The ip.access nanoBTS appears to send quite broken NTP timestamps in
the RTCP messages might confuse equipment that uses the sender report
of the BTS. Make it easy to experiment by adding an option to drop RTCP.
In case the connection should not be created/accepted release
the channel by sending a RR Release and de-activating the
SACCH. Phones should deal better with that behavior.
In case the call handling starts on a TCH/H switch to a TCH/F
if fullrate is requested. Add a method that is used to determine
if the mode and current channel are compatible with each other.
control_if.c:521:2: warning: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 3 has type ‘uint64_t’ [-Wformat]
osmo_bsc_bssap.c:473:3: warning: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 7 has type ‘unsigned int’ [-Wformat]
mgcp_main.c:162:4: warning: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 4 has type ‘unsigned int’ [-Wformatt]
We want to have multiple MSCs but we also have some data
that is only present on a per BSC basis. Right now the
MSC data is not allocated with talloc, so we have some
change in the talloc contexts.
osmo_bsc_main.c: In function ‘main’:
osmo_bsc_main.c:398:2: warning: implicit declaration of function ‘bts_init’ [-Wimplicit-function-declaration]
osmo_bsc_main.c:399:2: warning: implicit declaration of function ‘libosmo_abis_init’ [-Wimplicit-function-declaration]
osmo_bsc_main.c:418:2: warning: implicit declaration of function ‘bsc_bootstrap_network’ [-Wimplicit-function-declaration]
osmo_bsc_api.c: In function ‘bsc_cm_update’:
osmo_bsc_api.c:195:2: warning: ‘return’ with a value, in function returning void [enabled by default]
osmo_bsc_api.c:193:28: warning: unused variable ‘sccp’ [-Wunused-variable]
Instead of building complex manual byte-wise parsers, we simply use two
strtok_r loops: one iterating over all the lines, the next one
iterating over the invididual space-separated elements in the first line.
The benefit is that we now accept \r, \n or \r\n, or any multiple of
them as line ending. This works around incompliant MGCP implementations
like that of Zynetix MSC.
Addition: mgcp_analyze_header returns 0 when all out parameters have
been set.
Signed-off-by: Holger Hans Peter Freyther <zecke@selfish.org>
In addition to SI 2 and SI 5, the SI 2ter and 2bis is generated, if
neighbour cells in other bands exist. Also it is indicated in the rest
octets of SI3, that SI 2ter is used. If no neighbour cell in a different
band exists, the SI 2ter and SI 5ter is omitted.
A special case is P-GSM range (channels 1-124). To be compatible with
older phones, SI 2bis and SI 5bis is used. If the BCCH lays inside the
P-GSM band, only neighbour cells of the P-GSM range are included in
SI 2 and SI 5. If neighbour cells exist in the same band (900), but lay
outside the P-GSM range, the SI 2bis and SI 5bis is used to extend the
list of neighbour cells. The extension is also indicated in SI 2 and
SI 5. If the BCCH lays inside the P-GSM range, but no neighbour cell
exists in the same band outside the P-GSM range, the SI 2bis ans SI 5bis
are omitted.
strstr() was used with wrong argument order, causing it to always match,
and causing an invalid response to a variety of different SS and USSD
requests.
This has apparently caused havoc among a number of HTC phones which
issue SS requests without user interaction upon boot, and then trip over
our inappropriate response.
This must have been obsoleted by the move to libosmo-abis.
GCC warning:
bts_ipaccess_nanobts.c: In function ‘ipaccess_drop_oml’:
bts_ipaccess_nanobts.c:509:21: warning: variable ‘line’ set but not used [-Wunused-but-set-variable]
The old BSC code had code to override the payload type, this has
been removed, remove the variable accessing it.
GCC warning:
abis_rsl.c: In function ‘ipa_rtp_pt_for_lchan’:
abis_rsl.c:1590:22: warning: unused variable ‘net’ [-Wunused-variable]
Introduce a SS_CCCH for the paging and the rach load. The paging
code could now start using the signal.
GCC warning:
abis_rsl.c: In function ‘rsl_rx_ccch_load’:
abis_rsl.c:1371:11: warning: variable ‘rach_access_count’ set but not used [-Wunused-but-set-variable]
abis_rsl.c:1370:11: warning: variable ‘rach_busy_count’ set but not used [-Wunused-but-set-variable]
abis_rsl.c:1369:11: warning: variable ‘rach_slot_count’ set but not used [-Wunused-but-set-variable]
attribute get|set <0-255> (.HEX) was never implemented and the
output about the unused attributes clutter the build output, remove
them.
GCC warning:
abis_nm_vty.c: In function ‘oml_attrib_get’:
abis_nm_vty.c:141:25: warning: unused variable ‘oms’ [-Wunused-variable]
abis_nm_vty.c: In function ‘oml_attrib_set’:
abis_nm_vty.c:152:25: warning: unused variable ‘oms’ [-Wunused-variable]
Use LOGP(DNM, LOGL_ERROR, ...); for errors in the
abis_nm_rx_sw_act_req method.
GCC warning:
abis_nm.c: In function ‘abis_nm_rx_sw_act_req’:
abis_nm.c:412:6: warning: variable ‘ret’ set but not used [-Wunused-but-set-variable]
Assume nothing special needs to be done for the Nokia
*site hardware.
GCC warning:
gsm_data.c: In function ‘gsm_set_bts_type’:
gsm_data.c:342:2: warning: enumeration value ‘GSM_BTS_TYPE_NOKIA_SITE’ not handled in switch [-Wswitch]
I'm sure I read somewhere that it actually was 0..1024, as I kept
wondering how stupid it was to use 10bit+1. However, that source
was incorrect, as GSM TS 05.05 quite clearly states 0..1023
When we get an assignment command from the MSC, we no longer have to
check statically for certain codecs, as we have a vty-configured list of
codecs that is checked just below.
This allows the use of the existing "call-agent ip A.B.C.D" command in
libmgcp in order to set a default destination address of the call agent.
This is required as a pre-condition for certain call agents (like the
zynetix MSC) that require a RSIP from the BSC to the MSC as the initial
MGCP message.
RR Messages like STATUS, GPRS SUSPEND, HANDOVER COMPLETE/FAIL, ...
should be processed on the BSC side of things, not on the MSC side.
This is among other things required in preparation of intra-BSC
hand-over support in osmo-bsc.
Introduce number rewriting of SMS-SUBMIT. Introduce a new list,
move code around to help with finding a new number, somehow the
number encoding for TP-DA is borked, 03.40 references 04.11 but
the length appears to be strlen(number) without taken the type
field into account.
In case of a reset (loss of the BTS) close down all remaining
RTP Proxy sockets. In case of a lchan_free shout if the rtp
proxy is still open. I would prefer if the proxy code sits inside
the gsm subscriber connection.
gsm_data_shared.h includes e1_input.h of libosmo-abis, add the
LIBOSMOABIS_CFLAGS to Makefile.am, remove AM_LDFLAGS at the same
time as we only build .a archives.
Increase the version number and send the sizeof of the gsm_mncc
and the gsm_data_frame structure. Include the offsets of some
members as well to maybe identify ABI problems.
The reason we go through this is that we want to benefit from
the native ABI and don't want to force packed structs.
In case of a memory allocation failure in rsl_rx_chan_rqd we would
have left the channel in the LCHAN_S_ACT_REQ state. Move the state
change below the allocation.
In case a BTS does not send the RF Channel Release ACK and we are
closing the channel because of an error two timers are running to
set the state back to none.
Make lchan_deact_tmr_cb and rsl_rx_rf_chan_rel_ack behave the same
in regard to changing the state of the lchan. For the other direction
we are save, the error path will set the state to NONE and the timeout
will call lchan_free to set the channel type back to NONE, only then
the lchan may be allocated again.
The channel release procedure requires some more tweaking, some part
was started in the zecke/28c3 branch and needs to be tested/integrated
with the goal of having one common release path.
In case of a failed channel we still want the channel to not be
re-allocated right away but keep it closed/unused for (T3109 + T311).
rsl_rx_rf_chan_rel_ack has a check to not set the channel to S_NONE in
case the channel is in the error state. Add the camp Harald added a timer
to set the channel back to the none state in case the RF Channel Release
is not acked.
This reverts commit fc462dd59e.
show lchan should be capable of showing all allocated lchans,
all of a given bts, a given trx, a given ts. This feature was
broken when I added the ability to show a more simple summary.
Restore the initial behavior by splitting out the for loops
for the bts/trx/ts and check if we have parsed all parameters
and then call and return the subroutine.
Match IMSI and destination address against a set of entries, if it
is matching the header will be modified and no sender report will be
requested. Change the test case to request the sender report and then
verify that this bit is reset to 0.
GSM 04.64 8.4.2 asks to ignore UI frames if the DLCI is not known,
or if the "(V(UR)- 32) <= N(U) < V(UR)". E.g. if we want to have
V(UR) == 511 and this frame is dropped, we would ignore N(U)'s
0 to 510. Calculate the delta.
The code is based on Jonathan Santos's "LLC UI window" fix but the
issue was discovered independly.
The osmo-nitb application sometimes crashes because the BSC API
is doing an assignment underneath which is not handled by the code,
add dumy handlers to not crash, the right thing to do is to change
MNCC to have an assignment that can succeed/fail.
The keyword to look for is MNCC_LCHAN_MODIFY and mncc_sock should
wait for an ack/nack but right now the call just continues.
The UTC offset from the operating system will be used by default to
calculate the NITZ in MM INFO. However, a "timezone" vty command is
added at the BTS level, allowing BTS-specific overrides, e.g. in case
BTSs are distributed accross multiple timezones.
The BSS-side of BSSGP requires quite a number of additional functions
for sending unidirectional messages that a SGSN never sends.
This is a first step into completing the BSSGP implementation and making
it ready to be used from osmo-bts and other BTS-side GPRS
implementations.
Send a hello packet down to the client with the version number
of the MNCC interface. The hello structure might be extended to
include the endianes, size of each structure, etc.
In this iteration I just want to make sure that each VTY command has
online help. Replace "a b" with "a-b" if there is no "a c" with b!=c.
This config should gain some more sanity and consistency, this will
happen in another iteration.
Also make sure to specify seconds in the 'seconds' field. Doing
otherwise is an abuse that non longer works with the new timer infra.
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
do_reset was not initialized anywhere anymore, so the reset was never
triggered. It's now fixed and we add an option to skip it in the
config so that when in production, you can restart without config
changes quickly.
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
In case a MS (of which we have no MM context) sends us anything but a
GMM ATTACH REQUEST, we need to send it a LLC XID RESET (by means of
issuing LLGMM-RESET.req). Otherwise the phone will expect us to send a
specific unacknowledged sequence number that we don't know.
Thanks to Holger for pointing this bug out to me.
It seems to commonly occur when a MS is doing network re-selection and
(erroneously) sends a RA UPD REQ instead of an ATTACH REQ. The RA UPD
REJ that we sent was never seen by the GMM entity in the MS, as the LLC
entity discarded it due to sequence number mis-match.
Using LLGMM-RESET.req, the GMM can request the LLC of the MS to reset
all its parameters, particularly the sequence numbers. We don't yet do
XID RESET retransmissions, and we don't yet generate a LLGMM-RESET.conf
primitive back to GMM.
Ubuntu 11.10 has changed some linker/compiler flags. Some fixes for this
can be seen here[1]. In general the to be linked libs need to be moved into
the LDADD section of parameters. This is with the old BFD linker (not gold).
This is likely to end in some ping-pong with other versions of the linker.
[1] https://bugs.launchpad.net/ubuntu/+source/nis/+bug/771034
Errors:
/usr/bin/ld.bfd.real: bsc_hack.o: undefined reference to symbol 'osmo_init_ignore_signals'
/usr/bin/ld.bfd.real: note: 'osmo_init_ignore_signals' is defined in DSO /home/ich/install/openbsc/lib/libosmocore.so so try adding it to the linker command line
/home/ich/install/openbsc/lib/libosmocore.so: could not read symbols: Invalid operation
...
../../src/libbsc/libbsc.a(rest_octets.o):/home/ich/source/gsm/openbsc/openbsc/src/libbsc/rest_octets.c:381: more undefined references to `bitvec_set_bit' follow
../../src/libbsc/libbsc.a(rest_octets.o): In function `rest_octets_si13':
/home/ich/source/gsm/openbsc/openbsc/src/libbsc/rest_octets.c:382: undefined reference to `bitvec_set_uint'
/home/ich/source/gsm/openbsc/openbsc/src/libbsc/rest_octets.c:383: undefined reference to `bitvec_set_uint'
/home/ich/source/gsm/openbsc/openbsc/src/libbsc/rest_octets.c:385: undefined reference to `bitvec_set_bit'
/home/ich/source/gsm/openbsc/openbsc/src/libbsc/rest_octets.c:402: undefined reference to `bitvec_set_bit'
/home/ich/source/gsm/openbsc/openbsc/src/libbsc/rest_octets.c:403: undefined reference to `bitvec_set_uint'
gprs_gmm.c:240:2: warning: passing argument 4 of ‘gprs_llc_tx_ui’ discards qualifiers from pointer target type
../../include/openbsc/gprs_llc.h:151:5: note: expected ‘void *’ but argument is of type ‘const struct sgsn_mm_ctx *’
gprs_gmm.c:349:11: warning: unused variable ‘ptsig’
gprs_gmm.c:601:5: warning: too many arguments for format
gprs_gmm.c:987:25: warning: initialization discards qualifiers from pointer target type
gprs_gmm.c:1010:6: warning: ‘rc’ may be used uninitialized in this function
When the BTS reboots it might not want to accept our BTS Attr,
do not leave the bsc_msc_ip/bsc_nitb but simply drop the BTS
connection.
Manually cherry-picked from: 54e6c8b3400b376ed36fe84f28f7930d2d9ff24b
The libosmo-abis merge broke Ericsson RBS support, as it didn't get the
part right where the per-TRX OML sign_link is determined while
transmitting OM2000 messages.
As a result of this fix, we can remove the 'to_trx_oml' parameter to
_abis_nm_sendmsg(), which is a nice cleanup.
In order to have the MNCC application reliably decide on the codec type,
it needs to know if we are running on a TCH/F or TCH/H. Thus, we pass
lchan_mode as a new parameter to the 'struct gsm_mncc'
When gsm48_send_rr_ass_cmd() is being called to send the ASSIGNMENT
COMMAND, we need to use the propwer lchan->ms_power setting, not
some fixed magic "0x3" number.
Without this patch, every MS would transmit at a very high output power
fullowing an assignment command - more than what was set in the config
file with "ms max power"
In case of a nack the secondary_lchan will be NULLed but then the T10
timeout will attempt to release the channel and we will try to release
a NULL pointer.
Daniel witnessed this crash at the camp and added the NULL check at:
28d9ccbca0, it is also the proper fix
given the _NAK handling.
When we got a clear request we did not clear the internal
association between the gsm_subscriber_connection and the SCCP
part. When we got a DTAP message before the CLEAR COMMAND we
will end up in a crash as the ->bts pointer of the connection
has been cleared.
#0 bsc_scan_msc_msg (conn=0xde178, msg=<value optimized out>) at osmo_bsc_filter.c:258
#1 0x000112c8 in bsc_handle_dt1 (conn=0xdebd8, msg=0xd1f58, len=<value optimized out>) at osmo_bsc_bssap.c:507
#2 0x00010208 in msc_outgoing_sccp_data (conn=<value optimized out>, msg=0xdfacc, len=858696) at osmo_bsc_sccp.c:73
#3 0x0003c110 in sccp_system_incoming (msgb=0xd1f58) at sccp.c:1064
Remove the separation of half-rate and full-rate AMR. The used rate
can be found inside the AMR payload. The signalling of what kind of
traffic channel is used can be done with the GSM 08.08 Chosen
Channel IE in the Assignment Complete message.
This way I can use a fixed payload type in the MGCP GateWay but
have a mixed TCH/F and TCH/H config. E.g. use TCH/F FR3 for some
subscribers when connected to MSC A but use AMR5.9 on a TCH/F for
MSC B when all TCH/Hs are gone.
When the CRCX 200 is lost on the way to the CallAgent we will
get another CRCX (retransmission) which was answered with a 400.
Change the code to extract the CallID, Mode and the optional
LocalOptions first. Then check if the endp is allocated with the
same call identifier, in that case return the current session
information.
The SDP file for FreeSWITCH should contain o= (Origin) and the
t= (Timing) for the session. The data of the Origin should be
globally unique but this is not the case yet. We will need to
store the (NTP) time of the creation of the endpoint.
Move the regexp parsing code from the NAT to libcommon as it will
be used by the NAT and BSC code. This also adds the #include <regex.h>
include to gsm_data. This header should be split up.
This is a big patch that ports openBSC over libosmo-abis.
Sorry, the changes that are included here are all dependent
of libosmo-abis, splitting them into smaller pieces would
leave the repository in some intermediate state, which is
not desired.
The main changes are:
- The directory libabis/ has been removed as it now lives in
libosmo-abis.
- new configuration file format for nanoBTS and HSL femto, we
need to define the virtual e1_line and attach it to the OML
link.
- all the existing BTS drivers (nanoBTS, hsl femto, Nokia site,
BS11 and rbs2000) now use the new libosmo-abis framework.
- use r232 input driver available in libosmo-abis for bs11_config.
- use ipa_msg_recv instead of old ipaccess_read_msg function.
- delete definition of gsm_e1_subslot and input_signal_data.
These structures now lives in libosmo-abis.
Most of this patch are deletions of libabis/ which has been
moved to libosmo-abis.
This patch also modifies openBSC to use all the new definitions
available in libosmocore and libosmo-abis. In order to do that,
we have replaced the following:
- DINP, DMI, DMIB and DMUX by their respective DL* correspondences.
- SS_GLOBAL by SS_L_GLOBAL
- SS_INPUT by SS_L_INPUT
- S_GLOBAL_SHUTDOWN by S_L_GLOBAL_SHUTDOWN
- SS_INPUT by SS_L_INPUT
- S_INP_* by S_L_INP_* sub-signals
- E1INP_NODE by L_E1INP_NODE vty node
This patch has been tested with:
- one nanoBTS
- the HSL femto with the examples available under libosmo-abis
- BS11 with both dahdi and misdn drivers.
This patch modifies openBSC code to use msg->dst which stores the
pointer to the signalling link structure instead of the pointer to
the transceiver structure.
This patch prepares the introduction of libosmo-abis.
It is possible that MNCC sends a MNCC_LCHAN_MODIFY and
wants a channel mode that is not possible on the current
lchan, in that case a new channel is assigned. We now crash
as the osmo-nitb is not having an assignment complete handler,
add a NULL check.
The Nokia metrosite BTS seem to keep the channels open indefinitely.
If osmo-nitb is restarted while one of the channel was still active
and tries to activate that channel again the bts would return a
CHANNEL ACTIVATE NACK with "Radio channel already activated". This
accumulated over the restarts so soon enough no more channels were
available.
This patch sends a release request to the bts so the channel
becomes available again.
The function lchan_alloc only considers lchans to be available if both
the type and state are NONE. So change show lchan to list all lchans
that are not considered available.
This will cause the remote end to read 0 bytes, which is interpreted as
if we cleanly closed the socket, making the remote end close their side
of the socket, which would lead to us closing our side of the socket,
so we should never send such a packet.
The timer callback will simply reset the lchan state to NONE in order
to prevent channels getting stuck in 'activation requested' or
'deactivation requested' states.
During the GSM deployment in the CCC Camp, Daniel Willmann
noticed that the LCR and the MNCC were closing the local
connection over unix sockets communication quite so often.
After some debugging, Peter Stuge noticed that openBSC was
closing the connection since write was returning 0.
Then, I suggested that it could be a malformed message with
zero length. By skipping empty messages, Peter confirmed that
the connection between the LCR and the MNCC was not closing
anymore. However, there was no voice in the calls that went
over MNCC.
After some more debugging I found that we were not building
GSM_TCHF_FRAME over MNCC appropriately in the TRAU multiplexer
code, since we forgot to msgb_put() the message.
Scenario: BTS are configured and working, then the BSC stops working
for some reason (crash or administrative stop).
If the BSC comes back to life, LAPD among other things does not know
about the previous existing TEIs. Instead of ignoring these frames,
we notify the driver that we are seeing frames with unknown TEIs, so
it can try to recover, e.g. by resending the SABM message.
Running the entire bts_nokia_site.c through the 'Lindent' script
to match indent/coding style with remainder of project.
There are still lots of other cleanups pending, but this one is
a purely cosmetic one.
DAHDI creates one device node for every E1 timeslot, starting from '1',
and keeps incrementing that number even for additional ports/cards.
Thus, we have to use the e1inp_line number multiplied by 31 as a base.
The byte ordering is a bit odd: The least significant byte is ahead of
the most significant byte, different from everything else in GSM that
seems to be big-endian.
Thanks to Seungju Kim <admin@manateeshome.com> for repoerting the bug.
This fixes a bug introduced more than one year ago in commit
e38bd6caa3:
The RSL_IE_CHAN_IDENT is a TLV, but the GSM48_IE_CHANDESC_2 contained in
it, is a mere TV type IE with fixed length.
The problem specifically has caused problems on Nokia MetroSite BTS,
which apparently read the TSC out of this Layer3 IE.
The MS Radio Access Capability IE can be _very_ long in some recent
high-end mobile phones, way beyond the old 14-byte limit. We increase
our array to 52 bytes, and make sure not to overflow that buffer.
It was possible to set the LAC=0 on a subscriber that just has
done a LU because it did not respond to a paging request.
E.g. when a phone is rebooting, a SMS being delivered, the phone
is doing the LU, sub_ready_for_sm will try to send a SMS (but the
phone is not ready yet and it will timeout), then the paging code will
send us an expiration note and we might set the LAC=0 for this
subscriber.
Ideally we would be able to stop the paging request once the subscriber
is authenticated and then hand this to the SMS layer, right now the
best thing to do is to detect that we will run into this problem and
not send the SMS, not try to set the LAC=0.
When the BSC is refusing to open an outgoing connection the SCCP
connection was leaked. Use the normal free as the socket should
be either closed or disconnected.
Reset the BTS MO State on BTS bootstrap. This way we will always
test the BTS disconnect/reconnect case of the BTS.
Do not reset the administrative state of objects. The BSC might
have set these and wants to maintain them across disconnect/
reconnect. Right now this is true for the TRX state.
We want to compare the file more_magic[0] and more_magic[1]
with the static more_magic array to see where the difference
is.
src/ipaccess/ipaccess-firmware.c +64 ipaccess_analyze_file(26) warn: buffer overflow 'firmware_header->more_magic' 2 <= 2
src/ipaccess/ipaccess-firmware.c +64 ipaccess_analyze_file(26) warn: buffer overflow 'firmware_header->more_magic' 2 <= 3
* net.location to get/set the geographical location of the network
format is <tstamp>,<lat>,<lon>,<height>
* per trx rf_locked command (net.bts0.trx0.rf_locked)
* network-wide rf_locked command (net.rf_locked)
These commands are installed in controlif_setup. Query them like this:
"rate_ctr.<interval>.<counter group>.<index>.<counter name>" for rate
counters and "counter.<counter name>" for regular counters. <interval>
may be either "abs" for absolute values or one or
"per_{sec,min,hour,day}".
It is possible to query all rate counters in a group (regardless of
index) or all counters in a group and with a certain index if you omit
<counter name> and <index> or just <counter name>.
due to a missing return statement, we ran into the 'reject' case
of bssmap_handle_cipher_mode(). Due to another bug in libosmocore,
the reject message was corrupted (fixed in libosmocore commit
0c83670a595a278b7d1fb7b21b2eacab84d3c031)
GCC 4.6.0 and LD.BFD 2.21 on ARM somehow fail to resolve
the dbi symbols when we have the library in front of the
static libraries, move them to the back.
Without this patch the tlv_def_patch symbol and the
gsm48_construct_ra.
GCC 4.6.0 and LD.BFD 2.21 on ARM somehow fail to resolve
the dbi symbols when we have the library in front of the
static libraries, move them to the back.
The idea that MCC and MNC is enough to classify a subscriber
turns out to be wrong. Certain operatos license a number range
of IMSIs to others. When we see a '^' in the MCC field we treat
it as a regexp. The code now turns the MCC/MNC into a regexp
for the IMSI. It is not using extended POSIX regexp to match
the behavior of the access list.
Separate the code to patch the code and the code to find a
new number based on the old number. This will allow to add
multiple targets for number changing.
Fix make distcheck to uninstall files that were installed
by our custom hook.
This is fixing:
ERROR: files left after uninstall:
./share/doc/openbsc/examples/osmo-bsc_mgcp/mgcp.cfg
./share/doc/openbsc/examples/osmo-nitb/nanobts/openbsc.cfg
./share/doc/openbsc/examples/osmo-nitb/nanobts/openbsc-multitrx.cfg
./share/doc/openbsc/examples/osmo-nitb/bs11/openbsc-1bts-2trx.cfg
./share/doc/openbsc/examples/osmo-nitb/bs11/openbsc.cfg
./share/doc/openbsc/examples/osmo-nitb/bs11/openbsc-1bts-2trx-hopping.cfg
./share/doc/openbsc/examples/osmo-nitb/bs11/openbsc-2bts-2trx.cfg
./share/doc/openbsc/examples/osmo-nitb/rbs2308/openbsc.cfg
This patch fixes a segfault that occured when a ipaccess RSL link gets
closed unexpectedly.
The segfault can be provoked by connecting to the RSL port with ncat and
hitting ^C.
autoconf >=2.68 demands the body of an AC_COMPILE_IFELSE to be wrapped in
an AC_LANG_SOURCE macro, otherwise outputs annoying warnings on the
invocation of `autoreconf -i`. this patch follows that demand.
This should not introduce any functional changes, it just re-arranges
some definitions in the header file, and introduces the ROLE_BSC
define that we enable for the BSC-specific fields.
The daemons set up nanoBTS and HSL femto sockets by default, ie. the
three sockets to support these two drivers are open even if we have
no BTS of that kind.
This patch enables on-demand socket creation, ie. we only enable them
if we have one BTS at least that requires it.
I added two new attributes to the gsm_bts object, they are:
* the start() function includes the code that we need to run to start
the BTS. This new function contains the socket creation in the
particular case of nanoBTS and HSL femto.
* the started boolean, which is used to know if we have already
started the BTS, ie. we have already invoked start().
Note that, I have splitted the bts_model_*_init() function into two
functions, the _init() functions that register the BTS driver
and the _start() functions that start BTS driver on-demand.
While I was at it, I added several changes/cleanups to this patch:
* Group all bts_model_*_init() calls into one function bts_init(),
which is called in the initialization path of osmo-nitb and
osmo-bsc.
* Add openbsc/bss.h that contains the declaration of
bsc_bootstrap_network, bsc_shutdown_net and bts_init.
* Add missing e1inp_init() in osmo-bsc.
* Fix missing declaration of hsl_setup in openbsc/e1_input.h
The error message was missing in case of problems bootstrapping the BTS.
The E1 input driver initialization was displayed in the standard output,
now this error is reported via logs.
With this patch, we don't include e1_input if it's empty
[...]
timeslot 7
phys_chan_config TCH/F
hopping enabled 0
e1_input <----------------- empty, it should not show up.
msc
[...]
Pablo pointed out that my previous commit was rubish. If we have
less than two arguments we want ifname to remain NULL and if we
have a second argument (or more) we want to use that as the interface
name to bind to.
Use the libosmocore code to ignore certain signals by
default (e.g. SIGHUP, SIGPIPE) and use the new code to
create a default stderr logging target and initialize
it properly.
This can be used to throw the data into GNUplot. It collects
the time (from the start of the trace), the buffer data in kbyte
and the number of buffered PDUs. It is assuming that no PDU
is delivered toward the target.
This patch adds several messages that would be displayed if:
* the Ki argument is missing.
* you pass an invalid Ki.
* the database fails to perform the operation (add/delete/update).
Before this patch, no messages were spotted on this errors.
I noticed this while adding Ki to the existing subscribers in the
nanoBTS setup: I introduced a wrong Ki but the VTY command line did
not report any error. A quick look at the database via sqlite
command confirmed that the new authkey information was not added.
Introduce a paging group that a BSC can refer to and is used
during the LAC lookup. This way paging can be flooded through
the network and just filtered at the last element in the core.
The current code tries to find _one_ bsc for a paging message
and then continues. The new code will try to find multiple BSCs
for each LAC. This is done in preparation of having two BSCs
handle the same LAC. This code right now is O(m*n) but it will
be worse once paging groups are landed.
The code to test the function was reduced to just test the lac
lookup code as the other part can not be tested in a standalone
setup anymore.
The code to create the struct gsm_bts is in libcommon right now
and we can not call paging_init from there. Right now it appears
to be the easiest of doing the init internally.
Be able to configure a list of destinations (duplicates allowed)
that will be tried in a round robin fashion. The change is in
the bsc_msc_connection to operate on a list. We achieve the
round robin nature with the same trick used in the paging code
to delete and append the current entry. The nat code was updated
to compile but one can only configure one destination.
For restarting the NAT we can now block it, it will not accept
new connections and for existing connections it will attempt
to drop them over time. A blocked NAT will end up with no BSC
connections left and then can be safely restarted.
In case this is a local USSD connection we will ignore
the clear command and respond with a RLC to any RLSD but
will never forward that to the BSC. This way the external
USSD is fully in charge of the connection.
There are theoretical issues if there are multiple transactions
on the same SCCP Connection but this can not be solved properly
right now.
Keep track of the used transaction identifier and always forward
messages to the USSD provider. E.g. this can be used to have a
dialogue going. Right now it is still possible that the MSC will
close down the connection.
We need to and out the protocol discriminator as call control
might have use transactions. This has only failed for the USSD
filter so far as this must deal with transactions.
With this patch, ipaccess-proxy makes more robust option checking:
$ ./ipaccess-proxy -l 1.1.1.1 -b 2.2.2.2 -e
ERROR: missing mandatory argument for `-e' option
And we return to shell to enforce the user to try again with the
appropriate invocation.
Before this patch, the default getopt_long() error handling was
enabled which displayed this message:
./ipaccess-proxy: option requires an argument -- 'e'
and ipaccess-proxy continued working.
This is generic enough to cover other option that require mandatory
arguments like `--bsc' and `--listen'.
Now ipaccess_idtag_parse() returns -EINVAL instead of -1. We also
check for the return value of this function in every invocation to
skip further processing in case of messages with malformed TLVs.
This idea was suggested by Zecke.
When we have no other MNCC connection but the registeration of the
new fd is failing we should not disable reading from the listen_fd
for ever as the situation might not be permanent.
This patch removes the C99 structure initialization which is not allowed
by the wireshark project (since it has to compile with non-C99 compliant
compilers).
It also adds a new option to enable/disable the dissection of vendor
specific ip.access nanoBTS RSL messages.
Tested with file:
ipaccess-startup-mo_to_mo_call-proxy.pcap
* include/openbsc/ipaccess.h: Reserve a protocol number for control
commands
* input/ipaccess.c: New function ipaccess_prepend_header_ext prepends
the extension header
This patch finishes the new ipaccess_send_*() functions and use them
in the ipaccess-proxy code.
I have also cleanup the definition of the PONG, ID_ACK and ID_REQ
messages (including some minor documentation about them).
I had to rename ipaccess_recvmsg() in ipaccess-proxy to avoid clashing
with the one defined in libabis.
For the USSD module we only want to handle requests that are
legitimate. This is achieved by looking for the CM Service Accept
or the BSSAP CIPHER MODE COMMAND.
This patch extends the make_sock() prototype so you can fully set
the fields priv_nr and data of the bsc_fd structure.
This is the first step to get rid of the internal make_sock()
implementation that ipaccess-proxy uses.
This patch includes a minor cleanup to pass INADDR_ANY instead
of zero, if you do not want to bind the socket to one specific
address.
The VTY code calls the write function for nodes in the order of
registration of the node and not in terms of hierachy of nodes. This
means that the e1_input code is written before the MSC node that
was the child of the network. Make the MSC_NODE a direct descendant
of the CONFIG_NODE and avoid this issue.
In 136f453dd2, I forgot to update
the new header path in the test/bsc-nat files (this happened to
me because I forgot to configured openBSC without --enable-nat).
libosmogsm is a new library that is distributed in the libosmocore.
Now, openbsc depends on it. This patch gets openbsc with this
change.
This patch also rewrites all include path to the new
osmocom/[gsm|core]
Signed-off-by: Pablo Neira Ayuso <pablo@gnumonks.org>
This patch fixes:
CC gb_proxy_main.o
gb_proxy_main.c: In function ‘main’:
gb_proxy_main.c:224: warning: implicit declaration of function ‘logging_vty_add_cmds’
And a similar problem in osmo-bsc_nat.
This was introduced in by myself in patch:
"bsc: change bsc_vty_init to take logging categories as parameter"
Signed-off-by: Pablo Neira Ayuso <pablo@gnumonks.org>
This change is required to finish the integration of the VTY and
the per-application logging categories that provides:
"vty: integration with logging framework"
in libosmocore.
It has been tested with osmo-nitb. The other just compiled tested.
This is the case of osmo-nitb, since it does not call
osmo_bsc_rf_create().
term1: $ ./osmo-nitb -c ../openbsc.cfg.nanobts
term2: $ telnet localhost 4242
term2: OpenBSC> show network
term1: Segmentation fault
This patch applies to the wireshark/0001-abis_oml.patch.
This patch converts the C99 structure initialization which is not
accepted by the wireshark developers (Harald told me that they need
it to compile with non-gcc compilers which don't always support C99).
I have tested it here with four pcap files that Harald passed to me.
... and in order to do this reasonably well, we have to get rid of
the pre-computed message length field in the OML header. Instead,
we now simply compute it at abis_om2k_sendmsg() time based on the
msgb_l2len().
It seems HSL has fixed most of their obvious issues in the SR1.0.1
release. However, this creates quite an incompatibility of the
protocol, and we have to adapt accordingly
The HSL Femtocell seems to be a poor man implementation of the
ip.access Abis/IP protocol, but cutting corners wherever possible.
We try to workaround those corners wherever possible...
The new structure divides the code into a number of libraries
for the BSC core functionality, MSC core functionality, Abis transport,
TRAU and other bits.
This doesn't introduce any functional code change but simply moves
around files and alters Makefile.am accordingly.
Next step would be to disentangle a lot of the inter-library
dependencies and make the individual bits of code more independent.
Introduce a VTY setting that right now needs to be set to
one. To make updating this setting possible we will now store
the number of endpoints in the bsc connection as well.
On a classic BSC we have 32 channels but one is reserved for
signalling. Make sure that we are not assigning 0x1f as we
assume that this is the signalling channel. This means that
from 32 possible voice channels we are only going to use 30
as we are already not using the 0x0.
Allocate the status for an endpoint dynamically. We will support
BSCs with different amount of multiplexes and need to have this
flexibility in the future. Add the proper null checks to the
current users of this code.
Rename the method as we send everything to the MSC and not just
SCCP. Put alink into the function name. Also use msg->data and
msg->len in hexdump as this is what we are sending to the server.
Recent libosmocore introdues a way how log targets can be configured from
the VTY.
This commit makes the 'log filter (imsi|nsvc|bvc)' compatible with it.
This introducecs the new VTY command "neighbor-list mode manual-si5"
in combination with "si5 neighbor-list (add|del) arfcn <0-1024>",
which allows you to (optionally) have neighbor channel lists that
differ in SI5 and in SI2.
So far, all BTS we have interfaced had one OML link per BTS, independent of the
number of TRX. In Ericsson RBS 2000, there is an OML link for the DXU/IXU,
and one additional OML link for each TRX/TRU.
The previous patch introduces new code for the RBS2000 but didn't
actually activate/call it yet.
After this patch, you can see LAPD being established and OM2000 messages
will fall into abis_nm.c (which of course has no clue about them).
bsc_init.c was a big mess even only for two supported BTS models,
so before adding more BTS types, this needs a cleanup.
All the BTS specific code from bsc_init.c has now moved into
bts_{siemens_bs11,ipaccess_nanobts}.c
This has required that input_event() and nm_state_event() get both
converted to proper libosmocore signals instead of referencing external
symbols.
When we copy a msgb, we need to make sure the msgb_cb->bssgp_cell_id
pointer points to data in the new message, not in the old message.
Thanks to Dieter Spaar for spotting this.
As we only have one NS-VC between gb_proxy and SGSN, we cannot
forward a NS-BLOCK from the BSS to the SGSN, as it would affect
all other BSS's, too.
Thus, we check if we have an unblocked PTP-BVC in the NSVC to the BSS,
and then issue a BVC-BLOCK towards the SGSN.
This should prevent any further PDU's from the SGSN to be sent to
this BSS.
We cannot afford static/global state, as we may have multiple E1
lines, each having its own LAPD instance. Furthermore, we might
even have multiple LAPD instances on the same E1 line (think of
a multi-drop setup).
This also implements dynamic TEI allocation, i.e. no hardcoded
TEI list anymore.
This introduces a new 'e1_input' config node with a command to be
used like:
e1_line 0 driver misdn
This allows us to have different input drivers in the future
When the remote subscriber has not responded yet we could
end up with a crash in the MNCC code. It was enough to dial
the number, then hang up and bsc_hack would end up with a
segfault due the list poisining of linux_list.
The paging response should always have a TMSI or IMSI
and we should be able to find the subscriber using that. If
no IMSI/TMSI is present and we would still accept the LU
we would access the uninitialized memory.
The compiler concludes that if (ts->type == type && ts->line && line
can be false as line is NULL and then we unconditionally access
it, make it happy by adding an extra NULL check.
now it correctly names some of the IEs like DSP/FPGA version,
and also automatically marks the UDP streams as RTP depending on
what it has seen in the RSL CONNECT TRAU message.
This parameter indicates how many of the PCH+AGCH blocks are reserved
for the AGCH and thus not used for the PCH. If we set it to 0,
we basically tell the BTS there is no AGCH - and thus it would be
impossible to send any IMMEDIATE ASSIGNMENTs.
Luckily the BS-11 and the nanoBTS don't seem to care.
So far, OpenBSC simply assumed that all BTS's configured in openbsc.cfg are
neighbors of each other. While this is true for small site installations,
it is definitely not true in most real world cases. We now have the
following new commands at the 'configure bts' level:
'neighbor-list mode (auto|manual)' for selecting the mode
'neighbor-list (add|del) arfcn <0-1024>'
for adding/deleting ARFCN in manual mode
Add a short README mentioning the svn version they apply
to, how to rebase them in the future, and what they do.
The renaming is done to add a hint on in which order to
apply them. The abis_oml patch has been updated to some
value_string changes in epan, all patches now add the new
files to the CMakeLists.txt of epan as well.
Instead of using more numbers from the proto range we will
use the 0xee and then have a mini header with our new proto
id in there. For a start rename the use types to _OLD.
The transaction layer was stopping paging requests that might or
might not have been owned by the transaction. This makes the subscr
code get stuck delivering requests. This code is mostly a band aid
and just makes sure that we will kick the queue if it is needed.
Remember if this channel got opened due a paging response and in
that case when we close it down we will call subscr_put_channel
that will try to page the subscriber again. This highlights the
lack of a good subscriber management in the MSC code.
If one paging request is timing out the others will timeout soon
as well. With the current code the next timeout would expire the
next request in the queue. We will now stop all paging requests
and then issue a next paging request. So for both paging success
and failure we will now stop all the other requests.
This is mostly a workaround, one should count on how many
BTSes we are paging and wait for all failures before we remove
the item from the queue.
Kick the queue in case the paging was timing out. No one is going
to call subscr_put_channel for us so we will do it on the subscriber.
There is also another problem with multiple BTS in the LAC and paging
timeout. We will need to remember how many BTSes we have paged.
If we have a RF failure between the paging response and the auth
success we will not inform the subscriber layer of the failed paging
and instead just 'drop' the SMS. In case we have not completed the
auth and close the channel we will now send an auth failure.
The conn might be released during the loop and then conn->bts
is a null pointer and we end up crashing. Store the gsm_network
in a local variable and access this one.
Improve the debugging possibilities and print the failed attempts
and the sms that was attempted to be delivered. this should help
with debugging the code.
The active channel might or might not be gone when the transaction
has been released. Instead of passing an invalid subscriber conn
we will pass the subscr that is ref-counted and guranteed to be
valid at this point. subscr_put_channel could search the connections
for an active connection if that is ever needed.
In contrast to the previous believe we may not have a conn here
as we are still paging for the sub. Instead of printing the BTS
print the lac where we think the subscriber is located.
Follow trans->conn->lchan to the BTS instead of using the BTS that
is guranteed to be NULL in the codepath we have entered here. The
trans->conn should still be there, and the lchan should be valid as
well as we have reordered the clear statements.
When the new_lchan for handover is failing we should stop the
handover operation. This is fixing a crash that we get a timeout
on the lchan and have no conn set to it. Introduce a flag to
the bsc_clear_handover to not free the lchan. In case the ho_lchan
is failing we do not want to call lchan_release as it would
reset the state.
The trau_mux likes to call cc_tx_to_mncc for each received
frame from the E1 link. Using a signal for each audio frame
is messy as well. The best thing I could think of is to put
this into the BSC to deref the pointer. The other option would
be to include the gsm_data.h in the mncc.h header and have
the method as inline.
Instead of creating the sockets in the RSL code we will do this
in the CRCX_ACK, MDCX_ACK, DLCX_IND signal handler of gsm_04_08.
Introduce a handover signal so we can repatch the RTP sockets in
the gsm_04_08 as well.
In case we get a RA UPD REQ on a new cell (both served by the same
SGSN), the LLC stack should not allocate a ne LLE/LLME, as the latter
would reset the V(u)sent / V(u)recv to zero and make the MS discard
our responses.
Instead, whenever the LLC stack sees a foreign TLLI, it should always
convert it to the local TLLI before doing any lookup for a LLE/LLME.
We create a loop by not setting trans->callref = 0 before calling
trans_free(), as the latter would again send a MNCC_REL_IND up
the stack.
Also: Fix memory leak in case we try to read from mncc_sock
but socket is just gone.
This adds mncc_sock_from_cc() as a handler function for CC messages
to be passed to the MNCC interface. If there is no MNCC socket
registered, we immediately release any CC related messages.
Together with flushing all established CC transaction at MNCC socket
close time, this ensures that all resources are released and no
new resources can be established until the MNCC applicaiton has
re-attached.
The MNCC messages now again get directly handled by the net->mncc_recv()
callback. If the callee wants to put them in a queue, it' his business
to do that.
Using this code we will soon be able to use LCR or other MNCC
applications via a unix domain socket.
The code is not actually used yet after this patch.
The reason for this is quite simple: We want to make sure anyone
running a customized version of OpenBSC to operate a network will
have to release all custom modifiations to the source code.
The SS_LCHAN signals now always include the lchan_sig_data. For
the measurement report it will optionally include the measurement
report as well. Attempt to update all handlers of this signal as well
Check the signal and only continue if it is any of the
signals we want to handle. In the case of measurement
reports we would cast some random code to a lchan.
The release might release the lchan we want to send the response
on. Reorder the code to first send the message and then give up
the security operation which might release the lchan.
According to the specs (GSM 04.08 Table 9.9), the only possibility
if neci=1 and this cause is used is "Originating call and TCH/F is
needed"
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
With the old code it was possible that we first saw SMS that
we have already in the queue. In that case we had free slots
available but have not filled them. With his new loop we try
harder to find SMS we can send, it attempts (and should work)
to detect a loop to break the loop before finding SMS to deliver.
Increase the number of SMS we will try to send at a time and
decrease the failures we handle before going to the next item. With
the default timeout we will attempt to page the subscriber for 60
seconds and we can increase the queue speed by going to the next
item faster.
The sms queue will attempt to send one SMS per subscriber
to fill all the available slots. It will handle the case
where paging has not started, timed out or if there was
any kind of other failure. It is also retransmitting SMS
in case of failures.
The SMSqueue will be responsible of sending to the user. It will
do so in a loop and will also try not to overload the BTS. This
means the throughput of SMS will be limited.
This is providing access to the paging result, the sms,
the transaction. This will allow the SMS queue to do
decisions based on the source of the failure.
The signal_data was inconsistent. Sometimes we passed the transaction
and sometimes we passed the sms. Change it to always pass the sms. The
S_SMS_SMMA is a bit special as it does not involve any SMS.
This is creating 1000 subscribers and 30 SMS each. The SMS
itself is badly formatted (not a valid 7bit encoding) but
it should be enough for a stress test.
If a signal handler accesses the database he will still see
the old lac. Make sure he is seeing the new one. Update the
subscriber from the database in case the query failed or other
things have changed.
Start counting the attempts of each paging request and call
the callback with the PAGING_BUSY type when the paging request
timed out but the subscriber was not paged at all. This can
only happen with a huge paging backlog.
In case the system has so many pending paging
Introduce a method that will remove all subscribers that have a
zero use count. This is useful if someone wants to purge subscribers
from memory or wants to disable the everything in RAM feature.
This is implemented by not freeing the subscriber when the
reference count becomes smaller than zero. We hope that this
will save many database accesses during the congres.
As we do not yet use the HLR from the SGSN, we allow all MS to
attach to our GPRS network. However, if this is running in a public
environment, it could cause service interruption to users of commercial
GPRS networks.
Thus, we now check if the first 5 digits of the IMSI match the MCC/MNC
of the cell that they want to register to. Thus, any subscribers with
SIM cards from real operators will no longer be accepted.
LOGL_ERROR will make this message shpw up in everey default log
config. However, as it seems, this is commonly observed in case
a MS still sends a MS STATUS (in respons to the MM INFO) at the
end of a location area update.
It might be best to actually change the channel release procedure
to make sure we can still pass such 'late' data to the MSC until
the time the Layer2 has been completely released.
If a MS changes RA, the RA will arrive in the new cell using the old
TLLI (masked as foreign TLLI). So we need to look-up the TLLI
in a special way, using the old RA as indicated in the 04.08 GMM
message.
There is still another bug remaining: As we somehow create a new LLC,
the sequence numbers of our responses start from 0 again, which is not
what the MS expects. This needs to be fixed in a follow-up patch.
In the GPRS NS protocol stack, the amount of NS/BSSGP headers like MS RADIO
CAPA INFO can be quite long. In order to fit the full user message and
those headers, we have to enlarge the head/tailroom of the msgb allocations.
On a nanoBTS, this command can be used to manually switch a given 'dynamic
pdch/tch' timeslot from one mode into the other.
There are no safeguards that the timeslot is not in use at the given time.
We send a LU Accept with the TMSI as the MI. According to the
spec the phone should store this new TMSI and send a TMSI
REALLOCATION COMPLETE to us. We will release the LU then and this
should trigger the release procedure.
This was introduced by a recent change to gsm_data.h to include
less header files. We really need to access the RSL information
here so it is fine to include the file.
In commit 39e2eadc99 a bug was introduced
that used the 'trans' after trans_free() had already been called.
This became visible now when the openbsc+lcr combination was calling
an unknown/invalid telephone number in a MO call, resulting in
a segfault.
Currently the nanoBTS bootstrap code requires a high delay
otherwise we are not bringing the device up properly. Changing
the init code turns out harder than it seems like. So this is
a workaround for that to allow a high speed RSL/OML connection
after the bringup.
The line driver can have a default TS delay. It is set to the
current default for the nanoBTS and the BS11. For the ipaccess
case we will set the delay lower for the RSL connection and
inside the ipaccess-config we can set it low right away to
have fast firmware flashing and such.
Instead of sending many messages we will queue the OML
messages and wait for the ACK/NACK before sending the
next message from the queue. We tag the msgb to remember
if we need to wait for an ack or not.
We keep the order of all messages, on ACKs and similiar
occassions we will drown the queue until we reach a message
that needs to be acked and then wait for that ack again.
Possible breakage can appear when we send an OML (e.g.
BS11 specific message) msg which does not need to be acked
through the abis_nm_sendmsg call. The fix will be to use
the _direct version of this method.
Re-Enable as it might have fixed something... who knows.
Conflicts:
openbsc/include/openbsc/abis_nm.h
openbsc/include/openbsc/gsm_data.h
openbsc/src/abis_nm.c
openbsc/src/gsm_data.c
Assume that a NACK is a onetime failure and that on the next
attempt it will work better. If that is not the case we might
even send a reboot to the BTS.
Sometimes the operative change for the NSE is getting nacked,
this might be due that we send it before we get the OPSTART ACK
for this object class. Send it from the CELL availability as
a workaround. This init code needs to be changed to make these
dependencies work more reliable.
Forget about the ho_lchan inside the gsm_subscriber_connection
in case of a handover failure, also clear the gsm_subscriber_connection
pointer before the lchan is passed to the lchan_free routine.
Do not use the NULL context for this allocation. It should hang
off the gsm_subscriber_connection but for now at least make it
the child of the BSC so it is showing up in the talloc report.
Can't declare it in gsm_04_08.h tough ... gsm_cbfn is defined in
gsm_data.h and trying to include that in gsm_04_08 just creates a
huge mess.
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
The default values are those where the parameters are encoded
as '0' and they're not output in the config file if that case
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
When switching the RF off we will always go through the grace
period, add a direct off mode to switch it off directly. Make
the query return a 'g' if we are in the process of switching
things over.
Use the ipaccess_drop_oml and ipaccess_drop_rsl functions
instead of closing the socket and hoping this is picked up
somehow. This just leads to some weird hangs. And gdb was
not really helpful to say where it was coming from.
In the future we should avoid using a gsm_subscriber at all
and pass the imsi/tmsi to the paging function directly. For
now we can use the old model for paging and go through the
gsm_subscriber. This has the benefit of load balancing on
the BTS and such.
Sending this as the RTP_PAYLOAD2 will produce a MDCX NACK
as we send the RTP_PAYLOAD in the CRCX. It does not seem to
be necessary to send anything != 0 for the RTP_PAYLOAD2.
Refactor the closing code of the CC timeout to a new function,
also make sure that the SCCP Connection is forced closed before
we destruct the connection for real.
This will change the LAI of a LU accept message to the LAI
used for the on-air network. It will also detect when to
send a welcome ussd to the subscriber.
Set conn to NULL before starting the release procedure, remove
code to check for a lchan->conn as it can not happen. If there
are any memleaks we will notice them.
Detach the lchan->conn from the channel before detaching.
The timedout could come between lchan_release and the
S_CHALLOC_FREED signal. In the future we might want to
use the gsm0808_clear to stop the RLL timeouts and such.
For SAPI=3 on a TCH it might be nice to use the SACH to submit
the message. The api allows to automatically use the SACH if
a message like this is submitted.
The cipher mode reject will be send in case the BSC is not
able to support the requested cipher. So this reject can be
handled by however attempts to enable ciphering.
For certain messages we will need to call other GSM0808 functions. To
keep the bsc_hack working we will try to send this through the normal
messages first and then fallback to dtap if no handler is registered.
The gsm_04_08.c code is not forced to handle the IPA activation
and channel modify ack anymore. This is done transparently by the
BSC API now.
The implementation of bsc_hack would call subscr_con_free before
the BSC API has had the chance to call gsm0808_clear to try to
release other channels. Fix that by adding a return value.
This is used by the paging code of the osmo_bsc. When we get
a paging response there should be an active subscriber with
the TMSI or IMSI and we can stop paging. There is no need to
allocate a new subscriber.
In case of a inflexible network it is better to hardcode
the rtp payload to a given type. E.g. when using AMR5.9 on
a TCH/F and TCH/H having the same payload is helpful. For
now this will be only used by the osmo-bsc.
Use the offsetof/__builtin_offsetof to determine the
offset of a variable inside a structure instead of going
via a NULL pointer and taking the address.
This fixes:
warning: variably modified ‘dummyhalen_offset’ at file scope
Make sure that the MSC endpoint exists on the NAT, otherwise
we end up trying to free this endpoint when the SCCP connection
is taken down and will corrupt our memory. This issue started
to pop up as we have reduced the number of endpoints to 60
to allow transcoding on them.
Do not reset statically allocated local_port. The port
might be different to the calculation of endpoint number
and base port. This might be the case for the coming remote
transcoding.
Send a RLSD down to the BSC in case the USSD Provider is gone. It
is not sending a Clear Command and ut depends if the BS+ will
like this kind of behavior. At least the data on the NAT will
be freed soon afterwards due the RLC message.
We need to simulate OML/RSL failure in an easy and fast way
and adding a command to do so seems like a good way to achieve
this. The command is a bit misplaced, in one way it is no config
and does not belong into the config node but then again it does
not belong into the VIEW_NODE either as it is manipulating content.
On this merge I have changed it to the ENABLE_NODE.
Remove a lot of code in favor of a new function that is freeing
the old string and copying the new one. I should have gotten the
context and the strings right.
Extract the IMSI from the first message as well and safe it
in the connection structure. The problem is that we do not
have this structure at this point, so we will allocate the
imsi as child of the bsc_connection and then move/steal it.
Split the trace based on SCCP Connections, in case an error is
detected, the trace will be stored instead of being deleted and
the full log can be viewed afterwards.
Right now only LU Rejects are recognized, but this can be extended
to other things as well.
Currently it is not is not easily possible to disable
everyone and then only allow certain SIMs. By changing
the order we can do:
access-list imsi-deny only-something ^[0-9]*$
access-list imsi-allow only-something ^123[0-9]*$
and still keep the usecase of only forbidding certain
SIMs on certain LACs. Adjust test case, test that the
other cases are still functional.
Rename NAT_IPAC_PROTO_MGCP to IPAC_PROTO_MGCP and place it in
the enum. We need to be prepared to change this number if IPA
is ever going to use it for something else.
Remove a lot of code in favor of a new function that is freeing
the old string and copying the new one. I should have gotten the
context and the strings right.
OSX does not provide an endian.h, use the other header files that
should define/include what we need. Also check that the byteorder
define is available.
Make it possible that one BSC is serving multiple
cells. Introduce a list of lacs, add functions to
manipulate the lists. The current test cases for
paging by lac continue to work.
This makes sure that someone can call bsc_msc_lost multiple times
even if there is no MSC connection. This makes sense as bsc_msc_lost
is public and be called from client code.
The filter code will return < 0 for error, 0 for unknown
subscriber, 1 for subscriber checked. Use the same if construct
as for the CR message. This should fix passing LU when it
starts with a TMSI of a different network.
Thanks to the person on the ml that pointed this bug. Sorry I
don't remember who (it was a while ago and somehow didn't got
fixed at that time)
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
The transcoder RESET is using the same extensions to reset all
endpoints on a remote site. This makes sure that all allocations
can be made in a properly configured network.
Bind a new port for the transcoder, forward data from the BTS
to the transcoder, and from the transcoder to the network. Leave
BTS-IN where it is, BTS-OUT can now be after the transcoding took
place. We send the data from the BTS RTP port.
This whole route will be guarded by the transcoder_ip and if it is
NULL (current default) it will not go through the transcoder.
The timeslot one is blocked and should not be used, replace the
code with a warning and watch out for it. Tis is most likely due
the uncovered in the previous commit due the wrong TLV definition.
Do not free the GSM Subscriber Connection when a channel is failing
or if a clear is requested, instead just give up _all_ the channels,
reset them to NULL and free the remaining channels.
When we reject the IMSI we do not have the msc_con set on the
SCCP connection, but we do have a remote_ref. So the nat_send_rlsd
will end up with a crash due the msc_con being zero. Fix the
crash by only sending a released to the MSC when the connection
is not local.
Add the code that is forwarding data, from and to the MSC, also
handling ping/pong timers and authentication. Hook it into the
osmo_bsc. The code is only compile tested and ported from the
on-waves/bsc-master branch.
The grace code will decide if a given connection is allowed to
be made or if it is going to be rejected. For active connections
it is going to send a USSD message.
Keep a back pointer to the rf struct inside the connection,
resolve the network through the back pointer. Also assume
that the RF is on. In case we start with RF locked, the policy
is on but we will not see any MS talking to us.
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
