Bug #3249: osmo-bts sends UNIT_DATA_IND with non-permitted extra IEs - OsmoBTS - Open Source Mobile Communications

Actions

Copy link

Bug #3249

closed

osmo-bts sends UNIT_DATA_IND with non-permitted extra IEs

Added by laforge almost 6 years ago. Updated almost 6 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

laforge

Category:

Abis

Target version:

Start date:

05/08/2018

Due date:

% Done:

80%

Spec Reference:

Description

TS 48.058 defines the "RLL UNIT DATA INDICATION" in section 8.3.11 as a message containing only

message discriminator
message type
channel number
link identifier
l3 information

However, osmo-bts generates

    {
        iei := RSL_IE_CHAN_NR (1),
        body := {
            chan_nr := {
                u := {
                    sdcch4 := {
                        tag := '001'B,
                        sub_chan := 2
                    }
                },
                tn := 0
            }
        }
    },
    {
        iei := RSL_IE_LINK_IDENT (2),
        body := {
            link_id := {
                c := FACCH_SDCCH (0),
                na := false,
                prio := SAPI0_PRIO_NORMAL (0),
                sapi := 0
            }
        }
    },
    {
        iei := RSL_IE_TIMING_ADVANCE (24),
        body := {
            timing_adv := 0
        }
    },
    {
        iei := RSL_IE_MS_POWER (13),
        body := {
            ms_power := {
                reserved := 0,
                fpc_epc := false,
                power_level := 0
            }
        }
    },
    {
        iei := RSL_IE_L3_INFO (11),
        body := {
            l3_info := {
                len := 15,
                payload := '43DF4F33FBB9A35A7B0399F5937ADB'O
            }
        }
    }

as you can see, this includes MS_POWER and TIMING_ADVANCE IEs that shouldn't be there.

This was generated from a LAPDm frame on a SDCCH as follows:

21:12:03.500544 6 BTS_Tests.ttcn:3021 enc_LapdmFrame(): Stream after encoding: '01033D43DF4F33FBB9A35A7B0399F5937ADB'O
21:12:03.500833 6 BTS_Tests.ttcn:3026 encoding {
    ab := {
        addr := {
            spare := '0'B,
            lpd := 0,
            sapi := 0,
            c_r := false,
            ea := true
        },
        ctrl := {
            u := {
                spare := '11'B,
                u2 := '00'B,
                p_f := false,
                u := '000'B
            }
        },
        len := 0,
        m := false,
        el := 1,
        payload := '43DF4F33FBB9A35A7B0399F5937ADB'O
    }
} to '01033D43DF4F33FBB9A35A7B0399F5937ADB'O

Actions

Copy link

Updated by laforge almost 6 years ago

% Done changed from 0 to 10

the culprit appears to be send_rslms_rll_l3_ui() in libosmocore/src/gsm/lapdm.c, whihc talks about Take a B4 format message from L1 and create RSLms UNIT DATA IND to go on and add unconditional RSL_IE_TIMING_ADVANCE and RSL_IE_MS_POWER.

However, we're calling this for any OSMO_PRIM(PRIM_DL_UNIT_DATA, PRIM_OP_INDICATION), which is how the LAPD code reports any UI frame, no matter where it was received on.

Actions

Copy link