According to spec, the bitmasks for message types apply only for MM and CC messages. However, various code used the bitmask even though no MM or CC messages are involved:
bsc_msg_filter.c: bsc_msg_filter_initial(): use bitmasked msg_type_mm for MM messages, use unmasked msg_type for RR.
osmo_bsc_filter.c: bsc_find_msc() and bsc_scan_bts_msg(): use msg_type_mm for MM, unmasked for RR.
bsc_nat_rewrite.c: bsc_nat_rewrite_msg(): use msg_type_cc for CC, unmasked for SMS.
bsc_ussd.c: don't mask, no MM nor CC involved. --- openbsc/src/libfilter/bsc_msg_filter.c | 9 +++++---- openbsc/src/osmo-bsc/osmo_bsc_filter.c | 11 +++++++---- openbsc/src/osmo-bsc_nat/bsc_nat_rewrite.c | 7 ++++--- openbsc/src/osmo-bsc_nat/bsc_ussd.c | 2 +- 4 files changed, 17 insertions(+), 12 deletions(-)
diff --git a/openbsc/src/libfilter/bsc_msg_filter.c b/openbsc/src/libfilter/bsc_msg_filter.c index 25674e1..581bba1 100644 --- a/openbsc/src/libfilter/bsc_msg_filter.c +++ b/openbsc/src/libfilter/bsc_msg_filter.c @@ -332,7 +332,7 @@ int bsc_msg_filter_initial(struct gsm48_hdr *hdr48, size_t hdr48_len, char **imsi, struct bsc_filter_reject_cause *cause) { int ret = 0; - uint8_t msg_type, proto; + uint8_t msg_type, msg_type_mm, proto;
*con_type = FLT_CON_TYPE_NONE; cause->cm_reject_cause = GSM48_REJECT_PLMN_NOT_ALLOWED; @@ -340,14 +340,15 @@ int bsc_msg_filter_initial(struct gsm48_hdr *hdr48, size_t hdr48_len, *imsi = NULL;
proto = hdr48->proto_discr & GSM48_PDISC_MASK; - msg_type = hdr48->msg_type & GSM48_MT_MM_MSG_TYPE_MASK; + msg_type = hdr48->msg_type; + msg_type_mm = msg_type & GSM48_MT_MM_MSG_TYPE_MASK; if (proto == GSM48_PDISC_MM && - msg_type == GSM48_MT_MM_LOC_UPD_REQUEST) { + msg_type_mm == GSM48_MT_MM_LOC_UPD_REQUEST) { *con_type = FLT_CON_TYPE_LU; ret = _cr_check_loc_upd(req->ctx, &hdr48->data[0], hdr48_len - sizeof(*hdr48), imsi); } else if (proto == GSM48_PDISC_MM && - msg_type == GSM48_MT_MM_CM_SERV_REQ) { + msg_type_mm == GSM48_MT_MM_CM_SERV_REQ) { *con_type = FLT_CON_TYPE_CM_SERV_REQ; ret = _cr_check_cm_serv_req(req->ctx, &hdr48->data[0], hdr48_len - sizeof(*hdr48), diff --git a/openbsc/src/osmo-bsc/osmo_bsc_filter.c b/openbsc/src/osmo-bsc/osmo_bsc_filter.c index e1e948b..017db57 100644 --- a/openbsc/src/osmo-bsc/osmo_bsc_filter.c +++ b/openbsc/src/osmo-bsc/osmo_bsc_filter.c @@ -128,6 +128,7 @@ struct osmo_msc_data *bsc_find_msc(struct gsm_subscriber_connection *conn, struct gsm48_hdr *gh; int8_t pdisc; uint8_t mtype; + uint8_t mtype_mm; struct osmo_bsc_data *bsc; struct osmo_msc_data *msc, *pag_msc; struct gsm_subscriber *subscr; @@ -142,7 +143,8 @@ struct osmo_msc_data *bsc_find_msc(struct gsm_subscriber_connection *conn,
gh = msgb_l3(msg); pdisc = gh->proto_discr & GSM48_PDISC_MASK; - mtype = gh->msg_type & GSM48_MT_MM_MSG_TYPE_MASK; + mtype = gh->msg_type; + mtype_mm = mtype & GSM48_MT_MM_MSG_TYPE_MASK;
/* * We are asked to select a MSC here but they are not equal. We @@ -152,7 +154,7 @@ struct osmo_msc_data *bsc_find_msc(struct gsm_subscriber_connection *conn, */ if (pdisc == GSM48_PDISC_RR && mtype == GSM48_MT_RR_PAG_RESP) goto paging; - else if (pdisc == GSM48_PDISC_MM && mtype == GSM48_MT_MM_CM_SERV_REQ) { + else if (pdisc == GSM48_PDISC_MM && mtype_mm == GSM48_MT_MM_CM_SERV_REQ) { is_emerg = is_cm_service_for_emerg(msg); goto round_robin; } else @@ -213,10 +215,11 @@ int bsc_scan_bts_msg(struct gsm_subscriber_connection *conn, struct msgb *msg) { struct gsm48_hdr *gh = msgb_l3(msg); uint8_t pdisc = gh->proto_discr & 0x0f; - uint8_t mtype = gh->msg_type & GSM48_MT_MM_MSG_TYPE_MASK; + uint8_t mtype = gh->msg_type; + uint8_t mtype_mm = mtype & GSM48_MT_MM_MSG_TYPE_MASK;
if (pdisc == GSM48_PDISC_MM) { - if (mtype == GSM48_MT_MM_LOC_UPD_REQUEST) + if (mtype_mm == GSM48_MT_MM_LOC_UPD_REQUEST) handle_lu_request(conn, msg); } else if (pdisc == GSM48_PDISC_RR) { if (mtype == GSM48_MT_RR_PAG_RESP) diff --git a/openbsc/src/osmo-bsc_nat/bsc_nat_rewrite.c b/openbsc/src/osmo-bsc_nat/bsc_nat_rewrite.c index ce7dfb8..97d5e3d 100644 --- a/openbsc/src/osmo-bsc_nat/bsc_nat_rewrite.c +++ b/openbsc/src/osmo-bsc_nat/bsc_nat_rewrite.c @@ -576,7 +576,7 @@ struct msgb *bsc_nat_rewrite_msg(struct bsc_nat *nat, struct msgb *msg, struct b { struct gsm48_hdr *hdr48; uint32_t len; - uint8_t msg_type, proto; + uint8_t msg_type, msg_type_cc, proto; struct msgb *new_msg = NULL, *sccp; uint8_t link_id;
@@ -595,9 +595,10 @@ struct msgb *bsc_nat_rewrite_msg(struct bsc_nat *nat, struct msgb *msg, struct b
link_id = msg->l3h[1]; proto = hdr48->proto_discr & GSM48_PDISC_MASK; - msg_type = hdr48->msg_type & GSM48_MT_CC_MSG_TYPE_MASK; + msg_type = hdr48->msg_type; + msg_type_cc = msg_type & GSM48_MT_CC_MSG_TYPE_MASK;
- if (proto == GSM48_PDISC_CC && msg_type == GSM48_MT_CC_SETUP) + if (proto == GSM48_PDISC_CC && msg_type_cc == GSM48_MT_CC_SETUP) new_msg = rewrite_setup(nat, msg, parsed, imsi, hdr48, len); else if (proto == GSM48_PDISC_SMS && msg_type == GSM411_MT_CP_DATA) new_msg = rewrite_sms(nat, msg, parsed, imsi, hdr48, len); diff --git a/openbsc/src/osmo-bsc_nat/bsc_ussd.c b/openbsc/src/osmo-bsc_nat/bsc_ussd.c index 8954ac1..96d4a84 100644 --- a/openbsc/src/osmo-bsc_nat/bsc_ussd.c +++ b/openbsc/src/osmo-bsc_nat/bsc_ussd.c @@ -408,7 +408,7 @@ int bsc_ussd_check(struct nat_sccp_connection *con, struct bsc_nat_parsed *parse return 0;
proto = hdr48->proto_discr & GSM48_PDISC_MASK; - msg_type = hdr48->msg_type & GSM48_MT_CC_MSG_TYPE_MASK; + msg_type = hdr48->msg_type; ti = (hdr48->proto_discr & 0x70) >> 4; if (proto != GSM48_PDISC_NC_SS) return 0;