On 07/04/2010 02:25 PM, Harald Welte wrote:
So I think there are actually multiple bugs.
1) the channel should not be released at that time
Yeah, the MSC code should look at the request type of the CM Service
Request and create a transaction (e.g. for SMS, CC) and start a timeout
to terminate the transaction when nothing has happened.
2) we have some kind of a race condition at channel
release, where incoming
messages should either be discarded _or_ should still be processed with
all the data structures intact.
Well, it is a bug on a higher level. The MSC code decides to release the
lchan because there is no transaction and operation left to execute, it
calls the gsm0808_clear method which will free the
subscriber_connection_data and will call lchan_release on all open lchan's.
Now if more data is coming, the bsc_api code sees there is no connection
inside the lchan and will create one and call the complete layer3
callback... and somehow the MSC code assumes that there is a subscriber
set inside the subscriber_connection_data, which is not the case.
Long story short, abis_rsl.c should probably not forward data when being
in state REL_REQUEST and we should create a transaction for CC/SMS/USSD.