OpenBSC June 2014

openbsc@lists.osmocom.org

17 participants
29 discussions

osmo-nitb: %This BTS does not support TSC!=BCC

by Erich Dachleger

Hi all, I have followed the the guide in network_from_scratch and use 1 osmocom phone as transceiver. I use the suggested configs for open-bsc.cfg and osmo-bts.cfg and can register to the network I run. However in the output from osmo--nitb ,in the start I get a message about the training sequence: ________________________________________________ % This BTS does not support a TSC!=BCC, Falling back to BCC and after the DB: Database initialized messages DB: Database prepared ---------------------------------- -------------------------------- <0005>bsc.init.c:265 bootstrapping RSL for BTS/TRX(0/0) on ARFCN 533 using MCC=1 MNC=1 LAC=1 CID=0 BSIC=63 TSC 7 ------------------------------------------ <0002> gsm.subscriber.c: 378 Subscriber <imsi> ATTACHED LAC=1 ----------------------------------------------------------------------------------------------------- I have entered hlr.sqlite and assigned an extension to my imsi but when I enter the VTY and execute enable subscriber imsi <imsi> sms send test123 I get: %Unknown command So it appears smsqueue is not enabled. Does anyone know what to look for to enable it? I have tried the vty commands trigger smsqueue but to no avail.. According to the network from scratch wiki sms (and broadcast) should function with one phone where TS0 is served ------------------------------------------------------------------- osmo-bts-trx outputs lines of <0006> scheduler.c 338 ---- chan=SDCC/4(0) --- chan=SACC/4(0) ----- chan=BCCH(0) ---------------------------------------------------------------------------------------------------------- When the firmware is loaded onto the phone I get time on arrival and signal to noise ratio messages: TOA=4 snr=16384 (Thres 2560) freq_err=40 pm=-70 -------------------------------------------------------- So that is grossly exceeding the threshold value. But is that related to not being able to use smsqueue? Regards Erich

11 years, 2 months

trau_decode_fr memory corruption. Fix requested

by Holger Hans Peter Freyther

Dear Andreas, Harald, I don't really know much about the bit order of TRAU frames but the trau_test.c is causing an out of bounds access to the gsm_fr_map. Re-produce (GCC >= 3.8 or clang >= 3.2 required): $ make clean && make CFLAGS+="-ggdb3 -Og -fsanitize=address" $ cd tests/trau $ ./trau_test Issue: Breakpoint 1, 0xb69e7810 in __asan_report_error () from /usr/lib/i386-linux-gnu/libasan.so.0 (gdb) bt #0 0xb69e7810 in __asan_report_error () from /usr/lib/i386-linux-gnu/libasan.so.0 #1 0xb69e08cf in __asan_report_load1 () from /usr/lib/i386-linux-gnu/libasan.so.0 #2 0x0804c4e7 in trau_encode_fr (tf=tf@entry=0xbffff530, data=data@entry=0xbffff700 <incomplete sequence \320>) at trau_mux.c:441 #3 0x08048e06 in test_trau_fr_efr (data=<optimized out>, data@entry=0xbffff700 <incomplete sequence \320>) at trau_test.c:35 #4 0x080494bf in main () at trau_test.c:70 (gdb) frame2 Undefined command: "frame2". Try "help". (gdb) frame 2 #2 0x0804c4e7 in trau_encode_fr (tf=tf@entry=0xbffff530, data=data@entry=0xbffff700 <incomplete sequence \320>) at trau_mux.c:441 441 k = gsm_fr_map[++l]-1; (gdb) p l $1 = 76 (gdb) p l $2 = 76 (gdb) p sizeof(gsm_fr_map) $3 = 76 Please fix as soon as possible as I would like to enable ASAN checking on the jenkins as soon as possible. kind regards holger

11 years, 2 months

[PATCH 1/2] trau_mux.c: Prevent out-of-bounds read in trau_encode_fr()

by Harald Welte

found by -fsanitize=address the last iteration of the loop, where i == 259 and o == 260. It is read out-of-bounds but the content is never used. --- openbsc/src/libtrau/trau_mux.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/openbsc/src/libtrau/trau_mux.c b/openbsc/src/libtrau/trau_mux.c index fd1895f..4f159e4 100644 --- a/openbsc/src/libtrau/trau_mux.c +++ b/openbsc/src/libtrau/trau_mux.c @@ -436,6 +436,9 @@ void trau_encode_fr(struct decoded_trau_frame *tf, o = 0; /* offset output bits */ while (i < 260) { tf->d_bits[k+o] = (data[j/8] >> (7-(j%8))) & 1; + /* to avoid out-of-bounds access in gsm_fr_map[++l] */ + if (i == 259) + break; if (--k < 0) { o += gsm_fr_map[l]; k = gsm_fr_map[++l]-1; -- 2.0.0 -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

11 years, 2 months

Questions regarding sysmoBTS2050 power management

by Holger Hans Peter Freyther

hi! I would like to have your opinion on the power management of the sysmoBTS2050 hardware in various conditions: Using only a single TRX with 10: We have to disable the second TRX. Would you want to set a different device id in the EEPROM for the sysmoBTS2050 to indicate a single TRX board? If yes we could have nominal power return 40 and something like the sysmobts-mgr could disable the power of the second trx on start? Another option would be to make it configurable inside the bts configuration file. In this case the bts process would need to tell the sysmobts-mgr to switch off the second trx? Reducing power in a dual-bts setup: The current unfinished idea would be that in case the system heats up too much we reduce the transmit power on the first TRX. Is this enough? Is this enough because in the long run we will manage both TRX from the first one? Or shall we handle the heat inside OpenBSC to temporarily reduce the power? This way we would need to send information in case the system returns to an acceptable temperature? holger

11 years, 2 months

Bounce action notification

by mailman＠lists.osmocom.org

This is a Mailman mailing list bounce action notice: List: OpenBSC Member: mki(a)mki-consult.de Action: Subscription disabled. Reason: Excessive or fatal bounces. The triggering bounce notice is attached below. Questions? Contact the Mailman site administrator at mailman(a)lists.osmocom.org.

11 years, 2 months

Patch: handover check for E1 based BTS

by Sipos Csaba

The function that checks for HO compatibility is wrong for quite some time. Even for E1 based BTSs the function requires RTP proxy to be enabled. The following patch is fixing this, by changing the condition so RTP proxy is only required, when the BTS is an IP based unit: diff --git a/openbsc/src/libbsc/bsc_vty.c b/openbsc/src/libbsc/bsc_vty.c index 6acf0c6..fbf28ec 100644 --- a/openbsc/src/libbsc/bsc_vty.c +++ b/openbsc/src/libbsc/bsc_vty.c @@ -1427,8 +1427,9 @@ DEFUN(cfg_net_handover, cfg_net_handover_cmd, { int enable = atoi(argv[0]); struct gsm_network *gsmnet = gsmnet_from_vty(vty); + struct gsm_bts *bts = vty->index; - if (enable && ipacc_rtp_direct) { + if (enable && ((is_ipaccess_bts(bts)) && ipacc_rtp_direct)) { vty_out(vty, "%% Cannot enable handover unless RTP Proxy mode " "is enabled by using the -P command line option%s", VTY_NEWLINE); The patch is tested with Nokia Insite. I hope someone can commit this to the master branch. Regards, Csaba

11 years, 2 months

Unable to build openbsc due to missing 'libosmo-netif' package

by hulds＠gmx.net

Hi, i try to get openbsc to work. To do that i followed the steps on the page : http://openbsc.osmocom.org/trac/wiki/OpenBSC_GPRS till the last step everything go's ok, during the last step : cd /root/openbsc/openbsc; autoreconf -fi; export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig; ./configure; make I get the message : checking for LIBOSMONETIF... no configure: error: Package requirements (libosmo-netif >= 0.0.1) were not met: No package 'libosmo-netif' found I tried to find this package but was not able to find it. Do you know where i can find this package so that i can get things working ? Regards Henry

11 years, 2 months

[PATCH] mgcp/test: Add test case using the fmtp_extra info

by Jacob Erlbeck

Add tests setting the fmtp_extra field to check the response generation. This triggers a bug found by Coverity. Addresses: Coverity CID 1220873 Sponsored-by: On-Waves ehf --- openbsc/tests/mgcp/mgcp_test.c | 31 +++++++++++++++++++++++++++++++ openbsc/tests/mgcp/mgcp_test.ok | 38 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 69 insertions(+) diff --git a/openbsc/tests/mgcp/mgcp_test.c b/openbsc/tests/mgcp/mgcp_test.c index 19615d9..e185fbc 100644 --- a/openbsc/tests/mgcp/mgcp_test.c +++ b/openbsc/tests/mgcp/mgcp_test.c @@ -20,6 +20,7 @@ #define _GNU_SOURCE #include <openbsc/mgcp.h> +#include <openbsc/vty.h> #include <openbsc/mgcp_internal.h> #include <osmocom/core/application.h> @@ -88,6 +89,17 @@ static void test_strline(void) "m=audio 0 RTP/AVP 126\r\n" \ "a=rtpmap:126 AMR/8000\r\n" \ "a=ptime:20\r\n" +#define MDCX3_FMTP_RET "200 18983215 OK\r\n" \ + "I: 3\n" \ + "\n" \ + "v=0\r\n" \ + "o=- 3 23 IN IP4 0.0.0.0\r\n" \ + "c=IN IP4 0.0.0.0\r\n" \ + "t=0 0\r\n" \ + "m=audio 0 RTP/AVP 126\r\n" \ + "a=rtpmap:126 AMR/8000\r\n" \ + "a=fmtp:126 0/1/2\r\n" \ + "a=ptime:20\r\n" #define MDCX4 "MDCX 18983216 1@mgw MGCP 1.0\r\n" \ "M: sendrecv\r" \ "C: 2\r\n" \ @@ -203,6 +215,18 @@ static void test_strline(void) "a=rtpmap:126 AMR/8000\r\n" \ "a=ptime:20\r\n" +#define CRCX_FMTP_RET "200 2 OK\r\n" \ + "I: 3\n" \ + "\n" \ + "v=0\r\n" \ + "o=- 3 23 IN IP4 0.0.0.0\r\n" \ + "c=IN IP4 0.0.0.0\r\n" \ + "t=0 0\r\n" \ + "m=audio 0 RTP/AVP 126\r\n" \ + "a=rtpmap:126 AMR/8000\r\n" \ + "a=fmtp:126 0/1/2\r\n" \ + "a=ptime:20\r\n" + #define CRCX_ZYN "CRCX 2 1@mgw MGCP 1.0\r" \ "M: recvonly\r" \ "C: 2\r\r" \ @@ -250,6 +274,8 @@ struct mgcp_test { const char *exp_resp; int exp_net_ptype; int exp_bts_ptype; + + char *extra_fmtp; }; static const struct mgcp_test tests[] = { @@ -275,6 +301,9 @@ static const struct mgcp_test tests[] = { { "RQNT1", RQNT, RQNT1_RET }, { "RQNT2", RQNT2, RQNT2_RET }, { "DLCX", DLCX, DLCX_RET, -1, -1 }, + { "CRCX", CRCX, CRCX_FMTP_RET, 97, 126, .extra_fmtp = "a=fmtp:126 0/1/2" }, + { "MDCX3", MDCX3, MDCX3_FMTP_RET, PTYPE_NONE, 126 , .extra_fmtp = "a=fmtp:126 0/1/2" }, + { "DLCX", DLCX, DLCX_RET, -1, -1 , .extra_fmtp = "a=fmtp:126 0/1/2" }, }; static const struct mgcp_test retransmit[] = { @@ -398,6 +427,8 @@ static void test_messages(void) last_endpoint = -1; dummy_packets = 0; + bsc_replace_string(cfg, &cfg->trunk.audio_fmtp_extra, t->extra_fmtp); + inp = create_msg(t->req); msg = mgcp_handle_message(cfg, inp); msgb_free(inp); diff --git a/openbsc/tests/mgcp/mgcp_test.ok b/openbsc/tests/mgcp/mgcp_test.ok index 7301a81..6c5a6bc 100644 --- a/openbsc/tests/mgcp/mgcp_test.ok +++ b/openbsc/tests/mgcp/mgcp_test.ok @@ -75,6 +75,44 @@ Detected packet duration: 20 Requested packetization period not set Connection mode: 0: NONE Testing CRCX +CRCX failed '200 2 OK +I: 3 + +v=0 +o=- 3 23 IN IP4 0.0.0.0 +c=IN IP4 0.0.0.0 +t=0 0 +m=audio 0 RTP/AVP 126 +a=rtpmap:126 AMR/8000 +a=rtpmap:126 AMR/8000 +a=ptime:20 +' +Dummy packets: 1 +Detected packet duration: 40 +Requested packetetization period: 20-20 +Connection mode: 1: RECV +Testing MDCX3 +MDCX3 failed '200 18983215 OK +I: 3 + +v=0 +o=- 3 23 IN IP4 0.0.0.0 +c=IN IP4 0.0.0.0 +t=0 0 +m=audio 0 RTP/AVP 126 +a=rtpmap:126 AMR/8000 +a=rtpmap:126 AMR/8000 +a=ptime:20 +' +Dummy packets: 1 +Packet duration not set +Requested packetization period not set +Connection mode not set +Testing DLCX +Detected packet duration: 20 +Requested packetization period not set +Connection mode: 0: NONE +Testing CRCX Re-transmitting CRCX Testing RQNT1 Re-transmitting RQNT1 -- 1.9.1

11 years, 2 months

XID parameters

by Josh toal

Hi All As per the specs after PDP context accept mobile station should exchange XID parameters with SGSN. before it initiate transfer of data. As per the literature mobile station if not happy with the negotiated quality of service it will send the deactivation request and I am getting the same. Is this is the only reason mobile station will send deactivation request or something else, which I am missing. Any suggestion to fix this problem. can anybody comment on this please. regards Josh

11 years, 2 months

[PATCH] mgcp: Fix SDP formatting of fmtp_extra (Coverity)

by Jacob Erlbeck

Currently when ftmp_extra is set, a doubled a=rtpmap line is emitted instead of the fmtp_extra info. This patch fixes replaces the formerly copied and pasted but not modified snprintf parameters by the correct ones. Fixes: Coverity CID 1220873 Sponsored-by: On-Waves ehf --- openbsc/src/libmgcp/mgcp_protocol.c | 3 +-- openbsc/tests/mgcp/mgcp_test.ok | 24 ------------------------ 2 files changed, 1 insertion(+), 26 deletions(-) diff --git a/openbsc/src/libmgcp/mgcp_protocol.c b/openbsc/src/libmgcp/mgcp_protocol.c index f0457d1..6e48949 100644 --- a/openbsc/src/libmgcp/mgcp_protocol.c +++ b/openbsc/src/libmgcp/mgcp_protocol.c @@ -287,8 +287,7 @@ static int write_response_sdp(struct mgcp_endpoint *endp, if (fmtp_extra) { nchars = snprintf(sdp_record + len, size - len, - "a=rtpmap:%d %s\r\n", - payload_type, audio_name); + "%s\r\n", fmtp_extra); if (nchars < 0 || nchars >= size - len) goto buffer_too_small; diff --git a/openbsc/tests/mgcp/mgcp_test.ok b/openbsc/tests/mgcp/mgcp_test.ok index 6c5a6bc..033f783 100644 --- a/openbsc/tests/mgcp/mgcp_test.ok +++ b/openbsc/tests/mgcp/mgcp_test.ok @@ -75,35 +75,11 @@ Detected packet duration: 20 Requested packetization period not set Connection mode: 0: NONE Testing CRCX -CRCX failed '200 2 OK -I: 3 - -v=0 -o=- 3 23 IN IP4 0.0.0.0 -c=IN IP4 0.0.0.0 -t=0 0 -m=audio 0 RTP/AVP 126 -a=rtpmap:126 AMR/8000 -a=rtpmap:126 AMR/8000 -a=ptime:20 -' Dummy packets: 1 Detected packet duration: 40 Requested packetetization period: 20-20 Connection mode: 1: RECV Testing MDCX3 -MDCX3 failed '200 18983215 OK -I: 3 - -v=0 -o=- 3 23 IN IP4 0.0.0.0 -c=IN IP4 0.0.0.0 -t=0 0 -m=audio 0 RTP/AVP 126 -a=rtpmap:126 AMR/8000 -a=rtpmap:126 AMR/8000 -a=ptime:20 -' Dummy packets: 1 Packet duration not set Requested packetization period not set -- 1.9.1

11 years, 2 months

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

OpenBSC June 2014