OpenBSC February 2018

openbsc@lists.osmocom.org

14 participants
23 discussions

GSM 04.08 L2 pseudo length in ACCH System Information messages

by Vadim Yanitskiy

Hi everyone, I few days ago, during some usual R&D process, I noticed the following messages, appearing in the log output of OsmocomBB/mobile application: "ACCH message type 0xXX unknown." The network, a phone was connected to, was may own and based on more or less recent versions of OsmoNiTB, OsmoBTS, and OsmoTRX. Despite I used to see such messages before, I didn't pay too much attention. But this time I've decided to figure out, what's wrong there... The source of such messages is the gsm48_rr.c / gsm48_rr_rx_acch(): static int gsm48_rr_rx_acch(struct osmocom_ms *ms, struct msgb *msg) { // ... struct gsm48_system_information_type_header *sih = msgb_l3(msg); // ... switch (sih->system_information) { case GSM48_MT_RR_SYSINFO_5: return gsm48_rr_rx_sysinfo5(ms, msg); case GSM48_MT_RR_SYSINFO_5bis: return gsm48_rr_rx_sysinfo5bis(ms, msg); case GSM48_MT_RR_SYSINFO_5ter: return gsm48_rr_rx_sysinfo5ter(ms, msg); case GSM48_MT_RR_SYSINFO_6: return gsm48_rr_rx_sysinfo6(ms, msg); default: LOGP(DRR, LOGL_NOTICE, "ACCH message type 0x%02x unknown.\n", sih->system_information); return -EINVAL; } } To get I bit more details, I modified this function to print the whole L3 payload, and got some interesting results. As it turned out, the payloads were shifted one byte left - there was no 'l2_plen', which is assumed by: /* Section 9.1.3x System information Type header */ struct gsm48_system_information_type_header { uint8_t l2_plen; uint8_t rr_protocol_discriminator :4, skip_indicator:4; uint8_t system_information; } __attribute__ ((packed)); So, my first idea was that this is a bug of OsmocomBB, that would be fairly easy to fix, so after a quick look at the GSM 04.08 specification I wrote (and merged :/) this: https://gerrit.osmocom.org/#/c/5204/ And everything was great, until I connected a 'patched' mobile to a commercial mobile network... And all SI messages during a dedicated connection were false-identified as SI5ter. This seemed strange to me, so I decided to compare a SI message from commercial network with a message captured in my own one: https://habrastorage.org/webt/t8/zs/vv/t8zsvvjjglzfisnjqlnnsy4kgas.png And this confused me even more, then I've expected. Why there is 0x49? Wireshark false-identified this message as something related to SMS... What if this is exactly the 'l2_plen' assumed in OsmocomBB before? I looked at the specifications again, and found out that initially I refered an outdated 5.3.0 version, which was the first link in Google: http://www.etsi.org/deliver/etsi_gts/04/0408/05.03.00_60/gsmts_0408v050300p… while the latest one is 7.21.0: http://www.etsi.org/deliver/etsi_ts/100900_100999/100940/07.21.00_60/ts_100… So, I compared the 9.1.37-40 sections of both versions, and bingo! In the higher version ACCH System Information messages do have the 'L2 Pseudo Length' (10.5.2.19) field. Finally, what I've learned: - OsmocomBB / mobile follows the new version here (with l2_plen); - OsmoNiTB generates the ACCH SI messages without the l2_plen; - Recent Wireshark versions fail to decode the ACCH SI messages with l2_plen, while older ones are able to do that; - I should not merge the changes so quick. My questions are: - Which way of composing the SI messages is correct? - If both are correct, how to parse them correctly? - Should we change OsmoNiTB / OsmoBSC to follow the latest specs? And of course, I have to revert the change I've merged. With best regards, Vadim Yanitskiy.

6 years, 11 months

Submissions for OsmoDevCon 2018

by Harald Welte

Dear Osmocom community, it's already end of January and OsmoDevCon 2018 in April is getting closer and closer. As indicated before, I would like to group the topics by days and put together at least a rough framework shcedule, so that people with specific interests don't have to be present for four full days to make sure they don't miss anything. So I'd like to re-invite all attendees to consider adding a topic/porposal to the wiki page at https://osmocom.org/projects/osmo-dev-con/wiki/OsmoDevCon2018#section-9 so that we can group different topic areas and put together a rough schedule outline. A proposal doesn't mean you have to give a talk. It could be anything, including * a talk that you would want to listen to, and you're looking for somebody to give it * a discussion about a certain topic * a workshop / hands on session * lightning talks? Like any community event, OsmoDevCon lives by its contributors. I can't wait to hear about all the things you've been up to. Thanks! Regards, Harald -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

6 years, 11 months

A5/1 Encryption Enabled - Programmable SIM unable to camp

by Ron

Hi All, Does anyone tried enabling the A5/1 Encryption using osmo-bsc and osmo-msc? We are using an UPBOARD with the following elements; osmo-bsc, osmo-bts-trx and osmo-trx in it; and a NUC with osmo-hlr, osmo-msc, osmo-mgcp, and osmo-stp. Both servers are using Ubuntu 16.04 OS. We enabled the a5/1 encryption in both osmo-bsc and osmo-msc. Then provisioned the programmable SIM to osmo-hlr with aud2g comp128v1 auth. OsmoHLR# subscriber imsi 515941234567890 show ID: 9 IMSI: 515941234567890 MSISDN: 09271234567 2G auth: COMP128v1 KI=00112233445566778899aabbccddeeff We are not really sure what causes the LOCUP Reject. Can anyone help us with this issue? Attached are the configuration used during the testing and a trace taken during the testing. Best Regard, Ron Menez ron.menez(a)entropysolution.com<mailto:ron.menez@entropysolution.com>

6 years, 11 months

UMTRX - Missing IMEI in the Identity Request

by Ron

Hi All, We have encountered an issue in latching/phone camping using UMTRX and OSMOCOM elements. During the registration process, encryption command fails since the OsmoBSC/BTS does not provide the IMEI in the Identity Request. Note that the Mobile core only permits a5/1 encryption. This issue is not encountered using ETTUS B210 with same version of OSMOCOM elements and same configuration files. May we know if this is a known issue? The UHD version used is the UHD_003.010.002.HEAD-3-g122bfae1 and the UMTRX Driver used is1.0.3-128-93d4343. We used the URL below in installing the driver and module of UMTRX: https://umtrx.org/applications/driver/ Best Regard, Ron Menez ron.menez(a)entropysolution.com<mailto:ron.menez@entropysolution.com>

6 years, 11 months

trxcon, fake-trx and osmo-bts-trx: Simulating TA + Power Control

by Harald Welte

This is picking up on a discussion that fixeria and I have had in https://gerrit.osmocom.org/#/c/6846 so far. The goal is to be able to fully test the timing advance and power control loops in unmodified osmo-bts-trx (from the BTS_Tests.ttcn test suite). For this, we need: * fake_trx must be able to insert additional false "delay" * fake_trx must be able to insert additional false "path loss" Let's look at TOA/timing first: 1) Implementation of TA in fake_trx * MS sets timing advance via L1CTL * trxcon translates this into SETTA command to fake_trx * fake_trx stores this curernt TA value (in bit periods) * fake_trx initializes the per-burst TOA (in 1/256th symbol periods) to the negative of those values when converting from Tx to Rx burst format, before feeding to osmo-bts-trx 2) implementation of "fake delay" in fake_trx * test case at any time requests fake_trx to apply a "fake delay" (in 1/256th symbol periods) * fake_trx stores this signed 16bit value * fake_trx applies this fake_delay value when converting uplink Tx bursts to Rx bursts, after having applied the timing advance. So a typical exchange between MS and BTS looks like this: * testcase instructs fake_trx to apply fake_delay of 512 (2 bit periods) * MS sends RACH burst with no timing advance at all * fake_trx applies TA=0 and adds fake_delay value (512), resulting in reported timing value of 512 in the bursts passed to osmo-bts-trx * osmo-bts-trx detects '512' and forwards this as timing offset to the BSC * BSC will allocate a channel, and instruct MS to use TA=2 on it * MS sends SETTA=2 to fake_trx * any bursts from MS in fake_trx are processed as follows: ** set toa=-256*2=-512 (TA value of 2) ** add fake_delay: toa=-512 (result of above) + 512 (fake delay) = 0 * osmo-bts-trx receives bursts with toa=0, i.e. timing advance loop is balanced When the MS is moving further away, we can simulate this by: * testcase sends fake_delay=1024 to fake_trx * uplink bursts now are processed in fake_trx as: ** set toa=-256*2=-512 (TA value of 2) ** add fake_delay: toa=-512 (result of above) + 1024 (fake delay) = +512 * osmo-bts-trx receives bursts with toa=512, reports this to timing advance loop code * TA loop code will result in SACCH downlink L1 header to contain TA=4 (not just 2 like before) * MS will send "SETTA 4" to fake_trx * uplink bursts now are processed in fake_trx as: ** set toa=-256*4=-1024 (TA value of 4) ** add fake_delay: toa=-1024 (result of above) + 1024 (fake delay) = 0 * loop is balanced again For RSSI processing it's slightly more complicated: * fake_trx would need to know the nominal transmit power of both MS and BTS. This could be from config file, command line argument or some control commands. For this example, let's assume MS nominal power is +30dBm and BTS +23 dBm * fake_trx will have some "SET PATH LOSS" command by which the test case can tell it about the path loss it shall apply (in uplink and/or downlink direction) * fake_trx receives "SET PATH LOSS 110" for 110dB path loss * uplink burst processing then looks like this ** fake_trx knows MS nominal power is +30 dBm ** fake_trx subtracts the attenuation value from the Tx Burst Data header (e.g. 10 dB) ** fake_trx computes +30 (nominal power) -10 (burst attenuation) - 110 (path loss) = -90 dBm ** fake_trx reports -87dBm RSSI in the uplink burst to osmo-bts-trx * downlink burst processing then looks like this ** fake_trx knows of BTS transmit power level is 23dBm ** fake_trx reads attenuation from tx burst header (e.g. 0dB) ** fake_trx computes +23 (nominal power) -0 (burst attenuation) - 110 (path loss) = -87 dBm ** fake_trx reports Rx bursts with -87dBm RSSI to trxcon I hope this makes sense. Comments welcome. -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

6 years, 11 months

Help with GPRS and new split stack

by Rafael Diniz

Hi all, I'm running the new split stack on a LC 15 (osmo-bts and osmo-pcu from stock LC15, and osmo-bsc, osmo-msc, osmo-stp, osmo-hlr, ... from debian 9 armv7l nightly in a chroot). osmo-sgsn gives me: 0180225034309988 DGPRS <000f> gprs_subscriber.c:714 SUBSCR(250026920931392) Received GSUP message OSMO_GSUP_MSGT_SEND_AUTH_INFO_ERROR 20180225034309988 DGPRS <000f> gprs_subscriber.c:470 SUBSCR(250026920931392) Send authentication info has failed with cause 2, handled as: Permission denied 20180225034309988 DGPRS <000f> gprs_subscriber.c:478 SUBSCR(250026920931392) GPRS send auth info req failed, access denied, GMM cause = 'IMSI unknown in HLR' (2) 20180225034309988 DGPRS <000f> gprs_subscriber.c:828 SUBSCR(250026920931392) Updating subscriber authentication info 20180225034309988 DMM <0002> gprs_sgsn.c:726 MM(250026920931392/e550701e) Subscriber data update 20180225034309988 DMM <0002> sgsn_auth.c:219 MM(250026920931392/e550701e) Updating authorization (unknown -> authenticate) 20180225034309988 DMM <0002> sgsn_auth.c:236 MM(250026920931392/e550701e) Missing auth tuples, authorization not possible 20180225034309988 DMM <0002> sgsn_auth.c:248 MM(250026920931392/e550701e) Got authorization update: state unknown -> rejected 20180225034309988 DMM <0002> gprs_gmm.c:1140 MM(250026920931392/e550701e) Not authorized, rejecting ATTACH REQUEST with cause 'IMSI unknown in HLR' (2) 20180225034309988 DMM <0002> gprs_gmm.c:489 MM(250026920931392/e550701e) <- GPRS ATTACH REJECT: IMSI unknown in HLR 20180225034309988 DMM <0002> gprs_gmm.c:313 MM(250026920931392/e550701e) Cleaning MM context due to GPRS ATTACH REJECT osmo-hlr: 20180225034401485 DAUC <0003> db_auc.c:129 IMSI='250026920931392': No 2G Auth Data 20180225034401485 DAUC <0003> db_auc.c:165 IMSI='250026920931392': No 3G Auth Data 20180225034401485 DAUC <0003> hlr.c:79 250026920931392: IMSI known, but has no auth data; Returning slightly inaccurate cause 'IMSI Unknown' via GSUP But I added the IMSIs in the HLR. Which kind of auth data should I put to a SIM card from a mainstream carrier? Thanks, Rafael Diniz

6 years, 11 months

Approach to system testing for Osmocom stack

by Holger Freyther

Hi, the lua binding code was added to be able to automate OpenBSC tests. In theory we should be able to do this for SMS and UpdateLocation (call handling with MNCC exposing is left as a todo) but in practice we miss a piece of software to coordinate this and run the test. We miss it because it is an interesting problem but also I lost time on switching countries, learning new tricks at a project... The basic testing structure looks easy as well. We want to define the number of concurrent subscribers (0, 10, 100, 1000, n) and to make it simple a single test (UL, send SMS, t) and execute the same test for each subscriber and call it a success if y% of tests succeed within time T. The way to measure this is easy as well. The lua script would print some data (e.g. the name of the ms) when it starts and completes. For some degrees of freedom I don't have a good idea.. and feedback is welcome. I am not sure if I should spawn, configure, add subscribers, a flavor of Osmocom cellular? I look into having some set of templates for the config, the stack to launch and in concept it looks awfully similar to something the GSM tester is doing. Shall we leave virtbts/cellular to the Osmocom tester and just focus on coordinating mobile? My feeling is to leave this to the Osmo GSM tester. If we have n subscribers I would launch m copies of "mobile" (but run multiple MS in a single binary). So with 4 MS per mobile process and 10k subs we would end with 2.5k processes + many log messages coming from each. Would that scale with python? Should we look into doing this one in Go? Or can some of GSM tester be used (the template part)? I would probably design this concurrently with Go(besides being the first). any ideas/comments? holger

6 years, 11 months

Re: Help with GPRS and new split stack

by Vadim Yanitskiy

Hi Rafael, Please pay your attention at the following warnings: > hlr.c:79 250026920931392: IMSI known, but has no auth data; > Returning slightly inaccurate cause 'IMSI Unknown' via GSUP and > sgsn_auth.c:236 MM(250026920931392/e550701e) > Missing auth tuples, authorization not possible > sgsn_auth.c:248 MM(250026920931392/e550701e) > Got authorization update: state unknown -> rejected Are you sure you do have all required auth information in HLR? > IMSI 250 02 6920931392 BTW: is it a random IMSI? Otherwise, this IMSI belongs to a Russian carrier - Megafon. If I am correct, and this SIM is a commercial SIM, you won't be able to get the auth data for them. With best regards, Vadim Yanitskiy.

6 years, 11 months

Build failed in Jenkins: Coverity-Upload (jenkins-job-builder) #20

by jenkins＠lists.osmocom.org

See <http://jenkins.osmocom.org/jenkins/job/osmocom-coverity/20/display/redirect> ------------------------------------------ [...truncated 1.05 MB...] checking if gcc supports -fno-rtti -fno-exceptions... no checking for gcc option to produce PIC... -fPIC -DPIC checking if gcc PIC flag -fPIC -DPIC works... yes checking if gcc static flag -static works... yes checking if gcc supports -c -o file.o... yes checking if gcc supports -c -o file.o... (cached) yes checking whether the gcc linker (/usr/bin/ld -m elf_x86_64) supports shared libraries... yes checking whether -lc should be explicitly linked in... no checking dynamic linker characteristics... GNU/Linux ld.so checking how to hardcode library paths into programs... immediate checking whether stripping libraries is possible... yes checking if libtool supports shared libraries... yes checking whether to build shared libraries... yes checking whether to build static libraries... no checking how to run the C++ preprocessor... g++ -E checking for ld used by g++... /usr/bin/ld -m elf_x86_64 checking if the linker (/usr/bin/ld -m elf_x86_64) is GNU ld... yes checking whether the g++ linker (/usr/bin/ld -m elf_x86_64) supports shared libraries... yes checking for g++ option to produce PIC... -fPIC -DPIC checking if g++ PIC flag -fPIC -DPIC works... yes checking if g++ static flag -static works... yes checking if g++ supports -c -o file.o... yes checking if g++ supports -c -o file.o... (cached) yes checking whether the g++ linker (/usr/bin/ld -m elf_x86_64) supports shared libraries... yes checking dynamic linker characteristics... (cached) GNU/Linux ld.so checking how to hardcode library paths into programs... immediate checking for ANSI C header files... (cached) yes checking byteswap.h usability... yes checking byteswap.h presence... yes checking for byteswap.h... yes checking for an ANSI C-conforming const... yes checking for inline... inline checking for size_t... yes checking whether time.h and sys/time.h may both be included... yes checking whether byte ordering is bigendian... no checking for pkg-config... /usr/bin/pkg-config checking pkg-config is at least version 0.9.0... yes checking for UHD... no checking for UHD... yes checking whether C compiler accepts -msse3... yes checking whether C compiler accepts -msse4.1... yes checking whether gcc has __builtin_cpu_supports built-in... yes checking for LIBUSB... yes checking for FFTWF... yes checking boost/config.hpp usability... yes checking boost/config.hpp presence... yes checking for boost/config.hpp... yes checking that generated files are newer than configure... done configure: creating ./config.status config.status: creating Makefile config.status: creating CommonLibs/Makefile config.status: creating GSM/Makefile config.status: creating Transceiver52M/Makefile config.status: creating Transceiver52M/arm/Makefile config.status: creating Transceiver52M/x86/Makefile config.status: creating tests/Makefile config.status: creating tests/CommonLibs/Makefile config.status: creating tests/Transceiver52M/Makefile config.status: creating config.h config.status: executing tests/atconfig commands config.status: executing depfiles commands config.status: executing libtool commands + make -j 6 make all-recursive make[1]: Entering directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx' Making all in CommonLibs make[2]: Entering directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx/CommonLibs' CXX BitVector.lo CXX Threads.lo CXX Timeval.lo CXX Logger.lo CXX Sockets.lo CXX LinkedLists.lo CXXLD libcommon.la ar: `u' modifier ignored since `D' is the default (see `U') make[2]: Leaving directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx/CommonLibs' Making all in GSM make[2]: Entering directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx/GSM' CXX GSMCommon.lo CXXLD libGSM.la ar: `u' modifier ignored since `D' is the default (see `U') make[2]: Leaving directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx/GSM' Making all in Transceiver52M make[2]: Entering directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx/Transceiver52M' Making all in arm make[3]: Entering directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx/Transceiver52M/arm' make[3]: Nothing to be done for 'all'. make[3]: Leaving directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx/Transceiver52M/arm' Making all in x86 make[3]: Entering directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx/Transceiver52M/x86' CC convert.lo CC convolve.lo CC libarch_sse_3_la-convolve_sse_3.lo CC libarch_sse_3_la-convert_sse_3.lo CC ../common/convolve_base.lo CC libarch_sse_4_1_la-convert_sse_4_1.lo CC ../common/convert_base.lo CCLD libarch_sse_4_1.la CCLD libarch_sse_3.la ar: `u' modifier ignored since `D' is the default (see `U') ar: `u' modifier ignored since `D' is the default (see `U') CCLD libarch.la ar: `u' modifier ignored since `D' is the default (see `U') make[3]: Leaving directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx/Transceiver52M/x86' make[3]: Entering directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx/Transceiver52M' CXX radioInterface.lo CXX radioVector.lo CXX radioClock.lo CXX signalVector.lo CXX sigProcLib.lo CXX radioBuffer.lo CXX Transceiver.lo CXX ChannelizerBase.lo CXX Channelizer.lo CXX Synthesis.lo CC common/fft.lo CXX Resampler.lo CXX radioInterfaceResamp.lo CXX radioInterfaceMulti.lo CXX UHDDevice.lo CXX osmo-trx.o CXXLD libtransceiver.la ar: `u' modifier ignored since `D' is the default (see `U') CXXLD osmo-trx make[3]: Leaving directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx/Transceiver52M' make[2]: Leaving directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx/Transceiver52M' Making all in tests make[2]: Entering directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx/tests' Making all in CommonLibs make[3]: Entering directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx/tests/CommonLibs' CXX BitVectorTest.o CXX InterthreadTest.o CXX VectorTest.o CXX PRBSTest.o CXX SocketsTest.o CXX TimevalTest.o CXX LogTest.o CXXLD BitVectorTest CXXLD VectorTest CXXLD SocketsTest CXXLD TimevalTest CXXLD PRBSTest CXXLD InterthreadTest CXXLD LogTest make[3]: Leaving directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx/tests/CommonLibs' Making all in Transceiver52M make[3]: Entering directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx/tests/Transceiver52M' CC convolve_test-convolve_test.o CCLD convolve_test make[3]: Leaving directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx/tests/Transceiver52M' make[3]: Entering directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx/tests' make[3]: Nothing to be done for 'all-am'. make[3]: Leaving directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx/tests' make[2]: Leaving directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx/tests' make[2]: Entering directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx' make[2]: Leaving directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx' make[1]: Leaving directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx' + make install Making install in CommonLibs make[1]: Entering directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx/CommonLibs' make[2]: Entering directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx/CommonLibs' make[2]: Nothing to be done for 'install-exec-am'. make[2]: Nothing to be done for 'install-data-am'. make[2]: Leaving directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx/CommonLibs' make[1]: Leaving directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx/CommonLibs' Making install in GSM make[1]: Entering directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx/GSM' make[2]: Entering directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx/GSM' make[2]: Nothing to be done for 'install-exec-am'. make[2]: Nothing to be done for 'install-data-am'. make[2]: Leaving directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx/GSM' make[1]: Leaving directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx/GSM' Making install in Transceiver52M make[1]: Entering directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx/Transceiver52M' Making install in arm make[2]: Entering directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx/Transceiver52M/arm' make[3]: Entering directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx/Transceiver52M/arm' make[3]: Nothing to be done for 'install-exec-am'. make[3]: Nothing to be done for 'install-data-am'. make[3]: Leaving directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx/Transceiver52M/arm' make[2]: Leaving directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx/Transceiver52M/arm' Making install in x86 make[2]: Entering directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx/Transceiver52M/x86' make[3]: Entering directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx/Transceiver52M/x86' make[3]: Nothing to be done for 'install-exec-am'. make[3]: Nothing to be done for 'install-data-am'. make[3]: Leaving directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx/Transceiver52M/x86' make[2]: Leaving directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx/Transceiver52M/x86' make[2]: Entering directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx/Transceiver52M' make[3]: Entering directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx/Transceiver52M' /bin/mkdir -p '/home/osmocom-build/osmo-ci/coverity/install-Osmocom/bin' /bin/bash /home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx/libtool --mode=install /usr/bin/install -c osmo-trx '/home/osmocom-build/osmo-ci/coverity/install-Osmocom/bin' libtool: install: /usr/bin/install -c osmo-trx /home/osmocom-build/osmo-ci/coverity/install-Osmocom/bin/osmo-trx /bin/mkdir -p '/home/osmocom-build/osmo-ci/coverity/install-Osmocom/share/usrp/rev2' /usr/bin/install -c -m 644 std_inband.rbf '/home/osmocom-build/osmo-ci/coverity/install-Osmocom/share/usrp/rev2' /bin/mkdir -p '/home/osmocom-build/osmo-ci/coverity/install-Osmocom/share/usrp/rev4' /usr/bin/install -c -m 644 std_inband.rbf '/home/osmocom-build/osmo-ci/coverity/install-Osmocom/share/usrp/rev4' make[3]: Leaving directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx/Transceiver52M' make[2]: Leaving directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx/Transceiver52M' make[1]: Leaving directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx/Transceiver52M' Making install in tests make[1]: Entering directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx/tests' Making install in CommonLibs make[2]: Entering directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx/tests/CommonLibs' make[3]: Entering directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx/tests/CommonLibs' make[3]: Nothing to be done for 'install-exec-am'. make[3]: Nothing to be done for 'install-data-am'. make[3]: Leaving directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx/tests/CommonLibs' make[2]: Leaving directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx/tests/CommonLibs' Making install in Transceiver52M make[2]: Entering directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx/tests/Transceiver52M' make[3]: Entering directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx/tests/Transceiver52M' make[3]: Nothing to be done for 'install-exec-am'. make[3]: Nothing to be done for 'install-data-am'. make[3]: Leaving directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx/tests/Transceiver52M' make[2]: Leaving directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx/tests/Transceiver52M' make[2]: Entering directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx/tests' make[3]: Entering directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx/tests' make[3]: Nothing to be done for 'install-exec-am'. make[3]: Nothing to be done for 'install-data-am'. make[3]: Leaving directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx/tests' make[2]: Leaving directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx/tests' make[1]: Leaving directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx/tests' make[1]: Entering directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx' make[2]: Entering directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx' make[2]: Nothing to be done for 'install-exec-am'. make[2]: Nothing to be done for 'install-data-am'. make[2]: Leaving directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx' make[1]: Leaving directory '/home/osmocom-build/osmo-ci/coverity/source-Osmocom/osmo-trx' + popd ~/osmo-ci/coverity/source-Osmocom Emitted 2324 C/C++ compilation units (100%) successfully 2324 C/C++ compilation units (100%) are ready for analysis The cov-build utility completed successfully. + cd /home/osmocom-build/osmo-ci/coverity/source-Osmocom + rm -f Osmocom.tgz + tar czf Osmocom.tgz cov-int + set +x curl \ --form token="$token" \ --form email=holger(a)freyther.de --form file=(a)Osmocom.tgz \ --form version=Version --form description=AutoUpload \ https://scan.coverity.com/builds?project=Osmocom % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:02 --:--:-- 0 curl: (51) SSL: no alternative certificate subject name matches target host name 'scan.coverity.com' Build step 'Execute shell' marked build as failure

6 years, 11 months

fairwaves HO patches

by Neels Hofmeyr

Hi Ivan, as I'm working towards load-based handover and incorporating your patches, I found that most of it is concerned with libmsc. In contrast, I am currently working on osmo-bsc, in libbsc, and would like to ask your advice. Some parts of the patch aren't easy to understand for me, and I'd like to make sure that I am not dismissing parts of it as non-applicable to libbsc even though they might be important. Since your patches were written, the code has changed. Now that we have the separate osmo-bsc, we will need two layers of handover: intra-BSC and inter-BSC. Intra-BSC is a handover between two cells that are serviced by the same BSC, and the higher layers (MSC) should not even notice that anything has happened -- MSC has asked the BSC to service a call by BSSAP Assignment, and the BSC is free to choose and change around the lchans it assigns to that. That is the layer I'm currently dug into. Inter-BSC is a handover between cells that are serviced by two different BSCs. That seems to be the land your patch is improving. The MSC is involved and so is MNCC. (Both MSC and BSC levels will need their own DTAP cache, and they are by definition completely independent -- MSC caches the DTAP coming from MNCC during Inter-BSC handover, BSC caches DTAP from MSC during Intra-BSC handover.) Since your patch is applied onto openbsc.git, where all of BSC and MSC are still one osmo-nitb, I want to make sure that I sort your patch right. Do some of its semantics apply to osmo-bsc master, even if the code changed? The smaller patches are either already applied to osmo-bsc master, or I've submitted them on gerrit just now: handover_decision: Add more log messages to get more information about HO causes in logs handover_decision: Fix condition for power budget handover attempt handover_logic: set correct link to bts for subscriber_connection in case of moving this connection to another bts Remaining are a small and *the* complex one: transaction: Add new function trans_find_by_lchan handover: Implement proper handover procedure handling at any stage of the call Here is the last one with inline questions, I hope they are not too stupid; or too long, it ended up being a lot to read. Thanks in advance for taking a look: > commit f7f4dc5e3b0dd61b8322946597147baef5d0464b > Author: Ivan Kluchnikov <kluchnikovi(a)gmail.com> > Date: Wed Aug 23 18:09:50 2017 +0300 > > handover: Implement proper handover procedure handling at any stage of the call > > Enhancements for each stage of handover procedure should be implemented in order to support handover at any stage of the call. > For these purposes new in_handover state and ho_queue for call control messages was introduced for gsm_subscriber_connection. > > Stage 1: HO-Command is sent to MS > gsm_subscriber_connection state should be changed to in_handover=1. > In this state all transmission of signalling layer messages (except RR messages needed for handover procedure) > should be suspended until resuming is indicated. > All call control messages for connection received from network side should be buffered in ho_queue. > All call control messages for connection received from MS side should be ignored. > Channel mode modification procedures should be also suspended. > > Stage 2: HO-Detect is received from MS > Audio path should be switched on network side. > > Stage 3-1: HO-Complete is received from MS > Resumption procedure after successful handover should be performed: > - gsm_subscriber_connection state should be changed to normal (in_handover=0). > - all buffered call control messages (ho_queue) should be sent to MS on new lchan. > - suspended channel mode modification procedures should be performed on new lchan. > > Stage 3-2: HO-Fail is received from MS > Resumption procedure after failed handover should be performed: > - gsm_subscriber_connection state should be changed to normal (in_handover=0). > - all buffered call control messages (ho_queue) should be sent to MS on old lchan. > - suspended channel mode modification procedures should be performed on old lchan. > > Stage 3-3: T3103 expired: Handover has failed without HO-Complete or HO-Fail > Resumption procedure should not be performed in case of T3103 expired: > - gsm_subscriber_connection state should be changed to normal (in_handover=0). > - all buffered call control messages (ho_queue) should be cleaned without sending them to MS. > - suspended channel mode modification procedures should not be performed. > > Change-Id: Icb9b5c35ef0c894af2ea762e539f1a9216447fb7 > > diff --git a/openbsc/include/openbsc/bsc_api.h b/openbsc/include/openbsc/bsc_api.h > index 3a931199..baacbeda 100644 > --- a/openbsc/include/openbsc/bsc_api.h > +++ b/openbsc/include/openbsc/bsc_api.h > @@ -51,5 +51,6 @@ int gsm0808_cipher_mode(struct gsm_subscriber_connection *conn, int cipher, > int gsm0808_page(struct gsm_bts *bts, unsigned int page_group, > unsigned int mi_len, uint8_t *mi, int chan_type); > int gsm0808_clear(struct gsm_subscriber_connection *conn); > +int gsm0808_ho_clear(struct gsm_subscriber_connection *conn); > > #endif > diff --git a/openbsc/include/openbsc/gsm_data.h b/openbsc/include/openbsc/gsm_data.h > index ac573c49..542b2611 100644 > --- a/openbsc/include/openbsc/gsm_data.h > +++ b/openbsc/include/openbsc/gsm_data.h > @@ -138,6 +138,8 @@ struct gsm_subscriber_connection { > struct gsm_network *network; > > int in_release; > + int in_handover; > + struct llist_head ho_queue; > struct gsm_lchan *lchan; /* BSC */ > struct gsm_lchan *ho_lchan; /* BSC */ > struct gsm_bts *bts; /* BSC */ > diff --git a/openbsc/src/libbsc/bsc_api.c b/openbsc/src/libbsc/bsc_api.c > index 8a4c85ff..71e82d03 100644 > --- a/openbsc/src/libbsc/bsc_api.c > +++ b/openbsc/src/libbsc/bsc_api.c > @@ -253,11 +253,14 @@ struct gsm_subscriber_connection *bsc_subscr_con_allocate(struct gsm_lchan *lcha > conn->bts = lchan->ts->trx->bts; > lchan->conn = conn; > llist_add_tail(&conn->entry, &net->subscr_conns); > + INIT_LLIST_HEAD(&conn->ho_queue); > return conn; > } > > void bsc_subscr_con_free(struct gsm_subscriber_connection *conn) > { > + struct msgb *msg; > + > if (!conn) > return; > > @@ -283,6 +286,11 @@ void bsc_subscr_con_free(struct gsm_subscriber_connection *conn) > conn->secondary_lchan->conn = NULL; > } > > + while (!llist_empty(&conn->ho_queue)) { > + msg = msgb_dequeue(&conn->ho_queue); > + msgb_free(msg); > + } > + > llist_del(&conn->entry); > talloc_free(conn); > } > @@ -747,6 +755,17 @@ int gsm0808_clear(struct gsm_subscriber_connection *conn) > return 0; > } > > +/* > + * Release handover RF Channel. > + */ > +int gsm0808_ho_clear(struct gsm_subscriber_connection *conn) > +{ > + if (conn->ho_lchan) > + bsc_clear_handover(conn, 1); > + > + return 0; > +} > + > static void send_sapi_reject(struct gsm_subscriber_connection *conn, int link_id) > { > struct bsc_api *api; > diff --git a/openbsc/src/libbsc/handover_logic.c b/openbsc/src/libbsc/handover_logic.c > index af4e8013..b7085c34 100644 > --- a/openbsc/src/libbsc/handover_logic.c > +++ b/openbsc/src/libbsc/handover_logic.c > @@ -186,10 +186,17 @@ static void ho_T3103_cb(void *_ho) > { > struct bsc_handover *ho = _ho; > struct gsm_network *net = ho->new_lchan->ts->trx->bts->network; > + struct msgb *msg; > > DEBUGP(DHO, "HO T3103 expired\n"); > rate_ctr_inc(&net->bsc_ctrs->ctr[BSC_CTR_HANDOVER_TIMEOUT]); > > + ho->new_lchan->conn->in_handover = 0; > + while (!llist_empty(&ho->new_lchan->conn->ho_queue)) { > + msg = msgb_dequeue(&ho->new_lchan->conn->ho_queue); > + msgb_free(msg); > + } > + (Your ho_queue seems to live in libbsc, while most of the patch seems to be concerned with libmsc. But nevermind, from jolly's patches I already have a similar queue in osmo-bsc, and we'll probably use yours for libmsc.) > ho->new_lchan->conn->ho_lchan = NULL; > ho->new_lchan->conn = NULL; > lchan_release(ho->new_lchan, 0, RSL_REL_LOCAL_END); > @@ -214,6 +221,8 @@ static int ho_chan_activ_ack(struct gsm_lchan *new_lchan) > > gsm48_send_ho_cmd(ho->old_lchan, new_lchan, 0, ho->ho_ref); > > + new_lchan->conn->in_handover = 1; > + In current osmo-bsc master, we already set conn->ho_lchan before sending out the chan activation request. I'd actually assume setting the flag only now, after the activ ack, is a bit too late? > /* start T3103. We can continue either with T3103 expiration, > * 04.08 HANDOVER COMPLETE or 04.08 HANDOVER FAIL */ > ho->T3103.cb = ho_T3103_cb; > @@ -221,7 +230,8 @@ static int ho_chan_activ_ack(struct gsm_lchan *new_lchan) > osmo_timer_schedule(&ho->T3103, 10, 0); > > /* create a RTP connection */ > - if (is_ipaccess_bts(new_lchan->ts->trx->bts)) > + if (is_ipaccess_bts(new_lchan->ts->trx->bts) && > + new_lchan->tch_mode != GSM48_CMODE_SIGN) > rsl_ipacc_crcx(new_lchan); Please explain ... what case / behavior is this fixing? Do we ever see CMODE_SIGN handovers? Would we also need to check for GSM48_CMODE_DATA_*? > @@ -273,6 +283,11 @@ static int ho_gsm48_ho_compl(struct gsm_lchan *new_lchan) > if (is_e1_bts(new_lchan->conn->bts)) > switch_trau_mux(ho->old_lchan, new_lchan); > > + if (ho->old_lchan->conn->mncc_rtp_connect_pending) { > + new_lchan->abis_ip.connect_port = ho->old_lchan->abis_ip.connect_port; > + new_lchan->abis_ip.connect_ip = ho->old_lchan->abis_ip.connect_ip; > + } > + So if an RTP connect to MNCC is pending, we copy the old lchan's RTP port and IP? Which is this, the MNCC / call router side IP and port? Why not set this at the initiation of the HO already? > @@ -295,27 +310,9 @@ static int ho_gsm48_ho_compl(struct gsm_lchan *new_lchan) > static int ho_gsm48_ho_fail(struct gsm_lchan *old_lchan) > { > struct gsm_network *net = old_lchan->ts->trx->bts->network; > - struct bsc_handover *ho; > - struct gsm_lchan *new_lchan; > - > - ho = bsc_ho_by_old_lchan(old_lchan); > - if (!ho) { > - LOGP(DHO, LOGL_ERROR, "unable to find HO record\n"); > - return -ENODEV; > - } > > rate_ctr_inc(&net->bsc_ctrs->ctr[BSC_CTR_HANDOVER_FAILED]); > > - new_lchan = ho->new_lchan; > - > - /* release the channel and forget about it */ > - ho->new_lchan->conn->ho_lchan = NULL; > - ho->new_lchan->conn = NULL; > - handover_free(ho); > - > - lchan_release(new_lchan, 0, RSL_REL_LOCAL_END); > - > - I'm puzzled by this removal. No actions during ho_fail? Is this really intended, or just some rebase artifact? > return 0; > } > > diff --git a/openbsc/src/libmsc/gsm_04_08.c b/openbsc/src/libmsc/gsm_04_08.c > index e5402d0a..84338d72 100644 > --- a/openbsc/src/libmsc/gsm_04_08.c > +++ b/openbsc/src/libmsc/gsm_04_08.c > @@ -147,6 +147,15 @@ static int gsm48_conn_sendmsg(struct msgb *msg, struct gsm_subscriber_connection > sign_link->trx->bts->nr, > sign_link->trx->nr, msg->lchan->ts->nr, > gh->proto_discr, gh->msg_type); > + > + if (conn->in_handover) { > + msgb_enqueue(&conn->ho_queue, msg); > + DEBUGP(DCC, "(bts %d trx %d ts %d) Suspend message sending to MS, " > + "active HO procedure.\n", > + sign_link->trx->bts->nr, > + sign_link->trx->nr, msg->lchan->ts->nr); > + return 0; > + } (here DTAP handled in libmsc ends up in the ho_queue that otherwise seems to live in libbsc ... as I said above this queue will probably move to libmsc altogether to become part of osmo-msc master.) > } > > return gsm0808_submit_dtap(conn, msg, 0, 0); > @@ -1749,11 +1758,8 @@ static int switch_for_handover(struct gsm_lchan *old_lchan, > struct rtp_socket *old_rs, *new_rs, *other_rs; > > /* Ask the new socket to send to the already known port. */ > - if (new_lchan->conn->mncc_rtp_bridge) { > - LOGP(DHO, LOGL_DEBUG, "Forwarding RTP\n"); > - rsl_ipacc_mdcx(new_lchan, > - old_lchan->abis_ip.connect_ip, > - old_lchan->abis_ip.connect_port, 0); > + if (new_lchan->ts->trx->bts->network->mncc_state) { > + /* Audio path should be switched after receiving ho detect message.*/ > return 0; > } I notice that in the current head, the entire switch_for_handover() has been dropped; it was doing libbsc lchan stuff from within libmsc. Hence we must have added similar logic in osmo-bsc.git and completely dropped this. I think the commit re-implementing handover in osmo-bsc is http://git.osmocom.org/osmo-bsc/commit/?id=39c609b7c924524172ad311bdf89f92b… It appears that lchan->abis_ip.connect_ip and connect_port aren't used at all in osmo-bsc master, but are still present in the struct. I'll ask others about that. In any case, the code base has changed substantially, and this patch hunk no longer applies at all. Am I interpreting this hunk correctly: it moves the ipacc_mdcx to tell the new lchan about its RTP peer to a later stage? In current osmo-bsc master, it seems that this ipacc_mdcx happens as soon as the ipacc_crcx is complete, seen in osmo-bsc/src/osmo-bsc/osmo_bsc_audio.c in handle_abisip_signal(), always using the IP:port the MSC sent us. > > @@ -1821,8 +1827,10 @@ static int handle_abisip_signal(unsigned int subsys, unsigned int signal, > if (subsys != SS_ABISIP) > return 0; > > + net = lchan->ts->trx->bts->network; > + > /* RTP bridge handling */ > - if (lchan->conn && lchan->conn->mncc_rtp_bridge) > + if (lchan->conn && net->mncc_state) > return tch_rtp_signal(lchan, signal); What are the semantics here? It seems odd to move from a check of a conn-specific state (conn->mncc_rtp_bridge) to a check of a global value (net->mncc_state). In any case, this is MNCC related and should not impact Intra-BSC handover, right? > > /* in case we use direct BTS-to-BTS RTP */ > @@ -1851,7 +1859,6 @@ static int handle_abisip_signal(unsigned int subsys, unsigned int signal, > > /* check if any transactions on this lchan still have > * a tch_recv_mncc request pending */ > - net = lchan->ts->trx->bts->network; > llist_for_each_entry(trans, &net->trans_list, entry) { > if (trans->conn && trans->conn->lchan == lchan && trans->tch_recv) { > DEBUGP(DCC, "pending tch_recv_mncc request\n"); > @@ -2017,6 +2024,13 @@ static int tch_recv_mncc(struct gsm_network *net, uint32_t callref, int enable) > switch (bts->type) { > case GSM_BTS_TYPE_NANOBTS: > case GSM_BTS_TYPE_OSMO_SYSMO: > if (ipacc_rtp_direct) { > LOGP(DCC, LOGL_ERROR, "Error: RTP proxy is disabled\n"); > return -EINVAL; > } > + /* RTP bridge handling */ > + if (lchan->conn && net->mncc_state) { > + return 0; > + } If we have a conn and using external MNCC, don't continue at all? I'm not following, would be nice if the comment explained why we need to drop out here. (added some more code context manually) > /* In case, we don't have a RTP socket to the BTS yet, the BTS > * will not be connected to our RTP proxy and the socket will > * not be assigned to the application interface. This method > * will be called again, once the audio socket is created and > * connected. */ > if (!lchan->abis_ip.rtp_socket) { > DEBUGP(DCC, "queue tch_recv_mncc request (%d)\n", enable); > return 0; > } > if (enable) { > /* connect the TCH's to our RTP proxy */ > rc = rsl_ipacc_mdcx_to_rtpsock(lchan); > if (rc < 0) > return rc; > /* assign socket to application interface */ > rtp_socket_upstream(lchan->abis_ip.rtp_socket, > net, callref); > } else > rtp_socket_upstream(lchan->abis_ip.rtp_socket, > net, 0); > break; > > @@ -3325,6 +3339,41 @@ static void mncc_recv_rtp_err(struct gsm_network *net, uint32_t callref, int cmd > return mncc_recv_rtp(net, callref, cmd, 0, 0, 0, 0); > } > > +static void mncc_recv_rtp_modify(struct gsm_lchan *lchan, uint32_t callref) This is to tell the call router that the payload type has changed, right? I've asked in the redmine about whether/how we'd convey an RTP payload change to the MNCC in case of an Intra-BSC handover... https://osmocom.org/issues/1606#note-45 > +{ > + int msg_type; > + struct gsm_network *net = lchan->ts->trx->bts->network; > + > + LOGP(DMNCC, LOGL_NOTICE, "%s sending pending RTP modify ind.\n", > + gsm_lchan_name(lchan)); > + > + switch (lchan->abis_ip.rtp_payload) { > + case RTP_PT_GSM_FULL: > + msg_type = GSM_TCHF_FRAME; > + break; > + case RTP_PT_GSM_EFR: > + msg_type = GSM_TCHF_FRAME_EFR; > + break; > + case RTP_PT_GSM_HALF: > + msg_type = GSM_TCHH_FRAME; > + break; > + case RTP_PT_AMR: > + msg_type = GSM_TCH_FRAME_AMR; > + break; > + default: > + LOGP(DMNCC, LOGL_ERROR, "%s unknown payload type %d\n", > + gsm_lchan_name(lchan), lchan->abis_ip.rtp_payload); > + msg_type = 0; > + break; > + } > + > + mncc_recv_rtp(net, callref, MNCC_RTP_MODIFY, > + lchan->abis_ip.bound_ip, > + lchan->abis_ip.bound_port, > + lchan->abis_ip.rtp_payload, > + msg_type); > +} > + > static int tch_rtp_create(struct gsm_network *net, uint32_t callref) > { > struct gsm_bts *bts; > @@ -3374,6 +3423,9 @@ static int tch_rtp_create(struct gsm_network *net, uint32_t callref) > LOGP(DMNCC, LOGL_DEBUG, "RTP create: codec=%s, chan_type=%s\n", > get_value_string(gsm48_chan_mode_names, m), > get_value_string(gsm_chan_t_names, lchan->type)); > + if (trans->conn->in_handover) { > + return 0; > + } Am I reading right: if we're doing handover, the MSC shouldn't sent another BSSAP Assignment to the BSC; instead, the BSC level figures out another lchan and done ... ? > return gsm0808_assign_req(trans->conn, m, > lchan->type != GSM_LCHAN_TCH_H); > } > @@ -3420,23 +3472,21 @@ static int tch_rtp_connect(struct gsm_network *net, void *arg) > * same package! > */ > trans->conn->mncc_rtp_connect_pending = 1; > + if (trans->conn->in_handover) { > + lchan->abis_ip.connect_port = rtp->port; > + lchan->abis_ip.connect_ip = rtp->ip; > + return 0; > + } > return rsl_ipacc_mdcx(lchan, rtp->ip, rtp->port, 0); We're not telling the BTS about the call router's IP:port anymore? Please explain... > } > > static int tch_rtp_signal(struct gsm_lchan *lchan, int signal) > { > struct gsm_network *net; > - struct gsm_trans *tmp, *trans = NULL; > + struct gsm_trans *trans; > > net = lchan->ts->trx->bts->network; > - llist_for_each_entry(tmp, &net->trans_list, entry) { > - if (!tmp->conn) > - continue; > - if (tmp->conn->lchan != lchan && tmp->conn->ho_lchan != lchan) > - continue; > - trans = tmp; > - break; > - } > + trans = trans_find_by_lchan(lchan); > > if (!trans) { > LOGP(DMNCC, LOGL_ERROR, "%s IPA abis signal but no transaction.\n", > @@ -3459,7 +3509,7 @@ static int tch_rtp_signal(struct gsm_lchan *lchan, int signal) > maybe_switch_for_handover(lchan); > break; > case S_ABISIP_MDCX_ACK: > - if (lchan->conn->mncc_rtp_connect_pending) { > + if (lchan->conn->mncc_rtp_connect_pending && !lchan->conn->in_handover) { if we're in handover, we don't need to tell MNCC that RTP got connected, because that already happened when the call got established initially? So mncc_rtp_connect_pending has a second meaning during handover? > lchan->conn->mncc_rtp_connect_pending = 0; > LOGP(DMNCC, LOGL_NOTICE, "%s sending pending RTP connect ind.\n", > gsm_lchan_name(lchan)); > mncc_recv_rtp_sock(net, trans, MNCC_RTP_CONNECT); > } > break; > @@ -3471,6 +3521,134 @@ static int tch_rtp_signal(struct gsm_lchan *lchan, int signal) > return 0; > } > > +static void ho_queue_clean(struct gsm_subscriber_connection *conn) > +{ > + struct msgb *msg; > + while (!llist_empty(&conn->ho_queue)) { > + msg = msgb_dequeue(&conn->ho_queue); > + msgb_free(msg); > + } > +} > + > +static void ho_resumption(struct gsm_lchan *lchan, struct gsm_trans *trans) > +{ > + struct msgb *msg; > + enum gsm48_chan_mode m; > + > + while (!llist_empty(&lchan->conn->ho_queue)) { > + msg = msgb_dequeue(&lchan->conn->ho_queue); > + gsm48_conn_sendmsg(msg, lchan->conn, trans); > + } > + > + if (trans->conn->mncc_rtp_create_pending && > + lchan->tch_mode == GSM48_CMODE_SIGN) { > + m = mncc_codec_for_mode(lchan->type); > + gsm0808_assign_req(lchan->conn, m, lchan->type != GSM_LCHAN_TCH_H); Wait, now we *do* send a BSSAP Assignment after all? (excuse if I'm being noob, I'm still finding my way through handover in general) shouldn't we rather dequeue the cached DTAP after this instead of before? > + } > + > + if (trans->conn->mncc_rtp_connect_pending) { > + rsl_ipacc_mdcx(lchan, lchan->abis_ip.connect_ip, lchan->abis_ip.connect_port, 0); > + } > +} > + > +static int ho_complete(struct gsm_lchan *new_lchan) > +{ > + struct gsm_trans *trans; > + > + new_lchan->conn->in_handover = 0; > + trans = trans_find_by_lchan(new_lchan); > + if (!trans) { > + LOGP(DHO, LOGL_ERROR, "%s HO detected, but no transaction for new_lchan.\n", > + gsm_lchan_name(new_lchan)); > + ho_queue_clean(new_lchan->conn); > + return 0; > + } > + > + ho_resumption(new_lchan, trans); > + return 0; > +} > + > +static int ho_fail(struct gsm_lchan *old_lchan) > +{ > + struct gsm_trans *trans; > + > + old_lchan->conn->in_handover = 0; > + trans = trans_find_by_lchan(old_lchan); > + if (trans) > + ho_resumption(old_lchan, trans); > + else { > + LOGP(DHO, LOGL_ERROR, "%s HO fail, but no transaction for old_lchan.\n", > + gsm_lchan_name(old_lchan)); > + ho_queue_clean(old_lchan->conn); > + } > + > + gsm0808_ho_clear(old_lchan->conn); > + return 0; > +} > + > +static int ho_detect(struct gsm_lchan *new_lchan) > +{ > + struct gsm_trans *trans; > + struct gsm_lchan *old_lchan; > + > + trans = trans_find_by_lchan(new_lchan); > + > + if (!trans) { > + LOGP(DHO, LOGL_ERROR, "%s HO detected, but no transaction for new_lchan" > + " with enabled tch_recv.\n", > + gsm_lchan_name(new_lchan)); > + return 0; > + } > + > + if (!new_lchan->conn->mncc_rtp_bridge) { > + LOGP(DHO, LOGL_ERROR, "%s HO detected, but connection not in mncc_rtp_bridge mode.\n", > + gsm_lchan_name(new_lchan)); > + return 0; > + } > + > + old_lchan = bsc_handover_pending(new_lchan); > + if (!old_lchan) { > + LOGP(DHO, LOGL_ERROR, "%s HO detected, but no old_lchan for handover.\n", > + gsm_lchan_name(new_lchan)); > + return 0; > + } > + > + LOGP(DHO, LOGL_DEBUG, "HO detected, forwarding RTP\n"); > + rsl_ipacc_mdcx(new_lchan, > + old_lchan->abis_ip.connect_ip, > + old_lchan->abis_ip.connect_port, 0); > + > + mncc_recv_rtp_modify(new_lchan, trans->callref); > + > + return 0; > +} > + > +/* some other part of the code sends us a signal */ > +static int handle_lchan_signal(unsigned int subsys, unsigned int signal, > + void *handler_data, void *signal_data) > +{ > + struct lchan_signal_data *lchan_data; > + struct gsm_lchan *lchan; > + > + lchan_data = signal_data; > + switch (subsys) { > + case SS_LCHAN: > + lchan = lchan_data->lchan; > + if (!lchan->conn) > + return 0; > + switch (signal) { > + case S_LCHAN_HANDOVER_DETECT: > + return ho_detect(lchan); > + case S_LCHAN_HANDOVER_COMPL: > + return ho_complete(lchan); > + case S_LCHAN_HANDOVER_FAIL: > + return ho_fail(lchan); > + } > + break; > + } > + > + return 0; > +} > > static struct downstate { > uint32_t states; > @@ -3853,6 +4031,11 @@ static int gsm0408_rcv_cc(struct gsm_subscriber_connection *conn, struct msgb *m > gsm48_cc_msg_name(msg_type), trans?(trans->cc.state):0, > gsm48_cc_state_name(trans?(trans->cc.state):0)); > > + if (conn->in_handover) { > + DEBUGP(DCC, "Message unhandled, handover procedure.\n"); > + return 0; > + } > + If in handover, drop all CC on the floor? How about a call release, i.e. I hang up while I'm coincidentally being handovered? > /* Create transaction */ > if (!trans) { > DEBUGP(DCC, "Unknown transaction ID %x, " > > > Thanks again! ~N

6 years, 11 months

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

OpenBSC February 2018