From d7c923a49fe6efe04d05c120eeab8d0cf83dbca6 Mon Sep 17 00:00:00 2001 From: Jacob Erlbeck Date: Thu, 4 Sep 2014 14:53:30 +0200 Subject: [PATCH] gbproxy: Fix P-TMSI reassignment Currently, a new P-TMSI within an Attach Accept or within an RA Update Request is applied to the TLLI mapping (gbproxy_reassign_tlli) _before_ patching is done. This can lead to inconsistent behaviour when the TLLI validation has not been completed, which is the case when subsequent RA UDP REQ are received. The new TLLI must not be applied to the message itself yet, it should only be considered for following messages. This patch moves the TLLI reassignment to gbproxy_update_tlli_state_after() to fix that. It also separates the implementation of the feature that a new tlli_info can be created when such a message is received from the SGSN. This makes sense, when P-TMSI patching is not active and the tlli_info entry has expired. Sponsored-by: On-Waves ehf --- openbsc/src/gprs/gb_proxy_tlli.c | 39 ++++++++++++-------- openbsc/tests/gbproxy/gbproxy_test.ok | 51 ++++++++++++--------------- 2 files changed, 47 insertions(+), 43 deletions(-) diff --git a/openbsc/src/gprs/gb_proxy_tlli.c b/openbsc/src/gprs/gb_proxy_tlli.c index 4c97f8ab..4ceaea92 100644 --- a/openbsc/src/gprs/gb_proxy_tlli.c +++ b/openbsc/src/gprs/gb_proxy_tlli.c @@ -444,9 +444,7 @@ struct gbproxy_tlli_info *gbproxy_update_tlli_state_dl( /* A new P-TMSI has been signalled in the message, * register new TLLI */ uint32_t new_sgsn_ptmsi; - uint32_t new_sgsn_tlli; uint32_t new_bss_ptmsi; - uint32_t new_bss_tlli = 0; if (!gprs_parse_mi_tmsi(parse_ctx->new_ptmsi_enc, GSM48_TMSI_LEN, &new_sgsn_ptmsi)) { LOGP(DGPRS, LOGL_ERROR, @@ -454,19 +452,11 @@ struct gbproxy_tlli_info *gbproxy_update_tlli_state_dl( parse_ctx->tlli); return tlli_info; } - new_sgsn_tlli = gprs_tmsi2tlli(new_sgsn_ptmsi, TLLI_LOCAL); new_bss_ptmsi = gbproxy_make_bss_ptmsi(peer, new_sgsn_ptmsi); - if (new_bss_ptmsi != GSM_RESERVED_TMSI) - new_bss_tlli = gprs_tmsi2tlli(new_bss_ptmsi, TLLI_LOCAL); - LOGP(DGPRS, LOGL_INFO, - "Got new TLLI(PTMSI) %08x(%08x) from SGSN, using %08x(%08x)\n", - new_sgsn_tlli, new_sgsn_ptmsi, new_bss_tlli, new_bss_ptmsi); - gbproxy_reassign_tlli(&tlli_info->sgsn_tlli, - peer, new_sgsn_tlli); - gbproxy_reassign_tlli(&tlli_info->tlli, - peer, new_bss_tlli); - gbproxy_touch_tlli(peer, tlli_info, now); + LOGP(DGPRS, LOGL_INFO, + "Got new PTMSI %08x from SGSN, using %08x for BSS\n", + new_sgsn_ptmsi, new_bss_ptmsi); /* Setup PTMSIs */ tlli_info->sgsn_tlli.ptmsi = new_sgsn_ptmsi; tlli_info->tlli.ptmsi = new_bss_ptmsi; @@ -553,8 +543,29 @@ void gbproxy_update_tlli_state_after( time_t now, struct gprs_gb_parse_context *parse_ctx) { - if (parse_ctx->invalidate_tlli) + if (parse_ctx->invalidate_tlli) { gbproxy_unregister_tlli(peer, parse_ctx->tlli); + } else if (parse_ctx->to_bss && parse_ctx->tlli_enc && + parse_ctx->new_ptmsi_enc && tlli_info) { + /* A new PTMSI has been signaled in the message, + * register new TLLI */ + uint32_t new_sgsn_ptmsi = tlli_info->sgsn_tlli.ptmsi; + uint32_t new_bss_ptmsi = tlli_info->tlli.ptmsi; + uint32_t new_sgsn_tlli; + uint32_t new_bss_tlli = 0; + + new_sgsn_tlli = gprs_tmsi2tlli(new_sgsn_ptmsi, TLLI_LOCAL); + if (new_bss_ptmsi != GSM_RESERVED_TMSI) + new_bss_tlli = gprs_tmsi2tlli(new_bss_ptmsi, TLLI_LOCAL); + LOGP(DGPRS, LOGL_INFO, + "Assigning new TLLI %08x to SGSN, %08x to BSS\n", + new_sgsn_tlli, new_bss_tlli); + + gbproxy_reassign_tlli(&tlli_info->sgsn_tlli, + peer, new_sgsn_tlli); + gbproxy_reassign_tlli(&tlli_info->tlli, + peer, new_bss_tlli); + } gbproxy_remove_stale_tllis(peer, now); } diff --git a/openbsc/tests/gbproxy/gbproxy_test.ok b/openbsc/tests/gbproxy/gbproxy_test.ok index 8e6770a9..389c68c9 100644 --- a/openbsc/tests/gbproxy/gbproxy_test.ok +++ b/openbsc/tests/gbproxy/gbproxy_test.ok @@ -2276,19 +2276,18 @@ CALLBACK, event 0, msg length 87, bvci 0x1002 NS UNITDATA MESSAGE to BSS, BVCI 0x1002, msg length 87 (gprs_ns_sendmsg) MESSAGE to BSS at 0x01020304:1111, msg length 91 -00 00 10 02 00 e0 98 76 54 00 50 20 16 82 02 58 13 99 18 b3 43 2b 25 96 62 00 60 80 9a c2 c6 62 00 60 80 ba c8 c6 62 00 60 80 00 0a 82 08 02 0d 88 11 12 13 14 15 16 17 18 00 81 00 0e 9d 41 c0 11 08 09 00 49 21 63 54 40 50 60 19 54 ab b3 18 05 f4 e0 54 32 10 17 16 1b a3 a8 +00 00 10 02 00 e6 56 aa 1f 00 50 20 16 82 02 58 13 99 18 b3 43 2b 25 96 62 00 60 80 9a c2 c6 62 00 60 80 ba c8 c6 62 00 60 80 00 0a 82 08 02 0d 88 11 12 13 14 15 16 17 18 00 81 00 0e 9d 41 c0 11 08 09 00 49 11 22 33 40 50 60 19 54 ab b3 18 05 f4 ea d4 77 5a 17 16 31 d5 78 result (RA UDP ACC (P-TMSI 3)) = 91 Peers: NSEI 4096, BVCI 4098, not blocked, RAI 112-332-16464-96 RAID patched (BSS ): 11 - RAID patched (SGSN): 2 + RAID patched (SGSN): 3 APN patched : 1 TLLI patched (BSS ): 8 - TLLI patched (SGSN): 6 - P-TMSI patched (SGSN): 2 - Patch error: other : 1 + TLLI patched (SGSN): 7 + P-TMSI patched (SGSN): 3 Attach Request count : 1 TLLI cache size : 1 TLLI-Cache: 1 @@ -2320,12 +2319,11 @@ result (GMM INFO) = 70 Peers: NSEI 4096, BVCI 4098, not blocked, RAI 112-332-16464-96 RAID patched (BSS ): 12 - RAID patched (SGSN): 2 + RAID patched (SGSN): 3 APN patched : 1 TLLI patched (BSS ): 9 - TLLI patched (SGSN): 7 - P-TMSI patched (SGSN): 2 - Patch error: other : 1 + TLLI patched (SGSN): 8 + P-TMSI patched (SGSN): 3 Attach Request count : 1 TLLI cache size : 1 TLLI-Cache: 1 @@ -2345,12 +2343,11 @@ result (LLC_DISCARDED) = 23 Peers: NSEI 4096, BVCI 4098, not blocked, RAI 112-332-16464-96 RAID patched (BSS ): 12 - RAID patched (SGSN): 2 + RAID patched (SGSN): 3 APN patched : 1 TLLI patched (BSS ): 10 - TLLI patched (SGSN): 7 - P-TMSI patched (SGSN): 2 - Patch error: other : 1 + TLLI patched (SGSN): 8 + P-TMSI patched (SGSN): 3 Attach Request count : 1 TLLI cache size : 1 TLLI-Cache: 1 @@ -2370,12 +2367,11 @@ result (BVC_SUSPEND) = 19 Peers: NSEI 4096, BVCI 4098, not blocked, RAI 112-332-16464-96 RAID patched (BSS ): 13 - RAID patched (SGSN): 2 + RAID patched (SGSN): 3 APN patched : 1 TLLI patched (BSS ): 11 - TLLI patched (SGSN): 7 - P-TMSI patched (SGSN): 2 - Patch error: other : 1 + TLLI patched (SGSN): 8 + P-TMSI patched (SGSN): 3 Attach Request count : 1 TLLI cache size : 1 TLLI-Cache: 1 @@ -2395,12 +2391,11 @@ result (BVC_SUSPEND_ACK) = 22 Peers: NSEI 4096, BVCI 4098, not blocked, RAI 112-332-16464-96 RAID patched (BSS ): 13 - RAID patched (SGSN): 3 + RAID patched (SGSN): 4 APN patched : 1 TLLI patched (BSS ): 11 - TLLI patched (SGSN): 8 - P-TMSI patched (SGSN): 2 - Patch error: other : 1 + TLLI patched (SGSN): 9 + P-TMSI patched (SGSN): 3 Attach Request count : 1 TLLI cache size : 1 TLLI-Cache: 1 @@ -2463,13 +2458,12 @@ result (DETACH REQ) = 48 Peers: NSEI 4096, BVCI 4098, not blocked, RAI 112-332-16464-96 RAID patched (BSS ): 14 - RAID patched (SGSN): 4 + RAID patched (SGSN): 5 APN patched : 1 TLLI patched (BSS ): 13 - TLLI patched (SGSN): 9 + TLLI patched (SGSN): 10 P-TMSI patched (BSS ): 1 - P-TMSI patched (SGSN): 2 - Patch error: other : 1 + P-TMSI patched (SGSN): 3 Attach Request count : 1 TLLI cache size : 1 TLLI-Cache: 1 @@ -2489,13 +2483,12 @@ result (DETACH ACC) = 71 Peers: NSEI 4096, BVCI 4098, not blocked, RAI 112-332-16464-96 RAID patched (BSS ): 14 - RAID patched (SGSN): 4 + RAID patched (SGSN): 5 APN patched : 1 TLLI patched (BSS ): 13 - TLLI patched (SGSN): 10 + TLLI patched (SGSN): 11 P-TMSI patched (BSS ): 1 - P-TMSI patched (SGSN): 2 - Patch error: other : 1 + P-TMSI patched (SGSN): 3 Attach Request count : 1 TLLI-Cache: 0 Gbproxy global: