TLLI 0x00000000 is a valid TLLI, use 0xffffffff instead

The assumption that TLLI 0x00000000 is invalid and can be used
as the initializer is wrong.  Similar to TMSI, 0x00000000 is a
perfectly valid value, while 0xffffffff is reserved - use it.

According to 3GPP TS 23.003, section 2.4, a TMSI/P-TMSI with
all 32 bits equal to 1 is special and shall not be allocated by
the network.  The reason is that it must be stored on the SIM,
where 'ff'O represents the erased state.  According to section
2.6 of the same document, a local/foreign TLLI is derived from
P-TMSI, so the same rule applies to TLLI.

I manually checked and corrected all occurances of 'tlli' in the
code.  The test expectations have been adjusted with this command:

  $ find tests/ -name "*.err" | xargs sed -i "s/0x00000000/0xffffffff/g"

so there should be no behavior change.  The only exception is
the 'TypesTest', where TLLI 0xffffffff is being encoded and
expected in the hexdump, so I regenerated the test output.

Change-Id: Ie89fab75ecc1d8b5e238d3ff214ea7ac830b68b5
Related: OS#4844

src/bts.h

@@ -29,6 +29,7 @@ extern "C" {
 #include <osmocom/core/tdef.h>
 #include <osmocom/gsm/l1sap.h>
 #include <osmocom/gsm/protocol/gsm_04_08.h>
+#include <osmocom/gsm/gsm48.h>
 #include "mslot_class.h"
 #include "gsm_rlcmac.h"
 }
@@ -340,7 +341,7 @@ public:
 	void set_max_mcs_ul(uint8_t mcs_ul);
 
 	GprsMsStorage &ms_store();
-	GprsMs *ms_by_tlli(uint32_t tlli, uint32_t old_tlli = 0);
+	GprsMs *ms_by_tlli(uint32_t tlli, uint32_t old_tlli = GSM_RESERVED_TMSI);
 	GprsMs *ms_by_imsi(const char *imsi);
 	GprsMs *ms_alloc(uint8_t ms_class, uint8_t egprs_ms_class = 0);
 

src/gprs_bssgp_pcu.cpp

@@ -32,6 +32,7 @@ extern "C" {
 	#include <osmocom/gsm/protocol/gsm_23_003.h>
 	#include <osmocom/gprs/protocol/gsm_08_16.h>
 	#include <osmocom/core/utils.h>
+	#include <osmocom/gsm/gsm48.h>
 	#include "coding_scheme.h"
 }
 
@@ -84,7 +85,7 @@ static int gprs_bssgp_pcu_rx_dl_ud(struct msgb *msg, struct tlv_parsed *tp)
 	struct bssgp_ud_hdr *budh;
 
 	uint32_t tlli;
-	uint32_t tlli_old = 0;
+	uint32_t tlli_old = GSM_RESERVED_TMSI;
 	uint8_t *data;
 	uint16_t len;
 	uint8_t ms_class = 0;

src/gprs_ms.cpp

@@ -34,6 +34,7 @@ extern "C" {
 	#include <osmocom/core/utils.h>
 	#include <osmocom/core/timer.h>
 	#include <osmocom/gsm/protocol/gsm_04_08.h>
+	#include <osmocom/gsm/gsm48.h>
 	#include <osmocom/core/logging.h>
 	#include "coding_scheme.h"
 }
@@ -97,8 +98,8 @@ GprsMs::GprsMs(BTS *bts, uint32_t tlli) :
 	m_ul_tbf(NULL),
 	m_dl_tbf(NULL),
 	m_tlli(tlli),
-	m_new_ul_tlli(0),
-	m_new_dl_tlli(0),
+	m_new_ul_tlli(GSM_RESERVED_TMSI),
+	m_new_dl_tlli(GSM_RESERVED_TMSI),
 	m_ta(GSM48_TA_INVALID),
 	m_ms_class(0),
 	m_egprs_ms_class(0),
@@ -369,9 +370,9 @@ void GprsMs::reset()
 
 	stop_timer();
 
-	m_tlli = 0;
-	m_new_dl_tlli = 0;
-	m_new_ul_tlli = 0;
+	m_tlli = GSM_RESERVED_TMSI;
+	m_new_dl_tlli = m_tlli;
+	m_new_ul_tlli = m_tlli;
 	m_imsi[0] = '\0';
 }
 
@@ -429,8 +430,8 @@ void GprsMs::set_tlli(uint32_t tlli)
 		m_tlli, tlli);
 
 	m_tlli = tlli;
-	m_new_dl_tlli = 0;
-	m_new_ul_tlli = 0;
+	m_new_dl_tlli = GSM_RESERVED_TMSI;
+	m_new_ul_tlli = GSM_RESERVED_TMSI;
 }
 
 bool GprsMs::confirm_tlli(uint32_t tlli)
@@ -455,8 +456,8 @@ bool GprsMs::confirm_tlli(uint32_t tlli)
 		"Modifying MS object, TLLI: 0x%08x confirmed\n", tlli);
 
 	m_tlli = tlli;
-	m_new_dl_tlli = 0;
-	m_new_ul_tlli = 0;
+	m_new_dl_tlli = GSM_RESERVED_TMSI;
+	m_new_ul_tlli = GSM_RESERVED_TMSI;
 
 	return true;
 }

src/gprs_ms.h

@@ -34,6 +34,7 @@ extern "C" {
 	#include <osmocom/core/linuxlist.h>
 
 	#include <osmocom/gsm/protocol/gsm_23_003.h>
+	#include <osmocom/gsm/gsm48.h>
 
 	#include "coding_scheme.h"
 }
@@ -209,14 +210,17 @@ inline bool GprsMs::need_dl_tbf() const
 
 inline uint32_t GprsMs::tlli() const
 {
-	return m_new_ul_tlli ? m_new_ul_tlli :
-	       m_tlli        ? m_tlli :
-			       m_new_dl_tlli;
+	if (m_new_ul_tlli != GSM_RESERVED_TMSI)
+		return m_new_ul_tlli;
+	if (m_tlli != GSM_RESERVED_TMSI)
+		return m_tlli;
+
+	return m_new_dl_tlli;
 }
 
 inline bool GprsMs::check_tlli(uint32_t tlli)
 {
-	return tlli != 0 &&
+	return tlli != GSM_RESERVED_TMSI &&
 		(tlli == m_tlli || tlli == m_new_ul_tlli || tlli == m_new_dl_tlli);
 }
 

src/gprs_ms_storage.cpp

@@ -26,6 +26,7 @@
 
 extern "C" {
 	#include <osmocom/core/linuxlist.h>
+	#include <osmocom/gsm/gsm48.h>
 }
 
 #define GPRS_UNDEFINED_IMSI "000"
@@ -70,7 +71,7 @@ GprsMs *GprsMsStorage::get_ms(uint32_t tlli, uint32_t old_tlli, const char *imsi
 	GprsMs *ms;
 	LListHead<GprsMs> *pos;
 
-	if (tlli || old_tlli) {
+	if (tlli != GSM_RESERVED_TMSI || old_tlli != GSM_RESERVED_TMSI) {
 		llist_for_each(pos, &m_list) {
 			ms = pos->entry();
 			if (ms->check_tlli(tlli))
@@ -97,7 +98,7 @@ GprsMs *GprsMsStorage::create_ms()
 {
 	GprsMs *ms;
 
-	ms = new GprsMs(m_bts, 0);
+	ms = new GprsMs(m_bts, GSM_RESERVED_TMSI);
 
 	ms->set_callback(this);
 	llist_add(&ms->list(), &m_list);

src/gprs_ms_storage.h

@@ -38,7 +38,7 @@ public:
 	virtual void ms_idle(class GprsMs *);
 	virtual void ms_active(class GprsMs *);
 
-	GprsMs *get_ms(uint32_t tlli, uint32_t old_tlli = 0, const char *imsi = NULL) const;
+	GprsMs *get_ms(uint32_t tlli, uint32_t old_tlli = GSM_RESERVED_TMSI, const char *imsi = NULL) const;
 	GprsMs *create_ms();
 
 	const LListHead<GprsMs>& ms_list() const {return m_list;}

src/tbf.cpp

@@ -171,7 +171,7 @@ gprs_rlcmac_bts *gprs_rlcmac_tbf::bts_data() const
 
 uint32_t gprs_rlcmac_tbf::tlli() const
 {
-	return m_ms ? m_ms->tlli() : 0;
+	return m_ms ? m_ms->tlli() : GSM_RESERVED_TMSI;
 }
 
 const char *gprs_rlcmac_tbf::imsi() const
@@ -240,7 +240,7 @@ void gprs_rlcmac_tbf::set_ms(GprsMs *ms)
 
 void gprs_rlcmac_tbf::update_ms(uint32_t tlli, enum gprs_rlcmac_tbf_direction dir)
 {
-	if (!tlli)
+	if (tlli == GSM_RESERVED_TMSI)
 		return;
 
 	/* TODO: When the TLLI does not match the ms, check if there is another

src/tbf.h

@@ -34,6 +34,7 @@ extern "C" {
 #include <osmocom/core/linuxlist.h>
 #include <osmocom/core/logging.h>
 #include <osmocom/core/timer.h>
+#include <osmocom/gsm/gsm48.h>
 
 #include "coding_scheme.h"
 }
@@ -535,7 +536,7 @@ inline GprsMs *gprs_rlcmac_tbf::ms() const
 
 inline bool gprs_rlcmac_tbf::is_tlli_valid() const
 {
-	return tlli() != 0;
+	return tlli() != GSM_RESERVED_TMSI;
 }
 
 inline bool gprs_rlcmac_tbf::is_tfi_assigned() const

src/tbf_ul.cpp

@@ -359,7 +359,7 @@ int gprs_rlcmac_ul_tbf::rcv_data_block_acknowledged(
 	if (ms())
 		ms()->update_l1_meas(meas);
 
-	uint32_t new_tlli = 0;
+	uint32_t new_tlli = GSM_RESERVED_TMSI;
 	unsigned int block_idx;
 
 	/* restart T3169 */
@@ -448,9 +448,10 @@ int gprs_rlcmac_ul_tbf::rcv_data_block_acknowledged(
 				continue;
 			}
 			if (!this->is_tlli_valid()) {
-				if (!new_tlli) {
+				if (new_tlli == GSM_RESERVED_TMSI) {
 					LOGPTBFUL(this, LOGL_NOTICE,
-						  "TLLI = 0 within UL DATA.\n");
+						  "TLLI is 0x%08x within UL DATA?!?\n",
+						  new_tlli);
 					m_window.invalidate_bsn(rdbi->bsn);
 					continue;
 				}
@@ -458,7 +459,7 @@ int gprs_rlcmac_ul_tbf::rcv_data_block_acknowledged(
 					  "Decoded premier TLLI=0x%08x of UL DATA TFI=%d.\n",
 					  new_tlli, rlc->tfi);
 				update_ms(new_tlli, GPRS_RLCMAC_UL_TBF);
-			} else if (new_tlli && new_tlli != tlli()) {
+			} else if (new_tlli != GSM_RESERVED_TMSI && new_tlli != tlli()) {
 				LOGPTBFUL(this, LOGL_NOTICE,
 					  "Decoded TLLI=%08x mismatch on UL DATA TFI=%d. (Ignoring due to contention resolution)\n",
 					  new_tlli, rlc->tfi);

tests/app_info/AppInfoTest.err

@@ -10,26 +10,26 @@ Application Information Request received: type=0x00000000 len=0
 Packet Application Information will not be sent, no subscribers with active TBF
 
 --- prepare_bts_with_two_dl_tbf_subscr ---
-Creating MS object, TLLI = 0x00000000
-Modifying MS object, TLLI = 0x00000000, MS class 0 -> 10
-Modifying MS object, TLLI = 0x00000000, EGPRS MS class 0 -> 11
-MS(TLLI=0x00000000, IMSI=, TA=220, 10/11,) Enabled EGPRS, mode EGPRS
+Creating MS object, TLLI = 0xffffffff
+Modifying MS object, TLLI = 0xffffffff, MS class 0 -> 10
+Modifying MS object, TLLI = 0xffffffff, EGPRS MS class 0 -> 11
+MS(TLLI=0xffffffff, IMSI=, TA=220, 10/11,) Enabled EGPRS, mode EGPRS
 [DL] algo B <multi> (suggested TRX: 0): using 4 slots
-PDCH(TS 4, TRX 0): Attaching TBF(TFI=0 TLLI=0x00000000 DIR=DL STATE=NULL EGPRS), 1 TBFs, USFs = 00, TFIs = 00000001.
-PDCH(TS 5, TRX 0): Attaching TBF(TFI=0 TLLI=0x00000000 DIR=DL STATE=NULL EGPRS), 1 TBFs, USFs = 00, TFIs = 00000001.
-PDCH(TS 6, TRX 0): Attaching TBF(TFI=0 TLLI=0x00000000 DIR=DL STATE=NULL EGPRS), 1 TBFs, USFs = 00, TFIs = 00000001.
-PDCH(TS 7, TRX 0): Attaching TBF(TFI=0 TLLI=0x00000000 DIR=DL STATE=NULL EGPRS), 1 TBFs, USFs = 00, TFIs = 00000001.
-Attaching TBF to MS object, TLLI = 0x00000000, TBF = TBF(TFI=0 TLLI=0x00000000 DIR=DL STATE=NULL EGPRS)
+PDCH(TS 4, TRX 0): Attaching TBF(TFI=0 TLLI=0xffffffff DIR=DL STATE=NULL EGPRS), 1 TBFs, USFs = 00, TFIs = 00000001.
+PDCH(TS 5, TRX 0): Attaching TBF(TFI=0 TLLI=0xffffffff DIR=DL STATE=NULL EGPRS), 1 TBFs, USFs = 00, TFIs = 00000001.
+PDCH(TS 6, TRX 0): Attaching TBF(TFI=0 TLLI=0xffffffff DIR=DL STATE=NULL EGPRS), 1 TBFs, USFs = 00, TFIs = 00000001.
+PDCH(TS 7, TRX 0): Attaching TBF(TFI=0 TLLI=0xffffffff DIR=DL STATE=NULL EGPRS), 1 TBFs, USFs = 00, TFIs = 00000001.
+Attaching TBF to MS object, TLLI = 0xffffffff, TBF = TBF(TFI=0 TLLI=0xffffffff DIR=DL STATE=NULL EGPRS)
 ws(64)
-Creating MS object, TLLI = 0x00000000
-Modifying MS object, TLLI = 0x00000000, MS class 0 -> 12
-Modifying MS object, TLLI = 0x00000000, EGPRS MS class 0 -> 13
-MS(TLLI=0x00000000, IMSI=, TA=220, 12/13,) Enabled EGPRS, mode EGPRS
+Creating MS object, TLLI = 0xffffffff
+Modifying MS object, TLLI = 0xffffffff, MS class 0 -> 12
+Modifying MS object, TLLI = 0xffffffff, EGPRS MS class 0 -> 13
+MS(TLLI=0xffffffff, IMSI=, TA=220, 12/13,) Enabled EGPRS, mode EGPRS
 [DL] algo B <multi> (suggested TRX: 0): using 3 slots
-PDCH(TS 4, TRX 0): Attaching TBF(TFI=1 TLLI=0x00000000 DIR=DL STATE=NULL EGPRS), 2 TBFs, USFs = 00, TFIs = 00000003.
-PDCH(TS 5, TRX 0): Attaching TBF(TFI=1 TLLI=0x00000000 DIR=DL STATE=NULL EGPRS), 2 TBFs, USFs = 00, TFIs = 00000003.
-PDCH(TS 6, TRX 0): Attaching TBF(TFI=1 TLLI=0x00000000 DIR=DL STATE=NULL EGPRS), 2 TBFs, USFs = 00, TFIs = 00000003.
-Attaching TBF to MS object, TLLI = 0x00000000, TBF = TBF(TFI=1 TLLI=0x00000000 DIR=DL STATE=NULL EGPRS)
+PDCH(TS 4, TRX 0): Attaching TBF(TFI=1 TLLI=0xffffffff DIR=DL STATE=NULL EGPRS), 2 TBFs, USFs = 00, TFIs = 00000003.
+PDCH(TS 5, TRX 0): Attaching TBF(TFI=1 TLLI=0xffffffff DIR=DL STATE=NULL EGPRS), 2 TBFs, USFs = 00, TFIs = 00000003.
+PDCH(TS 6, TRX 0): Attaching TBF(TFI=1 TLLI=0xffffffff DIR=DL STATE=NULL EGPRS), 2 TBFs, USFs = 00, TFIs = 00000003.
+Attaching TBF to MS object, TLLI = 0xffffffff, TBF = TBF(TFI=1 TLLI=0xffffffff DIR=DL STATE=NULL EGPRS)
 ws(64)
 
 --- test_sched_app_info_ok ---

tests/ms/MsTest.err

@@ -35,17 +35,17 @@ Modifying MS object, TLLI: 0xaa000000 confirmed
 The MS object cannot fully confirm an unexpected TLLI: 0xff001111, partly confirmed
 Modifying MS object, TLLI: 0xaa000000 -> 0xff001111, already confirmed partly
 Destroying MS object, TLLI = 0xff001111
-Creating MS object, TLLI = 0x00000000
-Modifying MS object, UL TLLI: 0x00000000 -> 0xffeeddbb, not yet confirmed
+Creating MS object, TLLI = 0xffffffff
+Modifying MS object, UL TLLI: 0xffffffff -> 0xffeeddbb, not yet confirmed
 Modifying MS object, TLLI = 0xffeeddbb, IMSI '' -> '001001987654321'
-Creating MS object, TLLI = 0x00000000
-Modifying MS object, UL TLLI: 0x00000000 -> 0xffeeddbc, not yet confirmed
+Creating MS object, TLLI = 0xffffffff
+Modifying MS object, UL TLLI: 0xffffffff -> 0xffeeddbc, not yet confirmed
 Modifying MS object, TLLI = 0xffeeddbc, IMSI '' -> '001001987654322'
 Attaching TBF to MS object, TLLI = 0xffeeddbb, TBF = TBF(TFI=0 TLLI=0xffeeddbb DIR=UL STATE=NULL)
 Detaching TBF from MS object, TLLI = 0xffeeddbb, TBF = TBF(TFI=0 TLLI=0xffeeddbb DIR=UL STATE=NULL)
 Destroying MS object, TLLI = 0xffeeddbb
-Attaching TBF to MS object, TLLI = 0xffeeddbc, TBF = TBF(TFI=0 TLLI=0x00000000 DIR=UL STATE=NULL)
-Detaching TBF from MS object, TLLI = 0xffeeddbc, TBF = TBF(TFI=0 TLLI=0x00000000 DIR=UL STATE=NULL)
+Attaching TBF to MS object, TLLI = 0xffeeddbc, TBF = TBF(TFI=0 TLLI=0xffffffff DIR=UL STATE=NULL)
+Detaching TBF from MS object, TLLI = 0xffeeddbc, TBF = TBF(TFI=0 TLLI=0xffffffff DIR=UL STATE=NULL)
 Destroying MS object, TLLI = 0xffeeddbc
 Creating MS object, TLLI = 0xffeeddbb
 Attaching TBF to MS object, TLLI = 0xffeeddbb, TBF = TBF(TFI=0 TLLI=0xffeeddbb DIR=UL STATE=NULL)

tests/types/TypesTest.cpp

@@ -776,7 +776,7 @@ void test_immediate_assign_dl()
 				 0x23, /* TA */
 				 0x00, /* 0-length §10.5.2.21 Mobile Allocation */
 				 /* ETSI TS 44.018 §10.5.2.16 IA Rest Octets */
-				 0xd0, 0x00, 0x00, 0x00, 0x08, 0x17, 0x47, 0x08, 0x0b, 0x5b, 0x2b, 0x2b, };
+				 0xdf, 0xff, 0xff, 0xff, 0xf8, 0x17, 0x47, 0x08, 0x0b, 0x5b, 0x2b, 0x2b, };
 
 	check_imm_ass(tbf, true, GSM_L1_BURST_TYPE_ACCESS_2, res, sizeof(res), "ia_rest_downlink");
 }

tests/types/TypesTest.err

@@ -1,18 +1,18 @@
 Allocating DL TBF: MS_CLASS=1/0
-TBF(TFI=0 TLLI=0x00000000 DIR=DL STATE=NULL) Setting Control TS 2
-TBF(TFI=0 TLLI=0x00000000 DIR=DL STATE=NULL) Allocated: trx = 0, ul_slots = 04, dl_slots = 04
+TBF(TFI=0 TLLI=0xffffffff DIR=DL STATE=NULL) Setting Control TS 2
+TBF(TFI=0 TLLI=0xffffffff DIR=DL STATE=NULL) Allocated: trx = 0, ul_slots = 04, dl_slots = 04
 Allocating UL TBF: MS_CLASS=1/0
-TBF(TFI=0 TLLI=0x00000000 DIR=UL STATE=NULL) Setting Control TS 4
-TBF(TFI=0 TLLI=0x00000000 DIR=UL STATE=NULL) Allocated: trx = 0, ul_slots = 10, dl_slots = 00
+TBF(TFI=0 TLLI=0xffffffff DIR=UL STATE=NULL) Setting Control TS 4
+TBF(TFI=0 TLLI=0xffffffff DIR=UL STATE=NULL) Allocated: trx = 0, ul_slots = 10, dl_slots = 00
 Allocating UL TBF: MS_CLASS=1/1
-TBF(TFI=0 TLLI=0x00000000 DIR=UL STATE=NULL EGPRS) Setting Control TS 1
-TBF(TFI=0 TLLI=0x00000000 DIR=UL STATE=NULL EGPRS) Allocated: trx = 0, ul_slots = 02, dl_slots = 00
-TBF(TFI=0 TLLI=0x00000000 DIR=UL STATE=NULL EGPRS) setting EGPRS UL window size to 64, base(64) slots(1) ws_pdch(0)
+TBF(TFI=0 TLLI=0xffffffff DIR=UL STATE=NULL EGPRS) Setting Control TS 1
+TBF(TFI=0 TLLI=0xffffffff DIR=UL STATE=NULL EGPRS) Allocated: trx = 0, ul_slots = 02, dl_slots = 00
+TBF(TFI=0 TLLI=0xffffffff DIR=UL STATE=NULL EGPRS) setting EGPRS UL window size to 64, base(64) slots(1) ws_pdch(0)
 ############## test_egprs_ul_ack_nack
 Allocating UL TBF: MS_CLASS=1/1
-TBF(TFI=0 TLLI=0x00000000 DIR=UL STATE=NULL EGPRS) Setting Control TS 4
-TBF(TFI=0 TLLI=0x00000000 DIR=UL STATE=NULL EGPRS) Allocated: trx = 0, ul_slots = 10, dl_slots = 00
-TBF(TFI=0 TLLI=0x00000000 DIR=UL STATE=NULL EGPRS) setting EGPRS UL window size to 64, base(64) slots(1) ws_pdch(0)
+TBF(TFI=0 TLLI=0xffffffff DIR=UL STATE=NULL EGPRS) Setting Control TS 4
+TBF(TFI=0 TLLI=0xffffffff DIR=UL STATE=NULL EGPRS) Allocated: trx = 0, ul_slots = 10, dl_slots = 00
+TBF(TFI=0 TLLI=0xffffffff DIR=UL STATE=NULL EGPRS) setting EGPRS UL window size to 64, base(64) slots(1) ws_pdch(0)
 ************** Test with empty window
 ************** Test with 1 lost packet
 ************** Test with compressed window

tests/types/TypesTest.ok

@@ -7,7 +7,7 @@ rbb: 10 00 00 00 00 00 00 01
 show_rbb: RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR
 show_rbb: IIRRIIIR
 [11] DL Immediate Assignment <ia_rest_downlink>:
-	06 3f 30 0d 23 6d 7f 03 18 23 00 d0 00 00 00 08 17 47 08 0b 5b 2b 2b 
+	06 3f 30 0d 23 6d 7f 03 18 23 00 df ff ff ff f8 17 47 08 0b 5b 2b 2b 
 [11] UL Immediate Assignment <ia_rest_uplink(MBA)>:
 	06 3f 10 0d 23 6d 0d 03 18 23 00 c8 02 1b a2 0b 2b 2b 2b 2b 2b 2b 2b 
 [11] UL Immediate Assignment <ia_rest_uplink(SBA)>: