Commit 5d11b744 authored by Laurent THOMAS's avatar Laurent THOMAS Committed by rmagueta

fix array overflow and wrong LCID

parent 6293f610
...@@ -44,6 +44,7 @@ ...@@ -44,6 +44,7 @@
#include "common/utils/LOG/vcd_signal_dumper.h" #include "common/utils/LOG/vcd_signal_dumper.h"
#include "common/utils/LOG/log.h" #include "common/utils/LOG/log.h"
#include <syscall.h> #include <syscall.h>
#include <openair2/UTIL/OPT/opt.h>
//#define DEBUG_DLSCH_CODING //#define DEBUG_DLSCH_CODING
//#define DEBUG_DLSCH_FREE 1 //#define DEBUG_DLSCH_FREE 1
...@@ -266,6 +267,8 @@ int nr_dlsch_encoding(PHY_VARS_gNB *gNB, ...@@ -266,6 +267,8 @@ int nr_dlsch_encoding(PHY_VARS_gNB *gNB,
VCD_SIGNAL_DUMPER_DUMP_FUNCTION_BY_NAME(VCD_SIGNAL_DUMPER_FUNCTIONS_gNB_DLSCH_ENCODING, VCD_FUNCTION_IN); VCD_SIGNAL_DUMPER_DUMP_FUNCTION_BY_NAME(VCD_SIGNAL_DUMPER_FUNCTIONS_gNB_DLSCH_ENCODING, VCD_FUNCTION_IN);
A = rel15->TBSize[0]<<3; A = rel15->TBSize[0]<<3;
if ( dlsch->rnti != SI_RNTI )
trace_NRpdu(DIRECTION_DOWNLINK, a, rel15->TBSize[0], 0, WS_C_RNTI, dlsch->rnti, frame, slot,0, 0);
NR_gNB_SCH_STATS_t *stats=NULL; NR_gNB_SCH_STATS_t *stats=NULL;
int first_free=-1; int first_free=-1;
......
...@@ -299,7 +299,7 @@ typedef struct f1ap_initial_ul_rrc_message_s { ...@@ -299,7 +299,7 @@ typedef struct f1ap_initial_ul_rrc_message_s {
uint16_t crnti; uint16_t crnti;
uint8_t *rrc_container; uint8_t *rrc_container;
int rrc_container_length; int rrc_container_length;
uint8_t *du2cu_rrc_container; int8_t *du2cu_rrc_container;
int du2cu_rrc_container_length; int du2cu_rrc_container_length;
} f1ap_initial_ul_rrc_message_t; } f1ap_initial_ul_rrc_message_t;
......
...@@ -806,7 +806,7 @@ int DU_send_INITIAL_UL_RRC_MESSAGE_TRANSFER(module_id_t module_idP, ...@@ -806,7 +806,7 @@ int DU_send_INITIAL_UL_RRC_MESSAGE_TRANSFER(module_id_t module_idP,
rnti_t rntiP, rnti_t rntiP,
const uint8_t *sduP, const uint8_t *sduP,
sdu_size_t sdu_lenP, sdu_size_t sdu_lenP,
const uint8_t *sdu2P, const int8_t *sdu2P,
sdu_size_t sdu2_lenP) { sdu_size_t sdu2_lenP) {
F1AP_F1AP_PDU_t pdu; F1AP_F1AP_PDU_t pdu;
...@@ -993,7 +993,7 @@ int DU_send_UL_NR_RRC_MESSAGE_TRANSFER(instance_t instance, ...@@ -993,7 +993,7 @@ int DU_send_UL_NR_RRC_MESSAGE_TRANSFER(instance_t instance,
if (msg->srb_id == 1 || msg->srb_id == 2) { if (msg->srb_id == 1 || msg->srb_id == 2) {
struct rrc_gNB_ue_context_s* ue_context_p = rrc_gNB_get_ue_context(RC.nrrrc[instance], rnti); struct rrc_gNB_ue_context_s* ue_context_p = rrc_gNB_get_ue_context(RC.nrrrc[instance], rnti);
NR_UL_DCCH_Message_t* ul_dcch_msg=NULL; NR_UL_DCCH_Message_t* ul_dcch_msg=NULL;
asn_dec_rval_t dec_rval; asn_dec_rval_t dec_rval;
dec_rval = uper_decode(NULL, dec_rval = uper_decode(NULL,
...@@ -1001,7 +1001,7 @@ int DU_send_UL_NR_RRC_MESSAGE_TRANSFER(instance_t instance, ...@@ -1001,7 +1001,7 @@ int DU_send_UL_NR_RRC_MESSAGE_TRANSFER(instance_t instance,
(void**)&ul_dcch_msg, (void**)&ul_dcch_msg,
&ie->value.choice.RRCContainer.buf[1], // buf[0] includes the pdcp header &ie->value.choice.RRCContainer.buf[1], // buf[0] includes the pdcp header
msg->rrc_container_length, 0, 0); msg->rrc_container_length, 0, 0);
if ((dec_rval.code != RC_OK) && (dec_rval.consumed == 0)) { if ((dec_rval.code != RC_OK) && (dec_rval.consumed == 0)) {
LOG_E(F1AP, " Failed to decode UL-DCCH (%zu bytes)\n",dec_rval.consumed); LOG_E(F1AP, " Failed to decode UL-DCCH (%zu bytes)\n",dec_rval.consumed);
/* for rfsim, because UE send RRCSetupRequest in SRB1 */ /* for rfsim, because UE send RRCSetupRequest in SRB1 */
...@@ -1041,18 +1041,18 @@ int DU_send_UL_NR_RRC_MESSAGE_TRANSFER(instance_t instance, ...@@ -1041,18 +1041,18 @@ int DU_send_UL_NR_RRC_MESSAGE_TRANSFER(instance_t instance,
case NR_UL_DCCH_MessageType__c1_PR_rrcReconfigurationComplete: case NR_UL_DCCH_MessageType__c1_PR_rrcReconfigurationComplete:
LOG_I(F1AP, "[MSG] RRC UL rrcReconfigurationComplete\n"); LOG_I(F1AP, "[MSG] RRC UL rrcReconfigurationComplete\n");
/* CDRX: activated when RRC Connection Reconfiguration Complete is received */ /* CDRX: activated when RRC Connection Reconfiguration Complete is received */
#if(0) #if(0)
int UE_id_mac = find_nr_UE_id(instance, rnti); int UE_id_mac = find_nr_UE_id(instance, rnti);
if (UE_id_mac == -1) { if (UE_id_mac == -1) {
LOG_E(F1AP, "Can't find UE_id(MAC) of UE rnti %x\n", rnti); LOG_E(F1AP, "Can't find UE_id(MAC) of UE rnti %x\n", rnti);
break; break;
} }
UE_sched_ctrl_t *UE_scheduling_control = &(RC.nrmac[instance]->UE_info.UE_sched_ctrl[UE_id_mac]); UE_sched_ctrl_t *UE_scheduling_control = &(RC.nrmac[instance]->UE_info.UE_sched_ctrl[UE_id_mac]);
if (UE_scheduling_control->cdrx_waiting_ack == TRUE) { if (UE_scheduling_control->cdrx_waiting_ack == TRUE) {
UE_scheduling_control->cdrx_waiting_ack = FALSE; UE_scheduling_control->cdrx_waiting_ack = FALSE;
UE_scheduling_control->cdrx_configured = TRUE; // Set to TRUE when RRC Connection Reconfiguration Complete is received UE_scheduling_control->cdrx_configured = TRUE; // Set to TRUE when RRC Connection Reconfiguration Complete is received
...@@ -1064,7 +1064,7 @@ int DU_send_UL_NR_RRC_MESSAGE_TRANSFER(instance_t instance, ...@@ -1064,7 +1064,7 @@ int DU_send_UL_NR_RRC_MESSAGE_TRANSFER(instance_t instance,
case NR_UL_DCCH_MessageType__c1_PR_rrcSetupComplete: case NR_UL_DCCH_MessageType__c1_PR_rrcSetupComplete:
LOG_I(F1AP, "[MSG] RRC UL rrcSetupComplete \n"); LOG_I(F1AP, "[MSG] RRC UL rrcSetupComplete \n");
if(!ue_context_p){ if(!ue_context_p){
LOG_E(F1AP, "Did not find the UE context associated with UE RNTOI %x, ue_context_p is NULL\n", rnti); LOG_E(F1AP, "Did not find the UE context associated with UE RNTOI %x, ue_context_p is NULL\n", rnti);
...@@ -1317,12 +1317,12 @@ int DU_handle_DL_NR_RRC_MESSAGE_TRANSFER(instance_t instance, ...@@ -1317,12 +1317,12 @@ int DU_handle_DL_NR_RRC_MESSAGE_TRANSFER(instance_t instance,
NULL); NULL);
// This should be somewhere in the f1ap_cudu_ue_inst_t // This should be somewhere in the f1ap_cudu_ue_inst_t
/*int macrlc_instance = 0; /*int macrlc_instance = 0;
rnti_t rnti = f1ap_get_rnti_by_du_id(&f1ap_du_inst[0], du_ue_f1ap_id); rnti_t rnti = f1ap_get_rnti_by_du_id(&f1ap_du_inst[0], du_ue_f1ap_id);
struct rrc_gNB_ue_context_s *ue_context_p = rrc_gNB_get_ue_context(RC.nrrrc[macrlc_instance],rnti); struct rrc_gNB_ue_context_s *ue_context_p = rrc_gNB_get_ue_context(RC.nrrrc[macrlc_instance],rnti);
*/ */
gNB_RRC_UE_t *ue_p = &ue_context_p->ue_context; gNB_RRC_UE_t *ue_p = &ue_context_p->ue_context;
AssertFatal(ue_p->Srb0.Active == 1,"SRB0 is not active\n"); AssertFatal(ue_p->Srb0.Active == 1,"SRB0 is not active\n");
memcpy((void*)ue_p->Srb0.Tx_buffer.Payload, memcpy((void*)ue_p->Srb0.Tx_buffer.Payload,
......
...@@ -50,7 +50,7 @@ int DU_send_INITIAL_UL_RRC_MESSAGE_TRANSFER(module_id_t module_idP, ...@@ -50,7 +50,7 @@ int DU_send_INITIAL_UL_RRC_MESSAGE_TRANSFER(module_id_t module_idP,
rnti_t rntiP, rnti_t rntiP,
const uint8_t *sduP, const uint8_t *sduP,
sdu_size_t sdu_lenP, sdu_size_t sdu_lenP,
const uint8_t *sdu2P, const int8_t *sdu2P,
sdu_size_t sdu2_lenP); sdu_size_t sdu2_lenP);
#endif /* F1AP_DU_RRC_MESSAGE_TRANSFER_H_ */ #endif /* F1AP_DU_RRC_MESSAGE_TRANSFER_H_ */
...@@ -195,7 +195,7 @@ void *F1AP_DU_task(void *arg) { ...@@ -195,7 +195,7 @@ void *F1AP_DU_task(void *arg) {
DU_send_INITIAL_UL_RRC_MESSAGE_TRANSFER(0,0,0,msg->crnti, DU_send_INITIAL_UL_RRC_MESSAGE_TRANSFER(0,0,0,msg->crnti,
msg->rrc_container, msg->rrc_container,
msg->rrc_container_length, msg->rrc_container_length,
msg->du2cu_rrc_container, (char*)msg->du2cu_rrc_container,
msg->du2cu_rrc_container_length); msg->du2cu_rrc_container_length);
break; break;
......
...@@ -1055,8 +1055,9 @@ NR_UE_L2_STATE_t nr_ue_scheduler(nr_downlink_indication_t *dl_info, nr_uplink_in ...@@ -1055,8 +1055,9 @@ NR_UE_L2_STATE_t nr_ue_scheduler(nr_downlink_indication_t *dl_info, nr_uplink_in
//and block this traffic from being forwarded to the upper layers at the gNB //and block this traffic from being forwarded to the upper layers at the gNB
LOG_D(PHY, "In %s: Random data to be transmitted: TBS_bytes %d \n", __FUNCTION__, TBS_bytes); LOG_D(PHY, "In %s: Random data to be transmitted: TBS_bytes %d \n", __FUNCTION__, TBS_bytes);
// Make the first byte padding so that gNB ignores the PHY random //Give the first byte a dummy value (a value not corresponding to any valid LCID based on 38.321, Table 6.2.1-2)
// data in the TB for the PHY at the MAC layer //in order to distinguish the PHY random packets at the MAC layer of the gNB receiver from the normal packets that should
//have a valid LCID (nr_process_mac_pdu function)
ulsch_input_buffer[0] = UL_SCH_LCID_PADDING; ulsch_input_buffer[0] = UL_SCH_LCID_PADDING;
for (int i = 1; i < TBS_bytes; i++) { for (int i = 1; i < TBS_bytes; i++) {
...@@ -1964,6 +1965,7 @@ void nr_ue_prach_scheduler(module_id_t module_idP, frame_t frameP, sub_frame_t s ...@@ -1964,6 +1965,7 @@ void nr_ue_prach_scheduler(module_id_t module_idP, frame_t frameP, sub_frame_t s
} // if is_nr_UL_slot } // if is_nr_UL_slot
} }
#define MAX_LCID 8 //Fixme: also defined in LCID table
uint8_t uint8_t
nr_ue_get_sdu(module_id_t module_idP, int CC_id, frame_t frameP, nr_ue_get_sdu(module_id_t module_idP, int CC_id, frame_t frameP,
sub_frame_t subframe, uint8_t eNB_index, sub_frame_t subframe, uint8_t eNB_index,
...@@ -1971,16 +1973,15 @@ nr_ue_get_sdu(module_id_t module_idP, int CC_id, frame_t frameP, ...@@ -1971,16 +1973,15 @@ nr_ue_get_sdu(module_id_t module_idP, int CC_id, frame_t frameP,
uint8_t total_rlc_pdu_header_len = 0; uint8_t total_rlc_pdu_header_len = 0;
int16_t buflen_remain = 0; int16_t buflen_remain = 0;
uint8_t lcid = 0; uint8_t lcid = 0;
uint16_t sdu_lengths[8] = { 0, 0, 0, 0, 0, 0, 0, 0 }; uint16_t sdu_lengths[MAX_LCID] = { 0 };
uint8_t sdu_lcids[8] = { 0, 0, 0, 0, 0, 0, 0, 0 }; uint8_t sdu_lcids[MAX_LCID] = { 0 };
uint16_t payload_offset = 0, num_sdus = 0; uint16_t payload_offset = 0, num_sdus = 0;
uint8_t ulsch_sdus[MAX_ULSCH_PAYLOAD_BYTES]; uint8_t ulsch_sdus[MAX_ULSCH_PAYLOAD_BYTES];
uint16_t sdu_length_total = 0; uint16_t sdu_length_total = 0;
//unsigned short post_padding = 0; //unsigned short post_padding = 0;
NR_UE_MAC_INST_t *mac = get_mac_inst(module_idP); NR_UE_MAC_INST_t *mac = get_mac_inst(module_idP);
rlc_buffer_occupancy_t lcid_buffer_occupancy_old = rlc_buffer_occupancy_t lcid_buffer_occupancy_new = 0;
0, lcid_buffer_occupancy_new = 0;
LOG_D(NR_MAC, LOG_D(NR_MAC,
"[UE %d] MAC PROCESS UL TRANSPORT BLOCK at frame%d subframe %d TBS=%d\n", "[UE %d] MAC PROCESS UL TRANSPORT BLOCK at frame%d subframe %d TBS=%d\n",
module_idP, frameP, subframe, buflen); module_idP, frameP, subframe, buflen);
...@@ -1990,12 +1991,9 @@ nr_ue_get_sdu(module_id_t module_idP, int CC_id, frame_t frameP, ...@@ -1990,12 +1991,9 @@ nr_ue_get_sdu(module_id_t module_idP, int CC_id, frame_t frameP,
// Check for DCCH first // Check for DCCH first
// TO DO: Multiplex in the order defined by the logical channel prioritization // TO DO: Multiplex in the order defined by the logical channel prioritization
for (lcid = UL_SCH_LCID_SRB1; for (lcid = UL_SCH_LCID_SRB1;
lcid < NR_MAX_NUM_LCID; lcid++) { lcid < MAX_LCID; lcid++) {
lcid_buffer_occupancy_old = mac_rlc_get_buffer_occupancy_ind(module_idP, mac->crnti, eNB_index, frameP, subframe, ENB_FLAG_NO, lcid); if( mac_rlc_get_buffer_occupancy_ind(module_idP, mac->crnti, eNB_index, frameP, subframe, ENB_FLAG_NO, lcid) ) {
lcid_buffer_occupancy_new = lcid_buffer_occupancy_old;
if(lcid_buffer_occupancy_new){
buflen_remain = buflen_remain =
buflen - (total_rlc_pdu_header_len + sdu_length_total + MAX_RLC_SDU_SUBHEADER_SIZE); buflen - (total_rlc_pdu_header_len + sdu_length_total + MAX_RLC_SDU_SUBHEADER_SIZE);
...@@ -2033,14 +2031,6 @@ nr_ue_get_sdu(module_id_t module_idP, int CC_id, frame_t frameP, ...@@ -2033,14 +2031,6 @@ nr_ue_get_sdu(module_id_t module_idP, int CC_id, frame_t frameP,
num_sdus++; num_sdus++;
} }
/* Get updated BO after multiplexing this PDU */
lcid_buffer_occupancy_new = mac_rlc_get_buffer_occupancy_ind(module_idP,
mac->crnti,
eNB_index,
frameP,
subframe,
ENB_FLAG_NO,
lcid);
buflen_remain = buflen_remain =
buflen - (total_rlc_pdu_header_len + sdu_length_total + MAX_RLC_SDU_SUBHEADER_SIZE); buflen - (total_rlc_pdu_header_len + sdu_length_total + MAX_RLC_SDU_SUBHEADER_SIZE);
} }
......
...@@ -32,6 +32,8 @@ ...@@ -32,6 +32,8 @@
#include "LAYER2/NR_MAC_gNB/mac_proto.h" #include "LAYER2/NR_MAC_gNB/mac_proto.h"
#include "executables/softmodem-common.h" #include "executables/softmodem-common.h"
#include "common/utils/nr/nr_common.h" #include "common/utils/nr/nr_common.h"
#include <openair2/UTIL/OPT/opt.h>
//38.321 Table 6.1.3.1-1 //38.321 Table 6.1.3.1-1
const uint32_t NR_SHORT_BSR_TABLE[32] = { const uint32_t NR_SHORT_BSR_TABLE[32] = {
...@@ -189,6 +191,7 @@ void nr_process_mac_pdu(module_id_t module_idP, ...@@ -189,6 +191,7 @@ void nr_process_mac_pdu(module_id_t module_idP,
uint16_t mac_ce_len, mac_subheader_len, mac_sdu_len; uint16_t mac_ce_len, mac_subheader_len, mac_sdu_len;
NR_UE_info_t *UE_info = &RC.nrmac[module_idP]->UE_info; NR_UE_info_t *UE_info = &RC.nrmac[module_idP]->UE_info;
trace_NRpdu(DIRECTION_UPLINK, pduP, mac_pdu_len ,UE_id, WS_C_RNTI, UE_info->rnti[UE_id], frameP, 0,0, 0);
NR_UE_sched_ctrl_t *sched_ctrl = &UE_info->UE_sched_ctrl[UE_id]; NR_UE_sched_ctrl_t *sched_ctrl = &UE_info->UE_sched_ctrl[UE_id];
// For both DL/UL-SCH // For both DL/UL-SCH
// Except: // Except:
...@@ -371,16 +374,16 @@ void nr_process_mac_pdu(module_id_t module_idP, ...@@ -371,16 +374,16 @@ void nr_process_mac_pdu(module_id_t module_idP,
} }
LOG_D(NR_MAC, "[UE %d] Frame %d : ULSCH -> UL-DCCH %d (gNB %d, %d bytes), rnti: %d \n", module_idP, frameP, rx_lcid, module_idP, mac_sdu_len, *UE_info->rnti); LOG_D(NR_MAC, "[UE %d] Frame %d : ULSCH -> UL-DCCH %d (gNB %d, %d bytes), rnti: %d \n", module_idP, frameP, rx_lcid, module_idP, mac_sdu_len, *UE_info->rnti);
mac_rlc_data_ind(module_idP, mac_rlc_data_ind(module_idP,
*UE_info->rnti, UE_info->rnti[UE_id],
module_idP, module_idP,
frameP, frameP,
ENB_FLAG_YES, ENB_FLAG_YES,
MBMS_FLAG_NO, MBMS_FLAG_NO,
rx_lcid, rx_lcid,
(char *) (pdu_ptr + mac_subheader_len), (char *) (pdu_ptr + mac_subheader_len),
mac_sdu_len, mac_sdu_len,
1, 1,
NULL); NULL);
break; break;
case UL_SCH_LCID_SRB3: case UL_SCH_LCID_SRB3:
// todo // todo
......
...@@ -436,11 +436,16 @@ teid_t newGtpuCreateTunnel(instance_t instance, rnti_t rnti, int incoming_bearer ...@@ -436,11 +436,16 @@ teid_t newGtpuCreateTunnel(instance_t instance, rnti_t rnti, int incoming_bearer
tmp->outgoing_port=port; tmp->outgoing_port=port;
tmp->teid_outgoing= outgoing_teid; tmp->teid_outgoing= outgoing_teid;
pthread_mutex_unlock(&globGtp.gtp_lock); pthread_mutex_unlock(&globGtp.gtp_lock);
LOG_D(GTPU, "Created tunnel for RNTI %x, bearer: %d/%d teid for DL: %x, teid for UL %x\n", char ip4[INET_ADDRSTRLEN];
char ip6[INET6_ADDRSTRLEN];
LOG_I(GTPU, "Created tunnel for RNTI %x, teid for DL: %d, teid for UL %d to remote IPv4: %s, IPv6 %s\n",
rnti, rnti,
outgoing_bearer_id, incoming_bearer_id,
tmp->teid_incoming, tmp->teid_incoming,
tmp->teid_outgoing); tmp->teid_outgoing,
inet_ntop(AF_INET,(void*)&tmp->outgoing_ip_addr, ip4,INET_ADDRSTRLEN ),
inet_ntop(AF_INET6,(void*)&tmp->outgoing_ip6_addr.s6_addr, ip6, INET6_ADDRSTRLEN));
return incoming_teid; return incoming_teid;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment