OpenBSC July 2011

openbsc@lists.osmocom.org

22 participants
33 discussions

Different protocols
by Seungju Kim 17 Jul '11

17 Jul '11

I see that pretty much every vendor in GSM industry uses their own dialect in their core network products, I wonder why. What do they achieve from it while killing compatibility with other products from other companies?

4 6

[PATCH] gsm 04.80: fix typo 265->256
by Alexander Huemer 16 Jul '11

16 Jul '11

Commit 79599ba0eb7a9aeaeb9dfbbf4881f0633724a471 contained a double typo. --- include/osmocom/gsm/tlv.h | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/include/osmocom/gsm/tlv.h b/include/osmocom/gsm/tlv.h index 1e59cca..f659411 100644 --- a/include/osmocom/gsm/tlv.h +++ b/include/osmocom/gsm/tlv.h @@ -236,11 +236,11 @@ struct tlv_def { }; struct tlv_definition { - struct tlv_def def[265]; + struct tlv_def def[256]; }; struct tlv_parsed { - struct tlv_p_entry lv[265]; + struct tlv_p_entry lv[256]; }; extern struct tlv_definition tvlv_att_def; -- 1.7.6

2 1

Smatch results on openbsc / static code analysis
by Harald Welte 16 Jul '11

16 Jul '11

Hi! I've started to play a bit with Smatch (http://smatch.sourceforge.net/) and fixed a number of bugs in libosmocore. When applying it to openbsc, I get: CC ipaccess.o /home/laforge/projects/git/openbsc/openbsc/src/libabis/input/ipaccess.c +455 ipaccess_drop(28) info: loop could be replaced with if statement. /home/laforge/projects/git/openbsc/openbsc/src/libabis/input/ipaccess.c +451 ipaccess_drop(24) info: ignoring unreachable code. The point herer is: we loop over a list, but we return from the first iteration of the loop. Zecke? CC abis_nm.o /home/laforge/projects/git/openbsc/openbsc/src/libbsc/abis_nm.c +810 sw_load_segment(38) warn: unsigned 'len' is never less than zero. 'len' has to be signed, I fixed that one. CC paging.o /home/laforge/projects/git/openbsc/openbsc/src/libbsc/paging.c +134 can_send_pag_req(25) info: ignoring unreachable code. We have a goto statement in each possible caes (including defualt) above it. So the return 0 will never be hit. That's ok and not a bug. But I think the code is too convoluted this way. I think we should have one function that just returns (sdcch/tch) based on the rsl_type and net->pag_any_tch, and then a second function that has a simple if/else. I'm not against goto - but I think this time it really can be avoided easily. CC bsc_vty.o /home/laforge/projects/git/openbsc/openbsc/src/libbsc/bsc_vty.c +1062 show_e1ts(25) warn: variable dereferenced before check 'line' /home/laforge/projects/git/openbsc/openbsc/src/libbsc/bsc_vty.c +1075 show_e1ts(38) warn: buffer overflow 'line->ts' 32 <= 32 /home/laforge/projects/git/openbsc/openbsc/src/libbsc/bsc_vty.c +1080 show_e1ts(43) error: potential null derefence 'line'. fixed two of them, the third is bogus CC db.o /home/laforge/projects/git/openbsc/openbsc/src/libmsc/db.c +254 db_fini(6) info: redundant null check on db_dirname calling free() /home/laforge/projects/git/openbsc/openbsc/src/libmsc/db.c +256 db_fini(8) info: redundant null check on db_basename calling free() /home/laforge/projects/git/openbsc/openbsc/src/libmsc/db.c +280 db_create_subscriber(20) warn: variable dereferenced before check 'subscr' /home/laforge/projects/git/openbsc/openbsc/src/libmsc/db.c +1062 sms_from_result(36) warn: 256 is more than 255 (max 'sms->user_data_len' can be) so this is always false. fixed the first 3, the last remains as a safeguard CC gsm_04_08.o /home/laforge/projects/git/openbsc/openbsc/src/libmsc/gsm_04_08.c +550 mm_rx_loc_upd_req(46) error: we previously assumed 'conn->loc_operation' could be null. /home/laforge/projects/git/openbsc/openbsc/src/libmsc/gsm_04_08.c +1891 gsm48_cc_rx_setup(68) error: we previously assumed 'trans->subscr' could be null. /home/laforge/projects/git/openbsc/openbsc/src/libmsc/gsm_04_08.c +2193 gsm48_cc_rx_connect(40) error: we previously assumed 'trans->subscr' could be null. The first is bogus, the others need to be investigated CC gsm_04_11.o /home/laforge/projects/git/openbsc/openbsc/src/libmsc/gsm_04_11.c +599 gsm340_rx_tpdu(46) error: sms_alphabet is never equal to 4294967295 (wrong type 0 - 255). I fixed that one! CC ussd.o /home/laforge/projects/git/openbsc/openbsc/src/libmsc/ussd.c +54 handle_rcv_ussd(9) error: req.text[0] is never equal to 255 (wrong type -128 - 127). CC bsc_ussd.o /home/laforge/projects/git/openbsc/openbsc/src/osmo-bsc_nat/bsc_ussd.c +385 bsc_check_ussd(62) error: req.text[0] is never equal to 255 (wrong type -128 - 127). This is due to 'struct ussd_request.text' being 'char', I changed it to uint8_t. CC bs11_config.o /home/laforge/projects/git/openbsc/openbsc/src/utils/bs11_config.c +223 linkstate_name(5) error: buffer overflow 'bs11_link_state' 3 <= 3 /home/laforge/projects/git/openbsc/openbsc/src/utils/bs11_config.c +240 mbccu_load_name(5) error: buffer overflow 'mbccu_load' 6 <= 6 /home/laforge/projects/git/openbsc/openbsc/src/utils/bs11_config.c +905 main(34) info: ignoring unreachable code. fixed. CC ipaccess-firmware.o /home/laforge/projects/git/openbsc/openbsc/src/ipaccess/ipaccess-firmware.c +64 ipaccess_analyze_file(26) warn: buffer overflow 'firmware_header->more_magic' 2 <= 2 /home/laforge/projects/git/openbsc/openbsc/src/ipaccess/ipaccess-firmware.c +64 ipaccess_analyze_file(26) warn: buffer overflow 'firmware_header->more_magic' 2 <= 3 zecke? CC ipaccess-proxy.o /home/laforge/projects/git/openbsc/openbsc/src/ipaccess/ipaccess-proxy.c +173 store_idtags(14) error: buffer overflow 'ipbc->id_tags' 255 <= 255 /home/laforge/projects/git/openbsc/openbsc/src/ipaccess/ipaccess-proxy.c +173 store_idtags(14) error: buffer overflow 'ipbc->id_tags' 255 <= 255 /home/laforge/projects/git/openbsc/openbsc/src/ipaccess/ipaccess-proxy.c +175 store_idtags(16) error: buffer overflow 'ipbc->id_tags' 255 <= 255 /home/laforge/projects/git/openbsc/openbsc/src/ipaccess/ipaccess-proxy.c +178 store_idtags(19) error: buffer overflow 'ipbc->id_tags' 255 <= 255 /home/laforge/projects/git/openbsc/openbsc/src/ipaccess/ipaccess-proxy.c +500 ipaccess_rcvmsg(66) error: buffer overflow 'ipbc->rsl_conn' 4 <= 4 /home/laforge/projects/git/openbsc/openbsc/src/ipaccess/ipaccess-proxy.c +504 ipaccess_rcvmsg(70) error: buffer overflow 'ipbc->bsc_rsl_conn' 4 <= 4 fixed CC gprs_bssgp_util.o /home/laforge/projects/git/openbsc/openbsc/src/libgb/gprs_bssgp_util.c +114 bssgp_tx_status(17) warn: variable dereferenced before check 'orig_msg' fixed. CC gb_proxy_main.o /home/laforge/projects/git/openbsc/openbsc/src/gprs/gb_proxy_main.c +284 main(81) info: ignoring unreachable code. bogus, sa it's jus an exit(0) CC gprs_gmm.o /home/laforge/projects/git/openbsc/openbsc/src/gprs/gprs_gmm.c +757 gsm48_rx_gmm_att_req(133) warn: variable dereferenced before check 'ctx' fixed CC gprs_sndcp.o /home/laforge/projects/git/openbsc/openbsc/src/gprs/gprs_sndcp.c +478 sndcp_unitdata_req(37) info: ignoring unreachable code. comment in the code says it is not reached CC sgsn_main.o /home/laforge/projects/git/openbsc/openbsc/src/gprs/sgsn_main.c +284 main(83) info: ignoring unreachable code. comment in the code says it is not reached CC sgsn_libgtp.o /home/laforge/projects/git/openbsc/openbsc/src/gprs/sgsn_libgtp.c +504 sgsn_rx_sndcp_ud_ind(32) info: ignoring unreachable code. fixed CC bsc_nat.o /home/laforge/projects/git/openbsc/openbsc/src/osmo-bsc_nat/bsc_nat.c +1553 get_next_free_bsc_id(20) info: ignoring unreachable code. zecke? -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

2 1

Re: Hardware required to setup an SGSN
by Naveen Kumar 15 Jul '11

15 Jul '11

Hi Harald Thanks for the options. I will need to look into it in a bit more detail. Which part of the code base do I need to concentrate on to get the Fr over E1 functionality? Naveen

2 2

merge of 'daniel/controlif' branch
by Harald Welte 14 Jul '11

14 Jul '11

Hi! After many delays on my side (it kept falling off my TODO list), I have finally merged the daniel/controlif branch earlier today. For those who haven't heard about it so far: It is code that allows us to remotely get and/or set attributes of the BSC. Furthermore, it supports traps (similar to SNMP traps). The idea of it is to allow us to have centralized management of networks with many OpenBSC installations, offering SNMP-like feel but without adding the complexity of SNMP (asn.1, etc.) to OpenBSC itself. We might at some point have an independent gateway process that exports the attributes through real SNMP, but that mostly depensd on whether any production networks have such a requirement or not. The control interface is implemented either stand-alone (for osmo-nitb) or via the regular A and A-bis/IP as an additional ip.access stream identifier. Thanks to Daniel for writing the code, to On-Waves for funding the development and once again my apologies for the delays. btw: I have done a couple of cosmetic clean up commits in addition to Daniels branch, hopefully I didn't break anything while doign that... Regards, Harald -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

2 1

THC hacked Vodafone UMTS Femto cell
by Benjamin Hagemann 14 Jul '11

14 Jul '11

hello, a friend pointed me to this news: "Hackers crack Vodafone's network, can listen to all calls" http://www.tecca.com/news/2011/07/13/hackers-crack-vodafones-network-can-li… so I jumped to the THC blog: http://thcorg.blogspot.com/2011/07/vodafone-hacked-root-password-published.… and THC wiki with more information about the FemtoMod, protocolls and so on: http://wiki.thc.org/vodafone have fun :) -- regards, benny gpg 0xFC505AB0 jabber benny(a)benny.de sip benny(a)benny.de

2 1

Licensing of the wiki
by Harald Welte 13 Jul '11

13 Jul '11

Hi all, so far we do not have any statement about the licensing of the content on our wiki. This means the default copyright rules apply: All the content is copyrighted, and nobody has any rgiht to reproduce it at all. I would like to propose an official license for the content in the wiki: Create Commons CC-BY-SA. The alternative would be to go for CC-BY-NC-SA, disallowing commercial use of the content. I'm not certain if NC is really what we want. After all, even somebody using OpenBSC in a commercial environment should be able to make copies of the reference documentation we have available - as long as he will releas the result again (which the SA part already covers). If the major contributors to the wiki would agree to a license, I would update the wiki accordingly. Thanks, Harald -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

3 3

NanoBTS reset
by Seungju Kim 12 Jul '11

12 Jul '11

Is there any other way to reset a NanoBTS without building a reset dongle? My NanoBTS is acting strangely after a segfault of OpenBSC. I can connect and beacon my network with the BTS but it won't enable data for some reason. It was working fine before. Now it says something like this <000d> input/ipaccess.c:696 accept()ed new OML link from 192.168.1.139 SET ATTR NACK CAUSE=Message cannot be performed <000d> input/ipaccess.c:758 accept()ed new RSL link from 192.168.1.139 The NanoBTS doesn't even make a connection to the SGSN when this happens. Thank you I want to kno if there is a way to reset the nanobts without making the reset dongle? ./ipaccess-config works at the moment.

3 2

Hardware required to setup an SGSN
by Naveen Kumar 11 Jul '11

11 Jul '11

I am trying to validate some functionality of a BSC that we have. The BSC will be connected via Gb interface(over E1) to an SGSN. What kind of hardware(processor/E1 card) would I need to support the SGSN ? I am mainly interested in testing ns/bssgp functionality. Thanks in advance. Naveen

3 2

Re: OpenBSC Digest, Vol 31, Issue 6
by Naveen Kumar 11 Jul '11

11 Jul '11

>> Can you provide some details about the BSC? Hans if you mean what brand this is a custom BSC that our company(Hughes) developed for a customer. This BSC is connected to a customer provided SGSN via 2 E1 links. Naveen

2 1

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

OpenBSC July 2011