PentHertz
/
srsLTE
mirror of https://github.com/PentHertz/srsLTE.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix uninitialized memory access in gtpu_test and liblte_mme unpacking

This commit is contained in:
Francisco 2021-02-09 18:02:53 +00:00 committed by Francisco Paisana
parent 6545df6681
commit 4188b5146e
6 changed files with 70 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/include/srslte/common/buffer_pool.h
View File

@ -223,6 +223,11 @@ inline unique_byte_buffer_t make_byte_buffer() noexcept
return std::unique_ptr<byte_buffer_t>(new (std::nothrow) byte_buffer_t());
}
inline unique_byte_buffer_t make_byte_buffer(uint32_t size, uint8_t value) noexcept
{
return std::unique_ptr<byte_buffer_t>(new (std::nothrow) byte_buffer_t(size, value));
}
inline unique_byte_buffer_t make_byte_buffer(const char* debug_ctxt) noexcept
{
std::unique_ptr<byte_buffer_t> buffer(new (std::nothrow) byte_buffer_t());

8
lib/include/srslte/common/byte_buffer.h
View File

@ -99,6 +99,13 @@ public:
bzero(debug_name, SRSLTE_BUFFER_POOL_LOG_NAME_LEN);
#endif
}
explicit byte_buffer_t(uint32_t size) : msg(&buffer[SRSLTE_BUFFER_HEADER_OFFSET]), N_bytes(size)
{
#ifdef SRSLTE_BUFFER_POOL_LOG_ENABLED
bzero(debug_name, SRSLTE_BUFFER_POOL_LOG_NAME_LEN);
#endif
}
byte_buffer_t(uint32_t size, uint8_t val) : byte_buffer_t(size) { std::fill(msg, msg + N_bytes, val); }
byte_buffer_t(const byte_buffer_t& buf) : msg(&buffer[SRSLTE_BUFFER_HEADER_OFFSET]), md(buf.md), N_bytes(buf.N_bytes)
{
// copy actual contents
@ -150,7 +157,6 @@ public:
void* operator new(size_t sz);
void* operator new(size_t sz, const std::nothrow_t& nothrow_value) noexcept;
void* operator new(size_t sz, void* ptr) noexcept { return ptr; }
void* operator new[](size_t sz) = delete;
void operator delete(void* ptr);
void operator delete[](void* ptr) = delete;

41
lib/src/asn1/liblte_mme.cc
View File

@ -298,7 +298,6 @@ LIBLTE_ERROR_ENUM liblte_mme_pack_mobile_id_ie(LIBLTE_MME_MOBILE_ID_STRUCT* mobi
err = LIBLTE_SUCCESS;
} else {
**ie_ptr = (0xFF << 4) | (0 << 3) | mobile_id->type_of_id;
*ie_ptr += 1;
// 4-Byte based ids
@ -4364,7 +4363,6 @@ LIBLTE_ERROR_ENUM liblte_mme_unpack_transaction_identifier_ie(uint8**
LIBLTE_ERROR_ENUM liblte_mme_parse_msg_sec_header(LIBLTE_BYTE_MSG_STRUCT* msg, uint8* pd, uint8* sec_hdr_type)
{
LIBLTE_ERROR_ENUM err = LIBLTE_ERROR_INVALID_INPUTS;
if (msg != NULL && pd != NULL && sec_hdr_type != NULL) {
@ -4599,6 +4597,7 @@ LIBLTE_ERROR_ENUM liblte_mme_pack_attach_accept_msg(LIBLTE_MME_ATTACH_ACCEPT_MSG
LIBLTE_ERROR_ENUM liblte_mme_unpack_attach_accept_msg(LIBLTE_BYTE_MSG_STRUCT* msg,
LIBLTE_MME_ATTACH_ACCEPT_MSG_STRUCT* attach_accept)
{
bzero(msg, sizeof(LIBLTE_BYTE_MSG_STRUCT));
LIBLTE_ERROR_ENUM err = LIBLTE_ERROR_INVALID_INPUTS;
uint8* msg_ptr = msg->msg;
uint8 sec_hdr_type;
@ -4785,6 +4784,7 @@ LIBLTE_ERROR_ENUM liblte_mme_pack_attach_complete_msg(LIBLTE_MME_ATTACH_COMPLETE
LIBLTE_ERROR_ENUM liblte_mme_unpack_attach_complete_msg(LIBLTE_BYTE_MSG_STRUCT* msg,
LIBLTE_MME_ATTACH_COMPLETE_MSG_STRUCT* attach_comp)
{
bzero(msg, sizeof(LIBLTE_BYTE_MSG_STRUCT));
LIBLTE_ERROR_ENUM err = LIBLTE_ERROR_INVALID_INPUTS;
uint8* msg_ptr = msg->msg;
uint8 sec_hdr_type;
@ -4861,6 +4861,7 @@ LIBLTE_ERROR_ENUM liblte_mme_pack_attach_reject_msg(LIBLTE_MME_ATTACH_REJECT_MSG
LIBLTE_ERROR_ENUM liblte_mme_unpack_attach_reject_msg(LIBLTE_BYTE_MSG_STRUCT* msg,
LIBLTE_MME_ATTACH_REJECT_MSG_STRUCT* attach_rej)
{
bzero(msg, sizeof(LIBLTE_BYTE_MSG_STRUCT));
LIBLTE_ERROR_ENUM err = LIBLTE_ERROR_INVALID_INPUTS;
uint8* msg_ptr = msg->msg;
uint8 sec_hdr_type;
@ -5110,6 +5111,7 @@ LIBLTE_ERROR_ENUM liblte_mme_pack_attach_request_msg(LIBLTE_MME_ATTACH_REQUEST_M
LIBLTE_ERROR_ENUM liblte_mme_unpack_attach_request_msg(LIBLTE_BYTE_MSG_STRUCT* msg,
LIBLTE_MME_ATTACH_REQUEST_MSG_STRUCT* attach_req)
{
bzero(msg, sizeof(LIBLTE_BYTE_MSG_STRUCT));
LIBLTE_ERROR_ENUM err = LIBLTE_ERROR_INVALID_INPUTS;
uint8* msg_ptr = msg->msg;
uint8 sec_hdr_type;
@ -5317,6 +5319,7 @@ LIBLTE_ERROR_ENUM liblte_mme_pack_authentication_failure_msg(LIBLTE_MME_AUTHENTI
LIBLTE_ERROR_ENUM liblte_mme_unpack_authentication_failure_msg(LIBLTE_BYTE_MSG_STRUCT* msg,
LIBLTE_MME_AUTHENTICATION_FAILURE_MSG_STRUCT* auth_fail)
{
bzero(msg, sizeof(LIBLTE_BYTE_MSG_STRUCT));
LIBLTE_ERROR_ENUM err = LIBLTE_ERROR_INVALID_INPUTS;
uint8* msg_ptr = msg->msg;
uint8 sec_hdr_type;
@ -5386,6 +5389,7 @@ LIBLTE_ERROR_ENUM liblte_mme_pack_authentication_reject_msg(LIBLTE_MME_AUTHENTIC
LIBLTE_ERROR_ENUM liblte_mme_unpack_authentication_reject_msg(LIBLTE_BYTE_MSG_STRUCT* msg,
LIBLTE_MME_AUTHENTICATION_REJECT_MSG_STRUCT* auth_reject)
{
bzero(msg, sizeof(LIBLTE_BYTE_MSG_STRUCT));
LIBLTE_ERROR_ENUM err = LIBLTE_ERROR_INVALID_INPUTS;
uint8* msg_ptr = msg->msg;
uint8 sec_hdr_type;
@ -5453,6 +5457,7 @@ LIBLTE_ERROR_ENUM liblte_mme_pack_authentication_request_msg(LIBLTE_MME_AUTHENTI
LIBLTE_ERROR_ENUM liblte_mme_unpack_authentication_request_msg(LIBLTE_BYTE_MSG_STRUCT* msg,
LIBLTE_MME_AUTHENTICATION_REQUEST_MSG_STRUCT* auth_req)
{
bzero(msg, sizeof(LIBLTE_BYTE_MSG_STRUCT));
LIBLTE_ERROR_ENUM err = LIBLTE_ERROR_INVALID_INPUTS;
uint8* msg_ptr = msg->msg;
uint8 sec_hdr_type;
@ -5502,7 +5507,6 @@ LIBLTE_ERROR_ENUM liblte_mme_pack_authentication_response_msg(LIBLTE_MME_AUTHENT
uint8* msg_ptr = msg->msg;
if (auth_resp != NULL && msg != NULL) {
if (LIBLTE_MME_SECURITY_HDR_TYPE_PLAIN_NAS != sec_hdr_type) {
// Protocol Discriminator and Security Header Type
*msg_ptr = (sec_hdr_type << 4) | (LIBLTE_MME_PD_EPS_MOBILITY_MANAGEMENT);
@ -5539,6 +5543,7 @@ LIBLTE_ERROR_ENUM
liblte_mme_unpack_authentication_response_msg(LIBLTE_BYTE_MSG_STRUCT* msg,
LIBLTE_MME_AUTHENTICATION_RESPONSE_MSG_STRUCT* auth_resp)
{
bzero(msg, sizeof(LIBLTE_BYTE_MSG_STRUCT));
LIBLTE_ERROR_ENUM err = LIBLTE_ERROR_INVALID_INPUTS;
uint8* msg_ptr = msg->msg;
uint8 sec_hdr_type;
@ -5625,6 +5630,7 @@ LIBLTE_ERROR_ENUM liblte_mme_pack_detach_accept_msg(LIBLTE_MME_DETACH_ACCEPT_MSG
LIBLTE_ERROR_ENUM liblte_mme_unpack_detach_accept_msg(LIBLTE_BYTE_MSG_STRUCT* msg,
LIBLTE_MME_DETACH_ACCEPT_MSG_STRUCT* detach_accept)
{
bzero(msg, sizeof(LIBLTE_BYTE_MSG_STRUCT));
LIBLTE_ERROR_ENUM err = LIBLTE_ERROR_INVALID_INPUTS;
uint8* msg_ptr = msg->msg;
uint8 sec_hdr_type;
@ -5705,6 +5711,7 @@ LIBLTE_ERROR_ENUM liblte_mme_pack_detach_request_msg(LIBLTE_MME_DETACH_REQUEST_M
LIBLTE_ERROR_ENUM liblte_mme_unpack_detach_request_msg(LIBLTE_BYTE_MSG_STRUCT* msg,
LIBLTE_MME_DETACH_REQUEST_MSG_STRUCT* detach_req)
{
bzero(msg, sizeof(LIBLTE_BYTE_MSG_STRUCT));
LIBLTE_ERROR_ENUM err = LIBLTE_ERROR_INVALID_INPUTS;
uint8* msg_ptr = msg->msg;
uint8 sec_hdr_type;
@ -5789,6 +5796,7 @@ LIBLTE_ERROR_ENUM
liblte_mme_unpack_downlink_nas_transport_msg(LIBLTE_BYTE_MSG_STRUCT* msg,
LIBLTE_MME_DOWNLINK_NAS_TRANSPORT_MSG_STRUCT* dl_nas_transport)
{
bzero(msg, sizeof(LIBLTE_BYTE_MSG_STRUCT));
LIBLTE_ERROR_ENUM err = LIBLTE_ERROR_INVALID_INPUTS;
uint8* msg_ptr = msg->msg;
uint8 sec_hdr_type;
@ -5898,6 +5906,7 @@ LIBLTE_ERROR_ENUM liblte_mme_pack_emm_information_msg(LIBLTE_MME_EMM_INFORMATION
LIBLTE_ERROR_ENUM liblte_mme_unpack_emm_information_msg(LIBLTE_BYTE_MSG_STRUCT* msg,
LIBLTE_MME_EMM_INFORMATION_MSG_STRUCT* emm_info)
{
bzero(msg, sizeof(LIBLTE_BYTE_MSG_STRUCT));
LIBLTE_ERROR_ENUM err = LIBLTE_ERROR_INVALID_INPUTS;
uint8* msg_ptr = msg->msg;
uint8 sec_hdr_type;
@ -6017,6 +6026,7 @@ LIBLTE_ERROR_ENUM liblte_mme_pack_emm_status_msg(LIBLTE_MME_EMM_STATUS_MSG_STRUC
LIBLTE_ERROR_ENUM liblte_mme_unpack_emm_status_msg(LIBLTE_BYTE_MSG_STRUCT* msg,
LIBLTE_MME_EMM_STATUS_MSG_STRUCT* emm_status)
{
bzero(msg, sizeof(LIBLTE_BYTE_MSG_STRUCT));
LIBLTE_ERROR_ENUM err = LIBLTE_ERROR_INVALID_INPUTS;
uint8* msg_ptr = msg->msg;
uint8 sec_hdr_type;
@ -6129,6 +6139,7 @@ LIBLTE_ERROR_ENUM
liblte_mme_unpack_extended_service_request_msg(LIBLTE_BYTE_MSG_STRUCT* msg,
LIBLTE_MME_EXTENDED_SERVICE_REQUEST_MSG_STRUCT* ext_service_req)
{
bzero(msg, sizeof(LIBLTE_BYTE_MSG_STRUCT));
LIBLTE_ERROR_ENUM err = LIBLTE_ERROR_INVALID_INPUTS;
uint8* msg_ptr = msg->msg;
uint8 sec_hdr_type;
@ -6247,6 +6258,7 @@ LIBLTE_ERROR_ENUM
liblte_mme_unpack_guti_reallocation_command_msg(LIBLTE_BYTE_MSG_STRUCT* msg,
LIBLTE_MME_GUTI_REALLOCATION_COMMAND_MSG_STRUCT* guti_realloc_cmd)
{
bzero(msg, sizeof(LIBLTE_BYTE_MSG_STRUCT));
LIBLTE_ERROR_ENUM err = LIBLTE_ERROR_INVALID_INPUTS;
uint8* msg_ptr = msg->msg;
uint8 sec_hdr_type;
@ -6393,6 +6405,7 @@ LIBLTE_ERROR_ENUM liblte_mme_pack_identity_request_msg(LIBLTE_MME_ID_REQUEST_MSG
LIBLTE_ERROR_ENUM liblte_mme_unpack_identity_request_msg(LIBLTE_BYTE_MSG_STRUCT* msg,
LIBLTE_MME_ID_REQUEST_MSG_STRUCT* id_req)
{
bzero(msg, sizeof(LIBLTE_BYTE_MSG_STRUCT));
LIBLTE_ERROR_ENUM err = LIBLTE_ERROR_INVALID_INPUTS;
uint8* msg_ptr = msg->msg;
uint8 sec_hdr_type;
@ -6472,6 +6485,7 @@ LIBLTE_ERROR_ENUM liblte_mme_pack_identity_response_msg(LIBLTE_MME_ID_RESPONSE_M
LIBLTE_ERROR_ENUM liblte_mme_unpack_identity_response_msg(LIBLTE_BYTE_MSG_STRUCT* msg,
LIBLTE_MME_ID_RESPONSE_MSG_STRUCT* id_resp)
{
bzero(msg, sizeof(LIBLTE_BYTE_MSG_STRUCT));
LIBLTE_ERROR_ENUM err = LIBLTE_ERROR_INVALID_INPUTS;
uint8* msg_ptr = msg->msg;
uint8 sec_hdr_type;
@ -6578,6 +6592,7 @@ LIBLTE_ERROR_ENUM liblte_mme_pack_security_mode_command_msg(LIBLTE_MME_SECURITY_
LIBLTE_ERROR_ENUM liblte_mme_unpack_security_mode_command_msg(LIBLTE_BYTE_MSG_STRUCT* msg,
LIBLTE_MME_SECURITY_MODE_COMMAND_MSG_STRUCT* sec_mode_cmd)
{
bzero(msg, sizeof(LIBLTE_BYTE_MSG_STRUCT));
LIBLTE_ERROR_ENUM err = LIBLTE_ERROR_INVALID_INPUTS;
uint8* msg_ptr = msg->msg;
uint8 sec_hdr_type;
@ -6695,6 +6710,7 @@ LIBLTE_ERROR_ENUM
liblte_mme_unpack_security_mode_complete_msg(LIBLTE_BYTE_MSG_STRUCT* msg,
LIBLTE_MME_SECURITY_MODE_COMPLETE_MSG_STRUCT* sec_mode_comp)
{
bzero(msg, sizeof(LIBLTE_BYTE_MSG_STRUCT));
LIBLTE_ERROR_ENUM err = LIBLTE_ERROR_INVALID_INPUTS;
uint8* msg_ptr = msg->msg;
uint8 sec_hdr_type;
@ -6764,6 +6780,7 @@ LIBLTE_ERROR_ENUM liblte_mme_pack_security_mode_reject_msg(LIBLTE_MME_SECURITY_M
LIBLTE_ERROR_ENUM liblte_mme_unpack_security_mode_reject_msg(LIBLTE_BYTE_MSG_STRUCT* msg,
LIBLTE_MME_SECURITY_MODE_REJECT_MSG_STRUCT* sec_mode_rej)
{
bzero(msg, sizeof(LIBLTE_BYTE_MSG_STRUCT));
LIBLTE_ERROR_ENUM err = LIBLTE_ERROR_INVALID_INPUTS;
uint8* msg_ptr = msg->msg;
uint8 sec_hdr_type;
@ -6855,6 +6872,7 @@ LIBLTE_ERROR_ENUM liblte_mme_pack_service_reject_msg(LIBLTE_MME_SERVICE_REJECT_M
LIBLTE_ERROR_ENUM liblte_mme_unpack_service_reject_msg(LIBLTE_BYTE_MSG_STRUCT* msg,
LIBLTE_MME_SERVICE_REJECT_MSG_STRUCT* service_rej)
{
bzero(msg, sizeof(LIBLTE_BYTE_MSG_STRUCT));
LIBLTE_ERROR_ENUM err = LIBLTE_ERROR_INVALID_INPUTS;
uint8* msg_ptr = msg->msg;
uint8 sec_hdr_type;
@ -6935,6 +6953,7 @@ LIBLTE_ERROR_ENUM liblte_mme_pack_service_request_msg(LIBLTE_MME_SERVICE_REQUEST
LIBLTE_ERROR_ENUM liblte_mme_unpack_service_request_msg(LIBLTE_BYTE_MSG_STRUCT* msg,
LIBLTE_MME_SERVICE_REQUEST_MSG_STRUCT* service_req)
{
bzero(msg, sizeof(LIBLTE_BYTE_MSG_STRUCT));
LIBLTE_ERROR_ENUM err = LIBLTE_ERROR_INVALID_INPUTS;
uint8* msg_ptr = msg->msg;
@ -7109,6 +7128,7 @@ LIBLTE_ERROR_ENUM
liblte_mme_unpack_tracking_area_update_accept_msg(LIBLTE_BYTE_MSG_STRUCT* msg,
LIBLTE_MME_TRACKING_AREA_UPDATE_ACCEPT_MSG_STRUCT* ta_update_accept)
{
bzero(msg, sizeof(LIBLTE_BYTE_MSG_STRUCT));
LIBLTE_ERROR_ENUM err = LIBLTE_ERROR_INVALID_INPUTS;
uint8* msg_ptr = msg->msg;
uint8 sec_hdr_type;
@ -7396,6 +7416,7 @@ LIBLTE_ERROR_ENUM
liblte_mme_unpack_tracking_area_update_reject_msg(LIBLTE_BYTE_MSG_STRUCT* msg,
LIBLTE_MME_TRACKING_AREA_UPDATE_REJECT_MSG_STRUCT* ta_update_rej)
{
bzero(msg, sizeof(LIBLTE_BYTE_MSG_STRUCT));
LIBLTE_ERROR_ENUM err = LIBLTE_ERROR_INVALID_INPUTS;
uint8* msg_ptr = msg->msg;
uint8 sec_hdr_type;
@ -7493,6 +7514,7 @@ LIBLTE_ERROR_ENUM
liblte_mme_unpack_uplink_nas_transport_msg(LIBLTE_BYTE_MSG_STRUCT* msg,
LIBLTE_MME_UPLINK_NAS_TRANSPORT_MSG_STRUCT* ul_nas_transport)
{
bzero(msg, sizeof(LIBLTE_BYTE_MSG_STRUCT));
LIBLTE_ERROR_ENUM err = LIBLTE_ERROR_INVALID_INPUTS;
uint8* msg_ptr = msg->msg;
uint8 sec_hdr_type;
@ -8341,7 +8363,6 @@ LIBLTE_ERROR_ENUM liblte_mme_unpack_activate_default_eps_bearer_context_request_
uint8* msg_ptr = msg->msg;
if (msg != NULL && act_def_eps_bearer_context_req != NULL) {
// EPS Bearer ID
act_def_eps_bearer_context_req->eps_bearer_id = (*msg_ptr >> 4);
msg_ptr++;
@ -9100,7 +9121,6 @@ srslte_mme_pack_esm_information_request_msg(LIBLTE_MME_ESM_INFORMATION_REQUEST_M
uint8* msg_ptr = msg->msg;
if (esm_info_req != NULL && msg != NULL) {
if (LIBLTE_MME_SECURITY_HDR_TYPE_PLAIN_NAS != sec_hdr_type) {
// Protocol Discriminator and Security Header Type
*msg_ptr = (sec_hdr_type << 4) | (LIBLTE_MME_PD_EPS_MOBILITY_MANAGEMENT);
@ -9151,7 +9171,6 @@ liblte_mme_pack_esm_information_request_msg(LIBLTE_MME_ESM_INFORMATION_REQUEST_M
uint8* msg_ptr = msg->msg;
if (esm_info_req != NULL && msg != NULL) {
// Protocol Discriminator and EPS Bearer ID
*msg_ptr = (esm_info_req->eps_bearer_id << 4) | (LIBLTE_MME_PD_EPS_SESSION_MANAGEMENT);
msg_ptr++;
@ -9177,6 +9196,7 @@ LIBLTE_ERROR_ENUM
liblte_mme_unpack_esm_information_request_msg(LIBLTE_BYTE_MSG_STRUCT* msg,
LIBLTE_MME_ESM_INFORMATION_REQUEST_MSG_STRUCT* esm_info_req)
{
bzero(msg, sizeof(LIBLTE_BYTE_MSG_STRUCT));
LIBLTE_ERROR_ENUM err = LIBLTE_ERROR_INVALID_INPUTS;
uint8* msg_ptr = msg->msg;
uint8 sec_hdr_type;
@ -9278,12 +9298,12 @@ LIBLTE_ERROR_ENUM
srslte_mme_unpack_esm_information_response_msg(LIBLTE_BYTE_MSG_STRUCT* msg,
LIBLTE_MME_ESM_INFORMATION_RESPONSE_MSG_STRUCT* esm_info_resp)
{
bzero(msg, sizeof(LIBLTE_BYTE_MSG_STRUCT));
LIBLTE_ERROR_ENUM err = LIBLTE_ERROR_INVALID_INPUTS;
uint8* msg_ptr = msg->msg;
uint8 sec_hdr_type;
if (msg != NULL && esm_info_resp != NULL) {
// Security Header Type
sec_hdr_type = (msg->msg[0] & 0xF0) >> 4;
if (LIBLTE_MME_SECURITY_HDR_TYPE_PLAIN_NAS == sec_hdr_type) {
@ -9330,6 +9350,7 @@ LIBLTE_ERROR_ENUM
liblte_mme_unpack_esm_information_response_msg(LIBLTE_BYTE_MSG_STRUCT* msg,
LIBLTE_MME_ESM_INFORMATION_RESPONSE_MSG_STRUCT* esm_info_resp)
{
bzero(msg, sizeof(LIBLTE_BYTE_MSG_STRUCT));
LIBLTE_ERROR_ENUM err = LIBLTE_ERROR_INVALID_INPUTS;
uint8* msg_ptr = msg->msg;
@ -9411,6 +9432,7 @@ LIBLTE_ERROR_ENUM liblte_mme_pack_esm_status_msg(LIBLTE_MME_ESM_STATUS_MSG_STRUC
LIBLTE_ERROR_ENUM liblte_mme_unpack_esm_status_msg(LIBLTE_BYTE_MSG_STRUCT* msg,
LIBLTE_MME_ESM_STATUS_MSG_STRUCT* esm_status)
{
bzero(msg, sizeof(LIBLTE_BYTE_MSG_STRUCT));
LIBLTE_ERROR_ENUM err = LIBLTE_ERROR_INVALID_INPUTS;
uint8* msg_ptr = msg->msg;
@ -9851,6 +9873,7 @@ LIBLTE_ERROR_ENUM liblte_mme_pack_notification_msg(LIBLTE_MME_NOTIFICATION_MSG_S
LIBLTE_ERROR_ENUM liblte_mme_unpack_notification_msg(LIBLTE_BYTE_MSG_STRUCT* msg,
LIBLTE_MME_NOTIFICATION_MSG_STRUCT* notification)
{
bzero(msg, sizeof(LIBLTE_BYTE_MSG_STRUCT));
LIBLTE_ERROR_ENUM err = LIBLTE_ERROR_INVALID_INPUTS;
uint8* msg_ptr = msg->msg;
@ -9932,6 +9955,7 @@ LIBLTE_ERROR_ENUM
liblte_mme_unpack_pdn_connectivity_reject_msg(LIBLTE_BYTE_MSG_STRUCT* msg,
LIBLTE_MME_PDN_CONNECTIVITY_REJECT_MSG_STRUCT* pdn_con_rej)
{
bzero(msg, sizeof(LIBLTE_BYTE_MSG_STRUCT));
LIBLTE_ERROR_ENUM err = LIBLTE_ERROR_INVALID_INPUTS;
uint8* msg_ptr = msg->msg;
@ -10048,6 +10072,7 @@ LIBLTE_ERROR_ENUM
liblte_mme_unpack_pdn_connectivity_request_msg(LIBLTE_BYTE_MSG_STRUCT* msg,
LIBLTE_MME_PDN_CONNECTIVITY_REQUEST_MSG_STRUCT* pdn_con_req)
{
bzero(msg, sizeof(LIBLTE_BYTE_MSG_STRUCT));
LIBLTE_ERROR_ENUM err = LIBLTE_ERROR_INVALID_INPUTS;
uint8* msg_ptr = msg->msg;
@ -10159,6 +10184,7 @@ LIBLTE_ERROR_ENUM
liblte_mme_unpack_pdn_disconnect_reject_msg(LIBLTE_BYTE_MSG_STRUCT* msg,
LIBLTE_MME_PDN_DISCONNECT_REJECT_MSG_STRUCT* pdn_discon_rej)
{
bzero(msg, sizeof(LIBLTE_BYTE_MSG_STRUCT));
LIBLTE_ERROR_ENUM err = LIBLTE_ERROR_INVALID_INPUTS;
uint8* msg_ptr = msg->msg;
@ -10244,6 +10270,7 @@ LIBLTE_ERROR_ENUM
liblte_mme_unpack_pdn_disconnect_request_msg(LIBLTE_BYTE_MSG_STRUCT* msg,
LIBLTE_MME_PDN_DISCONNECT_REQUEST_MSG_STRUCT* pdn_discon_req)
{
bzero(msg, sizeof(LIBLTE_BYTE_MSG_STRUCT));
LIBLTE_ERROR_ENUM err = LIBLTE_ERROR_INVALID_INPUTS;
uint8* msg_ptr = msg->msg;

1
lib/src/upper/gtpu.cc
View File

@ -82,6 +82,7 @@ bool gtpu_write_header(gtpu_header_t* header, srslte::byte_buffer_t* pdu, srslte
*ptr = header->n_pdu;
} else {
header->n_pdu = 0;
*ptr = 0;
}
ptr++;
// E

10
srsenb/src/stack/upper/gtpu.cc
View File

@ -475,12 +475,12 @@ void gtpu::end_marker(uint32_t teidin)
gtpu_write_header(&header, pdu.get(), gtpu_log);
struct sockaddr_in servaddr;
servaddr.sin_family = AF_INET;
servaddr.sin_addr.s_addr = htonl(tunnel.spgw_addr);
servaddr.sin_port = htons(GTPU_PORT);
struct sockaddr_in servaddr = {};
servaddr.sin_family = AF_INET;
servaddr.sin_addr.s_addr = htonl(tunnel.spgw_addr);
servaddr.sin_port = htons(GTPU_PORT);
sendto(fd, pdu->msg, 12, MSG_EOR, (struct sockaddr*)&servaddr, sizeof(struct sockaddr_in));
sendto(fd, pdu->msg, pdu->N_bytes, MSG_EOR, (struct sockaddr*)&servaddr, sizeof(struct sockaddr_in));
}
/****************************************************************************

40
srsenb/test/upper/gtpu_test.cc
View File

@ -73,15 +73,13 @@ srslte::unique_byte_buffer_t encode_ipv4_packet(srslte::span<uint8_t> data,
{
srslte::unique_byte_buffer_t pdu = srslte::make_byte_buffer();
struct iphdr ip_pkt;
ip_pkt.version = 4;
ip_pkt.tot_len = htons(data.size() + sizeof(struct iphdr));
ip_pkt.saddr = src_sockaddr_in.sin_addr.s_addr;
ip_pkt.daddr = dest_sockaddr_in.sin_addr.s_addr;
memcpy(pdu->msg, &ip_pkt, sizeof(struct iphdr));
pdu->N_bytes = sizeof(struct iphdr);
memcpy(pdu->msg + pdu->N_bytes, data.data(), data.size());
pdu->N_bytes += data.size();
struct iphdr ip_pkt = {};
ip_pkt.version = 4;
ip_pkt.tot_len = htons(data.size() + sizeof(struct iphdr));
ip_pkt.saddr = src_sockaddr_in.sin_addr.s_addr;
ip_pkt.daddr = dest_sockaddr_in.sin_addr.s_addr;
pdu->append_bytes((uint8_t*)&ip_pkt, sizeof(struct iphdr));
pdu->append_bytes(data.data(), data.size());
return pdu;
}
@ -94,11 +92,11 @@ srslte::unique_byte_buffer_t encode_gtpu_packet(srslte::span<uint8_t> data,
srslte::unique_byte_buffer_t pdu = encode_ipv4_packet(data, teid, src_sockaddr_in, dest_sockaddr_in);
// header
srslte::gtpu_header_t header;
header.flags = GTPU_FLAGS_VERSION_V1 | GTPU_FLAGS_GTP_PROTOCOL;
header.message_type = GTPU_MSG_DATA_PDU;
header.length = pdu->N_bytes;
header.teid = teid;
srslte::gtpu_header_t header = {};
header.flags = GTPU_FLAGS_VERSION_V1 | GTPU_FLAGS_GTP_PROTOCOL;
header.message_type = GTPU_MSG_DATA_PDU;
header.length = pdu->N_bytes;
header.teid = teid;
gtpu_write_header(&header, pdu.get(), srslte::log_ref("GTPU"));
return pdu;
@ -109,11 +107,11 @@ srslte::unique_byte_buffer_t encode_end_marker(uint32_t teid)
srslte::unique_byte_buffer_t pdu = srslte::make_byte_buffer();
// header
srslte::gtpu_header_t header;
header.flags = GTPU_FLAGS_VERSION_V1 | GTPU_FLAGS_GTP_PROTOCOL;
header.message_type = GTPU_MSG_END_MARKER;
header.length = 0;
header.teid = teid;
srslte::gtpu_header_t header = {};
header.flags = GTPU_FLAGS_VERSION_V1 | GTPU_FLAGS_GTP_PROTOCOL;
header.message_type = GTPU_MSG_END_MARKER;
header.length = 0;
header.teid = teid;
gtpu_write_header(&header, pdu.get(), srslte::log_ref("GTPU"));
return pdu;
@ -132,7 +130,7 @@ int test_gtpu_direct_tunneling()
uint32_t drb1 = 3;
uint32_t sgw_teidout1 = 1, sgw_teidout2 = 2;
const char * sgw_addr_str = "127.0.0.1", *senb_addr_str = "127.0.1.1", *tenb_addr_str = "127.0.1.2";
struct sockaddr_in senb_sockaddr, sgw_sockaddr, tenb_sockaddr;
struct sockaddr_in senb_sockaddr = {}, sgw_sockaddr = {}, tenb_sockaddr = {};
srslte::net_utils::set_sockaddr(&senb_sockaddr, senb_addr_str, GTPU_PORT);
srslte::net_utils::set_sockaddr(&sgw_sockaddr, sgw_addr_str, GTPU_PORT);
srslte::net_utils::set_sockaddr(&tenb_sockaddr, tenb_addr_str, GTPU_PORT);
@ -158,8 +156,6 @@ int test_gtpu_direct_tunneling()
uint32_t tenb_teid_in = tenb_gtpu.add_bearer(rnti2, drb1, sgw_addr, sgw_teidout2);
// Buffer PDUs in SeNB PDCP
pdu = srslte::make_byte_buffer();
pdu->N_bytes = 10;
for (size_t sn = 6; sn < 10; ++sn) {
std::vector<uint8_t> data(10, sn);
pdu = encode_ipv4_packet(data, senb_teid_in, sgw_sockaddr, senb_sockaddr);