gbproxy: Check other tlli_infos for matching TLLI/P-TMSI

Currently it is possible to create serveral entries referring to the same P-TMSI/TLLI by using P-TMSI assigment via Attach Accept or RA Update Accept messages. This can lead to the use of the wrong tlli_info. This patch adds gbproxy_remove_matching_tllis() that removes all conflicting entries. This function is called after the P-TMSIs and the resulting TLLIs has been set up. Sponsored-by: On-Waves ehf
2014-09-16 14:10:27 +02:00 · 2014-09-16 14:10:27 +02:00 · 1a02442f66
parent 04f679be73
commit 1a02442f66
3 changed files with 46 additions and 11 deletions
--- a/openbsc/src/gprs/gb_proxy_tlli.c
+++ b/openbsc/src/gprs/gb_proxy_tlli.c
@ -382,6 +382,43 @@ void gbproxy_assign_imsi(struct gbproxy_peer *peer,
 		tlli_info->enable_patching = enable_patching;
 }

+static int gbproxy_tlli_match(const struct gbproxy_tlli_state *a,
+			      const struct gbproxy_tlli_state *b)
+{
+	if (a->current && a->current == b->current)
+		return 1;
+
+	if (a->assigned && a->assigned == b->assigned)
+		return 1;
+
+	if (a->ptmsi != GSM_RESERVED_TMSI && a->ptmsi == b->ptmsi)
+		return 1;
+
+	return 0;
+}
+
+static void gbproxy_remove_matching_tllis(struct gbproxy_peer *peer,
+					  struct gbproxy_tlli_info *tlli_info)
+{
+	struct gbproxy_tlli_info *info, *nxt;
+	struct gbproxy_patch_state *state = &peer->patch_state;
+
+	/* Make sure that there is no second entry with the same P-TMSI or TLLI */
+	llist_for_each_entry_safe(info, nxt, &state->enabled_tllis, list) {
+		if (info == tlli_info)
+			continue;
+
+		if (!gbproxy_tlli_match(&tlli_info->tlli, &info->tlli) &&
+		    !gbproxy_tlli_match(&tlli_info->sgsn_tlli, &info->sgsn_tlli))
+			continue;
+
+		LOGP(DGPRS, LOGL_INFO,
+		     "Removing TLLI %08x from list (P-TMSI/TLLI re-used)\n",
+		     info->tlli.current);
+		gbproxy_delete_tlli(peer, info);
+	}
+}
+
 struct gbproxy_tlli_info *gbproxy_get_tlli_info_ul(
 	struct gbproxy_peer *peer,
 	struct gprs_gb_parse_context *parse_ctx)
@ -605,6 +642,7 @@ void gbproxy_update_tlli_state_after(
 				      peer, new_sgsn_tlli);
 		gbproxy_reassign_tlli(&tlli_info->tlli,
 				      peer, new_bss_tlli);
+		gbproxy_remove_matching_tllis(peer, tlli_info);
 	}

 	gbproxy_remove_stale_tllis(peer, now);
--- a/openbsc/tests/gbproxy/gbproxy_test.c
+++ b/openbsc/tests/gbproxy/gbproxy_test.c
@ -1833,10 +1833,10 @@ static void test_gbproxy_ptmsi_assignment()
 	tlli_info = gbproxy_find_tlli_by_imsi(peer, imsi2, ARRAY_SIZE(imsi2));
 	OSMO_ASSERT(tlli_info);
 	OSMO_ASSERT(tlli_info->tlli.ptmsi == ptmsi);
-	/* OSMO_ASSERT(!gbproxy_find_tlli_by_imsi(peer, imsi1, ARRAY_SIZE(imsi1))); */
+	OSMO_ASSERT(!gbproxy_find_tlli_by_imsi(peer, imsi1, ARRAY_SIZE(imsi1)));

 	tlli_info2 = gbproxy_find_tlli(peer, local_tlli);
-	/* OSMO_ASSERT(tlli_info == tlli_info2); */
+	OSMO_ASSERT(tlli_info == tlli_info2);
 	OSMO_ASSERT(tlli_info->tlli.assigned == 0);
 	OSMO_ASSERT(tlli_info->tlli.current == local_tlli);
 	OSMO_ASSERT(tlli_info->tlli.ptmsi == ptmsi);
--- a/openbsc/tests/gbproxy/gbproxy_test.ok
+++ b/openbsc/tests/gbproxy/gbproxy_test.ok
@ -1784,10 +1784,9 @@ result (ATTACH ACCEPT) = 92
 Peers:
  NSEI 4096, BVCI 4098, not blocked, RAI 112-332-16464-96
    Attach Request count            : 2
-    TLLI cache size                 : 2
-    TLLI-Cache: 2
+    TLLI cache size                 : 1
+    TLLI-Cache: 1
      TLLI 8000beef/efe2b700 -> 8000beef/efe2b700, IMSI 12199999961718, AGE 0
-      TLLI efe2b700 -> efe2b700, IMSI 12131415161718, AGE 0
 PROCESSING ATTACH COMPLETE from 0x01020304:1111
 00 00 10 02 01 ef e2 b7 00 00 00 04 08 88 11 22 33 40 50 60 12 34 00 80 0e 00 08 01 c0 15 08 03 86 ac 47 

@ -1803,10 +1802,9 @@ result (ATTACH COMPLETE) = 35
 Peers:
  NSEI 4096, BVCI 4098, not blocked, RAI 112-332-16464-96
    Attach Request count            : 2
-    TLLI cache size                 : 2
-    TLLI-Cache: 2
+    TLLI cache size                 : 1
+    TLLI-Cache: 1
      TLLI 8000beef/efe2b700 -> 8000beef/efe2b700, IMSI 12199999961718, AGE 0
-      TLLI efe2b700 -> efe2b700, IMSI 12131415161718, AGE 0
 PROCESSING GMM INFO from 0x05060708:32000
 00 00 10 02 00 ef e2 b7 00 00 50 20 16 82 02 58 13 99 18 b3 43 2b 25 96 62 00 60 80 9a c2 c6 62 00 60 80 ba c8 c6 62 00 60 80 00 0a 82 08 02 0d 88 11 12 99 99 99 16 17 18 00 81 00 0e 88 41 c0 15 08 21 bb c1 c6 

@ -1822,10 +1820,9 @@ result (GMM INFO) = 70
 Peers:
  NSEI 4096, BVCI 4098, not blocked, RAI 112-332-16464-96
    Attach Request count            : 2
-    TLLI cache size                 : 2
-    TLLI-Cache: 2
+    TLLI cache size                 : 1
+    TLLI-Cache: 1
      TLLI efe2b700 -> efe2b700, IMSI 12199999961718, AGE 0
-      TLLI efe2b700 -> efe2b700, IMSI 12131415161718, AGE 0
 Gbproxy global:
 === test_gbproxy_ra_patching ===
 --- Initialise SGSN ---