Commit 1f211efb authored by wanghe's avatar wanghe Committed by Haruki NAOI

Fix: GTP/S1AP UE resource release leak issue.

parent 3492f604
...@@ -1630,6 +1630,8 @@ rrc_eNB_process_RRCConnectionReestablishmentComplete( ...@@ -1630,6 +1630,8 @@ rrc_eNB_process_RRCConnectionReestablishmentComplete(
LTE_C_RNTI_t *cba_RNTI = NULL; LTE_C_RNTI_t *cba_RNTI = NULL;
int measurements_enabled; int measurements_enabled;
uint8_t next_xid = rrc_eNB_get_next_transaction_identifier(ctxt_pP->module_id); uint8_t next_xid = rrc_eNB_get_next_transaction_identifier(ctxt_pP->module_id);
int ret = 0;
ue_context_pP->ue_context.Status = RRC_CONNECTED; ue_context_pP->ue_context.Status = RRC_CONNECTED;
ue_context_pP->ue_context.ue_rrc_inactivity_timer = 1; // set rrc inactivity when UE goes into RRC_CONNECTED ue_context_pP->ue_context.ue_rrc_inactivity_timer = 1; // set rrc inactivity when UE goes into RRC_CONNECTED
ue_context_pP->ue_context.reestablishment_xid = next_xid; ue_context_pP->ue_context.reestablishment_xid = next_xid;
...@@ -1735,10 +1737,36 @@ rrc_eNB_process_RRCConnectionReestablishmentComplete( ...@@ -1735,10 +1737,36 @@ rrc_eNB_process_RRCConnectionReestablishmentComplete(
create_tunnel_req.rnti = ctxt_pP->rnti; // warning put zero above create_tunnel_req.rnti = ctxt_pP->rnti; // warning put zero above
create_tunnel_req.num_tunnels = j; create_tunnel_req.num_tunnels = j;
gtpv1u_update_s1u_tunnel(
ret = gtpv1u_update_s1u_tunnel(
ctxt_pP->instance, ctxt_pP->instance,
&create_tunnel_req, &create_tunnel_req,
reestablish_rnti); reestablish_rnti);
if ( ret != 0 ) {
LOG_E(RRC,"gtpv1u_update_s1u_tunnel failed,start to release UE %x\n",reestablish_rnti);
// update s1u tunnel failed,reset rnti?
if (eNB_ue_s1ap_id > 0) {
h_rc = hashtable_get(rrc_instance_p->s1ap_id2_s1ap_ids, (hash_key_t)eNB_ue_s1ap_id, (void**)&rrc_ue_s1ap_ids_p);
if (h_rc == HASH_TABLE_OK ) {
rrc_ue_s1ap_ids_p->ue_rnti = reestablish_rnti;
}
}
if (ue_initial_id != 0) {
h_rc = hashtable_get(rrc_instance_p->initial_id2_s1ap_ids, (hash_key_t)ue_initial_id, (void**)&rrc_ue_s1ap_ids_p);
if (h_rc == HASH_TABLE_OK ) {
rrc_ue_s1ap_ids_p->ue_rnti = reestablish_rnti;
}
}
ue_context_pP->ue_context.ue_release_timer_s1 = 1;
ue_context_pP->ue_context.ue_release_timer_thres_s1 = 100;
ue_context_pP->ue_context.ue_release_timer = 0;
ue_context_pP->ue_context.ue_reestablishment_timer = 0;
ue_context_pP->ue_context.ul_failure_timer = 20000; // set ul_failure to 20000 for triggering rrc_eNB_send_S1AP_UE_CONTEXT_RELEASE_REQ
rrc_eNB_free_UE(ctxt_pP->module_id,ue_context_pP);
ue_context_pP->ue_context.ul_failure_timer = 0;
put_UE_in_freelist(ctxt_pP->module_id, ctxt_pP->rnti, 0);
return;
}
} /* EPC_MODE_ENABLED */ } /* EPC_MODE_ENABLED */
/* Update RNTI in ue_context */ /* Update RNTI in ue_context */
......
...@@ -935,6 +935,8 @@ int rrc_eNB_process_S1AP_INITIAL_CONTEXT_SETUP_REQ(MessageDef *msg_p, const char ...@@ -935,6 +935,8 @@ int rrc_eNB_process_S1AP_INITIAL_CONTEXT_SETUP_REQ(MessageDef *msg_p, const char
gtpv1u_enb_create_tunnel_req_t create_tunnel_req; gtpv1u_enb_create_tunnel_req_t create_tunnel_req;
gtpv1u_enb_create_tunnel_resp_t create_tunnel_resp; gtpv1u_enb_create_tunnel_resp_t create_tunnel_resp;
uint8_t inde_list[NB_RB_MAX - 3]= {0}; uint8_t inde_list[NB_RB_MAX - 3]= {0};
int ret;
struct rrc_eNB_ue_context_s *ue_context_p = NULL; struct rrc_eNB_ue_context_s *ue_context_p = NULL;
protocol_ctxt_t ctxt; protocol_ctxt_t ctxt;
ue_initial_id = S1AP_INITIAL_CONTEXT_SETUP_REQ (msg_p).ue_initial_id; ue_initial_id = S1AP_INITIAL_CONTEXT_SETUP_REQ (msg_p).ue_initial_id;
...@@ -976,10 +978,23 @@ int rrc_eNB_process_S1AP_INITIAL_CONTEXT_SETUP_REQ(MessageDef *msg_p, const char ...@@ -976,10 +978,23 @@ int rrc_eNB_process_S1AP_INITIAL_CONTEXT_SETUP_REQ(MessageDef *msg_p, const char
create_tunnel_req.rnti = ue_context_p->ue_context.rnti; // warning put zero above create_tunnel_req.rnti = ue_context_p->ue_context.rnti; // warning put zero above
// create_tunnel_req.num_tunnels = i; // create_tunnel_req.num_tunnels = i;
gtpv1u_create_s1u_tunnel(
ret = gtpv1u_create_s1u_tunnel(
instance, instance,
&create_tunnel_req, &create_tunnel_req,
&create_tunnel_resp); &create_tunnel_resp);
if ( ret != 0 ) {
LOG_E(RRC,"rrc_eNB_process_S1AP_INITIAL_CONTEXT_SETUP_REQ : gtpv1u_create_s1u_tunnel failed,start to release UE %x\n",ue_context_p->ue_context.rnti);
ue_context_p->ue_context.ue_release_timer_s1 = 1;
ue_context_p->ue_context.ue_release_timer_thres_s1 = 100;
ue_context_p->ue_context.ue_release_timer = 0;
ue_context_p->ue_context.ue_reestablishment_timer = 0;
ue_context_p->ue_context.ul_failure_timer = 20000; // set ul_failure to 20000 for triggering rrc_eNB_send_S1AP_UE_CONTEXT_RELEASE_REQ
rrc_eNB_free_UE(ctxt.module_id,ue_context_p);
ue_context_p->ue_context.ul_failure_timer = 0;
return (0);
}
rrc_eNB_process_GTPV1U_CREATE_TUNNEL_RESP( rrc_eNB_process_GTPV1U_CREATE_TUNNEL_RESP(
&ctxt, &ctxt,
&create_tunnel_resp, &create_tunnel_resp,
...@@ -1252,6 +1267,8 @@ int rrc_eNB_process_S1AP_E_RAB_SETUP_REQ(MessageDef *msg_p, const char *msg_name ...@@ -1252,6 +1267,8 @@ int rrc_eNB_process_S1AP_E_RAB_SETUP_REQ(MessageDef *msg_p, const char *msg_name
struct rrc_eNB_ue_context_s *ue_context_p = NULL; struct rrc_eNB_ue_context_s *ue_context_p = NULL;
protocol_ctxt_t ctxt; protocol_ctxt_t ctxt;
uint8_t e_rab_done; uint8_t e_rab_done;
int ret = 0;
ue_initial_id = S1AP_E_RAB_SETUP_REQ (msg_p).ue_initial_id; ue_initial_id = S1AP_E_RAB_SETUP_REQ (msg_p).ue_initial_id;
eNB_ue_s1ap_id = S1AP_E_RAB_SETUP_REQ (msg_p).eNB_ue_s1ap_id; eNB_ue_s1ap_id = S1AP_E_RAB_SETUP_REQ (msg_p).eNB_ue_s1ap_id;
ue_context_p = rrc_eNB_get_ue_context_from_s1ap_ids(instance, ue_initial_id, eNB_ue_s1ap_id); ue_context_p = rrc_eNB_get_ue_context_from_s1ap_ids(instance, ue_initial_id, eNB_ue_s1ap_id);
...@@ -1314,10 +1331,22 @@ int rrc_eNB_process_S1AP_E_RAB_SETUP_REQ(MessageDef *msg_p, const char *msg_name ...@@ -1314,10 +1331,22 @@ int rrc_eNB_process_S1AP_E_RAB_SETUP_REQ(MessageDef *msg_p, const char *msg_name
create_tunnel_req.rnti = ue_context_p->ue_context.rnti; // warning put zero above create_tunnel_req.rnti = ue_context_p->ue_context.rnti; // warning put zero above
create_tunnel_req.num_tunnels = e_rab_done; create_tunnel_req.num_tunnels = e_rab_done;
// NN: not sure if we should create a new tunnel: need to check teid, etc. // NN: not sure if we should create a new tunnel: need to check teid, etc.
gtpv1u_create_s1u_tunnel( ret = gtpv1u_create_s1u_tunnel(
instance, instance,
&create_tunnel_req, &create_tunnel_req,
&create_tunnel_resp); &create_tunnel_resp);
if ( ret != 0 ) {
LOG_E(RRC,"rrc_eNB_process_S1AP_E_RAB_SETUP_REQ : gtpv1u_create_s1u_tunnel failed,start to release UE %x\n",ue_context_p->ue_context.rnti);
ue_context_p->ue_context.ue_release_timer_s1 = 1;
ue_context_p->ue_context.ue_release_timer_thres_s1 = 100;
ue_context_p->ue_context.ue_release_timer = 0;
ue_context_p->ue_context.ue_reestablishment_timer = 0;
ue_context_p->ue_context.ul_failure_timer = 20000; // set ul_failure to 20000 for triggering rrc_eNB_send_S1AP_UE_CONTEXT_RELEASE_REQ
rrc_eNB_free_UE(ctxt.module_id,ue_context_p);
ue_context_p->ue_context.ul_failure_timer = 0;
return (0);
}
rrc_eNB_process_GTPV1U_CREATE_TUNNEL_RESP( rrc_eNB_process_GTPV1U_CREATE_TUNNEL_RESP(
&ctxt, &ctxt,
&create_tunnel_resp, &create_tunnel_resp,
......
...@@ -572,6 +572,10 @@ gtpv1u_create_s1u_tunnel( ...@@ -572,6 +572,10 @@ gtpv1u_create_s1u_tunnel(
int ip_offset = 0; int ip_offset = 0;
in_addr_t in_addr; in_addr_t in_addr;
int addrs_length_in_bytes= 0; int addrs_length_in_bytes= 0;
int loop_counter = 0;
int ret = 0;
MSC_LOG_RX_MESSAGE( MSC_LOG_RX_MESSAGE(
MSC_GTPU_ENB, MSC_GTPU_ENB,
MSC_RRC_ENB, MSC_RRC_ENB,
...@@ -586,6 +590,7 @@ gtpv1u_create_s1u_tunnel( ...@@ -586,6 +590,7 @@ gtpv1u_create_s1u_tunnel(
for (i = 0; i < create_tunnel_req_pP->num_tunnels; i++) { for (i = 0; i < create_tunnel_req_pP->num_tunnels; i++) {
ip_offset = 0; ip_offset = 0;
loop_counter = 0;
eps_bearer_id = create_tunnel_req_pP->eps_bearer_id[i]; eps_bearer_id = create_tunnel_req_pP->eps_bearer_id[i];
LOG_D(GTPU, "Rx GTPV1U_ENB_CREATE_TUNNEL_REQ ue rnti %x eps bearer id %u\n", LOG_D(GTPU, "Rx GTPV1U_ENB_CREATE_TUNNEL_REQ ue rnti %x eps bearer id %u\n",
create_tunnel_req_pP->rnti, eps_bearer_id); create_tunnel_req_pP->rnti, eps_bearer_id);
...@@ -600,7 +605,13 @@ gtpv1u_create_s1u_tunnel( ...@@ -600,7 +605,13 @@ gtpv1u_create_s1u_tunnel(
stack_req.apiInfo.createTunnelEndPointInfo.hStackSession = 0; stack_req.apiInfo.createTunnelEndPointInfo.hStackSession = 0;
rc = nwGtpv1uProcessUlpReq(RC.gtpv1u_data_g->gtpv1u_stack, &stack_req); rc = nwGtpv1uProcessUlpReq(RC.gtpv1u_data_g->gtpv1u_stack, &stack_req);
LOG_D(GTPU, ".\n"); LOG_D(GTPU, ".\n");
} while (rc != NW_GTPV1U_OK); loop_counter++;
} while (rc != NW_GTPV1U_OK && loop_counter < 10);
if ( rc != NW_GTPV1U_OK && loop_counter == 10 ) {
LOG_E(GTPU,"NwGtpv1uCreateTunnelEndPoint failed 10 times,start next loop\n");
ret = -1;
continue;
}
//----------------------- //-----------------------
// PDCP->GTPV1U mapping // PDCP->GTPV1U mapping
...@@ -682,7 +693,8 @@ gtpv1u_create_s1u_tunnel( ...@@ -682,7 +693,8 @@ gtpv1u_create_s1u_tunnel(
LOG_D(GTPU, "Tx GTPV1U_ENB_CREATE_TUNNEL_RESP ue rnti %x status %d\n", LOG_D(GTPU, "Tx GTPV1U_ENB_CREATE_TUNNEL_RESP ue rnti %x status %d\n",
create_tunnel_req_pP->rnti, create_tunnel_req_pP->rnti,
create_tunnel_resp_pP->status); create_tunnel_resp_pP->status);
return 0; //return 0;
return ret;
} }
int gtpv1u_update_s1u_tunnel( int gtpv1u_update_s1u_tunnel(
...@@ -713,9 +725,15 @@ int gtpv1u_update_s1u_tunnel( ...@@ -713,9 +725,15 @@ int gtpv1u_update_s1u_tunnel(
memcpy(gtpv1u_ue_data_new_p,gtpv1u_ue_data_p,sizeof(gtpv1u_ue_data_t)); memcpy(gtpv1u_ue_data_new_p,gtpv1u_ue_data_p,sizeof(gtpv1u_ue_data_t));
gtpv1u_ue_data_new_p->ue_id = create_tunnel_req_pP->rnti; gtpv1u_ue_data_new_p->ue_id = create_tunnel_req_pP->rnti;
hash_rc = hashtable_insert(RC.gtpv1u_data_g->ue_mapping, create_tunnel_req_pP->rnti, gtpv1u_ue_data_new_p); hash_rc = hashtable_insert(RC.gtpv1u_data_g->ue_mapping, create_tunnel_req_pP->rnti, gtpv1u_ue_data_new_p);
AssertFatal(hash_rc == HASH_TABLE_OK, "Error inserting ue_mapping in GTPV1U hashtable"); //AssertFatal(hash_rc == HASH_TABLE_OK, "Error inserting ue_mapping in GTPV1U hashtable");
if ( hash_rc != HASH_TABLE_OK ) {
LOG_E(GTPU,"Failed to insert ue_mapping(rnti=%x) in GTPV1U hashtable\n",create_tunnel_req_pP->rnti);
return -1;
} else {
LOG_I(GTPU, "inserting ue_mapping(rnti=%x) in GTPV1U hashtable\n", LOG_I(GTPU, "inserting ue_mapping(rnti=%x) in GTPV1U hashtable\n",
create_tunnel_req_pP->rnti); create_tunnel_req_pP->rnti);
}
hash_rc = hashtable_remove(RC.gtpv1u_data_g->ue_mapping, prior_rnti); hash_rc = hashtable_remove(RC.gtpv1u_data_g->ue_mapping, prior_rnti);
LOG_I(GTPU, "hashtable_remove ue_mapping(rnti=%x) in GTPV1U hashtable\n", LOG_I(GTPU, "hashtable_remove ue_mapping(rnti=%x) in GTPV1U hashtable\n",
prior_rnti); prior_rnti);
......
...@@ -378,9 +378,14 @@ NwGtpv1uCreateTunnelEndPoint( NW_IN NwGtpv1uStackT *thiz, ...@@ -378,9 +378,14 @@ NwGtpv1uCreateTunnelEndPoint( NW_IN NwGtpv1uStackT *thiz,
*phStackSession = (NwGtpv1uStackSessionHandleT) pTunnelEndPoint; *phStackSession = (NwGtpv1uStackSessionHandleT) pTunnelEndPoint;
pTunnelEndPoint = RB_FIND(NwGtpv1uTunnelEndPointIdentifierMap, pTunnelEndPoint = RB_FIND(NwGtpv1uTunnelEndPointIdentifierMap,
&(thiz->teidMap), pTunnelEndPoint); &(thiz->teidMap), pTunnelEndPoint);
NW_ASSERT(pTunnelEndPoint); //NW_ASSERT(pTunnelEndPoint);
GTPU_DEBUG("Tunnel end-point 0x%p creation successful for teid 0x%x %u(dec)", if (!pTunnelEndPoint) {
pTunnelEndPoint, (unsigned int)teid, (unsigned int)teid); GTPU_ERROR("Tunnel end-point cannot be NULL");
rc = NW_GTPV1U_FAILURE;
} else {
GTPU_DEBUG("Tunnel end-point 0x%p creation successful for teid 0x%x %u(dec)",
pTunnelEndPoint, (unsigned int)teid, (unsigned int)teid);
}
} }
} else { } else {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment