diff mbox

OsmoSGSN [PATCH], Network Service

Message ID CA+W2XBungi8EX+uOsm52yNB334hHgJCHYjnTBxZRJvpe0jjfyQ@mail.gmail.com
State Not Applicable
Headers show

Commit Message

Michal Grznár May 28, 2014, 12:38 p.m. UTC 
Hi, it wasn´t handly written diffs but here I send diff made by using git
diff. And the problem you can see in packets with number 27-40 (especially
see in number 30 you see there the old tlli and newly generated P-TMSI in
message attach accept and in number 31 there is new TLLI which is the same
as generated P-TMSI in previous message) and that is the problem I needed
to solve, that the new TLLI was not LOCAL.

regards Michal


2014-05-23 13:16 GMT+02:00 Holger Hans Peter Freyther <holger@freyther.de>:

> On Fri, May 23, 2014 at 11:44:40AM +0200, Michal Grznár wrote:
>
> Hi,
>
> > And the problem was as I said in Imsi attach procedure new TLLI == new
> > allocated P-tmsi, and there was a problem that the function
>  gprs_tmsi2tlli()
> > function there was not called and so I had to mask the upper bits in
> > function where the p-tmsi is allocated, there is also a pcap trace where
> > you can see it.
>
> Could you please elaborate of what/were (e.g. packet numbers) we
> can see "it" and what it should be instead? And please use "git diff"
> or preferable "git commit" and git format-patch. The "diff" you include
> is hand-written and sadly not usable because of this.
>
> And as written by Harald before. The place you patch is not correct.
> The method you patch should generate a unique P-TMSI. It might should
> mask some of the higher bits. But you need to look at the callers of
> this function if the tlli is not updated.
>
> e.g. in src/gprs/gprs_gmm.c you will see something like this:
>
>         ctx->p_tmsi = sgsn_alloc_ptmsi();
> #endif
>
>         /* Even if there is no P-TMSI allocated, the MS will switch from
>          * foreign TLLI to local TLLI */
>         ctx->tlli_new = gprs_tmsi2tlli(ctx->p_tmsi, TLLI_LOCAL);
>
>         /* Inform LLC layer about new TLLI but keep old active */
>         gprs_llgmm_assign(ctx->llme, ctx->tlli, ctx->tlli_new,
>                           GPRS_ALGO_GEA0, NULL);
>
> So this call to gprs_tmsi2tlli will make sure that 0xc0000000 will
> be set. In fact I see two calls to sgsn_alloc_ptmsi and both of them
> do the above and assign the new tlli to the context. So please could
> you try to explain what you are trying to solve?
>
> holger
>
>

diff --git a/home/michal/Plocha/gprs_ns_before_patch.c b/home/michal/Plocha/gprs_ns_patch.c
index c939003..1bc965e 100644
--- a/home/michal/Plocha/gprs_ns_before_patch.c
+++ b/home/michal/Plocha/gprs_ns_patch.c
@@ -1217,16 +1217,14 @@ int gprs_ns_process_msg(struct gprs_ns_inst *nsi, struct msgb *msg,
 
        switch (nsh->pdu_type) {
        case NS_PDUT_ALIVE:
-               /* If we're dead and blocked and suddenly receive a
-                * NS-ALIVE out of the blue, we might have been re-started
-                * and should send a NS-RESET to make sure everything recovers
-                * fine. */
-
-LOGP(DNS, LOGL_INFO, "Rx NS ALIVE\n");         
-if ((*nsvc)->state == NSE_S_BLOCKED)
-                       rc = gprs_ns_tx_reset((*nsvc), NS_CAUSE_PDU_INCOMP_PSTATE);
-               else
-                       rc = gprs_ns_tx_alive_ack(*nsvc);
+               LOGP(DNS, LOGL_INFO, "Rx NS ALIVE\n");
+               rc = gprs_ns_tx_alive_ack(*nsvc);
+               /*mark NS-VC as unblocked and active*/
+               (*nsvc)->state = NSE_S_ALIVE;
+               (*nsvc)->remote_state = NSE_S_ALIVE;
+               /*Initiate TEST proc.: Send ALIVE_ACK and start timer*/
+               rc = gprs_ns_tx_simple((*nsvc), NS_PDUT_ALIVE_ACK);
+               nsvc_start_timer((*nsvc), NSVC_TIMER_TNS_TEST);
                break;
        case NS_PDUT_ALIVE_ACK:
                /* stop Tns-alive and start Tns-test */

Comments

Michal Grznár June 5, 2014, 9:52 a.m. UTC | #1 
So it is the communication between osmoSGSN and sim-bss (Attach procedure).
The problem comes in attach accept/complete. OsmoSGSN sends message attach
accept with currenr TLLI = 0x78000001 and with new allocated P-TMSI =
0x475b916b. Sim-bss answeres with message attach complete with new tlli
made/generated im osmoSGSN from new P-TMSI...and as I said and as 3GPP
24.008 spec. says new TLLI = new allocated P-TMSI = 0x475b916b. And there
comes the problem that it is not LOCAL TLLI. So the point of the problem is
that new P-TMSI/TLLI is not generated correctly and could be said osmoSGSN
rejects what it generated and that is the problem. If it helps, I connects
osmo-SGSN_vty output.

Regards Michal


2014-05-28 14:38 GMT+02:00 Michal Grznár <mihal.grznar@gmail.com>:

> Hi, it wasn´t handly written diffs but here I send diff made by using git
> diff. And the problem you can see in packets with number 27-40 (especially
> see in number 30 you see there the old tlli and newly generated P-TMSI in
> message attach accept and in number 31 there is new TLLI which is the same
> as generated P-TMSI in previous message) and that is the problem I needed
> to solve, that the new TLLI was not LOCAL.
>
> regards Michal
>
>
> 2014-05-23 13:16 GMT+02:00 Holger Hans Peter Freyther <holger@freyther.de>
> :
>
> On Fri, May 23, 2014 at 11:44:40AM +0200, Michal Grznár wrote:
>>
>> Hi,
>>
>> > And the problem was as I said in Imsi attach procedure new TLLI == new
>> > allocated P-tmsi, and there was a problem that the function
>>  gprs_tmsi2tlli()
>> > function there was not called and so I had to mask the upper bits in
>> > function where the p-tmsi is allocated, there is also a pcap trace where
>> > you can see it.
>>
>> Could you please elaborate of what/were (e.g. packet numbers) we
>> can see "it" and what it should be instead? And please use "git diff"
>> or preferable "git commit" and git format-patch. The "diff" you include
>> is hand-written and sadly not usable because of this.
>>
>> And as written by Harald before. The place you patch is not correct.
>> The method you patch should generate a unique P-TMSI. It might should
>> mask some of the higher bits. But you need to look at the callers of
>> this function if the tlli is not updated.
>>
>> e.g. in src/gprs/gprs_gmm.c you will see something like this:
>>
>>         ctx->p_tmsi = sgsn_alloc_ptmsi();
>> #endif
>>
>>         /* Even if there is no P-TMSI allocated, the MS will switch from
>>          * foreign TLLI to local TLLI */
>>         ctx->tlli_new = gprs_tmsi2tlli(ctx->p_tmsi, TLLI_LOCAL);
>>
>>         /* Inform LLC layer about new TLLI but keep old active */
>>         gprs_llgmm_assign(ctx->llme, ctx->tlli, ctx->tlli_new,
>>                           GPRS_ALGO_GEA0, NULL);
>>
>> So this call to gprs_tmsi2tlli will make sure that 0xc0000000 will
>> be set. In fact I see two calls to sgsn_alloc_ptmsi and both of them
>> do the above and assign the new tlli to the context. So please could
>> you try to explain what you are trying to solve?
>>
>> holger
>>
>>
>
<0010> gprs_ns.c:1226 Rx NS ALIVE
<0010> gprs_ns.c:479 NSEI=65534 Tx NS ALIVE_ACK (NSVCI=12345)
<0010> gprs_ns.c:505 NSEI=65534 Starting timer in mode tns-test (40 seconds)
<0010> gprs_ns.c:1226 Rx NS ALIVE
<0010> gprs_ns.c:479 NSEI=65534 Tx NS ALIVE_ACK (NSVCI=12345)
<0010> gprs_ns.c:505 NSEI=65534 Starting timer in mode tns-test (40 seconds)
<0011> gprs_bssgp.c:249 BSSGP BVCI=0 Rx RESET cause=Processor overload
<0011> gprs_bssgp.c:249 BSSGP BVCI=2 Rx RESET cause=Processor overload
<0011> gprs_bssgp.c:272 Cell 208-2-11-1 CI 1 on BVCI 2
<0011> gprs_bssgp.c:249 BSSGP BVCI=3 Rx RESET cause=Processor overload
<0011> gprs_bssgp.c:272 Cell 208-2-11-2 CI 2 on BVCI 3
<0011> gprs_bssgp.c:249 BSSGP BVCI=4 Rx RESET cause=Processor overload
<0011> gprs_bssgp.c:272 Cell 208-2-11-3 CI 3 on BVCI 4
<0011> gprs_bssgp.c:249 BSSGP BVCI=5 Rx RESET cause=Processor overload
<0011> gprs_bssgp.c:272 Cell 208-2-11-4 CI 4 on BVCI 5
<0011> gprs_bssgp.c:753 BSSGP BVCI=2 Rx Flow Control BVC
<0011> gprs_bssgp.c:790 BSS instructs us to MS default bucket leak rate != 0, restarting DL GPRS!
<0011> gprs_bssgp.c:753 BSSGP BVCI=3 Rx Flow Control BVC
<0011> gprs_bssgp.c:790 BSS instructs us to MS default bucket leak rate != 0, restarting DL GPRS!
<0011> gprs_bssgp.c:753 BSSGP BVCI=4 Rx Flow Control BVC
<0011> gprs_bssgp.c:790 BSS instructs us to MS default bucket leak rate != 0, restarting DL GPRS!
<0011> gprs_bssgp.c:753 BSSGP BVCI=5 Rx Flow Control BVC
<0011> gprs_bssgp.c:790 BSS instructs us to MS default bucket leak rate != 0, restarting DL GPRS!
<0010> gprs_ns.c:523 NSEI=65534 Timer expired in mode tns-test (40 seconds)
<0010> gprs_ns.c:466 NSEI=65534 Tx NS ALIVE (NSVCI=12345)
<0010> gprs_ns.c:505 NSEI=65534 Starting timer in mode tns-alive (10 seconds)
<0010> gprs_ns.c:505 NSEI=65534 Starting timer in mode tns-test (40 seconds)
<0011> gprs_bssgp.c:376 BSSGP TLLI=0x78000001 Rx UPLINK-UNITDATA
<0012> gprs_llc.c:562 LLC SAPI=1 C   FCS=0xbbe727CMD=UI DATA 
<0012> gprs_llc.c:826 tlli je random!!!
<0012> gprs_llc.c:256 LLC RX: unknown TLLI 0x78000001, creating LLME on the fly
<0002> gprs_gmm.c:640 -> GMM ATTACH REQUEST MI(231010000000000) type="GPRS attach" <0012> gprs_gmm.c:752 gprs_gmm.c: Alokujeme nove p-tmsi!!!!
<0012> gprs_sgsn.c:369 sgsn_alloc_ptmsi: Alokovali sme taketo p-tmsi 0x475b916b 

<0002> gprs_gmm.c:444 <- GPRS IDENTITY REQUEST: mi_type=02
<0011> gprs_bssgp.c:376 BSSGP TLLI=0x78000001 Rx UPLINK-UNITDATA
<0012> gprs_llc.c:562 LLC SAPI=1 C   FCS=0xae6b48CMD=UI DATA 
<0012> gprs_llc.c:826 tlli je random!!!
<0002> gprs_gmm.c:582 -> GMM IDENTITY RESPONSE: mi_type=0x02 MI(123456789012310) 
<0002> gprs_gmm.c:352 <- GPRS ATTACH ACCEPT (new P-TMSI=0x475b916b)
<0011> gprs_bssgp.c:376 BSSGP TLLI=0x475b916b Rx UPLINK-UNITDATA
<0012> gprs_llc.c:562 LLC SAPI=1 C   FCS=0xbcd739CMD=UI DATA 
<0012> gprs_llc.c:832 tlli je reserved!!!
<0012> gprs_llc.c:256 LLC RX: unknown TLLI 0x475b916b, creating LLME on the fly
<0002> gprs_gmm.c:1030 Cannot handle GMM for unknown MM CTX
<0002> gprs_gmm.c:277 <- GPRS MM STATUS (cause: MS identity cannot be derived by the network)
<0011> gprs_bssgp.c:376 BSSGP TLLI=0x475b916b Rx UPLINK-UNITDATA
<0012> gprs_llc.c:562 LLC SAPI=1 R   FCS=0x42e56dCMD=XID DATA 
<0012> gprs_llc.c:832 tlli je reserved!!!
<0002> gprs_gmm.c:1574 Unknown GSM 04.08 discriminator 0x01
<0002> gprs_gmm.c:352 <- GPRS ATTACH ACCEPT (new P-TMSI=0x475b916b)
<0002> gprs_gmm.c:352 <- GPRS ATTACH ACCEPT (new P-TMSI=0x475b916b)
<0010> gprs_ns.c:523 NSEI=65534 Timer expired in mode tns-test (40 seconds)
<0010> gprs_ns.c:466 NSEI=65534 Tx NS ALIVE (NSVCI=12345)
<0010> gprs_ns.c:505 NSEI=65534 Starting timer in mode tns-alive (10 seconds)
<0010> gprs_ns.c:505 NSEI=65534 Starting timer in mode tns-test (40 seconds)
<0002> gprs_gmm.c:352 <- GPRS ATTACH ACCEPT (new P-TMSI=0x475b916b)
<0002> gprs_gmm.c:352 <- GPRS ATTACH ACCEPT (new P-TMSI=0x475b916b)
<0002> gprs_gmm.c:1104 T3350 expired >= 5 times
<0010> gprs_ns.c:523 NSEI=65534 Timer expired in mode tns-test (40 seconds)
<0010> gprs_ns.c:466 NSEI=65534 Tx NS ALIVE (NSVCI=12345)
<0010> gprs_ns.c:505 NSEI=65534 Starting timer in mode tns-alive (10 seconds)
<0010> gprs_ns.c:505 NSEI=65534 Starting timer in mode tns-test (40 seconds)
<0010> gprs_ns.c:523 NSEI=65534 Timer expired in mode tns-test (40 seconds)
<0010> gprs_ns.c:466 NSEI=65534 Tx NS ALIVE (NSVCI=12345)
<0010> gprs_ns.c:505 NSEI=65534 Starting timer in mode tns-alive (10 seconds)
<0010> gprs_ns.c:505 NSEI=65534 Starting timer in mode tns-test (40 seconds)
<0010> gprs_ns.c:523 NSEI=65534 Timer expired in mode tns-test (40 seconds)
<0010> gprs_ns.c:466 NSEI=65534 Tx NS ALIVE (NSVCI=12345)
<0010> gprs_ns.c:505 NSEI=65534 Starting timer in mode tns-alive (10 seconds)
<0010> gprs_ns.c:505 NSEI=65534 Starting timer in mode tns-test (40 seconds)
diff mbox

Patch

diff --git a/home/michal/Plocha/gprs_sgsn_before_patch.c b/home/michal/Plocha/gp
index 753d85f..f637a82 100644
--- a/home/michal/Plocha/gprs_sgsn_before_patch.c
+++ b/home/michal/Plocha/gprs_sgsn_patch.c
@@ -361,7 +361,7 @@  uint32_t sgsn_alloc_ptmsi(void)
        uint32_t ptmsi;
 
 restart:
-       ptmsi = rand();
+       ptmsi = rand() | 0xc0000000; //because of GPRS IMSI ATTACH
        llist_for_each_entry(mm, &sgsn_mm_ctxts, list) {
                if (mm->p_tmsi == ptmsi)
                        goto restart;