fixeria
/
pycrate
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
pycrate/pycrate_corenet/ProcCNGMM.py

1508 lines
55 KiB
Python
Raw Blame History

# -*- coding: UTF-8 -*-
#/**
# * Software Name : pycrate
# * Version : 0.4
# *
# * Copyright 2017. Benoit Michau. ANSSI.
# *
# * This library is free software; you can redistribute it and/or
# * modify it under the terms of the GNU Lesser General Public
# * License as published by the Free Software Foundation; either
# * version 2.1 of the License, or (at your option) any later version.
# *
# * This library is distributed in the hope that it will be useful,
# * but WITHOUT ANY WARRANTY; without even the implied warranty of
# * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# * Lesser General Public License for more details.
# *
# * You should have received a copy of the GNU Lesser General Public
# * License along with this library; if not, write to the Free Software
# * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
# * MA 02110-1301 USA
# *
# *--------------------------------------------------------
# * File Name : pycrate_corenet/ProcCNGMM.py
# * Created : 2017-07-19
# * Authors : Benoit Michau
# *--------------------------------------------------------
#*/
__all__ = [
'GMMSigProc',
'GMMAttach',
'GMMDetachUE',
'GMMRoutingAreaUpdating',
'GMMServiceRequest',
'GMMDetachCN',
'GMMPTMSIReallocation',
'GMMAuthenticationCiphering',
'GMMIdentification',
'GMMInformation',
#
'GMMProcUeDispatcher',
'GMMProcUeDispatcherStr',
'GMMProcCnDispatcher',
'GMMProcCnDispatcherStr'
]
from .utils import *
from .ProcProto import *
from .ProcCNRanap import *
TESTING = False
#------------------------------------------------------------------------------#
# NAS GPRS Mobility Management signalling procedures
# TS 24.008, version d90
# Core Network side
#------------------------------------------------------------------------------#
class GMMSigProc(NASSigProc):
"""GPRS Mobility Management signalling procedure handler
instance attributes:
- Name : procedure name
- GMM : reference to the UEGMMd instance running this procedure
- Iu : reference to the IuPSd instance connecting the UE
- Cont : 2-tuple of CN-initiated NAS message(s) and UE-initiated NAS
message(s)
- Timer: timer in sec. for this procedure
- Encod: custom NAS message encoders with fixed values
- Decod: custom NAS message decoders with transform functions
"""
# tacking all exchanged NAS message within the procedure
TRACK_PDU = True
# potential timer
Timer = None
TimerDefault = 4
if TESTING:
def __init__(self, encod=None):
self._prepare(encod)
self._log('DBG', 'instantiating procedure')
def _log(self, logtype, msg):
log('[TESTING] [%s] [GMMSigProc] [%s] %s' % (logtype, self.Name, msg))
else:
def __init__(self, gmmd, encod=None, gmm_preempt=False):
self._prepare(encod)
self.GMM = gmmd
self.Iu = gmmd.Iu
self.UE = gmmd.UE
self._gmm_preempt = gmm_preempt
if gmm_preempt:
self.GMM.ready.clear()
self._log('DBG', 'instantiating procedure')
def _log(self, logtype, msg):
self.GMM._log(logtype, '[%s] %s' % (self.Name, msg))
def output(self):
self._log('ERR', 'output() not implemented')
return []
def process(self, pdu):
if self.TRACK_PDU:
self._pdu.append( (time(), 'UL', pdu) )
self.UEInfo = {}
self.decode_msg(pdu, self.UEInfo)
#
self._log('ERR', 'process() not implemented')
return []
def postprocess(self, Proc=None):
self._log('ERR', 'postprocess() not implemented')
return []
def abort(self):
# abort this procedure, and all procedures started within this one
ind = self.GMM.Proc.index(self)
if ind >= 0:
for p in self.GMM.Proc[ind+1:]:
p.abort()
del self.GMM.Proc[ind:]
if self._gmm_preempt:
# release the GMM stack
self.GMM.ready.set()
self._log('INF', 'aborting')
def rm_from_gmm_stack(self):
# remove the procedure from the GMM stack of procedures
try:
if self.GMM.Proc[-1] == self:
del self.GMM.Proc[-1]
except Exception:
self._log('WNG', 'GMM stack corrupted')
else:
if self._gmm_preempt:
# release the GMM stack
self.GMM.ready.set()
def init_timer(self):
if self.Timer is not None:
self.TimerValue = getattr(self.GMM, self.Timer, self.TimerDefault)
self.TimerStart = time()
self.TimerStop = self.TimerStart + self.TimerValue
def get_timer(self):
if self.Timer is None:
return None
else:
return getattr(self.GMM, self.Timer)
def gmm_preempt(self):
self._gmm_preempt = True
self.GMM.ready.clear()
#--------------------------------------------------------------------------#
# common helpers
#--------------------------------------------------------------------------#
def _collect_cap(self):
if not hasattr(self, 'Cap') or not hasattr(self, 'UEInfo'):
return
for Cap in self.Cap:
if Cap in self.UEInfo:
self.UE.Cap[Cap] = self.UEInfo[Cap]
def _chk_imsi(self):
# arriving here means the UE's IMSI was unknown at first
Server, imsi = self.UE.Server, self.UE.IMSI
if not Server.is_imsi_allowed(imsi):
self.errcause = self.GMM.IDENT_IMSI_NOT_ALLOWED
return False
else:
# update the PTMSI table
Server.PTMSI[self.UE.PTMSI] = imsi
#
if imsi in Server.UE:
# in the meantime, IMSI was obtained from the CS domain connection
if self.UE != Server.UE[imsi]:
# there is 2 distincts Iu contexts, that need to be merged
ue = Server.UE[imsi]
if not ue.merge_ps_handler(self.Iu):
# unable to merge to the existing profile
self._log('WNG', 'profile for IMSI %s already exists, '\
'need to reject for reconnection' % imsi)
# reject so that it will reconnect
# and get the already existing profile
self.errcause = self.GMM.ATT_IMSI_PROV_REJECT
return False
else:
return True
else:
return True
else:
Server.UE[imsi] = self.UE
# update the Server UE's tables
if imsi in Server.ConfigUE:
# update UE's config with it's dedicated config
self.UE.set_config( Server.ConfigUE[imsi] )
elif '*' in Server.ConfigUE:
self.UE.set_config( Server.ConfigUE['*'] )
return True
def _ret_req_imsi(self):
NasProc = self.GMM.init_proc(GMMIdentification)
NasProc.set_msg(8, 21, IDType=NAS.IDTYPE_IMSI)
return NasProc.output()
def _ret_req_imeisv(self):
NasProc = self.GMM.init_proc(GMMIdentification)
NasProc.set_msg(8, 21, IDType=NAS.IDTYPE_IMEISV)
return NasProc.output()
def _ret_auth(self):
NasProc = self.GMM.init_proc(GMMAuthenticationCiphering)
return NasProc.output()
def _ret_smc(self, cksn=None, newkey=False):
# initialize a RANAP SMC procedure
RanapProc = self.Iu.init_ranap_proc(RANAPSecurityModeControl,
**self.Iu.get_smc_ies(cksn, newkey))
if RanapProc:
# and set a callback to self in it
RanapProc._cb = self
return [RanapProc]
else:
return []
#------------------------------------------------------------------------------#
# GMM procedures: TS 24.008, section 4.7
#------------------------------------------------------------------------------#
class GMMAttach(GMMSigProc):
"""GPRS attach: TS 24.008, section 4.7.3
UE-initiated
CN messages:
GMMAttachAccept (PD 8, Type 2), IEs:
- Type1V : ForceStdby
- Type1V : AttachResult
- Type3V : PeriodicRAUpdateTimer
- Type1V : RadioPriorityTOM8
- Type1V : RadioPrioritySMS
- Type3V : RAI
- Type3TV : PTMSISign (T: 25)
- Type3TV : NegoREADYTimer (T: 23)
- Type4TLV : AllocPTMSI (T: 24)
- Type4TLV : MSIdent (T: 35)
- Type3TV : GMMCause (T: 37)
- Type4TLV : T3302 (T: 42)
- Type2 : CellNotif (T: 140)
- Type4TLV : EquivPLMNList (T: 74)
- Type1TV : NetFeatSupp (T: 10)
- Type4TLV : T3319 (T: 55)
- Type4TLV : T3323 (T: 56)
- Type4TLV : T3312Ext (T: 57)
- Type4TLV : AddNetFeatSupp (T: 102)
- Type4TLV : T3324 (T: 106)
- Type4TLV : ExtDRXParam (T: 110)
- Type1TV : UPIntegrityInd (T: 12)
- Type4TLV : ReplayedMSNetCap (T: 49)
- Type4TLV : ReplayedMSRACap (T: 51)
GMMAttachReject (PD 8, Type 4), IEs:
- Type3V : GMMCause
- Type4TLV : T3302 (T: 42)
- Type4TLV : T3346 (T: 58)
UE messages:
GMMAttachRequest (PD 8, Type 1), IEs:
- Type4LV : MSNetCap
- Type1V : CKSN
- Type1V : AttachType
- Type3V : DRXParam
- Type4LV : ID
- Type3V : OldRAI
- Type4LV : MSRACap
- Type3TV : OldPTMSISign (T: 25)
- Type3TV : ReqREADYTimer (T: 23)
- Type1TV : TMSIStatus (T: 9)
- Type4TLV : PSLCSCap (T: 51)
- Type4TLV : MSCm2 (T: 17)
- Type4TLV : MSCm3 (T: 32)
- Type4TLV : SuppCodecs (T: 64)
- Type4TLV : UENetCap (T: 88)
- Type4TLV : AddID (T: 26)
- Type4TLV : AddRAI (T: 27)
- Type4TLV : VoiceDomPref (T: 93)
- Type1TV : DeviceProp (T: 13)
- Type1TV : PTMSIType (T: 14)
- Type1TV : MSNetFeatSupp (T: 12)
- Type4TLV : OldLAI (T: 20)
- Type1TV : AddUpdateType (T: 15)
- Type4TLV : TMSIBasedNRICont (T: 16)
- Type4TLV : T3324 (T: 106)
- Type4TLV : T3312Ext (T: 57)
- Type4TLV : ExtDRXParam (T: 110)
GMMAttachComplete (PD 8, Type 3), IEs:
- Type4TLV : InterRATHOInfo (T: 39)
- Type4TLV : EUTRANInterRATHOInfo (T: 43)
"""
Cont = (
(TS24008_GMM.GMMAttachAccept, TS24008_GMM.GMMAttachReject),
(TS24008_GMM.GMMAttachRequest, TS24008_GMM.GMMAttachComplete)
)
Decod = {
(8, 1) : {
'CKSN' : lambda x: x[0].get_val(),
'ID' : lambda x: x[1].decode(),
'OldRAI' : lambda x: x[0].decode(),
'ReqREADYTimer' : lambda x: {'Unit': x[1]['Unit'].get_val(),
'Value': x[1]['Value'].get_val()},
}
}
Cap = ('MSNetCap', 'DRXParam', 'MSRACap', 'PSLCSCap', 'MSCm2', 'MSCm3',
'SuppCodecs', 'UENetCap', 'VoiceDomPref', 'DeviceProp', 'MSNetFeatSupp',
'ExtDRXParam')
def process(self, pdu):
# preempt the GMM stack
self.gmm_preempt()
if self.TRACK_PDU:
self._pdu.append( (time(), 'UL', pdu) )
#
if pdu._name == 'GMMAttachRequest':
# AttachRequest
self.errcause, self.UEInfo = None, {}
self.decode_msg(pdu, self.UEInfo)
return self._process_req()
else:
# AttachComplete
self.errcause, self.CompInfo = None, {}
self.decode_msg(pdu, self.CompInfo)
if self.ptmsi_realloc >= 0:
self.UE.set_ptmsi(self.ptmsi_realloc)
self._log('INF', 'new P-TMSI set, 0x%.8x' % self.ptmsi_realloc)
return self._end()
def _process_req(self):
#
if self.UEInfo['ID'][0] == NAS.IDTYPE_TMSI and self.UE.PTMSI is None:
self.UE.PTMSI = self.UEInfo['ID'][1]
#
att_type = self.UEInfo['AttachType']['Type']
self.att_type = att_type.get_val()
self._log('INF', 'request type %i (%s), old RAI %s.%.4x.%.2x'\
% (att_type(), att_type._dic[self.att_type],
self.UEInfo['OldRAI'][0], self.UEInfo['OldRAI'][1], self.UEInfo['OldRAI'][2]))
# collect capabilities
self._collect_cap()
#
if self.UE.IMEISV is None and self.GMM.IDENT_IMEISV_REQ:
self._req_imeisv = True
else:
self._req_imeisv = False
#
# check for emergency attach
if self.att_type == 4:
if self.GMM.ATT_EMERG:
self.errcause = self.GMM.ATT_EMERG
return self.output()
else:
# jump directly to the attach accept
self.EMM.set_sec_ctx_emerg()
# emergency ctx has always ksi 0
return self.output()
#
# check local ID
if self.UE.IMSI is None:
# UEd was created based on a PTMSI provided at the RRC layer
# -> we need to get its IMSI before continuing
# we remove it from the Server's provisory dict of UE
try:
del self.UE.Server._UEpre[self.UE.PTMSI]
except Exception:
pass
#
if self.UEInfo['ID'][0] == 1:
# IMSI is provided at the NAS layer
self.UE.set_ident_from_ue(*self.UEInfo['ID'], dom='PS')
if not self._chk_imsi():
# IMSI not allowed
return self.output()
else:
# need to request the IMSI, prepare an id request procedure
return self._ret_req_imsi()
#
if self.Iu.require_auth(self, cksn=self.UEInfo['CKSN']):
return self._ret_auth()
#
if self.Iu.require_smc(self):
# if we are here, there was no auth procedure,
# hence the cksn submitted by the UE is valid
return self._ret_smc(self.UEInfo['CKSN'], False)
#
if self._req_imeisv:
return self._ret_req_imeisv()
#
# otherwise, go directly to postprocess
return self.postprocess()
def postprocess(self, Proc=None):
if isinstance(Proc, GMMIdentification):
if Proc.IDType == NAS.IDTYPE_IMSI:
# got the UE's IMSI, check if it's allowed
if self.UE.IMSI is None:
# UE did actually not responded with its IMSI, this is bad !
# error 96: invalid mandatory info
self.errcause = 96
return self.output()
elif not self._chk_imsi():
return self.output()
elif self.Iu.require_auth(self):
return self._ret_auth()
elif self.Iu.require_smc(self):
# if we are here, there was no auth procedure,
# hence the cksn submitted by the UE is valid
return self._ret_smc(self.UEInfo['CKSN'], False)
elif self._req_imeisv:
return self._ret_req_imeisv()
elif Proc.IDType == NAS.IDTYPE_IMEISV:
# got the UE's IMEISV, check if it is allowed
if self.UE.IMEISV is None or \
not self.UE.Server.is_imeisv_allowed(self.UE.IMEISV):
self.errcause = self.GMM.IDENT_IMEI_NOT_ALLOWED
return self.output()
#
elif isinstance(Proc, GMMAuthenticationCiphering):
if not Proc.success:
self.abort()
return []
elif self.Iu.require_smc(self):
# if we are here, the valid cksn is the one established during
# the auth procedure
return self._ret_smc(Proc.cksn, True)
elif self._req_imeisv:
return self._ret_req_imeisv()
#
elif isinstance(Proc, RANAPSecurityModeControl):
if not Proc.success:
self.abort()
return []
# self.Iu.SEC['CKSN'] has been taken into use at the RRC layer
elif self._req_imeisv:
return self._ret_req_imeisv()
#
elif Proc == self:
self._log('WNG', 'something bad happened with a previous procedure')
#
elif Proc is not None:
self._err = Proc
assert()
#
return self.output()
def output(self):
if self.att_type == 3 and self.GMM.ATT_IMSI:
# IMSI attach not supported
self.errcause = self.GMM.ATT_IMSI
#
if self.errcause:
# prepare AttachReject IE
if self.errcause == self.GMM.ATT_IMSI_PROV_REJECT:
self.set_msg(8, 4, GMMCause=self.errcause, T3346=self.GMM.ATT_T3346)
else:
self.set_msg(8, 4, GMMCause=self.errcause)
self.encode_msg(8, 4)
self.ptmsi_realloc = -1
self._log('INF', 'reject, %r' % self._nas_tx['GMMCause'][0])
else:
# prepare AttachAccept IEs
IEs = {'ForceStdby' : {'Value': self.GMM.ATT_FSTDBY},
'AttachResult' : {'FollowOnProc': self.UEInfo['AttachType']['FollowOnReq'].get_val(),
'Result': self.att_type},
'PeriodicRAUpdateTimer' : self.GMM.ATT_RAU_TIMER,
'RadioPriorityTOM8' : {'Value': self.GMM.ATT_PRIO_TOM8},
'RadioPrioritySMS' : {'Value': self.GMM.ATT_PRIO_SMS},
'RAI' : {'PLMN': self.UE.PLMN, 'LAC': self.UE.LAC, 'RAC': self.UE.RAC}
}
#
# READY timer negotiation
if 'ReqREADYTimer' in self.UEInfo:
if self.GMM.ATT_READY_TIMER is None:
IEs['NegoREADYTimer'] = self.UEInfo['ReqREADYTimer']
else:
IEs['NegoREADYTimer'] = self.GMM.ATT_READY_TIMER
# in case we want to realloc a PTMSI, we start a PTMSIRealloc,
# but don't forward its output
if self.GMM.ATT_PTMSI_REALLOC:
NasProc = self.GMM.init_proc(GMMPTMSIReallocation)
NasProc.output(embedded=True)
IEs['AllocPTMSI'] = {'type': NAS.IDTYPE_TMSI, 'ident': NasProc.ptmsi}
self.ptmsi_realloc = NasProc.ptmsi
else:
self.ptmsi_realloc = -1
#
if self.GMM.ATT_T3302 is not None:
IEs['T3302'] = self.GMM.ATT_T3302
if self.Iu.Config['EquivPLMNList'] is not None:
IEs['EquivPLMNList'] = self.Iu.Config['EquivPLMNList']
if self.GMM.ATT_NETFEAT_SUPP is not None:
IEs['NetFeatSupp'] = self.GMM.ATT_NETFEAT_SUPP
#
if isinstance(self.Iu.Config['EmergNumList'], bytes_types):
IEs['EmergNumList'] = self.Iu.Config['EmergNumList']
elif self.Iu.Config['EmergNumList'] is not None:
IEs['EmergNumList'] = [{'ServiceCat': {c:1 for c in cat}, 'Num': num} for \
(cat, num) in self.Iu.Config['EmergNumList']]
#
if self.GMM.ATT_MSINF_REQ is not None:
IE['ReqMSInfo'] = self.GMM.ATT_MSINF_REQ
if self.GMM.ATT_T3312_EXT is not None:
IEs['T3312Ext'] = self.GMM.ATT_T3312_EXT
if self.GMM.ATT_ADDNETFEAT_SUPP is not None:
IEs['AddNetFeatSupp'] = self.GMM.ATT_ADDNETFEAT_SUPP
#
if 'ExtDRXParam' in self.UEInfo:
if self.GMM.ATT_EXTDRX is None:
IEs['ExtDRXParam'] = self.UEInfo['ExtDRXParam']
else:
IEs['ExtDRXParam'] = self.GMM.ATT_EXTDRX
#
# encode the msg with all its IEs
self.set_msg(8, 2, **IEs)
self.encode_msg(8, 2)
#
if self.TRACK_PDU:
self._pdu.append( (time(), 'DL', self._nas_tx) )
ret = self.Iu.ret_ranap_dt(self._nas_tx)
if self.ptmsi_realloc < 0:
ret.extend( self._end() )
else:
# use the timer of the GMMPTMSIRealloc
# and wait for a GMMAttachComplete to end the procedure
self.Timer = NasProc.Timer
self.init_timer()
# send Attach reject / accept
return ret
def _end(self):
ret = []
if self.GMM.ATT_IUREL and \
(self.errcause or not self.UEInfo['AttachType']['FollowOnReq'].get_val()):
# trigger an IuRelease with Cause NAS normal-release (83)
RanapProcRel = self.Iu.init_ranap_proc(RANAPIuRelease, Cause=('nAS', 83))
if RanapProcRel:
ret.append(RanapProcRel)
self.rm_from_gmm_stack()
return ret
class GMMDetachUE(GMMSigProc):
"""MS-initiated GPRS detach: TS 24.008, section 4.7.4.1
UE-initiated
CN message:
GMMDetachAcceptMO (PD 8, Type 6), IEs:
- Type1V : spare
- Type1V : ForceStdby
UE message:
GMMDetachRequestMO (PD 8, Type 5), IEs:
- Type1V : spare
- Type1V : DetachType
- Type4TLV : AllocPTMSI (T: 24)
- Type4TLV : PTMSISign (T: 25)
"""
Cont = (
(TS24008_GMM.GMMDetachAcceptMO, ),
(TS24008_GMM.GMMDetachRequestMO, )
)
def _detach(self):
# set GMM state
self.GMM.state = 'INACTIVE'
self._log('INF', 'detaching')
#
# we only consider GPRS detach here
self.rm_from_gmm_stack()
# abort all ongoing PS procedures
self.Iu.clear_nas_proc()
def process(self, pdu):
# preempt the GMM stack
self.gmm_preempt()
if self.TRACK_PDU:
self._pdu.append( (time(), 'UL', pdu) )
self.UEInfo = {}
self.decode_msg(pdu, self.UEInfo)
if self.UEInfo['DetachType']['PowerOff'].get_val():
# if UE is to power-off, procedure ends here
ret = self.output(poff=True)
else:
ret = self.output()
self._detach()
return ret
def output(self, poff=False):
# prepare a stack of RANAP procedure(s)
RanapTxProc = []
if not poff:
# set a RANAP direct transfer to transport the DetachAccept
self.set_msg(8, 6, ForceStdby={'Value': self.GMM.DET_FSTDBY})
self.encode_msg(8, 6)
if self.TRACK_PDU:
self._pdu.append( (time(), 'DL', self._nas_tx) )
RanapTxProc.extend( self.Iu.ret_ranap_dt(self._nas_tx) )
# set an Iu release with Cause NAS normal-release (83)
RanapProcRel = self.Iu.init_ranap_proc(RANAPIuRelease, Cause=('nAS', 83))
if RanapProcRel:
RanapTxProc.append( RanapProcRel )
return RanapTxProc
class GMMDetachCN(GMMSigProc):
"""Network-initiated GPRS detach: TS 24.008, section 4.7.4.2
CN-initiated
CN message:
GMMDetachRequestMT (PD 8, Type 5), IEs:
- Type1V : ForceStdby
- Type1V : DetachType
- Type3TV : GMMCause (T: 37)
UE message:
GMMDetachAcceptMT (PD 8, Type 6), IEs:
None
"""
Cont = (
(TS24008_GMM.GMMDetachRequestMT, ),
(TS24008_GMM.GMMDetachAcceptMT, )
)
Init = (8, 5)
Timer = 'T3322'
def output(self):
self.encode_msg(8, 5)
if self.TRACK_PDU:
self._pdu.append( (time(), 'DL', self._nas_tx) )
self._log('INF', 'request type %r' % self._nas_tx['DetachType']['Type'])
self.init_timer()
return self.Iu.ret_ranap_dt(self._nas_tx)
def process(self, pdu):
if self.TRACK_PDU:
self._pdu.append( (time(), 'UL', pdu) )
self.UEInfo = {}
#
self._log('INF', 'accepted')
self.rm_from_gmm_stack()
return []
class GMMRoutingAreaUpdating(GMMSigProc):
"""Routing area updating: TS 24.008, section 4.7.5
UE-initiated
CN-messages:
GMMRoutingAreaUpdateAccept (PD 8, Type 9), IEs:
- Type1V : ForceStdby
- Type1V : UpdateResult
- Type2 : PeriodicRAUpdateTimer
- Type3V : RAI
- Type3TV : PTMSISign (T: 25)
- Type4TLV : AllocPTMSI (T: 24)
- Type4TLV : MSIdent (T: 35)
- Type4TLV : RcvNPDUNumList (T: 38)
- Type3TV : NegoREADYTimer (T: 23)
- Type3TV : GMMCause (T: 37)
- Type4TLV : T3302 (T: 42)
- Type2 : CellNotif (T: 140)
- Type4TLV : EquivPLMNList (T: 74)
- Type4TLV : PDPCtxtStat (T: 50)
- Type1TV : NetFeatSupp (T: 10)
- Type4TLV : EmergNumList (T: 52)
- Type4TLV : MBMSCtxtStat (T: 53)
- Type1TV : ReqMSInfo (T: 10)
- Type4TLV : T3319 (T: 55)
- Type4TLV : T3323 (T: 56)
- Type4TLV : T3312Ext (T: 57)
- Type4TLV : AddNetFeatSupp (T: 102)
- Type4TLV : T3324 (T: 106)
- Type4TLV : ExtDRXParam (T: 110)
- Type1TV : UPIntegrityInd (T: 12)
- Type4TLV : ReplayedMSNetCap (T: 49)
- Type4TLV : ReplayedMSRACap (T: 51)
GMMRoutingAreaUpdateReject (PD 8, Type 11), IEs:
- Type3V : GMMCause
- Type1V : spare
- Type1V : ForceStdby
- Type4TLV : T3302 (T: 42)
- Type4TLV : T3346 (T: 58)
UE messages:
GMMRoutingAreaUpdateRequest (PD 8, Type 8), IEs:
- Type1V : CKSN
- Type1V : UpdateType
- Type3V : OldRAI
- Type4LV : MSRACap
- Type3TV : OldPTMSISign (T: 25)
- Type3TV : ReqREADYTimer (T: 23)
- Type3TV : DRXParam (T: 39)
- Type1TV : TMSIStatus (T: 9)
- Type4TLV : PTMSI (T: 24)
- Type4TLV : MSNetCap (T: 49)
- Type4TLV : PDPCtxtStat (T: 50)
- Type4TLV : PSLCSCap (T: 51)
- Type4TLV : MBMSCtxtStat (T: 53)
- Type4TLV : UENetCap (T: 88)
- Type4TLV : AddID (T: 26)
- Type4TLV : AddRAI (T: 27)
- Type4TLV : MSCm2 (T: 17)
- Type4TLV : MSCm3 (T: 32)
- Type4TLV : SuppCodecs (T: 64)
- Type4TLV : VoiceDomPref (T: 93)
- Type1TV : PTMSIType (T: 14)
- Type1TV : DeviceProp (T: 13)
- Type1TV : MSNetFeatSupp (T: 12)
- Type4TLV : OldLAI (T: 20)
- Type1TV : AddUpdateType (T: 15)
- Type4TLV : TMSIBasedNRICont (T: 16)
- Type4TLV : T3324 (T: 106)
- Type4TLV : T3312Ext (T: 57)
- Type4TLV : ExtDRXParam (T: 110)
GMMRoutingAreaUpdateComplete (PD 8, Type 10), IEs:
- Type4TLV : RcvNPDUNumList (T: 38)
- Type4TLV : InterRATHOInfo (T: 39)
- Type4TLV : EUTRANInterRATHOInfo (T: 43)
"""
Cont = (
(TS24008_GMM.GMMRoutingAreaUpdateAccept, TS24008_GMM.GMMRoutingAreaUpdateReject),
(TS24008_GMM.GMMRoutingAreaUpdateRequest, TS24008_GMM.GMMRoutingAreaUpdateComplete)
)
Decod = {
(8, 8) : {
'CKSN' : lambda x: x[0].get_val(),
'OldRAI' : lambda x: x[0].get_val(),
'ReqREADYTimer' : lambda x: {'Unit': x[1]['Unit'].get_val(),
'Value': x[1]['Value'].get_val()},
}
}
Cap = ('MSRACap', 'DRXParam', 'MSNetCap', 'PSLCSCap', 'UENetCap', 'MSCm2',
'MSCm3', 'SuppCodecs', 'VoiceDomPref', 'DeviceProp', 'MSNetFeatSupp',
'ExtDRXParam')
def process(self, pdu):
# preempt the GMM stack
self.gmm_preempt()
if self.TRACK_PDU:
self._pdu.append( (time(), 'UL', pdu) )
#
if pdu[0]['Type'].get_val() == 8:
# RoutingAreaUpdateRequest
self.errcause, self.UEInfo = None, {}
self.decode_msg(pdu, self.UEInfo)
return self._process_req()
else:
# RoutingAreaUpdateComplete
self.errcause, self.CompInfo = None, {}
self.decode_msg(pdu, self.CompInfo)
if self.ptmsi_realloc >= 0:
self.UE.set_ptmsi(self.ptmsi_realloc)
self._log('INF', 'new P-TMSI set, 0x%.8x' % self.ptmsi_realloc)
return self._end()
def _process_req(self):
#
if 'PTMSI' in self.UEInfo and \
self.UEInfo['PTMSI'][0] == NAS.IDTYPE_TMSI and self.UE.PTMSI is None:
self.UE.PTMSI = self.UEInfo['PTMSI'][1]
#
rau_type = self.UEInfo['UpdateType']['Value']
self._log('INF', 'request type %i (%s) from, old RAI %s.%.4x.%.2x'\
% (rau_type(), rau_type._dic[rau_type()],
self.UEInfo['OldRAI'][0], self.UEInfo['OldRAI'][1], self.UEInfo['OldRAI'][2]))
# collect capabilities
self._collect_cap()
#
# check local ID
if self.UE.IMSI is None:
# UEd was created based on a PTMSI provided at the RRC layer
# -> we need to get its IMSI before continuing
# we remove it from the Server's provisory dict of UE
try:
del self.UE.Server._UEpre[self.UE.PTMSI]
except Exception:
pass
# need to request the IMSI, prepare an id request procedure
return self._ret_req_imsi()
#
if self.Iu.require_auth(self, cksn=self.UEInfo['CKSN']):
return self._ret_auth()
#
if self.Iu.require_smc(self):
# if we are here, there was no auth procedure,
# hence the cksn submitted by the UE is valid
return self._ret_smc(self.UEInfo['CKSN'], False)
#
# otherwise, go directly to postprocess
return self.postprocess()
def postprocess(self, Proc=None):
if isinstance(Proc, GMMIdentification):
# got the UE's IMSI, check if it's allowed
if self.UE.IMSI is None:
# UE did actually not responded with its IMSI, this is bad !
# error 96: invalid mandatory info
self.errcause = 96
return self.output()
elif not self._chk_imsi():
return self.output()
elif self.Iu.require_auth(self):
return self._ret_auth()
elif self.Iu.require_smc(self):
# if we are here, there was no auth procedure,
# hence the cksn submitted by the UE is valid
return self._ret_smc(self.UEInfo['CKSN'], False)
#
if isinstance(Proc, GMMAuthenticationCiphering):
if not Proc.success:
self.abort()
return []
elif self.Iu.require_smc(self):
# if we are here, the valid cksn is the one established during
# the auth procedure
return self._ret_smc(Proc.cksn, True)
#
elif isinstance(Proc, RANAPSecurityModeControl):
if not Proc.success:
self.abort()
return []
# self.Iu.SEC['CKSN'] has been taken into use at the RRC layer
#
elif Proc == self:
self._log('WNG', 'something bad happened with a previous procedure')
#
elif Proc is not None:
self._err = Proc
assert()
#
return self.output()
def output(self):
if self.errcause:
# prepare RAU Reject IE
if self.errcause == self.GMM.ATT_IMSI_PROV_REJECT:
self.set_msg(8, 11, GMMCause=self.errcause, T3346=self.GMM.ATT_T3346)
else:
self.set_msg(8, 11, GMMCause=self.errcause)
self.encode_msg(8, 11)
self.ptmsi_realloc = -1
self._log('INF', 'reject, %r' % self._nas_tx['GMMCause'][0])
else:
# prepare RAUAccept IEs
IEs = {'ForceStdby' : {'Value': self.GMM.RAU_FSTDBY},
'UpdateResult' : {'FollowOnProc': self.UEInfo['UpdateType']['FollowOnReq'].get_val(),
'Value': self.UEInfo['UpdateType']['Value'].get_val()},
'PeriodicRAUpdateTimer' : self.GMM.RAU_RAU_TIMER,
'RAI' : {'PLMN': self.UE.PLMN, 'LAC': self.UE.LAC, 'RAC': self.UE.RAC}
}
#
# in case we want to realloc a PTMSI, we start a PTMSIRealloc,
# but don't forward its output
if self.GMM.RAU_PTMSI_REALLOC:
NasProc = self.GMM.init_proc(GMMPTMSIReallocation)
void = NasProc.output(embedded=True)
IEs['AllocPTMSI'] = {'type': NAS.IDTYPE_TMSI, 'ident': NasProc.ptmsi}
self.ptmsi_realloc = NasProc.ptmsi
else:
self.ptmsi_realloc = -1
# READY timer negotiation
if 'ReqREADYTimer' in self.UEInfo:
if self.GMM.RAU_READY_TIMER is None:
IEs['NegoREADYTimer'] = self.UEInfo['ReqREADYTimer']
else:
IEs['NegoREADYTimer'] = self.GMM.RAU_READY_TIMER
#
if self.GMM.RAU_T3302 is not None:
IEs['T3302'] = self.GMM.RAU_T3302
if self.Iu.Config['EquivPLMNList'] is not None:
IEs['EquivPLMNList'] = self.Iu.Config['EquivPLMNList']
if self.GMM.RAU_NETFEAT_SUPP is not None:
IEs['NetFeatSupp'] = self.GMM.RAU_NETFEAT_SUPP
#
if isinstance(self.Iu.Config['EmergNumList'], bytes_types):
IEs['EmergNumList'] = self.Iu.Config['EmergNumList']
elif self.Iu.Config['EmergNumList'] is not None:
IEs['EmergNumList'] = [{'ServiceCat': {c:1 for c in cat}, 'Num': num} for \
(cat, num) in self.Iu.Config['EmergNumList']]
#
if self.GMM.RAU_MSINF_REQ is not None:
IE['ReqMSInfo'] = self.GMM.RAU_MSINF_REQ
if self.GMM.RAU_T3312_EXT is not None:
IEs['T3312Ext'] = self.GMM.RAU_T3312_EXT
if self.GMM.RAU_ADDNETFEAT_SUPP is not None:
IEs['AddNetFeatSupp'] = self.GMM.RAU_ADDNETFEAT_SUPP
#
if 'ExtDRXParam' in self.UEInfo:
if self.GMM.RAU_EXTDRX is None:
IEs['ExtDRXParam'] = self.UEInfo['ExtDRXParam']
else:
IEs['ExtDRXParam'] = self.GMM.RAU_EXTDRX
#
# encode the msg with all its IEs
self.set_msg(8, 9, **IEs)
self.encode_msg(8, 9)
#
if self.TRACK_PDU:
self._pdu.append( (time(), 'DL', self._nas_tx) )
ret = self.Iu.ret_ranap_dt(self._nas_tx)
if self.ptmsi_realloc < 0:
ret.extend( self._end() )
else:
# use the timer of the GMMPTMSIRealloc
# and wait for a GMMAttachComplete to end the procedure
self.Timer = NasProc.Timer
self.init_timer()
# send Attach reject / accept
return ret
def _end(self):
ret = []
if self.GMM.RAU_IUREL and \
(self.errcause or not self.UEInfo['UpdateType']['FollowOnReq'].get_val()):
# trigger an IuRelease with Cause NAS normal-release (83)
RanapProcRel = self.Iu.init_ranap_proc(RANAPIuRelease, Cause=('nAS', 83))
if RanapProcRel:
ret.append(RanapProcRel)
self.rm_from_gmm_stack()
return ret
class GMMPTMSIReallocation(GMMSigProc):
"""P-TMSI reallocation: TS 24.008, section 4.7.6
CN-initiated
CN message:
GMMPTMSIReallocationCommand (PD 8, Type 16), IEs:
- Type4LV : AllocPTMSI
- Type3V : RAI
- Type1V : spare
- Type1V : ForceStdby
- Type3TV : PTMSISign (T: 25)
UE message:
GMMPTMSIReallocationComplete (PD 8, Type 17), IEs:
None
"""
Cont = (
(TS24008_GMM.GMMPTMSIReallocationCommand, ),
(TS24008_GMM.GMMPTMSIReallocationComplete, )
)
Init = (8, 16)
Timer = 'T3350'
def output(self, embedded=False):
# embedded=True is used to embed this procedure within an Attach or RAU
# hence the output message is not built, only the .ptmsi is available
# but the procedure still runs and waits for the UE response
# after all
# Warning, when the P-TMSI IE is set by hand, it is not taken into account
# by GMM procedures
if 'AllocPTMSI' not in self.Encod[self.Init]:
self.ptmsi = self.UE.get_new_tmsi()
self.set_msg(8, 16, AllocPTMSI={'type': NAS.IDTYPE_TMSI, 'ident': self.ptmsi},
RAI ={'PLMN': self.UE.PLMN, 'LAC': self.UE.LAC, 'RAC': self.UE.RAC},
ForceStdby={'Value': self.GMM.REA_FSTDBY})
else:
self.ptmsi = None
self.set_msg(8, 16, RAI ={'PLMN': self.UE.PLMN, 'LAC': self.UE.LAC, 'RAC': self.UE.RAC},
ForceStdby={'Value': self.GMM.REA_FSTDBY})
#
if not embedded:
self.set_msg(8, 16, AllocPTMSI={'type': NAS.IDTYPE_TMSI, 'ident': self.ptmsi},
RAI ={'PLMN': self.UE.PLMN, 'LAC': self.UE.LAC, 'RAC': self.UE.RAC},
ForceStdby={'Value': self.GMM.REA_FSTDBY})
self.encode_msg(8, 16)
if self.TRACK_PDU:
self._pdu.append( (time(), 'DL', self._nas_tx) )
self.init_timer()
return self.Iu.ret_ranap_dt(self._nas_tx)
else:
# when the P-TMSI realloc is embedded, there is no realloc complete
# to expect...
self.rm_from_gmm_stack()
return []
def process(self, pdu):
if self.TRACK_PDU:
self._pdu.append( (time(), 'UL', pdu) )
self.UEInfo = {}
self.decode_msg(pdu, self.UEInfo)
# just take the new ptmsi in use
if self.ptmsi is not None:
self.UE.set_ptmsi(self.ptmsi)
self._log('INF', 'new P-TMSI set, 0x%.8x' % self.ptmsi)
else:
self._log('WNG', 'handcrafted P-TMSI sent, not updating the local P-TMSI')
self.rm_from_gmm_stack()
return []
class GMMAuthenticationCiphering(GMMSigProc):
"""Authentication and ciphering: TS 24.008, section 4.7.7
CN-initiated
CN messages:
GMMAuthenticationCipheringRequest (PD 8, Type 18), IEs:
- Type1V : IMEISVReq
- Type1V : CiphAlgo
- Type1V : ACRef
- Type1V : ForceStdby
- Type3TV : RAND (T: 33)
- Type1TV : CKSN (T: 8)
- Type4TLV : AUTN (T: 40)
- Type4TLV : ReplayedMSNetCap (T: 49)
- Type1TV : IntegAlgo (T: 9)
- Type4TLV : MAC (T: 67)
- Type4TLV : ReplayedMSRACap (T: 51)
GMMAuthenticationCipheringReject (PD 8, Type 20), IEs:
None
UE messages:
GMMAuthenticationCipheringResponse (PD 8, Type 19), IEs:
- Type1V : spare
- Type1V : ACRef
- Type3TV : RES (T: 34)
- Type4TLV : IMEISV (T: 35)
- Type4TLV : RESExt (T: 41)
- Type4TLV : MAC (T: 67)
GMMAuthenticationCipheringFailure (PD 8, Type 28), IEs:
- Type3V : GMMCause
- Type4TLV : AUTS (T: 48)
"""
Cont = (
(TS24008_GMM.GMMAuthenticationCipheringRequest, TS24008_GMM.GMMAuthenticationCipheringReject),
(TS24008_GMM.GMMAuthenticationCipheringResponse, TS24008_GMM.GMMAuthenticationCipheringFailure)
)
Decod = {
(8, 19): {
'RES' : lambda x: x[1].get_val(),
'IMEISV' : lambda x: x[2].decode(),
'RESExt' : lambda x: x[2].get_val()
},
(8, 28): {
'AUTS' : lambda x: x[2].get_val()
}
}
Init = (8, 18)
Timer = 'T3360'
def output(self):
# get a new CKSN
self.cksn = self.Iu.get_new_cksn()
#
EncodReq = self.Encod[self.Init]
# in case CKSN is handcrafted, just warn (will certainly fail)
if 'CKSN' in EncodReq:
self._log('WNG', 'handcrafted CKSN (%r), generated CKSN (%i)'\
% (EncodReq['CKSN'], self.cksn))
# in case RAND is handcrafted, we use it for generating the auth vector
if 'RAND' in EncodReq:
RAND = EncodReq['RAND']
else:
RAND = None
#
if not self.UE.USIM or self.GMM.AUTH_2G:
# 2G authentication
self.ctx = 2
self.vect = self.UE.Server.AUCd.make_2g_vector(self.UE.IMSI, RAND)
else:
# 3G authentication
self.ctx = 3
self.vect = self.UE.Server.AUCd.make_3g_vector(self.UE.IMSI, self.GMM.AUTH_AMF, RAND)
#
if self.vect is None:
# IMSI is not in the AuC db
self._log('ERR', 'unable to get an authentication vector from AuC')
self.rm_from_gmm_stack()
return []
#
# prepare IEs
IEs = {'IMEISVReq' : self.GMM.AUTH_IMEI_REQ,
'CiphAlgo' : 0,
'ACRef' : 0,
'ForceStdby' : {'Value': self.GMM.AUTH_FSTDBY},
'RAND' : self.vect[0],
'CKSN' : self.cksn}
if self.ctx == 3:
# msg with AUTN
autn = self.vect[2]
if self.GMM.AUTH_AUTN_EXT:
autn += self.GMM.AUTH_AUTN_EXT
IEs['AUTN'] = autn
#
self.set_msg(8, 18, **IEs)
self.encode_msg(8, 18)
# log the NAS msg
if self.TRACK_PDU:
self._pdu.append( (time(), 'DL', self._nas_tx) )
#
self.init_timer()
# send it over RANAP
return self.Iu.ret_ranap_dt(self._nas_tx)
def process(self, pdu):
if self.TRACK_PDU:
self._pdu.append( (time(), 'UL', pdu) )
self.UEInfo = {}
self.decode_msg(pdu, self.UEInfo)
#
if pdu[0]['Type'].get_val() == 19:
return self._process_resp()
else:
return self._process_fail()
def _process_resp(self):
# check if the whole UE response is corresponding to the expected one
if self.ctx == 3:
# 3G auth context
res = self.UEInfo['RES']
if 'RESExt' in self.UEInfo:
res += self.UEInfo['RESExt']
if res != self.vect[1]:
# incorrect response from the UE: auth reject
self._log('WNG', '3G authentication reject, XRES %s, RES %s'\
% (hexlify(self.vect[1]).decode('ascii'),
hexlify(res).decode('ascii')))
self.encode_msg(8, 20)
self.success = False
else:
self._log('DBG', '3G authentication accepted')
self.success = True
# set a 3G security context
self.Iu.set_sec_ctx(self.cksn, 3, self.vect)
else:
# 2G auth context
if self.UEInfo['RES'] != self.vect[1]:
# incorrect response from the UE: auth reject
self._log('WNG', '2G authentication reject, XRES %s, RES %s'\
% (hexlify(self.vect[1]).decode('ascii'),
hexlify(self.UEInfo['RES']).decode('ascii')))
self.encode_msg(8, 20)
self.success = False
else:
self._log('DBG', '2G authentication accepted')
self.success = True
# set a 2G security context
self.Iu.set_sec_ctx(self.cksn, 2, self.vect)
#
self.rm_from_gmm_stack()
if not self.success:
if self.TRACK_PDU:
self._pdu.append( (time(), 'DL', self._nas_tx) )
return self.Iu.ret_ranap_dt(self._nas_tx)
else:
if 'IMEISV' in self.UEInfo:
self.UE.set_ident_from_ue(NAS.IDTYPE_IMEISV, self.UEInfo['IMEISV'])
return []
def _process_fail(self):
self.success = False
if self.UEInfo['GMMCause'].get_val() == 21 and 'AUTS' in self.UEInfo:
# synch failure
# resynchronize the SQN in case the MM stack is not already doing it
if self.UE.IuCS is not None and self.UE.IuCS.MM.state == 'ACTIVE' \
and hasattr(self.UE.IuCS.MM, '_auth_resynch'):
ret = 0
else:
ret = self.UE.Server.AUCd.synch_sqn(self.UE.IMSI, self.vect[0], self.UEInfo['AUTS'])
#
if ret is None:
# something did not work
self._log('ERR', 'unable to resynchronize SQN in AuC')
self.encode_msg(8, 20)
self.rm_from_gmm_stack()
if self.TRACK_PDU:
self._pdu.append( (time(), 'DL', self._nas_tx) )
return self.Iu.ret_ranap_dt(self._nas_tx)
#
elif ret:
# USIM did not authenticate correctly
self._log('WNG', 'USIM authentication failed for resynch')
self.encode_msg(8, 20)
self.rm_from_gmm_stack()
if self.TRACK_PDU:
self._pdu.append( (time(), 'DL', self._nas_tx) )
return self.Iu.ret_ranap_dt(self._nas_tx)
#
else:
# resynch OK: restart an auth procedure
self._log('INF', 'USIM SQN resynchronization done')
self.rm_from_gmm_stack()
# restart a new auth procedure
NasProc = self.GMM.init_proc(GMMAuthenticationCiphering)
return NasProc.output()
#
else:
# UE refused our auth request...
self._log('ERR', 'UE rejected AUTN, %s' % self.UEInfo['GMMCause'])
self.rm_from_gmm_stack()
return []
class GMMIdentification(GMMSigProc):
"""Identification: TS 24.008, section 4.7.8
CN-initiated
CN message:
GMMIdentityRequest (PD 8, Type 21), IEs:
- Type1V : ForceStdby
- Type1V : IDType
UE message:
GMMIdentityResponse (PD 8, Type 22), IEs:
- Type4LV : ID
"""
Cont = (
(TS24008_GMM.GMMIdentityRequest, ),
(TS24008_GMM.GMMIdentityResponse, )
)
Decod = {
(8, 22): {
'ID' : lambda x: x[1].decode(),
}
}
Init = (8, 21)
Timer = 'T3370'
def output(self):
# build the Id Request msg, Id type has to be set by the caller
self.set_msg(8, 21, ForceStdby={'Value': self.GMM.AUTH_FSTDBY})
self.encode_msg(8, 21)
if self.TRACK_PDU:
self._pdu.append( (time(), 'DL', self._nas_tx) )
self.init_timer()
return self.Iu.ret_ranap_dt(self._nas_tx)
def process(self, pdu):
if self.TRACK_PDU:
self._pdu.append( (time(), 'UL', pdu) )
self.UEInfo = {}
self.decode_msg(pdu, self.UEInfo)
# get the identity IE value
self.IDType = self._nas_tx['IDType'][0].get_val()
#
if self.UEInfo['ID'][0] != self.IDType :
self._log('WNG', 'identity responded not corresponding to type requested '\
'(%i instead of %i)' % (self.UEInfo['ID'][0], self.IDType))
self._log('INF', 'identity responded, %r' % self._nas_rx['ID'][1])
self.UE.set_ident_from_ue(*self.UEInfo['ID'], dom='PS')
#
self.rm_from_gmm_stack()
return []
class GMMInformation(GMMSigProc):
"""GMM information: TS 24.008, section 4.7.12
CN-initiated
CN message:
GMMInformation (PD 8, Type 33), IEs:
- Type4TLV : NetFullName (T: 67)
- Type4TLV : NetShortName (T: 69)
- Type3TV : LocalTimeZone (T: 70)
- Type3TV : UnivTimeAndTimeZone (T: 71)
- Type4TLV : LSAIdentity (T: 72)
- Type4TLV : NetDLSavingTime (T: 73)
UE message:
None
"""
Cont = (
(TS24008_GMM.GMMInformation, ),
None
)
Init = (8, 33)
def output(self):
# build the Information msg, network name and/or time info
# have to be set by the caller
self.encode_msg(8, 33)
if self.TRACK_PDU:
self._pdu.append( (time(), 'DL', self._nas_tx) )
self._log('INF', '%r' % self.Encod[(8, 33)])
self.rm_from_gmm_stack()
return self.Iu.ret_ranap_dt(self._nas_tx)
class GMMServiceRequest(GMMSigProc):
"""Service request: TS 24.008, section 4.7.13
UE-initiated
CN messages:
GMMServiceAccept (PD 8, Type 13), IEs:
- Type4TLV : PDPCtxtStat (T: 50)
- Type4TLV : MBMSCtxtStat (T: 53)
GMMServiceReject (PD 8, Type 14), IEs:
- Type3V : GMMCause
- Type4TLV : T3346 (T: 58)
UE message:
GMMServiceRequest (PD 8, Type 12), IEs:
- Type1V : ServiceType
- Type1V : CKSN
- Type4LV : PTMSI
- Type4TLV : PDPCtxtStat (T: 50)
- Type4TLV : MBMSCtxtStat (T: 53)
- Type4TLV : ULDataStat (T: 54)
- Type1TV : DeviceProp (T: 13)
"""
Cont = (
(TS24008_GMM.GMMServiceAccept, TS24008_GMM.GMMServiceReject),
(TS24008_GMM.GMMServiceRequest, )
)
Decod = {
(8, 12): {
'ServiceType' : lambda x: x[0].get_val(),
'CKSN' : lambda x: x[0].get_val(),
'PTMSI' : lambda x: x[1].decode()
}
}
def process(self, pdu):
# preempt the GMM stack
self.gmm_preempt()
if self.TRACK_PDU:
self._pdu.append( (time(), 'UL', pdu) )
self.errcause, self.UEInfo = None, {}
self.decode_msg(pdu, self.UEInfo)
#
if self.Iu.require_auth(self, cksn=self.UEInfo['CKSN']):
return self._ret_auth()
#
if self.Iu.require_smc(self):
# if we are here, there was no auth procedure,
# hence the cksn submitted by the UE is valid
return self._ret_smc(self.UEInfo['CKSN'], False)
#
return self.postprocess()
def postprocess(self, Proc=None):
if isinstance(Proc, GMMAuthenticationCiphering):
if not Proc.success:
self.abort()
return []
elif self.Iu.require_smc(self):
# if we are here, the valid cksn is the one established during
# the auth procedure
return self._ret_smc(Proc.cksn, True)
elif isinstance(Proc, RANAPSecurityModeControl):
if not Proc.success:
self.abort()
return []
else:
self._smc = True
# self.Iu.SEC['CKSN'] has been taken into use at the RRC layer
#elif isinstance(Proc, RANAPRABAssignment):
# if not Proc.success:
# # no PDP context activated
# self.errcause = 40
# return self.output()
elif Proc == self:
self._log('WNG', 'something bad happened with a previous procedure')
elif Proc is not None:
self._err = Proc
assert()
#
return self.output()
def output(self):
ret = []
if self.errcause:
self.set_msg(8, 14, GMMCause=self.errcause)
self.encode_msg(8, 14)
else:
IEs = {}
# check PDPCtxtStat, and deactivate PDP ctxt not enabled at the UE
if 'PDPCtxtStat' in self.UEInfo:
PDPCtxtStat = self.UEInfo['PDPCtxtStat']
PDPCtxtStatResp = []
for Stat in PDPCtxtStat:
uestat = Stat.get_val()
nsapi = int(Stat._name[6:])
if uestat == 1 and nsapi not in self.Iu.SM.PDP:
self._log('WNG', 'PDP context %i activated in the UE but not the network' % nsapi)
PDPCtxtStatResp.append(0)
elif uestat == 0 and nsapi in self.Iu.SM.PDP:
self._log('INF', 'PDP context %i activated in the network but not the UE' % nsapi)
pdpcfg = self.Iu.SM.PDP[nsapi]
if pdpcfg['state'] == 1:
self.UE.Server.GTPUd.rem_mobile(pdpcfg['RAB']['SGW-GTP-TEID'])
del self.Iu.SM.PDP[nsapi]
PDPCtxtStatResp.append(0)
else:
PDPCtxtStatResp.append(uestat)
IEs['PDPCtxtStat'] = PDPCtxtStatResp
#
# check ULDataStat
add_mobile_nsapi = []
if self.UEInfo['ServiceType'] == 1 and 'ULDataStat' in self.UEInfo:
# UE should have some uplink data pending
for Stat in self.UEInfo['ULDataStat']:
if Stat.get_val():
# GTP tunnel to be activated
add_mobile_nsapi.append( int(Stat._name[6:]) )
if add_mobile_nsapi:
self._log('DBG', 'uplink data pending for NSAPI %r' % add_mobile_nsapi)
# initiate a RANAPRABAssignment
RanapProc = self.Iu.bearer_act()
if RanapProc:
# pass the info required for deleting the GTPU tunnels
RanapProc._gtp_add_mobile_nsapi = add_mobile_nsapi
# TODO: check if it is required to set a callback in the RanapProc
# to here or not
ret.append(RanapProc)
#
# TODO: check if we need to wait for the RAB assignment completion
# to answer with a ServiceAccept (what should not happen anyway due to the SMC)
if not self._smc:
self.set_msg(8, 13, **IEs)
self.encode_msg(8, 13)
#
if self._nas_tx:
if self.TRACK_PDU:
self._pdu.append( (time(), 'DL', self._nsa_tx) )
ret.extend( self.Iu.ret_ranap_dt(self._nas_tx) )
self.rm_from_gmm_stack()
return ret
# filter_init=1, indicates we are the core network side
GMMAttach.init(filter_init=1)
GMMDetachUE.init(filter_init=1)
GMMDetachCN.init(filter_init=1)
GMMRoutingAreaUpdating.init(filter_init=1)
GMMPTMSIReallocation.init(filter_init=1)
GMMAuthenticationCiphering.init(filter_init=1)
GMMIdentification.init(filter_init=1)
GMMInformation.init(filter_init=1)
GMMServiceRequest.init(filter_init=1)
# GMM UE-initiated procedures dispatcher
GMMProcUeDispatcher = {
1 : GMMAttach,
5 : GMMDetachUE,
8 : GMMRoutingAreaUpdating,
12: GMMServiceRequest
}
GMMProcUeDispatcherStr = {ProcClass.Cont[1][0]()._name: ProcClass \
for ProcClass in GMMProcUeDispatcher.values()}
# GMM CN-initiated procedures dispatcher
GMMProcCnDispatcher = {
5 : GMMDetachCN,
16: GMMPTMSIReallocation,
18: GMMAuthenticationCiphering,
21: GMMIdentification,
33: GMMInformation,
}
GMMProcCnDispatcherStr = {ProcClass.Cont[0][0]()._name: ProcClass \
for ProcClass in GMMProcCnDispatcher.values()}
Reference in New Issue View Git Blame Copy Permalink