<p>Pau Espin Pedrol has uploaded this change for <strong>review</strong>.</p><p><a href="https://gerrit.osmocom.org/11381">View Change</a></p><pre style="font-family: monospace,monospace; white-space: pre-wrap;">osmux: Improve checks around activating and using enabled osmux<br><br>* Refactor code to have unified checks on all paths activating Osmux.<br>* Improve checkings at activation time and add logging.<br>* Code now enforces endp osmux status to be enabled before processing<br>the frame through endp->osmux.out. Before, a delayed or bad pkt could<br>arrive and be processed by an endp with osmux not enabled, using<br>endp->osmux.out that was not initialized and ended up crashing:<br>libosmo-netif/src/osmux.c:281:3: runtime error: member access within null pointer of type 'struct msgb'<br><br>This could also happen if a BSC started sending or we received (non legacy dummy) osmux<br>frames before we received the BSC CRCX ACK agreeing on osmux negotiation<br>and switching to ACTIVATING state.<br><br>Related: SYS#4350<br><br>Port from openbsc 4a2cc9eb0a0f9424c16b26fcb757483a39d67482.<br>Includes fixup from openbsc I438349bffaa46a10ad8983090a4b17aed7e00d82.<br>Change-Id: Iac11e447ec0d76e4e74ec982a6e3f63b35548978<br>---<br>M src/libosmo-mgcp/mgcp_osmux.c<br>1 file changed, 43 insertions(+), 41 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">git pull ssh://gerrit.osmocom.org:29418/osmo-mgw refs/changes/81/11381/1</pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/src/libosmo-mgcp/mgcp_osmux.c b/src/libosmo-mgcp/mgcp_osmux.c</span><br><span>index 2828d83..ca446ff 100644</span><br><span>--- a/src/libosmo-mgcp/mgcp_osmux.c</span><br><span>+++ b/src/libosmo-mgcp/mgcp_osmux.c</span><br><span>@@ -316,6 +316,34 @@</span><br><span> return msg;</span><br><span> }</span><br><span> </span><br><span style="color: hsl(120, 100%, 40%);">+/* Updates endp osmux state and returns 0 if it can process messages, -1 otherwise */</span><br><span style="color: hsl(120, 100%, 40%);">+static int endp_osmux_state_check(struct mgcp_endpoint *endp, struct mgcp_conn_rtp *conn,</span><br><span style="color: hsl(120, 100%, 40%);">+ bool sending)</span><br><span style="color: hsl(120, 100%, 40%);">+{</span><br><span style="color: hsl(120, 100%, 40%);">+ switch(conn->osmux.state) {</span><br><span style="color: hsl(120, 100%, 40%);">+ case OSMUX_STATE_ACTIVATING:</span><br><span style="color: hsl(120, 100%, 40%);">+ if (osmux_enable_conn(endp, conn, &conn->end.addr, htons(endp->cfg->osmux_port)) < 0) {</span><br><span style="color: hsl(120, 100%, 40%);">+ LOGP(DLMGCP, LOGL_ERROR,</span><br><span style="color: hsl(120, 100%, 40%);">+ "Could not enable osmux for conn:%s\n",</span><br><span style="color: hsl(120, 100%, 40%);">+ mgcp_conn_dump(conn->conn));</span><br><span style="color: hsl(120, 100%, 40%);">+ return -1;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+ LOGP(DLMGCP, LOGL_ERROR,</span><br><span style="color: hsl(120, 100%, 40%);">+ "Osmux CID %u for %s:%u is now enabled\n",</span><br><span style="color: hsl(120, 100%, 40%);">+ conn->osmux.cid, inet_ntoa(conn->end.addr),</span><br><span style="color: hsl(120, 100%, 40%);">+ endp->cfg->osmux_port);</span><br><span style="color: hsl(120, 100%, 40%);">+ return 0;</span><br><span style="color: hsl(120, 100%, 40%);">+ case OSMUX_STATE_ENABLED:</span><br><span style="color: hsl(120, 100%, 40%);">+ return 0;</span><br><span style="color: hsl(120, 100%, 40%);">+ default:</span><br><span style="color: hsl(120, 100%, 40%);">+ LOGP(DLMGCP, LOGL_ERROR,</span><br><span style="color: hsl(120, 100%, 40%);">+ "Osmux %s in conn %s without full negotiation, state %d\n",</span><br><span style="color: hsl(120, 100%, 40%);">+ sending ? "sent" : "received",</span><br><span style="color: hsl(120, 100%, 40%);">+ mgcp_conn_dump(conn->conn), conn->osmux.state);</span><br><span style="color: hsl(120, 100%, 40%);">+ return -1;</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span style="color: hsl(120, 100%, 40%);">+}</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> static int osmux_legacy_dummy_parse_cid(struct sockaddr_in *addr, struct msgb *msg,</span><br><span> uint8_t *osmux_cid)</span><br><span> {</span><br><span>@@ -374,11 +402,12 @@</span><br><span> osmuxh->circuit_id);</span><br><span> goto out;</span><br><span> }</span><br><span style="color: hsl(0, 100%, 40%);">- conn_bts->osmux.stats.octets += osmux_chunk_length(msg, rem);</span><br><span style="color: hsl(0, 100%, 40%);">- conn_bts->osmux.stats.chunks++;</span><br><span style="color: hsl(120, 100%, 40%);">+ if (endp_osmux_state_check(endp, conn_bts, false) == 0) {</span><br><span style="color: hsl(120, 100%, 40%);">+ conn_bts->osmux.stats.octets += osmux_chunk_length(msg, rem);</span><br><span style="color: hsl(120, 100%, 40%);">+ conn_bts->osmux.stats.chunks++;</span><br><span style="color: hsl(120, 100%, 40%);">+ osmux_xfrm_output_sched(&conn_bts->osmux.out, osmuxh);</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span> rem = msg->len;</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- osmux_xfrm_output_sched(&conn_bts->osmux.out, osmuxh);</span><br><span> }</span><br><span> out:</span><br><span> msgb_free(msg);</span><br><span>@@ -408,19 +437,8 @@</span><br><span> if (!conn)</span><br><span> goto out;</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- if (conn->osmux.state == OSMUX_STATE_ENABLED)</span><br><span style="color: hsl(0, 100%, 40%);">- goto out;</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- if (osmux_enable_conn(endp, conn, &addr->sin_addr, addr->sin_port) < 0 ) {</span><br><span style="color: hsl(0, 100%, 40%);">- LOGP(DLMGCP, LOGL_ERROR,</span><br><span style="color: hsl(0, 100%, 40%);">- "Could not enable osmux in endpoint 0x%x\n",</span><br><span style="color: hsl(0, 100%, 40%);">- ENDPOINT_NUMBER(endp));</span><br><span style="color: hsl(0, 100%, 40%);">- goto out;</span><br><span style="color: hsl(0, 100%, 40%);">- }</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- LOGP(DLMGCP, LOGL_INFO, "Enabling osmux in endpoint 0x%x for %s:%u\n",</span><br><span style="color: hsl(0, 100%, 40%);">- ENDPOINT_NUMBER(endp), inet_ntoa(addr->sin_addr),</span><br><span style="color: hsl(0, 100%, 40%);">- ntohs(addr->sin_port));</span><br><span style="color: hsl(120, 100%, 40%);">+ endp_osmux_state_check(endp, conn, false);</span><br><span style="color: hsl(120, 100%, 40%);">+ /* Only needed to punch hole in firewall, it can be dropped */</span><br><span> out:</span><br><span> msgb_free(msg);</span><br><span> return 0;</span><br><span>@@ -468,11 +486,12 @@</span><br><span> osmuxh->circuit_id);</span><br><span> goto out;</span><br><span> }</span><br><span style="color: hsl(0, 100%, 40%);">- conn_net->osmux.stats.octets += osmux_chunk_length(msg, rem);</span><br><span style="color: hsl(0, 100%, 40%);">- conn_net->osmux.stats.chunks++;</span><br><span style="color: hsl(120, 100%, 40%);">+ if (endp_osmux_state_check(endp, conn_net, false) == 0) {</span><br><span style="color: hsl(120, 100%, 40%);">+ conn_net->osmux.stats.octets += osmux_chunk_length(msg, rem);</span><br><span style="color: hsl(120, 100%, 40%);">+ conn_net->osmux.stats.chunks++;</span><br><span style="color: hsl(120, 100%, 40%);">+ osmux_xfrm_output_sched(&conn_net->osmux.out, osmuxh);</span><br><span style="color: hsl(120, 100%, 40%);">+ }</span><br><span> rem = msg->len;</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- osmux_xfrm_output_sched(&conn_net->osmux.out, osmuxh);</span><br><span> }</span><br><span> out:</span><br><span> msgb_free(msg);</span><br><span>@@ -647,26 +666,9 @@</span><br><span> if (memcmp(&conn->end.addr, &addr_unset, sizeof(addr_unset)) == 0)</span><br><span> return 0;</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- if (conn->osmux.state == OSMUX_STATE_ACTIVATING) {</span><br><span style="color: hsl(0, 100%, 40%);">- if (osmux_enable_conn(endp, conn, &conn->end.addr,</span><br><span style="color: hsl(0, 100%, 40%);">- htons(endp->cfg->osmux_port)) < 0) {</span><br><span style="color: hsl(0, 100%, 40%);">- LOGP(DLMGCP, LOGL_ERROR,</span><br><span style="color: hsl(0, 100%, 40%);">- "Could not activate osmux for conn:%s\n",</span><br><span style="color: hsl(0, 100%, 40%);">- mgcp_conn_dump(conn->conn));</span><br><span style="color: hsl(0, 100%, 40%);">- return 0;</span><br><span style="color: hsl(0, 100%, 40%);">- }</span><br><span style="color: hsl(0, 100%, 40%);">- LOGP(DLMGCP, LOGL_ERROR,</span><br><span style="color: hsl(0, 100%, 40%);">- "Osmux CID %u for %s:%u is now enabled\n",</span><br><span style="color: hsl(0, 100%, 40%);">- conn->osmux.cid, inet_ntoa(conn->end.addr),</span><br><span style="color: hsl(0, 100%, 40%);">- endp->cfg->osmux_port);</span><br><span style="color: hsl(0, 100%, 40%);">- }</span><br><span style="color: hsl(0, 100%, 40%);">- if(conn->osmux.state != OSMUX_STATE_ENABLED) {</span><br><span style="color: hsl(0, 100%, 40%);">- LOGP(DLMGCP, LOGL_ERROR,</span><br><span style="color: hsl(0, 100%, 40%);">- "OSMUX dummy to %s CID %u: Osmux not enabled on endpoint 0x%x state %d\n",</span><br><span style="color: hsl(0, 100%, 40%);">- inet_ntoa(conn->end.addr), conn->osmux.cid,</span><br><span style="color: hsl(0, 100%, 40%);">- ENDPOINT_NUMBER(endp), conn->osmux.state);</span><br><span style="color: hsl(0, 100%, 40%);">- return 0;</span><br><span style="color: hsl(0, 100%, 40%);">- }</span><br><span style="color: hsl(120, 100%, 40%);">+ if (endp_osmux_state_check(endp, conn, true) < 0)</span><br><span style="color: hsl(120, 100%, 40%);">+ return 0;</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> LOGP(DLMGCP, LOGL_DEBUG,</span><br><span> "sending OSMUX dummy load to %s CID %u\n",</span><br><span> inet_ntoa(conn->end.addr), conn->osmux.cid);</span><br><span></span><br></pre><p>To view, visit <a href="https://gerrit.osmocom.org/11381">change 11381</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://gerrit.osmocom.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.osmocom.org/11381"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: osmo-mgw </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-MessageType: newchange </div>
<div style="display:none"> Gerrit-Change-Id: Iac11e447ec0d76e4e74ec982a6e3f63b35548978 </div>
<div style="display:none"> Gerrit-Change-Number: 11381 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: Pau Espin Pedrol <pespin@sysmocom.de> </div>