Open Source Mobile Communications: Issueshttps://osmocom.org/https://osmocom.org/favicon.ico?16647414092023-08-02T18:18:57ZOpen Source Mobile Communications
Redmine OsmocomBB - Feature #6132 (New): Add MS_GPRS_Tests to osmo-ttcn3-hackshttps://osmocom.org/issues/61322023-08-02T18:18:57Zpespin
<p>It would be really great to have something similar to existing TTCN3 PCU_Tests, testing RLC/MAC, but for the MS side, using the "modem" app.</p> Osmocom Libraries - Bug #6025 (Resolved): asn1c ASN__STACK_OVERFLOW_CHECK() fails with gcc 13 an...https://osmocom.org/issues/60252023-05-04T17:31:25Zpespin
<p>osmo-iuh unit tests (hnbap) started failing today after I upgraded by system to gcc 13.1.1 20230429.</p>
<p>A bit of debugging resulted in _ASN_STACK_OVERFLOW_CHECK() in our libasn1c sometimes returning an error. After disabling building with AddressSAnitizer (I usually build with --enable-sanitize), then the tests started passing.<br />When debugging with ASan enabled, I saw the stack pointers doing some interesting jumps in the address space (going and coming back to close values) every time a new call frame was entered.</p>
<p>Reading what may probably have changed, I stumbled upon <a class="external" href="https://gcc.gnu.org/gcc-13/changes.html">https://gcc.gnu.org/gcc-13/changes.html</a> :<br />"AddressSanitizer defaults to detect_stack_use_after_return=1 on GNU/Linux targets. For compatibility, it can be disabled with env ASAN_OPTIONS=detect_stack_use_after_return=0."</p>
<p>Indeed, using "export ASAN_OPTIONS=detect_stack_use_after_return=0" makes test pass again.<br />In any case, it was concluded that it's not a good idea to have such in-code check when building/running with ASan enabled.</p>
<p>Hence, I submitted a patch for our libasn1c.git to gerrit which disables the check when building with ASan:<br /><a class="external" href="https://gerrit.osmocom.org/c/libasn1c/+/32612">https://gerrit.osmocom.org/c/libasn1c/+/32612</a></p>
<p>Upstream as1nc repositories still seem to have the same issue:<br /><a class="external" href="https://github.com/vlm/asn1c/blob/master/skeletons/asn_internal.h#L131">https://github.com/vlm/asn1c/blob/master/skeletons/asn_internal.h#L131</a><br /><a class="external" href="https://github.com/mouse07410/asn1c/blob/vlm_master/skeletons/asn_internal.h#L148">https://github.com/mouse07410/asn1c/blob/vlm_master/skeletons/asn_internal.h#L148</a></p>
<p>So I submitted patches for both upstream repos too:<br /><a class="external" href="https://github.com/vlm/asn1c/pull/476">https://github.com/vlm/asn1c/pull/476</a><br /><a class="external" href="https://github.com/mouse07410/asn1c/pull/128">https://github.com/mouse07410/asn1c/pull/128</a></p>
<p>Once those are merged, we may want to use the new mouse07410 vlm_master and generate new skeletons code for osmo-cbc.git/src/sbcap/skel. I think since we generated the code there has been some extra fixes upstream.</p> OsmoMSC - Feature #6000 (New): Allow emergency calls without IMSI (using IMEI as MI)https://osmocom.org/issues/60002023-04-12T11:03:30Zpespin
<p>This is supported since a few moths ago in osmo-bsc, see <a class="external" href="https://osmocom.org/issues/5849">https://osmocom.org/issues/5849</a></p>
<p>However, this seems to be not the case yet for osmo-msc.<br />According to our TTCN3 MSC_Tests, we right now have these tests passing:</p>
<blockquote>
<p>TC_emerg_call_imsi<br />TC_emerg_call_imei_reject</p>
</blockquote>
<p>Which seems to describe that we are currently rejecting emergency calls with IMEI.<br />We should add a new TC_emerg_call_imei test (or change TC_emerg_call_imei_reject) so that we can test emergency calls without IMSI, and implement whatever is needed in osmo-msc to have it passing.</p> OsmoGGSN (former OpenGGSN) - Bug #5383 (Resolved): Not enough tailroom msgb_put in gtp_gpdu_indhttps://osmocom.org/issues/53832022-01-04T12:17:28Zpespin
<pre>
20220104131234711 DTUN <0001> /git/osmo-ggsn/ggsn/ggsn.c:654 TUN(tun4): APN(internet) Rx DL data packet for IP address with no associated PDP Ctx: 176.16.222.2 <- 142.250.178.170
msgb(0x7ffff2238940): Not enough tailroom msgb_put (allocated 3960, head at 0, len 0, tailroom 4096 < want tailroom 4303)
backtrace() returned 17 addresses
/build/new/out/lib/libosmocore.so.18(+0x13a321) [0x7ffff6738321]
/build/new/out/lib/libosmocore.so.18(osmo_generate_backtrace+0x18) [0x7ffff6738660]
/build/new/out/lib/libosmocore.so.18(+0x13a0a4) [0x7ffff67380a4]
/build/new/out/lib/libosmocore.so.18(osmo_set_panic_handler+0) [0x7ffff673821e]
/build/new/out/lib/libosmocore.so.18(+0x12db7b) [0x7ffff672bb7b]
/build/new/out/lib/libosmocore.so.18(osmo_vlogp+0x670) [0x7ffff672c3aa]
/build/new/out/lib/libosmocore.so.18(logp2+0x122) [0x7ffff672c906]
/build/new/out/lib/libgtp.so.6(+0x58238) [0x7ffff7534238]
/build/new/out/lib/libgtp.so.6(gtp_decaps1u+0x9e3) [0x7ffff75442af]
/build/new/out/bin/osmo-ggsn(+0x71a22) [0x5555555c5a22]
/build/new/out/lib/libosmocore.so.18(+0xfa5af) [0x7ffff66f85af]
/build/new/out/lib/libosmocore.so.18(+0xfa6af) [0x7ffff66f86af]
/build/new/out/lib/libosmocore.so.18(osmo_select_main+0xc) [0x7ffff66f8758]
/build/new/out/bin/osmo-ggsn(+0x64503) [0x5555555b8503]
/usr/lib/libc.so.6(__libc_start_main+0xd5) [0x7ffff5a8db25]
/build/new/out/bin/osmo-ggsn(+0x63afe) [0x5555555b7afe]
Program received signal SIGABRT, Aborted.
0x00007ffff5aa2d22 in raise () from /usr/lib/libc.so.6
(gdb) bt full
#0 0x00007ffff5aa2d22 in raise () from /usr/lib/libc.so.6
No symbol table info available.
#1 0x00007ffff5a8c862 in abort () from /usr/lib/libc.so.6
No symbol table info available.
#2 0x00007ffff67380ae in osmo_panic_default (fmt=fmt@entry=0x7ffff67876c0 "msgb(%p): Not enough tailroom msgb_put (allocated %u, head at %u, len %u, tailroom %u < want tailroom %u)\n",
args=args@entry=0x7fffffffc140) at /git/libosmocore/src/panic.c:45
No locals.
#3 0x00007ffff673821e in osmo_panic (fmt=fmt@entry=0x7ffff67876c0 "msgb(%p): Not enough tailroom msgb_put (allocated %u, head at %u, len %u, tailroom %u < want tailroom %u)\n")
at /git/libosmocore/src/panic.c:80
args = <optimized out>
#4 0x00007ffff672bb7b in msgb_put (len=4303, msgb=0x7ffff2238940) at /git/libosmocore/include/osmocom/core/msgb.h:238
tmp = 0x7ffff22389c8 "\033[38;5;35m20220104131238288 \033[1;31mDLGTP\033[0;m\033[38;5;35m <000d> /git/osmo-ggsn/gtp/gtp.c:2911 Packet from 192.168.1.138:2152, length: 1422 content: 32 ff 05 86 00 00 00 01 00 0"...
tmp = <optimized out>
#5 _file_raw_output (target=<optimized out>, subsys=<optimized out>, level=<optimized out>, file=0x7ffff755d040 "/git/osmo-ggsn/gtp/gtp.c", line=2911,
cont=<optimized out>, format=0x7ffff755d840 "Packet from %s:%u, length: %d content: %s: Unknown PDP context: TEI=0x%x\n", ap=0x7fffffffc360)
20220104130447227 DGGSN <0002> /git/osmo-ggsn/ggsn/ggsn.c:681 PDP(901700000043320:5): Packet received on APN(internet): forwarding to tun tun4
20220104130447237 DGGSN <0002> /git/osmo-ggsn/ggsn/ggsn.c:681 PDP(901700000043320:5): Packet received on APN(internet): forwarding to tun tun4
at /git/libosmocore/src/logging.c:984
msg = 0x7ffff2238940
rc = 4303
#6 0x00007ffff672c3aa in osmo_vlogp (subsys=<optimized out>, subsys@entry=-9, level=level@entry=7, file=file@entry=0x7ffff755d040 "/git/osmo-ggsn/gtp/gtp.c",
line=line@entry=2911, cont=cont@entry=0, format=format@entry=0x7ffff755d840 "Packet from %s:%u, length: %d content: %s: Unknown PDP context: TEI=0x%x\n", ap=<optimized out>)
at /git/libosmocore/src/logging.c:706
bp = <optimized out>
tar = 0x6110000001e0
#7 0x00007ffff672c906 in logp2 (subsys=subsys@entry=-9, level=level@entry=7, file=file@entry=0x7ffff755d040 "/git/osmo-ggsn/gtp/gtp.c", line=line@entry=2911,
cont=cont@entry=0, format=format@entry=0x7ffff755d840 "Packet from %s:%u, length: %d content: %s: Unknown PDP context: TEI=0x%x\n")
at /git/libosmocore/src/logging.c:744
ap = <optimized out>
#8 0x00007ffff7534238 in gtp_gpdu_ind (gsn=gsn@entry=0x7ffff18e0800, version=version@entry=1 '\001', peer=peer@entry=0x7fffffffc710, fd=fd@entry=10, pack=pack@entry=0x7fffffffc730,
len=len@entry=1422) at /git/osmo-ggsn/gtp/gtp.c:2911
hlen = <optimized out>
pdp = <optimized out>
#9 0x00007ffff75442af in gtp_decaps1u (gsn=0x7ffff18e0800) at /git/osmo-ggsn/gtp/gtp.c:3396
buffer = <optimized out>
peer = <optimized out>
peerlen = <optimized out>
status = 1422
pheader = 0x7fffffffc730
version = 1 '\001'
fd = 10
#10 0x00005555555c5a22 in ggsn_gtp_fd_cb (fd=0x614000000fa8, what=1) at /git/osmo-ggsn/ggsn/ggsn.c:756
ggsn = 0x614000000ea0
rc = <optimized out>
#11 0x00007ffff66f85af in poll_disp_fds (n_fd=n_fd@entry=9) at /git/libosmocore/src/select.c:361
--Type <RET> for more, q to quit, c to continue without paging--
p = <optimized out>
flags = 1
ufd = 0x614000000fa8
i = 6
work = 1
shutdown_pending_writes = 0
#12 0x00007ffff66f86af in _osmo_select_main (polling=polling@entry=0) at /git/libosmocore/src/select.c:399
n_poll = 9
rc = <optimized out>
timeout = 945
#13 0x00007ffff66f8758 in osmo_select_main (polling=polling@entry=0) at /git/libosmocore/src/select.c:438
rc = <optimized out>
#14 0x00005555555b8503 in main (argc=3, argv=0x7fffffffea88) at /git/osmo-ggsn/ggsn/ggsn_main.c:249
ggsn = <optimized out>
rc = <optimized out>
(gdb)
</pre>
<p>Bug seems to be related to logging a big buffer in libosmocore.</p> Core testing infrastructure - Feature #5323 (New): Add docker image containing titan.core masterhttps://osmocom.org/issues/53232021-11-22T17:26:06Zpespin
<p>Right now, we have "debian-stretch-titan/Dockerfile" in docker-playground.git, which installs the eclipse-titan from "latest" OBS repositories (currently 8.0.0 despite 8.1.0 is already available):<br /><a class="external" href="https://build.opensuse.org/package/show/network:osmocom:latest/eclipse-titan">https://build.opensuse.org/package/show/network:osmocom:latest/eclipse-titan</a></p>
However, it is sometimes useful to be able to build titan.core from source (be it master or any other branch). This can be used for different reasons:
<ul>
<li>Checking if a certain bug is present/fixed in a newer version, useful to report bugs upstream.</li>
<li>Check if newer versions than the one we currently have in OBS run fine against our test suites before upgrading it.</li>
<li>Build a random branch to develop/fix certain titan.core features.</li>
</ul>
<p>I already tried for a while but I wasn't able to get it to work since my debian packaging abilitites are not really good.<br />I share here what I have WIP for someone else to pick up the work.</p>
<pre>
diff --git a/debian-stretch-titan/Dockerfile b/debian-stretch-titan/Dockerfile
index 5b6b134..5e544cb 100644
--- a/debian-stretch-titan/Dockerfile
+++ b/debian-stretch-titan/Dockerfile
@@ -52,6 +52,34 @@ RUN DPKG_ARCH="$(dpkg --print-architecture)" && export $DPKG_ARCH && \
RUN git config --global user.email docker@dock.er && \
git config --global user.name "Dock Er"
+
+# clone titan.core
+RUN apt-get update && \
+ apt-get upgrade -y && \
+ DEBIAN_FRONTEND=noninteractive \
+ apt-get install -y --no-install-recommends \
+ git-buildpackage \
+ debhelper \
+ devscripts \
+ vim \
+ sudo \
+ iputils-ping \
+ less \
+ bison default-jdk flex fakeroot \
+ net-tools && \
+ apt-get clean
+ADD debian /debian
+RUN git clone https://gitlab.eclipse.org/eclipse/titan/titan.core.git && \
+ cp -r /debian /titan.core/ && \
+ cd /titan.core && \
+ echo "PESPIN1" && \
+ git add --all && \
+ git commit -m "TMP" && \
+ mkdir -p /foobar && \
+ gbp buildpackage -tc -uc -us --git-debian-branch=master --git-upstream-tree=master --git-ignore-new --git-export=master "--git-export-dir=/foobar"; \
+ cat /tmp/eclipse-titan*
+ADD https://gitlab.eclipse.org/api/v4/projects/176/repository/branches/master /tmp/deps-titancore
+
# clone osmo-ttcn3-hacks and deps, invalidate cache if deps change (OS#5017)
RUN git clone git://git.osmocom.org/osmo-ttcn3-hacks.git && \
make -C /osmo-ttcn3-hacks deps
</pre> OsmoBTS - Bug #5262 (Resolved): BTS_Tests_LAPDm: TC_rr_response_frame_loss fails if run after TC_...https://osmocom.org/issues/52622021-10-13T16:47:16Zpespin
<p>If run alone, TC_rr_response_frame_loss passes fine. However, if it is run after TC_t200_n200 (usual way as per control()), then it fails.</p>
<pre>
TC_rr_response_frame_loss(11): fail (none -> fail) reason: ""BTS_Tests.ttcn:700 : Tguard timeout""
</pre> libosmocore - Feature #5032 (Resolved): Add VTY option to write TID in log line prefixhttps://osmocom.org/issues/50322021-02-17T18:07:15Zpespin
<p>Similar to other options to prefix log lines with several information, it would be nice having some generic integrated way to log TID on each line, to ease debug and udnerstanding of multi-threaded processes.</p>
<p>A command under "logging ..." node, something like: "logging print tid (0|1)", which would be disabled by default.</p>
<p>This can easily be implemented now that we have "osmo_gettid()" API (see <a class="issue tracker-1 status-3 priority-2 priority-default closed" title="Bug: logging_gsmtap.c code not filling PID field in pkt header (Resolved)" href="https://osmocom.org/issues/5027">#5027</a>).</p>
<p>We could even have an internal __thread variable with some osmo_gettid_cached() internal API which would fill the __thread variable if it is == 0, in order to avoid calling gettid() and potentially issuing a syscall everytime.</p>
<p>See as an example:<br /><a class="external" href="https://gerrit.osmocom.org/c/libosmocore/+/22952">https://gerrit.osmocom.org/c/libosmocore/+/22952</a> logging: gsmtap: Store TID instead of PID in pkt hdr</p> libosmocore - Feature #4727 (Feedback): Add more distro/platform/archs to jenkins CIhttps://osmocom.org/issues/47272020-08-25T14:18:29Zpespin
<p>Currently we rely on OBS to run unit test software on several architectures/distributions/versions. However, OBS hosts lack some features which means we need to disable them when we run there (such as socket_sctp_test), and hence only get tested mostly only in x86_64 on one debian version.</p>
<p>That means we don't test such features in ARM, or in Ubuntu or CentOS, or debian unstable.</p> libosmo-ranap - Bug #4556 (Resolved): All osmo-iuh fail with asan enabled and gcc 10.1.0https://osmocom.org/issues/45562020-05-18T08:19:57Zpespin
<pre>
+=================================================================
+==99092==ERROR: AddressSanitizer: odr-violation (0x560b019fdfe0):
+ [1] size=4 'asn1_xer_print' /osmo-iuh/src/tests/test-helpers.c:35:5
+ [2] size=4 'asn1_xer_print' /osmo-iuh/src/iu_client.c:85:5
+These globals were registered at these points:
+ [1]:
+ #0 0x7faf77adf69a in __asan_register_globals /build/gcc/src/gcc/libsanitizer/asan/asan_globals.cpp:341
+ #1 0x560b019f7c6e in _sub_I_00099_1 (/osmo-iuh/src/tests/test-helpers+0x5c6e)
+ #2 0x560b019f7fcc in __libc_csu_init (/osmo-iuh/src/tests/test-helpers+0x5fcc)
+
+ [2]:
+ #0 0x7faf77adf69a in __asan_register_globals /build/gcc/src/gcc/libsanitizer/asan/asan_globals.cpp:341
+ #1 0x7faf7742db91 in _sub_I_00099_1 (/osmo-iuh/src/.libs/libosmo-ranap.so.3+0x47db91)
+ #2 0x7faf784920f1 in call_init.part.0 (/lib64/ld-linux-x86-64.so.2+0x110f1)
+
+==99092==HINT: if you don't care about these errors you may set ASAN_OPTIONS=detect_odr_violation=0
+SUMMARY: AddressSanitizer: odr-violation: global 'asn1_xer_print' at /osmo-iuh/src/tests/test-helpers.c:35:5
+==99092==ABORTING
</pre>
<p>Since I got newer gcc (9 -> 10), tests fail when building with ASan.</p> OsmoGSMTester - Bug #4389 (Resolved): ansible: osmo-gsm-tester host needs patchelf > 0.9.1https://osmocom.org/issues/43892020-02-05T18:21:36Zpespin
<p>So today while patching srsue with debian 9 (which ships with package patchelf 0.9-1+b1), I got into following issue:<br /><pre>
$ patchelf --set-rpath /osmo-gsm-tester-srsue/srslte/lib /osmo-gsm-tester-srsue/srslte/bin/srsue
warning: working around a Linux kernel bug by creating a hole of 124461056 bytes in ‘/osmo-gsm-tester-srsue/srslte/bin/srsue’
maximum file size exceeded
</pre><br />The command returns 1 and the rpath is not changed.</p>
<p>reading a bit about the issue it seems to be a known patchelf bug fixed in newer versions: <a class="external" href="https://github.com/NixOS/patchelf/issues/47">https://github.com/NixOS/patchelf/issues/47</a></p>
<p>I had to test with a newer patchelf to have it working: version 0.9+52 which ships in current stable (buster, debian 10).<br /><a class="external" href="https://packages.debian.org/buster/amd64/patchelf">https://packages.debian.org/buster/amd64/patchelf</a></p>
<p>So I already installed that deb package (patchelf_0.9+52.20180509-1_amd64.deb) into osmo-gsm-tester Prod setup slave host (where we run stuff like srsue and osmo-trx) since that's where it's needed.</p>
<p>This task is created as a reminder to add that manual installation of the package in ansible (osmo-ci.git).</p>
<p>Update:<br />It seems that 0.9+52 is causing issues on srsepc binary, during run, it fails with:<br /><pre>
Inconsistency detected by ld.so: dl-version.c: 224: _dl_check_map_versions: Assertion `needed != NULL' failed
</pre></p>
<p>Same goes for patchelf_0.10-2_amd64.deb.</p>
<p>So it seems we might need to patch 0.9+1 with <a class="external" href="https://github.com/NixOS/patchelf/commit/f6886c2c33a1cf8771163919f3d20f6340c0ce38">https://github.com/NixOS/patchelf/commit/f6886c2c33a1cf8771163919f3d20f6340c0ce38</a> ?</p> OsmoPCU - Bug #4338 (Resolved): Add EGPRS tests toTTCN3 PCU_Tests_RAWhttps://osmocom.org/issues/43382019-12-23T18:51:42Zpespin
<p>I create this ticket to document process of adding some sample test validating EGPRS against osmo-pcu.<br />Probably the easiest would be to start and create a TC_mo_mt_ping_egprs().</p>
<pre>
When the mobile station has received the PACKET UPLINK ASSIGNMENT message it shall respond with a PACKET RESOURCE REQUEST message in the first allocated radio block.
A mobile station supporting EGPRS shall indicate the EGPRS capability in the MS Radio Access Capability 2 IE of the PACKET RESOURCE REQUEST message.
</pre>
<p><a class="external" href="https://issuu.com/leliwa/docs/signalling_in_gprs_egprs_chapter_03/30">https://issuu.com/leliwa/docs/signalling_in_gprs_egprs_chapter_03/30</a> page 44-45/68.</p>
That's two-phase access to get EGPRS TBF:
<ul>
<li>MS sends RACH on CCCH asking for UL TBF</li>
<li>Network sends IMM ASS on AGCH/PCH providing PDCH + TLLI + TFI</li>
<li>MS sends PACKET RESOURCE REQUEST on PDCH assigned with "MS Radio Access Capability 2" IE stating it supports EGPRS</li>
<li>The network should send an PACKET UPLINK ASSIGNMENT with updated CS</li>
<li>MS answers with PACKET CONTROL ACK</li>
<li>MS can now send whatever data.</li>
</ul>
<p>TS 44.060 sec Table 11.2.16.1: PACKET RESOURCE REQUEST information elements</p> OsmoSTP - Feature #4275 (New): Add TTCN3 STP_Tests_IPA.TC_tmt_broadcasthttps://osmocom.org/issues/42752019-11-21T15:52:09Zpespin
<p>The broadcast traffic mode was implemented for both M3UA and IPA in osmo-stp in libosmo-sccp.git af55d4a4a4368d20bc395a5c4712a612b7d954d7.</p>
Test already exists for STP_Tests_M3UA, but it's missing in IPA.<br />This task is a reminder to add the test. Steps:
<ul>
<li>Copy and adapt the test from STP_Tests_M3UA similarly to how it was done for TC_tmt_override and TC_tmt_broadcast.</li>
<li>New ASPs and AS need to be added to docker-playground.git's ttcn3-stp-test/osmo-stp.cfg with broadcast traffic mode configured.</li>
</ul> OsmoPCU - Bug #4228 (Resolved): assert failed in osmo-pcuhttps://osmocom.org/issues/42282019-10-16T12:19:43Zpespin
<pre>
20191016141542092 DL1IF <0001> /osmo-pcu/src/pcu_l1_if.cpp:402 RACH request received: sapi=1 qta=-1, ra=117, fn=1596534, cur_fn=1596538, is_11bit=0
PayloadType = 1 | spare = 0 | R = 0 | MESSAGE_TYPE = 5 | Exist_ACCESS_TYPE = 1 | ACCESS_TYPE = 0 | : ID | Choice PacketResourceRequestID = 1 | u.TLLI = 0xe304f21f | : End ID | Exist_MS_Radio_Access_capability = 1 | : MS_Radio_Access_capability | MS_RA_capability_value { | Choice MS_RA_capability_value_Choice = 3 | u.Content length = 66 | ptr = 0x5555556fb198 | offset = 4 | RF_Power_Capability = 1 | Exist_A5_bits = 0 | ES_IND = 1 | PS = 1 | VGCS = 0 | VBS = 0 | Exist_Multislot_capability = 1 | : Multislot_capability | Exist_HSCSD_multislot_class = 0 | Exist_GPRS_multislot_class = 1 | GPRS_multislot_class = 12 | GPRS_Extended_Dynamic_Allocation_Capability = 1 | Exist_SM = 1 | SMS_VALUE = 7 | SM_VALUE = 1 | Exist_ECSD_multislot_class = 0 | Exist_EGPRS_multislot_class = 1 | EGPRS_multislot_class = 12 | EGPRS_Extended_Dynamic_Allocation_Capability = 1 | Exist_DTM_GPRS_multislot_class = 1 | DTM_GPRS_multislot_class = 3 | Single_Slot_DTM = 0 | : DTM_EGPRS_Params | Exist_DTM_EGPRS_multislot_class = 1 | DTM_EGPRS_multislot_class = 3 | : End DTM_EGPRS_Params | : End Multislot_capability | Exist_Eight_PSK_Power_Capability = 1 | Eight_PSK_Power_Capability = 2 | COMPACT_Interference_Measurement_Capability = 0 | Revision_Level_Indicator = 1 | UMTS_FDD_Radio_Access_Technology_Capability = 0 | UMTS_384_TDD_Radio_Access_Technology_Capability = 0 | CDMA2000_Radio_Access_Technology_Capability = 0 | UMTS_128_TDD_Radio_Access_Technology_Capability = 0 | GERAN_Feature_Package_1 = 1 | Exist_Extended_DTM_multislot_class = 0 | Modulation_based_multislot_class_support = 0 | Exist_HighMultislotCapability = 0 | Exist_GERAN_lu_ModeCapability = 0 | GMSK_MultislotPowerProfile = 3 | EightPSK_MultislotProfile = 3 | MultipleTBF_Capability = 0 | DownlinkAdvancedReceiverPerformance = 1 | ExtendedRLC_MAC_ControlMessageSegmentionsCapability = 1 | DTM_EnhancementsCapability = 1 | Exist_DTM_GPRS_HighMultislotClass = 0 | PS_HandoverCapability = 0 | MS_RA_capability_value } | : End MS_Radio_Access_capability | : Channel_Request_Description | PEAK_THROUGHPUT_CLASS = 6 | RADIO_PRIORITY = 0 | RLC_MODE = 0 | LLC_PDU_TYPE = 1 | RLC_OCTET_COUNT = 82 | : End Channel_Request_Description | Exist_CHANGE_MARK = 0 | C_VALUE = 44 | Exist_SIGN_VAR = 0 | Slot | Exist = 0 | Slot | Exist = 0 | Slot | Exist = 0 | Slot | Exist = 0 | Slot | Exist = 0 | Slot | Exist = 0 | Slot | Exist = 0 | Slot | Exist = 0 | Exist_AdditionsR99 = 1 | : AdditionsR99 | Exist_EGPRS_BEP_LinkQualityMeasurements = 0 | Exist_EGPRS_TimeslotLinkQualityMeasurements = 0 | Exist_PFI = 0 | MS_RAC_AdditionalInformationAvailable = 0 | RetransmissionOfPRR = 0 | : End AdditionsR99 | Padding = 0|43|
20191016141542489 DRLCMAC <0002> /osmo-pcu/src/pdch.cpp:596 MS supports EGPRS multislot class 12.
20191016141542489 DTBF <0008> /osmo-pcu/src/tbf.cpp:989 Allocating UL TBF: MS_CLASS=12/12
20191016141542489 DTBF <0008> /osmo-pcu/src/tbf.cpp:541 TBF(TFI=0 TLLI=0x00000000 DIR=UL STATE=NULL) Setting Control TS 6
20191016141542489 DTBF <0008> /osmo-pcu/src/tbf.cpp:945 TBF(TFI=0 TLLI=0xe304f21f DIR=UL STATE=NULL) Allocated: trx = 0, ul_slots = 40, dl_slots = 00
20191016141542491 DTBF <0008> /osmo-pcu/src/tbf.cpp:1359 TBF(TFI=0 TLLI=0xe304f21f DIR=UL STATE=ASSIGN) start Packet Uplink Assignment (PACCH)
MESSAGE_TYPE = 10 | PAGE_MODE = 0 | Exist_PERSISTENCE_LEVEL = 0 | : ID | Choice PacketUplinkID = 2 | u.TLLI = 0xe304f21f | : End ID | u.PUA_GPRS_Struct = 0 | : u.PUA_GPRS_Struct | CHANNEL_CODING_COMMAND = 1 | TLLI_BLOCK_CHANNEL_CODING = 1 | : Packet_Timing_Advance | Exist_TIMING_ADVANCE_VALUE = 1 | TIMING_ADVANCE_VALUE = 0 | Exist_IndexAndtimeSlot = 0 | : End Packet_Timing_Advance | Exist_Frequency_Parameters = 1 | : Frequency_Parameters | TSC = 7 | u.ARFCN = 0 | u.ARFCN = 870 | : End Frequency_Parameters | u.Dynamic_Allocation = 1 | : u.Dynamic_Allocation | Extended_Dynamic_Allocation = 0 | Exist_P0 = 0 | USF_GRANULARITY = 0 | Exist_UPLINK_TFI_ASSIGNMENT = 1 | UPLINK_TFI_ASSIGNMENT = 0 | Exist_RLC_DATA_BLOCKS_GRANTED = 0 | Exist_TBF_Starting_Time = 0 | u.Timeslot_Allocation = 0 | u.Timeslot_Allocation | Exist = 0 | u.Timeslot_Allocation | Exist = 0 | u.Timeslot_Allocation | Exist = 0 | u.Timeslot_Allocation | Exist = 0 | u.Timeslot_Allocation | Exist = 0 | u.Timeslot_Allocation | Exist = 0 | u.Timeslot_Allocation | Exist = 1 | USF_TN = 0 | u.Timeslot_Allocation | Exist = 0 | : End u.Dynamic_Allocation | Exist_AdditionsR99 = 0 | : End u.PUA_GPRS_Struct | Padding = 43|43|43|43|43|43|43|43|43|43|
20191016141542491 DTBFDL <0009> /osmo-pcu/src/tbf.cpp:782 TBF(TFI=0 TLLI=0xe304f21f DIR=UL STATE=ASSIGN) Scheduled UL Assignment polling on PACCH (FN=1596664, TS=7)
PayloadType = 1 | spare = 0 | R = 0 | MESSAGE_TYPE = 1 | TLLI = 0xe304f21f | CTRL_ACK = 3 | Exist_AdditionsR5 = 0 | Padding = 43|43|43|43|43|43|43|43|43|43|43|43|43|43|43|43|43|
20191016141542710 DTBF <0008> /osmo-pcu/src/tbf.cpp:544 TBF(TFI=0 TLLI=0xe304f21f DIR=UL STATE=FLOW) Changing Control TS 6
20191016141542931 DBSSGP <000c> /osmo-pcu/src/tbf_ul.cpp:404 LLC [PCU -> SGSN] TBF(TFI=0 TLLI=0xe304f21f DIR=UL STATE=FLOW) len=82
20191016141542963 DBSSGP <000c> /osmo-pcu/src/gprs_bssgp_pcu.cpp:181 P-TMSI = e304f21f
20191016141542963 DRLCMAC <0002> /osmo-pcu/src/gprs_rlcmac.cpp:34 TX: [PCU -> BTS] Paging Request (CCCH)
Assert failed sizeof(data) >= PAGING_GROUP_LEN + 1 + block->data_len /osmo-pcu/src/pcu_l1_if.cpp:240
backtrace() returned 21 addresses
/lib/libosmocore.so.12(osmo_generate_backtrace+0x18) [0x7ffff7d05575]
/lib/libosmocore.so.12(+0x1e27d) [0x7ffff7d0527d]
/lib/libosmocore.so.12(osmo_panic+0xdc) [0x7ffff7d0535e]
/bin/osmo-pcu(+0x29c66) [0x55555557dc66]
/bin/osmo-pcu(+0x22c8f) [0x555555576c8f]
/bin/osmo-pcu(+0x2045e) [0x55555557445e]
/bin/osmo-pcu(+0x209bb) [0x5555555749bb]
/bin/osmo-pcu(+0x21093) [0x555555575093]
/bin/osmo-pcu(+0x213b6) [0x5555555753b6]
/lib/libosmogb.so.9(+0x8c78) [0x7ffff7fa5c78]
/lib/libosmogb.so.9(+0xb0c3) [0x7ffff7fa80c3]
/lib/libosmogb.so.9(gprs_ns_rcvmsg+0xe1) [0x7ffff7fa734e]
/lib/libosmogb.so.9(+0xbc40) [0x7ffff7fa8c40]
/lib/libosmogb.so.9(+0xbd17) [0x7ffff7fa8d17]
/lib/libosmocore.so.12(osmo_fd_disp_fds+0x26b) [0x7ffff7cf37f6]
/lib/libosmocore.so.12(+0xc9cd) [0x7ffff7cf39cd]
/lib/libosmocore.so.12(osmo_select_main+0x15) [0x7ffff7cf39f8]
/bin/osmo-pcu(+0x1e4e8) [0x5555555724e8]
/usr/lib/libc.so.6(__libc_start_main+0xf3) [0x7ffff77c2ee3]
/bin/osmo-pcu(+0x1da6e) [0x555555571a6e]
</pre>
<p>Proably related to osmo-pcu f681f07cd0c2d5232d6cf3c1da2192cc7bc9c576..d752d7cebe51bd690d31147ef5173c3f33ec7f41</p> OsmoTRX - Feature #4081 (Resolved): Add dissector for OsmoTRX protocolhttps://osmocom.org/issues/40812019-06-28T13:02:00Zpespin
We want to add wireshark dissectors for TRX protocols spoken between BTS and TRX:
<ul>
<li>TRXD (v0, v1)<br />*TRXC</li>
</ul>
<p><a class="external" href="https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14814">https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14814</a><br /><a class="external" href="https://code.wireshark.org/review/#/c/26796/">https://code.wireshark.org/review/#/c/26796/</a></p> osmo-pcap - Feature #3998 (Resolved): Add osmo-pcap recipes to meta-telephonyhttps://osmocom.org/issues/39982019-05-13T09:14:38Zpespin
<p>Initial patch done by <a class="user active" href="https://osmocom.org/users/119">msuraev</a> in <a class="external" href="https://gerrit.osmocom.org/#/c/meta-telephony/+/3534/">https://gerrit.osmocom.org/#/c/meta-telephony/+/3534/</a> , but it needs some rework.</p> OsmoMGW - Bug #3950 (Resolved): Avoid NULL talloc context use in mgcp_conn_allochttps://osmocom.org/issues/39502019-04-23T11:38:01Zpespin
<p>I spotted osmo-mgw is allocating connections on the NULL talloc context. We usually want to avoid that, so I tried following patch:</p>
<pre>
commit f454fe98d01d12f952de192156078b3a877419f9 (HEAD -> pespin/osmux)
Author: Pau Espin Pedrol <pespin@sysmocom.de>
Date: Tue Apr 23 13:30:32 2019 +0200
mgcp_protocol: Avoid NULL talloc ctx during mgcp_conn_alloc call
Change-Id: Iad53d18a5f3f09d726dbeeaca46e920ad97b7704
diff --git a/src/libosmo-mgcp/mgcp_protocol.c b/src/libosmo-mgcp/mgcp_protocol.c
index ac6b4ea5..c48bc457 100644
--- a/src/libosmo-mgcp/mgcp_protocol.c
+++ b/src/libosmo-mgcp/mgcp_protocol.c
@@ -907,7 +907,7 @@ mgcp_header_done:
endp->callid = talloc_strdup(tcfg->endpoints, callid);
snprintf(conn_name, sizeof(conn_name), "%s", callid);
- _conn = mgcp_conn_alloc(NULL, endp, MGCP_CONN_TYPE_RTP, conn_name);
+ _conn = mgcp_conn_alloc(tcfg->endpoints, endp, MGCP_CONN_TYPE_RTP, conn_name);
if (!_conn) {
LOGP(DLMGCP, LOGL_ERROR,
"CRCX: endpoint:0x%x unable to allocate RTP connection\n",
</pre>
<p>But then this unit test fails:<br /><pre>
2: mgcp FAILED (testsuite.at:14)
</pre></p>
<p>Further lookup shows a head-use-after-free catched by ASan:<br /><pre>
<0010> /home/pespin/dev/sysmocom/git/osmo-mgw/src/libosmo-mgcp/mgcp_protocol.c:799 CRCX: creating new connection ...
<0010> /home/pespin/dev/sysmocom/git/osmo-mgw/src/libosmo-mgcp/mgcp_msg.c:394 Wrong MGCP option format: 'X' on 0x7
<0010> /home/pespin/dev/sysmocom/git/osmo-mgw/src/libosmo-mgcp/mgcp_sdp.c:382 Got media info via SDP: port:5904, addr:123.12.12.123, duration:20, payload-types:111=AMR
Policy CB got state 1 on endpoint 0x7
Dummy packet to 0x7b0c0c7b:5904, msg length 1
23
Dummy packet to 0x7b0c0c7b:5905, msg length 1
23
<0010> /home/pespin/dev/sysmocom/git/osmo-mgw/src/libosmo-mgcp/mgcp_protocol.c:1038 CRCX: endpoint:0x7 connection successfully created
=================================================================
==31947==ERROR: AddressSanitizer: heap-use-after-free on address 0x617000001ce0 at pc 0x7f56db767f91 bp 0x7ffcbe587110 sp 0x7ffcbe587100
WRITE of size 8 at 0x617000001ce0 thread T0
#0 0x7f56db767f90 in __llist_del /home/pespin/dev/sysmocom/git/libosmocore/include/osmocom/core/linuxlist.h:118
#1 0x7f56db768076 in llist_del /home/pespin/dev/sysmocom/git/libosmocore/include/osmocom/core/linuxlist.h:129
#2 0x7f56db769dc6 in rate_ctr_group_free /home/pespin/dev/sysmocom/git/libosmocore/src/rate_ctr.c:262
#3 0x55a28114fcbb in free_rate_counter_group /home/pespin/dev/sysmocom/git/osmo-mgw/src/libosmo-mgcp/mgcp_protocol.c:1533
#4 0x7f56db630875 (/usr/lib/libtalloc.so.2+0xb875)
#5 0x7f56db62afb7 in _talloc_free (/usr/lib/libtalloc.so.2+0x5fb7)
#6 0x55a28113278a in test_messages /home/pespin/dev/sysmocom/git/osmo-mgw/tests/mgcp/mgcp_test.c:859
#7 0x55a28113cfab in main /home/pespin/dev/sysmocom/git/osmo-mgw/tests/mgcp/mgcp_test.c:1830
#8 0x7f56da7d2222 in __libc_start_main (/usr/lib/libc.so.6+0x24222)
#9 0x55a28112e86d in _start (/home/pespin/dev/sysmocom/build/new/tmpdir/osmo-mgw/tests/mgcp/mgcp_test+0x9286d)
0x617000001ce0 is located 96 bytes inside of 688-byte region [0x617000001c80,0x617000001f30)
freed by thread T0 here:
#0 0x7f56dc209c19 in __interceptor_free /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:66
#1 0x7f56db630323 (/usr/lib/libtalloc.so.2+0xb323)
previously allocated by thread T0 here:
#0 0x7f56dc20a019 in __interceptor_malloc /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:86
#1 0x7f56db62de11 in _talloc_zero (/usr/lib/libtalloc.so.2+0x8e11)
SUMMARY: AddressSanitizer: heap-use-after-free /home/pespin/dev/sysmocom/git/libosmocore/include/osmocom/core/linuxlist.h:118 in __llist_del
Shadow bytes around the buggy address:
0x0c2e7fff8340: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c2e7fff8350: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c2e7fff8360: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c2e7fff8370: fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa fa
0x0c2e7fff8380: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c2e7fff8390: fd fd fd fd fd fd fd fd fd fd fd fd[fd]fd fd fd
0x0c2e7fff83a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c2e7fff83b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c2e7fff83c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c2e7fff83d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c2e7fff83e0: fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==31947==ABORTING
</pre></p>
<p>Then instead, of regular output it prints:<br /><pre>
(response does not contain a connectio
</pre></p>
<p>Need to check why this change makes it fail, probably a bug in the test.</p> Cellular Network Infrastructure - Bug #3551 (Resolved): A few projects still set up .tarball-vers...https://osmocom.org/issues/35512018-09-13T10:04:14Zpespin
<p>From libosmo-sccp:<br /><pre>
commit c3b1f636c94c01bf190713e2d17e2ffd1a58be9a
Author: Harald Welte <laforge@gnumonks.org>
Date: Mon Aug 6 11:12:33 2018 +0200
debian/rules: Don't overwrite .tarball-version
The .tarball-version file should contain the *source version* uniquely
identifying the git commit, and not the Debian package name.
With https://gerrit.osmocom.org/#/c/osmo-ci/+/10343/ there is a correct
.tarball-version file in the .tar.xz of the nightly source packages.
Change-Id: I620c96eb311be6fdd4187bdcc311ea893ad93614
Related: OS#3449
diff --git a/debian/rules b/debian/rules
index 279568f..bea0a76 100755
--- a/debian/rules
+++ b/debian/rules
@@ -23,10 +23,6 @@ override_dh_install:
override_dh_auto_test:
dh_auto_test || (find . -name testsuite.log -exec cat {} \; ; false)
-override_dh_autoreconf:
- echo $(VERSION) > .tarball-version
- dh_autoreconf
-
override_dh_auto_configure:
dh_auto_configure -- --enable-static
</pre></p>
<pre>
$ ag tarball-version | grep debian/rules
libsmpp34/debian/rules:18: echo $(VERSION) > .tarball-version
libgtpnl/debian/rules:29: echo $(VERSION) > .tarball-version
libusrp/debian/rules:16: echo $(VERSION) > .tarball-version
libusrp/debian/rules:28: rm -f tests/package.m4 tests/testsuite .version .tarball-version
osmocom-bb/src/shared/libosmocore/debian/rules:23: echo $(VERSION) > .tarball-version
libasn1c/debian/rules:51: echo $(VERSION) > .tarball-version
openbsc/debian/rules:27: echo $(VERSION) > openbsc/.tarball-version
</pre> OsmoGSMTester - Bug #3311 (Closed): ansible: osmo-gsm-tester main unit udhcpd server not started ...https://osmocom.org/issues/33112018-05-31T13:46:54Zpespin
<p>For last days nanobts tests in osmo-gsm-tester have been failing.</p>
<p>After having a look for a while and testing booring a nanobts manually and checking with abisip-find, I noticed there was no output and finally realized the udhcpd server was not up. This is what I saw:</p>
<pre>
root@osmo-gsm-tester-prod:~# systemctl status udhcpd
● udhcpd.service - LSB: Start busybox udhcpd at boot time
Loaded: loaded (/etc/init.d/udhcpd; generated; vendor preset: enabled)
Active: active (exited) since Thu 2018-05-31 15:00:45 CEST; 2min 2s ago
Docs: man:systemd-sysv-generator(8)
Process: 299 ExecStart=/etc/init.d/udhcpd start (code=exited, status=0/SUCCESS)
</pre>
<p>Restarting it with <code>systemctl restart udhcpd</code> worked fine and since then an IP addr was assigned to the BTS and I could see it with abisip-find.</p>
<pre><code>Since I had restarted the main unit for other reasons a few hours ago, I thought that perhaps udhcpd was not being startup correctly during boot. I re-booted the main unit and checked at the status of the server: udhcpd again stated it 3was started but exited:</code></pre>
<pre>
May 31 15:00:45 osmo-gsm-tester-prod systemd[1]: Starting LSB: Start busybox udhcpd at boot time...
May 31 15:00:45 osmo-gsm-tester-prod udhcpd[299]: Starting very small Busybox based DHCP server: udhcpd.
May 31 15:00:45 osmo-gsm-tester-prod systemd[1]: Started LSB: Start busybox udhcpd at boot time.
May 31 15:00:45 osmo-gsm-tester-prod udhcpd[315]: udhcpd (v1.22.1) started
May 31 15:00:45 osmo-gsm-tester-prod udhcpd[315]: max_leases=235 is too big, setting to 6
May 31 15:00:45 osmo-gsm-tester-prod udhcpd[315]: is interface enp2s0 up and configured?: Cannot assign requested address
</pre>
<p>So it seems udhcpd is started before the network is up, then exits. udhcpd in our current version actually seems to be using /etc/init.d/ still, for which systemc creates a temporal .service file in /run. So in order to wait for network to be up, I had to create a service file with required bits:<br /><pre>
# cat /lib/systemd/system/udhcpd.service
[Unit]
Description=udhcpcd DHCP server
After=network-online.target
Wants=network-online.target
[Service]
ExecStart=/usr/sbin/udhcpd -f
RestartSec=5
Restart=always
[Install]
WantedBy=multi-user.target
</pre></p>
<p>Then enabled it <code>systemctl enable udhcpd.server</code>, then restarted the main unit and udhcpd started fine during boot process.</p>
<p>So, we need to add that file to ansible and install it into /lib/systemd/system/udhcpd.service. We also need to enable the service.</p> OsmoBSCNAT - Bug #3300 (Resolved): Avoid heap-use-after-free in osmo_wqueue_bfd_cbhttps://osmocom.org/issues/33002018-05-29T16:19:09Zpespin
<pre>
<0015> /home/data/pespin/git/openbsc/openbsc/src/osmo-bsc_nat/bsc_filter.c:209 Whitelisted with rule 0
<0015> /home/data/pespin/git/openbsc/openbsc/src/osmo-bsc_nat/bsc_sccp.c:136 Created 0x30006 <-> 0x50006 mapping for con 0x616000052be0
<0015> /home/data/pespin/git/openbsc/openbsc/src/osmo-bsc_nat/bsc_nat.c:1317 The connection to the BSC Nr: -1 was lost. Cleaning it
=================================================================
==27028==ERROR: AddressSanitizer: heap-use-after-free on address 0x6160000c521c at pc 0x7ffff606b056 bp 0x7fffffffe170 sp 0x7fffffffe168
READ of size 4 at 0x6160000c521c thread T0
#0 0x7ffff606b055 in osmo_wqueue_bfd_cb /home/data/pespin/git/libosmocore/src/write_queue.c:65
#1 0x7ffff6055c3b in osmo_fd_disp_fds /home/data/pespin/git/libosmocore/src/select.c:217
#2 0x7ffff6055ed5 in osmo_select_main /home/data/pespin/git/libosmocore/src/select.c:257
#3 0x421c82 in main /home/data/pespin/git/openbsc/openbsc/src/osmo-bsc_nat/bsc_nat.c:1713
#4 0x7ffff4803b44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)
#5 0x406438 (/home/data/pespin/build/2g-nitb/out/bin/osmo-bsc_nat+0x406438)
0x6160000c521c is located 156 bytes inside of 568-byte region [0x6160000c5180,0x6160000c53b8)
freed by thread T0 here:
#0 0x7ffff6f59527 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x54527)
#1 0x7ffff69fd522 in _talloc_free (/usr/lib/x86_64-linux-gnu/libtalloc.so.2+0x3522)
previously allocated by thread T0 here:
#0 0x7ffff6f5973f in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x5473f)
#1 0x7ffff6a01630 in _talloc_zero (/usr/lib/x86_64-linux-gnu/libtalloc.so.2+0x7630)
SUMMARY: AddressSanitizer: heap-use-after-free /home/data/pespin/git/libosmocore/src/write_queue.c:65 osmo_wqueue_bfd_cb
Shadow bytes around the buggy address:
0x0c2c800109f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c2c80010a00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c2c80010a10: fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa
0x0c2c80010a20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2c80010a30: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x0c2c80010a40: fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd
</pre>
<p>Required fixed is probably similar to that of <a class="issue tracker-1 status-3 priority-2 priority-default closed" title="Bug: osmo-bsc: heap-use-after-free at osmo_wqueue_bfd_cb (Resolved)" href="https://osmocom.org/issues/3206">#3206</a></p> Cellular Network Infrastructure - Feature #3229 (New): build-system: jenkins.sh: Improve debian ...https://osmocom.org/issues/32292018-05-03T12:40:28Zpespin
<p>The idea is to add extra tests/checks to avoid breaking debian package building during nightly builds in OBS. Instead, let's catch it during gerrit patch submission time and don't allow merging it until it's fixed.</p>
<p>We should investigate several tools, like pbuilder, dpkg-build, etc. I recall lynxis also told me something about some kind of lint tool available for this purposes.</p> OsmoTRX - Bug #3218 (Resolved): Add libusrp to osmocom debian repositoryhttps://osmocom.org/issues/32182018-04-26T15:32:16Zpespin
<p>Right now it misses the debian/ subdir with all the related files to build it.</p>
<p>[] Submit patch to libusrp.git add debian/ subdir with all metadata<br />[] Submit patch to build it in osmo-ci osmocom-{nightly,latest}-packages.sh (must be build before osmo-trx).<br />[] Make sure osmo-trx has a osmo-trx-uhd package (osmo-trx-uhd.install).</p> OsmoBSCNAT - Bug #3157 (Resolved): bsc-nat crash when receiving SET REPLY mcc-mnc-applyhttps://osmocom.org/issues/31572018-04-11T11:58:01Zpespin
<p>I can easily reproduce it running latest master of all osmocom related projects.</p>
<p>During investigation, I already submited several patches that I think are not directly related but were catched during code reading:<br /><a class="external" href="https://gerrit.osmocom.org/#/c/7746">https://gerrit.osmocom.org/#/c/7746</a><br /><a class="external" href="https://gerrit.osmocom.org/#/c/7749">https://gerrit.osmocom.org/#/c/7749</a></p>
<p>The code running during the backtrace below has the following extra changes built-in:<br /><pre>
diff --git a/openbsc/src/osmo-bsc_nat/bsc_nat_ctrl.c b/openbsc/src/osmo-bsc_nat/bsc_nat_ctrl.c
index 738ac87..f454185 100644
--- a/openbsc/src/osmo-bsc_nat/bsc_nat_ctrl.c
+++ b/openbsc/src/osmo-bsc_nat/bsc_nat_ctrl.c
@@ -142,6 +142,7 @@ int bsc_nat_handle_ctrlif_msg(struct bsc_connection *bsc, struct msgb *msg)
/* Find the pending command */
pending = bsc_get_pending(bsc, cmd->id);
if (pending) {
+ LOGP(DNAT, LOGL_ERROR, "CTRL cmd pending found, patching\n");
osmo_talloc_replace_string(cmd, &cmd->id, pending->cmd->id);
if (!cmd->id) {
cmd->type = CTRL_TYPE_ERROR;
@@ -161,6 +162,8 @@ int bsc_nat_handle_ctrlif_msg(struct bsc_connection *bsc, struct msgb *msg)
goto err;
}
}
+ } else {
+ LOGP(DNAT, LOGL_ERROR, "CTRL: list empty? bsc->cfg=%p\n", bsc->cfg);
}
talloc_free(cmd);
return 0;
</pre></p>
<p>As a result, the message printed can be seen before the crash, and bsc_nat_ctrl.c:168 points to the talloc_free immediately before the "err" goto tag.<br />During investigation I at least once saw the execution of the code with the output "CTRL: list empty? bsc->cfg=(nil)", which didn't crash. Also receival of TRAP messages doesn't crash. So the bug seems to be related to the pending struct that is bsc-nat related.</p>
<p>talloc aborts with a clear "Bad talloc magic value - access after free" message.</p>
<pre>
<0015> /home/data/pespin/git/openbsc/openbsc/src/osmo-bsc_nat/bsc_nat.c:1328 MSG from BSC: 00 6a ee 00 54 52 41 50 20 30 20 62 74 73 2e 30 2e 6c 6f 63 61 74 69 6f 6e 2d 73 74 61 74 65 20 31 35 32 33 34 34 36 37 33 38 2c 69 6e 76 61 6c 69 64 2c 30 2e 30 30 30 30 30 30 2c 30 2e 30 30 30 30 30 30 2c 30 2e 30 30 30 30 30 30 2c 6f 70 65 72 61 74 69 6f 6e 61 6c 2c 75 6e 6c 6f 63 6b 65 64 2c 6f 66 66 2c 32 37 34 2c 30 38 proto: 0
<0025> /home/data/pespin/git/libosmocore/src/ctrl/control_cmd.c:439 Command: TRAP bts.0.location-state: 1523446738,invalid,0.000000,0.000000,0.000000,operational,unlocked,off,274,08
<0025> /home/data/pespin/git/libosmocore/src/ctrl/control_cmd.c:411 Command: SET net.0.bsc_cfg.0.no-access-list-name = "1"
<0025> /home/data/pespin/git/libosmocore/src/ctrl/control_cmd.c:411 Command: SET net.0.bsc.0.mcc-mnc-apply = "274,08"
<0025> /home/data/pespin/git/libosmocore/src/ctrl/control_cmd.c:411 Command: SET net.0.bsc.0.rf_locked = "1"
<0015> /home/data/pespin/git/openbsc/openbsc/src/osmo-bsc_nat/bsc_nat.c:1328 MSG from BSC: 00 2a ee 00 53 45 54 5f 52 45 50 4c 59 20 31 20 6d 63 63 2d 6d 6e 63 2d 61 70 70 6c 79 20 4e 6f 74 68 69 6e 67 20 63 68 61 6e 67 65 64 proto: 0
<0025> /home/data/pespin/git/libosmocore/src/ctrl/control_cmd.c:438 Command: SET REPLY mcc-mnc-apply: Nothing changed
<0015> /home/data/pespin/git/openbsc/openbsc/src/osmo-bsc_nat/bsc_nat_ctrl.c:145 CTRL cmd pending found, patching
Program received signal SIGABRT, Aborted.
0x00007ffff6950067 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
56 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0 0x00007ffff6950067 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1 0x00007ffff6951448 in __GI_abort () at abort.c:89
#2 0x00007ffff79a769c in talloc_abort (reason=0x7ffff79b4248 "Bad talloc magic value - access after free") at ../talloc.c:340
#3 0x00007ffff79a6a37 in talloc_abort_access_after_free () at ../talloc.c:359
#4 talloc_chunk_from_ptr (ptr=0x7f59b0) at ../talloc.c:380
#5 _talloc_free (ptr=0x7f59b0, location=0x45cea0 "/home/data/pespin/git/openbsc/openbsc/src/osmo-bsc_nat/bsc_nat_ctrl.c:168") at ../talloc.c:1572
#6 0x00000000004163d4 in bsc_nat_handle_ctrlif_msg (bsc=0x77bf60, msg=0x7d9440)
at /home/data/pespin/git/openbsc/openbsc/src/osmo-bsc_nat/bsc_nat_ctrl.c:168
#7 0x000000000040d385 in ipaccess_bsc_read_cb (bfd=0x77bf88) at /home/data/pespin/git/openbsc/openbsc/src/osmo-bsc_nat/bsc_nat.c:1353
#8 0x00007ffff73127e3 in osmo_wqueue_bfd_cb (fd=0x77bf88, what=1) at /home/data/pespin/git/libosmocore/src/write_queue.c:51
#9 0x00007ffff730c634 in osmo_fd_disp_fds (_rset=0x7fffffffe9b0, _wset=0x7fffffffe930, _eset=0x7fffffffe8b0)
at /home/data/pespin/git/libosmocore/src/select.c:216
#10 0x00007ffff730c7a4 in osmo_select_main (polling=0) at /home/data/pespin/git/libosmocore/src/select.c:256
#11 0x000000000040e17e in main (argc=3, argv=0x7fffffffeb78) at /home/data/pespin/git/openbsc/openbsc/src/osmo-bsc_nat/bsc_nat.c:1713
(gdb) frame 6
#6 0x00000000004163d4 in bsc_nat_handle_ctrlif_msg (bsc=0x77bf60, msg=0x7d9440)
at /home/data/pespin/git/openbsc/openbsc/src/osmo-bsc_nat/bsc_nat_ctrl.c:168
168 talloc_free(cmd);
(gdb) print *cmd
$1 = {ccon = 0x0, type = CTRL_TYPE_SET_REPLY, id = 0x7bef50 "1", node = 0x0, variable = 0x7f5b60 "net.0.bsc.0.mcc-mnc-apply", value = 0x0,
reply = 0x7f5ae0 "Nothing changed", defer = 0x0}
(gdb) print *pending
$2 = {list_entry = {next = 0x100100, prev = 0x200200}, timeout = {node = {rb_parent_color = 8347520, rb_right = 0x0, rb_left = 0x0}, list = {
next = 0x7f70a8, prev = 0x7f70a8}, timeout = {tv_sec = 1523446757, tv_usec = 988566}, active = 0, cb = 0x41640a <pending_timeout_cb>,
data = 0x7f7080}, nat_id = 1, ccon = 0x77c1a0, cmd = 0x1110}
</pre> OsmoBSC - Bug #3074 (Resolved): bs11_config doesn't build with latest masterhttps://osmocom.org/issues/30742018-03-17T20:45:26Zpespin
<p>Commit 3561bd48976dbee8dbd4659dad15be85a3e79ace in osmo-bsc removed bs11_config binary from being built.</p>
<p>I now tried re-enabling it:<br /><pre>
diff --git a/src/utils/Makefile.am b/src/utils/Makefile.am
index 0c681a56..71c9b16f 100644
--- a/src/utils/Makefile.am
+++ b/src/utils/Makefile.am
@@ -22,6 +22,7 @@ noinst_HEADERS = \
$(NULL)
bin_PROGRAMS = \
+ bs11_config \
isdnsync \
meas_json \
$(NULL)
</pre></p>
<p>But it fails with lots of errors:<br /><pre>
CCLD bs11_config
../../src/libbsc/libbsc.a(bsc_subscr_conn_fsm.o): In function `toss_mgcp_conn':
/home/pespin/dev/sysmocom/git/osmo-bsc/src/libbsc/bsc_subscr_conn_fsm.c:220: undefined reference to `mgcp_conn_delete'
/home/pespin/dev/sysmocom/git/osmo-bsc/src/libbsc/bsc_subscr_conn_fsm.c:225: undefined reference to `mgcp_conn_delete'
../../src/libbsc/libbsc.a(bsc_subscr_conn_fsm.o): In function `gscon_cleanup':
/home/pespin/dev/sysmocom/git/osmo-bsc/src/libbsc/bsc_subscr_conn_fsm.c:960: undefined reference to `osmo_sccp_tx_disconn'
../../src/libbsc/libbsc.a(bsc_subscr_conn_fsm.o): In function `gscon_fsm_init':
/home/pespin/dev/sysmocom/git/osmo-bsc/src/libbsc/bsc_subscr_conn_fsm.c:251: undefined reference to `osmo_bsc_sigtran_open_conn'
/home/pespin/dev/sysmocom/git/osmo-bsc/src/libbsc/bsc_subscr_conn_fsm.c:273: undefined reference to `osmo_sccp_tx_disconn'
/home/pespin/dev/sysmocom/git/osmo-bsc/src/libbsc/bsc_subscr_conn_fsm.c:265: undefined reference to `osmo_sccp_tx_disconn'
/home/pespin/dev/sysmocom/git/osmo-bsc/src/libbsc/bsc_subscr_conn_fsm.c:263: undefined reference to `osmo_sccp_addr_dump'
../../src/libbsc/libbsc.a(bsc_subscr_conn_fsm.o): In function `sigtran_send':
/home/pespin/dev/sysmocom/git/osmo-bsc/src/libbsc/bsc_subscr_conn_fsm.c:143: undefined reference to `osmo_bsc_sigtran_send'
../../src/libbsc/libbsc.a(bsc_subscr_conn_fsm.o): In function `gscon_fsm_wait_ho_compl':
/home/pespin/dev/sysmocom/git/osmo-bsc/src/libbsc/bsc_subscr_conn_fsm.c:717: undefined reference to `mgcp_conn_modify'
../../src/libbsc/libbsc.a(bsc_subscr_conn_fsm.o): In function `gscon_fsm_wait_ass_cmpl':
/home/pespin/dev/sysmocom/git/osmo-bsc/src/libbsc/bsc_subscr_conn_fsm.c:506: undefined reference to `mgcp_conn_modify'
../../src/libbsc/libbsc.a(bsc_subscr_conn_fsm.o): In function `gscon_fsm_wait_mdcx_bts':
/home/pespin/dev/sysmocom/git/osmo-bsc/src/libbsc/bsc_subscr_conn_fsm.c:577: undefined reference to `mgcp_conn_create'
../../src/libbsc/libbsc.a(bsc_subscr_conn_fsm.o): In function `gscon_fsm_active':
/home/pespin/dev/sysmocom/git/osmo-bsc/src/libbsc/bsc_subscr_conn_fsm.c:343: undefined reference to `mgcp_conn_create'
collect2: error: ld returned 1 exit status
make[3]: *** [Makefile:578: bs11_config] Error 1
make[3]: Leaving directory '/home/pespin/dev/sysmocom/build/new/tmpdir/osmo-bsc/src/utils'
make[2]: *** [Makefile:406: all-recursive] Error 1
make[2]: Leaving directory '/home/pespin/dev/sysmocom/build/new/tmpdir/osmo-bsc/src'
make[1]: *** [Makefile:442: all-recursive] Error 1
make[1]: Leaving directory '/home/pespin/dev/sysmocom/build/new/tmpdir/osmo-bsc'
make: *** [Makefile:374: all] Error 2
</pre></p>
<p>Probably those regressions were added during the same commit which disabled its build.</p> OsmoGGSN (former OpenGGSN) - Feature #2946 (New): Add test suite for sgsnemuhttps://osmocom.org/issues/29462018-02-14T16:14:38Zpespin
<p>We should add some testing framework to check we don't break sgsnemu.</p>
<p>Some ideas:<br />- Run sgsnemu in one docker and osmo-ggsn in another one and see if we can create the pdp ctx and use ping (createif mode requires osmo-ggsn to be in separate net namespace for correct routing of packets).<br />- Create TTCN3 testsuite for sgsnemu.</p> OsmoGSMTester - Feature #2707 (New): Add support for verifying content of log files after test is...https://osmocom.org/issues/27072017-12-04T16:30:13Zpespin
<p>We need to add some pieces to osmo-gsm-tester that lets us do some verifications on each object once the test is finished.</p>
<p>We could have a generic verification phase after the test .py file has finished: During test run, when an object instance is requested by the test and allocated by suite.py, we can add that object to a list of objects to verify.<br />When the test execution is passed, for each object we call obj.verify(), which will trigger an Exception if some verification fails.</p>
<p>We can then have a generic API providing helpers to be used inside verify() of each object, as for each object we want to check different information and sources of information. This helpers can also be used by tests to verify specific requirements for that test which doesn't apply in general. Some verification sources I can think of:<br />- log file generated by each object (process).<br />- pcap file owned by each object (through its PcapRecorder object).</p>
<p>Log files:<br /> It would be nice to have an API which allows you to pass the log file, and then another file with strings/regexp to match. If one of those strings/regexp matches in the file, then a exception is triggered. We also want a similar API to do the same but to verify that it doesn't contain a specific string/regexp. The first one can be useful, for instance, to have a list of error strings which should never appear under normal circumstances and that we want to investigate in case they happen. That's the case for string "no space for uplink measurement" (see <a class="issue tracker-1 status-3 priority-2 priority-default closed" title="Bug: frequent "no space for uplink measurement" message (Resolved)" href="https://osmocom.org/issues/2329">#2329</a>). This way we can catch regressions quite quickly.</p>
<p>Pcap files:<br />It would be nice to have an API both for:<br />- generic verification: In general, we may want to check that specific filter never appears or that a specific filter must appear. This can be easily implemented using tshark.<br />- specific verification: A test may want to verify some information from the pcap file. For instance, that a certain kind of packet was received, or that a special error is triggered, or that at least N packets matching a filter are being sent.<br />- wait() trigger: It can be used either internally or by tests to wait for specific events to happen before doing something.</p>
<p>I'd first start with the log file part, then once we are done, go for the pcap part.</p> OsmoMSC - Bug #2698 (New): Add more tests to jenkins job testing osmo-msc against NG40testerhttps://osmocom.org/issues/26982017-12-01T12:36:00Zpespin
<p>So far, in sysmocom's jenkins instance job (ng40-test-core-network), we only run 1 test which checks that LU works for 300 MS connecting to osmo-msc.</p>
<p>We need to find a list of screnarios we want to test and implement them using NG40.</p> OsmoGSMTester - Bug #2615 (New): Add API to check GPS lock in BTShttps://osmocom.org/issues/26152017-11-03T17:00:23Zpespin
<p>We should make sure that all BTS are always correctly calibrated.</p>
<p>For sysmocell5000, ssh+ccli can be used:</p>
<p>Ensure GPS_AUTO_SET_DATE_TIME_ENABLE is enabled<br /><pre>
> mib.get GPS_AUTO_SET_DATE_TIME_ENABLE
OK
GPS_AUTO_SET_DATE_TIME_ENABLE 1 (0x1
</pre></p>
<p>Other interesting commands to check for fix:<br /><pre>
> gps.get-location
OK
lat=0, long=0, alt=0m, age=4294967295s
> gps.get-time
OK
time=023016.33, date=1970-01-11, unixtime=873016, age=4294967295s
</pre></p>
<p>For OCTPHY it's even part of the DSP API.</p>
<p>For b-200, there no way to check afaik.</p>
<p>For sysmobts: gps related:"gpsmon", "gpsdate", "gpsctl", "cgps /dev/ttyS2" <br />To calibrate use sysmobts-calib -m calibrate with any available source (gps or other networks).</p> OsmoGSMTester - Feature #2612 (New): Allow skipping pcaps by configuration if access to tcpdump i...https://osmocom.org/issues/26122017-11-02T14:55:23Zpespin
<p>I found today the title of this task in a comment in osmo-gsm-tester user manual, so putting it here and cleaning it from there.</p> OsmoGSMTester - Bug #2463 (Resolved): Add doc on dependencies needed for the jenkins slave runnin...https://osmocom.org/issues/24632017-08-25T12:09:12Zpespin
<p>A new jenkins slave was recently added and job checking osmo-gsm-tester commits in gerrit (osmo-gsm-tester-gerrit) is failing because it's missing some python yaml module installed.</p>
<p>We should add documentation on what needs to be installed in he jenkins slave in order to be able to run that job in here:<br /><a class="external" href="https://osmocom.org/projects/osmocom-servers/wiki/Jenkins_Node_Setup">https://osmocom.org/projects/osmocom-servers/wiki/Jenkins_Node_Setup</a></p>
<p>Maybe take the time too to check that all dependencies are well described in README in osmo-gsm-tester repo as well as in the osmo-gsm-manuals repo.</p>
<p>Affected build node: build2-deb8build</p> libosmocore - Feature #2350 (Closed): Add configure flag to unconditionally disable doxygen runhttps://osmocom.org/issues/23502017-07-05T09:14:41Zpespin
<p>Right now in libosmocore, configure.ac checks if doxygen binary is available in the system. If that's the case, it forces the run of doxygen to generate documentation at install time (or make distcheck).</p>
<p>It would be nice to have a configure flag --disable-doxygen or --disable-doc even if it is found on the system. This will speed up compilation times and it's also useful if the user doesn't need documentation.</p>
<p>It's important for instance for osmo-gsm-tester, which copies the uncompressed tarball generated by make distcheck into the sysmobts on every run, and the share/doc directory containing all doxygen output can weight around 40MB nowadays. To avoid that, in osmo-gsmtester we currently rm -rf the share/doc directory, but it would be nice if we could just avoid building them in first place as we don't need them.</p>
<p>Same applies for libosmo-sccp, openbsc, etc.</p>