From 3e23ddf88b38f9316b61daff6f8f41e57e883a14 Mon Sep 17 00:00:00 2001 From: Jacob Erlbeck Date: Mon, 11 Aug 2014 15:07:37 +0200 Subject: [PATCH] gbproxy: Parse Detach Request messages GSM 24.008 also allows a P-TMSI field in Detach request messages. This patch adds gbprox_parse_gmm_detach_req() to parse Detach Request messages which sets the ptmsi field if the IE is present. In addition, when power_off is set to 1 (MO only), the invalidate_tlli field is set, since Detach Request message is expected in this case. The second detach test (see 'RA update') is modified to use power_off instead of relying on a Detach Accept from the network. To make this work, the PTMSI of the RA Update Accept is fixed to match the TLLI of the Detach Request. Sponsored-by: On-Waves ehf --- openbsc/src/gprs/gb_proxy.c | 47 ++++++++++++++++++++++++--- openbsc/tests/gbproxy/gbproxy_test.c | 28 ++++++++++------ openbsc/tests/gbproxy/gbproxy_test.ok | 44 ++++++++----------------- 3 files changed, 75 insertions(+), 44 deletions(-) diff --git a/openbsc/src/gprs/gb_proxy.c b/openbsc/src/gprs/gb_proxy.c index 64fb55b77..dd7dead2b 100644 --- a/openbsc/src/gprs/gb_proxy.c +++ b/openbsc/src/gprs/gb_proxy.c @@ -959,6 +959,43 @@ static int gbprox_parse_gmm_attach_ack(uint8_t *data, size_t data_len, return 1; } +static int gbprox_parse_gmm_detach_req(uint8_t *data, size_t data_len, + struct gbproxy_parse_context *parse_ctx) +{ + uint8_t *value; + size_t value_len; + int detach_type; + int power_off; + + parse_ctx->llc_msg_name = "DETACH_REQ"; + + /* Skip spare half octet */ + /* Get Detach type */ + if (v_fixed_shift(&data, &data_len, 1, &value) <= 0) + /* invalid */ + return 0; + + detach_type = *value & 0x07; + power_off = *value & 0x08 ? 1 : 0; + + if (!parse_ctx->to_bss) { + /* Mobile originated */ + + if (power_off) + parse_ctx->invalidate_tlli = 1; + + /* Get P-TMSI (Mobile identity), see GSM 24.008, 9.4.5.2 */ + if (tlv_match(&data, &data_len, + GSM48_IE_GMM_ALLOC_PTMSI, &value, &value_len) > 0) + { + if (is_mi_tmsi(value, value_len)) + parse_ctx->ptmsi_enc = value; + } + } + + return 1; +} + static int gbprox_parse_gmm_ra_upd_req(uint8_t *data, size_t data_len, struct gbproxy_parse_context *parse_ctx) { @@ -1157,12 +1194,9 @@ static int gbprox_parse_dtap(uint8_t *data, size_t data_len, case GSM48_MT_GMM_ID_RESP: return gbprox_parse_gmm_id_resp(data, data_len, parse_ctx); - break; case GSM48_MT_GMM_DETACH_REQ: - /* TODO: Check power off if !to_bss, if yes invalidate */ - parse_ctx->llc_msg_name = "DETACH_REQ"; - break; + return gbprox_parse_gmm_detach_req(data, data_len, parse_ctx); case GSM48_MT_GMM_DETACH_ACK: parse_ctx->llc_msg_name = "DETACH_ACK"; @@ -1331,6 +1365,11 @@ static void gbprox_log_parse_context(struct gbproxy_parse_context *parse_ctx, sep, mi_buf); sep = ","; } + if (parse_ctx->invalidate_tlli) { + LOGP(DGPRS, LOGL_DEBUG, "%s invalidate", sep); + sep = ","; + } + LOGP(DGPRS, LOGL_DEBUG, "\n"); } diff --git a/openbsc/tests/gbproxy/gbproxy_test.c b/openbsc/tests/gbproxy/gbproxy_test.c index 5363749c6..27454a2a9 100644 --- a/openbsc/tests/gbproxy/gbproxy_test.c +++ b/openbsc/tests/gbproxy/gbproxy_test.c @@ -221,8 +221,8 @@ static const unsigned char bssgp_ra_upd_acc[91] = { 0x18, 0x00, 0x81, 0x00, 0x0e, 0x9d, 0x41, 0xc0, 0x19, 0x08, 0x09, 0x00, 0x49, 0x21, 0x63, 0x54, 0x40, 0x50, 0x60, 0x19, 0x54, 0xab, 0xb3, 0x18, - 0x05, 0xf4, 0xef, 0xe2, 0x81, 0x17, 0x17, 0x16, - 0xc3, 0xbf, 0xcc + 0x05, 0xf4, 0xef, 0xe2, 0xb7, 0x00, 0x17, 0x16, + 0xd7, 0x59, 0x65 }; /* Base Station Subsystem GPRS Protocol: GSM A-I/F DTAP - Activate PDP Context Request */ @@ -239,7 +239,19 @@ static const unsigned char bssgp_act_pdp_ctx_req[76] = { 0x00, 0x5a, 0xff, 0x02 }; -/* Base Station Subsystem GPRS Protocol: GSM A-I/F DTAP - Detach Request */ +/* Base Station Subsystem GPRS Protocol: GSM A-I/F DTAP - Detach Request (MO) */ +/* normal detach, power_off = 1 */ +static const unsigned char bssgp_detach_po_req[44] = { + 0x01, 0xef, 0xe2, 0xb7, 0x00, 0x00, 0x00, 0x04, + 0x08, 0x88, 0x11, 0x22, 0x33, 0x40, 0x50, 0x60, + 0x75, 0x30, 0x00, 0x80, 0x0e, 0x00, 0x15, 0x01, + 0xc0, 0x19, 0x08, 0x05, 0x09, 0x18, 0x05, 0xf4, + 0xef, 0xe2, 0xb7, 0x00, 0x19, 0x03, 0xb9, 0x97, + 0xcb, 0x84, 0x0c, 0xeb +}; + +/* Base Station Subsystem GPRS Protocol: GSM A-I/F DTAP - Detach Request (MO) */ +/* normal detach, power_off = 0 */ static const unsigned char bssgp_detach_req[44] = { 0x01, 0xef, 0xe2, 0xb7, 0x00, 0x00, 0x00, 0x04, 0x08, 0x88, 0x11, 0x22, 0x33, 0x40, 0x50, 0x60, @@ -1060,13 +1072,9 @@ static void test_gbproxy_ra_patching() dump_peers(stdout, 0, 0, &gbcfg); - /* Detach */ - send_ns_unitdata(nsi, "DETACH REQ", &bss_peer[0], 0x1002, - bssgp_detach_req, sizeof(bssgp_detach_req)); - - send_ns_unitdata(nsi, "DETACH ACC", &sgsn_peer, 0x1002, - bssgp_detach_acc, sizeof(bssgp_detach_acc)); - + /* Detach (power off -> no Detach Accept) */ + send_ns_unitdata(nsi, "DETACH REQ (PWR OFF)", &bss_peer[0], 0x1002, + bssgp_detach_po_req, sizeof(bssgp_detach_po_req)); dump_global(stdout, 0); dump_peers(stdout, 0, 0, &gbcfg); diff --git a/openbsc/tests/gbproxy/gbproxy_test.ok b/openbsc/tests/gbproxy/gbproxy_test.ok index 363a6e9be..28d501660 100644 --- a/openbsc/tests/gbproxy/gbproxy_test.ok +++ b/openbsc/tests/gbproxy/gbproxy_test.ok @@ -1780,14 +1780,14 @@ MESSAGE to SGSN at 0x05060708:32000, msg length 89 result (RA UPD REQ) = 89 PROCESSING RA UPD ACC from 0x05060708:32000 -00 00 10 02 00 bb c5 46 79 00 50 20 16 82 02 58 13 9d 19 13 42 33 57 2b f7 c8 48 02 13 48 50 c8 48 02 14 48 50 c8 48 02 17 49 10 c8 48 02 00 0a 82 07 04 0d 88 11 12 13 14 15 16 17 18 00 81 00 0e 9d 41 c0 19 08 09 00 49 21 63 54 40 50 60 19 54 ab b3 18 05 f4 ef e2 81 17 17 16 c3 bf cc +00 00 10 02 00 bb c5 46 79 00 50 20 16 82 02 58 13 9d 19 13 42 33 57 2b f7 c8 48 02 13 48 50 c8 48 02 14 48 50 c8 48 02 17 49 10 c8 48 02 00 0a 82 07 04 0d 88 11 12 13 14 15 16 17 18 00 81 00 0e 9d 41 c0 19 08 09 00 49 21 63 54 40 50 60 19 54 ab b3 18 05 f4 ef e2 b7 00 17 16 d7 59 65 CALLBACK, event 0, msg length 91, bvci 0x1002 -00 00 10 02 00 bb c5 46 79 00 50 20 16 82 02 58 13 9d 19 13 42 33 57 2b f7 c8 48 02 13 48 50 c8 48 02 14 48 50 c8 48 02 17 49 10 c8 48 02 00 0a 82 07 04 0d 88 11 12 13 14 15 16 17 18 00 81 00 0e 9d 41 c0 19 08 09 00 49 21 63 54 40 50 60 19 54 ab b3 18 05 f4 ef e2 81 17 17 16 c3 bf cc +00 00 10 02 00 bb c5 46 79 00 50 20 16 82 02 58 13 9d 19 13 42 33 57 2b f7 c8 48 02 13 48 50 c8 48 02 14 48 50 c8 48 02 17 49 10 c8 48 02 00 0a 82 07 04 0d 88 11 12 13 14 15 16 17 18 00 81 00 0e 9d 41 c0 19 08 09 00 49 21 63 54 40 50 60 19 54 ab b3 18 05 f4 ef e2 b7 00 17 16 d7 59 65 NS UNITDATA MESSAGE to BSS, BVCI 0x1002, msg length 91 (gprs_ns_sendmsg) MESSAGE to BSS at 0x01020304:1111, msg length 95 -00 00 10 02 00 bb c5 46 79 00 50 20 16 82 02 58 13 9d 19 13 42 33 57 2b f7 c8 48 02 13 48 50 c8 48 02 14 48 50 c8 48 02 17 49 10 c8 48 02 00 0a 82 07 04 0d 88 11 12 13 14 15 16 17 18 00 81 00 0e 9d 41 c0 19 08 09 00 49 11 22 33 40 50 60 19 54 ab b3 18 05 f4 ef e2 81 17 17 16 2e e5 fd +00 00 10 02 00 bb c5 46 79 00 50 20 16 82 02 58 13 9d 19 13 42 33 57 2b f7 c8 48 02 13 48 50 c8 48 02 14 48 50 c8 48 02 17 49 10 c8 48 02 00 0a 82 07 04 0d 88 11 12 13 14 15 16 17 18 00 81 00 0e 9d 41 c0 19 08 09 00 49 11 22 33 40 50 60 19 54 ab b3 18 05 f4 ef e2 b7 00 17 16 3a 03 54 result (RA UPD ACC) = 95 @@ -1809,33 +1809,20 @@ Peers: RAID patched (SGSN): 3 APN patched : 3 Attach Request count : 1 - TLLI cache size : 2 - TLLI-Cache: 2 - TLLI efe2b700, IMSI (none), AGE 0 - TLLI efe28117, IMSI 12131415161718, AGE 0 -PROCESSING DETACH REQ from 0x01020304:1111 -00 00 10 02 01 ef e2 b7 00 00 00 04 08 88 11 22 33 40 50 60 75 30 00 80 0e 00 15 01 c0 19 08 05 01 18 05 f4 ef e2 b7 00 19 03 b9 97 cb 7e e1 41 + TLLI cache size : 1 + TLLI-Cache: 1 + TLLI efe2b700, IMSI 12131415161718, AGE 0 +PROCESSING DETACH REQ (PWR OFF) from 0x01020304:1111 +00 00 10 02 01 ef e2 b7 00 00 00 04 08 88 11 22 33 40 50 60 75 30 00 80 0e 00 15 01 c0 19 08 05 09 18 05 f4 ef e2 b7 00 19 03 b9 97 cb 84 0c eb CALLBACK, event 0, msg length 44, bvci 0x1002 -00 00 10 02 01 ef e2 b7 00 00 00 04 08 88 11 22 33 40 50 60 75 30 00 80 0e 00 15 01 c0 19 08 05 01 18 05 f4 ef e2 b7 00 19 03 b9 97 cb 7e e1 41 +00 00 10 02 01 ef e2 b7 00 00 00 04 08 88 11 22 33 40 50 60 75 30 00 80 0e 00 15 01 c0 19 08 05 09 18 05 f4 ef e2 b7 00 19 03 b9 97 cb 84 0c eb NS UNITDATA MESSAGE to SGSN, BVCI 0x1002, msg length 44 (gprs_ns_sendmsg) MESSAGE to SGSN at 0x05060708:32000, msg length 48 -00 00 10 02 01 ef e2 b7 00 00 00 04 08 88 21 63 54 40 50 60 75 30 00 80 0e 00 15 01 c0 19 08 05 01 18 05 f4 ef e2 b7 00 19 03 b9 97 cb 7e e1 41 +00 00 10 02 01 ef e2 b7 00 00 00 04 08 88 21 63 54 40 50 60 75 30 00 80 0e 00 15 01 c0 19 08 05 09 18 05 f4 ef e2 b7 00 19 03 b9 97 cb 84 0c eb -result (DETACH REQ) = 48 - -PROCESSING DETACH ACC from 0x05060708:32000 -00 00 10 02 00 ef e2 b7 00 00 50 20 16 82 02 58 13 99 18 b3 43 2b 25 96 62 00 60 80 9a c2 c6 62 00 60 80 ba c8 c6 62 00 60 80 00 0a 82 08 02 0d 88 11 12 13 14 15 16 17 18 00 81 00 0e 89 41 c0 15 08 06 00 f7 35 f0 - -CALLBACK, event 0, msg length 67, bvci 0x1002 -00 00 10 02 00 ef e2 b7 00 00 50 20 16 82 02 58 13 99 18 b3 43 2b 25 96 62 00 60 80 9a c2 c6 62 00 60 80 ba c8 c6 62 00 60 80 00 0a 82 08 02 0d 88 11 12 13 14 15 16 17 18 00 81 00 0e 89 41 c0 15 08 06 00 f7 35 f0 - -NS UNITDATA MESSAGE to BSS, BVCI 0x1002, msg length 67 (gprs_ns_sendmsg) -MESSAGE to BSS at 0x01020304:1111, msg length 71 -00 00 10 02 00 ef e2 b7 00 00 50 20 16 82 02 58 13 99 18 b3 43 2b 25 96 62 00 60 80 9a c2 c6 62 00 60 80 ba c8 c6 62 00 60 80 00 0a 82 08 02 0d 88 11 12 13 14 15 16 17 18 00 81 00 0e 89 41 c0 15 08 06 00 f7 35 f0 - -result (DETACH ACC) = 71 +result (DETACH REQ (PWR OFF)) = 48 Gbproxy global: Peers: @@ -1844,9 +1831,7 @@ Peers: RAID patched (SGSN): 3 APN patched : 3 Attach Request count : 1 - TLLI cache size : 1 - TLLI-Cache: 1 - TLLI efe28117, IMSI 12131415161718, AGE 0 + TLLI-Cache: 0 --- Bad cases --- TLLI is already detached, shouldn't patch @@ -1884,10 +1869,9 @@ Peers: RAID patched (SGSN): 3 APN patched : 3 Attach Request count : 1 - TLLI cache size : 2 - TLLI-Cache: 2 + TLLI cache size : 1 + TLLI-Cache: 1 TLLI efe2b700, IMSI (none), AGE 0 - TLLI efe28117, IMSI 12131415161718, AGE 0 Test TLLI info expiry Test TLLI replacement: