osmo-ttcn3-hacks/msc/MSC_Tests.ttcn

6190 lines
187 KiB
Plaintext

module MSC_Tests {
/* Osmocom MSC test suite in in TTCN-3
* (C) 2017-2019 Harald Welte <laforge@gnumonks.org>
* (C) 2018-2019 sysmocom - s.f.m.c. GmbH
* (C) 2018-2019 Vadim Yanitskiy <axilirator@gmail.com>
* All rights reserved.
*
* Released under the terms of GNU General Public License, Version 2 or
* (at your option) any later version.
*
* SPDX-License-Identifier: GPL-2.0-or-later
*/
friend module MSC_Tests_Iu;
import from General_Types all;
import from Osmocom_Types all;
import from M3UA_Types all;
import from M3UA_Emulation all;
import from MTP3asp_Types all;
import from MTP3asp_PortType all;
import from SCCPasp_Types all;
import from SCCP_Types all;
import from SCCP_Emulation all;
import from SCTPasp_Types all;
import from SCTPasp_PortType all;
import from Osmocom_CTRL_Functions all;
import from Osmocom_CTRL_Types all;
import from Osmocom_CTRL_Adapter all;
import from TELNETasp_PortType all;
import from Osmocom_VTY_Functions all;
import from MNCC_Emulation all;
import from MNCC_Types all;
import from MGCP_Emulation all;
import from MGCP_Types all;
import from MGCP_Templates all;
import from SDP_Types all;
import from GSUP_Emulation all;
import from GSUP_Types all;
import from IPA_Emulation all;
import from BSSAP_Types all;
import from RAN_Adapter all;
import from BSSAP_CodecPort all;
import from BSSMAP_Templates all;
import from RAN_Emulation all;
import from BSC_ConnectionHandler all;
import from RANAP_Templates all;
import from SGsAP_Templates all;
import from SGsAP_Types all;
import from SGsAP_Emulation all;
import from MobileL3_Types all;
import from MobileL3_CommonIE_Types all;
import from MobileL3_SMS_Types all;
import from L3_Templates all;
import from L3_Common all;
import from SMPP_Types all;
import from SMPP_Templates all;
import from SMPP_Emulation all;
import from SCCP_Templates all;
import from SS_Types all;
import from SS_Templates all;
import from USSD_Helpers all;
import from DNS_Helpers all;
import from TCCConversion_Functions all;
const integer NUM_BSC := 3;
type record of RAN_Configuration RAN_Configurations;
/* Needed for SGsAP SMS */
import from MobileL3_SMS_Types all;
type component MTC_CT extends CTRL_Adapter_CT {
var boolean g_initialized := false;
var RAN_Adapter g_bssap[NUM_BSC];
/* no 'adapter_CT' for MNCC or GSUP */
var MNCC_Emulation_CT vc_MNCC;
var MGCP_Emulation_CT vc_MGCP;
var GSUP_Emulation_CT vc_GSUP;
var IPA_Emulation_CT vc_GSUP_IPA;
var SMPP_Emulation_CT vc_SMPP;
var SGsAP_Emulation_CT vc_SGsAP;
/* only to get events from IPA underneath GSUP */
port IPA_CTRL_PT GSUP_IPA_EVENT;
/* VTY to MSC */
port TELNETasp_PT MSCVTY;
/* A port to directly send BSSAP messages. This port is used for
* tests that require low level access to sen arbitrary BSSAP
* messages. Run f_init_bssap_direct() to connect and initialize */
port BSSAP_CODEC_PT BSSAP_DIRECT;
/* When BSSAP messages are directly sent, then the connection
* handler is not active, which means that also no guard timer is
* set up. The following timer will serve as a replacement */
timer Tguard_direct := 60.0;
/* Configure T(tias) over VTY, seconds */
var integer g_msc_sccp_timer_ias := 7 * 60;
/* Configure T(tiar) over VTY, seconds */
var integer g_msc_sccp_timer_iar := 15 * 60;
}
modulepar {
/* remote parameters of IUT */
charstring mp_msc_ip := "127.0.0.1";
integer mp_msc_ctrl_port := 4255;
integer mp_msc_vty_port := 4254;
/* local parameters of emulated HLR */
boolean mp_mm_info := false;
charstring mp_hlr_ip := "127.0.0.1";
integer mp_hlr_port := 4222;
charstring mp_mgw_ip := "127.0.0.1";
integer mp_mgw_port := 2427;
charstring mp_msc_mncc := "/tmp/mncc";
integer mp_msc_smpp_port := 2775;
charstring mp_smpp_system_id := "msc_tester";
charstring mp_smpp_password := "osmocom1";
charstring mp_mme_name := "mmec01.mmegi0001.mme.epc.mnc070.mcc901.3gppnetwork.org";
charstring mp_vlr_name := "vlr.example.net";
/* Whether to enable osmux tests. Can be dropped completely and enable
unconditionally once new version of osmo-msc is released (current
version: 1.3.1) */
boolean mp_enable_osmux_test := true;
RAN_Configurations mp_bssap_cfg := {
{
sccp_service_type := "mtp3_itu",
sctp_addr := { 23905, "127.0.0.1", 2905, "127.0.0.1" },
own_pc := 185,
own_ssn := 254,
peer_pc := 187,
peer_ssn := 254,
sio := '83'O,
rctx := 0
},
{
sccp_service_type := "mtp3_itu",
sctp_addr := { 23906, "127.0.0.1", 2905, "127.0.0.1" },
own_pc := 186,
own_ssn := 254,
peer_pc := 187,
peer_ssn := 254,
sio := '83'O,
rctx := 1
}
};
}
/* altstep for the global guard timer (only used when BSSAP_DIRECT
* is used for communication */
private altstep as_Tguard_direct() runs on MTC_CT {
[] Tguard_direct.timeout {
setverdict(fail, "Tguard timeout");
mtc.stop;
}
}
private altstep as_optional_cc_rel(CallParameters cpars, boolean respond := false) runs on BSC_ConnHdlr {
[] BSSAP.receive(tr_PDU_DTAP_MT(tr_ML3_MT_CC_RELEASE(cpars.transaction_id))) {
if (respond) {
var BIT1 tid_remote := '1'B;
if (cpars.mo_call) {
tid_remote := '0'B;
}
BSSAP.send(ts_PDU_DTAP_MO(ts_ML3_MO_CC_REL_COMPL(cpars.transaction_id, tid_remote)));
}
}
}
function f_init_smpp(charstring id) runs on MTC_CT {
id := id & "-SMPP";
var EsmePars pars := {
mode := MODE_TRANSCEIVER,
bind := {
system_id := mp_smpp_system_id,
password := mp_smpp_password,
system_type := "MSC_Tests",
interface_version := hex2int('34'H),
addr_ton := unknown,
addr_npi := unknown,
address_range := ""
},
esme_role := true
}
vc_SMPP := SMPP_Emulation_CT.create(id);
map(vc_SMPP:SMPP_PORT, system:SMPP_PORT);
vc_SMPP.start(SMPP_Emulation.main_client(pars, mp_msc_ip, mp_msc_smpp_port, "", -1));
}
function f_init_mncc(charstring id) runs on MTC_CT {
id := id & "-MNCC";
var MnccOps ops := {
create_cb := refers(MNCC_Emulation.ExpectedCreateCallback),
unitdata_cb := refers(MNCC_Emulation.DummyUnitdataCallback)
}
vc_MNCC := MNCC_Emulation_CT.create(id);
map(vc_MNCC:MNCC, system:MNCC_CODEC_PT);
vc_MNCC.start(MNCC_Emulation.main(ops, id, mp_msc_mncc));
}
function f_init_mgcp(charstring id) runs on MTC_CT {
id := id & "-MGCP";
var MGCPOps ops := {
create_cb := refers(MGCP_Emulation.ExpectedCreateCallback),
unitdata_cb := refers(MGCP_Emulation.DummyUnitdataCallback)
}
var MGCP_conn_parameters pars := {
callagent_ip := mp_msc_ip,
callagent_udp_port := -1,
mgw_ip := mp_mgw_ip,
mgw_udp_port := mp_mgw_port,
multi_conn_mode := false
}
vc_MGCP := MGCP_Emulation_CT.create(id);
map(vc_MGCP:MGCP, system:MGCP_CODEC_PT);
vc_MGCP.start(MGCP_Emulation.main(ops, pars, id));
}
function ForwardUnitdataCallback(PDU_SGsAP msg)
runs on SGsAP_Emulation_CT return template PDU_SGsAP {
SGsAP_CLIENT.send(msg);
return omit;
}
function f_init_sgsap(charstring id) runs on MTC_CT {
id := id & "-SGsAP";
var SGsAPOps ops := {
create_cb := refers(SGsAP_Emulation.ExpectedCreateCallback),
unitdata_cb := refers(ForwardUnitdataCallback)
}
var SGsAP_conn_parameters pars := {
remote_ip := mp_msc_ip,
remote_sctp_port := 29118,
local_ip := "",
local_sctp_port := -1
}
vc_SGsAP := SGsAP_Emulation_CT.create(id);
map(vc_SGsAP:SGsAP, system:SGsAP_CODEC_PT);
vc_SGsAP.start(SGsAP_Emulation.main(ops, pars, id));
}
function f_init_gsup(charstring id) runs on MTC_CT {
id := id & "-GSUP";
var GsupOps ops := {
create_cb := refers(GSUP_Emulation.ExpectedCreateCallback)
}
vc_GSUP_IPA := IPA_Emulation_CT.create(id & "-IPA");
vc_GSUP := GSUP_Emulation_CT.create(id);
map(vc_GSUP_IPA:IPA_PORT, system:IPA_CODEC_PT);
connect(vc_GSUP:GSUP, vc_GSUP_IPA:IPA_GSUP_PORT);
/* we use this hack to get events like ASP_IPA_EVENT_UP */
connect(vc_GSUP_IPA:IPA_CTRL_PORT, self:GSUP_IPA_EVENT);
vc_GSUP.start(GSUP_Emulation.main(ops, id));
vc_GSUP_IPA.start(IPA_Emulation.main_server(mp_hlr_ip, mp_hlr_port));
/* wait for incoming connection to GSUP port before proceeding */
timer T := 10.0;
T.start;
alt {
[] GSUP_IPA_EVENT.receive(t_ASP_IPA_EVT_UD(ASP_IPA_EVENT_UP)) { }
[] T.timeout {
setverdict(fail, "No connection to GSUP Port");
mtc.stop
}
}
}
function f_init(integer num_bsc := 1, boolean sgsap := false, boolean gsup := true, boolean osmux := false) runs on MTC_CT {
if (g_initialized == true) {
return;
}
g_initialized := true;
if (num_bsc > NUM_BSC) {
testcase.stop("excess number of BSC instances requested");
}
for (var integer i := 0; i < num_bsc; i := i + 1) {
if (isbound(mp_bssap_cfg[i])) {
var RanOps ranops := BSC_RanOps;
ranops.use_osmux := osmux;
f_ran_adapter_init(g_bssap[i], mp_bssap_cfg[i], "MSC_Test_" & int2str(i), ranops);
f_ran_adapter_start(g_bssap[i]);
} else {
testcase.stop("missing BSSAP configuration");
}
}
f_ipa_ctrl_start(mp_msc_ip, mp_msc_ctrl_port);
f_init_mncc("MSC_Test");
f_init_mgcp("MSC_Test");
if (gsup == true) {
f_init_gsup("MSC_Test");
}
f_init_smpp("MSC_Test");
if (sgsap == true) {
f_init_sgsap("MSC_Test");
}
map(self:MSCVTY, system:MSCVTY);
f_vty_set_prompts(MSCVTY);
f_vty_transceive(MSCVTY, "enable");
/* set some defaults */
f_vty_config(MSCVTY, "network", "authentication optional");
f_vty_config(MSCVTY, "msc", "assign-tmsi");
f_vty_config(MSCVTY, "msc", "check-imei-rqd 0");
f_vty_config(MSCVTY, "network", "encryption a5 0");
f_vty_config(MSCVTY, "cs7 instance 0", "sccp-timer ias " & int2str(g_msc_sccp_timer_ias));
f_vty_config(MSCVTY, "cs7 instance 0", "sccp-timer iar " & int2str(g_msc_sccp_timer_iar));
if (mp_enable_osmux_test) {
if (osmux) {
f_vty_config(MSCVTY, "msc", "osmux on");
} else {
f_vty_config(MSCVTY, "msc", "osmux off");
}
}
}
/* Initialize for a direct connection to BSSAP. This function is an alternative
* to f_init() when the high level functions of the BSC_ConnectionHandler are
* not needed. */
function f_init_bssap_direct() runs on MTC_CT {
f_ran_adapter_init(g_bssap[0], mp_bssap_cfg[0], "MSC_Test", omit);
connect(g_bssap[0].vc_SCCP:SCCP_SP_PORT, self:BSSAP_DIRECT);
/* Start guard timer and activate it as default */
Tguard_direct.start
activate(as_Tguard_direct());
}
type function void_fn(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr;
/* FIXME: move into BSC_ConnectionHandler? */
function f_init_pars(integer imsi_suffix, boolean sgsap := false, boolean gsup := true, integer ran_idx := 0,
boolean ran_is_geran := true, boolean use_osmux := false, OCT4 gsup_sid := '20000101'O)
runs on MTC_CT return BSC_ConnHdlrPars {
var BSC_ConnHdlrNetworkPars net_pars := {
kc_support := '0A'O, /* A5/1 and A5/3 enabled */
expect_tmsi := true,
expect_auth := false,
expect_ciph := false,
expect_imei := false,
expect_imei_early := false,
check_imei_result := OSMO_GSUP_IMEI_RESULT_ACK,
check_imei_error := false
};
var BSC_ConnHdlrPars pars := {
sccp_addr_own := g_bssap[ran_idx].sccp_addr_own,
sccp_addr_peer := g_bssap[ran_idx].sccp_addr_peer,
cell_id := valueof(ts_CellId_CGI('262'H, '42'H, 23, 42)),
imei := f_gen_imei(imsi_suffix),
imsi := f_gen_imsi(imsi_suffix),
msisdn := f_gen_msisdn(imsi_suffix),
tmsi := omit,
cm1 := valueof(ts_CM1),
cm2 := valueof(ts_CM2_default),
cm3 := omit,
vec := omit,
net := net_pars,
send_early_cm := true,
ipa_ctrl_ip := mp_msc_ip,
ipa_ctrl_port := mp_msc_ctrl_port,
ipa_ctrl_enable := true,
mm_info := mp_mm_info,
sgsap_enable := sgsap,
gsup_enable := gsup,
gsup_sid := gsup_sid,
ran_idx := ran_idx,
use_umts_aka := false,
ran_is_geran := ran_is_geran,
use_osmux := use_osmux
};
if (not ran_is_geran) {
pars.use_umts_aka := true;
pars.net.expect_auth := true;
}
return pars;
}
function f_start_handler_with_pars(void_fn fn, BSC_ConnHdlrPars pars, integer bssap_idx := 0) runs on MTC_CT return BSC_ConnHdlr {
var BSC_ConnHdlr vc_conn;
var charstring id := testcasename() & int2str(bssap_idx);
vc_conn := BSC_ConnHdlr.create(id);
/* BSSMAP part / A interface */
connect(vc_conn:BSSAP, g_bssap[pars.ran_idx + bssap_idx].vc_RAN:CLIENT);
connect(vc_conn:BSSAP_PROC, g_bssap[pars.ran_idx + bssap_idx].vc_RAN:PROC);
/* MNCC part */
connect(vc_conn:MNCC, vc_MNCC:MNCC_CLIENT);
connect(vc_conn:MNCC_PROC, vc_MNCC:MNCC_PROC);
/* MGCP part */
connect(vc_conn:MGCP, vc_MGCP:MGCP_CLIENT);
connect(vc_conn:MGCP_PROC, vc_MGCP:MGCP_PROC);
/* GSUP part */
if (pars.gsup_enable == true) {
connect(vc_conn:GSUP, vc_GSUP:GSUP_CLIENT);
connect(vc_conn:GSUP_PROC, vc_GSUP:GSUP_PROC);
}
/* SMPP part */
connect(vc_conn:SMPP, vc_SMPP:SMPP_CLIENT);
connect(vc_conn:SMPP_PROC, vc_SMPP:SMPP_PROC);
/* SGs part */
if (pars.sgsap_enable == true) {
connect(vc_conn:SGsAP, vc_SGsAP:SGsAP_CLIENT);
connect(vc_conn:SGsAP_PROC, vc_SGsAP:SGsAP_PROC);
}
/* We cannot use vc_conn.start(f_init_handler(fn, id, pars)); as we cannot have
* a stand-alone 'derefers()' call, see https://www.eclipse.org/forums/index.php/t/1091364/ */
vc_conn.start(derefers(fn)(id, pars));
return vc_conn;
}
function f_start_handler(void_fn fn, integer imsi_suffix, integer ran_idx := 0, boolean ran_is_geran := true, boolean use_osmux := false)
runs on MTC_CT return BSC_ConnHdlr {
return f_start_handler_with_pars(fn, f_init_pars(imsi_suffix, ran_idx := ran_idx, ran_is_geran := ran_is_geran, use_osmux := use_osmux));
}
private function f_tc_lu_imsi_noauth_tmsi(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
f_init_handler(pars);
f_perform_lu();
}
testcase TC_lu_imsi_noauth_tmsi() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
vc_conn := f_start_handler(refers(f_tc_lu_imsi_noauth_tmsi), 1);
vc_conn.done;
}
private function f_tc_lu_imsi_noauth_notmsi(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
pars.net.expect_tmsi := false;
f_init_handler(pars);
f_perform_lu();
}
testcase TC_lu_imsi_noauth_notmsi() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
f_vty_config(MSCVTY, "msc", "no assign-tmsi");
vc_conn := f_start_handler(refers(f_tc_lu_imsi_noauth_notmsi), 2);
vc_conn.done;
}
/* Do LU by IMSI, refuse it on GSUP and expect LU REJ back to MS */
friend function f_tc_lu_imsi_reject(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
f_init_handler(pars);
var PDU_ML3_MS_NW l3_lu := f_build_lu_imsi(g_pars.imsi);
f_create_gsup_expect(hex2str(g_pars.imsi));
f_cl3_or_initial_ue(l3_lu);
f_mm_common();
GSUP.receive(tr_GSUP_UL_REQ(g_pars.imsi));
GSUP.send(ts_GSUP_UL_ERR(g_pars.imsi, 23));
alt {
[] BSSAP.receive(tr_PDU_DTAP_MT(tr_ML3_MT_LU_Rej(int2oct(23,1)))) {
f_expect_clear();
}
[] BSSAP.receive(tr_PDU_DTAP_MT(tr_ML3_MT_LU_Acc)) {
setverdict(fail, "Expecting LU REJ, but got ACCEPT");
mtc.stop;
}
}
}
testcase TC_lu_imsi_reject() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
vc_conn := f_start_handler(refers(f_tc_lu_imsi_reject), 3);
vc_conn.done;
}
/* Do LU by IMSI, timeout on GSUP */
friend function f_tc_lu_imsi_timeout_gsup(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
f_init_handler(pars);
var PDU_ML3_MS_NW l3_lu := f_build_lu_imsi(g_pars.imsi);
f_create_gsup_expect(hex2str(g_pars.imsi));
f_cl3_or_initial_ue(l3_lu);
f_mm_common();
GSUP.receive(tr_GSUP_UL_REQ(g_pars.imsi));
/* Normally the HLR would need to respond here, but we decide to force a timeout here */
alt {
/* FIXME: Expect specific reject cause */
[] BSSAP.receive(tr_PDU_DTAP_MT(tr_ML3_MT_LU_Rej)) {
f_expect_clear();
}
[] BSSAP.receive(tr_PDU_DTAP_MT(tr_ML3_MT_LU_Acc)) {
setverdict(fail, "Expecting LU REJ, but got ACCEPT");
mtc.stop;
}
}
}
testcase TC_lu_imsi_timeout_gsup() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
vc_conn := f_start_handler(refers(f_tc_lu_imsi_timeout_gsup), 4);
vc_conn.done;
}
private function f_tc_lu_imsi_auth_tmsi(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
pars.net.expect_auth := true;
f_init_handler(pars);
f_perform_lu();
}
testcase TC_lu_imsi_auth_tmsi() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
f_vty_config(MSCVTY, "network", "authentication required");
vc_conn := f_start_handler(refers(f_tc_lu_imsi_auth_tmsi), 5);
vc_conn.done;
}
friend function f_tc_lu_imsi_auth3g_tmsi(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
pars.net.expect_auth := true;
pars.use_umts_aka := true;
f_init_handler(pars);
f_perform_lu();
}
testcase TC_lu_imsi_auth3g_tmsi() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
f_vty_config(MSCVTY, "network", "authentication required");
vc_conn := f_start_handler(refers(f_tc_lu_imsi_auth3g_tmsi), 1005);
vc_conn.done;
}
/* Proceed with LU but never receive an TMSI Realloc from MS after LU Accept (OS#4337).
* TS 24.008 sec 4.3.1.5 states MSC should simply release all MM connections.
*/
friend function f_tc_lu_imsi_timeout_tmsi_realloc(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
f_init_handler(pars);
var PDU_ML3_MS_NW l3_lu := f_build_lu_imsi(g_pars.imsi);
var PDU_DTAP_MT dtap_mt;
/* tell GSUP dispatcher to send this IMSI to us */
f_create_gsup_expect(hex2str(g_pars.imsi));
/* Send BSSAP_Conn_Req with COMPL L3 INFO to MSC */
if (g_pars.ran_is_geran) {
f_bssap_compl_l3(l3_lu);
if (g_pars.send_early_cm) {
BSSAP.send(ts_BSSMAP_ClassmarkUpd(g_pars.cm2, g_pars.cm3));
}
} else {
f_ranap_initial_ue(l3_lu);
}
f_mm_imei_early();
f_mm_common();
f_msc_lu_hlr();
f_mm_imei();
alt {
[] BSSAP.receive(tr_PDU_DTAP_MT(tr_ML3_MT_LU_Acc)) -> value dtap_mt {}
[] BSSAP.receive(tr_PDU_DTAP_MT(tr_ML3_MT_LU_Rej)) {
setverdict(fail, "Expected LU ACK, but received LU REJ");
mtc.stop;
}
}
/* currently (due to bug OS#4337), an extra LU reject is received before
terminating the connection. Enabling following line makes the test
pass: */
//f_expect_lu_reject('16'O); /* Cause: congestion */
/* f_expect_lu_reject() already waits for T"-1" (X1, 5 seconds), but give some
extra time to avoid race conditons... */
f_expect_clear(7.0);
setverdict(pass);
}
testcase TC_lu_imsi_timeout_tmsi_realloc() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
vc_conn := f_start_handler(refers(f_tc_lu_imsi_timeout_tmsi_realloc), 5);
vc_conn.done;
}
/* Send CM SERVICE REQ for IMSI that has never performed LU before */
friend function f_tc_cmserv_imsi_unknown(charstring id, BSC_ConnHdlrPars pars)
runs on BSC_ConnHdlr {
f_init_handler(pars);
var MobileIdentityLV mi := valueof(ts_MI_IMSI_LV(g_pars.imsi));
var BSSMAP_IE_CellIdentifier cell_id := valueof(ts_CellId_CGI('262'H, '42'H, 23, 42));
var PDU_ML3_MS_NW l3_info := valueof(ts_CM_SERV_REQ(CM_TYPE_MO_CALL, mi));
f_create_gsup_expect(hex2str(g_pars.imsi));
/* Send BSSAP_Conn_Req with COMPL L3 INFO to MSC */
f_cl3_or_initial_ue(l3_info);
f_mm_auth();
timer T := 10.0;
T.start;
alt {
[] BSSAP.receive(tr_PDU_DTAP_MT(tr_CM_SERV_REJ)) { }
//[] BSSAP.receive(tr_PDU_DTAP_MT(tr_CM_SERV_ACC)) { }
[] BSSAP.receive {
setverdict(fail, "Received unexpected BSSAP");
mtc.stop;
}
[] GSUP.receive(tr_GSUP_UL_REQ(g_pars.imsi)) {
setverdict(fail, "Unexpected GSUP UL REQ");
mtc.stop;
}
[] T.timeout {
setverdict(fail, "Timeout waiting for CM SERV REQ");
mtc.stop;
}
}
f_expect_clear();
}
testcase TC_cmserv_imsi_unknown() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
vc_conn := f_start_handler(refers(f_tc_cmserv_imsi_unknown), 6);
vc_conn.done;
}
friend function f_tc_lu_and_mo_call(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
f_init_handler(pars);
var CallParameters cpars := valueof(t_CallParams);
f_perform_lu();
f_mo_call(cpars);
}
testcase TC_lu_and_mo_call() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
vc_conn := f_start_handler(refers(f_tc_lu_and_mo_call), 7);
vc_conn.done;
}
/* Verify T(iar) triggers and releases the channel */
friend function f_lu_and_mo_call_sccp_tiar_timeout(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
timer T_wait_iar := int2float(5 + 1); /* g_msc_sccp_timer_iar + Give extra time (+1 sec) */
f_init_handler(pars);
var CallParameters cpars := valueof(t_CallParams);
f_perform_lu();
f_mo_call_establish(cpars);
/* Expect the channel cleared upon T(iar) triggered: */
T_wait_iar.start;
alt {
[] BSSAP.receive(RAN_Conn_Prim:MSC_CONN_PRIM_DISC_IND) {
T_wait_iar.stop
setverdict(pass);
}
[] MGCP.receive(tr_DLCX(?)) { repeat; }
[] T_wait_iar.timeout {
setverdict(fail, "Timeout waiting for T(iar) triggered SCCP RSLD");
mtc.stop;
}
}
setverdict(pass);
}
testcase TC_lu_and_mo_call_sccp_tiar_timeout() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
/* Set T(iar) in MSC low enough that it will trigger before other side
has time to keep alive with a T(ias). Keep recommended ratio of
T(iar) >= T(ias)*2 */
g_msc_sccp_timer_ias := 2;
g_msc_sccp_timer_iar := 5;
f_init();
vc_conn := f_start_handler(refers(f_lu_and_mo_call_sccp_tiar_timeout), 89);
vc_conn.done;
}
/* Test LU (with authentication enabled), where HLR times out sending SAI response */
friend function f_tc_lu_auth_sai_timeout(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
f_init_handler(pars);
var PDU_ML3_MS_NW l3_lu := f_build_lu_imsi(g_pars.imsi)
var PDU_DTAP_MT dtap_mt;
/* tell GSUP dispatcher to send this IMSI to us */
f_create_gsup_expect(hex2str(g_pars.imsi));
/* Send BSSAP_Conn_Req with COMPL L3 INFO to MSC */
f_cl3_or_initial_ue(l3_lu);
/* Send Early Classmark, just for the fun of it */
if (pars.ran_is_geran) {
BSSAP.send(ts_BSSMAP_ClassmarkUpd(g_pars.cm2, g_pars.cm3));
}
GSUP.receive(tr_GSUP_SAI_REQ(g_pars.imsi));
/* The HLR would normally return an auth vector here, but we fail to do so. */
BSSAP.receive(tr_PDU_DTAP_MT(tr_ML3_MT_LU_Rej));
f_expect_clear();
}
testcase TC_lu_auth_sai_timeout() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
f_vty_config(MSCVTY, "network", "authentication required");
vc_conn := f_start_handler(refers(f_tc_lu_auth_sai_timeout), 8);
vc_conn.done;
}
/* Test LU (with authentication enabled), where HLR rejects sending SAI error */
friend function f_tc_lu_auth_sai_err(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
f_init_handler(pars);
var PDU_ML3_MS_NW l3_lu := f_build_lu_imsi(g_pars.imsi)
var PDU_DTAP_MT dtap_mt;
/* tell GSUP dispatcher to send this IMSI to us */
f_create_gsup_expect(hex2str(g_pars.imsi));
/* Send BSSAP_Conn_Req with COMPL L3 INFO to MSC */
f_cl3_or_initial_ue(l3_lu);
/* Send Early Classmark, just for the fun of it */
if (pars.ran_is_geran) {
BSSAP.send(ts_BSSMAP_ClassmarkUpd(g_pars.cm2, g_pars.cm3));
}
GSUP.receive(tr_GSUP_SAI_REQ(g_pars.imsi));
GSUP.send(ts_GSUP_SAI_ERR(g_pars.imsi, 13));
BSSAP.receive(tr_PDU_DTAP_MT(tr_ML3_MT_LU_Rej));
f_expect_clear();
}
testcase TC_lu_auth_sai_err() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
f_vty_config(MSCVTY, "network", "authentication required");
vc_conn := f_start_handler(refers(f_tc_lu_auth_sai_err), 9);
vc_conn.done;
}
/* Test LU but BSC will send a clear request in the middle */
private function f_tc_lu_clear_request(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
f_init_handler(pars);
var PDU_ML3_MS_NW l3_lu := f_build_lu_imsi(g_pars.imsi)
var PDU_DTAP_MT dtap_mt;
/* tell GSUP dispatcher to send this IMSI to us */
f_create_gsup_expect(hex2str(g_pars.imsi));
/* Send BSSAP_Conn_Req with COMPL L3 INFO to MSC */
f_cl3_or_initial_ue(l3_lu);
/* Send Early Classmark, just for the fun of it */
BSSAP.send(ts_BSSMAP_ClassmarkUpd(g_pars.cm2, g_pars.cm3));
f_sleep(1.0);
/* send clear request in the middle of the LU */
BSSAP.send(ts_BSSMAP_ClearRequest(0));
alt {
[] BSSAP.receive(tr_PDU_DTAP_MT(tr_ML3_MT_LU_Rej)) { repeat; }
[] BSSAP.receive(tr_BSSMAP_ClearCommand) {}
}
BSSAP.send(ts_BSSMAP_ClearComplete);
alt {
/* See https://osmocom.org/issues/2862 */
[] BSSAP.receive(tr_BSSMAP_ClearCommand) {
setverdict(fail, "Got a second Clear Command, only one expected");
mtc.stop;
repeat;
}
[] BSSAP.receive(RAN_Conn_Prim:MSC_CONN_PRIM_DISC_IND) {}
}
setverdict(pass);
}
testcase TC_lu_clear_request() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
vc_conn := f_start_handler(refers(f_tc_lu_clear_request), 10);
vc_conn.done;
}
/* Test LU but BSC will send a clear request in the middle */
friend function f_tc_lu_disconnect(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
f_init_handler(pars);
var PDU_ML3_MS_NW l3_lu := f_build_lu_imsi(g_pars.imsi)
var PDU_DTAP_MT dtap_mt;
/* tell GSUP dispatcher to send this IMSI to us */
f_create_gsup_expect(hex2str(g_pars.imsi));
/* Send BSSAP_Conn_Req with COMPL L3 INFO to MSC */
f_cl3_or_initial_ue(l3_lu);
/* Send Early Classmark, just for the fun of it */
if (pars.ran_is_geran) {
BSSAP.send(ts_BSSMAP_ClassmarkUpd(g_pars.cm2, g_pars.cm3));
}
f_sleep(1.0);
/* send clear request in the middle of the LU */
BSSAP.send(RAN_Conn_Prim:MSC_CONN_PRIM_DISC_REQ);
setverdict(pass);
f_sleep(1.0);
}
testcase TC_lu_disconnect() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
vc_conn := f_start_handler(refers(f_tc_lu_disconnect), 11);
vc_conn.done;
}
/* Test LU but with illegal mobile identity type = IMEI */
friend function f_tc_lu_by_imei(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
f_init_handler(pars);
var PDU_ML3_MS_NW l3_lu := f_build_lu_imei(g_pars.imei)
var PDU_DTAP_MT dtap_mt;
/* tell GSUP dispatcher to send this IMSI to us */
f_create_gsup_expect(hex2str(g_pars.imsi));
/* Send BSSAP_Conn_Req with COMPL L3 INFO to MSC */
f_cl3_or_initial_ue(l3_lu);
/* Send Early Classmark, just for the fun of it */
if (pars.ran_is_geran) {
BSSAP.send(ts_BSSMAP_ClassmarkUpd(g_pars.cm2, g_pars.cm3));
}
/* wait for LU reject, ignore any ID REQ */
alt {
[] BSSAP.receive(tr_PDU_DTAP_MT(tr_ML3_MT_LU_Rej)) { }
[] BSSAP.receive(tr_PDU_DTAP_MT(tr_ML3_MT_MM_ID_Req)) { repeat; }
}
/* wait for normal teardown */
f_expect_clear();
}
testcase TC_lu_by_imei() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
vc_conn := f_start_handler(refers(f_tc_lu_by_imei), 12);
vc_conn.done;
}
/* Test LU by TMSI with unknown TMSI, expect (and answer) ID REQ. */
private function f_tc_lu_tmsi_noauth_unknown(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
/* We piggyback a test for an MSC crash on overlong IMSI (OS#2864) onto this test. */
var hexstring overlong_imsi := '012345789ABCDEF0123456789ABCDEF'H;
f_init_handler(pars);
var PDU_ML3_MS_NW l3_lu := f_build_lu_tmsi('01020304'O); /* FIXME: Random */
var PDU_DTAP_MT dtap_mt;
/* tell GSUP dispatcher to send this IMSI to us */
f_create_gsup_expect(hex2str(g_pars.imsi));
/* Send BSSAP_Conn_Req with COMPL L3 INFO to MSC */
f_cl3_or_initial_ue(l3_lu);
/* Send Early Classmark, just for the fun of it */
BSSAP.send(ts_BSSMAP_ClassmarkUpd(g_pars.cm2, g_pars.cm3));
/* Wait for + respond to ID REQ (IMSI) */
BSSAP.receive(tr_PDU_DTAP_MT(tr_ML3_MT_MM_ID_Req(CM_ID_TYPE_IMSI)));
BSSAP.send(ts_PDU_DTAP_MO(ts_ML3_MO_MM_ID_Rsp_IMSI(overlong_imsi))); /* test for OS#2864 */
BSSAP.send(ts_PDU_DTAP_MO(ts_ML3_MO_MM_ID_Rsp_IMSI(g_pars.imsi)));
/* Expect MSC to do UpdateLocation to HLR; respond to it */
GSUP.receive(tr_GSUP_UL_REQ(g_pars.imsi));
GSUP.send(ts_GSUP_ISD_REQ(g_pars.imsi, g_pars.msisdn));
GSUP.receive(tr_GSUP_ISD_RES(g_pars.imsi));
GSUP.send(ts_GSUP_UL_RES(g_pars.imsi));
alt {
[] BSSAP.receive(tr_PDU_DTAP_MT(tr_ML3_MT_LU_Acc)) {
BSSAP.send(ts_PDU_DTAP_MO(ts_ML3_MO_TmsiRealloc_Cmpl));
}
[] BSSAP.receive(tr_PDU_DTAP_MT(tr_ML3_MT_LU_Rej)) {
setverdict(fail, "Expected LU ACK, but received REJ");
mtc.stop;
}
}
/* Wait for MM-Information (if enabled) */
f_expect_mm_info();
/* wait for normal teardown */
f_expect_clear();
}
testcase TC_lu_by_tmsi_noauth_unknown() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
vc_conn := f_start_handler(refers(f_tc_lu_tmsi_noauth_unknown), 13);
vc_conn.done;
}
/* Test IMSI DETACH (MI=IMSI) */
friend function f_tc_imsi_detach_by_imsi(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
f_init_handler(pars);
var MobileIdentityLV mi := valueof(ts_MI_IMSI_LV(g_pars.imsi));
/* Send BSSAP_Conn_Req with COMPL L3 INFO to MSC */
f_cl3_or_initial_ue(valueof(ts_ML3_MO_MM_IMSI_DET_Ind(mi)));
/* Send Early Classmark, just for the fun of it? */
if (pars.ran_is_geran) {
BSSAP.send(ts_BSSMAP_ClassmarkUpd(g_pars.cm2, g_pars.cm3));
}
/* wait for normal teardown */
f_expect_clear();
}
testcase TC_imsi_detach_by_imsi() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
vc_conn := f_start_handler(refers(f_tc_imsi_detach_by_imsi), 14);
vc_conn.done;
}
/* Test IMSI DETACH (MI=TMSI) */
friend function f_tc_imsi_detach_by_tmsi(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
f_init_handler(pars);
var MobileIdentityLV mi := valueof(ts_MI_TMSI_LV('01020304'O));
/* Send BSSAP_Conn_Req with COMPL L3 INFO to MSC */
f_cl3_or_initial_ue(valueof(ts_ML3_MO_MM_IMSI_DET_Ind(mi)));
/* Send Early Classmark, just for the fun of it? */
if (pars.ran_is_geran) {
BSSAP.send(ts_BSSMAP_ClassmarkUpd(g_pars.cm2, g_pars.cm3));
}
/* wait for normal teardown */
f_expect_clear();
}
testcase TC_imsi_detach_by_tmsi() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
vc_conn := f_start_handler(refers(f_tc_imsi_detach_by_tmsi), 15);
vc_conn.done;
}
/* Test IMSI DETACH (MI=IMEI), which is illegal */
friend function f_tc_imsi_detach_by_imei(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
f_init_handler(pars);
var MobileIdentityLV mi := valueof(ts_MI_IMEI_LV(g_pars.imei));
/* Send BSSAP_Conn_Req with COMPL L3 INFO to MSC */
f_cl3_or_initial_ue(valueof(ts_ML3_MO_MM_IMSI_DET_Ind(mi)));
/* Send Early Classmark, just for the fun of it? */
if (pars.ran_is_geran) {
BSSAP.send(ts_BSSMAP_ClassmarkUpd(g_pars.cm2, g_pars.cm3));
}
/* wait for normal teardown */
f_expect_clear();
}
testcase TC_imsi_detach_by_imei() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
vc_conn := f_start_handler(refers(f_tc_imsi_detach_by_imei), 16);
vc_conn.done;
}
/* helper function for an emergency call. caller passes in mobile identity to use */
private function f_emerg_call(MobileIdentityLV mi) runs on BSC_ConnHdlr {
var CallParameters cpars := valueof(t_CallParams('112'H, 0));
cpars.emergency := true;
f_mo_call(cpars);
}
/* establish an emergency call by IMEI, no SIM inserted (and hence no IMSI) */
friend function f_tc_emerg_call_imei_reject(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
f_init_handler(pars);
var MobileIdentityLV mi := valueof(ts_MI_IMEI_LV(g_pars.imei));
var PDU_ML3_MS_NW l3_info := valueof(ts_CM_SERV_REQ(CM_TYPE_EMERG_CALL, mi));
f_cl3_or_initial_ue(l3_info);
BSSAP.receive(tr_PDU_DTAP_MT(tr_CM_SERV_REJ('05'O)));
f_expect_clear();
}
testcase TC_emerg_call_imei_reject() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
vc_conn := f_start_handler(refers(f_tc_emerg_call_imei_reject), 17);
vc_conn.done;
}
/* establish an emergency call by IMSI, SIM inserted (and hence IMSI) */
friend function f_tc_emerg_call_imsi(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
f_init_handler(pars);
/* First perform location update to ensure subscriber is known */
f_perform_lu();
/* Then issue emergency call identified by IMSI */
f_emerg_call(valueof(ts_MI_IMSI_LV(g_pars.imsi)));
}
testcase TC_emerg_call_imsi() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
vc_conn := f_start_handler(refers(f_tc_emerg_call_imsi), 18);
vc_conn.done;
}
/* CM Service Request for VGCS -> reject */
private function f_tc_cm_serv_req_vgcs_reject(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
f_init_handler(pars);
/* First perform location update to ensure subscriber is known */
f_perform_lu();
var MobileIdentityLV mi := valueof(ts_MI_IMSI_LV(g_pars.imsi));
var PDU_ML3_MS_NW l3_info := valueof(ts_CM_SERV_REQ(CM_TYPE_VGCS, mi));
f_cl3_or_initial_ue(l3_info);
BSSAP.receive(tr_PDU_DTAP_MT(tr_CM_SERV_REJ(int2oct(32,1))));
f_expect_clear();
}
testcase TC_cm_serv_req_vgcs_reject() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
vc_conn := f_start_handler(refers(f_tc_cm_serv_req_vgcs_reject), 19);
vc_conn.done;
}
/* CM Service Request for VBS -> reject */
private function f_tc_cm_serv_req_vbs_reject(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
f_init_handler(pars);
/* First perform location update to ensure subscriber is known */
f_perform_lu();
var MobileIdentityLV mi := valueof(ts_MI_IMSI_LV(g_pars.imsi));
var PDU_ML3_MS_NW l3_info := valueof(ts_CM_SERV_REQ(CM_TYPE_VBS, mi));
f_cl3_or_initial_ue(l3_info);
BSSAP.receive(tr_PDU_DTAP_MT(tr_CM_SERV_REJ(int2oct(32,1))));
f_expect_clear();
}
testcase TC_cm_serv_req_vbs_reject() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
vc_conn := f_start_handler(refers(f_tc_cm_serv_req_vbs_reject), 20);
vc_conn.done;
}
/* CM Service Request for LCS -> reject */
private function f_tc_cm_serv_req_lcs_reject(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
f_init_handler(pars);
/* First perform location update to ensure subscriber is known */
f_perform_lu();
var MobileIdentityLV mi := valueof(ts_MI_IMSI_LV(g_pars.imsi));
var PDU_ML3_MS_NW l3_info := valueof(ts_CM_SERV_REQ(CM_TYPE_LCS, mi));
f_cl3_or_initial_ue(l3_info);
BSSAP.receive(tr_PDU_DTAP_MT(tr_CM_SERV_REJ(int2oct(32,1))));
f_expect_clear();
}
testcase TC_cm_serv_req_lcs_reject() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
vc_conn := f_start_handler(refers(f_tc_cm_serv_req_lcs_reject), 21);
vc_conn.done;
}
/* CM Re-Establishment Request */
private function f_tc_cm_reest_req_reject(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
f_init_handler(pars);
/* First perform location update to ensure subscriber is known */
f_perform_lu();
var MobileIdentityLV mi := valueof(ts_MI_IMSI_LV(g_pars.imsi));
var PDU_ML3_MS_NW l3_info := valueof(ts_CM_REEST_REQ(0, mi));
f_cl3_or_initial_ue(l3_info);
BSSAP.receive(tr_PDU_DTAP_MT(tr_CM_SERV_REJ(int2oct(32,1))));
f_expect_clear();
}
testcase TC_cm_reest_req_reject() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
vc_conn := f_start_handler(refers(f_tc_cm_reest_req_reject), 22);
vc_conn.done;
}
/* Test LU (with authentication enabled), with wrong response from MS */
private function f_tc_lu_auth_2G_fail(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
f_init_handler(pars);
var PDU_ML3_MS_NW l3_lu := f_build_lu_imsi(g_pars.imsi)
/* tell GSUP dispatcher to send this IMSI to us */
f_create_gsup_expect(hex2str(g_pars.imsi));
/* Send BSSAP_Conn_Req with COMPL L3 INFO to MSC */
f_cl3_or_initial_ue(l3_lu);
/* Send Early Classmark, just for the fun of it */
BSSAP.send(ts_BSSMAP_ClassmarkUpd(g_pars.cm2, g_pars.cm3));
var AuthVector vec := f_gen_auth_vec_2g();
var GSUP_IE auth_tuple := valueof(ts_GSUP_IE_AuthTuple2G(vec.rand, vec.sres, vec.kc));
GSUP.receive(tr_GSUP_SAI_REQ(g_pars.imsi));
GSUP.send(ts_GSUP_SAI_RES(g_pars.imsi, auth_tuple));
BSSAP.receive(tr_PDU_DTAP_MT(tr_ML3_MT_MM_AUTH_REQ(vec.rand)));
/* Send back wrong auth response */
BSSAP.send(ts_PDU_DTAP_MO(ts_ML3_MT_MM_AUTH_RESP_2G('00000000'O)));
/* Expect GSUP AUTH FAIL REP to HLR */
GSUP.receive(tr_GSUP_AUTH_FAIL_IND(g_pars.imsi));
/* Expect LU REJECT with Cause == Illegal MS */
BSSAP.receive(tr_PDU_DTAP_MT(tr_ML3_MT_LU_Rej('03'O)));
f_expect_clear();
}
testcase TC_lu_auth_2G_fail() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
f_vty_config(MSCVTY, "network", "authentication required");
vc_conn := f_start_handler(refers(f_tc_lu_auth_2G_fail), 23);
vc_conn.done;
}
/* A5/1 + A5/3 permitted on network side, and MS capable to do it */
private function f_tc_lu_imsi_auth_tmsi_encr_13_13(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
pars.net.expect_auth := true;
pars.net.expect_ciph := true;
f_init_handler(pars);
f_perform_lu();
}
testcase TC_lu_imsi_auth_tmsi_encr_13_13() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
f_vty_config(MSCVTY, "network", "authentication required");
f_vty_config(MSCVTY, "network", "encryption a5 1 3");
vc_conn := f_start_handler(refers(f_tc_lu_imsi_auth_tmsi_encr_13_13), 24);
vc_conn.done;
}
/* Test Complete L3 without payload */
private function f_tc_cl3_no_payload(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
f_init_handler(pars);
/* Send Complete L3 Info with empty L3 frame */
BSSAP.send(ts_BSSAP_Conn_Req(g_pars.sccp_addr_peer, g_pars.sccp_addr_own,
valueof(ts_BSSMAP_ComplL3(g_pars.cell_id, ''O))));
timer T := 5.0;
T.start;
alt {
[] BSSAP.receive(RAN_Conn_Prim:MSC_CONN_PRIM_DISC_IND) {}
/* Expect LU REJECT with Cause == Illegal MS */
[] BSSAP.receive(tr_PDU_DTAP_MT(?)) { repeat; }
[] BSSAP.receive(RAN_Conn_Prim:MSC_CONN_PRIM_CONF_IND) { repeat; }
[] as_clear_cmd_compl_disc();
[] T.timeout {
setverdict(fail, "Timeout waiting for ClearCommand or SCCP Release");
mtc.stop;
}
}
setverdict(pass);
}
testcase TC_cl3_no_payload() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
vc_conn := f_start_handler(refers(f_tc_cl3_no_payload), 25);
vc_conn.done;
}
/* Test Complete L3 with random payload */
private function f_tc_cl3_rnd_payload(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
f_init_handler(pars);
/* length is limited by PDU_BSSAP length field which includes some
* other fields beside l3info payload. So payl can only be 240 bytes
* Since rnd() returns values < 1 multiply with 241
*/
var integer len := float2int(rnd() * 241.0);
var octetstring payl := f_rnd_octstring(len);
/* Send Complete L3 Info with empty L3 frame */
BSSAP.send(ts_BSSAP_Conn_Req(g_pars.sccp_addr_peer, g_pars.sccp_addr_own,
valueof(ts_BSSMAP_ComplL3(g_pars.cell_id, payl))));
timer T := 5.0;
T.start;
alt {
/* Immediate disconnect */
[] BSSAP.receive(RAN_Conn_Prim:MSC_CONN_PRIM_DISC_IND) {}
[] BSSAP.receive(tr_PDU_DTAP_MT(?)) { repeat; }
[] BSSAP.receive(RAN_Conn_Prim:MSC_CONN_PRIM_CONF_IND) { repeat; }
[] as_clear_cmd_compl_disc();
[] T.timeout {
setverdict(fail, "Timeout waiting for ClearCommand or SCCP Release");
mtc.stop;
}
}
setverdict(pass);
}
testcase TC_cl3_rnd_payload() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
vc_conn := f_start_handler(refers(f_tc_cl3_rnd_payload), 26);
vc_conn.done;
}
/* Test Complete L3 with random payload */
friend function f_tc_establish_and_nothing(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
f_init_handler(pars);
f_perform_lu();
f_establish_fully();
f_expect_clear(10.0);
}
testcase TC_establish_and_nothing() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
vc_conn := f_start_handler(refers(f_tc_establish_and_nothing), 27);
vc_conn.done;
}
/* Test MO Call SETUP with no response from MNCC */
friend function f_tc_mo_setup_and_nothing(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
f_init_handler(pars, 190.0);
var CallParameters cpars := valueof(t_CallParams('12345'H, 0));
cpars.mgw_conn_2.resp := 0;
cpars.stop_after_cc_setup := true;
f_vty_config(MSCVTY, "msc", "mncc guard-timeout 20");
f_perform_lu();
f_mo_call_establish(cpars);
var default ccrel := activate(as_optional_cc_rel(cpars));
f_expect_clear(185.0);
deactivate(ccrel);
f_sleep(1.0);
}
testcase TC_mo_setup_and_nothing() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
vc_conn := f_start_handler(refers(f_tc_mo_setup_and_nothing), 28);
vc_conn.done;
}
/* Test MO Call with no response to RAN-side CRCX */
friend function f_tc_mo_crcx_ran_timeout(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
f_init_handler(pars);
var CallParameters cpars := valueof(t_CallParams('12345'H, 0));
var MNCC_PDU mncc;
var MgcpCommand mgcp_cmd;
f_perform_lu();
/* Do not respond to the second CRCX */
cpars.mgw_conn_2.resp := 0;
f_mo_call_establish(cpars);
var default ccrel := activate(as_optional_cc_rel(cpars));
f_expect_clear(60.0);
deactivate(ccrel);
}
testcase TC_mo_crcx_ran_timeout() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
vc_conn := f_start_handler(refers(f_tc_mo_crcx_ran_timeout), 29);
vc_conn.done;
}
/* Test MO Call with reject to RAN-side CRCX */
friend function f_tc_mo_crcx_ran_reject(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
f_init_handler(pars);
var CallParameters cpars := valueof(t_CallParams('12345'H, 0));
/* Respond with error for the first CRCX */
cpars.mgw_conn_1.resp := -1;
f_perform_lu();
f_mo_call_establish(cpars);
var default ccrel := activate(as_optional_cc_rel(cpars));
f_expect_clear(60.0);
deactivate(ccrel);
}
testcase TC_mo_crcx_ran_reject() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
vc_conn := f_start_handler(refers(f_tc_mo_crcx_ran_reject), 30);
vc_conn.done;
}
/* helper function to start a MT call: MNCC SETUP; Paging; DChan est.; DTAP SETUP */
private function f_mt_call_start(inout CallParameters cpars) runs on BSC_ConnHdlr {
var MNCC_PDU mncc;
var MgcpCommand mgcp_cmd;
f_perform_lu();
f_ran_register_imsi(g_pars.imsi, g_pars.tmsi);
/* Allocate call reference and send SETUP via MNCC to MSC */
cpars.mncc_callref := f_rnd_int(2147483648);
MNCC.send(ts_MNCC_SETUP_req(cpars.mncc_callref, hex2str(g_pars.msisdn),
hex2str(cpars.called_party), hex2str(g_pars.imsi)));
/* MSC->BSC: expect PAGING from MSC */
f_expect_paging();
/* MS -> MSC: PAGING RESPONSE */
f_establish_fully(EST_TYPE_PAG_RESP);
f_create_mgcp_expect(ExpectCriteria:{omit,omit,omit});
/* MSC->MS: SETUP */
BSSAP.receive(tr_PDU_DTAP_MT(tr_ML3_MT_CC_SETUP(cpars.transaction_id, *, cpars.called_party)));
}
/* Test MT Call */
friend function f_tc_mt_crcx_ran_reject(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
f_init_handler(pars);
var CallParameters cpars := valueof(t_CallParams('123456'H, 0));
var MNCC_PDU mncc;
var MgcpCommand mgcp_cmd;
f_mt_call_start(cpars);
/* MS->MSC: CALL CONFIRMED */
BSSAP.send(ts_PDU_DTAP_MO(ts_ML3_MO_CC_CALL_CONF(cpars.transaction_id)));
MNCC.receive(tr_MNCC_CALL_CONF_ind(cpars.mncc_callref));
MGCP.receive(tr_CRCX) -> value mgcp_cmd;
cpars.mgcp_call_id := f_MgcpCmd_extract_call_id(mgcp_cmd);
/* Detect if the received CRCX is a wildcarded CRCX request. If yes,
* set an endpoint name that fits the pattern. If not, just use the
* endpoint name from the request */
if (match(mgcp_cmd.line.ep, t_MGCP_EP_wildcard)) {
cpars.mgcp_ep := "rtpbridge/1@mgw";
} else {
cpars.mgcp_ep := mgcp_cmd.line.ep;
}
/* Respond to CRCX with error */
var MgcpResponse mgcp_rsp := {
line := {
code := "542",
trans_id := mgcp_cmd.line.trans_id,
string := "FORCED_FAIL"
},
sdp := omit
}
var MgcpParameter mgcp_rsp_param := {
code := "Z",
val := cpars.mgcp_ep
};
mgcp_rsp.params[0] := mgcp_rsp_param;
MGCP.send(mgcp_rsp);
timer T := 30.0;
T.start;
alt {
[] T.timeout {
setverdict(fail, "Timeout waiting for channel release");
mtc.stop;
}
[] MNCC.receive { repeat; }
[] GSUP.receive { repeat; }
[] MGCP.receive(tr_DLCX(?)) -> value mgcp_cmd {
MGCP.send(ts_DLCX_ACK2(mgcp_cmd.line.trans_id));
f_create_mgcp_delete_ep(cpars.mgcp_ep);
repeat;
}
[] MGCP.receive { repeat; }
[] as_clear_cmd_compl_disc();
[] as_optional_cc_rel(cpars);
}
}
testcase TC_mt_crcx_ran_reject() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
vc_conn := f_start_handler(refers(f_tc_mt_crcx_ran_reject), 31);
vc_conn.done;
}
/* Test MT Call T310 timer */
friend function f_tc_mt_t310(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
f_init_handler(pars, 200.0);
var CallParameters cpars := valueof(t_CallParams('123456'H, 0));
var MNCC_PDU mncc;
var MgcpCommand mgcp_cmd;
f_mt_call_start(cpars);
/* MS->MSC: CALL CONFIRMED */
BSSAP.send(ts_PDU_DTAP_MO(ts_ML3_MO_CC_CALL_CONF(cpars.transaction_id)));
MNCC.receive(tr_MNCC_CALL_CONF_ind(cpars.mncc_callref));
MGCP.receive(tr_CRCX) -> value mgcp_cmd;
cpars.mgcp_call_id := f_MgcpCmd_extract_call_id(mgcp_cmd);
cpars.mgcp_ep := mgcp_cmd.line.ep;
/* FIXME: Respond to CRCX */
/* old libosmocore T310 default timeout is 180s. so let's wait 190 */
timer T := 190.0;
T.start;
alt {
[] T.timeout {
setverdict(fail, "Timeout waiting for T310");
mtc.stop;
}
[] MNCC.receive(tr_MNCC_DISC_ind(cpars.mncc_callref)) {
MNCC.send(ts_MNCC_REL_req(cpars.mncc_callref, valueof(ts_MNCC_cause(23))));
}
}
BSSAP.receive(tr_PDU_DTAP_MT(tr_ML3_MT_CC_DISC(cpars.transaction_id)));
BSSAP.receive(tr_PDU_DTAP_MT(tr_ML3_MT_CC_RELEASE(cpars.transaction_id)));
/* FIXME: We're sending this with TIflag 0: allocated by sender, which is wrong */
BSSAP.send(ts_PDU_DTAP_MO(ts_ML3_MO_CC_REL_COMPL(cpars.transaction_id)));
alt {
[] MGCP.receive(tr_DLCX(?)) -> value mgcp_cmd {
MGCP.send(ts_DLCX_ACK2(mgcp_cmd.line.trans_id));
f_create_mgcp_delete_ep(cpars.mgcp_ep);
repeat;
}
[] as_clear_cmd_compl_disc();
}
}
testcase TC_mt_t310() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
vc_conn := f_start_handler(refers(f_tc_mt_t310), 32);
vc_conn.done;
}
/* Perform successful LU + MO call, then GSUP LocationCancel. Subscriber must be denied CM SERV */
friend function f_tc_gsup_cancel(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
f_init_handler(pars);
var CallParameters cpars := valueof(t_CallParams('12345'H, 0));
/* Location Update to make subscriber known */
f_perform_lu();
/* First MO call should succeed */
f_mo_call(cpars);
/* Cancel the subscriber in the VLR */
GSUP.send(ts_GSUP_CL_REQ(g_pars.imsi, OSMO_GSUP_CANCEL_TYPE_WITHDRAW));
alt {
[] GSUP.receive(tr_GSUP_CL_RES(g_pars.imsi)) { }
[] GSUP.receive(tr_GSUP_CL_ERR(g_pars.imsi)) {
setverdict(fail, "Received GSUP Location Cancel Error");
mtc.stop;
}
}
/* Follow-up transactions should fail */
var MobileIdentityLV mi := valueof(ts_MI_IMSI_LV(g_pars.imsi));
var PDU_ML3_MS_NW l3_info := valueof(ts_CM_SERV_REQ(CM_TYPE_MO_CALL, mi));
f_cl3_or_initial_ue(l3_info);
alt {
[] BSSAP.receive(tr_PDU_DTAP_MT(tr_CM_SERV_REJ)) { }
[] BSSAP.receive {
setverdict(fail, "Received unexpected BSSAP instead of CM SERV REJ");
mtc.stop;
}
}
f_expect_clear();
setverdict(pass);
}
testcase TC_gsup_cancel() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
vc_conn := f_start_handler(refers(f_tc_gsup_cancel), 33);
vc_conn.done;
}
/* A5/1 only permitted on network side, and MS capable to do it */
private function f_tc_lu_imsi_auth_tmsi_encr_1_13(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
pars.net.expect_auth := true;
pars.net.expect_ciph := true;
pars.net.kc_support := '02'O; /* A5/1 only */
f_init_handler(pars);
f_perform_lu();
}
testcase TC_lu_imsi_auth_tmsi_encr_1_13() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
f_vty_config(MSCVTY, "network", "authentication required");
f_vty_config(MSCVTY, "network", "encryption a5 1");
vc_conn := f_start_handler(refers(f_tc_lu_imsi_auth_tmsi_encr_1_13), 34);
vc_conn.done;
}
/* A5/3 only permitted on network side, and MS capable to do it */
private function f_tc_lu_imsi_auth_tmsi_encr_3_13(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
pars.net.expect_auth := true;
pars.net.expect_ciph := true;
pars.net.kc_support := '08'O; /* A5/3 only */
f_init_handler(pars);
f_perform_lu();
}
testcase TC_lu_imsi_auth_tmsi_encr_3_13() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
f_vty_config(MSCVTY, "network", "authentication required");
f_vty_config(MSCVTY, "network", "encryption a5 3");
vc_conn := f_start_handler(refers(f_tc_lu_imsi_auth_tmsi_encr_3_13), 35);
vc_conn.done;
}
/* A5/3 only permitted on network side, and MS with only A5/1 support */
private function f_tc_lu_imsi_auth_tmsi_encr_3_1(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
pars.net.expect_auth := true;
pars.net.expect_ciph := true;
pars.net.kc_support := '08'O; /* A5/3 only */
pars.cm2.classmarkInformationType2_oct5.a5_3 := '0'B;
f_init_handler(pars, 15.0);
/* cannot use f_perform_lu() as we expect a reject */
var PDU_ML3_MS_NW l3_lu := f_build_lu_imsi(g_pars.imsi);
f_create_gsup_expect(hex2str(g_pars.imsi));
f_cl3_or_initial_ue(l3_lu);
if (pars.send_early_cm) {
BSSAP.send(ts_BSSMAP_ClassmarkUpd(g_pars.cm2, g_pars.cm3));
} else {
pars.cm1.esind := '0'B;
}
f_mm_auth();
alt {
[] BSSAP.receive(tr_BSSMAP_ClassmarkReq) {
BSSAP.send(ts_BSSMAP_ClassmarkUpd(g_pars.cm2, g_pars.cm3));
repeat;
}
[] BSSAP.receive(tr_PDU_DTAP_MT(tr_ML3_MT_LU_Rej)) {
f_expect_clear();
}
[] BSSAP.receive(tr_BSSMAP_CipherModeCmd(?,?)) {
setverdict(fail, "CipherModeCommand despite no A5 intersection");
mtc.stop;
}
[] BSSAP.receive {
setverdict(fail, "Unknown/unexpected BSSAP received");
mtc.stop;
}
}
setverdict(pass);
}
testcase TC_lu_imsi_auth_tmsi_encr_3_1() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
f_vty_config(MSCVTY, "network", "authentication required");
f_vty_config(MSCVTY, "network", "encryption a5 3");
vc_conn := f_start_handler(refers(f_tc_lu_imsi_auth_tmsi_encr_3_1), 360);
vc_conn.done;
}
testcase TC_lu_imsi_auth_tmsi_encr_3_1_no_cm() runs on MTC_CT {
var BSC_ConnHdlrPars pars;
var BSC_ConnHdlr vc_conn;
f_init();
f_vty_config(MSCVTY, "network", "authentication required");
f_vty_config(MSCVTY, "network", "encryption a5 3");
pars := f_init_pars(361);
pars.send_early_cm := false;
vc_conn := f_start_handler_with_pars(refers(f_tc_lu_imsi_auth_tmsi_encr_3_1), pars);
vc_conn.done;
}
testcase TC_lu_imsi_auth_tmsi_encr_3_1_log_msc_debug() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
f_vty_config(MSCVTY, "network", "authentication required");
f_vty_config(MSCVTY, "network", "encryption a5 3");
/* Make sure the MSC category is on DEBUG level to trigger the log
* message that is reported in OS#2947 to trigger the segfault */
f_vty_config(MSCVTY, "log stderr", "logging level msc debug");
vc_conn := f_start_handler(refers(f_tc_lu_imsi_auth_tmsi_encr_3_1), 362);
vc_conn.done;
}
/* A5/1 + A5/3 only permitted on network side, and MS with only A5/2 support */
private function f_tc_lu_imsi_auth_tmsi_encr_13_2(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
pars.net.expect_auth := true;
pars.net.expect_ciph := true;
pars.net.kc_support := '0A'O; /* A5/1 + A5/3 */
pars.cm1.a5_1 := '1'B;
pars.cm2.a5_1 := '1'B;
pars.cm2.classmarkInformationType2_oct5.a5_3 := '0'B;
pars.cm2.classmarkInformationType2_oct5.a5_2 := '1'B;
f_init_handler(pars, 15.0);
/* cannot use f_perform_lu() as we expect a reject */
var PDU_ML3_MS_NW l3_lu := f_build_lu_imsi(g_pars.imsi);
f_create_gsup_expect(hex2str(g_pars.imsi));
f_cl3_or_initial_ue(l3_lu);
BSSAP.send(ts_BSSMAP_ClassmarkUpd(g_pars.cm2, g_pars.cm3));
f_mm_auth();
alt {
[] BSSAP.receive(tr_PDU_DTAP_MT(tr_ML3_MT_LU_Rej)) {
f_expect_clear();
}
[] BSSAP.receive(tr_BSSMAP_CipherModeCmd(?,?)) {
setverdict(fail, "CipherModeCommand despite no A5 intersection");
mtc.stop;
}
[] BSSAP.receive {
setverdict(fail, "Unknown/unexpected BSSAP received");
mtc.stop;
}
}
setverdict(pass);
}
testcase TC_lu_imsi_auth_tmsi_encr_13_2() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
f_vty_config(MSCVTY, "network", "authentication required");
f_vty_config(MSCVTY, "network", "encryption a5 1 3");
vc_conn := f_start_handler(refers(f_tc_lu_imsi_auth_tmsi_encr_13_2), 37);
vc_conn.done;
}
/* A5/0 + A5/1 + A5/3 only permitted on network side, and MS with only A5/2 support */
private function f_tc_lu_imsi_auth_tmsi_encr_013_2(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
pars.net.expect_auth := true;
pars.net.expect_ciph := true;
pars.net.kc_support := '0B'O; /* A5/1 + A5/3 */
pars.cm1.a5_1 := '1'B;
pars.cm2.a5_1 := '1'B;
pars.cm2.classmarkInformationType2_oct5.a5_3 := '0'B;
pars.cm2.classmarkInformationType2_oct5.a5_2 := '1'B;
f_init_handler(pars, 15.0);
f_perform_lu();
}
testcase TC_lu_imsi_auth_tmsi_encr_013_2() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
f_vty_config(MSCVTY, "network", "authentication required");
f_vty_config(MSCVTY, "network", "encryption a5 0 1 3");
vc_conn := f_start_handler(refers(f_tc_lu_imsi_auth_tmsi_encr_013_2), 38);
vc_conn.done;
}
/* LU followed by MT call (including paging) */
friend function f_tc_lu_and_mt_call(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
f_init_handler(pars);
var CallParameters cpars := valueof(t_CallParams('12345'H, 0));
cpars.use_osmux := pars.use_osmux;
f_perform_lu();
f_mt_call(cpars);
}
testcase TC_lu_and_mt_call() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
vc_conn := f_start_handler(refers(f_tc_lu_and_mt_call), 39);
vc_conn.done;
}
testcase TC_lu_and_mt_call_osmux() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init(1, false, true, true);
vc_conn := f_start_handler(refers(f_tc_lu_and_mt_call), 39, 0, true, true);
vc_conn.done;
}
/* MT call while already Paging */
friend function f_tc_lu_and_mt_call_already_paging(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
var CallParameters cpars := valueof(t_CallParams('123456'H, 0));
var SmsParameters spars := valueof(t_SmsPars);
var OCT4 tmsi;
f_init_handler(pars);
/* Perform location update */
f_perform_lu();
/* register an 'expect' for given IMSI (+TMSI) */
if (isvalue(g_pars.tmsi)) {
tmsi := g_pars.tmsi;
} else {
tmsi := 'FFFFFFFF'O;
}
f_ran_register_imsi(g_pars.imsi, tmsi);
log("start Paging by an SMS");
f_vty_sms_send(hex2str(pars.imsi), "2342", "Hello SMS");
/* MSC->BSC: expect PAGING from MSC */
f_expect_paging();
log("MNCC signals MT call, before Paging Response");
f_mt_call_initate(cpars);
f_ran_register_imsi(g_pars.imsi, g_pars.tmsi);
f_sleep(0.5);
log("phone answers Paging, expecting both SMS and MT call to be established");
f_establish_fully(EST_TYPE_PAG_RESP);
spars.tp.ud := 'C8329BFD064D9B53'O;
interleave {
[] BSSAP.receive(f_mt_sms_deliver_pdu(spars)) {
log("Got SMS-DELIVER");
};
[] BSSAP.receive(tr_PDU_DTAP_MT(tr_ML3_MT_CC_SETUP(cpars.transaction_id, *, cpars.called_party))) {
log("Got CC Setup");
};
}
setverdict(pass);
log("success, tear down");
var default ccrel := activate(as_optional_cc_rel(cpars));
if (g_pars.ran_is_geran) {
BSSAP.send(ts_BSSMAP_ClearRequest(0));
} else {
BSSAP.send(ts_RANAP_IuReleaseRequest(ts_RanapCause_om_intervention));
}
f_expect_clear();
deactivate(ccrel);
f_vty_sms_clear(hex2str(g_pars.imsi));
}
testcase TC_lu_and_mt_call_already_paging() runs on MTC_CT {
var BSC_ConnHdlrPars pars;
var BSC_ConnHdlr vc_conn;
f_init();
pars := f_init_pars(391);
vc_conn := f_start_handler_with_pars(refers(f_tc_lu_and_mt_call_already_paging), pars);
vc_conn.done;
}
/* Test MO Call SETUP with DTMF */
private function f_tc_mo_setup_dtmf_dup(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
f_init_handler(pars);
var CallParameters cpars := valueof(t_CallParams('12345'H, 0));
f_perform_lu();
f_mo_seq_dtmf_dup(cpars);
}
testcase TC_mo_setup_and_dtmf_dup() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
vc_conn := f_start_handler(refers(f_tc_mo_setup_dtmf_dup), 39);
vc_conn.done;
}
testcase TC_cr_before_reset() runs on MTC_CT {
timer T := 4.0;
var boolean reset_ack_seen := false;
f_init_bssap_direct();
f_ran_adapter_start(g_bssap[0]);
f_sleep(3.0);
/* Make a blind connection attemt, to trigger the deadlock condition */
BSSAP_DIRECT.send(ts_BSSAP_CONNECT_req(g_bssap[0].sccp_addr_peer, g_bssap[0].sccp_addr_own, 1, omit));
/* Send a BSSMAP reset */
BSSAP_DIRECT.send(ts_BSSAP_UNITDATA_req(g_bssap[0].sccp_addr_peer, g_bssap[0].sccp_addr_own, ts_BSSMAP_Reset(0)));
T.start
alt {
[] BSSAP_DIRECT.receive(tr_BSSAP_UNITDATA_ind(?, ?, tr_BSSMAP_ResetAck)) {
reset_ack_seen := true;
repeat;
}
/* Acknowledge MSC sided reset requests */
[] BSSAP_DIRECT.receive(tr_BSSAP_UNITDATA_ind(?, ?, tr_BSSMAP_Reset)) {
BSSAP_DIRECT.send(ts_BSSAP_UNITDATA_req(g_bssap[0].sccp_addr_peer, g_bssap[0].sccp_addr_own, ts_BSSMAP_ResetAck));
repeat;
}
/* Ignore all other messages (e.g CR from the connection request) */
[] BSSAP_DIRECT.receive { repeat }
/* If we got no BSSMAP RESET ACK back, then the MSC entered the
* deadlock situation. The MSC is then unable to respond to any
* further BSSMAP RESET or any other sort of traffic. */
[reset_ack_seen == true] T.timeout { setverdict(pass) }
[reset_ack_seen == false] T.timeout {
setverdict(fail, "no BSSMAP RESET ACK seen!");
mtc.stop;
}
}
}
/* Test MO Call with no response to RAN-side CRCX or DTAP Release */
friend function f_tc_mo_release_timeout(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
f_init_handler(pars);
var CallParameters cpars := valueof(t_CallParams('12345'H, 0));
var MNCC_PDU mncc;
var MgcpCommand mgcp_cmd;
/* Do not respond to the second CRCX */
cpars.mgw_conn_2.resp := 0;
f_perform_lu();
f_mo_call_establish(cpars);
var default ccrel := activate(as_optional_cc_rel(cpars));
f_expect_clear(60.0);
deactivate(ccrel);
}
testcase TC_mo_release_timeout() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
vc_conn := f_start_handler(refers(f_tc_mo_release_timeout), 40);
vc_conn.done;
}
/* LU followed by MT call (including paging) */
private function f_tc_lu_and_mt_call_no_dlcx_resp(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
f_init_handler(pars);
var CallParameters cpars := valueof(t_CallParams('12345'H, 0));
/* Intentionally disable the CRCX response */
cpars.mgw_drop_dlcx := true;
/* Perform location update and call */
f_perform_lu();
f_mt_call(cpars);
}
testcase TC_lu_and_mt_call_no_dlcx_resp() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
/* Perform an almost normal looking locationupdate + mt-call, but do
* not respond to the DLCX at the end of the call */
vc_conn := f_start_handler(refers(f_tc_lu_and_mt_call_no_dlcx_resp), 41);
vc_conn.done;
/* Wait a guard period until the MGCP layer in the MSC times out,
* if the MSC is vulnerable to the use-after-free situation that is
* fixed by I78f1b6a9149488a4ad3f120c1e190a83c07d4b89 then it should
* segfault now */
f_sleep(6.0);
/* Run the init procedures once more. If the MSC has crashed, this
* this will fail */
f_init();
}
/* Two BSSMAP resets from two different BSCs */
testcase TC_reset_two() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init(2);
f_sleep(2.0);
setverdict(pass);
}
/* Two BSSMAP resets from two different BSCs plus one IuCS RANAP Reset */
testcase TC_reset_two_1iu() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init(3);
f_sleep(2.0);
setverdict(pass);
}
/***********************************************************************
* SMS Testing
***********************************************************************/
/* LU followed by MO SMS */
friend function f_tc_lu_and_mo_sms(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
var SmsParameters spars := valueof(t_SmsPars);
f_init_handler(pars);
/* Perform location update and call */
f_perform_lu();
f_establish_fully(EST_TYPE_MO_SMS);
//spars.exp_rp_err := 96; /* invalid mandatory information */
f_mo_sms(spars);
f_expect_clear();
}
testcase TC_lu_and_mo_sms() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
vc_conn := f_start_handler(refers(f_tc_lu_and_mo_sms), 42);
vc_conn.done;
}
private function f_vty_sms_send(charstring imsi, charstring msisdn, charstring text)
runs on BSC_ConnHdlr {
f_vty_transceive(MSCVTY, "subscriber imsi "&imsi&" sms sender msisdn "&msisdn&" send "&text);
}
/* Remove still pending SMS */
private function f_vty_sms_clear(charstring imsi)
runs on BSC_ConnHdlr {
f_vty_transceive(MSCVTY, "subscriber imsi " & imsi & " sms delete-all");
f_vty_transceive(MSCVTY, "sms-queue clear");
}
/* LU followed by MT SMS */
friend function f_tc_lu_and_mt_sms(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
var SmsParameters spars := valueof(t_SmsPars);
f_init_handler(pars);
/* Perform location update and call */
f_perform_lu();
/* register an 'expect' for given IMSI (+TMSI) */
f_ran_register_imsi(g_pars.imsi, g_pars.tmsi);
f_vty_sms_send(hex2str(pars.imsi), "2342", "Hello SMS");
/* MSC->BSC: expect PAGING from MSC */
f_expect_paging();
/* Establish DTAP / BSSAP / SCCP connection */
f_establish_fully(EST_TYPE_PAG_RESP);
spars.tp.ud := 'C8329BFD064D9B53'O;
f_mt_sms(spars);
f_expect_clear();
}
testcase TC_lu_and_mt_sms() runs on MTC_CT {
var BSC_ConnHdlrPars pars;
var BSC_ConnHdlr vc_conn;
f_init();
pars := f_init_pars(43);
vc_conn := f_start_handler_with_pars(refers(f_tc_lu_and_mt_sms), pars);
vc_conn.done;
}
/* SMS added while already Paging */
friend function f_tc_lu_and_mt_sms_already_paging(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
var SmsParameters spars := valueof(t_SmsPars);
var OCT4 tmsi;
f_init_handler(pars);
f_perform_lu();
/* register an 'expect' for given IMSI (+TMSI) */
if (isvalue(g_pars.tmsi)) {
tmsi := g_pars.tmsi;
} else {
tmsi := 'FFFFFFFF'O;
}
f_ran_register_imsi(g_pars.imsi, tmsi);
log("first SMS");
f_vty_sms_send(hex2str(pars.imsi), "2342", "Hello SMS");
/* MSC->BSC: expect PAGING from MSC */
f_expect_paging();
log("second SMS");
/* Now osmo-msc is in state "Paging pending", make sure that another SMS to be sent at this time just joins in
* with the pending paging. Another SMS: */
f_vty_sms_send(hex2str(pars.imsi), "2342", "Another SMS");
/* Establish DTAP / BSSAP / SCCP connection */
f_establish_fully(EST_TYPE_PAG_RESP);
spars.tp.ud := 'C8329BFD064D9B53'O;
f_mt_sms(spars);
spars.tp.ud := '41F79B8E2ECB41D3E614'O;
f_mt_sms(spars);
f_expect_clear();
}
testcase TC_lu_and_mt_sms_already_paging() runs on MTC_CT {
var BSC_ConnHdlrPars pars;
var BSC_ConnHdlr vc_conn;
f_init();
pars := f_init_pars(44);
vc_conn := f_start_handler_with_pars(refers(f_tc_lu_and_mt_sms_already_paging), pars);
vc_conn.done;
}
/* Paging for MT SMS but no response */
friend function f_tc_lu_and_mt_sms_paging_and_nothing(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
var SmsParameters spars := valueof(t_SmsPars);
f_init_handler(pars, 150.0);
/* Perform location update */
f_perform_lu();
/* register an 'expect' for given IMSI (+TMSI) */
f_ran_register_imsi(g_pars.imsi, g_pars.tmsi);
f_vty_sms_send(hex2str(pars.imsi), "2342", "Hello SMS");
/* Expect the MSC to page exactly once */
f_expect_paging();
/* Wait some time to make sure the MSC is not delivering any further
* paging messages or anything else that could be unexpected. */
timer T := 20.0;
T.start
alt {
[pars.ran_is_geran] BSSAP.receive(tr_BSSMAP_Paging(g_pars.imsi)) {
setverdict(fail, "paging seems not to stop!");
mtc.stop;
}
[not pars.ran_is_geran] BSSAP.receive(tr_RANAP_Paging(cs_domain, imsi_hex2oct(g_pars.imsi))) {
setverdict(fail, "paging seems not to stop!");
mtc.stop;
}
[] BSSAP.receive {
setverdict(fail, "unexpected BSSAP message received");
self.stop;
}
[] T.timeout {
setverdict(pass);
}
}
f_vty_sms_clear(hex2str(g_pars.imsi));
setverdict(pass);
}
testcase TC_lu_and_mt_sms_paging_and_nothing() runs on MTC_CT {
var BSC_ConnHdlrPars pars;
var BSC_ConnHdlr vc_conn;
f_init();
pars := f_init_pars(1843);
vc_conn := f_start_handler_with_pars(refers(f_tc_lu_and_mt_sms_paging_and_nothing), pars);
vc_conn.done;
}
/* LU followed by MT SMS with repeated paging */
friend function f_tc_lu_and_mt_sms_paging_repeated(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
var SmsParameters spars := valueof(t_SmsPars);
f_init_handler(pars);
/* Perform location update and call */
f_perform_lu();
/* register an 'expect' for given IMSI (+TMSI) */
f_ran_register_imsi(g_pars.imsi, g_pars.tmsi);
f_vty_sms_send(hex2str(pars.imsi), "2342", "Hello SMS");
log("Expecting first Paging");
/* MSC->BSC: expect PAGING from MSC */
f_expect_paging();
if (g_pars.ran_is_geran) {
log("GERAN: expect no further Paging");
} else {
log("UTRAN: expect more Paging");
}
timer T := 5.0;
T.start;
alt {
[g_pars.ran_is_geran] BSSAP.receive(tr_BSSMAP_Paging(g_pars.imsi)) {
setverdict(fail, "GERAN should not repeat Paging, but received a second Paging");
mtc.stop;
}
[not g_pars.ran_is_geran] BSSAP.receive(tr_RANAP_Paging(cs_domain, imsi_hex2oct(g_pars.imsi))) {
log("UTRAN: second Paging received, as expected");
setverdict(pass);
}
[] T.timeout {
if (g_pars.ran_is_geran) {
log("GERAN: No further Paging received, as expected");
setverdict(pass);
} else {
setverdict(fail, "UTRAN: Expected a second Paging");
mtc.stop;
}
}
}
/* Establish DTAP / BSSAP / SCCP connection */
f_establish_fully(EST_TYPE_PAG_RESP);
spars.tp.ud := 'C8329BFD064D9B53'O;
f_mt_sms(spars);
f_expect_clear();
}
testcase TC_lu_and_mt_sms_paging_repeated() runs on MTC_CT {
var BSC_ConnHdlrPars pars;
var BSC_ConnHdlr vc_conn;
f_init();
pars := f_init_pars(1844);
vc_conn := f_start_handler_with_pars(refers(f_tc_lu_and_mt_sms_paging_repeated), pars);
vc_conn.done;
}
/* mobile originated SMS from MS/BTS/BSC side to SMPP */
friend function f_tc_smpp_mo_sms(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
var SmsParameters spars := valueof(t_SmsPars);
f_init_handler(pars);
/* Perform location update so IMSI is known + registered in MSC/VLR */
f_perform_lu();
/* MS/UE submits a MO SMS */
f_establish_fully(EST_TYPE_MO_SMS);
f_mo_sms_submit(spars);
var SMPP_PDU smpp;
var template SMPP_PDU tr_smpp := tr_SMPP(c_SMPP_command_id_deliver_sm, ESME_ROK);
tr_smpp.body.deliver_sm := {
service_type := "CMT",
source_addr_ton := network_specific,
source_addr_npi := isdn,
source_addr := hex2str(pars.msisdn),
dest_addr_ton := f_sm_ton_from_gsm(spars.tp.da.tP_DA_NoPad.tP_TypeOfNumber),
dest_addr_npi := f_sm_npi_from_gsm(spars.tp.da.tP_DA_NoPad.tP_NumberingPlanID),
destination_addr := hex2str(spars.tp.da.tP_DA_NoPad.tP_DAValue),
esm_class := '00000001'B,
protocol_id := 0,
priority_flag := 0,
schedule_delivery_time := "",
replace_if_present := 0,
data_coding := '00000001'B,
sm_default_msg_id := 0,
sm_length := ?,
short_message := spars.tp.ud,
opt_pars := {
{
tag := user_message_reference,
len := 2,
opt_value := {
int2_val := oct2int(spars.tp.msg_ref)
}
}
}
};
alt {
[] SMPP.receive(tr_smpp) -> value smpp {
SMPP.send(ts_SMPP_DELIVER_SM_resp(ESME_ROK, smpp.header.seq_num));
}
[] SMPP.receive(tr_SMPP(c_SMPP_command_id_alert_notification, ESME_ROK)) { repeat; }
}
/* MSC terminates the SMS transaction with RP-ACK */
f_mo_sms_wait_rp_ack(spars);
f_expect_clear();
}
testcase TC_smpp_mo_sms() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
f_vty_config2(MSCVTY, { "smpp", "esme msc_tester"}, "default-route");
vc_conn := f_start_handler(refers(f_tc_smpp_mo_sms), 44);
vc_conn.done;
f_vty_config2(MSCVTY, { "smpp", "esme msc_tester"}, "no default-route");
}
/* Test case for OS#4351: make sure that RP-ERROR from ESME is properly sent to the MS/UE */
friend function f_tc_smpp_mo_sms_rp_error(charstring id, BSC_ConnHdlrPars pars)
runs on BSC_ConnHdlr {
var SmsParameters spars := valueof(t_SmsPars);
var SMPP_PDU smpp_pdu;
timer T := 3.0;
f_init_handler(pars);
/* Perform location update */
f_perform_lu();
/* MS/UE submits a MO SMS */
f_establish_fully(EST_TYPE_MO_SMS);
f_mo_sms_submit(spars);
/* ESME responds with an error (Invalid Destination Address) */
T.start;
alt {
[] SMPP.receive(tr_SMPP(c_SMPP_command_id_deliver_sm, ESME_ROK, body := ?)) -> value smpp_pdu {
SMPP.send(ts_SMPP_DELIVER_SM_resp(ESME_RINVDSTADR, smpp_pdu.header.seq_num));
}
[] SMPP.receive(tr_SMPP(c_SMPP_command_id_alert_notification, ESME_ROK)) { repeat; }
[] T.timeout {
setverdict(fail, "Timeout waiting for SMPP DELIVER-SM");
mtc.stop;
}
}
/* Expect RP-ERROR on BSSAP interface */
spars.exp_rp_err := 1; /* FIXME: GSM411_RP_CAUSE_MO_NUM_UNASSIGNED */
f_mo_sms_wait_rp_ack(spars);
f_expect_clear();
}
testcase TC_smpp_mo_sms_rp_error() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
f_vty_config2(MSCVTY, { "smpp", "esme msc_tester"}, "default-route");
vc_conn := f_start_handler(refers(f_tc_smpp_mo_sms_rp_error), 45);
vc_conn.done;
f_vty_config2(MSCVTY, { "smpp", "esme msc_tester"}, "no default-route");
}
/* Test MO-SMS from MS/BTS/BSC towards HLR (via GSUP) */
friend function f_tc_gsup_mo_sms(charstring id, BSC_ConnHdlrPars pars)
runs on BSC_ConnHdlr {
var SmsParameters spars := valueof(t_SmsPars);
var GSUP_PDU gsup_msg_rx;
var octetstring sm_tpdu;
f_init_handler(pars);
/* We need to inspect GSUP activity */
f_create_gsup_expect(hex2str(g_pars.imsi));
/* Perform location update */
f_perform_lu();
/* Send CM Service Request for SMS */
f_establish_fully(EST_TYPE_MO_SMS);
/* Prepare expected SM-RP-UI (SM TPDU) */
enc_TPDU_RP_DATA_MS_SGSN_fast(
valueof(ts_SMS_SUBMIT(spars.tp.msg_ref,
spars.tp.da, spars.tp.pid, spars.tp.dcs,
spars.tp.udl, spars.tp.ud)),
sm_tpdu);
var template GSUP_PDU mo_forwardSM := tr_GSUP_MO_FORWARD_SM_REQ(
imsi := g_pars.imsi,
sm_rp_mr := spars.rp.msg_ref,
/* SM-RP-DA: SMSC address */
sm_rp_da := tr_GSUP_SM_RP_DA_SMSC_ADDR(t_GSUP_SM_RP_Addr(
number := spars.rp.smsc_addr.rP_NumberDigits,
npi := spars.rp.smsc_addr.rP_NumberingPlanIdentification,
ton := spars.rp.smsc_addr.rP_TypeOfNumber,
ext := spars.rp.smsc_addr.rP_Ext)),
/* SM-RP-OA: subscriber's MSISDN (filled in by MSC) */
sm_rp_oa := tr_GSUP_SM_RP_OA_MSISDN(t_GSUP_SM_RP_Addr(
number := g_pars.msisdn,
/* NOTE: MSISDN in g_pars lacks this info, assuming defaults */
npi := '0001'B, ton := '001'B, ext := '1'B)),
/* TODO: can we use decmatch here? */
sm_rp_ui := sm_tpdu
);
/* Submit an SMS on DTAP and expect MO-forwardSM-Req on GSUP */
f_mo_sms_submit(spars);
alt {
[] GSUP.receive(mo_forwardSM) -> value gsup_msg_rx {
log("RX MO-forwardSM-Req: ", gsup_msg_rx);
setverdict(pass);
}
[] GSUP.receive {
log("RX unexpected GSUP message");
setverdict(fail);
mtc.stop;
}
}
/* Trigger RP-ACK by sending MO-forwardSM-Res */
GSUP.send(valueof(ts_GSUP_MO_FORWARD_SM_RES(
imsi := g_pars.imsi,
sm_rp_mr := spars.rp.msg_ref)));
/* Expect RP-ACK on DTAP */
f_mo_sms_wait_rp_ack(spars);
f_expect_clear();
}
testcase TC_gsup_mo_sms() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
f_vty_config(MSCVTY, "msc", "sms-over-gsup");
vc_conn := f_start_handler(refers(f_tc_gsup_mo_sms), 88);
vc_conn.done;
f_vty_config(MSCVTY, "msc", "no sms-over-gsup");
}
/* Test MO-SMMA from MS/BTS/BSC towards HLR (via GSUP) */
friend function f_tc_gsup_mo_smma(charstring id, BSC_ConnHdlrPars pars)
runs on BSC_ConnHdlr {
var SmsParameters spars := valueof(t_SmsPars);
var GSUP_PDU gsup_msg_rx;
f_init_handler(pars);
/* We need to inspect GSUP activity */
f_create_gsup_expect(hex2str(g_pars.imsi));
/* Perform location update */
f_perform_lu();
/* Send CM Service Request for SMS */
f_establish_fully(EST_TYPE_MO_SMS);
var template GSUP_PDU mo_ReadyForSM := tr_GSUP_MO_READY_FOR_SM_REQ(
imsi := g_pars.imsi,
sm_rp_mr := spars.rp.msg_ref,
sm_alert_rsn := GSUP_SM_ALERT_RSN_TYPE_MEM_AVAIL
);
/* Submit an SMS on DTAP and expect MO-forwardSM-Req on GSUP */
f_mo_smma(spars);
alt {
[] GSUP.receive(mo_ReadyForSM) -> value gsup_msg_rx {
log("RX MO-ReadyForSM-Req: ", gsup_msg_rx);
setverdict(pass);
}
[] GSUP.receive {
log("RX unexpected GSUP message");
setverdict(fail);
mtc.stop;
}
}
/* Trigger RP-ACK by sending MO-forwardSM-Res */
GSUP.send(valueof(ts_GSUP_MO_READY_FOR_SM_RES(
imsi := g_pars.imsi,
sm_rp_mr := spars.rp.msg_ref)));
/* Expect RP-ACK on DTAP */
f_mo_sms_wait_rp_ack(spars);
f_expect_clear();
}
testcase TC_gsup_mo_smma() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
f_vty_config(MSCVTY, "msc", "sms-over-gsup");
vc_conn := f_start_handler(refers(f_tc_gsup_mo_smma), 89);
vc_conn.done;
f_vty_config(MSCVTY, "msc", "no sms-over-gsup");
}
/* Helper for sending MT SMS over GSUP */
private function f_gsup_forwardSM_req(SmsParameters spars, OCT1 mms := '00'O)
runs on BSC_ConnHdlr {
var GSUP_SM_RP_Addr msisdn := valueof(t_GSUP_SM_RP_Addr(g_pars.msisdn));
var GSUP_SM_RP_Addr smsc := valueof(t_GSUP_SM_RP_Addr(
number := spars.rp.smsc_addr.rP_NumberDigits,
npi := spars.rp.smsc_addr.rP_NumberingPlanIdentification,
ton := spars.rp.smsc_addr.rP_TypeOfNumber,
ext := spars.rp.smsc_addr.rP_Ext));
GSUP.send(ts_GSUP_MT_FORWARD_SM_REQ(
imsi := g_pars.imsi,
/* NOTE: MSC should assign RP-MR itself */
sm_rp_mr := 'FF'O,
sm_rp_da := valueof(ts_GSUP_SM_RP_DA_MSISDN(msisdn)),
sm_rp_oa := valueof(ts_GSUP_SM_RP_OA_SMSC_ADDR(smsc)),
/* Encoded SMS TPDU (taken from Wireshark)
* FIXME: we should encode spars somehow */
sm_rp_ui := '00068021436500008111328130858200'O,
sm_rp_mms := mms
));
}
/* Test successful MT-SMS (RP-ACK) over GSUP */
friend function f_tc_gsup_mt_sms_ack(charstring id, BSC_ConnHdlrPars pars)
runs on BSC_ConnHdlr {
var SmsParameters spars := valueof(t_SmsPars);
f_init_handler(pars);
/* We need to inspect GSUP activity */
f_create_gsup_expect(hex2str(g_pars.imsi));
/* Perform location update */
f_perform_lu();
/* Register an 'expect' for given IMSI (+TMSI) */
f_ran_register_imsi(g_pars.imsi, g_pars.tmsi);
var template GSUP_PDU mt_forwardSM_res := tr_GSUP_MT_FORWARD_SM_RES(
imsi := g_pars.imsi,
/* NOTE: MSC should assign RP-MR itself */
sm_rp_mr := ?
);
/* Submit a MT SMS on GSUP */
f_gsup_forwardSM_req(spars);
/* Expect Paging Request and Establish DTAP / BSSAP / SCCP connection */
f_expect_paging();
f_establish_fully(EST_TYPE_PAG_RESP);
/* Wait for MT SMS on DTAP */
f_mt_sms_expect(spars);
/* Send RP-ACK and expect MT-forwardSM-Res on GSUP */
f_mt_sms_send_rp_ack(spars);
alt {
[] GSUP.receive(mt_forwardSM_res) {
log("RX MT-forwardSM-Res (RP-ACK)");
setverdict(pass);
}
[] GSUP.receive {
log("RX unexpected GSUP message");
setverdict(fail);
mtc.stop;
}
}
f_expect_clear();
}
testcase TC_gsup_mt_sms_ack() runs on MTC_CT {
var BSC_ConnHdlrPars pars;
var BSC_ConnHdlr vc_conn;
f_init();
pars := f_init_pars(90);
f_vty_config(MSCVTY, "msc", "sms-over-gsup");
vc_conn := f_start_handler_with_pars(refers(f_tc_gsup_mt_sms_ack), pars);
vc_conn.done;
f_vty_config(MSCVTY, "msc", "no sms-over-gsup");
}
/* Test rejected MT-SMS (RP-ERROR) over GSUP */
friend function f_tc_gsup_mt_sms_err(charstring id, BSC_ConnHdlrPars pars)
runs on BSC_ConnHdlr {
var SmsParameters spars := valueof(t_SmsPars);
var OCT1 sm_rp_cause := '78'O; /* dummy RP-Cause value */
f_init_handler(pars);
/* We need to inspect GSUP activity */
f_create_gsup_expect(hex2str(g_pars.imsi));
/* Perform location update */
f_perform_lu();
/* Register an 'expect' for given IMSI (+TMSI) */
f_ran_register_imsi(g_pars.imsi, g_pars.tmsi);
var template GSUP_PDU mt_forwardSM_err := tr_GSUP_MT_FORWARD_SM_ERR(
imsi := g_pars.imsi,
/* NOTE: MSC should assign RP-MR itself */
sm_rp_mr := ?,
sm_rp_cause := sm_rp_cause
);
/* Submit a MT SMS on GSUP */
f_gsup_forwardSM_req(spars);
/* Expect Paging Request and Establish DTAP / BSSAP / SCCP connection */
f_expect_paging();
f_establish_fully(EST_TYPE_PAG_RESP);
/* Wait for MT SMS on DTAP */
f_mt_sms_expect(spars);
/* Send RP-ERROR and expect MT-forwardSM-Err on GSUP */
f_mt_sms_send_rp_error(spars, oct2int(sm_rp_cause));
alt {
[] GSUP.receive(mt_forwardSM_err) {
log("RX MT-forwardSM-Err (RP-ERROR)");
setverdict(pass);
mtc.stop;
}
[] GSUP.receive {
log("RX unexpected GSUP message");
setverdict(fail);
mtc.stop;
}
}
f_expect_clear();
}
testcase TC_gsup_mt_sms_err() runs on MTC_CT {
var BSC_ConnHdlrPars pars;
var BSC_ConnHdlr vc_conn;
f_init();
pars := f_init_pars(91);
f_vty_config(MSCVTY, "msc", "sms-over-gsup");
vc_conn := f_start_handler_with_pars(refers(f_tc_gsup_mt_sms_err), pars);
vc_conn.done;
f_vty_config(MSCVTY, "msc", "no sms-over-gsup");
}
/* Test SM-RP-MR assignment for MT-SMS over GSUP */
friend function f_tc_gsup_mt_sms_rp_mr(charstring id, BSC_ConnHdlrPars pars)
runs on BSC_ConnHdlr {
var SmsParameters spars1 := valueof(t_SmsPars); /* 1st SMS */
var SmsParameters spars2 := valueof(t_SmsPars); /* 2nd SMS */
f_init_handler(pars);
/* We need to inspect GSUP activity */
f_create_gsup_expect(hex2str(g_pars.imsi));
/* Perform location update */
f_perform_lu();
/* Register an 'expect' for given IMSI (+TMSI) */
f_ran_register_imsi(g_pars.imsi, g_pars.tmsi);
/* Submit the 1st MT SMS on GSUP */
log("TX MT-forwardSM-Req for the 1st SMS");
f_gsup_forwardSM_req(spars1);
/* Expect Paging Request and Establish DTAP / BSSAP / SCCP connection */
f_expect_paging();
f_establish_fully(EST_TYPE_PAG_RESP);
/* Wait for 1st MT SMS on DTAP */
f_mt_sms_expect(spars1);
log("RX the 1st SMS on DTAP, DTAP TID is ", spars1.tid,
", SM-RP-MR is ", spars1.rp.msg_ref);
/* Submit the 2nd MT SMS on GSUP */
log("TX MT-forwardSM-Req for the 2nd SMS");
f_gsup_forwardSM_req(spars2);
/* Wait for 2nd MT SMS on DTAP */
f_mt_sms_expect(spars2);
log("RX the 2nd SMS on DTAP, DTAP TID is ", spars2.tid,
", SM-RP-MR is ", spars2.rp.msg_ref);
/* Both transaction IDs shall be different */
if (spars1.tid == spars2.tid) {
log("Both DTAP transaction IDs shall be different");
setverdict(fail);
}
/* Both SM-RP-MR values shall be different */
if (spars1.rp.msg_ref == spars2.rp.msg_ref) {
log("Both SM-RP-MR values shall be different");
setverdict(fail);
}
/* Both SM-RP-MR values shall be assigned */
if (spars1.rp.msg_ref == 'FF'O) {
log("Unassigned SM-RP-MR value for the 1st SMS");
setverdict(fail);
}
if (spars2.rp.msg_ref == 'FF'O) {
log("Unassigned SM-RP-MR value for the 2nd SMS");
setverdict(fail);
}
/* Send the 1st RP-ACK and expect MT-forwardSM-Res on GSUP */
f_mt_sms_send_rp_ack(spars1);
alt {
[] GSUP.receive(tr_GSUP_MT_FORWARD_SM_RES(
imsi := g_pars.imsi,
sm_rp_mr := spars1.rp.msg_ref
)) {
log("RX MT-forwardSM-Res (RP-ACK)");
setverdict(pass);
}
[] GSUP.receive {
log("RX unexpected GSUP message");
setverdict(fail);
mtc.stop;
}
}
/* Send the 2nd RP-ACK and expect MT-forwardSM-Res on GSUP */
f_mt_sms_send_rp_ack(spars2);
alt {
[] GSUP.receive(tr_GSUP_MT_FORWARD_SM_RES(
imsi := g_pars.imsi,
sm_rp_mr := spars2.rp.msg_ref
)) {
log("RX MT-forwardSM-Res (RP-ACK)");
setverdict(pass);
}
[] GSUP.receive {
log("RX unexpected GSUP message");
setverdict(fail);
mtc.stop;
}
}
f_expect_clear();
}
testcase TC_gsup_mt_sms_rp_mr() runs on MTC_CT {
var BSC_ConnHdlrPars pars;
var BSC_ConnHdlr vc_conn;
f_init();
pars := f_init_pars(92);
f_vty_config(MSCVTY, "msc", "sms-over-gsup");
vc_conn := f_start_handler_with_pars(refers(f_tc_gsup_mt_sms_rp_mr), pars);
vc_conn.done;
f_vty_config(MSCVTY, "msc", "no sms-over-gsup");
}
/* Test SM-RP-MR assignment for MT-SMS over GSUP */
friend function f_tc_gsup_mo_mt_sms_rp_mr(charstring id, BSC_ConnHdlrPars pars)
runs on BSC_ConnHdlr {
var SmsParameters spars_mo := valueof(t_SmsPars); /* MO SMMA */
var SmsParameters spars_mt := valueof(t_SmsPars); /* MT SMS */
f_init_handler(pars);
/* We need to inspect GSUP activity */
f_create_gsup_expect(hex2str(g_pars.imsi));
/* Perform location update */
f_perform_lu();
/* Register an 'expect' for given IMSI (+TMSI) */
f_ran_register_imsi(g_pars.imsi, g_pars.tmsi);
/* Send CM Service Request for MO SMMA */
f_establish_fully(EST_TYPE_MO_SMS);
/* Submit MO SMMA on DTAP */
log("Submit MO SMMA on DTAP, SM-RP-MR is '00'O");
spars_mo.rp.msg_ref := '00'O;
f_mo_smma(spars_mo);
/* Expect MO-forwardSM-Req for MO SMMA on GSUP */
alt {
[] GSUP.receive(tr_GSUP_MO_READY_FOR_SM_REQ(
imsi := g_pars.imsi,
sm_rp_mr := spars_mo.rp.msg_ref,
sm_alert_rsn := GSUP_SM_ALERT_RSN_TYPE_MEM_AVAIL
)) {
log("RX MO-ReadyForSM-Req, SM-RP-MR is '00'O");
setverdict(pass);
}
[] GSUP.receive {
log("RX unexpected GSUP message");
setverdict(fail);
mtc.stop;
}
}
/* Submit MT SMS on GSUP */
log("TX MT-forwardSM-Req for the MT SMS");
f_gsup_forwardSM_req(spars_mt);
/* Wait for MT SMS on DTAP */
f_mt_sms_expect(spars_mt);
log("RX MT SMS on DTAP, DTAP TID is ", spars_mt.tid,
", SM-RP-MR is ", spars_mt.rp.msg_ref);
/* Both SM-RP-MR values shall be different */
if (spars_mo.rp.msg_ref == spars_mt.rp.msg_ref) {
log("Both SM-RP-MR values shall be different");
setverdict(fail);
}
/* SM-RP-MR value for MT SMS shall be assigned */
if (spars_mt.rp.msg_ref == 'FF'O) {
log("Unassigned SM-RP-MR value for the MT SMS");
setverdict(fail);
}
/* Trigger RP-ACK for MO SMMA by sending MO-forwardSM-Res */
GSUP.send(valueof(ts_GSUP_MO_READY_FOR_SM_RES(
imsi := g_pars.imsi,
sm_rp_mr := spars_mo.rp.msg_ref)));
/* Expect RP-ACK for MO SMMA on DTAP */
f_mo_sms_wait_rp_ack(spars_mo);
/* Send RP-ACK for MT SMS and expect MT-forwardSM-Res on GSUP */
f_mt_sms_send_rp_ack(spars_mt);
alt {
[] GSUP.receive(tr_GSUP_MT_FORWARD_SM_RES(
imsi := g_pars.imsi,
sm_rp_mr := spars_mt.rp.msg_ref
)) {
log("RX MT-forwardSM-Res (RP-ACK)");
setverdict(pass);
}
[] GSUP.receive {
log("RX unexpected GSUP message");
setverdict(fail);
mtc.stop;
}
}
f_expect_clear();
}
testcase TC_gsup_mo_mt_sms_rp_mr() runs on MTC_CT {
var BSC_ConnHdlrPars pars;
var BSC_ConnHdlr vc_conn;
f_init();
pars := f_init_pars(93);
f_vty_config(MSCVTY, "msc", "sms-over-gsup");
vc_conn := f_start_handler_with_pars(refers(f_tc_gsup_mo_mt_sms_rp_mr), pars);
vc_conn.done;
f_vty_config(MSCVTY, "msc", "no sms-over-gsup");
}
/* Test multi-part MT-SMS over GSUP */
private function f_tc_gsup_mt_multi_part_sms(charstring id, BSC_ConnHdlrPars pars)
runs on BSC_ConnHdlr {
var SmsParameters spars := valueof(t_SmsPars);
f_init_handler(pars);
/* We need to inspect GSUP activity */
f_create_gsup_expect(hex2str(g_pars.imsi));
/* Perform location update */
f_perform_lu();
/* Register an 'expect' for given IMSI (+TMSI) */
f_ran_register_imsi(g_pars.imsi, g_pars.tmsi);
var template GSUP_PDU mt_forwardSM_res := tr_GSUP_MT_FORWARD_SM_RES(
imsi := g_pars.imsi,
/* NOTE: MSC should assign RP-MR itself */
sm_rp_mr := ?
);
/* Send 4 messages (NOTE: SM-RP-UI remains unchanged) */
for (var integer i := 3; i >= 0; i := i-1) {
/* Submit a MT SMS on GSUP (MMS is decremented) */
f_gsup_forwardSM_req(spars, int2oct(i, 1));
/* Expect Paging Request and Establish connection */
if (i == 3) { /* ... only once! */
f_expect_paging();
f_establish_fully(EST_TYPE_PAG_RESP);
}
/* Wait for MT SMS on DTAP */
f_mt_sms_expect(spars);
/* Send RP-ACK and expect MT-forwardSM-Res on GSUP */
f_mt_sms_send_rp_ack(spars);
alt {
[] GSUP.receive(mt_forwardSM_res) {
log("RX MT-forwardSM-Res (RP-ACK)");
setverdict(pass);
}
[] GSUP.receive {
log("RX unexpected GSUP message");
setverdict(fail);
mtc.stop;
}
}
/* Keep some 'distance' between transmissions */
f_sleep(1.5);
}
f_expect_clear();
}
testcase TC_gsup_mt_multi_part_sms() runs on MTC_CT {
var BSC_ConnHdlrPars pars;
var BSC_ConnHdlr vc_conn;
f_init();
pars := f_init_pars(91);
f_vty_config(MSCVTY, "msc", "sms-over-gsup");
vc_conn := f_start_handler_with_pars(refers(f_tc_gsup_mt_multi_part_sms), pars);
vc_conn.done;
f_vty_config(MSCVTY, "msc", "no sms-over-gsup");
}
/* convert GSM L3 TON to SMPP_TON enum */
function f_sm_ton_from_gsm(BIT3 ton) return SMPP_TON {
select (ton) {
case ('000'B) { return unknown; }
case ('001'B) { return international; }
case ('010'B) { return national; }
case ('011'B) { return network_specific; }
case ('100'B) { return subscriber_number; }
case ('101'B) { return alphanumeric; }
case ('110'B) { return abbreviated; }
}
setverdict(fail, "Unknown TON ", ton);
mtc.stop;
}
/* convert GSM L3 NPI to SMPP_NPI enum */
function f_sm_npi_from_gsm(BIT4 npi) return SMPP_NPI {
select (npi) {
case ('0000'B) { return unknown; }
case ('0001'B) { return isdn; }
case ('0011'B) { return data; }
case ('0100'B) { return telex; }
case ('0110'B) { return land_mobile; }
case ('1000'B) { return national; }
case ('1001'B) { return private_; }
case ('1010'B) { return ermes; }
}
setverdict(fail, "Unknown NPI ", npi);
mtc.stop;
}
/* build a SMPP_SM from SmsParameters */
function f_mt_sm_from_spars(SmsParameters spars)
runs on BSC_ConnHdlr return SMPP_SM {
var SMPP_SM sm := {
service_type := "CMT",
source_addr_ton := f_sm_ton_from_gsm(spars.tp.da.tP_DA_NoPad.tP_TypeOfNumber),
source_addr_npi := f_sm_npi_from_gsm(spars.tp.da.tP_DA_NoPad.tP_NumberingPlanID),
source_addr := hex2str(spars.tp.da.tP_DA_NoPad.tP_DAValue),
dest_addr_ton := international,
dest_addr_npi := isdn,
destination_addr := hex2str(g_pars.msisdn),
esm_class := '00000001'B,
protocol_id := 0,
priority_flag := 0,
schedule_delivery_time := "",
validity_period := "",
registered_delivery := '00000000'B,
replace_if_present := 0,
data_coding := '00000001'B,
sm_default_msg_id := 0,
sm_length := spars.tp.udl,
short_message := spars.tp.ud,
opt_pars := {}
};
return sm;
}
/* helper function to encode SMS from 'spars', send it via SMPP to MSC; receive it on MS side */
private function f_smpp_mt_sms(SmsParameters spars, boolean trans_mode) runs on BSC_ConnHdlr {
var SMPP_SM sm := f_mt_sm_from_spars(spars);
if (trans_mode) {
sm.esm_class := '00000010'B;
}
/* actually cause MSC to send a SMS via SUBMIT-SM from SMPP side */
SMPP.send(ts_SMPP_SUBMIT_SM(sm));
if (not match(sm.esm_class, tr_ESM_CLASS_TRANSACTION)) {
/* if we're not in SMPP transaction mode, we expect the SMPP-level ACK
* before we expect the SMS delivery on the BSC/radio side */
SMPP.receive(tr_SMPP(c_SMPP_command_id_submit_sm_resp, ESME_ROK));
}
/* MSC->BSC: expect PAGING from MSC */
f_expect_paging();
/* Establish DTAP / BSSAP / SCCP connection */
f_establish_fully(EST_TYPE_PAG_RESP);
SMPP.receive(tr_SMPP(c_SMPP_command_id_alert_notification, ESME_ROK));
f_mt_sms(spars);
if (match(sm.esm_class, tr_ESM_CLASS_TRANSACTION)) {
SMPP.receive(tr_SMPP(c_SMPP_command_id_submit_sm_resp, ESME_ROK));
}
f_expect_clear();
}
/* mobile terminated SMS, from SMPP to BSC/BTS/MS */
private function f_tc_smpp_mt_sms(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
f_init_handler(pars);
/* Perform location update so IMSI is known + registered in MSC/VLR */
f_perform_lu();
SMPP.receive(tr_SMPP(c_SMPP_command_id_alert_notification, ESME_ROK));
/* register an 'expect' for given IMSI (+TMSI) */
f_ran_register_imsi(g_pars.imsi, g_pars.tmsi);
var SmsParameters spars := valueof(t_SmsPars);
/* TODO: test with more intelligent user data; test different coding schemes */
spars.tp.ud := '00'O;
spars.tp.udl := 1;
/* first test the non-transaction store+forward mode */
f_smpp_mt_sms(spars, false);
/* then test the transaction mode */
f_smpp_mt_sms(spars, true);
}
testcase TC_smpp_mt_sms() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
vc_conn := f_start_handler(refers(f_tc_smpp_mt_sms), 45);
vc_conn.done;
}
/***********************************************************************
* USSD Testing
***********************************************************************/
private altstep as_unexp_gsup_or_bssap_msg()
runs on BSC_ConnHdlr {
[] GSUP.receive {
setverdict(fail, "Unknown/unexpected GSUP received");
self.stop;
}
[] BSSAP.receive {
setverdict(fail, "Unknown/unexpected BSSAP message received");
self.stop;
}
}
private function f_expect_gsup_msg(template GSUP_PDU msg,
float T_val := 2.0)
runs on BSC_ConnHdlr return GSUP_PDU {
var GSUP_PDU gsup_msg_complete;
timer T := T_val;
T.start;
alt {
[] GSUP.receive(msg) -> value gsup_msg_complete {
setverdict(pass);
}
/* We don't expect anything else */
[] as_unexp_gsup_or_bssap_msg();
[] T.timeout {
setverdict(fail, "Timeout waiting for GSUP message: ", msg);
}
}
return gsup_msg_complete;
}
private function f_expect_mt_dtap_msg(template PDU_ML3_NW_MS msg,
float T_val := 2.0)
runs on BSC_ConnHdlr return PDU_ML3_NW_MS {
var PDU_DTAP_MT bssap_msg_complete;
timer T := T_val;
T.start;
alt {
[] BSSAP.receive(tr_PDU_DTAP_MT(msg)) -> value bssap_msg_complete {
setverdict(pass);
}
/* We don't expect anything else */
[] as_unexp_gsup_or_bssap_msg();
[] T.timeout {
setverdict(fail, "Timeout waiting for BSSAP message: ", msg);
}
}
return bssap_msg_complete.dtap;
}
/* LU followed by MO USSD request */
friend function f_tc_lu_and_mo_ussd_single_request(charstring id, BSC_ConnHdlrPars pars)
runs on BSC_ConnHdlr {
f_init_handler(pars);
/* Perform location update */
f_perform_lu();
/* Send CM Service Request for SS/USSD */
f_establish_fully(EST_TYPE_SS_ACT);
/* We need to inspect GSUP activity */
f_create_gsup_expect(hex2str(g_pars.imsi));
var template OCTN facility_req := f_USSD_FACILITY_IE_INVOKE(
invoke_id := 5, /* Phone may not start from 0 or 1 */
op_code := SS_OP_CODE_PROCESS_USS_REQ,
ussd_string := "*#100#"
);
var template OCTN facility_rsp := f_USSD_FACILITY_IE_RETURN_RESULT(
invoke_id := 5, /* InvokeID shall be the same for both REQ and RSP */
op_code := SS_OP_CODE_PROCESS_USS_REQ,
ussd_string := "Your extension is " & hex2str(g_pars.msisdn) & "\r"
)
/* Compose a new SS/REGISTER message with request */
var template (value) PDU_ML3_MS_NW ussd_req := ts_ML3_MO_SS_REGISTER(
tid := 1, /* We just need a single transaction */
ti_flag := c_TIF_ORIG, /* Sent from the side that originates the TI */
facility := valueof(facility_req)
);
/* Compose SS/RELEASE_COMPLETE template with expected response */
var template PDU_ML3_NW_MS ussd_rsp := tr_ML3_MT_SS_RELEASE_COMPLETE(
tid := 1, /* Response should arrive within the same transaction */
ti_flag := c_TIF_REPL, /* Sent to the side that originates the TI */
facility := valueof(facility_rsp)
);
/* Compose expected MSC -> HLR message */
var template GSUP_PDU gsup_req := tr_GSUP_PROC_SS_REQ(
imsi := g_pars.imsi,
state := OSMO_GSUP_SESSION_STATE_BEGIN,
ss := valueof(facility_req)
);
/* To be used for sending response with correct session ID */
var GSUP_PDU gsup_req_complete;
/* Request own number */
BSSAP.send(ts_PDU_DTAP_MO(ussd_req));
/* Expect GSUP message containing the SS payload */
gsup_req_complete := f_expect_gsup_msg(gsup_req);
/* Compose the response from HLR using received session ID */
var template GSUP_PDU gsup_rsp := ts_GSUP_PROC_SS_REQ(
imsi := g_pars.imsi,
sid := gsup_req_complete.ies[1].val.session_id,
state := OSMO_GSUP_SESSION_STATE_END,
ss := valueof(facility_rsp)
);
/* Finally, HLR terminates the session */
GSUP.send(gsup_rsp);
/* Expect RELEASE_COMPLETE message with the response */
f_expect_mt_dtap_msg(ussd_rsp);
f_expect_clear();
}
testcase TC_lu_and_mo_ussd_single_request() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
vc_conn := f_start_handler(refers(f_tc_lu_and_mo_ussd_single_request), 46);
vc_conn.done;
}
/* LU followed by MT USSD notification */
friend function f_tc_lu_and_mt_ussd_notification(charstring id, BSC_ConnHdlrPars pars)
runs on BSC_ConnHdlr {
timer T := 5.0;
f_init_handler(pars);
/* Perform location update */
f_perform_lu();
f_ran_register_imsi(g_pars.imsi, g_pars.tmsi);
/* We need to inspect GSUP activity */
f_create_gsup_expect(hex2str(g_pars.imsi));
/* Facility IE with network-originated USSD notification */
var template OCTN facility_req := f_USSD_FACILITY_IE_INVOKE(
op_code := SS_OP_CODE_USS_NOTIFY,
ussd_string := "Mahlzeit!"
);
/* Facility IE with acknowledgment to the USSD notification */
var template OCTN facility_rsp := enc_SS_FacilityInformation(
/* In case of USSD notification, Return Result is empty */
valueof(ts_SS_USSD_FACILITY_RETURN_RESULT_EMPTY())
);
/* Compose a new MT SS/REGISTER message with USSD notification */
var template PDU_ML3_NW_MS ussd_ntf := tr_ML3_MT_SS_REGISTER(
tid := 0, /* FIXME: most likely, it should be 0 */
ti_flag := c_TIF_ORIG, /* Sent from the side that originates the TI */
facility := valueof(facility_req)
);
/* Compose HLR -> MSC GSUP message */
var template (value) GSUP_PDU gsup_req := ts_GSUP_PROC_SS_REQ(
imsi := g_pars.imsi,
sid := g_pars.gsup_sid,
state := OSMO_GSUP_SESSION_STATE_BEGIN,
ss := valueof(facility_req)
);
/* Send it to MSC and expect Paging Request */
GSUP.send(gsup_req);
T.start;
alt {
[pars.ran_is_geran] BSSAP.receive(tr_BSSMAP_Paging(g_pars.imsi)) {
setverdict(pass);
}
[not pars.ran_is_geran] BSSAP.receive(tr_RANAP_Paging(cs_domain, imsi_hex2oct(g_pars.imsi))) {
setverdict(pass);
}
/* We don't expect anything else */
[] as_unexp_gsup_or_bssap_msg();
[] T.timeout {
setverdict(fail, "Timeout waiting for Paging Request");
}
}
/* Send Paging Response and expect USSD notification */
f_establish_fully(EST_TYPE_PAG_RESP);
/* Expect MT REGISTER message with USSD notification */
f_expect_mt_dtap_msg(ussd_ntf);
/* Compose a new MO SS/FACILITY message with empty response */
var template (value) PDU_ML3_MS_NW ussd_rsp := ts_ML3_MO_SS_FACILITY(
tid := 0, /* FIXME: it shall match the request tid */
ti_flag := c_TIF_REPL, /* Sent to the side that originates the TI */
facility := valueof(facility_rsp)
);
/* Compose expected MSC -> HLR GSUP message */
var template GSUP_PDU gsup_rsp := tr_GSUP_PROC_SS_REQ(
imsi := g_pars.imsi,
sid := g_pars.gsup_sid,
state := OSMO_GSUP_SESSION_STATE_CONTINUE,
ss := valueof(facility_rsp)
);
/* MS sends response to the notification */
BSSAP.send(ts_PDU_DTAP_MO(ussd_rsp));
/* Expect GSUP message containing the SS payload */
f_expect_gsup_msg(gsup_rsp);
/* Compose expected MT SS/RELEASE COMPLETE message */
var template PDU_ML3_NW_MS ussd_term := tr_ML3_MT_SS_RELEASE_COMPLETE(
tid := 0, /* FIXME: it shall match the request tid */
ti_flag := c_TIF_ORIG, /* Sent from the side that originates the TI */
facility := omit
);
/* Compose MSC -> HLR GSUP message */
var template GSUP_PDU gsup_term := ts_GSUP_PROC_SS_REQ(
imsi := g_pars.imsi,
sid := g_pars.gsup_sid,
state := OSMO_GSUP_SESSION_STATE_END
);
/* Finally, HLR terminates the session */
GSUP.send(gsup_term)
/* Expect MT RELEASE COMPLETE without Facility IE */
f_expect_mt_dtap_msg(ussd_term);
f_expect_clear();
}
testcase TC_lu_and_mt_ussd_notification() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
vc_conn := f_start_handler(refers(f_tc_lu_and_mt_ussd_notification), 47);
vc_conn.done;
}
/* LU followed by MT call and MO USSD request during this call */
friend function f_tc_lu_and_mo_ussd_during_mt_call(charstring id, BSC_ConnHdlrPars pars)
runs on BSC_ConnHdlr {
f_init_handler(pars);
/* Call parameters taken from f_tc_lu_and_mt_call */
var CallParameters cpars := valueof(t_CallParams('123456'H, 0));
/* Perform location update */
f_perform_lu();
/* Establish a MT call */
f_mt_call_establish(cpars);
/* Hold the call for some time */
f_sleep(1.0);
var template OCTN facility_req := f_USSD_FACILITY_IE_INVOKE(
op_code := SS_OP_CODE_PROCESS_USS_REQ,
ussd_string := "*#100#"
);
var template OCTN facility_rsp := f_USSD_FACILITY_IE_RETURN_RESULT(
op_code := SS_OP_CODE_PROCESS_USS_REQ,
ussd_string := "Your extension is " & hex2str(g_pars.msisdn) & "\r"
)
/* Compose a new SS/REGISTER message with request */
var template (value) PDU_ML3_MS_NW ussd_req := ts_ML3_MO_SS_REGISTER(
tid := 1, /* We just need a single transaction */
ti_flag := c_TIF_ORIG, /* Sent from the side that originates the TI */
facility := valueof(facility_req)
);
/* Compose SS/RELEASE_COMPLETE template with expected response */
var template PDU_ML3_NW_MS ussd_rsp := tr_ML3_MT_SS_RELEASE_COMPLETE(
tid := 1, /* Response should arrive within the same transaction */
ti_flag := c_TIF_REPL, /* Sent to the side that originates the TI */
facility := valueof(facility_rsp)
);
/* Compose expected MSC -> HLR message */
var template GSUP_PDU gsup_req := tr_GSUP_PROC_SS_REQ(
imsi := g_pars.imsi,
state := OSMO_GSUP_SESSION_STATE_BEGIN,
ss := valueof(facility_req)
);
/* To be used for sending response with correct session ID */
var GSUP_PDU gsup_req_complete;
/* Request own number */
BSSAP.send(ts_PDU_DTAP_MO(ussd_req));
/* Expect GSUP message containing the SS payload */
gsup_req_complete := f_expect_gsup_msg(gsup_req);
/* Compose the response from HLR using received session ID */
var template GSUP_PDU gsup_rsp := ts_GSUP_PROC_SS_REQ(
imsi := g_pars.imsi,
sid := gsup_req_complete.ies[1].val.session_id,
state := OSMO_GSUP_SESSION_STATE_END,
ss := valueof(facility_rsp)
);
/* Finally, HLR terminates the session */
GSUP.send(gsup_rsp);
/* Expect RELEASE_COMPLETE message with the response */
f_expect_mt_dtap_msg(ussd_rsp);
/* Hold the call for some time */
f_sleep(1.0);
/* Release the call (does Clear Complete itself) */
f_call_hangup(cpars, true);
}
testcase TC_lu_and_mo_ussd_during_mt_call() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
vc_conn := f_start_handler(refers(f_tc_lu_and_mo_ussd_during_mt_call), 48);
vc_conn.done;
}
/* BSSMAP Clear Request in the middle of a call, see OS#3062 */
friend function f_tc_mo_cc_bssmap_clear(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
f_init_handler(pars);
var CallParameters cpars := valueof(t_CallParams('12345'H, 0));
cpars.ran_clear_when_alerting := true;
f_perform_lu();
var default ccrel := activate(as_optional_cc_rel(cpars));
f_mo_call_establish(cpars);
f_expect_clear()
deactivate(ccrel);
f_sleep(1.0);
}
testcase TC_mo_cc_bssmap_clear() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
vc_conn := f_start_handler(refers(f_tc_mo_cc_bssmap_clear), 43);
vc_conn.done;
}
/* LU followed by MT call and MT USSD request during this call */
friend function f_tc_lu_and_mt_ussd_during_mt_call(charstring id, BSC_ConnHdlrPars pars)
runs on BSC_ConnHdlr {
f_init_handler(pars);
/* Call parameters taken from f_tc_lu_and_mt_call */
var CallParameters cpars := valueof(t_CallParams('123456'H, 0));
/* Perform location update */
f_perform_lu();
/* Establish a MT call */
f_mt_call_establish(cpars);
/* Hold the call for some time */
f_sleep(1.0);
var template OCTN facility_req := f_USSD_FACILITY_IE_INVOKE(
op_code := SS_OP_CODE_USS_REQUEST,
ussd_string := "Please type anything..."
);
var template OCTN facility_rsp := f_USSD_FACILITY_IE_RETURN_RESULT(
op_code := SS_OP_CODE_USS_REQUEST,
ussd_string := "Nope."
)
/* Compose MT SS/REGISTER message with network-originated request */
var template (value) PDU_ML3_NW_MS ussd_req := ts_ML3_MT_SS_REGISTER(
tid := 0, /* FIXME: most likely, it should be 0 */
ti_flag := c_TIF_ORIG, /* Sent from the side that originates the TI */
facility := valueof(facility_req)
);
/* Compose HLR -> MSC GSUP message */
var template (value) GSUP_PDU gsup_req := ts_GSUP_PROC_SS_REQ(
imsi := g_pars.imsi,
sid := g_pars.gsup_sid,
state := OSMO_GSUP_SESSION_STATE_BEGIN,
ss := valueof(facility_req)
);
/* Send it to MSC */
GSUP.send(gsup_req);
/* Expect MT REGISTER message with USSD request */
f_expect_mt_dtap_msg(ussd_req);
/* Compose a new MO SS/FACILITY message with response */
var template (value) PDU_ML3_MS_NW ussd_rsp := ts_ML3_MO_SS_FACILITY(
tid := 0, /* FIXME: it shall match the request tid */
ti_flag := c_TIF_REPL, /* Sent to the side that originates the TI */
facility := valueof(facility_rsp)
);
/* Compose expected MSC -> HLR GSUP message */
var template GSUP_PDU gsup_rsp := tr_GSUP_PROC_SS_REQ(
imsi := g_pars.imsi,
sid := g_pars.gsup_sid,
state := OSMO_GSUP_SESSION_STATE_CONTINUE,
ss := valueof(facility_rsp)
);
/* MS sends response */
BSSAP.send(ts_PDU_DTAP_MO(ussd_rsp));
f_expect_gsup_msg(gsup_rsp);
/* Compose expected MT SS/RELEASE COMPLETE message */
var template PDU_ML3_NW_MS ussd_term := tr_ML3_MT_SS_RELEASE_COMPLETE(
tid := 0, /* FIXME: it shall match the request tid */
ti_flag := c_TIF_ORIG, /* Sent from the side that originates the TI */
facility := omit
);
/* Compose MSC -> HLR GSUP message */
var template GSUP_PDU gsup_term := ts_GSUP_PROC_SS_REQ(
imsi := g_pars.imsi,
sid := g_pars.gsup_sid,
state := OSMO_GSUP_SESSION_STATE_END
);
/* Finally, HLR terminates the session */
GSUP.send(gsup_term);
/* Expect MT RELEASE COMPLETE without Facility IE */
f_expect_mt_dtap_msg(ussd_term);
/* Hold the call for some time */
f_sleep(1.0);
/* Release the call (does Clear Complete itself) */
f_call_hangup(cpars, true);
}
testcase TC_lu_and_mt_ussd_during_mt_call() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
vc_conn := f_start_handler(refers(f_tc_lu_and_mt_ussd_during_mt_call), 49);
vc_conn.done;
}
/* LU followed by MO USSD request and MO Release during transaction */
friend function f_tc_lu_and_mo_ussd_mo_release(charstring id, BSC_ConnHdlrPars pars)
runs on BSC_ConnHdlr {
f_init_handler(pars);
/* Perform location update */
f_perform_lu();
/* Send CM Service Request for SS/USSD */
f_establish_fully(EST_TYPE_SS_ACT);
/* We need to inspect GSUP activity */
f_create_gsup_expect(hex2str(g_pars.imsi));
var template OCTN facility_ms_req := f_USSD_FACILITY_IE_INVOKE(
invoke_id := 1, /* Initial request */
op_code := SS_OP_CODE_PROCESS_USS_REQ,
ussd_string := "*6766*266#"
);
var template OCTN facility_net_req := f_USSD_FACILITY_IE_INVOKE(
invoke_id := 2, /* Counter request */
op_code := SS_OP_CODE_USS_REQUEST,
ussd_string := "Password?!?"
)
/* Compose MO SS/REGISTER message with request */
var template (value) PDU_ML3_MS_NW ussd_ms_req := ts_ML3_MO_SS_REGISTER(
tid := 1, /* We just need a single transaction */
ti_flag := c_TIF_ORIG, /* Sent from the side that originates the TI */
facility := valueof(facility_ms_req)
);
/* Compose expected MSC -> HLR message */
var template GSUP_PDU gsup_ms_req := tr_GSUP_PROC_SS_REQ(
imsi := g_pars.imsi,
state := OSMO_GSUP_SESSION_STATE_BEGIN,
ss := valueof(facility_ms_req)
);
/* To be used for sending response with correct session ID */
var GSUP_PDU gsup_ms_req_complete;
/* Initiate a new transaction */
BSSAP.send(ts_PDU_DTAP_MO(ussd_ms_req));
/* Expect GSUP request with original Facility IE */
gsup_ms_req_complete := f_expect_gsup_msg(gsup_ms_req);
/* Compose the response from HLR using received session ID */
var template (value) GSUP_PDU gsup_net_req := ts_GSUP_PROC_SS_REQ(
imsi := g_pars.imsi,
sid := gsup_ms_req_complete.ies[1].val.session_id,
state := OSMO_GSUP_SESSION_STATE_CONTINUE,
ss := valueof(facility_net_req)
);
/* Compose expected MT SS/FACILITY template with counter request */
var template PDU_ML3_NW_MS ussd_net_req := tr_ML3_MT_SS_FACILITY(
tid := 1, /* Response should arrive within the same transaction */
ti_flag := c_TIF_REPL, /* Sent to the side that originates the TI */
facility := valueof(facility_net_req)
);
/* Send response over GSUP */
GSUP.send(gsup_net_req);
/* Expect MT SS/FACILITY message with counter request */
f_expect_mt_dtap_msg(ussd_net_req);
/* Compose MO SS/RELEASE COMPLETE */
var template (value) PDU_ML3_MS_NW ussd_abort := ts_ML3_MO_SS_RELEASE_COMPLETE(
tid := 1, /* Response should arrive within the same transaction */
ti_flag := c_TIF_ORIG, /* Sent from the side that originates the TI */
facility := omit
/* TODO: cause? */
);
/* Compose expected HLR -> MSC abort message */
var template GSUP_PDU gsup_abort := tr_GSUP_PROC_SS_REQ(
imsi := g_pars.imsi,
sid := gsup_ms_req_complete.ies[1].val.session_id,
state := OSMO_GSUP_SESSION_STATE_END
);
/* Abort transaction */
BSSAP.send(ts_PDU_DTAP_MO(ussd_abort));
/* Expect GSUP message indicating abort */
f_expect_gsup_msg(gsup_abort);
f_expect_clear();
}
testcase TC_lu_and_mo_ussd_mo_release() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
vc_conn := f_start_handler(refers(f_tc_lu_and_mo_ussd_mo_release), 50);
vc_conn.done;
}
/* LU followed by MO USSD request and MT Release due to timeout */
friend function f_tc_lu_and_ss_session_timeout(charstring id, BSC_ConnHdlrPars pars)
runs on BSC_ConnHdlr {
f_init_handler(pars);
/* Perform location update */
f_perform_lu();
/* Send CM Service Request for SS/USSD */
f_establish_fully(EST_TYPE_SS_ACT);
/* We need to inspect GSUP activity */
f_create_gsup_expect(hex2str(g_pars.imsi));
var template OCTN facility_ms_req := f_USSD_FACILITY_IE_INVOKE(
invoke_id := 1,
op_code := SS_OP_CODE_PROCESS_USS_REQ,
ussd_string := "#release_me");
/* Compose MO SS/REGISTER message with request */
var template (value) PDU_ML3_MS_NW ussd_ms_req := ts_ML3_MO_SS_REGISTER(
tid := 1, /* An arbitrary transaction identifier */
ti_flag := c_TIF_ORIG, /* Sent from the side that originates the TI */
facility := valueof(facility_ms_req));
/* Compose expected MSC -> HLR message */
var template GSUP_PDU gsup_ms_req := tr_GSUP_PROC_SS_REQ(
imsi := g_pars.imsi,
state := OSMO_GSUP_SESSION_STATE_BEGIN,
ss := valueof(facility_ms_req));
/* To be used for sending response with correct session ID */
var GSUP_PDU gsup_ms_req_complete;
/* Initiate a new SS transaction */
BSSAP.send(ts_PDU_DTAP_MO(ussd_ms_req));
/* Expect GSUP request with original Facility IE */
gsup_ms_req_complete := f_expect_gsup_msg(gsup_ms_req);
/* Don't respond, wait for timeout */
f_sleep(3.0);
var template PDU_ML3_NW_MS dtap_rel := tr_ML3_MT_SS_RELEASE_COMPLETE(
tid := 1, /* Should match the request's tid */
ti_flag := c_TIF_REPL, /* Sent to the side that originates the TI */
cause := *, /* TODO: expect some specific value */
facility := omit);
var template GSUP_PDU gsup_rel := tr_GSUP_PROC_SS_ERR(
imsi := g_pars.imsi,
sid := gsup_ms_req_complete.ies[1].val.session_id,
state := OSMO_GSUP_SESSION_STATE_END,
cause := ?); /* TODO: expect some specific value */
/* Expect release on both interfaces */
interleave {
[] BSSAP.receive(tr_PDU_DTAP_MT(dtap_rel)) { };
[] GSUP.receive(gsup_rel) { };
}
f_expect_clear();
setverdict(pass);
}
testcase TC_lu_and_ss_session_timeout() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
f_vty_config(MSCVTY, "msc", "ncss guard-timeout 3");
vc_conn := f_start_handler(refers(f_tc_lu_and_ss_session_timeout), 51);
vc_conn.done;
f_vty_config(MSCVTY, "msc", "ncss guard-timeout 0");
}
/* MT (network-originated) USSD for unknown subscriber */
friend function f_tc_mt_ussd_for_unknown_subscr(charstring id, BSC_ConnHdlrPars pars)
runs on BSC_ConnHdlr {
var hexstring imsi := '000000000000000'H; /* Some unknown IMSI */
var OCT4 sid := '20000222'O;
f_init_handler(pars);
f_ran_register_imsi(imsi, 'FFFFFFFF'O);
f_create_gsup_expect(hex2str(imsi));
var template (value) GSUP_PDU gsup_req := ts_GSUP_PROC_SS_REQ(
imsi := imsi,
sid := sid,
state := OSMO_GSUP_SESSION_STATE_BEGIN,
ss := f_rnd_octstring(23)
);
/* Error with cause GMM_CAUSE_IMSI_UNKNOWN */
var template GSUP_PDU gsup_rsp := tr_GSUP_PROC_SS_ERR(
imsi := imsi,
sid := sid,
state := OSMO_GSUP_SESSION_STATE_END,
cause := 2 /* FIXME: introduce an enumerated type! */
);
/* Initiate a MT USSD notification */
GSUP.send(gsup_req);
/* Expect GSUP PROC_SS_ERROR message */
f_expect_gsup_msg(gsup_rsp);
}
testcase TC_mt_ussd_for_unknown_subscr() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
vc_conn := f_start_handler(refers(f_tc_mt_ussd_for_unknown_subscr), 0);
vc_conn.done;
}
/* MO (mobile-originated) SS/USSD for unknown transaction */
friend function f_tc_mo_ussd_for_unknown_trans(charstring id, BSC_ConnHdlrPars pars)
runs on BSC_ConnHdlr {
f_init_handler(pars);
f_ran_register_imsi(g_pars.imsi, g_pars.tmsi);
f_create_gsup_expect(hex2str(g_pars.imsi));
/* Perform location update */
f_perform_lu();
/* Send CM Service Request for SS/USSD */
f_establish_fully(EST_TYPE_SS_ACT);
/* GSM 04.80 FACILITY message for a non-existing transaction */
var template (value) PDU_ML3_MS_NW mo_ss_fac := ts_ML3_MO_SS_FACILITY(
tid := 1, /* An arbitrary transaction identifier */
ti_flag := c_TIF_ORIG, /* Sent from the side that originates the TI */
facility := f_rnd_octstring(23) /* We don't care about the Facility IE */
);
/* GSM 04.80 RELEASE COMPLETE message for a non-existing transaction */
var template (value) PDU_ML3_MS_NW mo_ss_rel := ts_ML3_MO_SS_RELEASE_COMPLETE(
tid := 1, /* An arbitrary transaction identifier */
ti_flag := c_TIF_ORIG, /* Sent from the side that originates the TI */
facility := f_rnd_octstring(23) /* We don't care about the Facility IE */
);
/* Expected response from the network */
var template PDU_ML3_NW_MS mt_ss_rel := tr_ML3_MT_SS_RELEASE_COMPLETE(
tid := 1, /* Same as in the FACILITY message */
ti_flag := c_TIF_REPL, /* Sent to the side that originates the TI */
facility := omit
);
/* Send GSM 04.80 FACILITY for non-existing transaction */
BSSAP.send(ts_PDU_DTAP_MO(mo_ss_fac));
/* Expect GSM 04.80 RELEASE COMPLETE message */
f_expect_mt_dtap_msg(mt_ss_rel);
f_expect_clear();
/* Send another CM Service Request for SS/USSD */
f_establish_fully(EST_TYPE_SS_ACT);
/* Send GSM 04.80 RELEASE COMPLETE for non-existing transaction */
BSSAP.send(ts_PDU_DTAP_MO(mo_ss_rel));
/* Expect GSM 04.80 RELEASE COMPLETE message */
f_expect_mt_dtap_msg(mt_ss_rel);
f_expect_clear();
}
testcase TC_mo_ussd_for_unknown_trans() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
vc_conn := f_start_handler(refers(f_tc_mo_ussd_for_unknown_trans), 111);
vc_conn.done;
}
/* MT (network-originated) USSD for unknown session */
friend function f_tc_proc_ss_for_unknown_session(charstring id, BSC_ConnHdlrPars pars)
runs on BSC_ConnHdlr {
var OCT4 sid := '20000333'O;
f_init_handler(pars);
/* Perform location update */
f_perform_lu();
f_ran_register_imsi(g_pars.imsi, g_pars.tmsi);
f_create_gsup_expect(hex2str(g_pars.imsi));
/* Request referencing a non-existing SS session */
var template (value) GSUP_PDU gsup_req := ts_GSUP_PROC_SS_REQ(
imsi := g_pars.imsi,
sid := sid,
state := OSMO_GSUP_SESSION_STATE_CONTINUE,
ss := f_rnd_octstring(23)
);
/* Error with some cause value */
var template GSUP_PDU gsup_rsp := tr_GSUP_PROC_SS_ERR(
imsi := g_pars.imsi,
sid := sid,
state := OSMO_GSUP_SESSION_STATE_END,
cause := ? /* FIXME: introduce an enumerated type! */
);
/* Initiate a MT USSD notification */
GSUP.send(gsup_req);
/* Expect GSUP PROC_SS_ERROR message */
f_expect_gsup_msg(gsup_rsp);
}
testcase TC_proc_ss_for_unknown_session() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
vc_conn := f_start_handler(refers(f_tc_proc_ss_for_unknown_session), 110);
vc_conn.done;
}
/* MT (network-originated) USSD and no response to Paging Request */
friend function f_tc_proc_ss_paging_fail(charstring id, BSC_ConnHdlrPars pars)
runs on BSC_ConnHdlr {
timer TP := 2.0; /* Paging timer */
f_init_handler(pars);
/* Perform location update */
f_perform_lu();
f_ran_register_imsi(g_pars.imsi, g_pars.tmsi);
f_create_gsup_expect(hex2str(g_pars.imsi));
var template (value) GSUP_PDU gsup_req := ts_GSUP_PROC_SS_REQ(
imsi := g_pars.imsi,
sid := '20000444'O,
state := OSMO_GSUP_SESSION_STATE_BEGIN,
ss := f_rnd_octstring(23)
);
/* Error with some cause value */
var template GSUP_PDU gsup_rsp := tr_GSUP_PROC_SS_ERR(
imsi := g_pars.imsi,
sid := '20000444'O,
state := OSMO_GSUP_SESSION_STATE_END,
cause := ? /* FIXME: introduce an enumerated type! */
);
/* Initiate a MT USSD notification */
GSUP.send(gsup_req);
/* Send it to MSC and expect Paging Request */
TP.start;
alt {
[pars.ran_is_geran] BSSAP.receive(tr_BSSMAP_Paging(g_pars.imsi)) {
setverdict(pass);
}
[not pars.ran_is_geran] BSSAP.receive(tr_RANAP_Paging(cs_domain, imsi_hex2oct(g_pars.imsi))) {
setverdict(pass);
}
/* We don't expect anything else */
[] as_unexp_gsup_or_bssap_msg();
[] TP.timeout {
setverdict(fail, "Timeout waiting for Paging Request");
}
}
/* Wait up to 20 seconds for GSUP PROC_SS_ERROR message.
* OsmoMSC waits for Paging Response 10 seconds by default. */
f_expect_gsup_msg(gsup_rsp, T_val := 20.0);
}
testcase TC_proc_ss_paging_fail() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
vc_conn := f_start_handler(refers(f_tc_proc_ss_paging_fail), 101);
vc_conn.done;
}
/* MT (network-originated) USSD followed by immediate abort */
friend function f_tc_proc_ss_abort(charstring id, BSC_ConnHdlrPars pars)
runs on BSC_ConnHdlr {
var octetstring facility := f_rnd_octstring(23);
var OCT4 sid := '20000555'O;
timer TP := 2.0;
f_init_handler(pars);
/* Perform location update */
f_perform_lu();
f_ran_register_imsi(g_pars.imsi, g_pars.tmsi);
f_create_gsup_expect(hex2str(g_pars.imsi));
/* PROC_SS_REQ initiates a mobile-originated SS/USSD session */
var template (value) GSUP_PDU gsup_req := ts_GSUP_PROC_SS_REQ(
imsi := g_pars.imsi, sid := sid,
state := OSMO_GSUP_SESSION_STATE_BEGIN,
ss := facility
);
/* On the MS side, we expect GSM 04.80 REGISTER message */
var template PDU_ML3_NW_MS dtap_reg := tr_ML3_MT_SS_REGISTER(
tid := 0, /* Most likely, it should be 0 */
ti_flag := c_TIF_ORIG, /* Sent from the side that originates the TI */
facility := facility
);
/* PROC_SS_ERR with SESSION_STATE_END terminates the SS/USSD session */
var template (value) GSUP_PDU gsup_abort := ts_GSUP_PROC_SS_ERR(
imsi := g_pars.imsi, sid := sid,
state := OSMO_GSUP_SESSION_STATE_END,
cause := 0 /* FIXME: introduce an enumerated type! */
);
/* On the MS side, we expect GSM 04.80 REGISTER message */
var template PDU_ML3_NW_MS dtap_rel := tr_ML3_MT_SS_RELEASE_COMPLETE(
tid := 0, /* Most likely, it should be 0 */
ti_flag := c_TIF_ORIG, /* Sent from the side that originates the TI */
cause := *, /* FIXME: expect some specific cause value */
facility := omit
);
/* Initiate a MT USSD with random payload */
GSUP.send(gsup_req);
/* Expect Paging Request */
TP.start;
alt {
[pars.ran_is_geran] BSSAP.receive(tr_BSSMAP_Paging(g_pars.imsi)) {
setverdict(pass);
}
[not pars.ran_is_geran] BSSAP.receive(tr_RANAP_Paging(cs_domain, imsi_hex2oct(g_pars.imsi))) {
setverdict(pass);
}
/* We don't expect anything else */
[] as_unexp_gsup_or_bssap_msg();
[] TP.timeout {
setverdict(fail, "Timeout waiting for Paging Request");
}
}
/* Send Paging Response and establish connection */
f_establish_fully(EST_TYPE_PAG_RESP);
/* Expect MT REGISTER message with random facility */
f_expect_mt_dtap_msg(dtap_reg);
/* HLR/EUSE decides to abort the session even
* before getting any response from the MS */
/* Initiate a MT USSD with random payload */
GSUP.send(gsup_abort);
/* Expect RELEASE COMPLETE on ths MS side */
f_expect_mt_dtap_msg(dtap_rel);
f_expect_clear();
}
testcase TC_proc_ss_abort() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
vc_conn := f_start_handler(refers(f_tc_proc_ss_abort), 102);
vc_conn.done;
}
/* Verify multiple concurrent MO SS/USSD transactions
* (one subscriber - one transaction) */
testcase TC_multi_lu_and_mo_ussd() runs on MTC_CT {
var BSC_ConnHdlr vc_conn[16];
var integer i;
f_init();
for (i := 0; i < sizeof(vc_conn); i := i + 1) {
vc_conn[i] := f_start_handler(refers(f_tc_lu_and_mo_ussd_single_request), 210 + i);
}
for (i := 0; i < sizeof(vc_conn); i := i + 1) {
vc_conn[i].done;
}
}
/* Verify multiple concurrent MT SS/USSD transactions
* (one subscriber - one transaction) */
testcase TC_multi_lu_and_mt_ussd() runs on MTC_CT {
var BSC_ConnHdlr vc_conn[16];
var integer i;
var OCT4 sid;
f_init();
for (i := 0; i < sizeof(vc_conn); i := i + 1) {
sid := '200001'O & int2oct(i, 1); /* All transactions must use different session ID */
vc_conn[i] := f_start_handler_with_pars(refers(f_tc_lu_and_mt_ussd_notification),
f_init_pars(226 + i, gsup_sid := sid));
}
for (i := 0; i < sizeof(vc_conn); i := i + 1) {
vc_conn[i].done;
}
}
/* A5/1 only permitted on network side; attempt an invalid CIPHER MODE COMPLETE with A5/3 which MSC should reject. */
private function f_tc_cipher_complete_with_invalid_cipher(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
pars.net.expect_auth := true;
pars.net.expect_ciph := true;
pars.net.kc_support := '02'O; /* A5/1 only */
f_init_handler(pars);
g_pars.vec := f_gen_auth_vec_2g();
/* Can't use f_perform_lu() directly. Code below is based on it. */
/* tell GSUP dispatcher to send this IMSI to us */
f_create_gsup_expect(hex2str(g_pars.imsi));
/* Send BSSAP_Conn_Req with COMPL L3 INFO to MSC */
var PDU_ML3_MS_NW l3_lu := f_build_lu_imsi(g_pars.imsi)
f_cl3_or_initial_ue(l3_lu);
f_mm_auth();
var OCT1 a5_net := f_alg_mask_from_cm(g_pars.cm2);
var OCT1 a5_intersect := g_pars.net.kc_support and4b a5_net;
alt {
[] BSSAP.receive(tr_BSSMAP_CipherModeCmd(a5_intersect, g_pars.vec.kc)) {
BSSAP.send(ts_BSSMAP_CipherModeCompl(int2oct(4 /* "accept" A5/3 */, 1)));
}
[] BSSAP.receive(tr_BSSMAP_CipherModeCmd(?, g_pars.vec.kc)) {
setverdict(fail, "Wrong ciphering algorithm mask in CiphModCmd");
mtc.stop;
}
[] BSSAP.receive {
setverdict(fail, "Unknown/unexpected BSSAP received");
mtc.stop;
}
}
/* Expect LU reject from MSC. */
alt {
[] BSSAP.receive(tr_PDU_DTAP_MT(tr_ML3_MT_LU_Rej)) {
setverdict(pass);
}
[] BSSAP.receive {
setverdict(fail, "Unknown/unexpected BSSAP received");
mtc.stop;
}
}
f_expect_clear();
}
testcase TC_cipher_complete_with_invalid_cipher() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
f_vty_config(MSCVTY, "network", "encryption a5 1");
vc_conn := f_start_handler(refers(f_tc_cipher_complete_with_invalid_cipher), 52);
vc_conn.done;
}
/* Location Update with invalid (non-matching) MCC/MNC reported on BSSMAP level from BSC */
friend function f_tc_lu_with_invalid_mcc_mnc(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
f_init_handler(pars);
/* tell GSUP dispatcher to send this IMSI to us */
f_create_gsup_expect(hex2str(g_pars.imsi));
/* modify the cell ID which will be used to construct the COMPLELTE L3 or InitialUE */
g_pars.cell_id := valueof(ts_CellId_CGI('333'H, '22'H, 23, 42));
/* Send BSSAP_Conn_Req with COMPL L3 INFO to MSC */
var PDU_ML3_MS_NW l3_lu := f_build_lu_imsi(g_pars.imsi)
f_cl3_or_initial_ue(l3_lu);
/* Expect LU reject from MSC. */
alt {
[] BSSAP.receive(tr_PDU_DTAP_MT(tr_ML3_MT_LU_Rej)) {
setverdict(pass);
}
[] BSSAP.receive {
setverdict(fail, "Unknown/unexpected BSSAP received");
mtc.stop;
}
}
f_expect_clear();
}
testcase TC_lu_with_invalid_mcc_mnc() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
vc_conn := f_start_handler(refers(f_tc_lu_with_invalid_mcc_mnc), 54);
vc_conn.done;
}
private function f_tc_cipher_complete_without_alg(charstring id, BSC_ConnHdlrPars pars, octetstring kc_support) runs on BSC_ConnHdlr {
pars.net.expect_auth := true;
pars.net.expect_ciph := true;
pars.net.kc_support := kc_support;
f_init_handler(pars);
g_pars.vec := f_gen_auth_vec_2g();
/* Can't use f_perform_lu() directly. Code below is based on it. */
/* tell GSUP dispatcher to send this IMSI to us */
f_create_gsup_expect(hex2str(g_pars.imsi));
/* Send BSSAP_Conn_Req with COMPL L3 INFO to MSC */
var PDU_ML3_MS_NW l3_lu := f_build_lu_imsi(g_pars.imsi)
f_cl3_or_initial_ue(l3_lu);
f_mm_auth();
var OCT1 a5_net := f_alg_mask_from_cm(g_pars.cm2);
var OCT1 a5_intersect := g_pars.net.kc_support and4b a5_net;
alt {
[] BSSAP.receive(tr_BSSMAP_CipherModeCmd(a5_intersect, g_pars.vec.kc)) {
BSSAP.send(ts_BSSMAP_CipherModeComplAlg(omit));
}
[] BSSAP.receive(tr_BSSMAP_ClassmarkReq) {
BSSAP.send(ts_BSSMAP_ClassmarkUpd(g_pars.cm2, g_pars.cm3));
repeat;
}
[] BSSAP.receive(tr_BSSMAP_CipherModeCmd(?, g_pars.vec.kc)) {
setverdict(fail, "Wrong ciphering algorithm mask in CiphModCmd");
mtc.stop;
}
[] BSSAP.receive {
setverdict(fail, "Unknown/unexpected BSSAP received");
mtc.stop;
}
}
/* TODO: Verify MSC is using the best cipher available! How? */
f_msc_lu_hlr();
f_accept_reject_lu();
f_expect_clear();
setverdict(pass);
}
/* A5/1 only permitted on network side; attempt CIPHER MODE COMPLETE without specifying the accepted algorithm. */
private function f_tc_cipher_complete_1_without_cipher(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
f_tc_cipher_complete_without_alg(id, pars, '02'O /* A5/1 only */);
}
/* A5/3 only permitted on network side; attempt CIPHER MODE COMPLETE without specifying the accepted algorithm. */
private function f_tc_cipher_complete_3_without_cipher(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
f_tc_cipher_complete_without_alg(id, pars, '08'O /* A5/3 only */);
}
/* A5/1 + A5/3 permitted on network side; attempt CIPHER MODE COMPLETE without specifying the accepted algorithm. */
private function f_tc_cipher_complete_13_without_cipher(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
f_tc_cipher_complete_without_alg(id, pars, '0A'O /* A5/1 and A5/3 enabled */);
}
testcase TC_cipher_complete_1_without_cipher() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
f_vty_config(MSCVTY, "network", "encryption a5 1");
vc_conn := f_start_handler(refers(f_tc_cipher_complete_1_without_cipher), 53);
vc_conn.done;
}
testcase TC_cipher_complete_3_without_cipher() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
f_vty_config(MSCVTY, "network", "encryption a5 3");
vc_conn := f_start_handler(refers(f_tc_cipher_complete_3_without_cipher), 54);
vc_conn.done;
}
testcase TC_cipher_complete_13_without_cipher() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
f_vty_config(MSCVTY, "network", "encryption a5 1 3");
vc_conn := f_start_handler(refers(f_tc_cipher_complete_13_without_cipher), 55);
vc_conn.done;
}
/* TODO (SMS):
* different user data lengths
* SMPP transaction mode with unsuccessful delivery
* queued MT-SMS with no paging response + later delivery
* different data coding schemes
* multi-part SMS
* user-data headers
* TP-PID for SMS to SIM
* behavior if SMS memory is full + RP-SMMA
* delivery reports
* SMPP osmocom extensions
* more-messages-to-send
* SMS during ongoing call (SACCH/SAPI3)
*/
/* TODO (General):
* continue to send repeated MO signalling messages to keep channel open: does MSC tmeout?
* malformed messages (missing IE, invalid message type): properly rejected?
* MT call while LU or is ongoing: Do we use existing lchan or page while lchan active?
* 3G/2G auth permutations
* encryption algorithms vs. classmark vs. vty config
* send new transaction after/during clear (like SMS, ...)
* too long L3 INFO in DTAP
* too long / padded BSSAP
* too long / short TLV values
*/
/***********************************************************************
* SGsAP Testing
***********************************************************************/
/* Check if a subscriber exists in the VLR */
private function f_ctrl_subscr_in_vlr(charstring imsi_or_msisdn) runs on BSC_ConnHdlr return boolean {
var CtrlValue active_subsribers;
var integer rc;
active_subsribers := f_ctrl_get(IPA_CTRL, "subscriber-list-active-v1");
rc := f_strstr(active_subsribers, imsi_or_msisdn);
if (rc < 0) {
return false;
}
return true;
}
/* Perform a location updatye at the A-Interface and run some checks to confirm
* that everything is back to normal. */
private function f_sgsap_bssmap_screening() runs on BSC_ConnHdlr {
var SmsParameters spars := valueof(t_SmsPars);
/* Perform a location update, the SGs association is expected to fall
* back to NULL */
f_perform_lu();
f_ctrl_get_exp(IPA_CTRL, "fsm.SGs-UE.id.imsi:" & hex2str(g_pars.imsi) & ".state", "SGs-NULL");
/* Trigger a paging request and expect the paging on BSSMAP, this is
* to make sure that pagings are sent throught the A-Interface again
* and not throught the SGs interface.*/
f_ran_register_imsi(g_pars.imsi, g_pars.tmsi);
f_vty_transceive(MSCVTY, "subscriber imsi " & hex2str(g_pars.imsi) & " paging");
alt {
[g_pars.ran_is_geran] BSSAP.receive(tr_BSSMAP_Paging(g_pars.imsi)); {
setverdict(pass);
}
[not g_pars.ran_is_geran] BSSAP.receive(tr_RANAP_Paging(cs_domain, imsi_hex2oct(g_pars.imsi))) {
setverdict(pass);
}
[] SGsAP.receive {
setverdict(fail, "Received unexpected message on SGs");
}
}
/* Send an SMS to make sure that also payload messages are routed
* throught the A-Interface again */
f_establish_fully(EST_TYPE_MO_SMS);
f_mo_sms(spars);
f_expect_clear();
}
private function f_tc_sgsap_reset(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
var charstring vlr_name;
f_init_handler(pars);
vlr_name := f_sgsap_reset_mme(mp_mme_name);
log("VLR name: ", vlr_name);
setverdict(pass);
f_sleep(1.0);
}
testcase TC_sgsap_reset() runs on MTC_CT {
var BSC_ConnHdlrPars pars;
var BSC_ConnHdlr vc_conn;
f_init(1, true);
pars := f_init_pars(11810, true);
vc_conn := f_start_handler_with_pars(refers(f_tc_sgsap_reset), pars);
vc_conn.done;
}
/* like f_mm_auth() but for SGs */
function f_mm_auth_sgs() runs on BSC_ConnHdlr {
if (g_pars.net.expect_auth) {
g_pars.vec := f_gen_auth_vec_3g();
var GSUP_IE auth_tuple := valueof(ts_GSUP_IE_AuthTuple2G3G(g_pars.vec.rand,
g_pars.vec.sres,
g_pars.vec.kc,
g_pars.vec.ik,
g_pars.vec.ck,
g_pars.vec.autn,
g_pars.vec.res));
GSUP.receive(tr_GSUP_SAI_REQ(g_pars.imsi));
GSUP.send(ts_GSUP_SAI_RES(g_pars.imsi, auth_tuple));
SGsAP.receive(tr_ML3_MT_MM_AUTH_REQ_3G(g_pars.vec.rand, g_pars.vec.autn));
SGsAP.send(ts_ML3_MT_MM_AUTH_RESP_3G(g_pars.vec.sres, g_pars.vec.res));
}
}
/* like f_perform_lu(), but on SGs rather than BSSAP */
function f_sgs_perform_lu() runs on BSC_ConnHdlr {
var octetstring mme_name := f_enc_dns_hostname(mp_mme_name);
var PDU_SGsAP lur;
var PDU_SGsAP lua;
var PDU_SGsAP mm_info;
var octetstring mm_info_dtap;
/* tell GSUP dispatcher to send this IMSI to us */
f_create_gsup_expect(hex2str(g_pars.imsi));
lur := valueof(ts_SGsAP_LU_REQ(g_pars.imsi, mme_name, IMSI_attach,
ts_SGsAP_LAI('901'H, '70'H, 2342)));
/* Old LAI, if MS sends it */
/* TMSI status, if MS has no valid TMSI */
/* IMEISV, if it supports "automatic device detection" */
/* TAI, if available in MME */
/* E-CGI, if available in MME */
SGsAP.send(lur);
/* FIXME: is this really done over SGs? The Ue is already authenticated
* via the MME ... */
f_mm_auth_sgs();
/* Expect MSC to perform LU with HLR */
GSUP.receive(tr_GSUP_UL_REQ(g_pars.imsi));
GSUP.send(ts_GSUP_ISD_REQ(g_pars.imsi, g_pars.msisdn));
GSUP.receive(tr_GSUP_ISD_RES(g_pars.imsi));
GSUP.send(ts_GSUP_UL_RES(g_pars.imsi));
alt {
[] SGsAP.receive(tr_SGsAP_LU_ACCEPT(g_pars.imsi, ?)) -> value lua {
if (isvalue(lua.sGsAP_LOCATION_UPDATE_ACCEPT.newTMSIorIMSI.iD.iD.tmsi_ptmsi.octets)) {
g_pars.tmsi :=lua.sGsAP_LOCATION_UPDATE_ACCEPT.newTMSIorIMSI.iD.iD.tmsi_ptmsi.octets
SGsAP.send(ts_SGsAP_TMSI_REALL_CMPL(g_pars.imsi));
}
setverdict(pass);
}
[] SGsAP.receive(tr_SGsAP_LU_REJECT(g_pars.imsi, ?, ?)) {
setverdict(fail, "Received LU-REJECT instead of ACCEPT");
}
[] SGsAP.receive {
setverdict(fail, "Received unexpected message on SGs");
}
}
/* Check MM information */
if (mp_mm_info == true) {
SGsAP.receive(tr_SGsAP_MM_INFO_REQ(g_pars.imsi, ?)) -> value mm_info;
mm_info_dtap := '0532'O & mm_info.sGsAP_MM_INFORMATION_REQUEST.mM_Information.information;
if (not match(dec_PDU_ML3_NW_MS(mm_info_dtap), tr_ML3_MT_MM_Info)) {
setverdict(fail, "Unexpected MM Information");
}
}
f_ctrl_get_exp(IPA_CTRL, "fsm.SGs-UE.id.imsi:" & hex2str(g_pars.imsi) & ".state", "SGs-ASSOCIATED");
}
private function f_tc_sgsap_lu(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
f_init_handler(pars);
f_sgs_perform_lu();
f_ctrl_get_exp(IPA_CTRL, "fsm.SGs-UE.id.imsi:" & hex2str(g_pars.imsi) & ".state", "SGs-ASSOCIATED");
f_sgsap_bssmap_screening();
setverdict(pass);
}
testcase TC_sgsap_lu() runs on MTC_CT {
var BSC_ConnHdlrPars pars;
var BSC_ConnHdlr vc_conn;
f_init(1, true);
pars := f_init_pars(11811, true);
vc_conn := f_start_handler_with_pars(refers(f_tc_sgsap_lu), pars);
vc_conn.done;
}
/* Do LU by IMSI, refuse it on GSUP and expect LU REJ back to MS */
private function f_tc_sgsap_lu_imsi_reject(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
f_init_handler(pars);
var PDU_SGsAP lur;
f_create_gsup_expect(hex2str(g_pars.imsi));
var octetstring mme_name := f_enc_dns_hostname(mp_mme_name);
lur := valueof(ts_SGsAP_LU_REQ(g_pars.imsi, mme_name, IMSI_attach,
ts_SGsAP_LAI('901'H, '70'H, 2342)));
SGsAP.send(lur);
GSUP.receive(tr_GSUP_UL_REQ(g_pars.imsi));
GSUP.send(ts_GSUP_UL_ERR(g_pars.imsi, 23));
alt {
[] SGsAP.receive(tr_SGsAP_LU_REJECT(g_pars.imsi, ?, ?)) {
setverdict(pass);
}
[] SGsAP.receive(tr_SGsAP_LU_ACCEPT(g_pars.imsi, ?)) {
setverdict(fail, "Expecting LU REJ, but got ACCEPT");
mtc.stop;
}
[] SGsAP.receive {
setverdict(fail, "Received unexpected message on SGs");
}
}
f_sgsap_bssmap_screening();
setverdict(pass);
}
testcase TC_sgsap_lu_imsi_reject() runs on MTC_CT {
var BSC_ConnHdlrPars pars;
var BSC_ConnHdlr vc_conn;
f_init(1, true);
pars := f_init_pars(11812, true);
vc_conn := f_start_handler_with_pars(refers(f_tc_sgsap_lu_imsi_reject), pars);
vc_conn.done;
}
/* Do LU by IMSI, but then remain silent so that Ts6-1 times out */
private function f_tc_sgsap_lu_and_nothing(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
var octetstring mme_name := f_enc_dns_hostname(mp_mme_name);
var PDU_SGsAP lur;
f_init_handler(pars);
/* tell GSUP dispatcher to send this IMSI to us */
f_create_gsup_expect(hex2str(g_pars.imsi));
lur := valueof(ts_SGsAP_LU_REQ(g_pars.imsi, mme_name, IMSI_attach,
ts_SGsAP_LAI('901'H, '70'H, 2342)));
/* Old LAI, if MS sends it */
/* TMSI status, if MS has no valid TMSI */
/* IMEISV, if it supports "automatic device detection" */
/* TAI, if available in MME */
/* E-CGI, if available in MME */
SGsAP.send(lur);
/* FIXME: is this really done over SGs? The Ue is already authenticated
* via the MME ... */
f_mm_auth_sgs();
/* Expect MSC to perform LU with HLR */
GSUP.receive(tr_GSUP_UL_REQ(g_pars.imsi));
GSUP.send(ts_GSUP_ISD_REQ(g_pars.imsi, g_pars.msisdn));
GSUP.receive(tr_GSUP_ISD_RES(g_pars.imsi));
GSUP.send(ts_GSUP_UL_RES(g_pars.imsi));
alt {
[] SGsAP.receive(tr_SGsAP_LU_ACCEPT(g_pars.imsi, ?)) {
setverdict(pass);
}
[] SGsAP.receive(tr_SGsAP_LU_REJECT(g_pars.imsi, ?, ?)) {
setverdict(fail, "Received LU-REJECT instead of ACCEPT");
}
[] SGsAP.receive {
setverdict(fail, "Received unexpected message on SGs");
}
}
f_ctrl_get_exp(IPA_CTRL, "fsm.SGs-UE.id.imsi:" & hex2str(g_pars.imsi) & ".state", "SGs-ASSOCIATED");
/* Wait until the VLR has abort the TMSI reallocation procedure */
f_sleep(45.0);
/* The outcome does not change the SGs state, see also 5.2.3.4 */
f_ctrl_get_exp(IPA_CTRL, "fsm.SGs-UE.id.imsi:" & hex2str(g_pars.imsi) & ".state", "SGs-ASSOCIATED");
f_sgsap_bssmap_screening();
setverdict(pass);
}
testcase TC_sgsap_lu_and_nothing() runs on MTC_CT {
var BSC_ConnHdlrPars pars;
var BSC_ConnHdlr vc_conn;
f_init(1, true);
pars := f_init_pars(11813, true);
vc_conn := f_start_handler_with_pars(refers(f_tc_sgsap_lu_and_nothing), pars);
vc_conn.done;
}
private function f_tc_sgsap_expl_imsi_det_eps(charstring id, BSC_ConnHdlrPars pars)
runs on BSC_ConnHdlr {
f_init_handler(pars);
f_sgs_perform_lu();
f_sleep(3.0);
var octetstring mme_name := f_enc_dns_hostname(mp_mme_name);
SGsAP.send(ts_SGsAP_EPS_DETACH_IND(g_pars.imsi, mme_name, UE_initiated));
SGsAP.receive(tr_SGsAP_EPS_DETACH_ACK(g_pars.imsi));
f_ctrl_get_exp(IPA_CTRL, "fsm.SGs-UE.id.imsi:" & hex2str(g_pars.imsi) & ".state", "SGs-NULL");
f_sgsap_bssmap_screening();
setverdict(pass);
}
testcase TC_sgsap_expl_imsi_det_eps() runs on MTC_CT {
var BSC_ConnHdlrPars pars;
var BSC_ConnHdlr vc_conn;
f_init(1, true);
pars := f_init_pars(11814, true);
vc_conn := f_start_handler_with_pars(refers(f_tc_sgsap_expl_imsi_det_eps), pars);
vc_conn.done;
}
private function f_tc_sgsap_impl_imsi_det_eps(charstring id, BSC_ConnHdlrPars pars)
runs on BSC_ConnHdlr {
f_init_handler(pars);
f_sgs_perform_lu();
f_sleep(3.0);
var octetstring mme_name := f_enc_dns_hostname(mp_mme_name);
SGsAP.send(ts_SGsAP_EPS_DETACH_IND(g_pars.imsi, mme_name, network_initiated));
SGsAP.receive(tr_SGsAP_EPS_DETACH_ACK(g_pars.imsi));
f_ctrl_get_exp(IPA_CTRL, "fsm.SGs-UE.id.imsi:" & hex2str(g_pars.imsi) & ".state", "SGs-NULL");
f_sgsap_bssmap_screening();
setverdict(pass);
}
testcase TC_sgsap_impl_imsi_det_eps() runs on MTC_CT {
var BSC_ConnHdlrPars pars;
var BSC_ConnHdlr vc_conn;
f_init(1, true);
pars := f_init_pars(11814, true);
vc_conn := f_start_handler_with_pars(refers(f_tc_sgsap_impl_imsi_det_eps), pars);
vc_conn.done;
}
private function f_tc_sgsap_expl_imsi_det_noneps(charstring id, BSC_ConnHdlrPars pars)
runs on BSC_ConnHdlr {
f_init_handler(pars);
f_sgs_perform_lu();
f_sleep(3.0);
var octetstring mme_name := f_enc_dns_hostname(mp_mme_name);
SGsAP.send(ts_SGsAP_IMSI_DETACH_IND(g_pars.imsi, mme_name, combined_UE_initiated));
SGsAP.receive(tr_SGsAP_IMSI_DETACH_ACK(g_pars.imsi));
if (f_ctrl_subscr_in_vlr(hex2str(g_pars.imsi))) {
setverdict(fail, "subscriber not removed from VLR");
}
f_sgsap_bssmap_screening();
setverdict(pass);
}
testcase TC_sgsap_expl_imsi_det_noneps() runs on MTC_CT {
var BSC_ConnHdlrPars pars;
var BSC_ConnHdlr vc_conn;
f_init(1, true);
pars := f_init_pars(11815, true);
vc_conn := f_start_handler_with_pars(refers(f_tc_sgsap_expl_imsi_det_noneps), pars);
vc_conn.done;
}
private function f_tc_sgsap_impl_imsi_det_noneps(charstring id, BSC_ConnHdlrPars pars)
runs on BSC_ConnHdlr {
f_init_handler(pars);
f_sgs_perform_lu();
f_sleep(3.0);
var octetstring mme_name := f_enc_dns_hostname(mp_mme_name);
SGsAP.send(ts_SGsAP_IMSI_DETACH_IND(g_pars.imsi, mme_name, implicit_network_initiated));
SGsAP.receive(tr_SGsAP_IMSI_DETACH_ACK(g_pars.imsi));
if (f_ctrl_subscr_in_vlr(hex2str(g_pars.imsi))) {
setverdict(fail, "subscriber not removed from VLR");
}
f_sgsap_bssmap_screening();
setverdict(pass);
}
testcase TC_sgsap_impl_imsi_det_noneps() runs on MTC_CT {
var BSC_ConnHdlrPars pars;
var BSC_ConnHdlr vc_conn;
f_init(1, true);
pars := f_init_pars(11815, true);
vc_conn := f_start_handler_with_pars(refers(f_tc_sgsap_impl_imsi_det_noneps), pars);
vc_conn.done;
}
/* Trigger a paging request via VTY and send a paging reject in response */
private function f_tc_sgsap_paging_rej(charstring id, BSC_ConnHdlrPars pars)
runs on BSC_ConnHdlr {
f_init_handler(pars);
f_sgs_perform_lu();
f_sleep(1.0);
var octetstring vlr_name := f_enc_dns_hostname(mp_vlr_name);
var template PDU_SGsAP exp_resp := tr_SGsAP_PAGING_REQ(g_pars.imsi, vlr_name, CS_call_indicator, omit);
var template LocationAreaId exp_lai := ts_SGsAP_IE_Lai(valueof(ts_SGsAP_LAI('901'H, '70'H, 2342)));
exp_resp.sGsAP_PAGING_REQUEST.locationAreaId := exp_lai;
/* Initiate paging via VTY */
f_vty_transceive(MSCVTY, "subscriber imsi " & hex2str(g_pars.imsi) & " paging");
alt {
[] SGsAP.receive(exp_resp) {
setverdict(pass);
}
[] SGsAP.receive {
setverdict(fail, "Received unexpected message on SGs");
}
}
/* Now reject the paging */
SGsAP.send(ts_SGsAP_PAGING_REJ(g_pars.imsi, IMSI_unknown));
/* Wait for the states inside the MSC to settle and check the state
* of the SGs Association */
f_sleep(1.0);
f_ctrl_get_exp(IPA_CTRL, "fsm.SGs-UE.id.imsi:" & hex2str(g_pars.imsi) & ".state", "SGs-NULL");
/* FIXME: At the moment we send an IMSI_unknown as cause code, which is fine,
* but we also need to cover tha case where the cause code indicates an
* "IMSI detached for EPS services". In those cases the VLR is expected to
* try paging on tha A/Iu interface. This will be another testcase similar to
* this one, but extended with checks for the presence of the A/Iu paging
* messages. */
f_sgsap_bssmap_screening();
setverdict(pass);
}
testcase TC_sgsap_paging_rej() runs on MTC_CT {
var BSC_ConnHdlrPars pars;
var BSC_ConnHdlr vc_conn;
f_init(1, true);
pars := f_init_pars(11816, true);
vc_conn := f_start_handler_with_pars(refers(f_tc_sgsap_paging_rej), pars);
vc_conn.done;
}
/* Trigger a paging request via VTY and send a paging reject that indicates
* that the subscriber intentionally rejected the call. */
private function f_tc_sgsap_paging_subscr_rej(charstring id, BSC_ConnHdlrPars pars)
runs on BSC_ConnHdlr {
f_init_handler(pars);
f_sgs_perform_lu();
f_sleep(1.0);
var octetstring vlr_name := f_enc_dns_hostname(mp_vlr_name);
var template PDU_SGsAP exp_resp := tr_SGsAP_PAGING_REQ(g_pars.imsi, vlr_name, CS_call_indicator, omit);
var template LocationAreaId exp_lai := ts_SGsAP_IE_Lai(valueof(ts_SGsAP_LAI('901'H, '70'H, 2342)));
exp_resp.sGsAP_PAGING_REQUEST.locationAreaId := exp_lai;
/* Initiate paging via VTY */
f_vty_transceive(MSCVTY, "subscriber imsi " & hex2str(g_pars.imsi) & " paging");
alt {
[] SGsAP.receive(exp_resp) {
setverdict(pass);
}
[] SGsAP.receive {
setverdict(fail, "Received unexpected message on SGs");
}
}
/* Now reject the paging */
SGsAP.send(ts_SGsAP_PAGING_REJ(g_pars.imsi, user_rejected_mobile_terminating_CS_fallback_call));
/* Wait for the states inside the MSC to settle and check the state
* of the SGs Association */
f_sleep(1.0);
f_ctrl_get_exp(IPA_CTRL, "fsm.SGs-UE.id.imsi:" & hex2str(g_pars.imsi) & ".state", "SGs-ASSOCIATED");
/* FIXME: The VLR is supposed to trigger an User Determined User Busy (UDUB) as specified
* in 3GPP TS 24.082, this is not yet implemented in the MSC or in this tests, we need
* to check back how this works and how it can be tested */
f_sgsap_bssmap_screening();
setverdict(pass);
}
testcase TC_sgsap_paging_subscr_rej() runs on MTC_CT {
var BSC_ConnHdlrPars pars;
var BSC_ConnHdlr vc_conn;
f_init(1, true);
pars := f_init_pars(11817, true);
vc_conn := f_start_handler_with_pars(refers(f_tc_sgsap_paging_subscr_rej), pars);
vc_conn.done;
}
/* Trigger a paging request via VTY and send an UE unreacable messge in response */
private function f_tc_sgsap_paging_ue_unr(charstring id, BSC_ConnHdlrPars pars)
runs on BSC_ConnHdlr {
f_init_handler(pars);
f_sgs_perform_lu();
f_sleep(1.0);
var octetstring vlr_name := f_enc_dns_hostname(mp_vlr_name);
var template PDU_SGsAP exp_resp := tr_SGsAP_PAGING_REQ(g_pars.imsi, vlr_name, CS_call_indicator, omit);
var template LocationAreaId exp_lai := ts_SGsAP_IE_Lai(valueof(ts_SGsAP_LAI('901'H, '70'H, 2342)));
exp_resp.sGsAP_PAGING_REQUEST.locationAreaId := exp_lai;
/* Initiate paging via VTY */
f_vty_transceive(MSCVTY, "subscriber imsi " & hex2str(g_pars.imsi) & " paging");
alt {
[] SGsAP.receive(exp_resp) {
setverdict(pass);
}
[] SGsAP.receive {
setverdict(fail, "Received unexpected message on SGs");
}
}
/* Now pretend that the UE is unreachable */
SGsAP.send(ts_SGsAP_UE_UNREACHABLE(g_pars.imsi, UE_unreachable));
/* Wait for the states inside the MSC to settle and check the state
* of the SGs Association. */
f_sleep(1.0);
f_ctrl_get_exp(IPA_CTRL, "fsm.SGs-UE.id.imsi:" & hex2str(g_pars.imsi) & ".state", "SGs-ASSOCIATED");
f_sgsap_bssmap_screening();
setverdict(pass);
}
testcase TC_sgsap_paging_ue_unr() runs on MTC_CT {
var BSC_ConnHdlrPars pars;
var BSC_ConnHdlr vc_conn;
f_init(1, true);
pars := f_init_pars(11818, true);
vc_conn := f_start_handler_with_pars(refers(f_tc_sgsap_paging_ue_unr), pars);
vc_conn.done;
}
/* Trigger a paging request via VTY but don't respond to it */
private function f_tc_sgsap_paging_and_nothing(charstring id, BSC_ConnHdlrPars pars)
runs on BSC_ConnHdlr {
f_init_handler(pars);
f_sgs_perform_lu();
f_sleep(1.0);
var octetstring vlr_name := f_enc_dns_hostname(mp_vlr_name);
var template PDU_SGsAP exp_resp := tr_SGsAP_PAGING_REQ(g_pars.imsi, vlr_name, CS_call_indicator, omit);
var template PDU_SGsAP exp_serv_abrt := ts_SGsAP_SERVICE_ABORT_REQ(g_pars.imsi);
var template LocationAreaId exp_lai := ts_SGsAP_IE_Lai(valueof(ts_SGsAP_LAI('901'H, '70'H, 2342)));
exp_resp.sGsAP_PAGING_REQUEST.locationAreaId := exp_lai;
/* Initiate paging via VTY */
f_vty_transceive(MSCVTY, "subscriber imsi " & hex2str(g_pars.imsi) & " paging");
alt {
[] SGsAP.receive(exp_resp) {
setverdict(pass);
}
[] SGsAP.receive {
setverdict(fail, "Received unexpected message on SGs");
}
}
/* While we are doing nothing, expect an SGsAP-SERVICE-ABORT-REQUEST
* after some time */
timer T := 10.0;
T.start
alt {
[] SGsAP.receive(exp_serv_abrt)
{
setverdict(pass);
}
[] SGsAP.receive {
setverdict(fail, "unexpected SGsAP message received");
self.stop;
}
[] T.timeout {
setverdict(fail, "MSC did not send SGsAP-SERVICE-ABORT-REQUEST");
self.stop;
}
}
/* The SGs association must remain unchanged. */
f_ctrl_get_exp(IPA_CTRL, "fsm.SGs-UE.id.imsi:" & hex2str(g_pars.imsi) & ".state", "SGs-ASSOCIATED");
f_sgsap_bssmap_screening();
setverdict(pass);
}
testcase TC_sgsap_paging_and_nothing() runs on MTC_CT {
var BSC_ConnHdlrPars pars;
var BSC_ConnHdlr vc_conn;
f_init(1, true);
pars := f_init_pars(11819, true);
vc_conn := f_start_handler_with_pars(refers(f_tc_sgsap_paging_and_nothing), pars);
vc_conn.done;
}
/* Trigger a paging request via VTY and slip in an LU */
private function f_tc_sgsap_paging_and_lu(charstring id, BSC_ConnHdlrPars pars)
runs on BSC_ConnHdlr {
var octetstring vlr_name := f_enc_dns_hostname(mp_vlr_name);
f_init_handler(pars);
/* First we prepar the situation, where the SGs association is in state
* NULL and the confirmed by radio contact indicator is set to false
* as well. This can be archived by performing an SGs LU and then
* resetting the VLR */
f_sgs_perform_lu();
f_sgsap_reset_mme(mp_mme_name);
f_sleep(1.0);
f_ctrl_get_exp(IPA_CTRL, "fsm.SGs-UE.id.imsi:" & hex2str(g_pars.imsi) & ".state", "SGs-NULL");
/* Perform a paging, expect the paging messages on the SGs interface */
f_vty_transceive(MSCVTY, "subscriber imsi " & hex2str(g_pars.imsi) & " paging");
alt {
[] SGsAP.receive(tr_SGsAP_PAGING_REQ(pars.imsi, vlr_name, CS_call_indicator, omit)) {
setverdict(pass);
}
[] SGsAP.receive {
setverdict(fail, "Received unexpected message on SGs");
}
}
/* Perform the LU as normal */
f_sgs_perform_lu();
f_ctrl_get_exp(IPA_CTRL, "fsm.SGs-UE.id.imsi:" & hex2str(g_pars.imsi) & ".state", "SGs-ASSOCIATED");
/* Expect a new paging request right after the LU */
alt {
[] SGsAP.receive(tr_SGsAP_PAGING_REQ(pars.imsi, vlr_name, CS_call_indicator, omit)) {
setverdict(pass);
}
[] SGsAP.receive {
setverdict(fail, "Received unexpected message on SGs");
}
}
/* Test is done now, lets round everything up by rejecting the paging
* cleanly. */
SGsAP.send(ts_SGsAP_PAGING_REJ(g_pars.imsi, user_rejected_mobile_terminating_CS_fallback_call));
f_ctrl_get_exp(IPA_CTRL, "fsm.SGs-UE.id.imsi:" & hex2str(g_pars.imsi) & ".state", "SGs-ASSOCIATED");
f_sgsap_bssmap_screening();
setverdict(pass);
}
testcase TC_sgsap_paging_and_lu() runs on MTC_CT {
var BSC_ConnHdlrPars pars;
var BSC_ConnHdlr vc_conn;
f_init(1, true);
pars := f_init_pars(11820, true);
vc_conn := f_start_handler_with_pars(refers(f_tc_sgsap_paging_and_lu), pars);
vc_conn.done;
}
/* Send unexpected unit-data through the SGs interface */
private function f_tc_sgsap_unexp_ud(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
f_init_handler(pars);
f_sleep(1.0);
/* This simulates what happens when a subscriber without SGs
* association gets unitdata via the SGs interface. */
/* Make sure the subscriber exists and the SGs association
* is in NULL state */
f_perform_lu();
f_ctrl_get_exp(IPA_CTRL, "fsm.SGs-UE.id.imsi:" & hex2str(g_pars.imsi) & ".state", "SGs-NULL");
/* Send some random unit data, the MSC/VLR should send a release
* immediately. */
SGsAP.send(ts_SGsAP_UL_UD(pars.imsi,'1234'O));
SGsAP.receive(tr_SGsAP_RELEASE_REQ(pars.imsi, IMSI_detached_for_EPS_nonEPS_services));
f_sgsap_bssmap_screening();
setverdict(pass);
}
testcase TC_sgsap_unexp_ud() runs on MTC_CT {
var BSC_ConnHdlrPars pars;
var BSC_ConnHdlr vc_conn;
f_init(1, true);
pars := f_init_pars(11821, true);
vc_conn := f_start_handler_with_pars(refers(f_tc_sgsap_unexp_ud), pars);
vc_conn.done;
}
/* Send unsolicited unit-data through the SGs interface */
private function f_tc_sgsap_unsol_ud(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
f_init_handler(pars);
f_sleep(1.0);
/* This simulates what happens when the MME attempts to send unitdata
* to a subscriber that is completely unknown to the VLR */
/* Send some random unit data, the MSC/VLR should send a release
* immediately. */
SGsAP.send(ts_SGsAP_UL_UD(pars.imsi,'1234'O));
SGsAP.receive(tr_SGsAP_RELEASE_REQ(pars.imsi, IMSI_unknown));
f_sgsap_bssmap_screening();
setverdict(pass);
}
testcase TC_sgsap_unsol_ud() runs on MTC_CT {
var BSC_ConnHdlrPars pars;
var BSC_ConnHdlr vc_conn;
f_init(1, true);
pars := f_init_pars(11822, true);
vc_conn := f_start_handler_with_pars(refers(f_tc_sgsap_unsol_ud), pars);
vc_conn.done;
}
private altstep as_other_sms_sgs() runs on BSC_ConnHdlr {
/* FIXME: Match an actual payload (second questionmark), the type is
* octetstring, how do we use a tr_PDU_DTAP_MT here? */
[] SGsAP.receive(tr_SGsAP_DL_UD(?,?)) {
setverdict(fail, "Unexpected SMS related PDU from MSC");
mtc.stop;
}
}
/* receive a MT-SMS delivered from the MSC/SMSC over an already existing SGsAP connection */
function f_mt_sms_sgs(inout SmsParameters spars)
runs on BSC_ConnHdlr {
var template (value) TPDU_RP_DATA_MS_SGSN tp_mo;
var template (value) RPDU_MS_SGSN rp_mo;
var template (value) PDU_ML3_MS_NW l3_mo;
var template TPDU_RP_DATA_SGSN_MS tp_mt;
var template RPDU_SGSN_MS rp_mt;
var template PDU_ML3_NW_MS l3_mt;
var PDU_ML3_NW_MS sgsap_l3_mt;
var default d := activate(as_other_sms_sgs());
/* Expect CP-DATA(RP-DATA(SMS-DELIVER)) */
tp_mt := tr_SMS_DELIVER(?, spars.tp.ud, spars.tp.pid, spars.tp.dcs, ?);
rp_mt := tr_RP_DATA_MT(?, spars.rp.smsc_addr, omit, tp_mt);
l3_mt := tr_ML3_MT_SMS(?, c_TIF_ORIG, tr_CP_DATA_MT(rp_mt));
SGsAP.receive(l3_mt) -> value sgsap_l3_mt;
/* Extract relevant identifiers */
spars.tid := bit2int(sgsap_l3_mt.tiOrSkip.transactionId.tio);
spars.rp.msg_ref := sgsap_l3_mt.msgs.sms.cP_DATA.cP_User_Data.cP_RPDU.rP_DATA_SGSN_MS.rP_MessageReference;
/* send CP-ACK for CP-DATA just received */
l3_mo := ts_ML3_MO_SMS(spars.tid, c_TIF_REPL, ts_CP_ACK_MO);
SGsAP.send(l3_mo);
/* send RP-ACK for RP-DATA */
rp_mo := ts_RP_ACK_MO(spars.rp.msg_ref);
l3_mo := ts_ML3_MO_SMS(spars.tid, c_TIF_REPL, ts_CP_DATA_MO(rp_mo));
SGsAP.send(l3_mo);
/* expect CP-ACK for CP-DATA(RP-ACK) just sent */
l3_mt := tr_ML3_MT_SMS(spars.tid, c_TIF_ORIG, tr_CP_ACK_MT);
SGsAP.receive(l3_mt);
deactivate(d);
setverdict(pass);
}
/* submit a MO-SMS to MSC/SMSC over an already existing SGsAP connection */
function f_mo_sms_sgs(inout SmsParameters spars)
runs on BSC_ConnHdlr {
var template (value) TPDU_RP_DATA_MS_SGSN tp_mo;
var template (value) RPDU_MS_SGSN rp_mo;
var template (value) PDU_ML3_MS_NW l3_mo;
var template TPDU_RP_DATA_SGSN_MS tp_mt;
var template RPDU_SGSN_MS rp_mt;
var template PDU_ML3_NW_MS l3_mt;
var default d := activate(as_other_sms_sgs());
/* just in case this is routed to SMPP.. */
f_create_smpp_expect(hex2str(spars.tp.da.tP_DA_NoPad.tP_DAValue));
tp_mo := ts_SMS_SUBMIT(spars.tp.msg_ref, spars.tp.da, spars.tp.pid, spars.tp.dcs,
spars.tp.udl, spars.tp.ud);
rp_mo := ts_RP_DATA_MO(spars.rp.msg_ref, omit, spars.rp.smsc_addr, tp_mo);
l3_mo := ts_ML3_MO_SMS(spars.tid, c_TIF_ORIG, ts_CP_DATA_MO(rp_mo));
SGsAP.send(l3_mo);
/* receive CP-ACK for CP-DATA above */
SGsAP.receive(tr_ML3_MT_SMS(spars.tid, c_TIF_REPL, tr_CP_ACK_MT));
if (ispresent(spars.exp_rp_err)) {
/* expect an RP-ERROR message from MSC with given cause */
rp_mt := tr_RP_ERROR_MT(spars.rp.msg_ref, spars.exp_rp_err);
l3_mt := tr_ML3_MT_SMS(spars.tid, c_TIF_REPL, tr_CP_DATA_MT(rp_mt));
SGsAP.receive(l3_mt);
/* send CP-ACK for CP-DATA just received */
l3_mo := ts_ML3_MO_SMS(spars.tid, c_TIF_ORIG, ts_CP_ACK_MO);
SGsAP.send(l3_mo);
} else {
/* expect RP-ACK for RP-DATA */
rp_mt := tr_RP_ACK_MT(spars.rp.msg_ref);
l3_mt := tr_ML3_MT_SMS(spars.tid, c_TIF_REPL, tr_CP_DATA_MT(rp_mt));
SGsAP.receive(l3_mt);
/* send CP-ACO for CP-DATA just received */
l3_mo := ts_ML3_MO_SMS(spars.tid, c_TIF_ORIG, ts_CP_ACK_MO);
SGsAP.send(l3_mo);
}
deactivate(d);
setverdict(pass);
}
private function f_vty_sms_send_conn_hdlr(charstring imsi, charstring msisdn, charstring text)
runs on BSC_ConnHdlr {
f_vty_transceive(MSCVTY, "subscriber imsi "&imsi&" sms sender msisdn "&msisdn&" send "&text);
}
/* Send a MT SMS via SGs interface */
private function f_tc_sgsap_mt_sms(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
f_init_handler(pars);
f_sgs_perform_lu();
f_sleep(1.0);
var SmsParameters spars := valueof(t_SmsPars);
spars.tp.ud := 'C8329BFD064D9B53'O;
/* Trigger SMS via VTY */
f_vty_sms_send_conn_hdlr(hex2str(pars.imsi), "2342", "Hello SMS");
var octetstring vlr_name := f_enc_dns_hostname(mp_vlr_name);
/* Expect a paging request and respond accordingly with a service request */
SGsAP.receive(tr_SGsAP_PAGING_REQ(pars.imsi, vlr_name, SMS_indicator, omit));
SGsAP.send(ts_SGsAP_SERVICE_REQ(pars.imsi, SMS_indicator, EMM_CONNECTED));
/* Connection is now live, receive the MT-SMS */
f_mt_sms_sgs(spars);
/* Expect a concluding release from the MSC */
SGsAP.receive(tr_SGsAP_RELEASE_REQ(pars.imsi, omit));
/* Make sure that subscriber is still present and the SGs association is in tact (ref-counting) */
f_ctrl_get_exp(IPA_CTRL, "fsm.SGs-UE.id.imsi:" & hex2str(g_pars.imsi) & ".state", "SGs-ASSOCIATED");
f_sgsap_bssmap_screening();
setverdict(pass);
}
testcase TC_sgsap_mt_sms() runs on MTC_CT {
var BSC_ConnHdlrPars pars;
var BSC_ConnHdlr vc_conn;
f_init(1, true);
pars := f_init_pars(11823, true);
vc_conn := f_start_handler_with_pars(refers(f_tc_sgsap_mt_sms), pars);
vc_conn.done;
}
/* Send a MO SMS via SGs interface */
private function f_tc_sgsap_mo_sms(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
f_init_handler(pars);
f_sgs_perform_lu();
f_sleep(1.0);
var SmsParameters spars := valueof(t_SmsPars);
spars.tp.ud := 'C8329BFD064D9B53'O;
/* Send the MO-SMS */
f_mo_sms_sgs(spars);
/* Expect a concluding release from the MSC/VLR */
SGsAP.receive(tr_SGsAP_RELEASE_REQ(pars.imsi, omit));
/* Make sure that subscriber is still present and the SGs association is in tact (ref-counting) */
f_ctrl_get_exp(IPA_CTRL, "fsm.SGs-UE.id.imsi:" & hex2str(g_pars.imsi) & ".state", "SGs-ASSOCIATED");
setverdict(pass);
f_sgsap_bssmap_screening()
}
testcase TC_sgsap_mo_sms() runs on MTC_CT {
var BSC_ConnHdlrPars pars;
var BSC_ConnHdlr vc_conn;
f_init(1, true);
pars := f_init_pars(11824, true);
vc_conn := f_start_handler_with_pars(refers(f_tc_sgsap_mo_sms), pars);
vc_conn.done;
}
/* Trigger sending of an MT sms via VTY but never respond to anything */
private function f_tc_sgsap_mt_sms_and_nothing(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
f_init_handler(pars, 170.0);
f_sgs_perform_lu();
f_sleep(1.0);
var SmsParameters spars := valueof(t_SmsPars);
spars.tp.ud := 'C8329BFD064D9B53'O;
var integer page_count := 0;
var octetstring vlr_name := f_enc_dns_hostname(mp_vlr_name);
var template PDU_SGsAP exp_pag_req := tr_SGsAP_PAGING_REQ(g_pars.imsi, vlr_name, SMS_indicator, omit);
var template LocationAreaId exp_lai := ts_SGsAP_IE_Lai(valueof(ts_SGsAP_LAI('901'H, '70'H, 2342)));
exp_pag_req.sGsAP_PAGING_REQUEST.locationAreaId := exp_lai;
/* Trigger SMS via VTY */
f_vty_sms_send_conn_hdlr(hex2str(pars.imsi), "2342", "Hello SMS");
/* Expect the MSC/VLR to page exactly once */
SGsAP.receive(exp_pag_req);
/* Wait some time to make sure the MSC is not delivering any further
* paging messages or anything else that could be unexpected. */
timer T := 20.0;
T.start
alt {
[] SGsAP.receive(exp_pag_req)
{
setverdict(fail, "paging seems not to stop!");
mtc.stop;
}
[] SGsAP.receive {
setverdict(fail, "unexpected SGsAP message received");
self.stop;
}
[] T.timeout {
setverdict(pass);
}
}
/* Even on a failed paging the SGs Association should stay intact */
f_ctrl_get_exp(IPA_CTRL, "fsm.SGs-UE.id.imsi:" & hex2str(g_pars.imsi) & ".state", "SGs-ASSOCIATED");
/* Make sure that the SMS we just inserted is cleared and the
* subscriber is expired. This is necessary because otherwise the MSC
* might re-try the SMS delivery and disturb the following tests. */
f_vty_sms_clear(hex2str(g_pars.imsi));
f_vty_transceive(MSCVTY, "subscriber imsi " & hex2str(g_pars.imsi) & " expire");
setverdict(pass);
f_sgsap_bssmap_screening();
}
testcase TC_sgsap_mt_sms_and_nothing() runs on MTC_CT {
var BSC_ConnHdlrPars pars;
var BSC_ConnHdlr vc_conn;
f_init(1, true);
pars := f_init_pars(11825, true);
vc_conn := f_start_handler_with_pars(refers(f_tc_sgsap_mt_sms_and_nothing), pars);
vc_conn.done;
}
/* Trigger sending of an MT sms via VTY but reject the paging immediately */
private function f_tc_sgsap_mt_sms_and_reject(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
f_init_handler(pars, 150.0);
f_sgs_perform_lu();
f_sleep(1.0);
var SmsParameters spars := valueof(t_SmsPars);
spars.tp.ud := 'C8329BFD064D9B53'O;
var integer page_count := 0;
var octetstring vlr_name := f_enc_dns_hostname(mp_vlr_name);
var template PDU_SGsAP exp_pag_req := tr_SGsAP_PAGING_REQ(g_pars.imsi, vlr_name, SMS_indicator, omit);
var template LocationAreaId exp_lai := ts_SGsAP_IE_Lai(valueof(ts_SGsAP_LAI('901'H, '70'H, 2342)));
exp_pag_req.sGsAP_PAGING_REQUEST.locationAreaId := exp_lai;
/* Trigger SMS via VTY */
f_vty_sms_send_conn_hdlr(hex2str(pars.imsi), "2342", "Hello SMS");
/* Expect a paging request and reject it immediately */
SGsAP.receive(exp_pag_req);
SGsAP.send(ts_SGsAP_PAGING_REJ(g_pars.imsi, IMSI_unknown));
/* The MSC/VLR should no longer try to page once the paging has been
* rejected. Wait some time and check if there are no unexpected
* messages on the SGs interface. */
timer T := 20.0;
T.start
alt {
[] SGsAP.receive(exp_pag_req)
{
setverdict(fail, "paging seems not to stop!");
mtc.stop;
}
[] SGsAP.receive {
setverdict(fail, "unexpected SGsAP message received");
self.stop;
}
[] T.timeout {
setverdict(pass);
}
}
f_vty_sms_clear(hex2str(g_pars.imsi));
/* A rejected paging with IMSI_unknown (see above) should always send
* the SGs association to NULL. */
f_ctrl_get_exp(IPA_CTRL, "fsm.SGs-UE.id.imsi:" & hex2str(g_pars.imsi) & ".state", "SGs-NULL");
f_sgsap_bssmap_screening();
setverdict(pass);
}
testcase TC_sgsap_mt_sms_and_reject() runs on MTC_CT {
var BSC_ConnHdlrPars pars;
var BSC_ConnHdlr vc_conn;
f_init(1, true);
pars := f_init_pars(11826, true);
vc_conn := f_start_handler_with_pars(refers(f_tc_sgsap_mt_sms_and_reject), pars);
vc_conn.done;
}
/* Perform an MT CSDB call including LU */
private function f_mt_lu_and_csfb_call(charstring id, BSC_ConnHdlrPars pars, boolean bssmap_lu) runs on BSC_ConnHdlr {
f_init_handler(pars);
/* Be sure that the BSSMAP reset is done before we begin. */
f_sleep(2.0);
/* Testcase variation: See what happens when we do a regular BSSMAP
* LU first (this should not hurt in any way!) */
if (bssmap_lu) {
f_perform_lu();
}
f_sgs_perform_lu();
f_sleep(1.0);
var octetstring vlr_name := f_enc_dns_hostname(mp_vlr_name);
var CallParameters cpars := valueof(t_CallParams('12345'H, 0));
/* Initiate a call via MNCC interface */
f_mt_call_initate(cpars);
/* Expect a paging request and respond accordingly with a service request */
SGsAP.receive(tr_SGsAP_PAGING_REQ(pars.imsi, vlr_name, CS_call_indicator, omit));
SGsAP.send(ts_SGsAP_SERVICE_REQ(pars.imsi, CS_call_indicator, EMM_CONNECTED));
/* Complete the call, hold it for some time and then tear it down */
f_mt_call_complete(cpars);
f_sleep(3.0);
f_call_hangup(cpars, true, is_csfb := true);
/* Make sure that subscriber is still present and the SGs association is in tact (ref-counting) */
f_ctrl_get_exp(IPA_CTRL, "fsm.SGs-UE.id.imsi:" & hex2str(g_pars.imsi) & ".state", "SGs-ASSOCIATED");
/* Test for successful return by triggering a paging, when the paging
* request is received via SGs, we can be sure that the MSC/VLR has
* recognized that the UE is now back on 4G */
f_sleep(1.0);
f_vty_transceive(MSCVTY, "subscriber imsi " & hex2str(g_pars.imsi) & " paging");
alt {
[] SGsAP.receive(tr_SGsAP_PAGING_REQ(pars.imsi, vlr_name, CS_call_indicator, omit)) {
setverdict(pass);
}
[] SGsAP.receive {
setverdict(fail, "Received unexpected message on SGs");
}
}
f_sgsap_bssmap_screening();
setverdict(pass);
}
/* Perform a regular BSSAP LU first, do a SGSAP LU and then make a CSFB call */
private function f_tc_bssap_lu_sgsap_lu_and_mt_call(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
f_mt_lu_and_csfb_call(id, pars, true);
}
testcase TC_bssap_lu_sgsap_lu_and_mt_call() runs on MTC_CT {
var BSC_ConnHdlrPars pars;
var BSC_ConnHdlr vc_conn;
f_init(1, true);
pars := f_init_pars(118139, true);
vc_conn := f_start_handler_with_pars(refers(f_tc_bssap_lu_sgsap_lu_and_mt_call), pars);
vc_conn.done;
}
/* Perform a SGSAP LU and then make a CSFB call */
private function f_tc_sgsap_lu_and_mt_call(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
f_mt_lu_and_csfb_call(id, pars, false);
}
testcase TC_sgsap_lu_and_mt_call() runs on MTC_CT {
var BSC_ConnHdlrPars pars;
var BSC_ConnHdlr vc_conn;
f_init(1, true);
pars := f_init_pars(11827, true);
vc_conn := f_start_handler_with_pars(refers(f_tc_sgsap_lu_and_mt_call), pars);
vc_conn.done;
}
/* Simulate an HLR/VLR failure */
private function f_tc_sgsap_vlr_failure(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
var octetstring mme_name := f_enc_dns_hostname(mp_mme_name);
var octetstring vlr_name := f_enc_dns_hostname(mp_vlr_name);
var PDU_SGsAP lur;
f_init_handler(pars);
/* Attempt location update (which is expected to fail) */
lur := valueof(ts_SGsAP_LU_REQ(g_pars.imsi, mme_name, IMSI_attach,
ts_SGsAP_LAI('901'H, '70'H, 2342)));
SGsAP.send(lur);
/* Respond to SGsAP-RESET-INDICATION from VLR */
alt {
[] SGsAP.receive(tr_SGsAP_RESET_IND_VLR(vlr_name)); {
SGsAP.send(valueof(ts_SGsAP_RESET_ACK_MME(mme_name)));
setverdict(pass);
}
[] SGsAP.receive {
setverdict(fail, "Received unexpected message on SGs");
}
}
f_sleep(1.0);
setverdict(pass);
}
testcase TC_sgsap_vlr_failure() runs on MTC_CT {
var BSC_ConnHdlrPars pars;
var BSC_ConnHdlr vc_conn;
f_init(1, true, false);
pars := f_init_pars(11811, true, false);
vc_conn := f_start_handler_with_pars(refers(f_tc_sgsap_vlr_failure), pars);
vc_conn.done;
}
/* SGs TODO:
* LU attempt for IMSI without NAM_PS in HLR
* LU attempt with AUTH FAIL due to invalid RES/SRES
* LU attempt with no response from HLR (VLR should timeout + LU REJ)
* LU attempt with new TMSI but without TMSI REALL CMPL baco to VLR
* implicit IMSI detach from EPS
* implicit IMSI detach from non-EPS
* MM INFO
*
*/
private function f_tc_ho_inter_bsc_unknown_cell(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
f_init_handler(pars);
var CallParameters cpars := valueof(t_CallParams('12345'H, 0));
f_perform_lu();
f_mo_call_establish(cpars);
f_sleep(1.0);
var myBSSMAP_Cause cause_val := GSM0808_CAUSE_BETTER_CELL;
var BssmapCause cause := enum2int(cause_val);
var template BSSMAP_FIELD_CellIdentificationList cil;
cil := { cIl_LAI := { ts_BSSMAP_CI_LAI('023'H, '42'H, 999) } };
BSSAP.send(ts_BSSMAP_HandoverRequired(cause, cil));
BSSAP.receive(tr_BSSMAP_HandoverRequiredReject);
f_call_hangup(cpars, true);
}
testcase TC_ho_inter_bsc_unknown_cell() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
vc_conn := f_start_handler(refers(f_tc_ho_inter_bsc_unknown_cell), 53);
vc_conn.done;
}
private altstep as_mgcp_ack_all_mdcx(CallParameters cpars) runs on BSC_ConnHdlr {
var MgcpCommand mgcp_cmd;
[] MGCP.receive(tr_MDCX) -> value mgcp_cmd {
var SDP_Message sdp := valueof(ts_SDP(cpars.mgw_conn_2.mgw_rtp_ip, cpars.mgw_conn_2.mgw_rtp_ip,
hex2str(cpars.mgcp_call_id), "42",
cpars.mgw_conn_2.mgw_rtp_port,
{ int2str(cpars.rtp_payload_type) },
{ valueof(ts_SDP_rtpmap(cpars.rtp_payload_type,
cpars.rtp_sdp_format)),
valueof(ts_SDP_ptime(20)) }));
MGCP.send(ts_MDCX_ACK(mgcp_cmd.line.trans_id, cpars.mgw_conn_2.mgcp_connection_id, sdp));
repeat;
}
}
private function f_tc_ho_inter_bsc0(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
var CallParameters cpars := valueof(t_CallParams('12345'H, 0));
f_init_handler(pars);
f_vty_transceive(MSCVTY, "configure terminal");
f_vty_transceive(MSCVTY, "msc");
f_vty_transceive(MSCVTY, "neighbor a cgi 262 42 23 42 ran-pc 0.24.1");
f_vty_transceive(MSCVTY, "neighbor a lac 5 ran-pc 0.24.2");
f_vty_transceive(MSCVTY, "exit");
f_vty_transceive(MSCVTY, "exit");
f_perform_lu();
f_mo_call_establish(cpars);
f_sleep(1.0);
var default ack_mdcx := activate(as_mgcp_ack_all_mdcx(cpars));
var myBSSMAP_Cause cause_val := GSM0808_CAUSE_BETTER_CELL;
var BssmapCause cause := enum2int(cause_val);
var template BSSMAP_FIELD_CellIdentificationList cil;
cil := { cIl_LAI := { ts_BSSMAP_CI_LAI('023'H, '42'H, 5) } };
/* old BSS sends Handover Required */
BSSAP.send(ts_BSSMAP_HandoverRequired(cause, cil));
/* Now the action goes on in f_tc_ho_inter_bsc1() */
/* MSC forwards the RR Handover Command to old BSS */
var PDU_BSSAP ho_command;
BSSAP.receive(tr_BSSMAP_HandoverCommand) -> value ho_command;
log("GOT HandoverCommand", ho_command);
BSSAP.receive(tr_BSSMAP_HandoverSucceeded);
/* f_tc_ho_inter_bsc1() completes Handover, then expecting a Clear here. */
f_expect_clear();
log("FIRST inter-BSC Handover done");
/* ------------------------ */
/* Ok, that went well, now the other BSC is handovering back here --
* from now on this here is the new BSS. */
f_create_bssmap_exp_handoverRequest(193);
var PDU_BSSAP ho_request;
BSSAP.receive(tr_BSSMAP_HandoverRequest) -> value ho_request;
/* new BSS composes a RR Handover Command */
var PDU_ML3_NW_MS rr_ho_cmd := valueof(ts_RR_HandoverCommand);
var octetstring rr_ho_cmd_enc := enc_PDU_ML3_NW_MS(rr_ho_cmd);
var BSSMAP_IE_AoIP_TransportLayerAddress tla := valueof(ts_BSSMAP_IE_AoIP_TLA4('01020304'O, 2342));
BSSAP.send(ts_BSSMAP_HandoverRequestAcknowledge(rr_ho_cmd_enc, lengthof(rr_ho_cmd_enc),
tla, ts_BSSMAP_IE_SpeechCodec({ts_CodecFR})));
/* Now f_tc_ho_inter_bsc1() expects HandoverCommand */
f_sleep(0.5);
/* Notify that the MS is now over here */
BSSAP.send(ts_BSSMAP_HandoverDetect);
f_sleep(0.1);
BSSAP.send(ts_BSSMAP_HandoverComplete);
f_sleep(3.0);
deactivate(ack_mdcx);
var default ccrel := activate(as_optional_cc_rel(cpars, true));
/* blatant cheating */
var N_Sd_Array last_n_sd := f_bssmap_last_n_sd();
last_n_sd[0] := 3;
f_bssmap_continue_after_n_sd(last_n_sd);
f_call_hangup(cpars, true);
f_sleep(1.0);
deactivate(ccrel);
setverdict(pass);
}
private function f_tc_ho_inter_bsc1(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
f_init_handler(pars);
f_create_bssmap_exp_handoverRequest(194);
var PDU_BSSAP ho_request;
BSSAP.receive(tr_BSSMAP_HandoverRequest) -> value ho_request;
/* new BSS composes a RR Handover Command */
var PDU_ML3_NW_MS rr_ho_cmd := valueof(ts_RR_HandoverCommand);
var octetstring rr_ho_cmd_enc := enc_PDU_ML3_NW_MS(rr_ho_cmd);
var BSSMAP_IE_AoIP_TransportLayerAddress tla := valueof(ts_BSSMAP_IE_AoIP_TLA4('01020304'O, 2342));
BSSAP.send(ts_BSSMAP_HandoverRequestAcknowledge(rr_ho_cmd_enc, lengthof(rr_ho_cmd_enc),
tla, ts_BSSMAP_IE_SpeechCodec({ts_CodecFR})));
/* Now f_tc_ho_inter_bsc0() expects HandoverCommand */
f_sleep(0.5);
/* Notify that the MS is now over here */
BSSAP.send(ts_BSSMAP_HandoverDetect);
f_sleep(0.1);
BSSAP.send(ts_BSSMAP_HandoverComplete);
f_sleep(3.0);
/* Now I'd like to f_call_hangup() but we don't know any cpars here. So
* ... handover back to the first BSC :P */
var myBSSMAP_Cause cause_val := GSM0808_CAUSE_BETTER_CELL;
var BssmapCause cause := enum2int(cause_val);
var template BSSMAP_FIELD_CellIdentificationList cil;
cil := { cIl_LAI := { ts_BSSMAP_CI_LAI('262'H, '42'H, 23) } };
/* old BSS sends Handover Required */
BSSAP.send(ts_BSSMAP_HandoverRequired(cause, cil));
/* Now the action goes on in f_tc_ho_inter_bsc0() */
/* MSC forwards the RR Handover Command to old BSS */
var PDU_BSSAP ho_command;
BSSAP.receive(tr_BSSMAP_HandoverCommand) -> value ho_command;
log("GOT HandoverCommand", ho_command);
BSSAP.receive(tr_BSSMAP_HandoverSucceeded);
/* f_tc_ho_inter_bsc1() completes Handover, then expecting a Clear here. */
f_expect_clear();
setverdict(pass);
}
testcase TC_ho_inter_bsc() runs on MTC_CT {
var BSC_ConnHdlr vc_conn0;
var BSC_ConnHdlr vc_conn1;
f_init(2);
var BSC_ConnHdlrPars pars0 := f_init_pars(53);
var BSC_ConnHdlrPars pars1 := f_init_pars(53);
vc_conn0 := f_start_handler_with_pars(refers(f_tc_ho_inter_bsc0), pars0, 0);
vc_conn1 := f_start_handler_with_pars(refers(f_tc_ho_inter_bsc1), pars1, 1);
vc_conn0.done;
vc_conn1.done;
}
function f_ML3_patch_seq_nr_MS_NW(in uint2_t seq_nr, inout octetstring enc_l3) {
log("MS_NW patching N(SD)=", seq_nr, " into dtap ", enc_l3);
enc_l3[2] := (enc_l3[2] and4b '3f'O) or4b bit2oct(int2bit(seq_nr, 8) << 6);
log("MS_NW patched enc_l3: ", enc_l3);
}
private function f_tc_ho_inter_msc_out(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
var CallParameters cpars := valueof(t_CallParams('12345'H, 0));
var hexstring ho_number := f_gen_msisdn(99999);
f_init_handler(pars);
f_create_mncc_expect(hex2str(ho_number));
f_vty_transceive(MSCVTY, "configure terminal");
f_vty_transceive(MSCVTY, "msc");
f_vty_transceive(MSCVTY, "neighbor a cgi 017 017 1 1 msc-ipa-name msc-017-017-1");
f_vty_transceive(MSCVTY, "exit");
f_vty_transceive(MSCVTY, "exit");
f_perform_lu();
f_mo_call_establish(cpars);
f_sleep(1.0);
var default ack_mdcx := activate(as_mgcp_ack_all_mdcx(cpars));
var myBSSMAP_Cause cause_val := GSM0808_CAUSE_BETTER_CELL;
var BssmapCause cause := enum2int(cause_val);
var template BSSMAP_FIELD_CellIdentificationList cil;
cil := { cIl_LAI := { ts_BSSMAP_CI_LAI('017'H, '017'H, 1) } };
/* old BSS sends Handover Required */
BSSAP.send(ts_BSSMAP_HandoverRequired(cause, cil));
/* The target cell 017-017 LAC 1 is configured to be a remote MSC of name "msc-017-017-1".
* This MSC tries to reach the other MSC via GSUP. */
var octetstring remote_msc_name := '6D73632D3031372D3031372D3100'O; /* "msc-017-017-1\0" as octetstring */
var GSUP_PDU prep_ho_req;
GSUP.receive(tr_GSUP_E_AN_APDU(OSMO_GSUP_MSGT_E_PREPARE_HANDOVER_REQUEST,
pars.imsi, destination_name := remote_msc_name)) -> value prep_ho_req;
var GSUP_IeValue source_name_ie;
f_gsup_find_ie(prep_ho_req, OSMO_GSUP_SOURCE_NAME_IE, source_name_ie);
var octetstring local_msc_name := source_name_ie.source_name;
/* Remote MSC has figured out its BSC and signals success */
var PDU_ML3_NW_MS rr_ho_cmd := valueof(ts_RR_HandoverCommand);
var octetstring rr_ho_cmd_enc := enc_PDU_ML3_NW_MS(rr_ho_cmd);
var PDU_BSSAP ho_req_ack := valueof(ts_BSSMAP_HandoverRequestAcknowledge(rr_ho_cmd_enc, lengthof(rr_ho_cmd_enc),
aoIPTransportLayer := omit,
speechCodec := ts_BSSMAP_IE_SpeechCodec({ts_CodecFR})));
GSUP.send(ts_GSUP_E_PrepareHandoverResult(
pars.imsi,
ho_number,
remote_msc_name, local_msc_name,
valueof(t_GSUP_AN_APDU(OSMO_GSUP_AN_PROTO_48006, enc_PDU_BSSAP(ho_req_ack)))));
/* MSC forwards the RR Handover Command to old BSS */
BSSAP.receive(tr_BSSMAP_HandoverCommand);
/* The MS shows up at remote new BSS */
GSUP.send(ts_GSUP_E_AN_APDU(OSMO_GSUP_MSGT_E_PROCESS_ACCESS_SIGNALLING_REQUEST,
pars.imsi, remote_msc_name, local_msc_name,
valueof(t_GSUP_AN_APDU(OSMO_GSUP_AN_PROTO_48006,
enc_PDU_BSSAP(valueof(ts_BSSMAP_HandoverDetect))))));
BSSAP.receive(tr_BSSMAP_HandoverSucceeded);
f_sleep(0.1);
/* Save the MS sequence counters for use on the other connection */
var N_Sd_Array last_n_sd := f_bssmap_last_n_sd();
GSUP.send(ts_GSUP_E_AN_APDU(OSMO_GSUP_MSGT_E_SEND_END_SIGNAL_REQUEST,
pars.imsi, remote_msc_name, local_msc_name,
valueof(t_GSUP_AN_APDU(OSMO_GSUP_AN_PROTO_48006,
enc_PDU_BSSAP(valueof(ts_BSSMAP_HandoverComplete))))));
/* The local BSS conn clears, all communication goes via remote MSC now */
f_expect_clear();
/**********************************/
/* Play through some signalling across the inter-MSC link.
* This is a copy of f_tc_lu_and_mo_ussd_single_request() translated into GSUP AN-APDUs. */
if (false) {
var template OCTN facility_req := f_USSD_FACILITY_IE_INVOKE(
invoke_id := 5, /* Phone may not start from 0 or 1 */
op_code := SS_OP_CODE_PROCESS_USS_REQ,
ussd_string := "*#100#"
);
var template OCTN facility_rsp := f_USSD_FACILITY_IE_RETURN_RESULT(
invoke_id := 5, /* InvokeID shall be the same for both REQ and RSP */
op_code := SS_OP_CODE_PROCESS_USS_REQ,
ussd_string := "Your extension is " & hex2str(g_pars.msisdn) & "\r"
)
/* Compose a new SS/REGISTER message with request */
var template (value) PDU_ML3_MS_NW ussd_req := ts_ML3_MO_SS_REGISTER(
tid := 1, /* We just need a single transaction */
ti_flag := c_TIF_ORIG, /* Sent from the side that originates the TI */
facility := valueof(facility_req)
);
var PDU_ML3_MS_NW ussd_req_v := valueof(ussd_req);
/* Compose SS/RELEASE_COMPLETE template with expected response */
var template PDU_ML3_NW_MS ussd_rsp := tr_ML3_MT_SS_RELEASE_COMPLETE(
tid := 1, /* Response should arrive within the same transaction */
ti_flag := c_TIF_REPL, /* Sent to the side that originates the TI */
facility := valueof(facility_rsp)
);
/* Compose expected MSC -> HLR message */
var template GSUP_PDU gsup_req := tr_GSUP_PROC_SS_REQ(
imsi := g_pars.imsi,
state := OSMO_GSUP_SESSION_STATE_BEGIN,
ss := valueof(facility_req)
);
/* To be used for sending response with correct session ID */
var GSUP_PDU gsup_req_complete;
/* Request own number */
/* From remote MSC instead of BSSAP directly */
/* Patch the correct N_SD value into the message. */
var octetstring l3_enc := enc_PDU_ML3_MS_NW(ussd_req_v);
var RAN_Emulation.ConnectionData cd;
f_ML3_patch_seq_nr_MS_NW(f_next_n_sd(last_n_sd, f_ML3_n_sd_idx(ussd_req_v)), l3_enc);
GSUP.send(ts_GSUP_E_AN_APDU(OSMO_GSUP_MSGT_E_PROCESS_ACCESS_SIGNALLING_REQUEST,
pars.imsi, remote_msc_name, local_msc_name,
valueof(t_GSUP_AN_APDU(OSMO_GSUP_AN_PROTO_48006,
enc_PDU_BSSAP(valueof(ts_BSSAP_DTAP(l3_enc)))
))
));
/* Expect GSUP message containing the SS payload */
gsup_req_complete := f_expect_gsup_msg(gsup_req);
/* Compose the response from HLR using received session ID */
var template GSUP_PDU gsup_rsp := ts_GSUP_PROC_SS_REQ(
imsi := g_pars.imsi,
sid := gsup_req_complete.ies[1].val.session_id,
state := OSMO_GSUP_SESSION_STATE_END,
ss := valueof(facility_rsp)
);
/* Finally, HLR terminates the session */
GSUP.send(gsup_rsp);
/* The USSD response goes out to remote MSC, on GSUP E instead of BSSAP */
var GSUP_PDU gsup_ussd_rsp;
GSUP.receive(tr_GSUP_E_AN_APDU(OSMO_GSUP_MSGT_E_FORWARD_ACCESS_SIGNALLING_REQUEST,
pars.imsi, destination_name := remote_msc_name)) -> value gsup_ussd_rsp;
var GSUP_IeValue an_apdu;
if (not f_gsup_find_ie(gsup_ussd_rsp, OSMO_GSUP_AN_APDU_IE, an_apdu)) {
setverdict(fail, "No AN-APDU in received GSUP message. Expected USSD response in DTAP, got", gsup_ussd_rsp);
mtc.stop;
}
var PDU_BSSAP bssap_dtap_mt := dec_PDU_BSSAP(an_apdu.an_apdu.pdu);
var PDU_ML3_NW_MS dtap_mt := dec_PDU_ML3_NW_MS(bssap_dtap_mt.pdu.dtap);
log("Expecting", ussd_rsp);
log("Got", dtap_mt);
if (not match(dtap_mt, ussd_rsp)) {
setverdict(fail, "Unexpected GSUP message. Expected USSD response in DTAP, got", gsup_ussd_rsp);
mtc.stop;
}
}
/**********************************/
/* inter-MSC handover back to the first MSC */
f_create_bssmap_exp_handoverRequest(193);
cil := { cIl_CGI := { ts_BSSMAP_CI_CGI('262'H, '42'H, 23, 42) } };
/* old BSS sends Handover Required, via inter-MSC E link: like
* BSSAP.send(ts_BSSMAP_HandoverRequired(cause, cil));
* but via GSUP */
GSUP.send(ts_GSUP_E_AN_APDU(OSMO_GSUP_MSGT_E_PREPARE_SUBSEQUENT_HANDOVER_REQUEST,
pars.imsi, remote_msc_name, local_msc_name,
valueof(t_GSUP_AN_APDU(OSMO_GSUP_AN_PROTO_48006,
enc_PDU_BSSAP(valueof(ts_BSSMAP_HandoverRequired(cause, cil)))
))
));
/* MSC asks local BSS to prepare Handover to it */
BSSAP.receive(tr_BSSMAP_HandoverRequest);
/* Make sure the new BSSAP conn continues with the correct N_SD sequence numbers */
f_bssmap_continue_after_n_sd(last_n_sd);
/* new BSS composes a RR Handover Command */
rr_ho_cmd := valueof(ts_RR_HandoverCommand);
rr_ho_cmd_enc := enc_PDU_ML3_NW_MS(rr_ho_cmd);
var BSSMAP_IE_AoIP_TransportLayerAddress tla := valueof(ts_BSSMAP_IE_AoIP_TLA4('01020304'O, 2342));
BSSAP.send(ts_BSSMAP_HandoverRequestAcknowledge(rr_ho_cmd_enc, lengthof(rr_ho_cmd_enc),
tla, ts_BSSMAP_IE_SpeechCodec({ts_CodecFR})));
/* HandoverCommand goes out via remote MSC-I */
var GSUP_PDU prep_subsq_ho_res;
GSUP.receive(tr_GSUP_E_AN_APDU(OSMO_GSUP_MSGT_E_PREPARE_SUBSEQUENT_HANDOVER_RESULT,
pars.imsi, destination_name := remote_msc_name)) -> value prep_subsq_ho_res;
/* MS shows up at the local BSS */
BSSAP.send(ts_BSSMAP_HandoverDetect);
f_sleep(0.1);
BSSAP.send(ts_BSSMAP_HandoverComplete);
/* Handover Succeeded message */
GSUP.receive(tr_GSUP_E_AN_APDU(OSMO_GSUP_MSGT_E_FORWARD_ACCESS_SIGNALLING_REQUEST,
pars.imsi, destination_name := remote_msc_name));
/* MS has handovered to here, Clear Command goes out via remote MSC-I -- in form of a GSUP Close. */
GSUP.receive(tr_GSUP_E_NO_PDU(OSMO_GSUP_MSGT_E_CLOSE,
pars.imsi, destination_name := remote_msc_name));
/* Handover ends successfully. Call goes on for a little longer and then we hang up. */
f_sleep(1.0);
deactivate(ack_mdcx);
/* FIXME: the inter-MSC call has put a number of MNCC messages in the queue, which above code should expect and
* clear out. The f_call_hangup() expects an MNCC_REL_IND, so, for the time being, just clear the MNCC messages
* before starting the call hangup. Instead of this, the individual messages should be tested for above. */
MNCC.clear;
var default ccrel := activate(as_optional_cc_rel(cpars, true));
f_call_hangup(cpars, true);
f_sleep(1.0);
deactivate(ccrel);
setverdict(pass);
}
testcase TC_ho_inter_msc_out() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init(1);
var BSC_ConnHdlrPars pars := f_init_pars(54);
vc_conn := f_start_handler_with_pars(refers(f_tc_ho_inter_msc_out), pars, 0);
vc_conn.done;
}
private function f_tc_lu_imsi_auth_tmsi_check_imei(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
pars.net.expect_auth := true;
pars.net.expect_imei := true;
f_init_handler(pars);
f_perform_lu();
}
testcase TC_lu_imsi_auth_tmsi_check_imei() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
f_vty_config(MSCVTY, "network", "authentication required");
f_vty_config(MSCVTY, "msc", "check-imei-rqd 1");
vc_conn := f_start_handler(refers(f_tc_lu_imsi_auth_tmsi_check_imei), 5);
vc_conn.done;
}
private function f_tc_lu_imsi_auth3g_tmsi_check_imei(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
pars.net.expect_auth := true;
pars.use_umts_aka := true;
pars.net.expect_imei := true;
f_init_handler(pars);
f_perform_lu();
}
testcase TC_lu_imsi_auth3g_tmsi_check_imei() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
f_vty_config(MSCVTY, "network", "authentication required");
f_vty_config(MSCVTY, "msc", "check-imei-rqd 1");
vc_conn := f_start_handler(refers(f_tc_lu_imsi_auth3g_tmsi_check_imei), 5);
vc_conn.done;
}
private function f_tc_lu_imsi_noauth_tmsi_check_imei(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
pars.net.expect_imei := true;
f_init_handler(pars);
f_perform_lu();
}
testcase TC_lu_imsi_noauth_tmsi_check_imei() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
f_vty_config(MSCVTY, "msc", "check-imei-rqd 1");
vc_conn := f_start_handler(refers(f_tc_lu_imsi_noauth_tmsi_check_imei), 5);
vc_conn.done;
}
private function f_tc_lu_imsi_noauth_notmsi_check_imei(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
pars.net.expect_tmsi := false;
pars.net.expect_imei := true;
f_init_handler(pars);
f_perform_lu();
}
testcase TC_lu_imsi_noauth_notmsi_check_imei() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
f_vty_config(MSCVTY, "msc", "no assign-tmsi");
f_vty_config(MSCVTY, "msc", "check-imei-rqd 1");
vc_conn := f_start_handler(refers(f_tc_lu_imsi_noauth_notmsi_check_imei), 5);
vc_conn.done;
}
private function f_tc_lu_imsi_auth_tmsi_check_imei_nack(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
var PDU_ML3_MS_NW l3_lu;
pars.net.expect_auth := true;
pars.net.expect_imei := true;
pars.net.check_imei_result := OSMO_GSUP_IMEI_RESULT_NACK;
f_init_handler(pars);
/* Cannot use f_perform_lu() as we expect a reject */
l3_lu := f_build_lu_imsi(g_pars.imsi)
f_create_gsup_expect(hex2str(g_pars.imsi));
f_bssap_compl_l3(l3_lu);
BSSAP.send(ts_BSSMAP_ClassmarkUpd(g_pars.cm2, g_pars.cm3));
f_mm_common();
f_msc_lu_hlr();
f_mm_imei();
f_expect_lu_reject();
f_expect_clear();
}
testcase TC_lu_imsi_auth_tmsi_check_imei_nack() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
f_vty_config(MSCVTY, "network", "authentication required");
f_vty_config(MSCVTY, "msc", "check-imei-rqd 1");
vc_conn := f_start_handler(refers(f_tc_lu_imsi_auth_tmsi_check_imei_nack), 5);
vc_conn.done;
}
private function f_tc_lu_imsi_auth_tmsi_check_imei_err(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
var PDU_ML3_MS_NW l3_lu;
pars.net.expect_auth := true;
pars.net.expect_imei := true;
pars.net.check_imei_error := true;
f_init_handler(pars);
/* Cannot use f_perform_lu() as we expect a reject */
l3_lu := f_build_lu_imsi(g_pars.imsi)
f_create_gsup_expect(hex2str(g_pars.imsi));
f_bssap_compl_l3(l3_lu);
BSSAP.send(ts_BSSMAP_ClassmarkUpd(g_pars.cm2, g_pars.cm3));
f_mm_common();
f_msc_lu_hlr();
f_mm_imei();
f_expect_lu_reject();
f_expect_clear();
}
testcase TC_lu_imsi_auth_tmsi_check_imei_err() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
f_vty_config(MSCVTY, "network", "authentication required");
f_vty_config(MSCVTY, "msc", "check-imei-rqd 1");
vc_conn := f_start_handler(refers(f_tc_lu_imsi_auth_tmsi_check_imei_err), 5);
vc_conn.done;
}
private function f_tc_lu_imsi_auth_tmsi_check_imei_early(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
pars.net.expect_auth := true;
pars.net.expect_imei_early := true;
f_init_handler(pars);
f_perform_lu();
}
testcase TC_lu_imsi_auth_tmsi_check_imei_early() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
f_vty_config(MSCVTY, "network", "authentication required");
f_vty_config(MSCVTY, "msc", "check-imei-rqd early");
vc_conn := f_start_handler(refers(f_tc_lu_imsi_auth_tmsi_check_imei_early), 5);
vc_conn.done;
}
private function f_tc_lu_imsi_auth3g_tmsi_check_imei_early(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
pars.net.expect_auth := true;
pars.use_umts_aka := true;
pars.net.expect_imei_early := true;
f_init_handler(pars);
f_perform_lu();
}
testcase TC_lu_imsi_auth3g_tmsi_check_imei_early() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
f_vty_config(MSCVTY, "network", "authentication required");
f_vty_config(MSCVTY, "msc", "check-imei-rqd early");
vc_conn := f_start_handler(refers(f_tc_lu_imsi_auth3g_tmsi_check_imei_early), 5);
vc_conn.done;
}
private function f_tc_lu_imsi_noauth_tmsi_check_imei_early(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
pars.net.expect_imei_early := true;
f_init_handler(pars);
f_perform_lu();
}
testcase TC_lu_imsi_noauth_tmsi_check_imei_early() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
f_vty_config(MSCVTY, "msc", "check-imei-rqd early");
vc_conn := f_start_handler(refers(f_tc_lu_imsi_noauth_tmsi_check_imei_early), 5);
vc_conn.done;
}
private function f_tc_lu_imsi_noauth_notmsi_check_imei_early(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
pars.net.expect_tmsi := false;
pars.net.expect_imei_early := true;
f_init_handler(pars);
f_perform_lu();
}
testcase TC_lu_imsi_noauth_notmsi_check_imei_early() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
f_vty_config(MSCVTY, "msc", "no assign-tmsi");
f_vty_config(MSCVTY, "msc", "check-imei-rqd early");
vc_conn := f_start_handler(refers(f_tc_lu_imsi_noauth_notmsi_check_imei_early), 5);
vc_conn.done;
}
private function f_tc_lu_imsi_auth_tmsi_check_imei_early_nack(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
var PDU_ML3_MS_NW l3_lu;
pars.net.expect_auth := true;
pars.net.expect_imei_early := true;
pars.net.check_imei_result := OSMO_GSUP_IMEI_RESULT_NACK;
f_init_handler(pars);
/* Cannot use f_perform_lu() as we expect a reject */
l3_lu := f_build_lu_imsi(g_pars.imsi)
f_create_gsup_expect(hex2str(g_pars.imsi));
f_bssap_compl_l3(l3_lu);
BSSAP.send(ts_BSSMAP_ClassmarkUpd(g_pars.cm2, g_pars.cm3));
f_mm_imei_early();
f_expect_lu_reject();
f_expect_clear();
}
testcase TC_lu_imsi_auth_tmsi_check_imei_early_nack() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
f_vty_config(MSCVTY, "network", "authentication required");
f_vty_config(MSCVTY, "msc", "check-imei-rqd early");
vc_conn := f_start_handler(refers(f_tc_lu_imsi_auth_tmsi_check_imei_early_nack), 5);
vc_conn.done;
}
private function f_tc_lu_imsi_auth_tmsi_check_imei_early_err(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
var PDU_ML3_MS_NW l3_lu;
pars.net.expect_auth := true;
pars.net.expect_imei_early := true;
pars.net.check_imei_error := true;
f_init_handler(pars);
/* Cannot use f_perform_lu() as we expect a reject */
l3_lu := f_build_lu_imsi(g_pars.imsi)
f_create_gsup_expect(hex2str(g_pars.imsi));
f_bssap_compl_l3(l3_lu);
BSSAP.send(ts_BSSMAP_ClassmarkUpd(g_pars.cm2, g_pars.cm3));
f_mm_imei_early();
f_expect_lu_reject();
f_expect_clear();
}
testcase TC_lu_imsi_auth_tmsi_check_imei_early_err() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
f_vty_config(MSCVTY, "network", "authentication required");
f_vty_config(MSCVTY, "msc", "check-imei-rqd early");
vc_conn := f_start_handler(refers(f_tc_lu_imsi_auth_tmsi_check_imei_early_err), 5);
vc_conn.done;
}
friend function f_tc_invalid_mgcp_crash(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr {
f_init_handler(pars);
var CallParameters cpars := valueof(t_CallParams('12345'H, 0));
/* Set invalid IP address so that osmo-msc discards the rtp_stream and MGCP endpoint FSM instances in the middle
* of successful MGCP response dispatch. If things aren't safeguarded, the on_success() in osmo_mgcpc_ep_fsm
* will cause a use-after-free after that event dispatch. */
cpars.mgw_conn_1.mgw_rtp_ip := "0.0.0.0";
cpars.mgw_conn_2.mgw_rtp_ip := "0.0.0.0";
cpars.rtp_sdp_format := "FOO/8000";
cpars.expect_release := true;
f_perform_lu();
f_mo_call_establish(cpars);
}
testcase TC_invalid_mgcp_crash() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
vc_conn := f_start_handler(refers(f_tc_invalid_mgcp_crash), 7);
vc_conn.done;
}
friend function f_tc_mm_id_resp_no_identity(charstring id, BSC_ConnHdlrPars pars)
runs on BSC_ConnHdlr {
pars.tmsi := 'FFFFFFFF'O;
f_init_handler(pars);
f_create_gsup_expect(hex2str(g_pars.imsi));
/* Initiate Location Updating using an unknown TMSI */
f_bssap_compl_l3(f_build_lu_tmsi(pars.tmsi));
/* Expect an Identity Request, send response with no identity */
BSSAP.receive(tr_PDU_DTAP_MT(tr_ML3_MT_MM_ID_Req(CM_ID_TYPE_IMSI)));
BSSAP.send(ts_PDU_DTAP_MO(ts_ML3_MO_MM_ID_Rsp({
lengthIndicator := 1,
mobileIdentityV := {
typeOfIdentity := '000'B,
oddEvenInd_identity := {
no_identity := {
oddevenIndicator := '0'B,
fillerDigits := '00000'H
}
}
}
})));
f_expect_lu_reject();
f_expect_clear();
}
testcase TC_mm_id_resp_no_identity() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
vc_conn := f_start_handler(refers(f_tc_mm_id_resp_no_identity), 7);
vc_conn.done;
}
/* Verify the case when T3212 expires during Paging procedure, just before the receipt
* of Paging Response. This used to provoke a NULL-pointer dereference in old versions
* of OsmoMSC, but apparently the bug has been fixed, and we're safe now. */
friend function f_tc_lu_and_expire_while_paging(charstring id, BSC_ConnHdlrPars pars)
runs on BSC_ConnHdlr {
var charstring imsi := hex2str(pars.imsi);
f_init_handler(pars);
/* Perform location update */
f_perform_lu();
f_ran_register_imsi(g_pars.imsi, g_pars.tmsi);
f_create_gsup_expect(hex2str(g_pars.imsi));
/* Initiate paging procedure from the VTY */
f_vty_transceive(MSCVTY, "subscriber imsi " & imsi & " paging");
f_expect_paging();
/* Emulate T3212 expiration during paging (we don't want to wait, right?) */
f_vty_transceive(MSCVTY, "subscriber imsi " & imsi & " expire");
/* MS sends PAGING RESPONSE, *old* OsmoMSC crashes here... */
f_establish_fully(EST_TYPE_PAG_RESP);
/* The recent OsmoMSC keeps subscriber in its VLR unless the Paging is completed.
* In this case we do not send anything and just wait for a Clear Command. */
f_expect_clear();
}
testcase TC_lu_and_expire_while_paging() runs on MTC_CT {
var BSC_ConnHdlr vc_conn;
f_init();
vc_conn := f_start_handler(refers(f_tc_lu_and_expire_while_paging), 7);
vc_conn.done;
}
control {
execute( TC_cr_before_reset() );
execute( TC_lu_imsi_noauth_tmsi() );
execute( TC_lu_imsi_noauth_notmsi() );
execute( TC_lu_imsi_reject() );
execute( TC_lu_imsi_timeout_gsup() );
execute( TC_lu_imsi_auth_tmsi() );
execute( TC_lu_imsi_auth3g_tmsi() );
execute( TC_lu_imsi_timeout_tmsi_realloc() );
execute( TC_cmserv_imsi_unknown() );
execute( TC_lu_and_mo_call() );
execute( TC_lu_and_mo_call_sccp_tiar_timeout() );
execute( TC_lu_auth_sai_timeout() );
execute( TC_lu_auth_sai_err() );
execute( TC_lu_clear_request() );
execute( TC_lu_disconnect() );
execute( TC_lu_by_imei() );
execute( TC_lu_by_tmsi_noauth_unknown() );
execute( TC_imsi_detach_by_imsi() );
execute( TC_imsi_detach_by_tmsi() );
execute( TC_imsi_detach_by_imei() );
execute( TC_emerg_call_imei_reject() );
execute( TC_emerg_call_imsi() );
execute( TC_cm_serv_req_vgcs_reject() );
execute( TC_cm_serv_req_vbs_reject() );
execute( TC_cm_serv_req_lcs_reject() );
execute( TC_cm_reest_req_reject() );
execute( TC_lu_auth_2G_fail() );
execute( TC_lu_imsi_auth_tmsi_encr_13_13() );
execute( TC_cl3_no_payload() );
execute( TC_cl3_rnd_payload() );
execute( TC_establish_and_nothing() );
execute( TC_mo_setup_and_nothing() );
execute( TC_mo_crcx_ran_timeout() );
execute( TC_mo_crcx_ran_reject() );
execute( TC_mt_crcx_ran_reject() );
execute( TC_mo_setup_and_dtmf_dup() );
//execute( TC_mt_t310() );
execute( TC_gsup_cancel() );
execute( TC_lu_imsi_auth_tmsi_encr_1_13() );
execute( TC_lu_imsi_auth_tmsi_encr_3_13() );
execute( TC_lu_imsi_auth_tmsi_encr_3_1() );
execute( TC_lu_imsi_auth_tmsi_encr_3_1_no_cm() );
execute( TC_lu_imsi_auth_tmsi_encr_13_2() );
execute( TC_lu_imsi_auth_tmsi_encr_013_2() );
execute( TC_mo_release_timeout() );
execute( TC_lu_and_mt_call_no_dlcx_resp() );
execute( TC_reset_two() );
execute( TC_lu_and_mt_call() );
execute( TC_lu_and_mt_call_already_paging() );
execute( TC_lu_and_mo_sms() );
execute( TC_lu_and_mt_sms() );
execute( TC_lu_and_mt_sms_already_paging() );
execute( TC_lu_and_mt_sms_paging_and_nothing() );
execute( TC_lu_and_mt_sms_paging_repeated() );
execute( TC_smpp_mo_sms() );
execute( TC_smpp_mo_sms_rp_error() );
execute( TC_smpp_mt_sms() );
execute( TC_gsup_mo_sms() );
execute( TC_gsup_mo_smma() );
execute( TC_gsup_mt_sms_ack() );
execute( TC_gsup_mt_sms_err() );
execute( TC_gsup_mt_sms_rp_mr() );
execute( TC_gsup_mo_mt_sms_rp_mr() );
execute( TC_gsup_mt_multi_part_sms() );
execute( TC_lu_and_mo_ussd_single_request() );
execute( TC_lu_and_mt_ussd_notification() );
execute( TC_lu_and_mo_ussd_during_mt_call() );
execute( TC_lu_and_mt_ussd_during_mt_call() );
execute( TC_lu_and_mo_ussd_mo_release() );
execute( TC_lu_and_ss_session_timeout() );
execute( TC_mt_ussd_for_unknown_subscr() );
execute( TC_mo_ussd_for_unknown_trans() );
execute( TC_proc_ss_for_unknown_session() );
execute( TC_proc_ss_paging_fail() );
execute( TC_proc_ss_abort() );
execute( TC_multi_lu_and_mo_ussd() );
execute( TC_multi_lu_and_mt_ussd() );
execute( TC_cipher_complete_with_invalid_cipher() );
execute( TC_cipher_complete_1_without_cipher() );
execute( TC_cipher_complete_3_without_cipher() );
execute( TC_cipher_complete_13_without_cipher() );
execute( TC_lu_with_invalid_mcc_mnc() );
execute( TC_sgsap_reset() );
execute( TC_sgsap_lu() );
execute( TC_sgsap_lu_imsi_reject() );
execute( TC_sgsap_lu_and_nothing() );
execute( TC_sgsap_expl_imsi_det_eps() );
execute( TC_sgsap_impl_imsi_det_eps() );
execute( TC_sgsap_expl_imsi_det_noneps() );
execute( TC_sgsap_impl_imsi_det_noneps() );
execute( TC_sgsap_paging_rej() );
execute( TC_sgsap_paging_subscr_rej() );
execute( TC_sgsap_paging_ue_unr() );
execute( TC_sgsap_paging_and_nothing() );
execute( TC_sgsap_paging_and_lu() );
execute( TC_sgsap_mt_sms() );
execute( TC_sgsap_mo_sms() );
execute( TC_sgsap_mt_sms_and_nothing() );
execute( TC_sgsap_mt_sms_and_reject() );
execute( TC_sgsap_unexp_ud() );
execute( TC_sgsap_unsol_ud() );
execute( TC_bssap_lu_sgsap_lu_and_mt_call() );
execute( TC_sgsap_lu_and_mt_call() );
execute( TC_sgsap_vlr_failure() );
execute( TC_ho_inter_bsc_unknown_cell() );
execute( TC_ho_inter_bsc() );
execute( TC_ho_inter_msc_out() );
execute( TC_lu_imsi_auth_tmsi_check_imei() );
execute( TC_lu_imsi_auth3g_tmsi_check_imei() );
execute( TC_lu_imsi_noauth_tmsi_check_imei() );
execute( TC_lu_imsi_noauth_notmsi_check_imei() );
execute( TC_lu_imsi_auth_tmsi_check_imei_nack() );
execute( TC_lu_imsi_auth_tmsi_check_imei_err() );
execute( TC_lu_imsi_auth_tmsi_check_imei_early() );
execute( TC_lu_imsi_auth3g_tmsi_check_imei_early() );
execute( TC_lu_imsi_noauth_tmsi_check_imei_early() );
execute( TC_lu_imsi_noauth_notmsi_check_imei_early() );
execute( TC_lu_imsi_auth_tmsi_check_imei_early_nack() );
execute( TC_lu_imsi_auth_tmsi_check_imei_early_err() );
/* Run this last: at the time of writing this test crashes the MSC */
execute( TC_lu_imsi_auth_tmsi_encr_3_1_log_msc_debug() );
execute( TC_mo_cc_bssmap_clear() );
if (mp_enable_osmux_test) {
execute( TC_lu_and_mt_call_osmux() );
}
execute( TC_invalid_mgcp_crash() );
execute( TC_mm_id_resp_no_identity() );
execute( TC_lu_and_expire_while_paging() );
}
}