_dl_ud (mmctx=0x80932d0, msg=0x80963a8) at gprs_llc.c:120
120 OSMO_ASSERT(msgb_tlli(msg) == mmctx->llme->tlli
(gdb) p msgb_tlli(msg)
No symbol "msgb_tlli" in current context.
(gdb) frame 4
#4 gprs_llc_tx_ui (msg=0x80963a8, sapi=1 '\001', command=0, mmctx=0x80932d0)
at gprs_llc.c:496
496 return _bssgp_tx_dl_ud(msg, mmctx);
(gdb) p msgb_tlli(msg)
No symbol "msgb_tlli" in current context.
(gdb) frame 5
#5 0x0804a2f6 in gsm48_gmm_sendmsg (msg=0x80963a8, command=0, mm=0x80932d0) at gprs_gmm.c:241
241 return gprs_llc_tx_ui(msg, GPRS_SAPI_GMM, command, mm);
(gdb) p msgb_tlli(msg)
$10 = 3822966132
(gdb) p mm->tlli
$11 = 3822966132
(gdb) p mm->tlli_new
$12 = 3517269223
(gdb) p mm->tlli_new
$13 = 3517269223
(gdb) p mm->llme->tlli
$14 = 3517269223
(gdb) p mm->llme->tlli_old
There is no member named tlli_old.
(gdb) p mm->llme->old_tlli
$15 = 4222716219
(gdb) p mm->llme->state
$16 = GPRS_LLMS_ASSIGNED
(gdb) q
|
|
In case we have access to the context verify that the selected
msgb_tlli is either the old_tlli or the tlli in either local or
foreign format. It is wrong to use any other TLLI.
|
|
Attempt to solve what f0901f0067e363c0ced6254db1b45a9771640412 tried to
solve without breaking the case of someone with a foreign TLLI from a
different network.
Lookup with the foreign TLLI converted to a local one in case we did
not find the TLLI and only then create a LLE/LLME on the fly for the
RX path.
|
|
During the GPRS Attach procedure we might have a foreign tlli and
in the RX create a LLME on the fly for this tlli. The GMM GPRS
Attach handling code will then assign a new TLLI and keep the
foreign tlli as the llme->old_tlli.
When the GMM is sending the identity request the msgb_tlli will
point to the foreign tlli. The GPRS LLC code will then try to find
that foreign tlli but due the conversion this will not be found.
Instead a new ad-hoc LLE/LLME will be created on the fly for
each message (this means there are duplicate LLE/LLMEs in the
list).
Make the code more strict and remove the tlli_foreign2local change
from the look-up routine. This will make the GPRS LLC code find
the right LLE/LLME and the N(U) will be handled correctly.
This partially reverts:
f0901f0067e363c0ced6254db1b45a9771640412
Addresses:
<0012> gprs_llc.c:773 LLC RX: unknown TLLI 0xadf11820, creating LLME on the fly
...
<0012> gprs_llc.c:357 LLC TX: unknown TLLI 0xedf11820, creating LLME on the fly
Reproducable:
Use pcu_emu (gprs attach) and observe with wireshark.
|
|
In case of a failure this method didn't set the pctx->lib back to
NULL. In case of a timeout the callback will be made with pdp=NULL
and this would lead to leaking the PDP context. Check for the case
of having a pctx->lib != pdp and free it.
This resolves:
<000f> gprs_sgsn.c:259 freeing PDP context that still has a libgtp handle attached to it, this shouldn't happen!
|
|
|
|
|
|
|
|
This adds a minimalistic ACL by which certain, individual roaming IMSIs
can be authorized to use the SGSN. So you can selectively bypass the
'MCC+MNC == first 5 digits of IMSI' checking for a couple of IMSIs
|
|
This is fixing a GCC and Coverity warning.
GCC:
sgsn_vty.c: At top level:
sgsn_vty.c:308:1: warning: ‘show_ggsn_cmd’ defined but not used [-Wunused-variable]
Coverity: CID 1040727
|
|
This is fixing a GCC and Coverity warning:
GCC:
sgsn_vty.c: In function ‘vty_dump_pdp’:
sgsn_vty.c:64:5: warning: ‘i’ may be used uninitialized in this function [-Wmaybe-uninitialized]
sgsn_vty.c:49:15: note: ‘i’ was declared here
Coverity: CID 1040706
|
|
The code was written like checking the return value of the
osmo_fd_register but the rc variable was not assigned for the
subsequent calls.
Fixes: Coverity CID 1040741
|
|
elements.
Original code was inconsistent about lengths and could lead to out
of bounds write. Lengths were also inconsistent with the TS 24.008.
Fixes: Coverity CID 1040714.
|
|
In some situations (like MS reboot without prior DETACH or SGSN reboot
without prior MS detach), the LLC sequence numbers for UI mode could
be different on both sides.
The LLC spec unfortunately doesn't permit us to send something like a
FRMR in this case, but instructs us to silently discard the frame. At
that time the remote LLC entity will re-transmit the frame with the same
seqeunce number over and over again, which we will drop again and again.
The mthod used now will keep track of the last received UI sequence
number. If that number is retransmitted for three times in a row, then
we accept this sequence number and recover from that point on.
|
|
Since automake 1.13 INCLUDES is depricates and causes a warning
|
|
These TLV helper functions are now located in libosmocore.
|
|
|
|
The lines 461 and 303 were producing unaligned memory access as
the BVCI was not aligned properly. Introduce a tlvp_val16_unal to
read 16bit from the data, use memcpy to the stack to make sure
that it is working in the aligned and unaligned case.
|
|
Some nodes below 'config' didn't have ournode_exit / ournode_end,
and thus were not able to properly perform this function. exit should
always only go back one level, while end drops us back to ENABLE_NODE.
The prompt now represents the nesting level, and there's one consistent
space after the final prompt character (typically #).
|
|
Require a 0.5.2+ libosmogb due the change of the suspend_ref type.
|
|
Update/Move/Create example configuration files for NiTB, BSC,
MGCP, NAT and the GbProxy. Create a script that starts, generates
the vty reference and terminates the application.
|
|
A crash was obsserved in cb_data_ind() when mm is dereferenced.
This patch adds some safeguards that try to prevent the library handle
back-pointer to the pdp_ctx to be NULL, and print a stack backtrace in
case we are free() ing the sgsn-side pdp_ctx while there's still a
library handle attached.
|
|
It might be that we're deleting structures instead of properly cleaning
up the attached libgtp handles...
|
|
|
|
This removes the libgb (GPRS NS/BSSGP) code from the openbsc.git
repository and uses the new version from libosmocore.git instead.
|
|
We change the minority of functions employing the gprs_bssgp_ prefix to
match with the majority without gprs_ in front.
|
|
|
|
|
|
Instead of direct function calls to individual functions, we now
generate primitives (osmo_prim) and send them to one
application-provided function "bssgp_prim_cb()"
|
|
|
|
|
|
Rather than using openbsc internal data/functions, we now use only
internal and libosmocore-provided ones.
|
|
which removes some further dependencies of libgb to openbsc internal
code and data.
|
|
|
|
This also removes the dependency to osmo_sock() inside libcommon and
replaces it with osmo_sock_* from libosmocore
|
|
|
|
gsm_data_shared.h includes e1_input.h of libosmo-abis, add the
LIBOSMOABIS_CFLAGS to Makefile.am, remove AM_LDFLAGS at the same
time as we only build .a archives.
|
|
GSM 04.64 8.4.2 asks to ignore UI frames if the DLCI is not known,
or if the "(V(UR)- 32) <= N(U) < V(UR)". E.g. if we want to have
V(UR) == 511 and this frame is dropped, we would ignore N(U)'s
0 to 510. Calculate the delta.
The code is based on Jonathan Santos's "LLC UI window" fix but the
issue was discovered independly.
|
|
|
|
|