OpenBSC July 2011

openbsc@lists.osmocom.org

22 participants
32 discussions

by Alexander Huemer

Commit 79599ba0eb7a9aeaeb9dfbbf4881f0633724a471 contained a double typo. --- include/osmocom/gsm/tlv.h | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/include/osmocom/gsm/tlv.h b/include/osmocom/gsm/tlv.h index 1e59cca..f659411 100644 --- a/include/osmocom/gsm/tlv.h +++ b/include/osmocom/gsm/tlv.h @@ -236,11 +236,11 @@ struct tlv_def { }; struct tlv_definition { - struct tlv_def def[265]; + struct tlv_def def[256]; }; struct tlv_parsed { - struct tlv_p_entry lv[265]; + struct tlv_p_entry lv[256]; }; extern struct tlv_definition tvlv_att_def; -- 1.7.6

14 years, 1 month

Smatch results on openbsc / static code analysis

by Harald Welte

Hi! I've started to play a bit with Smatch (http://smatch.sourceforge.net/) and fixed a number of bugs in libosmocore. When applying it to openbsc, I get: CC ipaccess.o /home/laforge/projects/git/openbsc/openbsc/src/libabis/input/ipaccess.c +455 ipaccess_drop(28) info: loop could be replaced with if statement. /home/laforge/projects/git/openbsc/openbsc/src/libabis/input/ipaccess.c +451 ipaccess_drop(24) info: ignoring unreachable code. The point herer is: we loop over a list, but we return from the first iteration of the loop. Zecke? CC abis_nm.o /home/laforge/projects/git/openbsc/openbsc/src/libbsc/abis_nm.c +810 sw_load_segment(38) warn: unsigned 'len' is never less than zero. 'len' has to be signed, I fixed that one. CC paging.o /home/laforge/projects/git/openbsc/openbsc/src/libbsc/paging.c +134 can_send_pag_req(25) info: ignoring unreachable code. We have a goto statement in each possible caes (including defualt) above it. So the return 0 will never be hit. That's ok and not a bug. But I think the code is too convoluted this way. I think we should have one function that just returns (sdcch/tch) based on the rsl_type and net->pag_any_tch, and then a second function that has a simple if/else. I'm not against goto - but I think this time it really can be avoided easily. CC bsc_vty.o /home/laforge/projects/git/openbsc/openbsc/src/libbsc/bsc_vty.c +1062 show_e1ts(25) warn: variable dereferenced before check 'line' /home/laforge/projects/git/openbsc/openbsc/src/libbsc/bsc_vty.c +1075 show_e1ts(38) warn: buffer overflow 'line->ts' 32 <= 32 /home/laforge/projects/git/openbsc/openbsc/src/libbsc/bsc_vty.c +1080 show_e1ts(43) error: potential null derefence 'line'. fixed two of them, the third is bogus CC db.o /home/laforge/projects/git/openbsc/openbsc/src/libmsc/db.c +254 db_fini(6) info: redundant null check on db_dirname calling free() /home/laforge/projects/git/openbsc/openbsc/src/libmsc/db.c +256 db_fini(8) info: redundant null check on db_basename calling free() /home/laforge/projects/git/openbsc/openbsc/src/libmsc/db.c +280 db_create_subscriber(20) warn: variable dereferenced before check 'subscr' /home/laforge/projects/git/openbsc/openbsc/src/libmsc/db.c +1062 sms_from_result(36) warn: 256 is more than 255 (max 'sms->user_data_len' can be) so this is always false. fixed the first 3, the last remains as a safeguard CC gsm_04_08.o /home/laforge/projects/git/openbsc/openbsc/src/libmsc/gsm_04_08.c +550 mm_rx_loc_upd_req(46) error: we previously assumed 'conn->loc_operation' could be null. /home/laforge/projects/git/openbsc/openbsc/src/libmsc/gsm_04_08.c +1891 gsm48_cc_rx_setup(68) error: we previously assumed 'trans->subscr' could be null. /home/laforge/projects/git/openbsc/openbsc/src/libmsc/gsm_04_08.c +2193 gsm48_cc_rx_connect(40) error: we previously assumed 'trans->subscr' could be null. The first is bogus, the others need to be investigated CC gsm_04_11.o /home/laforge/projects/git/openbsc/openbsc/src/libmsc/gsm_04_11.c +599 gsm340_rx_tpdu(46) error: sms_alphabet is never equal to 4294967295 (wrong type 0 - 255). I fixed that one! CC ussd.o /home/laforge/projects/git/openbsc/openbsc/src/libmsc/ussd.c +54 handle_rcv_ussd(9) error: req.text[0] is never equal to 255 (wrong type -128 - 127). CC bsc_ussd.o /home/laforge/projects/git/openbsc/openbsc/src/osmo-bsc_nat/bsc_ussd.c +385 bsc_check_ussd(62) error: req.text[0] is never equal to 255 (wrong type -128 - 127). This is due to 'struct ussd_request.text' being 'char', I changed it to uint8_t. CC bs11_config.o /home/laforge/projects/git/openbsc/openbsc/src/utils/bs11_config.c +223 linkstate_name(5) error: buffer overflow 'bs11_link_state' 3 <= 3 /home/laforge/projects/git/openbsc/openbsc/src/utils/bs11_config.c +240 mbccu_load_name(5) error: buffer overflow 'mbccu_load' 6 <= 6 /home/laforge/projects/git/openbsc/openbsc/src/utils/bs11_config.c +905 main(34) info: ignoring unreachable code. fixed. CC ipaccess-firmware.o /home/laforge/projects/git/openbsc/openbsc/src/ipaccess/ipaccess-firmware.c +64 ipaccess_analyze_file(26) warn: buffer overflow 'firmware_header->more_magic' 2 <= 2 /home/laforge/projects/git/openbsc/openbsc/src/ipaccess/ipaccess-firmware.c +64 ipaccess_analyze_file(26) warn: buffer overflow 'firmware_header->more_magic' 2 <= 3 zecke? CC ipaccess-proxy.o /home/laforge/projects/git/openbsc/openbsc/src/ipaccess/ipaccess-proxy.c +173 store_idtags(14) error: buffer overflow 'ipbc->id_tags' 255 <= 255 /home/laforge/projects/git/openbsc/openbsc/src/ipaccess/ipaccess-proxy.c +173 store_idtags(14) error: buffer overflow 'ipbc->id_tags' 255 <= 255 /home/laforge/projects/git/openbsc/openbsc/src/ipaccess/ipaccess-proxy.c +175 store_idtags(16) error: buffer overflow 'ipbc->id_tags' 255 <= 255 /home/laforge/projects/git/openbsc/openbsc/src/ipaccess/ipaccess-proxy.c +178 store_idtags(19) error: buffer overflow 'ipbc->id_tags' 255 <= 255 /home/laforge/projects/git/openbsc/openbsc/src/ipaccess/ipaccess-proxy.c +500 ipaccess_rcvmsg(66) error: buffer overflow 'ipbc->rsl_conn' 4 <= 4 /home/laforge/projects/git/openbsc/openbsc/src/ipaccess/ipaccess-proxy.c +504 ipaccess_rcvmsg(70) error: buffer overflow 'ipbc->bsc_rsl_conn' 4 <= 4 fixed CC gprs_bssgp_util.o /home/laforge/projects/git/openbsc/openbsc/src/libgb/gprs_bssgp_util.c +114 bssgp_tx_status(17) warn: variable dereferenced before check 'orig_msg' fixed. CC gb_proxy_main.o /home/laforge/projects/git/openbsc/openbsc/src/gprs/gb_proxy_main.c +284 main(81) info: ignoring unreachable code. bogus, sa it's jus an exit(0) CC gprs_gmm.o /home/laforge/projects/git/openbsc/openbsc/src/gprs/gprs_gmm.c +757 gsm48_rx_gmm_att_req(133) warn: variable dereferenced before check 'ctx' fixed CC gprs_sndcp.o /home/laforge/projects/git/openbsc/openbsc/src/gprs/gprs_sndcp.c +478 sndcp_unitdata_req(37) info: ignoring unreachable code. comment in the code says it is not reached CC sgsn_main.o /home/laforge/projects/git/openbsc/openbsc/src/gprs/sgsn_main.c +284 main(83) info: ignoring unreachable code. comment in the code says it is not reached CC sgsn_libgtp.o /home/laforge/projects/git/openbsc/openbsc/src/gprs/sgsn_libgtp.c +504 sgsn_rx_sndcp_ud_ind(32) info: ignoring unreachable code. fixed CC bsc_nat.o /home/laforge/projects/git/openbsc/openbsc/src/osmo-bsc_nat/bsc_nat.c +1553 get_next_free_bsc_id(20) info: ignoring unreachable code. zecke? -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

14 years, 1 month

Re: Hardware required to setup an SGSN

by Naveen Kumar

Hi Harald Thanks for the options. I will need to look into it in a bit more detail. Which part of the code base do I need to concentrate on to get the Fr over E1 functionality? Naveen

14 years, 1 month

merge of 'daniel/controlif' branch

by Harald Welte

Hi! After many delays on my side (it kept falling off my TODO list), I have finally merged the daniel/controlif branch earlier today. For those who haven't heard about it so far: It is code that allows us to remotely get and/or set attributes of the BSC. Furthermore, it supports traps (similar to SNMP traps). The idea of it is to allow us to have centralized management of networks with many OpenBSC installations, offering SNMP-like feel but without adding the complexity of SNMP (asn.1, etc.) to OpenBSC itself. We might at some point have an independent gateway process that exports the attributes through real SNMP, but that mostly depensd on whether any production networks have such a requirement or not. The control interface is implemented either stand-alone (for osmo-nitb) or via the regular A and A-bis/IP as an additional ip.access stream identifier. Thanks to Daniel for writing the code, to On-Waves for funding the development and once again my apologies for the delays. btw: I have done a couple of cosmetic clean up commits in addition to Daniels branch, hopefully I didn't break anything while doign that... Regards, Harald -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

14 years, 1 month

THC hacked Vodafone UMTS Femto cell

by Benjamin Hagemann

hello, a friend pointed me to this news: "Hackers crack Vodafone's network, can listen to all calls" http://www.tecca.com/news/2011/07/13/hackers-crack-vodafones-network-can-li… so I jumped to the THC blog: http://thcorg.blogspot.com/2011/07/vodafone-hacked-root-password-published.… and THC wiki with more information about the FemtoMod, protocolls and so on: http://wiki.thc.org/vodafone have fun :) -- regards, benny gpg 0xFC505AB0 jabber benny(a)benny.de sip benny(a)benny.de

14 years, 1 month

Licensing of the wiki

by Harald Welte

Hi all, so far we do not have any statement about the licensing of the content on our wiki. This means the default copyright rules apply: All the content is copyrighted, and nobody has any rgiht to reproduce it at all. I would like to propose an official license for the content in the wiki: Create Commons CC-BY-SA. The alternative would be to go for CC-BY-NC-SA, disallowing commercial use of the content. I'm not certain if NC is really what we want. After all, even somebody using OpenBSC in a commercial environment should be able to make copies of the reference documentation we have available - as long as he will releas the result again (which the SA part already covers). If the major contributors to the wiki would agree to a license, I would update the wiki accordingly. Thanks, Harald -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

14 years, 1 month

NanoBTS reset

by Seungju Kim

Is there any other way to reset a NanoBTS without building a reset dongle? My NanoBTS is acting strangely after a segfault of OpenBSC. I can connect and beacon my network with the BTS but it won't enable data for some reason. It was working fine before. Now it says something like this <000d> input/ipaccess.c:696 accept()ed new OML link from 192.168.1.139 SET ATTR NACK CAUSE=Message cannot be performed <000d> input/ipaccess.c:758 accept()ed new RSL link from 192.168.1.139 The NanoBTS doesn't even make a connection to the SGSN when this happens. Thank you I want to kno if there is a way to reset the nanobts without making the reset dongle? ./ipaccess-config works at the moment.

14 years, 1 month

Hardware required to setup an SGSN

by Naveen Kumar

I am trying to validate some functionality of a BSC that we have. The BSC will be connected via Gb interface(over E1) to an SGSN. What kind of hardware(processor/E1 card) would I need to support the SGSN ? I am mainly interested in testing ns/bssgp functionality. Thanks in advance. Naveen

14 years, 1 month

Re: OpenBSC Digest, Vol 31, Issue 6

by Naveen Kumar

>> Can you provide some details about the BSC? Hans if you mean what brand this is a custom BSC that our company(Hughes) developed for a customer. This BSC is connected to a customer provided SGSN via 2 E1 links. Naveen

14 years, 1 month

[PATCH 0/4] use standalone libtalloc instead of own copy

by pablo＠gnumonks.org

From: Pablo Neira Ayuso <pablo(a)gnumonks.org> Hi! With these patches, libosmocore, libosmo-sccp, openbsc and osmo-tetra does not use anymore our own copy of talloc and they rely on the standalone library that is provided by major distributors. The osmocom-bb part is still missing, my idea is to include a copy of libtalloc in the tree in the shared/ directory via rsync. This patch will follow later since we can still rely on the outdated copy of libosmocore. Please, apply.

14 years, 1 month

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

OpenBSC July 2011