Commit 4bdd700a authored by Wilson W.K. Thong's avatar Wilson W.K. Thong

skip the RLC PDU if its header is found invalid

see issue #178
parent 3bf8768d
...@@ -130,6 +130,7 @@ int rlc_um_read_length_indicators(unsigned char**data_ppP, rlc_um_e_li_t* e_liP, ...@@ -130,6 +130,7 @@ int rlc_um_read_length_indicators(unsigned char**data_ppP, rlc_um_e_li_t* e_liP,
unsigned int e2 = 0; unsigned int e2 = 0;
unsigned int li2 = 0; unsigned int li2 = 0;
*num_li_pP = 0; *num_li_pP = 0;
int pdu_size = *data_size_pP;
while ((continue_loop)) { while ((continue_loop)) {
//msg("[RLC_UM] e_liP->b1 = %02X\n", e_liP->b1); //msg("[RLC_UM] e_liP->b1 = %02X\n", e_liP->b1);
...@@ -147,13 +148,39 @@ int rlc_um_read_length_indicators(unsigned char**data_ppP, rlc_um_e_li_t* e_liP, ...@@ -147,13 +148,39 @@ int rlc_um_read_length_indicators(unsigned char**data_ppP, rlc_um_e_li_t* e_liP,
*data_size_pP = *data_size_pP - li2 - 1; *data_size_pP = *data_size_pP - li2 - 1;
*num_li_pP = *num_li_pP +1; *num_li_pP = *num_li_pP +1;
if (!(*data_size_pP >= 0)) LOG_E(RLC, "Invalid data_size=%d! (pdu_size=%d loop=%d e1=%d e2=%d li2=%d e_liP=%02x.%02x.%02x.%02x.%02x.%02x.%02x.%02x.%02x)\n",
*data_size_pP, pdu_size, continue_loop, e1, e2, li2,
(e_liP-(continue_loop-1)+0)->b1,
(e_liP-(continue_loop-1)+0)->b2,
(e_liP-(continue_loop-1)+0)->b3,
(e_liP-(continue_loop-1)+1)->b1,
(e_liP-(continue_loop-1)+1)->b2,
(e_liP-(continue_loop-1)+1)->b3,
(e_liP-(continue_loop-1)+2)->b1,
(e_liP-(continue_loop-1)+2)->b2,
(e_liP-(continue_loop-1)+2)->b3);
// AssertFatal(*data_size_pP >= 0, "Invalid data_size!");
if (e2 == 0) { if (e2 == 0) {
continue_loop = 0; continue_loop = 0;
} else { } else {
e_liP++; e_liP++;
continue_loop++;
} }
} else { } else {
if (!(*data_size_pP >= 0)) LOG_E(RLC, "Invalid data_size=%d! (pdu_size=%d loop=%d e1=%d li1=%d e_liP=%02x.%02x.%02x.%02x.%02x.%02x.%02x.%02x.%02x)\n",
*data_size_pP, pdu_size, continue_loop, e1, li1,
(e_liP-(continue_loop-1)+0)->b1,
(e_liP-(continue_loop-1)+0)->b2,
(e_liP-(continue_loop-1)+0)->b3,
(e_liP-(continue_loop-1)+1)->b1,
(e_liP-(continue_loop-1)+1)->b2,
(e_liP-(continue_loop-1)+1)->b3,
(e_liP-(continue_loop-1)+2)->b1,
(e_liP-(continue_loop-1)+2)->b2,
(e_liP-(continue_loop-1)+2)->b3);
continue_loop = 0; continue_loop = 0;
// AssertFatal(*data_size_pP >= 0, "Invalid data_size!");
} }
if (*num_li_pP >= RLC_UM_SEGMENT_NB_MAX_LI_PER_PDU) { if (*num_li_pP >= RLC_UM_SEGMENT_NB_MAX_LI_PER_PDU) {
...@@ -162,7 +189,15 @@ int rlc_um_read_length_indicators(unsigned char**data_ppP, rlc_um_e_li_t* e_liP, ...@@ -162,7 +189,15 @@ int rlc_um_read_length_indicators(unsigned char**data_ppP, rlc_um_e_li_t* e_liP,
} }
*data_ppP = *data_ppP + (((*num_li_pP*3) +1) >> 1); *data_ppP = *data_ppP + (((*num_li_pP*3) +1) >> 1);
return 0; if (*data_size_pP > 0) {
return 0;
} else if (*data_size_pP == 0) {
LOG_W(RLC, "Last RLC SDU size is zero!\n");
return -1;
} else {
LOG_W(RLC, "Last RLC SDU size is negative %d!\n", *data_size_pP);
return -1;
}
} }
//----------------------------------------------------------------------------- //-----------------------------------------------------------------------------
void void
...@@ -273,6 +308,8 @@ rlc_um_try_reassembly( ...@@ -273,6 +308,8 @@ rlc_um_try_reassembly(
__LINE__); __LINE__);
#endif #endif
} }
AssertFatal((e==0) || (e==1), "invalid e!");
AssertFatal((fi >= 0) && (fi <= 3), "invalid fi!");
if (e == RLC_E_FIXED_PART_DATA_FIELD_FOLLOW) { if (e == RLC_E_FIXED_PART_DATA_FIELD_FOLLOW) {
switch (fi) { switch (fi) {
...@@ -362,8 +399,9 @@ rlc_um_try_reassembly( ...@@ -362,8 +399,9 @@ rlc_um_try_reassembly(
break; break;
default: default:
AssertFatal( 0 , PROTOCOL_RLC_UM_CTXT_FMT" TRY REASSEMBLY SHOULD NOT GO HERE (%s:%u)\n", AssertFatal( 0 , PROTOCOL_RLC_UM_CTXT_FMT" fi=%d! TRY REASSEMBLY SHOULD NOT GO HERE (%s:%u)\n",
PROTOCOL_RLC_UM_CTXT_ARGS(ctxt_pP, rlc_pP), PROTOCOL_RLC_UM_CTXT_ARGS(ctxt_pP, rlc_pP),
fi,
__FILE__, __FILE__,
__LINE__); __LINE__);
} }
...@@ -504,8 +542,9 @@ rlc_um_try_reassembly( ...@@ -504,8 +542,9 @@ rlc_um_try_reassembly(
// data_p is already ok, done by last loop above // data_p is already ok, done by last loop above
rlc_um_reassembly (ctxt_pP, rlc_pP, data_p, size); rlc_um_reassembly (ctxt_pP, rlc_pP, data_p, size);
} else { } else {
AssertFatal( 0 !=0, PROTOCOL_RLC_UM_CTXT_FMT" SHOULD NOT GO HERE (%s:%u)\n", AssertFatal( 0 !=0, PROTOCOL_RLC_UM_CTXT_FMT" size=%d! SHOULD NOT GO HERE (%s:%u)\n",
PROTOCOL_RLC_UM_CTXT_ARGS(ctxt_pP, rlc_pP), PROTOCOL_RLC_UM_CTXT_ARGS(ctxt_pP, rlc_pP),
size,
__FILE__, __FILE__,
__LINE__); __LINE__);
//rlc_pP->stat_rx_data_pdu_dropped += 1; //rlc_pP->stat_rx_data_pdu_dropped += 1;
...@@ -534,6 +573,12 @@ rlc_um_try_reassembly( ...@@ -534,6 +573,12 @@ rlc_um_try_reassembly(
__LINE__); __LINE__);
#endif #endif
} }
} else {
rlc_pP->stat_rx_data_pdu_dropped += 1;
rlc_pP->stat_rx_data_bytes_dropped += tb_ind_p->size;
rlc_pP->reassembly_missing_sn_detected = 1;
LOG_W(RLC, "[SN %d] Bad RLC header! Discard this RLC PDU\n", sn, size);
} }
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment