openbsc.git branch jerlbeck/wip/gprs-patching updated. 0.13.0-755-gc93f898

gitosis at gitosis at
Mon Nov 10 11:01:11 UTC 2014

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The OpenBSC GSM Base Station Controller (+MSC/HLR/SGSN)".

The branch, jerlbeck/wip/gprs-patching has been updated
  discards  8d570c15a946c8adf874db68ef12e046cfd98fd0 (commit)
  discards  016051129a239d6a16bd06b93716f03c145aedbb (commit)
  discards  b915d5bb9726712a7e6c154559d205dc0591d393 (commit)
  discards  ffefe0e35f9b106ba11071c903f2b7e700990a58 (commit)
  discards  6ebd49eaed937f62b42281281434a6031cfbe2c1 (commit)
  discards  0c401f18259d6223fc417aefd3d088b20ce52542 (commit)
  discards  b0e9dd487f84254f0884dfba0af1237b82525734 (commit)
  discards  a6a499fc8174e77bc468c2f593fe86ca4b0363b5 (commit)
  discards  3f2dfee7ca5769b351b2d2a9d6ecdd5903243e87 (commit)
  discards  06e8cf5c76a900227f8ed32489ecfd4a683ee5f6 (commit)
  discards  60e0f06e985106204be526b9a90f21e7c417a0b6 (commit)
  discards  e7308002c55da89a76f4b5db4cae2e4df5024375 (commit)
  discards  c2f6fab069d14382dc444753bd59f62d87623aeb (commit)
  discards  41fde68761737c8590b68e4b1aed102b62b4c2e6 (commit)
  discards  597583f635d377d24cf00c3ba93e303735cc270c (commit)
  discards  dd79c53aa6a7ea844852ca257f58a71aa422b747 (commit)
  discards  7dc3f3cc4ec9067bbeb7c030f42396bd866efbb4 (commit)
  discards  f47bdf819239b9eb44350497e6c4f95ef31e7e25 (commit)
  discards  d0998fbe927ac54e0f50326b161773f8a5728b18 (commit)
       via  c93f898e6de4dfc3328b206cd2b8724c6c133215 (commit)
       via  6d1dc3c02f5a2839e998c7ec1275270d49b9db9e (commit)
       via  d49b478c9b91a14daf37de826533fb793827939e (commit)
       via  c09bee263d257e6f7ac574a542057c2181cd5da8 (commit)
       via  1fcb88a3db244830c07f28dcde6467ba3ac9239d (commit)
       via  5b98e682e5985fe60a9ebdaae8134a305021ff25 (commit)
       via  418c164fa36acbe33b2ec75eccbbba551f62a844 (commit)
       via  f12e41de7dc441f8c2837f792853511a0e038ddb (commit)
       via  3191e00c847cd780d220aa7c9b50c2a5906217a4 (commit)
       via  e0e0217321efd2d1103d9fa4e73a7a116fa83c6e (commit)
       via  b460f57502f7a0cc21a5171f877d9528c144c7f7 (commit)
       via  3245dbc7a695da12e88991918f73dc8abea8c3fe (commit)
       via  b88c41d64c2b2df18fc578f996f00cdd76f222af (commit)
       via  56e655632df54283b3634e2a2e2dac96710830ff (commit)
       via  79a481bfc005283221f300b01efdefad4dcdb9d3 (commit)
       via  8e2148ab0ec232b50484c01876316f1417822bde (commit)
       via  a312c4bb27e6dd1fa03e78138370d583570380d6 (commit)
       via  81b6311deaaac6fe97ba11eee94dc922b6b16e14 (commit)
       via  5bc648f29af30528349aaabcce8c962210a7b50f (commit)
       via  db483b72f1c8e2c397f88baa05b6b53f76362a04 (commit)
       via  7d8e8b9a13b3b2ea8404581f980869b711617e2e (commit)
       via  2c00b904bb31f807c501c26addcc046ca8496521 (commit)
       via  f9330da55561d3cad6220e8c0a6dea53990309fc (commit)
       via  33f2c4d898c59a05c8122fd9897cbd22f643b367 (commit)

This update added new revisions after undoing existing revisions.  That is
to say, the old revision is not a strict subset of the new revision.  This
situation occurs when you --force push a change and generate a repository
containing something like this:

 * -- * -- B -- O -- O -- O (8d570c15a946c8adf874db68ef12e046cfd98fd0)
             N -- N -- N (c93f898e6de4dfc3328b206cd2b8724c6c133215)

When this happens we assume that you've already had alert emails for all
of the O revisions, and so we here report only the revisions in the N
branch from the common base, B.

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------

commit c93f898e6de4dfc3328b206cd2b8724c6c133215
Author: Jacob Erlbeck <jerlbeck at>
Date:   Mon Nov 10 10:35:51 2014 +0100

    sgsn: Use gsm_subscriber (TODO)
     - commit message
     - continue impl.
    Ticket: OW#????
    Sponsored-by: On-Waves ehf

commit 6d1dc3c02f5a2839e998c7ec1275270d49b9db9e
Author: Jacob Erlbeck <jerlbeck at>
Date:   Fri Nov 7 14:17:44 2014 +0100

    sgsn: Refactor sgsn_auth (TODO)
     - Commit title
     - Commit message
     - Use sgsn_instance instead of config as parameter
    Ticket: OW#????
    Sponsored-by: On-Waves ehf

commit d49b478c9b91a14daf37de826533fb793827939e
Author: Jacob Erlbeck <jerlbeck at>
Date:   Thu Nov 6 15:43:10 2014 +0100

    sgsn: Don't assign a new P-TMSI if one is pending (TODO)
    Currently every time a RA Update Req or an Attach Req is processed, a
    new P-TMSI is alocated. When an MS issues another of these messages
    before it has completed the first procedure, old_ptmsi is replaced by
    ptmsi (and thus lost) and ptmsi is replaced by the newly allocated
    P-TMSI. This can confuse the gbproxy, which can loose track of the
    logical link then. At least a blackberry emits a double set of RA Upd
    Req messages from time to time which may be just 20ms apart.
    This patch adds a check whether mm->ptmsi or mm->old_ptmsi are not
    both set. If both are set, the P-TMSI is not re-allocated. This is
    only the case, if the Complete message has not been received since
    that resets old_ptmsi.
     - Test case
    Sponsored-by: On-Waves ehf

commit c09bee263d257e6f7ac574a542057c2181cd5da8
Author: Jacob Erlbeck <jerlbeck at>
Date:   Tue Sep 30 13:53:26 2014 +0200

    sgsn: Added TODOs (TODO)
      - fix and remove TODOs
      - add test cases for Detach(reattach)
      - add test cases for PDP context deletion (OW#1311)
      - add test cases for Cancel pending timer in sgsn_mm_ctx_free
      - remove this commit
    Sponsored-by: On-Waves ehf

commit 1fcb88a3db244830c07f28dcde6467ba3ac9239d
Author: Jacob Erlbeck <jerlbeck at>
Date:   Fri Oct 17 10:08:02 2014 +0200

    sgsn: Do not die in _bssgp_tx_dl_ud on TLLI mismatch (TODO)
    Currently an OSMO_ASSERT fails, if the message's and the mmctx's
    TLLIs do not match.
    This commit turns the assertion into an ERROR log message and uses
    the default values for IMSI, DRX, and RA CAP instead of the MM
    context values in this case.
      - find the real source for the problem
      - add test cases derived from what is being described in the ticket
    Ticket: OW#1322
    Sponsored-by: On-Waves ehf

commit 5b98e682e5985fe60a9ebdaae8134a305021ff25
Author: Jacob Erlbeck <jerlbeck at>
Date:   Fri Nov 7 14:07:48 2014 +0100

    bsc: Move gsm_subscriber_base.c to libcommon
    Since it is planned to use struct gsm_subscriber to manage subscriber
    data in the SGSN, this file which contains the generic subscriber
    related methods is moved to libcommon.
    Sponsored-by: On-Waves ehf

commit 418c164fa36acbe33b2ec75eccbbba551f62a844
Author: Jacob Erlbeck <jerlbeck at>
Date:   Mon Nov 10 11:21:32 2014 +0100

    bsc: Move gsm_network_init function to libbsc
    Currently libcommon depends on libbsc, because gsm_network_init
    (libcommon/gsm_data.c) directly calls gsm_net_update_ctype
    This patch moves gsm_network_init to a new file libbsc/net_init.c.
    Sponsored-by: On-Waves ehf

commit f12e41de7dc441f8c2837f792853511a0e038ddb
Author: Jacob Erlbeck <jerlbeck at>
Date:   Thu Nov 6 13:43:41 2014 +0100

    sgsn: Cleanup after RA Update Reject / Attach Reject
    Currently, the LLME is not cleanup up after sending an RA Update
    Reject. This happens after entering a routing area from outside,
    since in that case the SGSN sends an RA Update Reject (implicitly
    detached) which causes the MS to restart the attach procedure.
    The LLME is also not updated if an Attach Request with message errors
    (encoding, invalid MI type) is received or if an MM context cannot be
    This patch changes gsm48_rx_gmm_ra_upd_req and gsm48_rx_gmm_att_req
    to unassign the LLME or free the MM context (if available) after a
    Reject message has been sent.
    Ticket: OW#1324
    Sponsored-by: On-Waves ehf

commit 3191e00c847cd780d220aa7c9b50c2a5906217a4
Author: Jacob Erlbeck <jerlbeck at>
Date:   Tue Nov 4 12:44:15 2014 +0100

    sgsn: Notify an affected MM context if an ACL rule is removed
    Currently if an ACL access rule is removed, MS already attached are
    not affected until they try to reattach to the SGSN.
    This patch extends sgsn_acl_del to re-authenticate an MM context if
    it matches the IMSI.
    Sponsored-by: On-Waves ehf

commit e0e0217321efd2d1103d9fa4e73a7a116fa83c6e
Author: Jacob Erlbeck <jerlbeck at>
Date:   Tue Nov 4 10:08:37 2014 +0100

    sgsn: Add 'acl-only' authentication policy
    Currently the VTY 'auth-policy' command results in setting or clearing
    the acl_enabled flag. This also enables the matching of the MCC/MNC
    prefix of the IMSI.
    This patch adds an additional policy 'acl-only' which disables the
    MCC/MNC matching and relies on the ACL only.
    Sponsored-by: On-Waves ehf

commit b460f57502f7a0cc21a5171f877d9528c144c7f7
Author: Jacob Erlbeck <jerlbeck at>
Date:   Tue Nov 4 11:15:01 2014 +0100

    sgsn/test: Add VTY tests for the SGSN
    This patch adds some basic SGSN tests to
    - check for config tree nodes
    - check specific show commands
    Sponsored-by: On-Waves ehf

commit 3245dbc7a695da12e88991918f73dc8abea8c3fe
Author: Jacob Erlbeck <jerlbeck at>
Date:   Fri Oct 24 18:09:54 2014 +0200

    sgsn: Make authorization asynchronous
    Currently the authorization of an IMSI is done by checking ACLs
    synchronously which is not feasible when the subscriber data has to
    be retrieved from an external source.
    This patch changes this by using a callback when the information is
    available. This is also done when only ACL are checked, in this case
    the callback is invoked from within sgsn_auth_request(). The callback
    function sgsn_update_subscriber_data calls sgsn_auth_update which
    in turn calls either gsm0408_gprs_access_granted or
    gsm0408_gprs_access_denied. gsm48_gmm_authorize is extended by a call
    to sgsn_auth_request when IMSI and IMEI are available but the
    auth_state is unknown.
    The change has been successfully tested with single phones (E71 and
    IPhone 5c).
    Sponsored-by: On-Waves ehf

commit b88c41d64c2b2df18fc578f996f00cdd76f222af
Author: Jacob Erlbeck <jerlbeck at>
Date:   Mon Nov 3 12:48:43 2014 +0100

    bsc: Fix use-after-free on OML NM messages from the BTS
    Currently the sign_link pointer is dereferenced after a call to
    osmo_signal_dispatch, which can indirectly call
    e1inp_sign_link_destroy. If that happens, accessing *sign_link is
    illegal and can lead to a segmentation violation.
    Since only the bts pointer is needed from sign_link after the call to
    osmo_signal_dispatch, this patch changes abis_nm_rcvmsg_fom to save
    that pointer to a local variable earlier.
    <0019> input/ipa.c:250 accept()ed new link from to port 3002
    SET ATTR NACK  CAUSE=Message cannot be performed
    <0005> bsc_init.c:52 Got a NACK going to drop the OML links.
    <001b> bsc_init.c:319 Lost some E1 TEI link: 1 0xb351a830
    ==13198== ERROR: AddressSanitizer: heap-use-after-free on address 0xb5d1bc70 at pc 0x80a6e3d bp 0xbfbb33d8 sp 0xbfbb33cc
    Sponsored-by: On-Waves ehf

commit 56e655632df54283b3634e2a2e2dac96710830ff
Author: Jacob Erlbeck <jerlbeck at>
Date:   Wed Oct 29 22:12:20 2014 +0100

    sgsn: Move IMSI authorization to gsm48_gmm_authorize
    Currently the IMSI is only checked immediately when an Attach Request
    is received that contains an IMSI IE. If it contains a P-TMSI
    instead, access is always granted.
    This commit moves the IMSI check to gsm48_gmm_authorize where it is
    applied when IMSI and IMEI have been acquired. This fixes the
    authorization when the Attach Accept doesn't contain an IMSI.
    Sponsored-by: On-Waves ehf

commit 79a481bfc005283221f300b01efdefad4dcdb9d3
Author: Jacob Erlbeck <jerlbeck at>
Date:   Fri Oct 31 12:27:11 2014 +0100

    sgsn: Fix LLME leak when forcing a reattach
    Currently when forceing a reattach by sending a Detach
    Request (reattach), the SGSN waits for the Detach Accept until it
    frees the MM context (if present) and the LLME. If that message gets
    lost or isn't sent by the MS, the LLME is never freed if it isn't
    bound to an MM context.
    This patch adds code to free the MM context/LLME when forcing a
    Sponsored-by: On-Waves ehf

commit 8e2148ab0ec232b50484c01876316f1417822bde
Author: Jacob Erlbeck <jerlbeck at>
Date:   Fri Oct 31 12:20:49 2014 +0100

    sgsn: Split gsm0408_gprs_force_reattach into 2 functions
    This patch replaces gsm0408_gprs_force_reattach(msg, mmctx) by two
      - gsm0408_gprs_force_reattach(mmctx)
      - gsm0408_gprs_force_reattach_oldmsg(msg)
    The old function basically consists of the code of the two new
    functions, where the code patch selected depends on mmctx == NULL,
    which is harder to maintain, less obvious to use, and not consistent
    with many other SGSN functions.
    Sponsored-by: On-Waves ehf

commit a312c4bb27e6dd1fa03e78138370d583570380d6
Author: Jacob Erlbeck <jerlbeck at>
Date:   Mon Nov 3 10:12:52 2014 +0100

    sgsn: Call mm_ctx_cleanup_free to deregister MM context
    Currently the MM context isn't always removed when it is
    de-registered (mmctx_timer_cb), mm_state is set to GMM_DEREGISTERED
    instead. This can lead to left-over MM contexts which are only
    cleaned up if the MS reattaches.
    This patch replaces all of these assignments by a call to
    Ticket: OW#1324
    Sponsored-by: On-Waves ehf

commit 81b6311deaaac6fe97ba11eee94dc922b6b16e14
Author: Jacob Erlbeck <jerlbeck at>
Date:   Tue Oct 28 16:23:46 2014 +0100

    sgsn: Cleanup GMM state transitions
    Currently the GMM state is set to GMM-REGISTERED when an Attach
    Accept or a RA Update Accept message is sent, even if a new P-TMSI is
    included. In this case 04.08 requires (see and,
    that the state is set to GMM-COMMON-PROCEDURE-INITIATED when the
    Accept is sent. When the Complete is received, the SGSN shall set
    the state to GMM-REGISTERED.
    This patch modifies the state updates accordingly.
    Sponsored-by: On-Waves ehf

commit 5bc648f29af30528349aaabcce8c962210a7b50f
Author: Jacob Erlbeck <jerlbeck at>
Date:   Wed Oct 29 12:11:58 2014 +0100

    sgsn/test: Add test_gmm_attach
    This test checks the attach procedure until the Attach Complete is
    Note that authorization and GMM state updates are not working
    properly yet.
    Sponsored-by: On-Waves ehf

commit db483b72f1c8e2c397f88baa05b6b53f76362a04
Author: Jacob Erlbeck <jerlbeck at>
Date:   Wed Oct 29 10:31:18 2014 +0100

    sgsn/test: Move message sending to send_0408_message
    This replaces serveral occurences of duplicated code for message
    creation and sending (passing to gsm0408_gprs_rcvmsg) into a single
    function. In addition, the sgsn_tx_counter is always reset within
    send_0408_message to simplify the code that checks for the number of
    messages sent.
    Sponsored-by: On-Waves ehf

commit 7d8e8b9a13b3b2ea8404581f980869b711617e2e
Author: Jacob Erlbeck <jerlbeck at>
Date:   Tue Oct 28 12:23:29 2014 +0100

    sgsn: Reorganize and fix gsm48_gmm_authorize
    Currently the order of the 'if' clauses in gsm48_gmm_authorize
    doesn't match the order in which the conditional parts are entered.
    This makes it difficult to maintain. In addition the t3350_mode is
    not stored in every path, so that this information is lost when the
    identification procedure is started. Since the default value
    coincidentally is GMM_T3350_MODE_ATT, this doesn't hurt for Attach
    Requests which are the only messages that initially trigger the
    authentication yet.
    This patch changes the order of the 'if' clause to match the
    processing order, it removes the t3350_mode parameter entirely and
    introduces a mm->pending_req field. The latter must be set when the
    request that causes the authorization before calling
    gsm48_gmm_authorize. The gprs_t3350_mode enum is extended by
    GMM_T3350_MODE_NONE (value 0, which is the default) to make it
    possible to detect related initialisation errors or race conditions.
    Sponsored-by: On-Waves ehf

commit 2c00b904bb31f807c501c26addcc046ca8496521
Author: Jacob Erlbeck <jerlbeck at>
Date:   Fri Oct 31 10:47:29 2014 +0100

    gbproxy: Honour the BSS TLLI type when creating an SGSN TLLI
    Currently gbproxy_make_sgsn_tlli always returns a foreign TLLI when
    it uses the (SGSN) P-TMSI to generate one.
    This patch changes the implementation to return a SGSN TLLI of the
    same type like the BSS TLLI in that case.
    Sponsored-by: On-Waves ehf

commit f9330da55561d3cad6220e8c0a6dea53990309fc
Author: Jacob Erlbeck <jerlbeck at>
Date:   Thu Oct 30 17:15:43 2014 +0100

    gbproxy: Reset TLLIs when the link_info is found by IMSI/P-TMSI
    Currently when the MS does a re-attach without doing a proper detach
    first, the gbproxy uses the old local TLLI if patching and the keep
    mode are enabled. This leads to a failing attachment procedure when
    TLLI patching is also enabled.
    This patch changes gbproxy_get_link_info_ul to reset all TLLIs within the
    link_info if the message contains an unknown TLLI and an MI. This is
    generally the case with Attach Request messages.
    Ticket: OW#1324
    Sponsored-by: On-Waves ehf


Summary of changes:
 openbsc/include/openbsc/gprs_sgsn.h                |   9 +-
 openbsc/include/openbsc/gsm_subscriber.h           |   4 +
 openbsc/include/openbsc/sgsn.h                     |   3 +-
 openbsc/src/gprs/                       |   2 +-
 openbsc/src/gprs/gprs_sgsn.c                       |  31 ++++++-
 openbsc/src/gprs/gprs_subscriber.c                 |  73 +++++++++++++++
 openbsc/src/gprs/sgsn_auth.c                       |  52 ++++++++---
 openbsc/src/gprs/sgsn_main.c                       |   3 -
 openbsc/src/gprs/sgsn_vty.c                        |   8 +-
 openbsc/src/libbsc/                     |   4 +-
 openbsc/src/libbsc/bts_ipaccess_nanobts.c          |   6 +-
 openbsc/src/libbsc/net_init.c                      | 102 +++++++++++++++++++++
 openbsc/src/libcommon/                  |   4 +-
 openbsc/src/libcommon/gsm_data.c                   |  80 ----------------
 .../{libbsc => libcommon}/gsm_subscriber_base.c    |   0
 openbsc/src/osmo-bsc_nat/               |   3 +-
 openbsc/src/utils/                      |   4 +-
 openbsc/tests/channel/                  |   8 +-
 openbsc/tests/sgsn/                     |   2 +
 19 files changed, 280 insertions(+), 118 deletions(-)
 create mode 100644 openbsc/src/gprs/gprs_subscriber.c
 create mode 100644 openbsc/src/libbsc/net_init.c
 rename openbsc/src/{libbsc => libcommon}/gsm_subscriber_base.c (100%)

The OpenBSC GSM Base Station Controller (+MSC/HLR/SGSN)

More information about the osmocom-commitlog mailing list