Age | Commit message (Collapse) | Author | Files | Lines |
|
Currently the sign_link pointer is dereferenced after a call to
osmo_signal_dispatch, which can indirectly call
e1inp_sign_link_destroy. If that happens, accessing *sign_link is
illegal and can lead to a segmentation violation.
Since only the bts pointer is needed from sign_link after the call to
osmo_signal_dispatch, this patch changes abis_nm_rcvmsg_fom to save
that pointer to a local variable earlier.
Addresses:
<0019> input/ipa.c:250 accept()ed new link from 192.168.1.101 to port 3002
SET ATTR NACK CAUSE=Message cannot be performed
<0005> bsc_init.c:52 Got a NACK going to drop the OML links.
<001b> bsc_init.c:319 Lost some E1 TEI link: 1 0xb351a830
=================================================================
==13198== ERROR: AddressSanitizer: heap-use-after-free on address 0xb5d1bc70 at pc 0x80a6e3d bp 0xbfbb33d8 sp 0xbfbb33cc
Sponsored-by: On-Waves ehf
|
|
In case a BTS is being bootstrapped and one TS can not be
activated prevent the whole BTS from coming up.
When the OML activation is not being done the rest of the BSC
code still assumes these logical channel(s) to be available
and one will see channel activation issues that might be hard
to debug.
Instead of having a half-configured system up and running,
keep the BTS offline.
|
|
.. as defined in libosmocore
|
|
As bsc_ctrl_node_lookup() is called for each iteration,
the variables 'bts' and 'trx' are no longer static accross multiple
calls, which means we need a different way to determine if we are in the
right node while matching for a trx or a ts.
|
|
|
|
Now that the bulk of the control interface node lookup has
no reference to the BSC specific data structures, we are
moving it into libosmocore.
A control interface user now only registers an optional small
node lookup function like bsc_ctrl_node_lookup()
|
|
The idea here is that bsc_ctrl_cmd_handle now has no dependency
at all to the BSC related data structures and thus can actually become
part of libctrl.
The new function bsc_ctrl_node_lookup however will remain bsc-specific.
|
|
|
|
... which happened during recent migration of IPA functionality from
libosmo-abis into libosmocore.
|
|
Send a non-call related SS message for an active call indentified
by the CIC of that call. As an ugly hack the order of the SS
release and the invocation are changed. That was necessary for the
E71 on a TCH. The time between notify and release was just too short.
The right would be to wait for the returnResultLast but this would
involve keeping more local state. Let's see how far we get here. It
might be necessary to change the order in the other call sites as
well.
|
|
Timing advance is stored inside lchan structure, so it is removed from
arguments. This is useful, if other actions are required prior calling
rsl_chan_activate_lchan. (like deactivating PDCH first)
The "shifted TA value" that is required by BS11 is now calculated inside
rsl_chan_activate_lchan and not by each user.
[Rebased by Holger. So some hunks were skipped as the patch
depended on Jolly's HO code]
|
|
foo = *((uintXX_t *) TLVP_VAL(...) can lead to unaligned access. To
prevent that use tlvp_valXX_unal() to get the values.
|
|
In case we receive ERROR INDICATION and CONNECTION FAILURE we only
want to RF Channel Release the lchan once. This code is more simple
and should work as reliable as the previous commit.
|
|
When we receive an ERROR INDICATION and CONNECTION FAILURE we
might call rsl_rf_chan_release multiple times. The channel release
handling is still a bit messy and there too many paths that lead
to the call.
1.) In case we receive an ERROR INDICATION for SAPI=3. A RLL
error signal will be emitted that leads to the release of the
channel through the SMS code in case of the NITB. The call to
rsl_rf_chan_release might be a double release.
2.) In case a CONNECTION FAILURE is received when the release
process has already been started we would unconditionally
call rsl_rf_chan_release as well.
Because the lchan state is changed by the callers of the
rsl_rf_chan_release we can not move the state checking into this
code but need to do it in the caller. The issue was seen in a trace
from Rhizomatica and I created the DoubleRelease.st to re-produce
the issue and verified that we have no duplicate RF Channel Releses.
The other option would be to introduce a new state to track
the release process and see if we have already released SAPIs
deactivated the SACCH or such. We can not simply look at these
as for a channel that fails to activate they will be null already.
|
|
Looking at the code it seemed possible that a channel would
transition from BROKEN to NONE. Or worse from NONE to BROKEN.
Start the timer _after_ the channel has been released.
|
|
The lchan state is set to none either on RF Channel Release ACK
or in case of an error after the error timer has expired.
|
|
I'm not entirely sure if this is the best approach. However,
there are phones that send a RACH request for TCH/F on MO calls, even
though they actually do support TCH/H channels.
|
|
|
|
Currently, if a CTRL method does not set the reply, an error is
logged ("cmd->reply has not been set"). It even complains when the
function implementing the command returns CTRL_CMD_HANDLED, where
a reply text is not needed.
This patch changes the logging level from ERROR to NOTICE. The logging
is now only done, when the retry has not been set and the
implementation returns either CTRL_CMD_ERROR or CTRL_CMD_REPLY. So
in these cases the reply field must be set.
This fixes the generation of log messages when doing NAT ctrl command
forwarding.
Ticket: OW#1177
Sponsored-by: On-Waves ehf
|
|
This is mostly based on Alexander's migration code. The code
adds transaction handling and some sanity checks and cleanups
to the code. We made the decision to fork the sms_from_result
method and freeze it to that version. This way sms_from_result
can move forward without having to deal with legacy.
|
|
|
|
Make the fill_fom_hdr return the header and use it throughout.
CC abis_nm.o
In file included from ../../include/openbsc/debug.h:8:0,
from abis_nm.c:38:
abis_nm.c: In function ‘abis_nm_opstart’:
abis_nm.c:1763:34: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
abis_nm_debugp_foh(DNM, (struct abis_om_fom_hdr *) oh->data);
^
/home/ich/install/openbsc/include/osmocom/core/logging.h:23:74: note: in definition of macro ‘DEBUGP’
#define DEBUGP(ss, fmt, args...) logp(ss, __FILE__, __LINE__, 0, fmt, ## args)
^
abis_nm.c:1763:2: note: in expansion of macro ‘abis_nm_debugp_foh’
abis_nm_debugp_foh(DNM, (struct abis_om_fom_hdr *) oh->data);
^
abis_nm.c:1763:34: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
abis_nm_debugp_foh(DNM, (struct abis_om_fom_hdr *) oh->data);
^
/home/ich/install/openbsc/include/osmocom/core/logging.h:23:74: note: in definition of macro ‘DEBUGP’
#define DEBUGP(ss, fmt, args...) logp(ss, __FILE__, __LINE__, 0, fmt, ## args)
^
abis_nm.c:1763:2: note: in expansion of macro ‘abis_nm_debugp_foh’
abis_nm_debugp_foh(DNM, (struct abis_om_fom_hdr *) oh->data);
^
abis_nm.c:1763:34: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
abis_nm_debugp_foh(DNM, (struct abis_om_fom_hdr *) oh->data);
^
/home/ich/install/openbsc/include/osmocom/core/logging.h:23:74: note: in definition of macro ‘DEBUGP’
#define DEBUGP(ss, fmt, args...) logp(ss, __FILE__, __LINE__, 0, fmt, ## args)
^
abis_nm.c:1763:2: note: in expansion of macro ‘abis_nm_debugp_foh’
abis_nm_debugp_foh(DNM, (struct abis_om_fom_hdr *) oh->data);
^
abis_nm.c:1763:34: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
abis_nm_debugp_foh(DNM, (struct abis_om_fom_hdr *) oh->data);
^
/home/ich/install/openbsc/include/osmocom/core/logging.h:23:74: note: in definition of macro ‘DEBUGP’
#define DEBUGP(ss, fmt, args...) logp(ss, __FILE__, __LINE__, 0, fmt, ## args)
^
abis_nm.c:1763:2: note: in expansion of macro ‘abis_nm_debugp_foh’
abis_nm_debugp_foh(DNM, (struct abis_om_fom_hdr *) oh->data);
^
abis_nm.c:1763:34: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
abis_nm_debugp_foh(DNM, (struct abis_om_fom_hdr *) oh->data);
^
/home/ich/install/openbsc/include/osmocom/core/logging.h:23:74: note: in definition of macro ‘DEBUGP’
#define DEBUGP(ss, fmt, args...) logp(ss, __FILE__, __LINE__, 0, fmt, ## args)
^
abis_nm.c:1763:2: note: in expansion of macro ‘abis_nm_debugp_foh’
abis_nm_debugp_foh(DNM, (struct abis_om_fom_hdr *) oh->data);
|
|
Given that the method is only called for a traffic channels the
missing breaks didn't hurt.
Fixes: Coverity CID 1040731, CID 1040732, CID 1040733,
CID 1040734
|
|
Fixes: Coverity CID 1040717
|
|
In case ftell -1 will be returned. Coverity complained that the
pos we pass to fseek might be negative. In case the ftell fails
we are at the last line for sure.
Fixes: Coverity CID 1040721
|
|
The old ipa_msg_recv() implementation didn't support partial receive,
so IPA connections got disconnected when this happened.
This patch adds the handling of the temporary message buffers and uses
ipa_msg_recv_buffered().
It has been successfully tested by jerlbeck with osmo-nitb and
osmo-bsc.
Ticket: OW#768
Sponsored-by: On-Waves ehf
|
|
In case the max_power_reduction changes, issue a new Set Radio
Carrier Attributes command. OML 12.21 allows to not include the
ARFCN list and the semantic I picked/understand is that a partial
update is possible.
Fixes: SYS#267
|
|
For GPRS the look-up via bts/trx does not make any sense and would
introduce bad depdencies for the SGSN. Move the look-up code to a
new file and introduce new setup methods.
|
|
In case the BTS is connected the new attribute should be set
through OML. This is left as a todo item.
Addresses: SYS#267
|
|
Change the splitting of the ctrl_test_runner.py. Make sure that
we get one element and all the rest.
|
|
Right now this only works for IP based BTS like the sysmoBTS and
by dropping the OML link.
|
|
Add the framework for adding more setting commands.
|
|
|
|
The interface can be accessed through CTRL and a socket. But currently
it is only available when the socket interface has been configured.
Create the interface all the time but only listen on the socket when
a path has been specified.
|
|
E1 based BTS use TRAU muxer to decode TRAU frames. After changing
channel from one timeslot to another (due to handover or assignment),
the TRAU muxer must be updated. The call reference of the call is
disconnected from the old channel and connected to the new channel.
|
|
It seems that also the Ericsson RBS2000 code was assuming that
we always use the bts-global TSC, rather than the possibly different
TS-specific TSC.
|
|
We don't want every caller to check for ts->tsc == -1 and then
using ts->trx->bts->tsc instead. Rather, introduce a new inline
function to retrieve the correct value.
|
|
We introduce a new feature indicating if the given BTS model
supports a TSC that is different from the BCC (lower 3 bits of BSIC).
|
|
If the TS has a specific, different TSC than the BTS (beacon),
we should use that with preference over the TSC of the BTS.
|
|
This commit adds the implementation of these range formats to the
encoder. In addition, the work-around that tried range 512 first is
removed, so that the selection is primarily based on the max distance
between frequencies.
Ticket: OW#1061
Sponsored-by: On-Waves ehf
|
|
Currently the encoding of the chan_list is done by a hard-coded
sequence of macros that closely resembles figure 10.5.16 in
3GPP TS 04.08.
This patch replaces this by an algorithmic solution that can be used
for all range encodings and is based on the property
W(2^i) to W(2^(i+1)-1) are on w1_len-i bits when present
(see section 10.5.2.13 in TS 04.08).
Ticket: OW#1061
Sponsored-by: On-Waves ehf
|
|
f0 is currently set to arfcns[0] in range_enc_determine_range(),
while GSM 04.08 requires f0 to be ARFCN 0 in range1024 encoding.
This patch modifies range_enc_determine_range() to force f0 to be 0
if this encoding is used. This way the case distinction in
range_enc_filter_arfcns() is not longer necessary.
Sponsored-by: On-Waves ehf
|
|
This patch fixes a bug in the range encoder that leads to wrong
encoding when 17 or more ARFCNs are encoded.
Sponsored-by: On-Waves ehf
|
|
The iPhone5 (US) appears to have some issues with the SIs generated,
or the nanoBTS is not sending them correctly.
Add a configurable hack to put all bands into the SI2/SI5 message.
It is enabled by the bts VTY command 'force-combined-si'.
This is a quick change without much reflection and watching for side
effects. I have verfied that a network with ARFCN 134 and neighbors
ARFCN 130 and 512 do not get generate the SI2ter and announce everything
inside the SI2.
This patch is conceptually based on 'si: Add a hack to disable
SI2ter/SI2bis/SI5ter/SI5bis messages' (692daaf2d2).
Ticket: OW#1062
Sponsored-by: On-Waves ehf
|
|
Speech codings which are not supported by BTS will be removed from the
bearer capability information element after parsing. This way it is not
required for the MNCC application to consider support of each BTS.
Only GSM full rate is supported by default.
|
|
This option is a workarround for a bug found in Nokia InSite BTS firmware
version 3.0.0. There is no RELease CONFirm message for local end release.
Nokia MetroSite with firmware version 4.178.16 is not affected.
TS 04.06 Chapter 5.4.4.4 "Local end release procedure" states that a
confirm must be sent by layer 2 when receiving a local end release
request.
In order to correctly switch a channel (handover or assignment), local
end release is required.
|
|
Sylvain pointed out that the RLL and the SMC timeout is the same.
This can lead to have a SMC re-transmission before the first RLL
Establish Request has timed out. Reduce the RLL timeout. GSM 08.58
does not specify a timeout so right now I just reduce it to seven
seconds.
|
|
When writing config file, OML configuration must be written for all
E1 based BTS, which includes Nokia *Site BTS.
|
|
Andreas highlighted that the doubel assignment is not needed and
wrong. Change the code to assign chan_list[0] before writing the
base frequency to the header. Update the testcase to make the highest
bit set and update the test result.
|
|
Coverity points out that subscr->name is an array and never NULL.
Use strlen instead in this check.
Fixes: Coverity CID 1040717
|