On 07/04/2010 02:25 PM, Harald Welte wrote:
So I think there are actually multiple bugs.
- the channel should not be released at that time
Yeah, the MSC code should look at the request type of the CM Service Request and create a transaction (e.g. for SMS, CC) and start a timeout to terminate the transaction when nothing has happened.
- we have some kind of a race condition at channel release, where incoming messages should either be discarded _or_ should still be processed with all the data structures intact.
Well, it is a bug on a higher level. The MSC code decides to release the lchan because there is no transaction and operation left to execute, it calls the gsm0808_clear method which will free the subscriber_connection_data and will call lchan_release on all open lchan's.
Now if more data is coming, the bsc_api code sees there is no connection inside the lchan and will create one and call the complete layer3 callback... and somehow the MSC code assumes that there is a subscriber set inside the subscriber_connection_data, which is not the case.
Long story short, abis_rsl.c should probably not forward data when being in state REL_REQUEST and we should create a transaction for CC/SMS/USSD.