Harald Welte wrote:
The code path should be:
lapd_rx_u() if (length == 0) send_dl_simple() send_rslms_dlsap() here we check for (!dp->oph.msg), but since there is a dummy msgb, we probably run into the send_rslms_rll_l3() case instead of send_rll_simple().
What do you think is the best way to resolve this?
hi harald,
i think we should remove the msgb at send_dl_simple(). i looked at the code that handles received lapd messages:
at osmocombb (gsm48_rr.c) the layer 2 message is received at gsm48_rcv_rll(). only DL_EST_REQ with SAPI 3 is handled here, but without msgb, so i see no impact.
at e1_input.c the layer 2 message is received at e1inp_dlsap_up(). there it is expected that only DL_DATA and DL_UNIT_DATA carries a msgb, so i see no impact.
but i see a little problem: at e1inp_dlsap_up(): dp->oph.msg gets freed, even if not set. even if msgb_free() does check for NULL pointers, we should check there.
at least we should try openbsc and osmocombb/mobile and sysmo-bts to see if there is any problem. i could check osmocombb and openbsc.
regards,
andreas