gbproxy: Fix P-TMSI generation for repeated Attach Accept messages
Currently, when P-TMSI patching is enabled, a new BSS P-TMSI is generated for each Attach Accept. So two duplicated, subsequent Attach Accept messages will be mapped to different BSS side P-TMSI. Because the last one will replace former ones in the link_info struct, the MS will fail to access the SGSN if it uses the former P-TMSI to derive the new TLLI. This patch checks the SGSN P-TMSI already assigned to the link_info and only generates a new BSS P-TMSI on mismatch (or if the BSS P-TMSI hasn't been set yet). Ticket: OW#1322 Sponsored-by: On-Waves ehf
This commit is contained in:
Jacob Erlbeck
Holger Hans Peter Freyther
parent
e99c333d61
commit
91e9f555b6
|
|
@ -557,9 +557,14 @@ struct gbproxy_link_info *gbproxy_update_link_state_dl(
|
|||
/* A new P-TMSI has been signalled in the message,
|
||||
* register new TLLI */
|
||||
uint32_t new_sgsn_ptmsi;
|
||||
uint32_t new_bss_ptmsi;
|
||||
uint32_t new_bss_ptmsi = GSM_RESERVED_TMSI;
|
||||
gprs_parse_tmsi(parse_ctx->new_ptmsi_enc, &new_sgsn_ptmsi);
|
||||
new_bss_ptmsi = gbproxy_make_bss_ptmsi(peer, new_sgsn_ptmsi);
|
||||
|
||||
if (link_info->sgsn_tlli.ptmsi == new_sgsn_ptmsi)
|
||||
new_bss_ptmsi = link_info->tlli.ptmsi;
|
||||
|
||||
if (new_bss_ptmsi == GSM_RESERVED_TMSI)
|
||||
new_bss_ptmsi = gbproxy_make_bss_ptmsi(peer, new_sgsn_ptmsi);
|
||||
|
||||
LOGP(DGPRS, LOGL_INFO,
|
||||
"Got new PTMSI %08x from SGSN, using %08x for BSS\n",
|
||||
|
|
|
|||
|
|
@ -2530,11 +2530,11 @@ static void test_gbproxy_ptmsi_patching_bad_cases()
|
|||
|
||||
link_info = gbproxy_link_info_by_sgsn_tlli(peer, random_sgsn_tlli, SGSN_NSEI);
|
||||
OSMO_ASSERT(link_info);
|
||||
/* OSMO_ASSERT(link_info->tlli.assigned == local_bss_tlli); */
|
||||
OSMO_ASSERT(link_info->tlli.assigned == local_bss_tlli);
|
||||
OSMO_ASSERT(link_info->tlli.current == foreign_bss_tlli);
|
||||
OSMO_ASSERT(!link_info->tlli.bss_validated);
|
||||
OSMO_ASSERT(!link_info->tlli.net_validated);
|
||||
/* OSMO_ASSERT(link_info->tlli.ptmsi == bss_ptmsi); */
|
||||
OSMO_ASSERT(link_info->tlli.ptmsi == bss_ptmsi);
|
||||
OSMO_ASSERT(link_info->sgsn_tlli.assigned == local_sgsn_tlli);
|
||||
OSMO_ASSERT(link_info->sgsn_tlli.current == random_sgsn_tlli);
|
||||
OSMO_ASSERT(!link_info->sgsn_tlli.bss_validated);
|
||||
|
|
@ -2550,13 +2550,13 @@ static void test_gbproxy_ptmsi_patching_bad_cases()
|
|||
|
||||
link_info = gbproxy_link_info_by_sgsn_tlli(peer, local_sgsn_tlli, SGSN_NSEI);
|
||||
OSMO_ASSERT(link_info);
|
||||
/* OSMO_ASSERT(link_info->tlli.assigned == local_bss_tlli); */
|
||||
OSMO_ASSERT(link_info->tlli.assigned == local_bss_tlli);
|
||||
OSMO_ASSERT(link_info->tlli.current == foreign_bss_tlli);
|
||||
/* OSMO_ASSERT(link_info->tlli.bss_validated); */
|
||||
OSMO_ASSERT(link_info->tlli.bss_validated);
|
||||
OSMO_ASSERT(!link_info->tlli.net_validated);
|
||||
OSMO_ASSERT(link_info->sgsn_tlli.assigned == local_sgsn_tlli);
|
||||
OSMO_ASSERT(link_info->sgsn_tlli.current == random_sgsn_tlli);
|
||||
/* OSMO_ASSERT(link_info->sgsn_tlli.bss_validated); */
|
||||
OSMO_ASSERT(link_info->sgsn_tlli.bss_validated);
|
||||
OSMO_ASSERT(!link_info->sgsn_tlli.net_validated);
|
||||
|
||||
send_llc_dl_ui(nsi, "GMM INFO", &sgsn_peer, 0x1002,
|
||||
|
|
@ -2568,10 +2568,10 @@ static void test_gbproxy_ptmsi_patching_bad_cases()
|
|||
|
||||
link_info = gbproxy_link_info_by_sgsn_tlli(peer, local_sgsn_tlli, SGSN_NSEI);
|
||||
OSMO_ASSERT(link_info);
|
||||
/* OSMO_ASSERT(link_info->tlli.current == local_bss_tlli); */
|
||||
/* OSMO_ASSERT(link_info->tlli.assigned == 0); */
|
||||
/* OSMO_ASSERT(link_info->sgsn_tlli.current == local_sgsn_tlli); */
|
||||
/* OSMO_ASSERT(link_info->sgsn_tlli.assigned == 0); */
|
||||
OSMO_ASSERT(link_info->tlli.current == local_bss_tlli);
|
||||
OSMO_ASSERT(link_info->tlli.assigned == 0);
|
||||
OSMO_ASSERT(link_info->sgsn_tlli.current == local_sgsn_tlli);
|
||||
OSMO_ASSERT(link_info->sgsn_tlli.assigned == 0);
|
||||
|
||||
/* Detach */
|
||||
send_llc_ul_ui(nsi, "DETACH REQ", &bss_peer[0], 0x1002,
|
||||
|
|
|
|||
|
|
@ -3084,7 +3084,7 @@ CALLBACK, event 0, msg length 88, bvci 0x1002
|
|||
|
||||
NS UNITDATA MESSAGE to BSS, BVCI 0x1002, msg length 88 (gprs_ns_sendmsg)
|
||||
MESSAGE to BSS at 0x01020304:1111, msg length 92
|
||||
00 00 10 02 00 80 00 de ad 00 50 20 16 82 02 58 13 99 18 b3 43 2b 25 96 62 00 60 80 9a c2 c6 62 00 60 80 ba c8 c6 62 00 60 80 00 0a 82 08 02 0d 88 11 12 13 14 15 16 17 18 00 81 00 0e 9e 41 c0 09 08 02 01 49 04 11 22 33 40 50 60 19 cd d7 08 17 16 18 05 f4 e6 56 aa 1f ab 9a 97
|
||||
00 00 10 02 00 80 00 de ad 00 50 20 16 82 02 58 13 99 18 b3 43 2b 25 96 62 00 60 80 9a c2 c6 62 00 60 80 ba c8 c6 62 00 60 80 00 0a 82 08 02 0d 88 11 12 13 14 15 16 17 18 00 81 00 0e 9e 41 c0 09 08 02 01 49 04 11 22 33 40 50 60 19 cd d7 08 17 16 18 05 f4 c0 0f 73 04 1e de 42
|
||||
|
||||
result (ATTACH ACCEPT (duplicated)) = 92
|
||||
|
||||
|
|
@ -3098,7 +3098,7 @@ Peers:
|
|||
Attach Request count : 1
|
||||
TLLI cache size : 1
|
||||
TLLI-Cache: 1
|
||||
TLLI 8000dead/e656aa1f -> 7c69fb81/efe2b700, IMSI 12131415161718, AGE 0
|
||||
TLLI 8000dead/c00f7304 -> 7c69fb81/efe2b700, IMSI 12131415161718, AGE 0
|
||||
PROCESSING ATTACH COMPLETE from 0x01020304:1111
|
||||
00 00 10 02 01 c0 0f 73 04 00 00 04 08 88 11 22 33 40 50 60 12 34 00 80 0e 00 08 01 c0 09 08 03 39 d7 bc
|
||||
|
||||
|
|
@ -3107,7 +3107,7 @@ CALLBACK, event 0, msg length 31, bvci 0x1002
|
|||
|
||||
NS UNITDATA MESSAGE to SGSN, BVCI 0x1002, msg length 31 (gprs_ns_sendmsg)
|
||||
MESSAGE to SGSN at 0x05060708:32000, msg length 35
|
||||
00 00 10 02 01 7e b5 2d fb 00 00 04 08 88 21 63 54 40 50 60 12 34 00 80 0e 00 08 01 c0 09 08 03 39 d7 bc
|
||||
00 00 10 02 01 ef e2 b7 00 00 00 04 08 88 21 63 54 40 50 60 12 34 00 80 0e 00 08 01 c0 09 08 03 39 d7 bc
|
||||
|
||||
result (ATTACH COMPLETE) = 35
|
||||
|
||||
|
|
@ -3119,10 +3119,9 @@ Peers:
|
|||
TLLI patched (SGSN): 3
|
||||
P-TMSI patched (SGSN): 2
|
||||
Attach Request count : 1
|
||||
TLLI cache size : 2
|
||||
TLLI-Cache: 2
|
||||
TLLI c00f7304 -> 7eb52dfb, IMSI (none), AGE 0
|
||||
TLLI 8000dead/e656aa1f -> 7c69fb81/efe2b700, IMSI 12131415161718, AGE 0
|
||||
TLLI cache size : 1
|
||||
TLLI-Cache: 1
|
||||
TLLI 8000dead/c00f7304 -> 7c69fb81/efe2b700, IMSI 12131415161718, AGE 0
|
||||
PROCESSING GMM INFO from 0x05060708:32000
|
||||
00 00 10 02 00 ef e2 b7 00 00 50 20 16 82 02 58 13 99 18 b3 43 2b 25 96 62 00 60 80 9a c2 c6 62 00 60 80 ba c8 c6 62 00 60 80 00 0a 82 08 02 0d 88 11 12 13 14 15 16 17 18 00 81 00 0e 88 41 c0 0d 08 21 68 71 6b
|
||||
|
||||
|
|
@ -3131,7 +3130,7 @@ CALLBACK, event 0, msg length 66, bvci 0x1002
|
|||
|
||||
NS UNITDATA MESSAGE to BSS, BVCI 0x1002, msg length 66 (gprs_ns_sendmsg)
|
||||
MESSAGE to BSS at 0x01020304:1111, msg length 70
|
||||
00 00 10 02 00 e6 56 aa 1f 00 50 20 16 82 02 58 13 99 18 b3 43 2b 25 96 62 00 60 80 9a c2 c6 62 00 60 80 ba c8 c6 62 00 60 80 00 0a 82 08 02 0d 88 11 12 13 14 15 16 17 18 00 81 00 0e 88 41 c0 0d 08 21 68 71 6b
|
||||
00 00 10 02 00 c0 0f 73 04 00 50 20 16 82 02 58 13 99 18 b3 43 2b 25 96 62 00 60 80 9a c2 c6 62 00 60 80 ba c8 c6 62 00 60 80 00 0a 82 08 02 0d 88 11 12 13 14 15 16 17 18 00 81 00 0e 88 41 c0 0d 08 21 68 71 6b
|
||||
|
||||
result (GMM INFO) = 70
|
||||
|
||||
|
|
@ -3143,10 +3142,9 @@ Peers:
|
|||
TLLI patched (SGSN): 4
|
||||
P-TMSI patched (SGSN): 2
|
||||
Attach Request count : 1
|
||||
TLLI cache size : 2
|
||||
TLLI-Cache: 2
|
||||
TLLI 8000dead/e656aa1f -> 7c69fb81/efe2b700, IMSI 12131415161718, AGE 0
|
||||
TLLI c00f7304 -> 7eb52dfb, IMSI (none), AGE 0
|
||||
TLLI cache size : 1
|
||||
TLLI-Cache: 1
|
||||
TLLI c00f7304 -> efe2b700, IMSI 12131415161718, AGE 0
|
||||
PROCESSING DETACH REQ from 0x01020304:1111
|
||||
00 00 10 02 01 c0 0f 73 04 00 00 04 08 88 11 22 33 40 50 60 12 34 00 80 0e 00 15 01 c0 0d 08 05 01 18 05 f4 ef e2 b7 00 19 03 b9 97 cb 37 67 c6
|
||||
|
||||
|
|
@ -3155,7 +3153,7 @@ CALLBACK, event 0, msg length 44, bvci 0x1002
|
|||
|
||||
NS UNITDATA MESSAGE to SGSN, BVCI 0x1002, msg length 44 (gprs_ns_sendmsg)
|
||||
MESSAGE to SGSN at 0x05060708:32000, msg length 48
|
||||
00 00 10 02 01 7e b5 2d fb 00 00 04 08 88 21 63 54 40 50 60 12 34 00 80 0e 00 15 01 c0 0d 08 05 01 18 05 f4 ef e2 b7 00 19 03 b9 97 cb 37 67 c6
|
||||
00 00 10 02 01 ef e2 b7 00 00 00 04 08 88 21 63 54 40 50 60 12 34 00 80 0e 00 15 01 c0 0d 08 05 01 18 05 f4 ef e2 b7 00 19 03 b9 97 cb 37 67 c6
|
||||
|
||||
result (DETACH REQ) = 48
|
||||
|
||||
|
|
@ -3167,10 +3165,9 @@ Peers:
|
|||
TLLI patched (SGSN): 4
|
||||
P-TMSI patched (SGSN): 2
|
||||
Attach Request count : 1
|
||||
TLLI cache size : 2
|
||||
TLLI-Cache: 2
|
||||
TLLI c00f7304 -> 7eb52dfb, IMSI (none), AGE 0
|
||||
TLLI 8000dead/e656aa1f -> 7c69fb81/efe2b700, IMSI 12131415161718, AGE 0
|
||||
TLLI cache size : 1
|
||||
TLLI-Cache: 1
|
||||
TLLI c00f7304 -> efe2b700, IMSI 12131415161718, AGE 0
|
||||
PROCESSING DETACH ACC from 0x05060708:32000
|
||||
00 00 10 02 00 ef e2 b7 00 00 50 20 16 82 02 58 13 99 18 b3 43 2b 25 96 62 00 60 80 9a c2 c6 62 00 60 80 ba c8 c6 62 00 60 80 00 0a 82 08 02 0d 88 11 12 13 14 15 16 17 18 00 81 00 0e 89 41 c0 11 08 06 00 cf 8a 58
|
||||
|
||||
|
|
@ -3179,7 +3176,7 @@ CALLBACK, event 0, msg length 67, bvci 0x1002
|
|||
|
||||
NS UNITDATA MESSAGE to BSS, BVCI 0x1002, msg length 67 (gprs_ns_sendmsg)
|
||||
MESSAGE to BSS at 0x01020304:1111, msg length 71
|
||||
00 00 10 02 00 e6 56 aa 1f 00 50 20 16 82 02 58 13 99 18 b3 43 2b 25 96 62 00 60 80 9a c2 c6 62 00 60 80 ba c8 c6 62 00 60 80 00 0a 82 08 02 0d 88 11 12 13 14 15 16 17 18 00 81 00 0e 89 41 c0 11 08 06 00 cf 8a 58
|
||||
00 00 10 02 00 c0 0f 73 04 00 50 20 16 82 02 58 13 99 18 b3 43 2b 25 96 62 00 60 80 9a c2 c6 62 00 60 80 ba c8 c6 62 00 60 80 00 0a 82 08 02 0d 88 11 12 13 14 15 16 17 18 00 81 00 0e 89 41 c0 11 08 06 00 cf 8a 58
|
||||
|
||||
result (DETACH ACC) = 71
|
||||
|
||||
|
|
@ -3191,9 +3188,7 @@ Peers:
|
|||
TLLI patched (SGSN): 5
|
||||
P-TMSI patched (SGSN): 2
|
||||
Attach Request count : 1
|
||||
TLLI cache size : 1
|
||||
TLLI-Cache: 1
|
||||
TLLI c00f7304 -> 7eb52dfb, IMSI (none), AGE 0
|
||||
TLLI-Cache: 0
|
||||
Gbproxy global:
|
||||
=== test_gbproxy_imsi_acquisition ===
|
||||
--- Initialise SGSN ---
|
||||
|
|
|
|||
Loading…
Reference in New Issue