This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/OpenBSC@lists.osmocom.org/.
Konrad Meier meierk at informatik.uni-freiburg.deSylvain Munaut schrieb: > Hi, > > You need one of the patch that's in my pending branch. The > "ipaccess: Send RTP Payload IE for CRCX & MDCX" patch to be exact. > > Try sylvain/pending branch and it should work. Basically the RTP > Payload IE is required. > > Sylvain > Hi Sylvain, I tried you branch code. After initializing the nanoBTS the bsc_hack crashed with the following output: DB: Database initialized. DB: Database prepared. <000d> input/ipaccess.c:504 accept()ed new OML link from 132.230.8.239 <0005> bsc_init.c:626 bootstrapping OML for BTS 0 <000d> input/ipaccess.c:562 accept()ed new RSL link from 132.230.8.239 <0004> bsc_init.c:761 bootstrapping RSL for BTS/TRX (0/0) on ARFCN 514 using MCC=1 MNC=1 LAC=1 CID=0 BSIC=63 TSC=7 *** stack smashing detected ***: ./bsc_hack terminated ======= Backtrace: ========= /lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x48)[0x211ed8] /lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x0)[0x211e90] ./bsc_hack[0x804b8af] ./bsc_hack[0x806d77b] ./bsc_hack[0x8070629] ./bsc_hack[0x806a275] ./bsc_hack[0x804a6ce] /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe6)[0x147b56] ./bsc_hack[0x804a2a1] ======= Memory map: ======== 00110000-00125000 r-xp 00000000 08:05 864987 /lib/tls/i686/cmov/libpthread-2.10.1.so 00125000-00126000 r--p 00014000 08:05 864987 /lib/tls/i686/cmov/libpthread-2.10.1.so 00126000-00127000 rw-p 00015000 08:05 864987 /lib/tls/i686/cmov/libpthread-2.10.1.so 00127000-00129000 rw-p 00000000 00:00 0 00131000-0026f000 r-xp 00000000 08:05 864973 /lib/tls/i686/cmov/libc-2.10.1.so 0026f000-00270000 ---p 0013e000 08:05 864973 /lib/tls/i686/cmov/libc-2.10.1.so 00270000-00272000 r--p 0013e000 08:05 864973 /lib/tls/i686/cmov/libc-2.10.1.so 00272000-00273000 rw-p 00140000 08:05 864973 /lib/tls/i686/cmov/libc-2.10.1.so 00273000-00276000 rw-p 00000000 00:00 0 00276000-002fc000 r-xp 00000000 08:05 841133 /usr/lib/libsqlite3.so.0.8.6 002fc000-002fd000 r--p 00086000 08:05 841133 /usr/lib/libsqlite3.so.0.8.6 002fd000-002fe000 rw-p 00087000 08:05 841133 /usr/lib/libsqlite3.so.0.8.6 00359000-0037d000 r-xp 00000000 08:05 864977 /lib/tls/i686/cmov/libm-2.10.1.so 0037d000-0037e000 r--p 00023000 08:05 864977 /lib/tls/i686/cmov/libm-2.10.1.so 0037e000-0037f000 rw-p 00024000 08:05 864977 /lib/tls/i686/cmov/libm-2.10.1.so 00709000-00712000 r-xp 00000000 08:05 864975 /lib/tls/i686/cmov/libcrypt-2.10.1.so 00712000-00713000 r--p 00008000 08:05 864975 /lib/tls/i686/cmov/libcrypt-2.10.1.so 00713000-00714000 rw-p 00009000 08:05 864975 /lib/tls/i686/cmov/libcrypt-2.10.1.so 00714000-0073b000 rw-p 00000000 00:00 0 007bf000-007c1000 r-xp 00000000 08:05 864976 /lib/tls/i686/cmov/libdl-2.10.1.so 007c1000-007c2000 r--p 00001000 08:05 864976 /lib/tls/i686/cmov/libdl-2.10.1.so 007c2000-007c3000 rw-p 00002000 08:05 864976 /lib/tls/i686/cmov/libdl-2.10.1.so 008ce000-008e9000 r-xp 00000000 08:05 187717 /lib/ld-2.10.1.so 008e9000-008ea000 r--p 0001a000 08:05 187717 /lib/ld-2.10.1.so 008ea000-008eb000 rw-p 0001b000 08:05 187717 /lib/ld-2.10.1.so 00989000-0098e000 r-xp 00000000 08:05 3394967 /usr/lib/dbd/libdbdsqlite3.so 0098e000-0098f000 r--p 00004000 08:05 3394967 /usr/lib/dbd/libdbdsqlite3.so 0098f000-00990000 rw-p 00005000 08:05 3394967 /usr/lib/dbd/libdbdsqlite3.so 00b9e000-00bba000 r-xp 00000000 08:05 191751 /lib/libgcc_s.so.1 00bba000-00bbb000 r--p 0001b000 08:05 191751 /lib/libgcc_s.so.1 00bbb000-00bbc000 rw-p 0001c000 08:05 191751 /lib/libgcc_s.so.1 00ec1000-00ecc000 r-xp 00000000 08:05 1103345 /usr/lib/libdbi.so.0.0.5 00ecc000-00ecd000 rw-p 0000a000 08:05 1103345 /usr/lib/libdbi.so.0.0.5 00ee2000-00ee3000 r-xp 00000000 00:00 0 [vdso] 08048000-08091000 r-xp 00000000 08:05 1518261 /home/konrad/openbsc/openbsc/src/bsc_hack 08091000-08092000 r--p 00048000 08:05 1518261 /home/konrad/openbsc/openbsc/src/bsc_hack 08092000-08095000 rw-p 00049000 08:05 1518261 /home/konrad/openbsc/openbsc/src/bsc_hack 08095000-08099000 rw-p 00000000 00:00 0 08817000-0889f000 rw-p 00000000 00:00 0 [heap] b6fdd000-b6fde000 ---p 00000000 00:00 0 b6fde000-b77e0000 rw-p 00000000 00:00 0 b77fd000-b7800000 rw-p 00000000 00:00 0 bfe1b000-bfe30000 rw-p 00000000 00:00 0 [stack] signal 6 received talloc report on 'vty' (total 26794 bytes in 2351 blocks) save_cwd contains 33 bytes in 1 blocks (ref 0) 0x8836b00 vty_command contains 15081 bytes in 1180 blocks (ref 0) 0x8836ac8 vty_vector contains 11680 bytes in 1169 blocks (ref 0) 0x8836a90 full talloc report on 'openbsc' (total 137802 bytes in 62 blocks) struct e1inp_line contains 45208 bytes in 1 blocks (ref 0) 0x88733a8 struct ia_e1_handle contains 60 bytes in 1 blocks (ref 0) 0x885c588 telnet_connection contains 1 bytes in 1 blocks (ref 0) 0x881b048 struct gsm_network contains 85112 bytes in 5 blocks (ref 0) 0x881af20 struct gsm_bts contains 84856 bytes in 2 blocks (ref 0) 0x885cc08 struct gsm_bts_trx contains 82348 bytes in 1 blocks (ref 0) 0x885d608 OpenBSC contains 8 bytes in 1 blocks (ref 0) 0x881e060 OpenBSC contains 8 bytes in 1 blocks (ref 0) 0x881f2c0 counter contains 500 bytes in 26 blocks (ref 0) 0x8817568 struct counter contains 20 bytes in 1 blocks (ref 0) 0x881f278 struct counter contains 20 bytes in 1 blocks (ref 0) 0x881f230 struct counter contains 20 bytes in 1 blocks (ref 0) 0x881f1e8 struct counter contains 20 bytes in 1 blocks (ref 0) 0x881f1a0 struct counter contains 20 bytes in 1 blocks (ref 0) 0x881d8b8 struct counter contains 20 bytes in 1 blocks (ref 0) 0x881d870 struct counter contains 20 bytes in 1 blocks (ref 0) 0x881d828 struct counter contains 20 bytes in 1 blocks (ref 0) 0x881d7e0 struct counter contains 20 bytes in 1 blocks (ref 0) 0x881d798 struct counter contains 20 bytes in 1 blocks (ref 0) 0x881d750 struct counter contains 20 bytes in 1 blocks (ref 0) 0x881d708 struct counter contains 20 bytes in 1 blocks (ref 0) 0x8819980 struct counter contains 20 bytes in 1 blocks (ref 0) 0x8819938 struct counter contains 20 bytes in 1 blocks (ref 0) 0x88198f0 struct counter contains 20 bytes in 1 blocks (ref 0) 0x88198a8 struct counter contains 20 bytes in 1 blocks (ref 0) 0x8819860 struct counter contains 20 bytes in 1 blocks (ref 0) 0x881aa40 struct counter contains 20 bytes in 1 blocks (ref 0) 0x881a9f8 struct counter contains 20 bytes in 1 blocks (ref 0) 0x881a9b0 struct counter contains 20 bytes in 1 blocks (ref 0) 0x881a968 struct counter contains 20 bytes in 1 blocks (ref 0) 0x881a920 struct counter contains 20 bytes in 1 blocks (ref 0) 0x881b0f8 struct counter contains 20 bytes in 1 blocks (ref 0) 0x881b0b0 struct counter contains 20 bytes in 1 blocks (ref 0) 0x881e0a0 struct counter contains 20 bytes in 1 blocks (ref 0) 0x881e5d8 trau_upq_entry contains 0 bytes in 1 blocks (ref 0) 0x8817530 trau_map_entry contains 0 bytes in 1 blocks (ref 0) 0x88174f8 transaction contains 0 bytes in 1 blocks (ref 0) 0x88174c0 subch_txq_entry contains 0 bytes in 1 blocks (ref 0) 0x8817488 signal_handler contains 140 bytes in 8 blocks (ref 0) 0x8817450 struct signal_handler contains 20 bytes in 1 blocks (ref 0) 0x885cb50 struct signal_handler contains 20 bytes in 1 blocks (ref 0) 0x88565b8 struct signal_handler contains 20 bytes in 1 blocks (ref 0) 0x88176c0 struct signal_handler contains 20 bytes in 1 blocks (ref 0) 0x8817678 struct signal_handler contains 20 bytes in 1 blocks (ref 0) 0x8817630 struct signal_handler contains 20 bytes in 1 blocks (ref 0) 0x88175e8 struct signal_handler contains 20 bytes in 1 blocks (ref 0) 0x88175a0 paging_request contains 0 bytes in 1 blocks (ref 0) 0x8817418 gsm_call contains 0 bytes in 1 blocks (ref 0) 0x88173e0 subscr_request contains 0 bytes in 1 blocks (ref 0) 0x88173a8 subscriber contains 0 bytes in 1 blocks (ref 0) 0x8817370 sms contains 0 bytes in 1 blocks (ref 0) 0x8817338 loc_updating_oper contains 0 bytes in 1 blocks (ref 0) 0x8817300 bs11_file_list_entry contains 0 bytes in 1 blocks (ref 0) 0x88172c8 msgb contains 6780 bytes in 8 blocks (ref 0) 0x8817290 RSL contains 1072 bytes in 1 blocks (ref 0) 0x887fab0 RSL contains 1072 bytes in 1 blocks (ref 0) 0x887f648 RSL contains 1072 bytes in 1 blocks (ref 0) 0x887f1e0 RSL contains 1072 bytes in 1 blocks (ref 0) 0x887ed78 RSL contains 1072 bytes in 1 blocks (ref 0) 0x887e910 RSL contains 1072 bytes in 1 blocks (ref 0) 0x885c5f8 Abis/IP contains 348 bytes in 1 blocks (ref 0) 0x8872288 Aborted For debugging the Code with gdb I had to change the makefile. (See attached patch) Here is the backtrace: Program received signal SIGABRT, Aborted. 0x0021a832 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2 (gdb) bt #0 0x0021a832 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2 #1 0x00b8e4d1 in *__GI_raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 #2 0x00b91932 in *__GI_abort () at abort.c:92 #3 0x00bc4ee5 in __libc_message (do_abort=2, fmt=0xc866dd "*** %s ***: %s terminated\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:189 #4 0x00c44ed8 in *__GI___fortify_fail (msg=0xc866c5 "stack smashing detected") at fortify_fail.c:32 #5 0x00c44e90 in __stack_chk_fail () at stack_chk_fail.c:29 #6 0x0804b8df in input_event (event=1, type=E1INP_SIGN_RSL, trx=0x80df1c0) at bsc_init.c:787 #7 0x0806d7ab in e1inp_event (ts=0x80f54f4, evt=1, tei=0 '\000', sapi=77 'M') at e1_input.c:519 #8 0x08070659 in handle_ts1_read (bfd=0x80f5a5c, what=<value optimized out>) at input/ipaccess.c:360 #9 ipaccess_fd_cb (bfd=0x80f5a5c, what=<value optimized out>) at input/ipaccess.c:469 #10 0x0806a2a5 in bsc_select_main (polling=0) at select.c:109 #11 0x0804a6fe in main (argc=1, argv=0xbffff2d4) at bsc_hack.c:233 I located the Error in file bsc_init.c line 677: si_tmp[23] -> buffer overflow changing si_tmp[24] fixed the crash but the nanoBTS refuses to work. Do you have any idea? Regards Konrad -------------- next part -------------- A non-text attachment was scrubbed... Name: gdb-fix.patch Type: text/x-patch Size: 626 bytes Desc: not available URL: <http://lists.osmocom.org/pipermail/openbsc/attachments/20100226/15aa842e/attachment.bin>