An ESME can now be configured in the VTY to enable osmocom-extensions,
which will add vendor-specific SMPP TLVs for RxLev/RxQual/ARFCN/IMEI and
transmit power to the SMPP DELIVER-SM message type.
As bsc_gsmnet is NULL at the time we call smpp_openbsc_init(),
we later run into segfaults with subscribers that don't have a
subscr->net set.
However, we cannot delay smpp_openbsc_init() until after
bsc_bootstrap_network(), as we then fail to parse the SMPP specific
VTY/config file options...
This patch adds a new VTY command "ip.access rsl-ip A.B.C.D" at the
BTS level. If you set this IP address, the BTS will be instructed to
establish the RSL link to the indiciated IP address, rather than using
the same as for the OML link (default).
Use "ip.access rsl-ip 0" to disable the feature.
Inside the SI1 rest_octets we will need to indicate if the ARFCN
is band 1800 or 1900. If the BTS is either 850 or 1900 we assume
we are running a PCS network, otherwise it is a DCS network.
The band indicator is not documented in GSM 04.08 but it is in the
GSM 05.14 version 6.1.0 Release 1997.
abis_rsl.c:332:23: warning: 'memset' call operates on objects of type 'struct rsl_ie_chan_mode'
while the size is based on a different type 'struct rsl_ie_chan_mode *'
[-Wsizeof-pointer-memaccess]
memset(cm, 0, sizeof(cm));
~~ ^~
abis_rsl.c:332:23: note: did you mean to dereference the argument to 'sizeof' (and multiply it
by the number of elements)?
memset(cm, 0, sizeof(cm));
^~
1 warning generated.
The paging structure is still initialized lazily and we attempt
to traverse it before it is ready. The crash was discovered by
Katerina. Removing the lazy initialization will take a bit of work
as the gsm_data_shared is used by the osmo-bts and the OpenBSC but
paging is different.
Katerina pointed out that some nodes are not fully documented and
proposed some messages. The token/timeout messages were correct, I
have modified the other messages. I removed the full-stop from the
PING/PONG documentation as we are normally not using a full sentence.
when the SMS code was moved into libosmocore, its logging prefix was
changed from 'sms' to 'lsms', which breaks existing config files.
This introduces a deprecated/hidden vty command to make sure those
config files are still parsed OK, and will simply print a warning
message about the config needing some update.
The message was corrupt at several points. They are fixed now and
successfully tested.
A default T3122 timer value of 10 is defined by default now. If set to 0,
the reject message will not be sent. Note that when using existing configs
with T3122 value set to 0.
Exclude a BTS from the RF Lock and allow MO and MT operations on
this BTS. The paging modification has been verified using the FakeBTS
and the handover test. Paging continues to work for the normal case.
The RF lock excluded BTS was not paged at all. Now forward the
paging message to the handler and call a function that will check
if this LAC can be paged right now. Introduce a new paging method
that allows to page on a dedicated bts, refactor the code to use
this method for paging.
When introducing the exclude for the BTS lock the RF stayed up but
all connections were immediately released. Optionally pass the BTS
as second parameter and check the exclude bit.
Tested-with: rf-lock-exclude/RFLockExcludeTest.st
If after release has been sent, the call control layer waits for:
- reception of release complete
- or timeout
- or release of transaction (due to radio link failure)
In this case, an MNCC_REL_CNF is sent to upper layer. The callref must
still exist, so the upper layer can handle this confirm.
If transaction is destroyed, but callref still exists, the
mncc_release_ind function is called. If the upper layer already sent an
MNCC_REL_REQ, the state N19 was entered. In this case it expects an
MNCC_REL_CNF.
For PCS1900 the SI1 does not contain the ARFCN of the serving cell.
This is because the arfcn2band method will return GSM_BAND_1800 and
not GSM_BAND_1900. The academic fix would be to set the ARFCN_PCS bit
but this would require increasing the bitvector sizes from 1024/8 to
(0x8000 + 1024) / 8. This would increase the storage size for each
bitvector by three.
It is not possible to have DCS1800 and PCS1900 in one network so we
can avoid increasing the memory usage and check if the ARFCN resolved
to 1800 and then check if the BTS is a 1900 BTS and then claim that
this is compatible.
The code predates the TLV parser and we were parsing the RLM from the
wrong offset. In general we were using the length of the TLV which
happened to be equal to the T200 indication.
After consulting the RLM cuases not every of them should generate a
BSC_RLLR_IND_ERR_IND as these are forwarded to the MSC as a SAPI reject
right now.
TLV parsing now generates this due a bug in the osmo-bts code:
abis_rsl.c:1605 (bts=0,trx=0,ts=2,ss=0) SAPI=0 <0000> abis_rsl.c:1547 (bts=0,trx=0,ts=2,ss=0) ERROR INDICATION cause=Fraeme not implemented
For short IP failures we want the RF to stay up and wait for
the re-connect but in case the A-link is gone too long it is
good to switch off the RF and wait for commands to enable it
again.
Merge the code from the On-Waves branch. Use the internal RF control
interface to switch the TRXs on/off. This code has the necessary delays
to not crash the nanoBTS. Introduce signals for re-connection of the
BSC on the A-link.
The issue can be reproduced by typing the following 9 or more times.
OpenBSC> subscriber id 2 sms sender id 2 send bla
For some unknown reason the phone sends us a CP-ERROR for a transaction
identifier we have allocated and used but don't remember. Due the way
we use the SMC/SMR we 'establish' the machine and this results in a CP-ACK
being sent out. But the CP-ERROR is not having the content we want for
an establish so we send out a RP-ERROR. This will result in a CP-ERROR
because the phone does not know the transaction...
Avoid the issue by checking the direction of the transaction. If we do
not know the transaction and it is supposed to be allocated by us then
just ignore it and do not create a new transaction.
Make the macros use the cmd->node instead of the data pointer. The
naming of the variable inside the macro already indicates that it
should use the nodes data structure.
Like with all type unsafe callbacks we will need to cast from
void to the dtype. This addresses some compiler warnings.
Make it possible to only include the control_cmd.h to use the
macros defined in this file.
Handle the mr_config request and set the AMR multirate config for
the given MSC. Initialize the mr_config with the AMR5.9 default we
have been using until now.
When we are asked to route calls on a local link and
the link is not available we would crash when trying
to send a packet over a deadline. When we have decided
to move a connection it is guranteed that the current
SCCP connection will vanish, we either migrate to another
MSC or the RSL/subscriber connection will be closed.
Inspect the CC Setup messages and if the dialed number is matching
the regexp of the local MSC the connection will be rerouted. The
original MSC will get a GSM0808 CLEAR REQUEST, a new connection with
a CC Setup message will be opened.
For USSD we remember that it is a supplementary service but this
means we sent no CM Service Reject down to the subscriber. Treat
NAT_CON_TYPE_CM_SERV_REQ and NAT_CON_TYPE_SSA the same and send
a cm service reject.
Do the auth check in bsc_nat_filter_sccp_cr, remove the cause from
the signature again. For the bsc_nat_filter_dt restructure the flow
but leave the auth inside the id response message.
Return 1 when the IMSI has been extracted as indicator for running
the auth check. 1 has not been used before and is safe to be used
as this indicator.
In preparation for another kind of black-list allow the filter code
to decide how the connection should be rejected. Introduce a new struct
that will carry the reject causes for certain operations.
This implements exipiry of subscribers, requires a schema change. A permanent
attachment (time set to 0) is not supported any more and would require some
more work. This code was used at the 29C3.
Set the subscriber expiry timeout to twice the duration of the location
update period and provide functions subscr_expire() and
db_subscriber_expire() to mark subscribers offline that have missed two
location update periods.
This patch increases the DB revision to 3, so the hlr will be
incompatible with prior versions.
We should allow 0 for T3212 as well to disable the location update
period. In that case we will need a way to indicate that in the
database.
libcommon: Default to 30min location update period
libbsc: Limit VTY value for periodic update and disallow the value 0
According to GSM 04.08 Table 10.5.33 "The value 0 is used for infinite
timeout value i.e. periodic updating shall not be used within the cell."
This was the default value until now, but the code that deals with
expiring inactive subscribers in the next commit can't handle that case
so this remains a TODO for now.
The actual command implementation was already for this, but some
bad vty parsing prevented optional range arguments from working
properly.
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
This file is created in ./configure so we shouldn't remove it with make.
Otherwise ./configure && make clean && make check fails with:
make[3]: *** No rule to make target `atconfig', needed by `check-local'.
Stop.
We parse the load_config, take the ptrdiff_t from start and load_config
and from the previous array as the alignment can differ on different ABIs.
This was found by Daniel when executing the tests on a 64 bit userspace.
This was reported by Kevin when he was testing handover. The problem
is the order of the signal handlers for S_ABISIP_CRCX_ACK. Right now
the handover signal handler is called before the one inside the libmsc
gsm_04_08.c. This means S_HANDOVER_ACK is signalled _before_ there is a
rtp socket created for the channel. The result is that the MDCX will
never be sent and the called will not be properly switched _after_ the
handover detection.
I do not want to play with the order of signal handlers, remove the
CRCX ack handling from the handover_logic.c and force the NITB (and
later the BSC) to check if the lchan is involved with a handover and
do the switching in there. This means right now we do what two signal
handlers did in one.
Reproduced and tested with the FakeBTS Handover test.
Log message:
<0004> abis_rsl.c:1954 (bts=1,trx=0,ts=3,ss=0) IPAC_CRCX_ACK ...
<000c> gsm_04_08.c:1400 no RTP socket for new_lchan
<001a> rtp_proxy.c:533 rtp_socket_create(): success
<001a> rtp_proxy.c:615 rtp_socket_bind(rs=0x48703c8, IP=0.0.0.0): ...
In case of handover (but probably on RACH) we would send a RLL for
SAPI=0 even if this SAPI was never established. After we have released
all SAPI>0 locally check that SAPI=0 is established and if not release
the rf channel directly.
Merge the channel release re-work. The most notable change is that
SAPI > 0 will now be released on the local end and that the release
process should be both more fast and more standard conform. With SMS
spamming/mass sending the nanoBTS is crashing but this does not appear
to originate from any of these changes. I used git rebase to go through
each of the change to see where the nanoBTS is crashing but couldn't
reproduce it. It might be a general overload or something generated by
the modems of the sysmocom modem bank. Merge it before the 29C3 so we
can test this code some more.
T3109 is started when the SACCH is deactivated. It is stopped when
the phones sends the DISC/UA/UM on LAPDm for the main signalling
link. In case of timeout the abnormal release procedure will be
initiated. Make sure to not issue the SACCH Deactivate twice to
avoid confusing the equipment.
This is still not fully spec compliant. In case of a timeout the
abnormal release handling will be started which involves starting
T3111+2. The error handling should be split out of the rf channel
release method, e.g. lchan_release should be called and check if
the channel release was already initiated.
If the CHAN ACTIV is NACKED we set the state backto NONE. This is
problematic as our channel allocator will allocate from the front
or from the back and if the channel is early in the list it might
cause permanent failures. Introduce a BROKEN state and use it when
the channel activation is failing for an unknown reason. Copy the
cause so it can be inspected later.
Deactivate the SACCH and release all SAPIs locally as of GSM 04.08. Add
documentation to the code and explain what will happen as part of the
release process.
* Release all channels with SAPI > 0 with the "local end release"
(as of NOTE 1 of GSM 04.08).
* No need to wait for all SAPIs to be torn down and the normal
REL_IND/REL_CONF will call rsl_handle_release and the channel
should be released.
* Update the documentation
Put the idiom that sets the lchan state to none and respecting the
error state into a shared method. This way the special handling for
the abnormal case is just in one place.
Avoid printing error messages when paging while the BTS is down. In
case a BTS is going down it is best to just let the timers expire
normally. We can not expire them right away as multiple BTS could be
paged and we do not want to interfere with that. There is no need to
stop the queue right now.
If subscriber A is calling B and has sent a CC Setup message we will
allocate the MO and MT transaction and link them together. When the
BTS or the lchan is failing the BSC API will send a clear request,
as part of the clear request all pending transactions will be released.
As part of taking down the transaction, the remote leg will be informed
and will send a MNCC_REL_REQ. This results in a call to trans_free. The
llist_for_each_entry_safe does not handle removing other elements from
the list and we would segfault.
One way to fix this is to move the transaction list into the subscriber
connection. This might require to create the subscriber connection for
MT handling earlier. Otherwise one could have one transaction list inside
the subscriber connection and a global list for MT- transactions.
--disable-smpp would actually not disable SMPP but enable it. Correct
it for all usages of AC_ARG_ENABLE.
Move the unconditional invocation of PKG_CHECK_MODULES before the
conditional one to make it work as the pkg-config m4 macro appears
to expand the first usage differently and searches for the pkg-config
exuable.
Use "$enableval" to see if the feature should be enabled or disabled
and then search for the module afterwards.
This has been reported and analyzed by Tobias Engel. The IMSI Detach
is dispatched as part of the complete layer3 message. I had patched
the code to release the anchor and call msc_release_connection to
release the connection as fast as possible (otherwise the anchor would
trigger in a couple of seconds).
With commit 70ae5d3000 I made this more
generic to release the connection immediately if there are no operations,
no transaction and no silent call. This leads to the subscriber connection
being released twice and eventually causing a segfault. Remove the
msc_release_connection invocation from the IMSI Detach code as the connection
will be taken down by the BSC API.
This has been tested using the FakeBTS and an IMSI Detach message. The
channel is released immediately and the nitb does not crash.
GCC 3.x on PowerPC correctly highlights that the code is fishy.
Re-reading the RFC 3550 shows that we should subtract it and then
we are in the 16bit range. The probation and re-sync code is still
missing.
GCC:
mgcp/mgcp_network.c:200: warning: comparison is always true due to limited range of data type
MGCP is used over UDP and a response might be lost. The MGCP RFC
asks for keeping a list of responses and then using the previous
response to answer a duplicate request. I tried to conserve memory
and just wanted to remember the last transaction identifier and
result-code and re-generate the result from that. This made the
code look bad and this is why the entire response will now be stored.
It sadly increases the memory usage but can not be avoided at this
time.
Remove the msg->l3h pointer for the RQNT callback as strtok has
modified the content of it.
MT-SMS:
Manual test with VTY to phone. Also multiple SMS deliveries on
the same lchan. Manual test with phone to phone.
MO-SMS:
Manual test with phone to phone but only a single SMS at a time,
not testing the special 'CP-ACK' case.
Forced CP timeout using the fakebts SMSTest, not causing a crash.
Rebased, tested and fixed by Holger Freyther. Release the transaction
only once the SMC is asking for the release and set the cb's to NULL
to catch a use after free early.
This has been rebased and fixed by Holger Freyther. The change of
the debug area was split out in a previous commit and the is_mt was
put back into the transaction code.
The transaction is now freed from the RELEASE_REQ sent by the SMC
layer and not inside the error path. When clearing the SMC instance
we also clear the callbacks.
This should and does happen as part of the trans_free/msc_release_connection
code. There is no easy way to determine that the lchan is now 'free' for other
things.. Let the transaction code sort this out. This code just needs to make
sure that transactions are always freed.
This is more a work around and one still needs to implement a
proper dispatch on the opening of the connection. If there is no
operation left, no transaction and no silent call, close down the
channel.
Use the code that is shipped inside the libosmogsm library. Right now
the signature (besides the static) and the implementation is the same.
This makes using the libosmogsm SMC code more easy in the near future.
For the gsm340_gen_oa we are now using a small wrapper to generate the
proper type and numbering plan.
For some reason, libsmpp34 is too smart to zero out the entire structure
to which it is unpacking. This introduces an ugly wrapper macro to
work around. This needs discussion with the libsmpp34 maintainer.
Move to the control command handling out of the main file into
a dedicated module. There are still some calls embedded into the
main code but it will be moved soon.
Use a usec timestamp for the local time. The seconds to usec will
swap over to the lower bits but this appears to be correct. The
CLOCK_MONOTONIC is used to fulfill the RFC 3550 requirement even
if it is a bit slower than the gettimeofday.
Make sure to initialize transit in a way that the first transit
time will be 0. Otherwise the jitter will contain the difference
of the localtime and the remote time.
Calculate the expected packages and packet loss as of RFC 3550.
The values should be clamped but our packet loss counter is 32
bits and not 24 and we should clamp at other values but I am
waiting for some issues first before dealing with that.
This is missing the probation and the dealing with a remote
restart. For the remote restart we will simply write a log
statement as this is unlikely to happen during a call or if
it does happen the call will be taken down by the BSC anyway.
Align the naming inside the mgcp_rtp_state with the naming inside
the 'source' struct of the appendix. Make first_seq_no/base_seq
a uint16_t. This is removing rules for alignments and reduces the
struct from 40 bytes to 36.
Count the received octets. This is encouraged by the MGCP specification.
Use a 32bit counter that is good enough for more than 12 hours of a EFR
call. This limit is good enough for the current configuration.
The RFC 3435 specifies a different formula for calculating the lost
packages. It involves the number of received packages and the delta
of the sequence number.
The previous code didn't work as expected. The trx and dst pointer
are located in an union and in the case of the Abis code the dst
is used to point to the signalling link timeslot and not the TRX.
The is_ipaccess_bts always returned false because the dst was casted
to a trx while it was no trx.
This fix was tested with the nack_test/NACKTest.st of the test repo.
The test cases were failing on 64bit systems because the sizeof
code operated on the pointer size which is 8 and longer than the
size that was intended to be used for comparing it.
the dh_autoreconf application did not honor the sourcedirectory
option back then. Override the target and call autoreconf from
the right directory.
The libdbi development package is called libdbi0-dev. Use this name
for Debian stable but it should work for Ubuntu as well.
It is a bad idea to detach a subscriber. The subscriber will not
be reachable until the next periodic updating cycle. In case we have
too many failed deliveries we will need to reduce the period for the
LU and implement a subscriber purging task.
This is a preparation for the 29C3 and a problem Jolly experience with
his type writer system.
I saw the old copy of the "Appendix J" code too late and I have
discovered some quirks and I am more familar with my implementation.
Most noticable 'w' only needs to be as big as the input arfcn but
requires the 'w' to be initialized. The power_of_2 implementation
differs as well (mine matches the output of wirehsark).
The f0 could be chosen in a better way but right now picking
the lower bound is the easiest. It is not clear if to use
modulo if the range is chosen in the middle. This can be improved
in the future. Right now I have no bit fiddling for range128, 256
and 1024 as I was running out of time.
alpha=0 (the new value) doesn't reduce MS transmission power during GPRS
as much as we did with alpha=10. This is to optimize for coverage and
to keep GPRS working at all cost, and not care about MS battery life
time or uplink interference in surrounding cells.
FIXME: This should be made configurable via the VTY and the normal
default (unless configured otherwise by vty/config file) should be '6'.
In order to keep mobile at PACCH as long as possible the timer T3192 is
set to 1500ms. This reduces the probablity of long lasting assignment
process on CCCH for subsequent downlink TBFs.
Inspect the message and see if it is a paging response,
then try to find the MSC that has paged this subscriber
and select this as the target MSC, also move the MSC to
the back of the list for 'load balancing'.
The lines 461 and 303 were producing unaligned memory access as
the BVCI was not aligned properly. Introduce a tlvp_val16_unal to
read 16bit from the data, use memcpy to the stack to make sure
that it is working in the aligned and unaligned case.
The commands net.<netid>.bsc.<bscid>.* are now forwarded to the
appropriate osmo-bsc. <netid> for now is just 0. <bscid> is not the LAC
anymore (since that could be ambiguous), but instead the number as
configured in bsc-nat.cfg
The first fields are still the location up to the height.
The next field is "operational" if any of the trx are operational,
otherwise "inoperational"
The second to last field contains "locked" if all of the trx are in the
admin state, otherwise "unlocked".
The last field represents the rf policy currently in effect. It is one
of (on|off|grace|unknown).
<tstamp>,<valid>,<lat>,<lon>,<height>,<oper>,<admin>,<policy>
The ip.access nanoBTS has issues if the admin changes are called
too often in too little time. This will lead to a situation where
the site manager will fail to start properly. Remove the TRX code
as the RF Control class does not support setting this per TRX.
nat: Catch up with controlif_setup API change
We now save a control handle reference in the nat
osmo-bsc: Catch up with controlif_setup API change
We now save a control handle reference in the gsm network
bts_hsl_femtocell.c: In function ‘hsl_sign_link_up’:
bts_hsl_femtocell.c:206:3: warning: format ‘%lx’ expects argument of type ‘long unsigned int’, but argument 7 has type ‘uint64_t’ [-Wformat]
bts_hsl_femtocell.c:210:2: warning: format ‘%lx’ expects argument of type ‘long unsigned int’, but argument 6 has type ‘uint64_t’ [-Wformat]
When adding the "omit RTCP" the method started to return with
a proper return statement.
mgcp_network.c: In function ‘send_to’:
mgcp_network.c:233:1: warning: control reaches end of non-void function [-Wreturn-type]
abis_nm.c: In function ‘abis_nm_get_attr’:
abis_nm.c:1380:11: warning: unused variable ‘cur’ [-Wunused-variable]
abis_nm.c: In function ‘ipac_parse_bcch_info’:
abis_nm.c:2588:11: warning: variable ‘len’ set but not used [-Wunused-but-set-variable]
bts_nokia_site.c:1310:6: warning: variable ‘constructed’ set but not used [-Wunused-but-set-variable]
bts_nokia_site.c: At top level:
bts_nokia_site.c:1364:12: warning: ‘dump_elements’ defined but not used [-Wunused-function]
gsm_04_08.c: In function ‘mm_rx_loc_upd_req’:
gsm_04_08.c:521:6: warning: variable ‘rc’ set but not used [-Wunused-but-set-variable]
osmo_msc.c: In function ‘msc_ciph_m_compl’:
osmo_msc.c:122:7: warning: variable ‘rc’ set but not used [-Wunused-but-set-variable]
bts_hsl_femtocell.c: In function ‘hslfemto_bootstrap_om’:
bts_hsl_femtocell.c:101:11: warning: variable ‘cur’ set but not used [-Wunused-but-set-variable]
bts_hsl_femtocell.c: In function ‘hsl_drop_oml’:
bts_hsl_femtocell.c:232:21: warning: variable ‘line’ set but not used [-Wunused-but-set-variable]
handover_logic.c: In function ‘ho_chan_activ_ack’:
handover_logic.c:197:6: warning: variable ‘rc’ set but not used [-Wunused-but-set-variable]
gcc does not really know the _NR_OF_ELEMENTS_IN_ENUM approach, add
the _NUM_GSM_BTS_TYPE to the handled cases.
gsm_data.c: In function ‘gsm_set_bts_type’:
gsm_data.c:349:2: warning: enumeration value ‘_NUM_GSM_BTS_TYPE’ not handled in switch [-Wswitch]
We now have a lchan->csd_mode member that determines if RSL should
activate the channel in CSD transparent services or not. The previous
code always assumed CSD is non-transparent.
(This requires libosmocore >= eed26116c96f03c6128fac3dead9054714af6cab)
Some nodes below 'config' didn't have ournode_exit / ournode_end,
and thus were not able to properly perform this function. exit should
always only go back one level, while end drops us back to ENABLE_NODE.
The prompt now represents the nesting level, and there's one consistent
space after the final prompt character (typically #).
This effectively limits the number of BTSs to 256, but I think that's
acceptable for now. Unfortuantely there's no decent way to dynamically
update the valid number range depending on how many BTSs are actually
configured in the system :/
Use the Smalltalk SIP implementation to create a call
and once the call has been established start the replay
using the commoncode. No patching of RTP occurs yet.
Update/Move/Create example configuration files for NiTB, BSC,
MGCP, NAT and the GbProxy. Create a script that starts, generates
the vty reference and terminates the application.
While generally we should log troly unknown RR messages, we can simply
pass along RRLP messages (which aren't unknown!)
In real networks, the RRLP would probably not end up at the MSC, but
well, sometimes we don't care what real/classic networks do.
A crash was obsserved in cb_data_ind() when mm is dereferenced.
This patch adds some safeguards that try to prevent the library handle
back-pointer to the pdp_ctx to be NULL, and print a stack backtrace in
case we are free() ing the sgsn-side pdp_ctx while there's still a
library handle attached.
The Nokia E71 sends a "IMSI Detach" this msc code does not immediately
send the "RR Channel Release", the E71 is impatient and sends a DISC,
the "RELEASE INDICATION" is handled by starting the channel release
procedure. OpenBSC sends a "RR Channel Release" which will never be
answered, during the early release there is no timer and the lchan will
be in "RELEASE REQUESTED" forever.
This commit removes the anchor operation and checks if the channel can
be released immediately. Regarding the channel release handling there
is already a branch that needs to be tested.
We are currently not checking if the BTS actually suports that cipher,
and we particularly don't have any hack for ip.access which apparently
seems to re-use the RSL algorithm identifier for A5/2.
so far, osmo-bts/sysmobts used to be entered as "sysmobts" type in the
configuration file. However, there are some differences in the
protocol/behaviour and we should reflect that by a new BTS plugin (with
lots of code reuse from the nanobts driver).
like in libosmogsm, we separate between header files that are just
reflecting information in the respective specs, and header files that
related to our specific implementation.
Instead of direct function calls to individual functions, we now
generate primitives (osmo_prim) and send them to one
application-provided function "bssgp_prim_cb()"
The ip.access nanoBTS appears to send quite broken NTP timestamps in
the RTCP messages might confuse equipment that uses the sender report
of the BTS. Make it easy to experiment by adding an option to drop RTCP.
In case the connection should not be created/accepted release
the channel by sending a RR Release and de-activating the
SACCH. Phones should deal better with that behavior.
In case the call handling starts on a TCH/H switch to a TCH/F
if fullrate is requested. Add a method that is used to determine
if the mode and current channel are compatible with each other.
control_if.c:521:2: warning: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 3 has type ‘uint64_t’ [-Wformat]
osmo_bsc_bssap.c:473:3: warning: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 7 has type ‘unsigned int’ [-Wformat]
mgcp_main.c:162:4: warning: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 4 has type ‘unsigned int’ [-Wformatt]
We want to have multiple MSCs but we also have some data
that is only present on a per BSC basis. Right now the
MSC data is not allocated with talloc, so we have some
change in the talloc contexts.
osmo_bsc_main.c: In function ‘main’:
osmo_bsc_main.c:398:2: warning: implicit declaration of function ‘bts_init’ [-Wimplicit-function-declaration]
osmo_bsc_main.c:399:2: warning: implicit declaration of function ‘libosmo_abis_init’ [-Wimplicit-function-declaration]
osmo_bsc_main.c:418:2: warning: implicit declaration of function ‘bsc_bootstrap_network’ [-Wimplicit-function-declaration]
osmo_bsc_api.c: In function ‘bsc_cm_update’:
osmo_bsc_api.c:195:2: warning: ‘return’ with a value, in function returning void [enabled by default]
osmo_bsc_api.c:193:28: warning: unused variable ‘sccp’ [-Wunused-variable]
Instead of building complex manual byte-wise parsers, we simply use two
strtok_r loops: one iterating over all the lines, the next one
iterating over the invididual space-separated elements in the first line.
The benefit is that we now accept \r, \n or \r\n, or any multiple of
them as line ending. This works around incompliant MGCP implementations
like that of Zynetix MSC.
Addition: mgcp_analyze_header returns 0 when all out parameters have
been set.
Signed-off-by: Holger Hans Peter Freyther <zecke@selfish.org>
In addition to SI 2 and SI 5, the SI 2ter and 2bis is generated, if
neighbour cells in other bands exist. Also it is indicated in the rest
octets of SI3, that SI 2ter is used. If no neighbour cell in a different
band exists, the SI 2ter and SI 5ter is omitted.
A special case is P-GSM range (channels 1-124). To be compatible with
older phones, SI 2bis and SI 5bis is used. If the BCCH lays inside the
P-GSM band, only neighbour cells of the P-GSM range are included in
SI 2 and SI 5. If neighbour cells exist in the same band (900), but lay
outside the P-GSM range, the SI 2bis and SI 5bis is used to extend the
list of neighbour cells. The extension is also indicated in SI 2 and
SI 5. If the BCCH lays inside the P-GSM range, but no neighbour cell
exists in the same band outside the P-GSM range, the SI 2bis ans SI 5bis
are omitted.
strstr() was used with wrong argument order, causing it to always match,
and causing an invalid response to a variety of different SS and USSD
requests.
This has apparently caused havoc among a number of HTC phones which
issue SS requests without user interaction upon boot, and then trip over
our inappropriate response.
This must have been obsoleted by the move to libosmo-abis.
GCC warning:
bts_ipaccess_nanobts.c: In function ‘ipaccess_drop_oml’:
bts_ipaccess_nanobts.c:509:21: warning: variable ‘line’ set but not used [-Wunused-but-set-variable]
The old BSC code had code to override the payload type, this has
been removed, remove the variable accessing it.
GCC warning:
abis_rsl.c: In function ‘ipa_rtp_pt_for_lchan’:
abis_rsl.c:1590:22: warning: unused variable ‘net’ [-Wunused-variable]
Introduce a SS_CCCH for the paging and the rach load. The paging
code could now start using the signal.
GCC warning:
abis_rsl.c: In function ‘rsl_rx_ccch_load’:
abis_rsl.c:1371:11: warning: variable ‘rach_access_count’ set but not used [-Wunused-but-set-variable]
abis_rsl.c:1370:11: warning: variable ‘rach_busy_count’ set but not used [-Wunused-but-set-variable]
abis_rsl.c:1369:11: warning: variable ‘rach_slot_count’ set but not used [-Wunused-but-set-variable]
attribute get|set <0-255> (.HEX) was never implemented and the
output about the unused attributes clutter the build output, remove
them.
GCC warning:
abis_nm_vty.c: In function ‘oml_attrib_get’:
abis_nm_vty.c:141:25: warning: unused variable ‘oms’ [-Wunused-variable]
abis_nm_vty.c: In function ‘oml_attrib_set’:
abis_nm_vty.c:152:25: warning: unused variable ‘oms’ [-Wunused-variable]
Use LOGP(DNM, LOGL_ERROR, ...); for errors in the
abis_nm_rx_sw_act_req method.
GCC warning:
abis_nm.c: In function ‘abis_nm_rx_sw_act_req’:
abis_nm.c:412:6: warning: variable ‘ret’ set but not used [-Wunused-but-set-variable]
Assume nothing special needs to be done for the Nokia
*site hardware.
GCC warning:
gsm_data.c: In function ‘gsm_set_bts_type’:
gsm_data.c:342:2: warning: enumeration value ‘GSM_BTS_TYPE_NOKIA_SITE’ not handled in switch [-Wswitch]
I'm sure I read somewhere that it actually was 0..1024, as I kept
wondering how stupid it was to use 10bit+1. However, that source
was incorrect, as GSM TS 05.05 quite clearly states 0..1023
When we get an assignment command from the MSC, we no longer have to
check statically for certain codecs, as we have a vty-configured list of
codecs that is checked just below.
This allows the use of the existing "call-agent ip A.B.C.D" command in
libmgcp in order to set a default destination address of the call agent.
This is required as a pre-condition for certain call agents (like the
zynetix MSC) that require a RSIP from the BSC to the MSC as the initial
MGCP message.
RR Messages like STATUS, GPRS SUSPEND, HANDOVER COMPLETE/FAIL, ...
should be processed on the BSC side of things, not on the MSC side.
This is among other things required in preparation of intra-BSC
hand-over support in osmo-bsc.
Introduce number rewriting of SMS-SUBMIT. Introduce a new list,
move code around to help with finding a new number, somehow the
number encoding for TP-DA is borked, 03.40 references 04.11 but
the length appears to be strlen(number) without taken the type
field into account.
In case of a reset (loss of the BTS) close down all remaining
RTP Proxy sockets. In case of a lchan_free shout if the rtp
proxy is still open. I would prefer if the proxy code sits inside
the gsm subscriber connection.
gsm_data_shared.h includes e1_input.h of libosmo-abis, add the
LIBOSMOABIS_CFLAGS to Makefile.am, remove AM_LDFLAGS at the same
time as we only build .a archives.
Increase the version number and send the sizeof of the gsm_mncc
and the gsm_data_frame structure. Include the offsets of some
members as well to maybe identify ABI problems.
The reason we go through this is that we want to benefit from
the native ABI and don't want to force packed structs.
In case of a memory allocation failure in rsl_rx_chan_rqd we would
have left the channel in the LCHAN_S_ACT_REQ state. Move the state
change below the allocation.
In case a BTS does not send the RF Channel Release ACK and we are
closing the channel because of an error two timers are running to
set the state back to none.
Make lchan_deact_tmr_cb and rsl_rx_rf_chan_rel_ack behave the same
in regard to changing the state of the lchan. For the other direction
we are save, the error path will set the state to NONE and the timeout
will call lchan_free to set the channel type back to NONE, only then
the lchan may be allocated again.
The channel release procedure requires some more tweaking, some part
was started in the zecke/28c3 branch and needs to be tested/integrated
with the goal of having one common release path.
In case of a failed channel we still want the channel to not be
re-allocated right away but keep it closed/unused for (T3109 + T311).
rsl_rx_rf_chan_rel_ack has a check to not set the channel to S_NONE in
case the channel is in the error state. Add the camp Harald added a timer
to set the channel back to the none state in case the RF Channel Release
is not acked.
This reverts commit fc462dd59e.
show lchan should be capable of showing all allocated lchans,
all of a given bts, a given trx, a given ts. This feature was
broken when I added the ability to show a more simple summary.
Restore the initial behavior by splitting out the for loops
for the bts/trx/ts and check if we have parsed all parameters
and then call and return the subroutine.
Match IMSI and destination address against a set of entries, if it
is matching the header will be modified and no sender report will be
requested. Change the test case to request the sender report and then
verify that this bit is reset to 0.
GSM 04.64 8.4.2 asks to ignore UI frames if the DLCI is not known,
or if the "(V(UR)- 32) <= N(U) < V(UR)". E.g. if we want to have
V(UR) == 511 and this frame is dropped, we would ignore N(U)'s
0 to 510. Calculate the delta.
The code is based on Jonathan Santos's "LLC UI window" fix but the
issue was discovered independly.
The osmo-nitb application sometimes crashes because the BSC API
is doing an assignment underneath which is not handled by the code,
add dumy handlers to not crash, the right thing to do is to change
MNCC to have an assignment that can succeed/fail.
The keyword to look for is MNCC_LCHAN_MODIFY and mncc_sock should
wait for an ack/nack but right now the call just continues.
The UTC offset from the operating system will be used by default to
calculate the NITZ in MM INFO. However, a "timezone" vty command is
added at the BTS level, allowing BTS-specific overrides, e.g. in case
BTSs are distributed accross multiple timezones.
The BSS-side of BSSGP requires quite a number of additional functions
for sending unidirectional messages that a SGSN never sends.
This is a first step into completing the BSSGP implementation and making
it ready to be used from osmo-bts and other BTS-side GPRS
implementations.
Send a hello packet down to the client with the version number
of the MNCC interface. The hello structure might be extended to
include the endianes, size of each structure, etc.
In this iteration I just want to make sure that each VTY command has
online help. Replace "a b" with "a-b" if there is no "a c" with b!=c.
This config should gain some more sanity and consistency, this will
happen in another iteration.
Also make sure to specify seconds in the 'seconds' field. Doing
otherwise is an abuse that non longer works with the new timer infra.
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
do_reset was not initialized anywhere anymore, so the reset was never
triggered. It's now fixed and we add an option to skip it in the
config so that when in production, you can restart without config
changes quickly.
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
In case a MS (of which we have no MM context) sends us anything but a
GMM ATTACH REQUEST, we need to send it a LLC XID RESET (by means of
issuing LLGMM-RESET.req). Otherwise the phone will expect us to send a
specific unacknowledged sequence number that we don't know.
Thanks to Holger for pointing this bug out to me.
It seems to commonly occur when a MS is doing network re-selection and
(erroneously) sends a RA UPD REQ instead of an ATTACH REQ. The RA UPD
REJ that we sent was never seen by the GMM entity in the MS, as the LLC
entity discarded it due to sequence number mis-match.
Using LLGMM-RESET.req, the GMM can request the LLC of the MS to reset
all its parameters, particularly the sequence numbers. We don't yet do
XID RESET retransmissions, and we don't yet generate a LLGMM-RESET.conf
primitive back to GMM.
Ubuntu 11.10 has changed some linker/compiler flags. Some fixes for this
can be seen here[1]. In general the to be linked libs need to be moved into
the LDADD section of parameters. This is with the old BFD linker (not gold).
This is likely to end in some ping-pong with other versions of the linker.
[1] https://bugs.launchpad.net/ubuntu/+source/nis/+bug/771034
Errors:
/usr/bin/ld.bfd.real: bsc_hack.o: undefined reference to symbol 'osmo_init_ignore_signals'
/usr/bin/ld.bfd.real: note: 'osmo_init_ignore_signals' is defined in DSO /home/ich/install/openbsc/lib/libosmocore.so so try adding it to the linker command line
/home/ich/install/openbsc/lib/libosmocore.so: could not read symbols: Invalid operation
...
../../src/libbsc/libbsc.a(rest_octets.o):/home/ich/source/gsm/openbsc/openbsc/src/libbsc/rest_octets.c:381: more undefined references to `bitvec_set_bit' follow
../../src/libbsc/libbsc.a(rest_octets.o): In function `rest_octets_si13':
/home/ich/source/gsm/openbsc/openbsc/src/libbsc/rest_octets.c:382: undefined reference to `bitvec_set_uint'
/home/ich/source/gsm/openbsc/openbsc/src/libbsc/rest_octets.c:383: undefined reference to `bitvec_set_uint'
/home/ich/source/gsm/openbsc/openbsc/src/libbsc/rest_octets.c:385: undefined reference to `bitvec_set_bit'
/home/ich/source/gsm/openbsc/openbsc/src/libbsc/rest_octets.c:402: undefined reference to `bitvec_set_bit'
/home/ich/source/gsm/openbsc/openbsc/src/libbsc/rest_octets.c:403: undefined reference to `bitvec_set_uint'
gprs_gmm.c:240:2: warning: passing argument 4 of ‘gprs_llc_tx_ui’ discards qualifiers from pointer target type
../../include/openbsc/gprs_llc.h:151:5: note: expected ‘void *’ but argument is of type ‘const struct sgsn_mm_ctx *’
gprs_gmm.c:349:11: warning: unused variable ‘ptsig’
gprs_gmm.c:601:5: warning: too many arguments for format
gprs_gmm.c:987:25: warning: initialization discards qualifiers from pointer target type
gprs_gmm.c:1010:6: warning: ‘rc’ may be used uninitialized in this function
When the BTS reboots it might not want to accept our BTS Attr,
do not leave the bsc_msc_ip/bsc_nitb but simply drop the BTS
connection.
Manually cherry-picked from: 54e6c8b3400b376ed36fe84f28f7930d2d9ff24b
The libosmo-abis merge broke Ericsson RBS support, as it didn't get the
part right where the per-TRX OML sign_link is determined while
transmitting OM2000 messages.
As a result of this fix, we can remove the 'to_trx_oml' parameter to
_abis_nm_sendmsg(), which is a nice cleanup.
In order to have the MNCC application reliably decide on the codec type,
it needs to know if we are running on a TCH/F or TCH/H. Thus, we pass
lchan_mode as a new parameter to the 'struct gsm_mncc'
When gsm48_send_rr_ass_cmd() is being called to send the ASSIGNMENT
COMMAND, we need to use the propwer lchan->ms_power setting, not
some fixed magic "0x3" number.
Without this patch, every MS would transmit at a very high output power
fullowing an assignment command - more than what was set in the config
file with "ms max power"
In case of a nack the secondary_lchan will be NULLed but then the T10
timeout will attempt to release the channel and we will try to release
a NULL pointer.
Daniel witnessed this crash at the camp and added the NULL check at:
28d9ccbca0, it is also the proper fix
given the _NAK handling.
When we got a clear request we did not clear the internal
association between the gsm_subscriber_connection and the SCCP
part. When we got a DTAP message before the CLEAR COMMAND we
will end up in a crash as the ->bts pointer of the connection
has been cleared.
#0 bsc_scan_msc_msg (conn=0xde178, msg=<value optimized out>) at osmo_bsc_filter.c:258
#1 0x000112c8 in bsc_handle_dt1 (conn=0xdebd8, msg=0xd1f58, len=<value optimized out>) at osmo_bsc_bssap.c:507
#2 0x00010208 in msc_outgoing_sccp_data (conn=<value optimized out>, msg=0xdfacc, len=858696) at osmo_bsc_sccp.c:73
#3 0x0003c110 in sccp_system_incoming (msgb=0xd1f58) at sccp.c:1064
Remove the separation of half-rate and full-rate AMR. The used rate
can be found inside the AMR payload. The signalling of what kind of
traffic channel is used can be done with the GSM 08.08 Chosen
Channel IE in the Assignment Complete message.
This way I can use a fixed payload type in the MGCP GateWay but
have a mixed TCH/F and TCH/H config. E.g. use TCH/F FR3 for some
subscribers when connected to MSC A but use AMR5.9 on a TCH/F for
MSC B when all TCH/Hs are gone.
When the CRCX 200 is lost on the way to the CallAgent we will
get another CRCX (retransmission) which was answered with a 400.
Change the code to extract the CallID, Mode and the optional
LocalOptions first. Then check if the endp is allocated with the
same call identifier, in that case return the current session
information.
The SDP file for FreeSWITCH should contain o= (Origin) and the
t= (Timing) for the session. The data of the Origin should be
globally unique but this is not the case yet. We will need to
store the (NTP) time of the creation of the endpoint.
Move the regexp parsing code from the NAT to libcommon as it will
be used by the NAT and BSC code. This also adds the #include <regex.h>
include to gsm_data. This header should be split up.
This is a big patch that ports openBSC over libosmo-abis.
Sorry, the changes that are included here are all dependent
of libosmo-abis, splitting them into smaller pieces would
leave the repository in some intermediate state, which is
not desired.
The main changes are:
- The directory libabis/ has been removed as it now lives in
libosmo-abis.
- new configuration file format for nanoBTS and HSL femto, we
need to define the virtual e1_line and attach it to the OML
link.
- all the existing BTS drivers (nanoBTS, hsl femto, Nokia site,
BS11 and rbs2000) now use the new libosmo-abis framework.
- use r232 input driver available in libosmo-abis for bs11_config.
- use ipa_msg_recv instead of old ipaccess_read_msg function.
- delete definition of gsm_e1_subslot and input_signal_data.
These structures now lives in libosmo-abis.
Most of this patch are deletions of libabis/ which has been
moved to libosmo-abis.
This patch also modifies openBSC to use all the new definitions
available in libosmocore and libosmo-abis. In order to do that,
we have replaced the following:
- DINP, DMI, DMIB and DMUX by their respective DL* correspondences.
- SS_GLOBAL by SS_L_GLOBAL
- SS_INPUT by SS_L_INPUT
- S_GLOBAL_SHUTDOWN by S_L_GLOBAL_SHUTDOWN
- SS_INPUT by SS_L_INPUT
- S_INP_* by S_L_INP_* sub-signals
- E1INP_NODE by L_E1INP_NODE vty node
This patch has been tested with:
- one nanoBTS
- the HSL femto with the examples available under libosmo-abis
- BS11 with both dahdi and misdn drivers.
This patch modifies openBSC code to use msg->dst which stores the
pointer to the signalling link structure instead of the pointer to
the transceiver structure.
This patch prepares the introduction of libosmo-abis.
It is possible that MNCC sends a MNCC_LCHAN_MODIFY and
wants a channel mode that is not possible on the current
lchan, in that case a new channel is assigned. We now crash
as the osmo-nitb is not having an assignment complete handler,
add a NULL check.
The Nokia metrosite BTS seem to keep the channels open indefinitely.
If osmo-nitb is restarted while one of the channel was still active
and tries to activate that channel again the bts would return a
CHANNEL ACTIVATE NACK with "Radio channel already activated". This
accumulated over the restarts so soon enough no more channels were
available.
This patch sends a release request to the bts so the channel
becomes available again.
The function lchan_alloc only considers lchans to be available if both
the type and state are NONE. So change show lchan to list all lchans
that are not considered available.
This will cause the remote end to read 0 bytes, which is interpreted as
if we cleanly closed the socket, making the remote end close their side
of the socket, which would lead to us closing our side of the socket,
so we should never send such a packet.
The timer callback will simply reset the lchan state to NONE in order
to prevent channels getting stuck in 'activation requested' or
'deactivation requested' states.
During the GSM deployment in the CCC Camp, Daniel Willmann
noticed that the LCR and the MNCC were closing the local
connection over unix sockets communication quite so often.
After some debugging, Peter Stuge noticed that openBSC was
closing the connection since write was returning 0.
Then, I suggested that it could be a malformed message with
zero length. By skipping empty messages, Peter confirmed that
the connection between the LCR and the MNCC was not closing
anymore. However, there was no voice in the calls that went
over MNCC.
After some more debugging I found that we were not building
GSM_TCHF_FRAME over MNCC appropriately in the TRAU multiplexer
code, since we forgot to msgb_put() the message.
Scenario: BTS are configured and working, then the BSC stops working
for some reason (crash or administrative stop).
If the BSC comes back to life, LAPD among other things does not know
about the previous existing TEIs. Instead of ignoring these frames,
we notify the driver that we are seeing frames with unknown TEIs, so
it can try to recover, e.g. by resending the SABM message.
Running the entire bts_nokia_site.c through the 'Lindent' script
to match indent/coding style with remainder of project.
There are still lots of other cleanups pending, but this one is
a purely cosmetic one.
DAHDI creates one device node for every E1 timeslot, starting from '1',
and keeps incrementing that number even for additional ports/cards.
Thus, we have to use the e1inp_line number multiplied by 31 as a base.
The byte ordering is a bit odd: The least significant byte is ahead of
the most significant byte, different from everything else in GSM that
seems to be big-endian.
Thanks to Seungju Kim <admin@manateeshome.com> for repoerting the bug.
This fixes a bug introduced more than one year ago in commit
e38bd6caa3:
The RSL_IE_CHAN_IDENT is a TLV, but the GSM48_IE_CHANDESC_2 contained in
it, is a mere TV type IE with fixed length.
The problem specifically has caused problems on Nokia MetroSite BTS,
which apparently read the TSC out of this Layer3 IE.
The MS Radio Access Capability IE can be _very_ long in some recent
high-end mobile phones, way beyond the old 14-byte limit. We increase
our array to 52 bytes, and make sure not to overflow that buffer.
It was possible to set the LAC=0 on a subscriber that just has
done a LU because it did not respond to a paging request.
E.g. when a phone is rebooting, a SMS being delivered, the phone
is doing the LU, sub_ready_for_sm will try to send a SMS (but the
phone is not ready yet and it will timeout), then the paging code will
send us an expiration note and we might set the LAC=0 for this
subscriber.
Ideally we would be able to stop the paging request once the subscriber
is authenticated and then hand this to the SMS layer, right now the
best thing to do is to detect that we will run into this problem and
not send the SMS, not try to set the LAC=0.
When the BSC is refusing to open an outgoing connection the SCCP
connection was leaked. Use the normal free as the socket should
be either closed or disconnected.
Reset the BTS MO State on BTS bootstrap. This way we will always
test the BTS disconnect/reconnect case of the BTS.
Do not reset the administrative state of objects. The BSC might
have set these and wants to maintain them across disconnect/
reconnect. Right now this is true for the TRX state.
We want to compare the file more_magic[0] and more_magic[1]
with the static more_magic array to see where the difference
is.
src/ipaccess/ipaccess-firmware.c +64 ipaccess_analyze_file(26) warn: buffer overflow 'firmware_header->more_magic' 2 <= 2
src/ipaccess/ipaccess-firmware.c +64 ipaccess_analyze_file(26) warn: buffer overflow 'firmware_header->more_magic' 2 <= 3
* net.location to get/set the geographical location of the network
format is <tstamp>,<lat>,<lon>,<height>
* per trx rf_locked command (net.bts0.trx0.rf_locked)
* network-wide rf_locked command (net.rf_locked)
These commands are installed in controlif_setup. Query them like this:
"rate_ctr.<interval>.<counter group>.<index>.<counter name>" for rate
counters and "counter.<counter name>" for regular counters. <interval>
may be either "abs" for absolute values or one or
"per_{sec,min,hour,day}".
It is possible to query all rate counters in a group (regardless of
index) or all counters in a group and with a certain index if you omit
<counter name> and <index> or just <counter name>.
due to a missing return statement, we ran into the 'reject' case
of bssmap_handle_cipher_mode(). Due to another bug in libosmocore,
the reject message was corrupted (fixed in libosmocore commit
0c83670a595a278b7d1fb7b21b2eacab84d3c031)
GCC 4.6.0 and LD.BFD 2.21 on ARM somehow fail to resolve
the dbi symbols when we have the library in front of the
static libraries, move them to the back.
Without this patch the tlv_def_patch symbol and the
gsm48_construct_ra.
GCC 4.6.0 and LD.BFD 2.21 on ARM somehow fail to resolve
the dbi symbols when we have the library in front of the
static libraries, move them to the back.
The idea that MCC and MNC is enough to classify a subscriber
turns out to be wrong. Certain operatos license a number range
of IMSIs to others. When we see a '^' in the MCC field we treat
it as a regexp. The code now turns the MCC/MNC into a regexp
for the IMSI. It is not using extended POSIX regexp to match
the behavior of the access list.
Separate the code to patch the code and the code to find a
new number based on the old number. This will allow to add
multiple targets for number changing.
Fix make distcheck to uninstall files that were installed
by our custom hook.
This is fixing:
ERROR: files left after uninstall:
./share/doc/openbsc/examples/osmo-bsc_mgcp/mgcp.cfg
./share/doc/openbsc/examples/osmo-nitb/nanobts/openbsc.cfg
./share/doc/openbsc/examples/osmo-nitb/nanobts/openbsc-multitrx.cfg
./share/doc/openbsc/examples/osmo-nitb/bs11/openbsc-1bts-2trx.cfg
./share/doc/openbsc/examples/osmo-nitb/bs11/openbsc.cfg
./share/doc/openbsc/examples/osmo-nitb/bs11/openbsc-1bts-2trx-hopping.cfg
./share/doc/openbsc/examples/osmo-nitb/bs11/openbsc-2bts-2trx.cfg
./share/doc/openbsc/examples/osmo-nitb/rbs2308/openbsc.cfg
This patch fixes a segfault that occured when a ipaccess RSL link gets
closed unexpectedly.
The segfault can be provoked by connecting to the RSL port with ncat and
hitting ^C.
autoconf >=2.68 demands the body of an AC_COMPILE_IFELSE to be wrapped in
an AC_LANG_SOURCE macro, otherwise outputs annoying warnings on the
invocation of `autoreconf -i`. this patch follows that demand.
This should not introduce any functional changes, it just re-arranges
some definitions in the header file, and introduces the ROLE_BSC
define that we enable for the BSC-specific fields.
The daemons set up nanoBTS and HSL femto sockets by default, ie. the
three sockets to support these two drivers are open even if we have
no BTS of that kind.
This patch enables on-demand socket creation, ie. we only enable them
if we have one BTS at least that requires it.
I added two new attributes to the gsm_bts object, they are:
* the start() function includes the code that we need to run to start
the BTS. This new function contains the socket creation in the
particular case of nanoBTS and HSL femto.
* the started boolean, which is used to know if we have already
started the BTS, ie. we have already invoked start().
Note that, I have splitted the bts_model_*_init() function into two
functions, the _init() functions that register the BTS driver
and the _start() functions that start BTS driver on-demand.
While I was at it, I added several changes/cleanups to this patch:
* Group all bts_model_*_init() calls into one function bts_init(),
which is called in the initialization path of osmo-nitb and
osmo-bsc.
* Add openbsc/bss.h that contains the declaration of
bsc_bootstrap_network, bsc_shutdown_net and bts_init.
* Add missing e1inp_init() in osmo-bsc.
* Fix missing declaration of hsl_setup in openbsc/e1_input.h
The error message was missing in case of problems bootstrapping the BTS.
The E1 input driver initialization was displayed in the standard output,
now this error is reported via logs.
With this patch, we don't include e1_input if it's empty
[...]
timeslot 7
phys_chan_config TCH/F
hopping enabled 0
e1_input <----------------- empty, it should not show up.
msc
[...]
Pablo pointed out that my previous commit was rubish. If we have
less than two arguments we want ifname to remain NULL and if we
have a second argument (or more) we want to use that as the interface
name to bind to.
Use the libosmocore code to ignore certain signals by
default (e.g. SIGHUP, SIGPIPE) and use the new code to
create a default stderr logging target and initialize
it properly.
This can be used to throw the data into GNUplot. It collects
the time (from the start of the trace), the buffer data in kbyte
and the number of buffered PDUs. It is assuming that no PDU
is delivered toward the target.
This patch adds several messages that would be displayed if:
* the Ki argument is missing.
* you pass an invalid Ki.
* the database fails to perform the operation (add/delete/update).
Before this patch, no messages were spotted on this errors.
I noticed this while adding Ki to the existing subscribers in the
nanoBTS setup: I introduced a wrong Ki but the VTY command line did
not report any error. A quick look at the database via sqlite
command confirmed that the new authkey information was not added.
Introduce a paging group that a BSC can refer to and is used
during the LAC lookup. This way paging can be flooded through
the network and just filtered at the last element in the core.
The current code tries to find _one_ bsc for a paging message
and then continues. The new code will try to find multiple BSCs
for each LAC. This is done in preparation of having two BSCs
handle the same LAC. This code right now is O(m*n) but it will
be worse once paging groups are landed.
The code to test the function was reduced to just test the lac
lookup code as the other part can not be tested in a standalone
setup anymore.
The code to create the struct gsm_bts is in libcommon right now
and we can not call paging_init from there. Right now it appears
to be the easiest of doing the init internally.
Be able to configure a list of destinations (duplicates allowed)
that will be tried in a round robin fashion. The change is in
the bsc_msc_connection to operate on a list. We achieve the
round robin nature with the same trick used in the paging code
to delete and append the current entry. The nat code was updated
to compile but one can only configure one destination.
For restarting the NAT we can now block it, it will not accept
new connections and for existing connections it will attempt
to drop them over time. A blocked NAT will end up with no BSC
connections left and then can be safely restarted.
In case this is a local USSD connection we will ignore
the clear command and respond with a RLC to any RLSD but
will never forward that to the BSC. This way the external
USSD is fully in charge of the connection.
There are theoretical issues if there are multiple transactions
on the same SCCP Connection but this can not be solved properly
right now.
Keep track of the used transaction identifier and always forward
messages to the USSD provider. E.g. this can be used to have a
dialogue going. Right now it is still possible that the MSC will
close down the connection.
We need to and out the protocol discriminator as call control
might have use transactions. This has only failed for the USSD
filter so far as this must deal with transactions.
With this patch, ipaccess-proxy makes more robust option checking:
$ ./ipaccess-proxy -l 1.1.1.1 -b 2.2.2.2 -e
ERROR: missing mandatory argument for `-e' option
And we return to shell to enforce the user to try again with the
appropriate invocation.
Before this patch, the default getopt_long() error handling was
enabled which displayed this message:
./ipaccess-proxy: option requires an argument -- 'e'
and ipaccess-proxy continued working.
This is generic enough to cover other option that require mandatory
arguments like `--bsc' and `--listen'.
Now ipaccess_idtag_parse() returns -EINVAL instead of -1. We also
check for the return value of this function in every invocation to
skip further processing in case of messages with malformed TLVs.
This idea was suggested by Zecke.
When we have no other MNCC connection but the registeration of the
new fd is failing we should not disable reading from the listen_fd
for ever as the situation might not be permanent.
This patch removes the C99 structure initialization which is not allowed
by the wireshark project (since it has to compile with non-C99 compliant
compilers).
It also adds a new option to enable/disable the dissection of vendor
specific ip.access nanoBTS RSL messages.
Tested with file:
ipaccess-startup-mo_to_mo_call-proxy.pcap
* include/openbsc/ipaccess.h: Reserve a protocol number for control
commands
* input/ipaccess.c: New function ipaccess_prepend_header_ext prepends
the extension header
This patch finishes the new ipaccess_send_*() functions and use them
in the ipaccess-proxy code.
I have also cleanup the definition of the PONG, ID_ACK and ID_REQ
messages (including some minor documentation about them).
I had to rename ipaccess_recvmsg() in ipaccess-proxy to avoid clashing
with the one defined in libabis.
For the USSD module we only want to handle requests that are
legitimate. This is achieved by looking for the CM Service Accept
or the BSSAP CIPHER MODE COMMAND.
This patch extends the make_sock() prototype so you can fully set
the fields priv_nr and data of the bsc_fd structure.
This is the first step to get rid of the internal make_sock()
implementation that ipaccess-proxy uses.
This patch includes a minor cleanup to pass INADDR_ANY instead
of zero, if you do not want to bind the socket to one specific
address.
The VTY code calls the write function for nodes in the order of
registration of the node and not in terms of hierachy of nodes. This
means that the e1_input code is written before the MSC node that
was the child of the network. Make the MSC_NODE a direct descendant
of the CONFIG_NODE and avoid this issue.
In 136f453dd2, I forgot to update
the new header path in the test/bsc-nat files (this happened to
me because I forgot to configured openBSC without --enable-nat).
libosmogsm is a new library that is distributed in the libosmocore.
Now, openbsc depends on it. This patch gets openbsc with this
change.
This patch also rewrites all include path to the new
osmocom/[gsm|core]
Signed-off-by: Pablo Neira Ayuso <pablo@gnumonks.org>
This patch fixes:
CC gb_proxy_main.o
gb_proxy_main.c: In function ‘main’:
gb_proxy_main.c:224: warning: implicit declaration of function ‘logging_vty_add_cmds’
And a similar problem in osmo-bsc_nat.
This was introduced in by myself in patch:
"bsc: change bsc_vty_init to take logging categories as parameter"
Signed-off-by: Pablo Neira Ayuso <pablo@gnumonks.org>
This change is required to finish the integration of the VTY and
the per-application logging categories that provides:
"vty: integration with logging framework"
in libosmocore.
It has been tested with osmo-nitb. The other just compiled tested.
This is the case of osmo-nitb, since it does not call
osmo_bsc_rf_create().
term1: $ ./osmo-nitb -c ../openbsc.cfg.nanobts
term2: $ telnet localhost 4242
term2: OpenBSC> show network
term1: Segmentation fault
This patch applies to the wireshark/0001-abis_oml.patch.
This patch converts the C99 structure initialization which is not
accepted by the wireshark developers (Harald told me that they need
it to compile with non-gcc compilers which don't always support C99).
I have tested it here with four pcap files that Harald passed to me.
... and in order to do this reasonably well, we have to get rid of
the pre-computed message length field in the OML header. Instead,
we now simply compute it at abis_om2k_sendmsg() time based on the
msgb_l2len().
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
