fix array overflow and wrong LCID

5d11b744 · Laurent THOMAS · rmagueta · 6293f610 · 5d11b744 · 5d11b744
Commit 5d11b744 authored Jun 21, 2021 by Laurent THOMAS Committed by rmagueta Jun 21, 2021
8 changed files
--- a/openair1/PHY/NR_TRANSPORT/nr_dlsch_coding.c
+++ b/openair1/PHY/NR_TRANSPORT/nr_dlsch_coding.c
@@ -44,6 +44,7 @@
 #include "common/utils/LOG/vcd_signal_dumper.h"
 #include "common/utils/LOG/log.h"
 #include <syscall.h>
+#include <openair2/UTIL/OPT/opt.h>
 //#define DEBUG_DLSCH_CODING
 //#define DEBUG_DLSCH_FREE 1
@@ -266,6 +267,8 @@ int nr_dlsch_encoding(PHY_VARS_gNB *gNB,
  VCD_SIGNAL_DUMPER_DUMP_FUNCTION_BY_NAME(VCD_SIGNAL_DUMPER_FUNCTIONS_gNB_DLSCH_ENCODING, VCD_FUNCTION_IN);
  A = rel15->TBSize[0]<<3;
+  if ( dlsch->rnti != SI_RNTI )
+     trace_NRpdu(DIRECTION_DOWNLINK, a, rel15->TBSize[0], 0, WS_C_RNTI, dlsch->rnti, frame, slot,0, 0);
  NR_gNB_SCH_STATS_t *stats=NULL;
  int first_free=-1;

--- a/openair2/COMMON/f1ap_messages_types.h
+++ b/openair2/COMMON/f1ap_messages_types.h
@@ -299,7 +299,7 @@ typedef struct f1ap_initial_ul_rrc_message_s {
  uint16_t crnti;
  uint8_t *rrc_container;
  int      rrc_container_length;
-  uint8_t *du2cu_rrc_container;
+  int8_t *du2cu_rrc_container;
  int      du2cu_rrc_container_length;
 } f1ap_initial_ul_rrc_message_t;

--- a/openair2/F1AP/f1ap_du_rrc_message_transfer.c
+++ b/openair2/F1AP/f1ap_du_rrc_message_transfer.c
@@ -806,7 +806,7 @@ int DU_send_INITIAL_UL_RRC_MESSAGE_TRANSFER(module_id_t     module_idP,
                                            rnti_t          rntiP,
                                            const uint8_t   *sduP,
                                            sdu_size_t      sdu_lenP,
-                                            const uint8_t   *sdu2P,
+                                            const int8_t   *sdu2P,
 					                                  sdu_size_t      sdu2_lenP) {
  F1AP_F1AP_PDU_t                       pdu;

--- a/openair2/F1AP/f1ap_du_rrc_message_transfer.h
+++ b/openair2/F1AP/f1ap_du_rrc_message_transfer.h
@@ -50,7 +50,7 @@ int DU_send_INITIAL_UL_RRC_MESSAGE_TRANSFER(module_id_t     module_idP,
                                            rnti_t          rntiP,
                                            const uint8_t   *sduP,
                                            sdu_size_t      sdu_lenP,
-                                            const uint8_t   *sdu2P,
+                                            const int8_t   *sdu2P,
                                            sdu_size_t      sdu2_lenP);
 #endif /* F1AP_DU_RRC_MESSAGE_TRANSFER_H_ */
--- a/openair2/F1AP/f1ap_du_task.c
+++ b/openair2/F1AP/f1ap_du_task.c
@@ -195,7 +195,7 @@ void *F1AP_DU_task(void *arg) {
        DU_send_INITIAL_UL_RRC_MESSAGE_TRANSFER(0,0,0,msg->crnti,
                                                msg->rrc_container,
                                                msg->rrc_container_length,
-                                                msg->du2cu_rrc_container,
+                                                (char*)msg->du2cu_rrc_container,
                                                msg->du2cu_rrc_container_length);
        break;

--- a/openair2/LAYER2/NR_MAC_UE/nr_ue_scheduler.c
+++ b/openair2/LAYER2/NR_MAC_UE/nr_ue_scheduler.c
@@ -1055,8 +1055,9 @@ NR_UE_L2_STATE_t nr_ue_scheduler(nr_downlink_indication_t *dl_info, nr_uplink_in
              //and block this traffic from being forwarded to the upper layers at the gNB
              LOG_D(PHY, "In %s: Random data to be transmitted: TBS_bytes %d \n", __FUNCTION__, TBS_bytes);
-              // Make the first byte padding so that gNB ignores the PHY random
+              //Give the first byte a dummy value (a value not corresponding to any valid LCID based on 38.321, Table 6.2.1-2)
-              // data in the TB for the PHY at the MAC layer
+              //in order to distinguish the PHY random packets at the MAC layer of the gNB receiver from the normal packets that should
+              //have a valid LCID (nr_process_mac_pdu function)
              ulsch_input_buffer[0] = UL_SCH_LCID_PADDING;
              for (int i = 1; i < TBS_bytes; i++) {
@@ -1964,6 +1965,7 @@ void nr_ue_prach_scheduler(module_id_t module_idP, frame_t frameP, sub_frame_t s
  } // if is_nr_UL_slot
 }
+#define MAX_LCID 8 //Fixme: also defined in LCID table
 uint8_t
 nr_ue_get_sdu(module_id_t module_idP, int CC_id, frame_t frameP,
           sub_frame_t subframe, uint8_t eNB_index,
@@ -1971,16 +1973,15 @@ nr_ue_get_sdu(module_id_t module_idP, int CC_id, frame_t frameP,
  uint8_t total_rlc_pdu_header_len = 0;
  int16_t buflen_remain = 0;
  uint8_t lcid = 0;
-  uint16_t sdu_lengths[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
+  uint16_t sdu_lengths[MAX_LCID] = { 0 };
-  uint8_t sdu_lcids[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
+  uint8_t sdu_lcids[MAX_LCID] = { 0 };
  uint16_t payload_offset = 0, num_sdus = 0;
  uint8_t ulsch_sdus[MAX_ULSCH_PAYLOAD_BYTES];
  uint16_t sdu_length_total = 0;
  //unsigned short post_padding = 0;
  NR_UE_MAC_INST_t *mac = get_mac_inst(module_idP);
-  rlc_buffer_occupancy_t lcid_buffer_occupancy_old =
+  rlc_buffer_occupancy_t lcid_buffer_occupancy_new = 0;
-    0, lcid_buffer_occupancy_new = 0;
  LOG_D(NR_MAC,
        "[UE %d] MAC PROCESS UL TRANSPORT BLOCK at frame%d subframe %d TBS=%d\n",
        module_idP, frameP, subframe, buflen);
@@ -1990,12 +1991,9 @@ nr_ue_get_sdu(module_id_t module_idP, int CC_id, frame_t frameP,
  // Check for DCCH first
  // TO DO: Multiplex in the order defined by the logical channel prioritization
  for (lcid = UL_SCH_LCID_SRB1;
-       lcid < NR_MAX_NUM_LCID; lcid++) {
+       lcid < MAX_LCID; lcid++) {
-      lcid_buffer_occupancy_old = mac_rlc_get_buffer_occupancy_ind(module_idP, mac->crnti, eNB_index, frameP, subframe, ENB_FLAG_NO, lcid);
+      if( mac_rlc_get_buffer_occupancy_ind(module_idP, mac->crnti, eNB_index, frameP, subframe, ENB_FLAG_NO, lcid) ) {
-      lcid_buffer_occupancy_new = lcid_buffer_occupancy_old;
-      if(lcid_buffer_occupancy_new){
        buflen_remain =
          buflen - (total_rlc_pdu_header_len + sdu_length_total + MAX_RLC_SDU_SUBHEADER_SIZE);
@@ -2033,14 +2031,6 @@ nr_ue_get_sdu(module_id_t module_idP, int CC_id, frame_t frameP,
          num_sdus++;
        }
-        /* Get updated BO after multiplexing this PDU */
-        lcid_buffer_occupancy_new = mac_rlc_get_buffer_occupancy_ind(module_idP,
-                                                                     mac->crnti,
-                                                                     eNB_index,
-                                                                     frameP,
-                                                                     subframe,
-                                                                     ENB_FLAG_NO,
-                                                                     lcid);
        buflen_remain =
                  buflen - (total_rlc_pdu_header_len + sdu_length_total + MAX_RLC_SDU_SUBHEADER_SIZE);
        }

--- a/openair2/LAYER2/NR_MAC_gNB/gNB_scheduler_ulsch.c
+++ b/openair2/LAYER2/NR_MAC_gNB/gNB_scheduler_ulsch.c
@@ -32,6 +32,8 @@
 #include "LAYER2/NR_MAC_gNB/mac_proto.h"
 #include "executables/softmodem-common.h"
 #include "common/utils/nr/nr_common.h"
+#include <openair2/UTIL/OPT/opt.h>
 //38.321 Table 6.1.3.1-1
 const uint32_t NR_SHORT_BSR_TABLE[32] = {
@@ -189,6 +191,7 @@ void nr_process_mac_pdu(module_id_t module_idP,
    uint16_t mac_ce_len, mac_subheader_len, mac_sdu_len;
    NR_UE_info_t *UE_info = &RC.nrmac[module_idP]->UE_info;
+    trace_NRpdu(DIRECTION_UPLINK, pduP, mac_pdu_len ,UE_id, WS_C_RNTI, UE_info->rnti[UE_id], frameP, 0,0, 0);
    NR_UE_sched_ctrl_t *sched_ctrl = &UE_info->UE_sched_ctrl[UE_id];
    //  For both DL/UL-SCH
    //  Except:
@@ -371,7 +374,7 @@ void nr_process_mac_pdu(module_id_t module_idP,
          }
          LOG_D(NR_MAC, "[UE %d] Frame %d : ULSCH -> UL-DCCH %d (gNB %d, %d bytes), rnti: %d \n", module_idP, frameP, rx_lcid, module_idP, mac_sdu_len, *UE_info->rnti);
          mac_rlc_data_ind(module_idP,
-              *UE_info->rnti,
+                           UE_info->rnti[UE_id],
                           module_idP,
                           frameP,
                           ENB_FLAG_YES,

--- a/openair3/ocp-gtpu/gtp_itf.cpp
+++ b/openair3/ocp-gtpu/gtp_itf.cpp
@@ -436,11 +436,16 @@ teid_t newGtpuCreateTunnel(instance_t instance, rnti_t rnti, int incoming_bearer
  tmp->outgoing_port=port;
  tmp->teid_outgoing= outgoing_teid;
  pthread_mutex_unlock(&globGtp.gtp_lock);
-  LOG_D(GTPU, "Created tunnel for RNTI %x, bearer: %d/%d teid for DL: %x, teid for UL %x\n",
+  char ip4[INET_ADDRSTRLEN];
+  char ip6[INET6_ADDRSTRLEN];
+  LOG_I(GTPU, "Created tunnel for RNTI %x, teid for DL: %d, teid for UL %d to remote IPv4: %s, IPv6 %s\n",
        rnti,
-        outgoing_bearer_id, incoming_bearer_id,
        tmp->teid_incoming,
-        tmp->teid_outgoing);
+        tmp->teid_outgoing,
+        inet_ntop(AF_INET,(void*)&tmp->outgoing_ip_addr, ip4,INET_ADDRSTRLEN ),
+        inet_ntop(AF_INET6,(void*)&tmp->outgoing_ip6_addr.s6_addr, ip6, INET6_ADDRSTRLEN));
  return incoming_teid;
 }