Change in osmo-msc[master]: libmsc/gsm_04_11.c: fix SM-RP-MR assignment for MT SMS

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

Vadim Yanitskiy gerrit-no-reply at lists.osmocom.org
Fri Jan 18 09:09:04 UTC 2019 

Vadim Yanitskiy has uploaded this change for review. ( https://gerrit.osmocom.org/12628


Change subject: libmsc/gsm_04_11.c: fix SM-RP-MR assignment for MT SMS
......................................................................

libmsc/gsm_04_11.c: fix SM-RP-MR assignment for MT SMS

Initially, it was assumed that if there is no active RAN connection,
we can just start counting from 0x00, as there are no other SMS
related transactions, and transaction itself is allocated using
talloc_zero(). Until now it was looking good, but...

As soon as we establish RAN connection with subscriber, we already
have a transaction with SM-RP-MR 0x00, but conn->next_rp_ref also
remains 0x00 - it isn't being increased!

It means that we can face a SM-RP-MR conflict (or collision) if
another MT SMS would arrive to the MSC (from SMSC over GSUP)
when this transaction is still active, i.e. the first SMS is
still being sent, because conn->next_rp_ref++ would
return 0x00 again.

Let's clarify SM-RP-MR assignment in gsm411_alloc_mt_trans(),
and update the conn->next_rp_ref counter in the paging call-back.

This change makes the corresponding TC_gsup_mt_sms_rp_mr pass.

Discovered by: Neels Hofmeyr
Related Change-Id: (TTCN) I3a52d44f4abde9b6b471b9108c1cee905884c9bc
Change-Id: Ife6d954c46b7d8348a4221ab677d0355eb3ee7ac
---
M src/libmsc/gsm_04_11.c
1 file changed, 10 insertions(+), 4 deletions(-)



  git pull ssh://gerrit.osmocom.org:29418/osmo-msc refs/changes/28/12628/1

diff --git a/src/libmsc/gsm_04_11.c b/src/libmsc/gsm_04_11.c
index 4dc07bd..7261e17 100644
--- a/src/libmsc/gsm_04_11.c
+++ b/src/libmsc/gsm_04_11.c
@@ -147,6 +147,8 @@
 	case GSM_PAGING_SUCCEEDED:
 		/* Associate transaction with established connection */
 		trans->conn = ran_conn_get(conn, RAN_CONN_USE_TRANS_SMS);
+		/* Update SM-RP-MR counter, SM-RP-MR 0x00 is taken by this trans */
+		trans->conn->next_rp_ref++;
 		/* Confirm successful connection establishment */
 		gsm411_smc_recv(&trans->sms.smc_inst,
 			GSM411_MMSMS_EST_CNF, NULL, 0);
@@ -1052,10 +1054,14 @@
 	if (!trans)
 		return NULL;
 
-	if (conn) {
-		/* Generate unique RP Message Reference */
-		trans->sms.sm_rp_mr = conn->next_rp_ref++;
-	}
+	/* Assign a unique SM-RP Message Reference:
+	 * a) if there is already an active connection,
+	 *    then use its counter conn->next_rp_ref;
+	 * b) otherwise SM-RP-MR is set to 0x00, and
+	 *    as soon as RAN connection is established,
+	 *    its counter conn->next_rp_ref is updated
+	 *    by the paging call-back. */
+	trans->sms.sm_rp_mr = conn ? conn->next_rp_ref++ : 0x00;
 
 	/* Use SAPI 3 (see GSM 04.11, section 2.3) */
 	trans->dlci = UM_SAPI_SMS;

-- 
To view, visit https://gerrit.osmocom.org/12628
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: osmo-msc
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ife6d954c46b7d8348a4221ab677d0355eb3ee7ac
Gerrit-Change-Number: 12628
Gerrit-PatchSet: 1
Gerrit-Owner: Vadim Yanitskiy <axilirator at gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20190118/a371e8ee/attachment.htm>

More information about the gerrit-log mailing list