Commit 5d11b744 authored by Thomas Laurent's avatar Thomas Laurent Committed by Roberto Louro Magueta
Browse files

fix array overflow and wrong LCID

parent 6293f610
......@@ -44,6 +44,7 @@
#include "common/utils/LOG/vcd_signal_dumper.h"
#include "common/utils/LOG/log.h"
#include <syscall.h>
#include <openair2/UTIL/OPT/opt.h>
//#define DEBUG_DLSCH_CODING
//#define DEBUG_DLSCH_FREE 1
......@@ -266,6 +267,8 @@ int nr_dlsch_encoding(PHY_VARS_gNB *gNB,
VCD_SIGNAL_DUMPER_DUMP_FUNCTION_BY_NAME(VCD_SIGNAL_DUMPER_FUNCTIONS_gNB_DLSCH_ENCODING, VCD_FUNCTION_IN);
A = rel15->TBSize[0]<<3;
if ( dlsch->rnti != SI_RNTI )
trace_NRpdu(DIRECTION_DOWNLINK, a, rel15->TBSize[0], 0, WS_C_RNTI, dlsch->rnti, frame, slot,0, 0);
NR_gNB_SCH_STATS_t *stats=NULL;
int first_free=-1;
......
......@@ -299,7 +299,7 @@ typedef struct f1ap_initial_ul_rrc_message_s {
uint16_t crnti;
uint8_t *rrc_container;
int rrc_container_length;
uint8_t *du2cu_rrc_container;
int8_t *du2cu_rrc_container;
int du2cu_rrc_container_length;
} f1ap_initial_ul_rrc_message_t;
......
......@@ -806,7 +806,7 @@ int DU_send_INITIAL_UL_RRC_MESSAGE_TRANSFER(module_id_t module_idP,
rnti_t rntiP,
const uint8_t *sduP,
sdu_size_t sdu_lenP,
const uint8_t *sdu2P,
const int8_t *sdu2P,
sdu_size_t sdu2_lenP) {
F1AP_F1AP_PDU_t pdu;
......@@ -993,7 +993,7 @@ int DU_send_UL_NR_RRC_MESSAGE_TRANSFER(instance_t instance,
if (msg->srb_id == 1 || msg->srb_id == 2) {
struct rrc_gNB_ue_context_s* ue_context_p = rrc_gNB_get_ue_context(RC.nrrrc[instance], rnti);
NR_UL_DCCH_Message_t* ul_dcch_msg=NULL;
asn_dec_rval_t dec_rval;
dec_rval = uper_decode(NULL,
......@@ -1001,7 +1001,7 @@ int DU_send_UL_NR_RRC_MESSAGE_TRANSFER(instance_t instance,
(void**)&ul_dcch_msg,
&ie->value.choice.RRCContainer.buf[1], // buf[0] includes the pdcp header
msg->rrc_container_length, 0, 0);
if ((dec_rval.code != RC_OK) && (dec_rval.consumed == 0)) {
LOG_E(F1AP, " Failed to decode UL-DCCH (%zu bytes)\n",dec_rval.consumed);
/* for rfsim, because UE send RRCSetupRequest in SRB1 */
......@@ -1041,18 +1041,18 @@ int DU_send_UL_NR_RRC_MESSAGE_TRANSFER(instance_t instance,
case NR_UL_DCCH_MessageType__c1_PR_rrcReconfigurationComplete:
LOG_I(F1AP, "[MSG] RRC UL rrcReconfigurationComplete\n");
/* CDRX: activated when RRC Connection Reconfiguration Complete is received */
#if(0)
int UE_id_mac = find_nr_UE_id(instance, rnti);
if (UE_id_mac == -1) {
LOG_E(F1AP, "Can't find UE_id(MAC) of UE rnti %x\n", rnti);
break;
}
UE_sched_ctrl_t *UE_scheduling_control = &(RC.nrmac[instance]->UE_info.UE_sched_ctrl[UE_id_mac]);
if (UE_scheduling_control->cdrx_waiting_ack == TRUE) {
UE_scheduling_control->cdrx_waiting_ack = FALSE;
UE_scheduling_control->cdrx_configured = TRUE; // Set to TRUE when RRC Connection Reconfiguration Complete is received
......@@ -1064,7 +1064,7 @@ int DU_send_UL_NR_RRC_MESSAGE_TRANSFER(instance_t instance,
case NR_UL_DCCH_MessageType__c1_PR_rrcSetupComplete:
LOG_I(F1AP, "[MSG] RRC UL rrcSetupComplete \n");
if(!ue_context_p){
LOG_E(F1AP, "Did not find the UE context associated with UE RNTOI %x, ue_context_p is NULL\n", rnti);
......@@ -1317,12 +1317,12 @@ int DU_handle_DL_NR_RRC_MESSAGE_TRANSFER(instance_t instance,
NULL);
// This should be somewhere in the f1ap_cudu_ue_inst_t
/*int macrlc_instance = 0;
/*int macrlc_instance = 0;
rnti_t rnti = f1ap_get_rnti_by_du_id(&f1ap_du_inst[0], du_ue_f1ap_id);
struct rrc_gNB_ue_context_s *ue_context_p = rrc_gNB_get_ue_context(RC.nrrrc[macrlc_instance],rnti);
*/
gNB_RRC_UE_t *ue_p = &ue_context_p->ue_context;
*/
gNB_RRC_UE_t *ue_p = &ue_context_p->ue_context;
AssertFatal(ue_p->Srb0.Active == 1,"SRB0 is not active\n");
memcpy((void*)ue_p->Srb0.Tx_buffer.Payload,
......
......@@ -50,7 +50,7 @@ int DU_send_INITIAL_UL_RRC_MESSAGE_TRANSFER(module_id_t module_idP,
rnti_t rntiP,
const uint8_t *sduP,
sdu_size_t sdu_lenP,
const uint8_t *sdu2P,
const int8_t *sdu2P,
sdu_size_t sdu2_lenP);
#endif /* F1AP_DU_RRC_MESSAGE_TRANSFER_H_ */
......@@ -195,7 +195,7 @@ void *F1AP_DU_task(void *arg) {
DU_send_INITIAL_UL_RRC_MESSAGE_TRANSFER(0,0,0,msg->crnti,
msg->rrc_container,
msg->rrc_container_length,
msg->du2cu_rrc_container,
(char*)msg->du2cu_rrc_container,
msg->du2cu_rrc_container_length);
break;
......
......@@ -1055,8 +1055,9 @@ NR_UE_L2_STATE_t nr_ue_scheduler(nr_downlink_indication_t *dl_info, nr_uplink_in
//and block this traffic from being forwarded to the upper layers at the gNB
LOG_D(PHY, "In %s: Random data to be transmitted: TBS_bytes %d \n", __FUNCTION__, TBS_bytes);
// Make the first byte padding so that gNB ignores the PHY random
// data in the TB for the PHY at the MAC layer
//Give the first byte a dummy value (a value not corresponding to any valid LCID based on 38.321, Table 6.2.1-2)
//in order to distinguish the PHY random packets at the MAC layer of the gNB receiver from the normal packets that should
//have a valid LCID (nr_process_mac_pdu function)
ulsch_input_buffer[0] = UL_SCH_LCID_PADDING;
for (int i = 1; i < TBS_bytes; i++) {
......@@ -1964,6 +1965,7 @@ void nr_ue_prach_scheduler(module_id_t module_idP, frame_t frameP, sub_frame_t s
} // if is_nr_UL_slot
}
#define MAX_LCID 8 //Fixme: also defined in LCID table
uint8_t
nr_ue_get_sdu(module_id_t module_idP, int CC_id, frame_t frameP,
sub_frame_t subframe, uint8_t eNB_index,
......@@ -1971,16 +1973,15 @@ nr_ue_get_sdu(module_id_t module_idP, int CC_id, frame_t frameP,
uint8_t total_rlc_pdu_header_len = 0;
int16_t buflen_remain = 0;
uint8_t lcid = 0;
uint16_t sdu_lengths[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
uint8_t sdu_lcids[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
uint16_t sdu_lengths[MAX_LCID] = { 0 };
uint8_t sdu_lcids[MAX_LCID] = { 0 };
uint16_t payload_offset = 0, num_sdus = 0;
uint8_t ulsch_sdus[MAX_ULSCH_PAYLOAD_BYTES];
uint16_t sdu_length_total = 0;
//unsigned short post_padding = 0;
NR_UE_MAC_INST_t *mac = get_mac_inst(module_idP);
rlc_buffer_occupancy_t lcid_buffer_occupancy_old =
0, lcid_buffer_occupancy_new = 0;
rlc_buffer_occupancy_t lcid_buffer_occupancy_new = 0;
LOG_D(NR_MAC,
"[UE %d] MAC PROCESS UL TRANSPORT BLOCK at frame%d subframe %d TBS=%d\n",
module_idP, frameP, subframe, buflen);
......@@ -1990,12 +1991,9 @@ nr_ue_get_sdu(module_id_t module_idP, int CC_id, frame_t frameP,
// Check for DCCH first
// TO DO: Multiplex in the order defined by the logical channel prioritization
for (lcid = UL_SCH_LCID_SRB1;
lcid < NR_MAX_NUM_LCID; lcid++) {
lcid < MAX_LCID; lcid++) {
lcid_buffer_occupancy_old = mac_rlc_get_buffer_occupancy_ind(module_idP, mac->crnti, eNB_index, frameP, subframe, ENB_FLAG_NO, lcid);
lcid_buffer_occupancy_new = lcid_buffer_occupancy_old;
if(lcid_buffer_occupancy_new){
if( mac_rlc_get_buffer_occupancy_ind(module_idP, mac->crnti, eNB_index, frameP, subframe, ENB_FLAG_NO, lcid) ) {
buflen_remain =
buflen - (total_rlc_pdu_header_len + sdu_length_total + MAX_RLC_SDU_SUBHEADER_SIZE);
......@@ -2033,14 +2031,6 @@ nr_ue_get_sdu(module_id_t module_idP, int CC_id, frame_t frameP,
num_sdus++;
}
/* Get updated BO after multiplexing this PDU */
lcid_buffer_occupancy_new = mac_rlc_get_buffer_occupancy_ind(module_idP,
mac->crnti,
eNB_index,
frameP,
subframe,
ENB_FLAG_NO,
lcid);
buflen_remain =
buflen - (total_rlc_pdu_header_len + sdu_length_total + MAX_RLC_SDU_SUBHEADER_SIZE);
}
......
......@@ -32,6 +32,8 @@
#include "LAYER2/NR_MAC_gNB/mac_proto.h"
#include "executables/softmodem-common.h"
#include "common/utils/nr/nr_common.h"
#include <openair2/UTIL/OPT/opt.h>
//38.321 Table 6.1.3.1-1
const uint32_t NR_SHORT_BSR_TABLE[32] = {
......@@ -189,6 +191,7 @@ void nr_process_mac_pdu(module_id_t module_idP,
uint16_t mac_ce_len, mac_subheader_len, mac_sdu_len;
NR_UE_info_t *UE_info = &RC.nrmac[module_idP]->UE_info;
trace_NRpdu(DIRECTION_UPLINK, pduP, mac_pdu_len ,UE_id, WS_C_RNTI, UE_info->rnti[UE_id], frameP, 0,0, 0);
NR_UE_sched_ctrl_t *sched_ctrl = &UE_info->UE_sched_ctrl[UE_id];
// For both DL/UL-SCH
// Except:
......@@ -371,16 +374,16 @@ void nr_process_mac_pdu(module_id_t module_idP,
}
LOG_D(NR_MAC, "[UE %d] Frame %d : ULSCH -> UL-DCCH %d (gNB %d, %d bytes), rnti: %d \n", module_idP, frameP, rx_lcid, module_idP, mac_sdu_len, *UE_info->rnti);
mac_rlc_data_ind(module_idP,
*UE_info->rnti,
module_idP,
frameP,
ENB_FLAG_YES,
MBMS_FLAG_NO,
rx_lcid,
(char *) (pdu_ptr + mac_subheader_len),
mac_sdu_len,
1,
NULL);
UE_info->rnti[UE_id],
module_idP,
frameP,
ENB_FLAG_YES,
MBMS_FLAG_NO,
rx_lcid,
(char *) (pdu_ptr + mac_subheader_len),
mac_sdu_len,
1,
NULL);
break;
case UL_SCH_LCID_SRB3:
// todo
......
......@@ -436,11 +436,16 @@ teid_t newGtpuCreateTunnel(instance_t instance, rnti_t rnti, int incoming_bearer
tmp->outgoing_port=port;
tmp->teid_outgoing= outgoing_teid;
pthread_mutex_unlock(&globGtp.gtp_lock);
LOG_D(GTPU, "Created tunnel for RNTI %x, bearer: %d/%d teid for DL: %x, teid for UL %x\n",
char ip4[INET_ADDRSTRLEN];
char ip6[INET6_ADDRSTRLEN];
LOG_I(GTPU, "Created tunnel for RNTI %x, teid for DL: %d, teid for UL %d to remote IPv4: %s, IPv6 %s\n",
rnti,
outgoing_bearer_id, incoming_bearer_id,
tmp->teid_incoming,
tmp->teid_outgoing);
tmp->teid_outgoing,
inet_ntop(AF_INET,(void*)&tmp->outgoing_ip_addr, ip4,INET_ADDRSTRLEN ),
inet_ntop(AF_INET6,(void*)&tmp->outgoing_ip6_addr.s6_addr, ip6, INET6_ADDRSTRLEN));
return incoming_teid;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment