29 Apr
2012
29 Apr
'12
9:18 a.m.
Harald Welte wrote:
The code path should be:
lapd_rx_u()
if (length == 0) send_dl_simple()
send_rslms_dlsap()
here we check for (!dp->oph.msg), but since there is a dummy msgb,
we probably run into the send_rslms_rll_l3() case instead of
send_rll_simple().
What do you think is the best way to resolve this?
hi harald,
i think we should remove the msgb at send_dl_simple(). i looked at the
code that handles received lapd messages:
at osmocombb (gsm48_rr.c) the layer 2 message is received at
gsm48_rcv_rll(). only DL_EST_REQ with SAPI 3 is handled here, but
without msgb, so i see no impact.
at e1_input.c the layer 2 message is received at e1inp_dlsap_up(). there
it is expected that only DL_DATA and DL_UNIT_DATA carries a msgb, so i
see no impact.
but i see a little problem: at e1inp_dlsap_up(): dp->oph.msg gets freed,
even if not set. even if msgb_free() does check for NULL pointers, we
should check there.
at least we should try openbsc and osmocombb/mobile and sysmo-bts to see
if there is any problem. i could check osmocombb and openbsc.
regards,
andreas