Age | Commit message (Collapse) | Author | Files | Lines |
|
Our ttcn3-bscnat-tests would randomly fail. After the CRCX ACK returns
from the MSC the bsc-nat reports it could not find a CI it it and
deletes the connection on the BSC-side.
This happens because the field is parsed as a decimal value instead of
hexadecimal. So a value of 00FED122 is parsed as '0' which is a reserved
value in our program.
This fix parses the field as hexadecimal value and also logs an error if
the value happens to be 0.
make check will now test if a hexadecimal CI is parsed correctly.
Fixes: OS#3951
Change-Id: I49b8b61644bf706162102dce268cae2265536fc5
|
|
ipa_ccm_idtag_parse_off is broken, and can only be used with
len_offset=1 on ID Request messages, otherwise won't work correctly.
Modify ipa_ccm_idtag_parse to at least parse those correctly, and
document the limitations.
Those two functions are already deprecated and only used in openbsc by 3
callers:
* ipa_ccm_idtag_parse in ussd_read_cb(): Broken, that function can only
work for Requests and it's used to parse a Response.
* ipa_ccm_idtag_parse_off in forward_sccp_to_msc (NAT): Broken, it can
only be used to parse Requests and it's used to parse a Response.
Furthermore, len_offset=2 is passed which makes no sense and most
probably it fails always, or can even make the program crash.
* ipa_ccm_idtag_parse_off in (answer_challenge): This one is fine and
could actually be replaced with ipa_ccm_id_get_parse after libosmocore
commit (see below) is merged.
See libosmocore I6efc852dfc041192f554e41a58290a0f63298021 for more information.
As a consequence of the fixes, osmo-bsc-nat now parses messages sent
from VTY test correctly and thus it goes into processing them instead of
silently dropping them. As a result, some VTY tests fail because they
are sending incorrect format (missing NULL char in unit id strings) and
osmo-bsc-nat closses its connection (due to bad auth).
Change-Id: I3b995f8ef0b48c0a5b3375e42926641934359cd2
|
|
From RFC 4867:
octet-align: Permissible values are 0 and 1. If 1, octet-aligned
operation SHALL be used. If 0 or if not present,
bandwidth-efficient operation is employed.
Change-Id: Ic4db7f6d18f650f36f3186965096771f748de5fd
|
|
Change-Id: I9f686404517bf8a2044cf59dd5bfaf90eb4f798f
|
|
Change-Id: I581f40da47614223219800e97a334f8b5e06b13f
|
|
It shows up all the time in logs while using "logging level all info",
let's move it to debug.
Change-Id: I51274dad5afef16e466921c5d58672427d23fd3b
|
|
bsc_msc_lost will close the current fd (without freeing it), so let's
skip possible writes to an already closed fd
bsc_msc_lost will close the current fd (without freeing it), so let's
skip possible writes to an already closed fd..
Change-Id: I55c1a88f6524e897c70abf8ba18f1bb2b1f650aa
|
|
PONG is being sent a as an answer to PING a few lines above in same
function.
Change-Id: I88ca95d46f4ace1da4025d12302422dbfa578354
|
|
Code is already doing stuff with the connection (fd).
Change-Id: Ieeaa0e024b9542d1a22a8e3ab4c3229a6f8a0b49
|
|
Change-Id: Ib36b8937d1210488784ebae6917cb1b4c871c9d4
|
|
Currently the force_realloc feature is turnd on and of in a
hardcoded way. This patch makes the option available via VTY.
Backport from osmo-mgw.git.
Change-Id: Ic8740512c5ea0766ff6ceb1c28b9c2b3fe46e75f
|
|
Change-Id: I83948ce626b924802d1963411a3f40c5fed24355
|
|
We only send back if we had an error parsing the message locally. If we
receive an ERROR message from a bsc, we try to forward it if the ID is
valid, otherwise only log the received error description locally.
Related: OS#3394
Change-Id: I7b4d20aea7a16c4b4e5add7c274a4ed34a7f6b8d
|
|
In some cases id can be non-digit such as "err" for ERROR cmds generated
from parsing failures.
Change-Id: Ief0b203efbcf2be04253b5056840be94d58a9994
|
|
Instead of always logging/sending same error, use the new
ctrl_cmd_parse2 API which always returns a cmd structure with a specific
error description.
Change-Id: I6ef2b6e309632ed9cb296e8a1e71f879007a36ae
|
|
This command controls forward/drop of BSS paging messages from MSC to
all BSCs connected to BSC-NAT.
In situations in which MS don't generally roam from one BSC to another
under the BSC-NAT, it may be beneficial (bandwidth wise) to drop these
global paging commands, which are usually issued by the MSC if the
location of the MS isn't known and LAC paging has failed.
Change-Id: I737774543e0a8734d79b072e66e3c09e82b001d3
|
|
Previous to this commit, an error message was printed and the paging
message was dropped:
openbsc/openbsc/src/osmo-bsc_nat/bsc_nat.c:618 Could not parse paging message: -3
Related: OS#3325
Change-Id: I3125ba0e67d2965c0be3089748dd113b1bf615af
|
|
Change-Id: Ib03681cf91550846af0d487c11cc90b6f700b340
|
|
Back-port from osmo-bsc.git d99182c01037f4dd14fb72b2b06497e0c1bebb49.
Change-Id: I0b951a9c3dbe245c3813fc91ceb9118a0de779b8
|
|
Back-port from osmo-bsc.git a0f1196eda79de0e838b29eb91d9f31839f2f447.
Change-Id: I519fb945a99206dff6c4aeb476d527e632b7e751
|
|
Other VTY commands already exist which provides each a subset of these
features, but while operating bsc-nat it became interesting to have all
this info easily reachable for a specific BSC.
Change-Id: I47bfd4fb800390505bdeb0f1d0bd1306fb888a59
|
|
The '.' is illegal character in counter names, as they are exported
via CTRL interface, where '.' has a special meaning that cannot be
used by strings comprising the variable name.
Change-Id: I55470ae74d350e4020209921fd8a09b51b120a41
|
|
When ussd_read_cb calls bsc_nat_ussd_destroy the osmo_fd struct is
freed, so we need to indicate to osmo_wqueue_bfd_cb that it should not
continue using the fd pointer after we return.
Fixes following AddressSanitizer report:
<0015> osmo-bsc_nat/bsc_ussd.c:273 USSD Connection on 13 with IP: 1.2.3.4
<0015> osmo-bsc_nat/bsc_ussd.c:132 USSD Connection was lost.
=================================================================
==18118==ERROR: AddressSanitizer: heap-use-after-free on address 0x61200047c4b4 at pc 0x7ffff6067540 bp 0x7fffffffe170 sp 0x7fffffffe168
READ of size 4 at 0x61200047c4b4 thread T0
#0 0x7ffff606753f in osmo_wqueue_bfd_cb libosmocore/src/write_queue.c:65
#1 0x7ffff605206b in osmo_fd_disp_fds libosmocore/src/select.c:217
#2 0x7ffff6052305 in osmo_select_main libosmocore/src/select.c:257
#3 0x421dfa in main osmo-bsc_nat/bsc_nat.c:1718
#4 0x7ffff47ffb44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)
#5 0x406438 (/bin/osmo-bsc_nat+0x406438)
Change-Id: I35854c43524714d07f31d71c775ac1cd0a57d22e
|
|
Fixes: OS#3335
Change-Id: I847e84d5cc50619059cbae7a2c6471c60609aec6
|
|
Change-Id: I4dbf97905749aa9379bc6b6b448953d8b1825545
|
|
Change-Id: I6a6fc3574630c0893797388bbbdeabe14572f988
|
|
Previous to this patch, if ipaccess_auth_bsc() failed finding the
requested auth token, it would call bsc_close_connection() on it.
However, it would not report callers that the bsc conn was closed.
Since ipaccess_auth_bsc is called in the following path:
[osmo_wqueue_bfd_cb->ipaccess_bsc_read_cb->forward_sccp_to_msc->ipaccess_auth_bsc]
It needs to notify the lower layers (wqueue) that the conn/osmo_fd has been
freed an it should avoid keep using/forwarding it again.
This patch fixes this issue by moving the conn closing one layer down
the stack (from ipaccess_auth_bsc to forward_sccp_to_msc), and in there
we now close the conn and provide required information to the callers.
Fixes following Asan report:
Unit_Name='foobar' <0015> openbsc/openbsc/src/osmo-bsc_nat/bsc_nat.c:1061 No bsc found for token 'foobar' len 6 on fd: 11.
=================================================================
==18946==ERROR: AddressSanitizer: heap-use-after-free on address 0x616001f8b81c at pc 0x7ffff6067540 bp 0x7fffffffe170 sp 0x7fffffffe168
READ of size 4 at 0x616001f8b81c thread T0
#0 0x7ffff606753f in osmo_wqueue_bfd_cb libosmocore/src/write_queue.c:65
#1 0x7ffff605206b in osmo_fd_disp_fds libosmocore/src/select.c:217
#2 0x7ffff6052305 in osmo_select_main libosmocore/src/select.c:257
#3 0x421c8e in main openbsc/openbsc/src/osmo-bsc_nat/bsc_nat.c:1714
#4 0x7ffff47ffb44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)
#5 0x406438 (/bin/osmo-bsc_nat+0x406438)
Fixes: SYS#4250
Change-Id: Ifb39a045b98bc2043a98a9787fc61cbcddc368e0
|
|
This commit changes behaviour to a (imho) better logic and is a
preparation for follow-up commits to avoid heap-use-after-free error
when closing the bsc connection.
Previously, authentication would still not be accepted but the
connection would be staying alive for a while until id_timeout timer
triggers. Let's close the connection immediately instead, this way BSC
side can see quickly something is wrong with what it is sending.
Furthermore, this way the logic of the function is simplified: If auth
goes well, conn is alive. If auth goes wrong, conn is closed.
Change-Id: I972961b8967076c56c607f98c2360054144951e4
|
|
variable "parsed" was not being freed in this case. By calling exit2 we
make sure it is freed.
Change-Id: Ifd0c145ff733fdfb2f6fcb32065de99ee951d106
|
|
exit3 is the same as exit2 with the addition of calling
bsc_send_con_refuse(). Since exit3 path is only followed once, it's
easier to call bsc_send_con_refuse() on that code path and remove exit3
entirely in order to simplify the function.
Change-Id: I2ba0aeca1ee0fffd75019bfba37907f0b8015066
|
|
Change-Id: I1e98ef1dd410aa3e534666356a74590dac87b918
|
|
Change-Id: I91b18aeb8bdc2a1b392474318b1df1b4b1fee5a3
|
|
Fixes: 38a77d0098b21e14a42a91fd83bc8179b2978555
Change-Id: Iedf45a787d5e684b2f199e8e947da434fe75cf05
|
|
When ipaccess_bsc_read_cb calls bsc_close_connection, the osmo_fd
struct is freed, so we need to indicate to osmo_wqueue_bfd_cb that it
should not continue using the fd pointer after we return.
Fixes following AdressSanitizer report:
<0015> openbsc/openbsc/src/osmo-bsc_nat/bsc_nat.c:1317 The connection to the BSC Nr: -1 was lost. Cleaning it
=================================================================
==27028==ERROR: AddressSanitizer: heap-use-after-free on address 0x6160000c521c at pc 0x7ffff606b056 bp 0x7fffffffe170 sp 0x7fffffffe168
READ of size 4 at 0x6160000c521c thread T0
#0 0x7ffff606b055 in osmo_wqueue_bfd_cb libosmocore/src/write_queue.c:65
#1 0x7ffff6055c3b in osmo_fd_disp_fds libosmocore/src/select.c:217
#2 0x7ffff6055ed5 in osmo_select_main libosmocore/src/select.c:257
#3 0x421c82 in main openbsc/openbsc/src/osmo-bsc_nat/bsc_nat.c:1713
#4 0x7ffff4803b44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)
#5 0x406438 (/bin/osmo-bsc_nat+0x406438)
Fixes: OS#3300
Change-Id: I120f646601bd4275b9088d0d73000ce04564bc6b
|
|
Default usage values are defined in mgcp node, and can be per-BSC
overriden on each bsc node.
Change-Id: Ibf3932adc07442fb5e9c7a06404853f9d0a20959
|
|
Since libosmocore 7c0031fc8063771e604976233fb7b46d2b85c077, the cmd
param passed to handlers in ctrl_handle_msg is always freed afterwards,
thus it is owned by the same function. Avoid keeping it alive and
accessing it later when it has already been freed.
Related: OS#3157
Change-Id: Ib1e1fb79746d4a4f3e30254fdb7a7e851c2cd0e4
|
|
Change-Id: Ic2e4ca7d8eb4e8f71dc773b3f2c0f09709d90a94
|
|
Change-Id: If0dfae40f03db297eeb4e296daf5fe78ba53a11b
|
|
Change-Id: I105be500399259a97ef711f17b4a51e72dc8cc53
|
|
Change-Id: I146c4a561b0cd62779d60da3b55b96e24438bd89
|
|
Drop OpenSSL/libcrypto dependency, use osmo_get_rand_id() instead.
Backport
osmo-msc 753c15de2f00e24f76ac9b01a20e1e2ff0f86ce2
= I71cd631704a4dc155c6c752fee2a42cd6e2fa336
"
Migrate from OpenSSL to osmo_get_rand_id()
This avoids potential licensing incompatibility and makes integration of
Debian packaging patches easier.
"
Apply similar changes in bsc-nat, mm_auth_test etc.
Tested manually with osmo-nitb and sysmoBTS, and verified that Authentication
Requests send heterogenous RAND tokens.
Related: OS#1694
Change-Id: I81ebd55c7c90a436c5f2090e6790d78b773d2c92
|
|
vty_install_default() and install_default() will soon be deprecated.
Depends: I5021c64a787b63314e0f2f1cba0b8fc7bff4f09b
Change-Id: I4951982fc78ae167d8e16a672d7af44d703721a9
|
|
osmo_talloc_replace_string() was introducd into libosmocore in 2014, see
commit f3c7e85d05f7b2b7bf093162b776f71b2bc6420d
There's no reason for us to re-implement this as bsc_replace_string
here.
Change-Id: I6d2fcaabbc74730f6f491a2b2d5c784ccafc6602
|
|
Use new function available in libosmocore to set up timers. Compile
tested only.
Change-Id: Ibcfd915688e97d370a888888a83a7c95cbe16819
|
|
According to man, lineptr must be set to null AND n to 0.
Change-Id: I36683884106b97ef697264716de13813c00da9bc
|
|
It is defined in the file and used twice in there, so let's use it for
all of them which makes code smaller and more clear.
Change-Id: I9fac7cabedff74f8f6293ad8b54420229b80aa71
|
|
Since ce9fec3e896571835ac5bfd2980d6836f2b29f0d libosmocore ignores
parameters to log_vty_command_* functions. Hence parameter of
logging_vty_add_cmds() is ignored too. As we depend on much later
libosmocore version anyway, we can simplify code somewhat by removing
parameters which will be ignored anyway.
Change-Id: I62f752fd88f1d8fefa563648f9864c7c31f87991
|
|
Use CTRL_CMD_DEFINE_RO(), CTRL_CMD_DEFINE_WO() and
CTRL_CMD_DEFINE_WO_NOVRF() where appropriate to get rid of boilerplate
code.
Change-Id: I5bcea0b4f4b8f535bef2b423f2013b8b4a218b5b
|
|
Shorten some code and make obvious to the reader that the string copy is done
in a safe way.
Change-Id: I900726cf06d34128db22a3d3d911ee0d1423b1bd
|
|
Used by libbsc, libmsc as well as osmo-bsc and osmo-bsc_nat.
Moving gsm48_create* to libcommon-cs affects linking of osmo-bsc_nat, resulting in
undefined references to gsm48_extract_mi() and gsm48_paging_extract_mi(); fix
that by placing libfilter.a left of libbsc.a upon linker invocation.
Change-Id: I212c2567b56191022b683674c1c4daf842839946
|