This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/OpenBSC@lists.osmocom.org/.
Harald Welte laforge at gnumonks.orgHi jolly,
I'm seeing some strange behavior on the BTS side LAPDm code:
When we get a SABM on SAPI=3 from the phone, this gets translated into
an RSL_RLL_EST_IND. However, as there commonly is no l3 payload in a
SAPI=3 SABM, the L3_INFO IE should not be present in that message.
Instead of a RLL_EST_IND without L3_INFO IE, we get a L3_INFO IE that
consists only of 1 byte tag and 2 byte length, but not payload. The
Length value seems non-deterministic, i.e. like uninitialized memory.
I've tried to resolve this, and I suspect it is somehow related to the
DUMMY msgb that the lapd code allocates (why is it doing that?) in
send_dl_simple().
The code path should be:
lapd_rx_u()
if (length == 0) send_dl_simple()
send_rslms_dlsap()
here we check for (!dp->oph.msg), but since there is a dummy msgb,
we probably run into the send_rslms_rll_l3() case instead of
send_rll_simple().
What do you think is the best way to resolve this?
Thanks,
Harald
--
- Harald Welte <laforge at gnumonks.org> http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)