pespin has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-bsc/+/31798 )
Change subject: get_bsc_conn_by_conn_id(): Properly match sccp_instance ......................................................................
get_bsc_conn_by_conn_id(): Properly match sccp_instance
Function bsc_sccp_inst_next_conn_id() allocating conn_id creates address spaces based on sccp_instance, aka conn_id values can be reused given the sccp_instance (MSC) is different.
Hence, when looking up a bsc_conn based on a conn_id, it must also match the sccp_instance, otherwise a bsc_conn from another MSC could be returned.
Change-Id: I80a54bdec3973917e88483a62bfc2e968b8c0490 --- M src/osmo-bsc/osmo_bsc_sigtran.c 1 file changed, 28 insertions(+), 7 deletions(-)
git pull ssh://gerrit.osmocom.org:29418/osmo-bsc refs/changes/98/31798/1
diff --git a/src/osmo-bsc/osmo_bsc_sigtran.c b/src/osmo-bsc/osmo_bsc_sigtran.c index d765675..fc5a5fe 100644 --- a/src/osmo-bsc/osmo_bsc_sigtran.c +++ b/src/osmo-bsc/osmo_bsc_sigtran.c @@ -46,14 +46,18 @@ #define DEFAULT_ASP_REMOTE_IP "localhost"
/* Helper function to Check if the given connection id is already assigned */ -static struct gsm_subscriber_connection *get_bsc_conn_by_conn_id(uint32_t conn_id) +static struct gsm_subscriber_connection *get_bsc_conn_by_conn_id(struct osmo_sccp_user *scu, uint32_t conn_id) { conn_id &= 0x00FFFFFF; struct gsm_subscriber_connection *conn; + struct osmo_sccp_instance *sccp = osmo_sccp_get_sccp(scu);
llist_for_each_entry(conn, &bsc_gsmnet->subscr_conns, entry) { - if (conn->sccp.conn_id == conn_id) - return conn; + if (conn->sccp.msc && conn->sccp.msc->a.sccp != sccp) + continue; + if (conn->sccp.conn_id != conn_id) + continue; + return conn; }
return NULL; @@ -167,7 +171,7 @@ struct gsm_subscriber_connection *conn; int rc = 0;
- conn = get_bsc_conn_by_conn_id(scu_prim->u.connect.conn_id); + conn = get_bsc_conn_by_conn_id(scu, scu_prim->u.connect.conn_id); if (conn) { LOGP(DMSC, LOGL_NOTICE, "(calling_addr=%s conn_id=%u) N-CONNECT.ind with already used conn_id, ignoring\n", @@ -231,7 +235,7 @@ /* Handle outbound connection confirmation */ DEBUGP(DMSC, "N-CONNECT.cnf(%u, %s)\n", scu_prim->u.connect.conn_id, osmo_hexdump(msgb_l2(oph->msg), msgb_l2len(oph->msg))); - conn = get_bsc_conn_by_conn_id(scu_prim->u.connect.conn_id); + conn = get_bsc_conn_by_conn_id(scu, scu_prim->u.connect.conn_id); if (conn) { osmo_fsm_inst_dispatch(conn->fi, GSCON_EV_A_CONN_CFM, scu_prim); conn->sccp.state = SUBSCR_SCCP_ST_CONNECTED; @@ -250,7 +254,7 @@ osmo_hexdump(msgb_l2(oph->msg), msgb_l2len(oph->msg)));
/* Incoming data is a sign of a vital connection */ - conn = get_bsc_conn_by_conn_id(scu_prim->u.data.conn_id); + conn = get_bsc_conn_by_conn_id(scu, scu_prim->u.data.conn_id); if (conn) { a_reset_conn_success(conn->sccp.msc); handle_data_from_msc(conn, oph->msg); @@ -262,7 +266,7 @@ osmo_hexdump(msgb_l2(oph->msg), msgb_l2len(oph->msg)), scu_prim->u.disconnect.cause); /* indication of disconnect */ - conn = get_bsc_conn_by_conn_id(scu_prim->u.disconnect.conn_id); + conn = get_bsc_conn_by_conn_id(scu, scu_prim->u.disconnect.conn_id); if (conn) { conn->sccp.state = SUBSCR_SCCP_ST_NONE; if (msgb_l2len(oph->msg) > 0)
-
pespin