we've checked the same when unpacking the subheaders but missed the
case where the payload was read beyond the PDU length, as has been
seen with a malformed RAR PDU.
detected with ASAN trying to write negative number of padding bytes.
The patch checks the calculated length and returns with an error
if the length is negative.
=================================================================
==5759==AddressSanitizer: while reporting a bug found another one. Ignoring.
m==5759==ERROR: AddressSanitizer: negative-size-param: (size=-6)
* Reorder DCI FORMAT enum
* Fix endianness issue
* Fix return codes in phy_ue_db
* Log members should be destructed after the layers.
* Add JSON metrics and Events. Add Alarm log channel. Simplify MAC metrics struct.
* Restore metrics_stdout change
the bug causes the BSR to return a bsr_idx of 0, i.e. no data
pending, when the buff_size was reported to be 1 B only.
Instead, the UE should return BSR idx 1, i.e. between 0 < BSR <= 10.
LBSR packing is fine but this makes the eNB do wrong things
because it thinkgs LCG2 has no or too much data to send.
LCG2 is our default LCG for DRB1. One occasion we saw the issue
is doing full rate TCP DL which requires quite a bit of ACK traffic
back to the sender. With the BSR for LCG2 being wrong, providing
UL grants was delayed and so the TCP DL throuhgput was very low.
In the log below we see that the buff_size[2]=1 so there is data to send.
Interestingly, the packing was correct so Wireshark displays it correctly.
But the unpacking not, as can be seen in the MAC log below which reports
0 buffer state for all LCGs
22:08:54.804792 [MAC ] [I] [ 5084] pdu_get: sdu_len=1212, channel.sched_len=1213, bsr.buff_size[2]=1
22:08:54.804840 [MAC ] [I] [ 5084] UL LCID=3 len=1212 LBSR: b=0 0 0 0
this patch refactors the MAC PDU class, the main changes are:
* add to_string() method to pretty print PDU and subheaders
This allows to have a single log entry per MAC PDU with all its
contents.
It removes the C-style fprint() method
* Simplity payload vs. w_payload_ce
Before we've used payload when reading the PDU and w_payload_ce
as a buffer when writing. In all getters we needed to differentiate
between both. Now payload points to w_payload_ce initially and is
only updated when parsing a new PDU.
* add various helpers, e.g. to get subheader index, update a BSR, ..
* fix PDU test to use new to_string() method
simplify logic to check whether a BSR fits and, if so, which type.
before the check has been done in two places.
we now also accomodate for the CE subheader size.
before the BSR was extracted but the actual index (between 0 and 63)
was not stored but directly converted into bytes.
for log parsing and debugging it is easier to follow the index
value. this patch therefore adds both values to the log message
and extends the API accordingly.
Ismael Gomez
Andre Puschmann
Francisco
faluco
Francisco Paisana