This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
daniel gerrit-no-reply at lists.osmocom.orgdaniel has submitted this change. ( https://gerrit.osmocom.org/c/osmo-gbproxy/+/26374 )
Change subject: gbproxy: Fix crash when FLUSH_LL_ACK does not contain a BVCI IE
......................................................................
gbproxy: Fix crash when FLUSH_LL_ACK does not contain a BVCI IE
The BVCI IE is listed as conditional and is only included if the flush
action indicates that LLC-PDUs are transferred. (3GPP TS 48.018 Ch.
10.4.2).
The code in gbprox_rx_sig_from_bss unconditionally tries to get a BVCI
from a FLUSH_LL message which could result in a segfault if no such IE
is included. Routing towards the SGSN can happen simply based on TLLI (for pooling)
since there is only one signalling BVC towards the SGSN.
Related: OS#5332
Change-Id: I659f9c925bb38b8cf2348b84b976142d8d4693f7
---
M src/gb_proxy.c
1 file changed, 18 insertions(+), 2 deletions(-)
Approvals:
Jenkins Builder: Verified
laforge: Looks good to me, but someone else must approve
fixeria: Looks good to me, but someone else must approve
daniel: Looks good to me, approved
diff --git a/src/gb_proxy.c b/src/gb_proxy.c
index fbb6e79..d6d760f 100644
--- a/src/gb_proxy.c
+++ b/src/gb_proxy.c
@@ -1151,15 +1151,27 @@
rc = gbprox_rx_rim_from_bss(tp, nse, msg, log_pfx, pdut_name);
break;
case BSSGP_PDUT_LLC_DISCARD:
- case BSSGP_PDUT_FLUSH_LL_ACK:
/* route based on BVCI + TLLI */
ptp_bvci = ntohs(tlvp_val16_unal(&tp[0], BSSGP_IE_BVCI));
tlli = osmo_load32be(TLVP_VAL(&tp[0], BSSGP_IE_TLLI));
from_bvc = gbproxy_bvc_by_bvci(nse, ptp_bvci);
if (!from_bvc)
goto err_no_bvc;
- gbprox_bss2sgsn_tlli(from_bvc->cell, msg, &tlli, true);
+ rc = gbprox_bss2sgsn_tlli(from_bvc->cell, msg, &tlli, true);
break;
+ case BSSGP_PDUT_FLUSH_LL_ACK:
+ {
+ /* Route based on TLLI */
+ tlli = osmo_load32be(TLVP_VAL(&tp[0], BSSGP_IE_TLLI));
+ struct gbproxy_sgsn *sgsn = gbproxy_select_sgsn(nse->cfg, &tlli);
+ if (!sgsn) {
+ rc = -EINVAL;
+ break;
+ }
+
+ rc = gbprox_relay2nse(msg, sgsn->nse, 0);
+ break;
+ }
case BSSGP_PDUT_PAGING_PS_REJECT:
case BSSGP_PDUT_DUMMY_PAGING_PS_RESP:
{
@@ -1459,6 +1471,10 @@
rc = osmo_fsm_inst_dispatch(sgsn_bvc->fi, BSSGP_BVCFSM_E_RX_UNBLOCK_ACK, msg);
break;
case BSSGP_PDUT_FLUSH_LL:
+ /* TODO: If new BVCI is on different NSE we should remove the new BVCI so the
+ * message is interpreted as a request to delete the PDUs, not forward them.
+ * If we negotiate Inter-NSE re-routing or LCS-procedures we can also
+ * add the NSEI TLV to trigger re-routing the PDUs */
/* simple case: BVCI IE is mandatory */
bvci = ntohs(tlvp_val16_unal(&tp[0], BSSGP_IE_BVCI));
sgsn_bvc = gbproxy_bvc_by_bvci(nse, bvci);
--
To view, visit https://gerrit.osmocom.org/c/osmo-gbproxy/+/26374
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings
Gerrit-Project: osmo-gbproxy
Gerrit-Branch: master
Gerrit-Change-Id: I659f9c925bb38b8cf2348b84b976142d8d4693f7
Gerrit-Change-Number: 26374
Gerrit-PatchSet: 1
Gerrit-Owner: daniel <dwillmann at sysmocom.de>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: daniel <dwillmann at sysmocom.de>
Gerrit-Reviewer: fixeria <vyanitskiy at sysmocom.de>
Gerrit-Reviewer: laforge <laforge at osmocom.org>
Gerrit-Reviewer: lynxis lazus <lynxis at fe80.eu>
Gerrit-MessageType: merged
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20211126/8d5c8ddf/attachment.htm>