OpenBSC

openbsc@lists.osmocom.org

2 participants
4155 discussions

Re: Segmentation fault while sending sms via bsc_hack_VTY

by Richard Zahoransky

> Date: Mon, 28 Jun 2010 09:15:11 +0800 > From: Holger Hans Peter Freyther <holger(a)freyther.de> > To: openbsc(a)lists.gnumonks.org > Re: Segmentation fault while sending sms via bsc_hack_VTY > Could you try two things? One is to build with OpenBSC with -O0 (either > by passing CFLAGS on configure or changing the Makefile) and then run > OpenBSC with valgrind and report the line number. > On second look, this seems to be a week or two old OpenBSC? is that > true? Would it be a lot of work to test the latest version of OpenBSC? the new version does not seem to build correct. Make prints out: sgsn_libgtp.c: In function ‘sgsn_create_pdp_ctx’: sgsn_libgtp.c:117: error: ‘struct pdp_t’ has no member named ‘priv’ sgsn_libgtp.c: In function ‘cb_data_ind’: sgsn_libgtp.c:373: error: ‘struct pdp_t’ has no member named ‘priv’ sgsn_libgtp.c:396: warning: assignment makes pointer from integer without a cast maybe this could be because I have installed openggsn? anyway, when using make -k (and ./coonfigure CFLAGS="-O0"), bsc_hack builds and starts. Still it "crashes" when I try to send SMS from the bsc_hack_vty. There is no segmantation fault, but this: <0008> paging.c:130 No slots available on bts nr 1 <0008> paging.c:130 No slots available on bts nr 0 and <0004> abis_rsl.c:831 (bts=1,trx=0,ts=0,ss=0) CHANNEL ACTIVATE NACKCAUSE=0x6f(Protocol error, unspecified) <0011> handover_logic.c:197 unable to find HO record it repeats (endlessly?) Valgrind reports: ==26461== Invalid read of size 4 ==26461== at 0x806DA60: subscr_paging_cb (linuxlist.h:163) ==26461== by 0x806EE46: paging_T3113_expired (paging.c:209) ==26461== by 0x403D3EF: bsc_update_timers (timer.c:160) ==26461== by 0x403D8F6: bsc_select_main (select.c:94) ==26461== by 0x804BC75: main (bsc_hack.c:271) ==26461== Address 0x4731120 is 432 bytes inside a block of size 440 free'd ==26461== at 0x4024B3A: free (vg_replace_malloc.c:366) ==26461== by 0x40471AF: talloc_free (talloc.c:610) ==26461== by 0x806DD34: subscr_put (gsm_subscriber_base.c:133) ==26461== by 0x806E9F5: paging_remove_request (paging.c:77) ==26461== by 0x806EE02: paging_T3113_expired (paging.c:204) ==26461== by 0x403D3EF: bsc_update_timers (timer.c:160) ==26461== by 0x403D8F6: bsc_select_main (select.c:94) ==26461== by 0x804BC75: main (bsc_hack.c:271) ==26461== and ==26524== Syscall param ioctl(TCSET{S,SW,SF}) points to uninitialised byte(s) ==26524== at 0x4431A5F: tcsetattr (tcsetattr.c:88) ==26524== by 0x4069865: vty_create (vty.c:1399) ==26524== by 0x406A289: telnet_new_connection (telnet_interface.c:167) ==26524== by 0x403D924: bsc_select_main (select.c:119) ==26524== by 0x804BC75: main (bsc_hack.c:271) ==26524== Address 0xbefa82c8 is on thread 1's stack ==26524== ==26524== Use of uninitialised value of size 4 ==26524== at 0x43A9288: _itoa_word (_itoa.c:196) ==26524== by 0x43ACAE1: vfprintf (vfprintf.c:1613) ==26524== by 0x444DBF3: __vsnprintf_chk (vsnprintf_chk.c:65) ==26524== by 0x444DB13: __snprintf_chk (snprintf_chk.c:36) ==26524== by 0x40417E4: hexdump (stdio2.h:65) ==26524== by 0x8072538: ipaccess_fd_cb (ipaccess.c:566) ==26524== by 0x403D924: bsc_select_main (select.c:119) ==26524== by 0x804BC75: main (bsc_hack.c:271) ==26524== ==26524== Syscall param socketcall.send(msg) points to uninitialised byte(s) ==26524== at 0x443BE78: send (socket.S:100) ==26524== by 0x403D924: bsc_select_main (select.c:119) ==26524== by 0x804BC75: main (bsc_hack.c:271) ==26524== Address 0x4736d9d is 261 bytes inside a block of size 1,140 alloc'd ==26524== at 0x4024F20: malloc (vg_replace_malloc.c:236) ==26524== by 0x4045291: _talloc_zero (talloc.c:355) ==26524== by 0x403DD66: msgb_alloc (msgb.c:37) ==26524== by 0x8061FF9: rsl_msgb_alloc (msgb.h:159) ==26524== by 0x806436E: rsl_chan_activate_lchan (abis_rsl.c:443) ==26524== by 0x80653D0: abis_rsl_rcvmsg (abis_rsl.c:1228) ==26524== by 0x80725F9: ipaccess_fd_cb (ipaccess.c:489) ==26524== by 0x403D924: bsc_select_main (select.c:119) ==26524== by 0x804BC75: main (bsc_hack.c:271) ==26524== Best Regards, Richard

15 years

SS7 protocols support in openbsc project

by mosbah abdelkader

Hello, Is there a support of SS7 protocol stack over MTP (TDM) or SCTP (SIGTRAN) in the openbsc project. Thank you.

15 years

Working GSM1800 config for latest OpenBSC

by Stephen Mortimer

I have a ip.access nanoBTS (version 165AU9012)v(37) and have been using it with a very early version of OpenBSC (OpenBSC 0.01) and am now trying to upgrade to the latest version downloaded from GIT (OpenBSC version 0.9.0.565-993d). When I use the configuration that works on the old version, with this latest version, I get the following error: user@ubuntu:~/openbsc/src$ ./bsc_hack <0005> bsc_init.c:1024 WARNING: You are running an 'accept-all' network on a BTS that is not barred. This configuration is likely to interfere with production GSM networks and should only be used in a RF shielded environment such as a faraday cage! <0005> bsc_init.c:1024 WARNING: You are running an 'accept-all' network on a BTS that is not barred. This configuration is likely to interfere with production GSM networks and should only be used in a RF shielded environment such as a faraday cage! DB: Database initialized. DB: Database prepared. <000d> input/ipaccess.c:632 accept()ed new OML link from 192.168.2.3 <000d> input/ipaccess.c:477 no matching signalling link for hh->proto=0xff <000d> input/ipaccess.c:477 no matching signalling link for hh->proto=0xff <000d> input/ipaccess.c:477 no matching signalling link for hh->proto=0xff Can anyone explain why I get this error and maybe send me a config that would work?

15 years

ipaccess-config now able to set static IP address / mask / gateway

by Harald Welte

Hi! I've committed some changes to enable ipaccess-config to set static IP address, netmask and gateway. A full command looks like this: ./ipaccess/ipaccess-config -U dhcp-enabled -S static-ip -S static-gw -i 192.168.100.222/255.255.255.0 -g 192.168.100.1 -r 192.168.100.120 This will * unset DHCP client functionality * set static IP address nvram flag * set static gateway nvram flag * set the BTS IP to 192.168.100.222 netmask 255.255.255.0 * set the default gateway to 192.168.100.1 * restart the BTS Regards, Harald -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

15 years

Arfcn calculation tool

by dexter

Hi Folks. I always found it annoying to calculate the correspondending frequency of an arfcn by hand or with the webbased arfcn calculator. So i wrote a little program to do the work for me: http://www.root.runningserver.com/web/runningserver/software/arfcncalc.tar Maybe the one or other here on the list will find it useful. regards. Philipp

15 years

BSC API updates

by Holger Freyther

Hi all, I just pushed zecke/remove-use-count with two commits to almost complete the split. This code allocates the "struct gsm_subscriber_connection" dynamically and the follow on commit is removing the use_count and releases a channel as soon as it is unused (no operation/transaction is left on it). I would like to land this code now and continue with: -) Land some channel release changes from the On-Waves branch -) Update the channel release documentation... -) Start recreating the osmo-bsc... -) Implement the assignment command and use it from gsm_04_08.c and suddenly we can easily switch from very early to early assignment...

15 years

Segmentation fault while sending sms via bsc_hack_VTY

by Richard M. Zahoransky

Hello, We have a working OpenBSC-LCR-Asterisk setup by now. Sending SMS from one cell phone to another works perfectly after typing "sms send pending" in the vty-console. Is it always needed to trigger the sms-sending manually or is there a fixed intervall in which sms will be transfered? Still a problem exists. If we try to send a sms directly from the bsc_hack_vty with "subscriber extension xxx sms send "TEXT"", the bsc_hack crashes: <0008> paging.c:225 Start paging of subscriber 36 on bts 0. <0008> paging.c:225 Start paging of subscriber 36 on bts 1. <0008> paging.c:87 Going to send paging commands: imsi: '262012840035907' tmsi: '0x79d38c8e' <0008> paging.c:87 Going to send paging commands: imsi: '262012840035907' tmsi: '0x79d38c8e' <0008> paging.c:87 Going to send paging commands: imsi: '262012840035907' tmsi: '0x79d38c8e' <0008> paging.c:87 Going to send paging commands: imsi: '262012840035907' tmsi: '0x79d38c8e' <0004> abis_rsl.c:1165 (bts=0,trx=0,ts=0,ss=0) Activating ARFCN(871) SS(0) lctype SDCCH r=LOCATION_UPDATE ra=0x15 <0004> abis_rsl.c:969 (bts=0,trx=0,ts=0,ss=0) CHANNEL ACTIVATE ACK <0009> abis_rsl.c:831 MEASUREMENT RESULT NR=0 RXL-FULL-ul=-108dBm RXL-SUB-ul=-108dBm RXQ-FULL-ul=6 RXQ-SUB-ul=6 BS_POWER=0 NOT VALID NUM_NEIGH=0 <0005> abis_nm.c:519 OC=BASEBAND TRANSCEIVER(04) INST=(00,00,ff) Failure Event Report Type=processing failure Severity=warning level failure <0000> abis_rsl.c:1276 (bts=0,trx=0,ts=0,ss=0) SAPI=0 ESTABLISH INDICATION <0003> gsm_04_08.c:799 PAGING RESPONSE: mi_type=0x04 MI(2043907214) <0003> gsm_04_08.c:817 <- Channel was requested by 262012840035907 <0008> paging.c:289 Stop paging on bts 0, calling cbfn. <0007> gsm_04_11.c:1151 paging_cb_send_sms(hooknum=1, event=0, msg=(nil),lchan=0x85365d8, sms=0x859cd58) <0008> paging.c:293 Stop paging on bts 1 silently. <0009> abis_rsl.c:831 MEASUREMENT RESULT NR=1 RXL-FULL-ul=-47dBm RXL-SUB-ul=-47dBm RXQ-FULL-ul=6 RXQ-SUB-ul=6 BS_POWER=0 L1_MS_PWR= 2dBm L1_FPC=0 L1_TA=0 NOT VALID NUM_NEIGH=0 <0000> abis_rsl.c:1276 (bts=0,trx=0,ts=0,ss=0) SAPI=0 DATA INDICATION <0003> gsm_04_08.c:835 CLASSMARK CHANGE CM2(len=3) CM3(len=2) <0009> abis_rsl.c:831 MEASUREMENT RESULT NR=2 RXL-FULL-ul=-47dBm RXL-SUB-ul=-47dBm RXQ-FULL-ul=0 RXQ-SUB-ul=0 BS_POWER=0 L1_MS_PWR= 2dBm L1_FPC=0 L1_TA=0 RXL-FULL-dl=-47dBm RXL-SUB-dl=-47dBm RXQ-FULL-dl=7 RXQ-SUB-dl=3 NUM_NEIGH=1 <0009> abis_rsl.c:863 IDX=0 ARFCN=877 BSIC=63 => -56 dBm <0000> abis_rsl.c:1276 (bts=0,trx=0,ts=0,ss=0) SAPI=3 ESTABLISH CONFIRM <0007> gsm_04_11.c:1125 rll_ind_cb(lchan=0x85365d8, link_id=3, sms=0x859cd58, type=0 <0007> gsm_04_11.c:1057 send_sms_lchan() <0001> transaction.c:69 subscr=0x859cb98, subscr->net=0x8533960 Program received signal SIGSEGV, Segmentation fault. 0x003a4785 in ?? () from /lib/tls/i686/cmov/libc.so.6 gdb bt prints out: Program received signal SIGSEGV, Segmentation fault. 0x003a4785 in ?? () from /lib/tls/i686/cmov/libc.so.6 (gdb) bt #0 0x003a4785 in ?? () from /lib/tls/i686/cmov/libc.so.6 #1 0x001729e9 in gsm48_encode_bcd_number (bcd_lv=0xbffff130 "", max_len=12 '\f', h_len=1, input=0xa6 <Address 0xa6 out of bounds>) at gsm48_ie.c:83 #2 0x080d137d in gsm340_gen_oa (conn=0x8536990, sms=0x8592f90) at gsm_04_11.c:423 #3 gsm340_gen_tpdu (conn=0x8536990, sms=0x8592f90) at gsm_04_11.c:461 #4 gsm411_send_sms_lchan (conn=0x8536990, sms=0x8592f90) at gsm_04_11.c:1096 #5 0x080bfe2f in complete_rllr (rllr=0x8592f18, type=BSC_RLLR_IND_EST_CONF) at bsc_rll.c:59 #6 0x080b7238 in abis_rsl_rx_rll (msg=0x8591db8) at abis_rsl.c:1303 #7 abis_rsl_rcvmsg (msg=0x8591db8) at abis_rsl.c:1728 #8 0x080c3c8a in handle_ts1_read (bfd=0x858550c, what=<value optimized out>) at input/ipaccess.c:489 #9 ipaccess_fd_cb (bfd=0x858550c, what=<value optimized out>) at input/ipaccess.c:597 #10 0x0016f925 in bsc_select_main (polling=1) at select.c:119 #11 0x08050289 in handle_gsm_bs () at gsm_bs.cpp:864 #12 0x08084343 in main (argc=2, argv=0xbffff884) at main.c:472 Maybe someone expirienced the same problems or can provide some help? Best Regards and Thank you, Richard Zahoransky

15 years

GSM video lectures (en)

by Benjamin Hagemann

Hello, I found some english lectures about communication by university Freiburg (germany) as video: http://itunes.uni-freiburg.de/uebersicht/podcast_content?id_content=48 e.g. Protocols and technologies of telephone networks ISDN network functions, introduction to GSM digital mobile Extension of GSM overview GSM data services UTMS as the world wide 3G mobile standard You can watch it online as flash or download a .mp4 file :) -- regards, Benny gpg 0xFC505AB0 jabber benny(a)benny.de sip benny(a)benny.de

15 years

Bug in "subscriber ... name", if name contains spaces

by Luca Bertoncello

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, List! I found a bug in OpenBSC. If I try to change the name of a subscriber using Telnet (command "subscriber ... name") I got an error, if the name contains spaces (for example: first and lastname). I found the problem and I wrote a patches. I send it as attachment. Greetings - -- _______________________________________________________________________ Luca Bertoncello Entwicklung Mail: bertoncello(a)netzing.de NETZING Solutions AG Tel.: 0351/41381 - 0 Kesselsdorfer Str. 216, 01169 Dresden Fax: 0351/41381 - 12 HRB 18926 / Ust.ID DE211326547 Mail: netzing.ag(a)netzing.de _______________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFMH1ulAXzltVKV/2wRAlV9AJ9NoQUnUs9HL0d/UnExoBzfjbgZzwCeMJPy NFRpXWHlpRKMTYftSrbqehI= =b5i3 -----END PGP SIGNATURE-----

15 years

Measuring signal

by Sylvain Munaut

Hi, > I'm reading the book "Die GSM-Dm-Kanäle im Dialog" by Joachim Göller, > and I learned, that a mobile phone sends, about every second, a > MEASUREMENT REPORT to the station, where it is logged. > In this report the mobile sends the signal power of the cell, where > it is logged, and of other neighborhood cells. > With these signals, I can measure the distance of the mobile from my > cell(s). > > But I don't understand how can I get this values using OpenBSC. It only does that when in an active dedicated channel (either a call or a sms or some other transaction). If you enable the debug for the DMEAS (either in the console or with the -d option), you should see those reports. Also, it sends reports only for neighbor cell of your network (as specified in the BCCH SI messages). Cheers, Sylvain

15 years

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

OpenBSC