gbproxy: Reset TLLIs when the link_info is found by IMSI/P-TMSI

Currently when the MS does a re-attach without doing a proper detach
first, the gbproxy uses the old local TLLI if patching and the keep
mode are enabled. This leads to a failing attachment procedure when
TLLI patching is also enabled.

This patch changes gbproxy_update_link_state_ul to reset all TLLIs
within the link_info if the message contains an unknown TLLI and an
MI. This is generally the case with Attach Request messages.

The gbproxy_get_link_info_ul gets an additional tlli_is_valid
output parameter that is set, when a TLLI was present and found.
This flag is then used instead of checking tlli.current == 0 to
set TLLI/P-TMSI e.g. Attach Requests when a link_info was already
present for the P-TMSI/IMSI used in such a request.

Ticket: OW#1324
Sponsored-by: On-Waves ehf

openbsc/src/gprs/gb_proxy_tlli.c

@@ -466,18 +466,28 @@ static void gbproxy_remove_matching_link_infos(
 	}
 }
 
-struct gbproxy_link_info *gbproxy_get_link_info_ul(
+static struct gbproxy_link_info *gbproxy_get_link_info_ul(
 	struct gbproxy_peer *peer,
+	int *tlli_is_valid,
 	struct gprs_gb_parse_context *parse_ctx)
 {
 	struct gbproxy_link_info *link_info = NULL;
 
-	if (parse_ctx->tlli_enc)
+	if (parse_ctx->tlli_enc) {
 		link_info = gbproxy_link_info_by_tlli(peer, parse_ctx->tlli);
 
-	if (!link_info && parse_ctx->imsi)
+		if (link_info) {
+			*tlli_is_valid = 1;
+			return link_info;
+		}
+	}
+
+	*tlli_is_valid = 0;
+
+	if (!link_info && parse_ctx->imsi) {
 		link_info = gbproxy_link_info_by_imsi(
 			peer, parse_ctx->imsi, parse_ctx->imsi_len);
+	}
 
 	if (!link_info && parse_ctx->ptmsi_enc && !parse_ctx->old_raid_is_foreign) {
 		uint32_t bss_ptmsi;
@@ -485,8 +495,10 @@ struct gbproxy_link_info *gbproxy_get_link_info_ul(
 		link_info = gbproxy_link_info_by_ptmsi(peer, bss_ptmsi);
 	}
 
-	if (link_info)
-		link_info->is_deregistered = 0;
+	if (!link_info)
+		return NULL;
+
+	link_info->is_deregistered = 0;
 
 	return link_info;
 }
@@ -497,11 +509,13 @@ struct gbproxy_link_info *gbproxy_update_link_state_ul(
 	struct gprs_gb_parse_context *parse_ctx)
 {
 	struct gbproxy_link_info *link_info;
+	int tlli_is_valid;
 
-	link_info = gbproxy_get_link_info_ul(peer, parse_ctx);
+	link_info = gbproxy_get_link_info_ul(peer, &tlli_is_valid, parse_ctx);
 
 	if (parse_ctx->tlli_enc && parse_ctx->llc) {
 		uint32_t sgsn_tlli;
+
 		if (!link_info) {
 			LOGP(DGPRS, LOGL_INFO, "Adding TLLI %08x to list\n",
 			    parse_ctx->tlli);
@@ -513,12 +527,14 @@ struct gbproxy_link_info *gbproxy_update_link_state_ul(
 							   parse_ctx->tlli);
 			link_info->sgsn_tlli.current = sgsn_tlli;
 			link_info->tlli.current = parse_ctx->tlli;
-		} else if (!link_info->tlli.current) {
+		} else if (!tlli_is_valid) {
 			/* New TLLI (info found by IMSI or P-TMSI) */
 			link_info->tlli.current = parse_ctx->tlli;
+			link_info->tlli.assigned = 0;
 			link_info->sgsn_tlli.current =
 				gbproxy_make_sgsn_tlli(peer, link_info,
 						       parse_ctx->tlli);
+			link_info->sgsn_tlli.assigned = 0;
 			gbproxy_touch_link_info(peer, link_info, now);
 		} else {
 			sgsn_tlli = gbproxy_map_tlli(parse_ctx->tlli, link_info, 0);

openbsc/tests/gbproxy/gbproxy_test.c

@@ -4116,16 +4116,12 @@ static void test_gbproxy_keep_info()
 
 	link_info2 = gbproxy_link_info_by_imsi(peer, imsi, sizeof(imsi));
 	link_info = gbproxy_link_info_by_tlli(peer, foreign_tlli);
-	/* FIXME: The gbproxy still uses local_tlli instead of foreign_tlli.
-	 * Uncomment the assertions below and remove the
-	 * gbproxy_link_info_by_tlli line below when this is fixed. */
-	/* OSMO_ASSERT(link_info); */
-	link_info = gbproxy_link_info_by_tlli(peer, local_tlli);
+	OSMO_ASSERT(link_info);
 	OSMO_ASSERT(link_info == link_info2);
 	OSMO_ASSERT(link_info->imsi_len != 0);
 	OSMO_ASSERT(!link_info->is_deregistered);
 	OSMO_ASSERT(!link_info->imsi_acq_pending);
-	/* OSMO_ASSERT(link_info->sgsn_tlli.current == foreign_tlli); */
+	OSMO_ASSERT(link_info->sgsn_tlli.current == foreign_tlli);
 	OSMO_ASSERT(link_info->sgsn_tlli.assigned == 0);
 
 	send_llc_dl_ui(nsi, "ATTACH ACCEPT", &sgsn_peer, 0x1002,
@@ -4231,16 +4227,12 @@ static void test_gbproxy_keep_info()
 
 	link_info2 = gbproxy_link_info_by_imsi(peer, imsi, sizeof(imsi));
 	link_info = gbproxy_link_info_by_tlli(peer, foreign_tlli);
-	/* FIXME: The gbproxy still uses local_tlli instead of foreign_tlli.
-	 * Uncomment the assertions below and remove the
-	 * gbproxy_link_info_by_tlli line below when this is fixed. */
-	/* OSMO_ASSERT(link_info); */
-	link_info = gbproxy_link_info_by_tlli(peer, local_tlli);
+	OSMO_ASSERT(link_info);
 	OSMO_ASSERT(link_info == link_info2);
 	OSMO_ASSERT(link_info->imsi_len != 0);
 	OSMO_ASSERT(!link_info->is_deregistered);
 	OSMO_ASSERT(!link_info->imsi_acq_pending);
-	/* OSMO_ASSERT(link_info->sgsn_tlli.current == foreign_tlli); */
+	OSMO_ASSERT(link_info->sgsn_tlli.current == foreign_tlli);
 	OSMO_ASSERT(link_info->sgsn_tlli.assigned == 0);
 
 	send_llc_dl_ui(nsi, "ATTACH ACCEPT", &sgsn_peer, 0x1002,

openbsc/tests/gbproxy/gbproxy_test.ok

@@ -6040,7 +6040,7 @@ Peers:
     Attach Request count            : 9
     TLLI cache size                 : 1
     TLLI-Cache: 1
-      TLLI efe2b700 -> efe2b700, IMSI 12131415161718, AGE 0
+      TLLI afe2b700 -> afe2b700, IMSI 12131415161718, AGE 0
 PROCESSING ATTACH ACCEPT from 0x05060708:32000
 00 00 10 02 00 af e2 b7 00 00 50 20 16 82 02 58 13 99 18 b3 43 2b 25 96 62 00 60 80 9a c2 c6 62 00 60 80 ba c8 c6 62 00 60 80 00 0a 82 08 02 0d 88 11 12 13 14 15 16 17 18 00 81 00 0e 9e 41 c0 49 08 02 01 49 04 21 63 54 40 50 60 19 cd d7 08 17 16 18 05 f4 ef e2 b7 00 83 01 10 
 
@@ -6202,7 +6202,7 @@ Peers:
     Attach Request count            : 11
     TLLI cache size                 : 1
     TLLI-Cache: 1
-      TLLI efe2b700 -> efe2b700, IMSI 12131415161718, AGE 0
+      TLLI afe2b700 -> afe2b700, IMSI 12131415161718, AGE 0
 PROCESSING ATTACH ACCEPT from 0x05060708:32000
 00 00 10 02 00 af e2 b7 00 00 50 20 16 82 02 58 13 99 18 b3 43 2b 25 96 62 00 60 80 9a c2 c6 62 00 60 80 ba c8 c6 62 00 60 80 00 0a 82 08 02 0d 88 11 12 13 14 15 16 17 18 00 81 00 0e 9e 41 c0 59 08 02 01 49 04 21 63 54 40 50 60 19 cd d7 08 17 16 18 05 f4 ef e2 b7 00 b9 a3 b0