Message ID | CA+W2XBungi8EX+uOsm52yNB334hHgJCHYjnTBxZRJvpe0jjfyQ@mail.gmail.com |
---|---|
State | Not Applicable |
Headers | show |
So it is the communication between osmoSGSN and sim-bss (Attach procedure). The problem comes in attach accept/complete. OsmoSGSN sends message attach accept with currenr TLLI = 0x78000001 and with new allocated P-TMSI = 0x475b916b. Sim-bss answeres with message attach complete with new tlli made/generated im osmoSGSN from new P-TMSI...and as I said and as 3GPP 24.008 spec. says new TLLI = new allocated P-TMSI = 0x475b916b. And there comes the problem that it is not LOCAL TLLI. So the point of the problem is that new P-TMSI/TLLI is not generated correctly and could be said osmoSGSN rejects what it generated and that is the problem. If it helps, I connects osmo-SGSN_vty output. Regards Michal 2014-05-28 14:38 GMT+02:00 Michal Grznár <mihal.grznar@gmail.com>: > Hi, it wasn´t handly written diffs but here I send diff made by using git > diff. And the problem you can see in packets with number 27-40 (especially > see in number 30 you see there the old tlli and newly generated P-TMSI in > message attach accept and in number 31 there is new TLLI which is the same > as generated P-TMSI in previous message) and that is the problem I needed > to solve, that the new TLLI was not LOCAL. > > regards Michal > > > 2014-05-23 13:16 GMT+02:00 Holger Hans Peter Freyther <holger@freyther.de> > : > > On Fri, May 23, 2014 at 11:44:40AM +0200, Michal Grznár wrote: >> >> Hi, >> >> > And the problem was as I said in Imsi attach procedure new TLLI == new >> > allocated P-tmsi, and there was a problem that the function >> gprs_tmsi2tlli() >> > function there was not called and so I had to mask the upper bits in >> > function where the p-tmsi is allocated, there is also a pcap trace where >> > you can see it. >> >> Could you please elaborate of what/were (e.g. packet numbers) we >> can see "it" and what it should be instead? And please use "git diff" >> or preferable "git commit" and git format-patch. The "diff" you include >> is hand-written and sadly not usable because of this. >> >> And as written by Harald before. The place you patch is not correct. >> The method you patch should generate a unique P-TMSI. It might should >> mask some of the higher bits. But you need to look at the callers of >> this function if the tlli is not updated. >> >> e.g. in src/gprs/gprs_gmm.c you will see something like this: >> >> ctx->p_tmsi = sgsn_alloc_ptmsi(); >> #endif >> >> /* Even if there is no P-TMSI allocated, the MS will switch from >> * foreign TLLI to local TLLI */ >> ctx->tlli_new = gprs_tmsi2tlli(ctx->p_tmsi, TLLI_LOCAL); >> >> /* Inform LLC layer about new TLLI but keep old active */ >> gprs_llgmm_assign(ctx->llme, ctx->tlli, ctx->tlli_new, >> GPRS_ALGO_GEA0, NULL); >> >> So this call to gprs_tmsi2tlli will make sure that 0xc0000000 will >> be set. In fact I see two calls to sgsn_alloc_ptmsi and both of them >> do the above and assign the new tlli to the context. So please could >> you try to explain what you are trying to solve? >> >> holger >> >> > <0010> gprs_ns.c:1226 Rx NS ALIVE <0010> gprs_ns.c:479 NSEI=65534 Tx NS ALIVE_ACK (NSVCI=12345) <0010> gprs_ns.c:505 NSEI=65534 Starting timer in mode tns-test (40 seconds) <0010> gprs_ns.c:1226 Rx NS ALIVE <0010> gprs_ns.c:479 NSEI=65534 Tx NS ALIVE_ACK (NSVCI=12345) <0010> gprs_ns.c:505 NSEI=65534 Starting timer in mode tns-test (40 seconds) <0011> gprs_bssgp.c:249 BSSGP BVCI=0 Rx RESET cause=Processor overload <0011> gprs_bssgp.c:249 BSSGP BVCI=2 Rx RESET cause=Processor overload <0011> gprs_bssgp.c:272 Cell 208-2-11-1 CI 1 on BVCI 2 <0011> gprs_bssgp.c:249 BSSGP BVCI=3 Rx RESET cause=Processor overload <0011> gprs_bssgp.c:272 Cell 208-2-11-2 CI 2 on BVCI 3 <0011> gprs_bssgp.c:249 BSSGP BVCI=4 Rx RESET cause=Processor overload <0011> gprs_bssgp.c:272 Cell 208-2-11-3 CI 3 on BVCI 4 <0011> gprs_bssgp.c:249 BSSGP BVCI=5 Rx RESET cause=Processor overload <0011> gprs_bssgp.c:272 Cell 208-2-11-4 CI 4 on BVCI 5 <0011> gprs_bssgp.c:753 BSSGP BVCI=2 Rx Flow Control BVC <0011> gprs_bssgp.c:790 BSS instructs us to MS default bucket leak rate != 0, restarting DL GPRS! <0011> gprs_bssgp.c:753 BSSGP BVCI=3 Rx Flow Control BVC <0011> gprs_bssgp.c:790 BSS instructs us to MS default bucket leak rate != 0, restarting DL GPRS! <0011> gprs_bssgp.c:753 BSSGP BVCI=4 Rx Flow Control BVC <0011> gprs_bssgp.c:790 BSS instructs us to MS default bucket leak rate != 0, restarting DL GPRS! <0011> gprs_bssgp.c:753 BSSGP BVCI=5 Rx Flow Control BVC <0011> gprs_bssgp.c:790 BSS instructs us to MS default bucket leak rate != 0, restarting DL GPRS! <0010> gprs_ns.c:523 NSEI=65534 Timer expired in mode tns-test (40 seconds) <0010> gprs_ns.c:466 NSEI=65534 Tx NS ALIVE (NSVCI=12345) <0010> gprs_ns.c:505 NSEI=65534 Starting timer in mode tns-alive (10 seconds) <0010> gprs_ns.c:505 NSEI=65534 Starting timer in mode tns-test (40 seconds) <0011> gprs_bssgp.c:376 BSSGP TLLI=0x78000001 Rx UPLINK-UNITDATA <0012> gprs_llc.c:562 LLC SAPI=1 C FCS=0xbbe727CMD=UI DATA <0012> gprs_llc.c:826 tlli je random!!! <0012> gprs_llc.c:256 LLC RX: unknown TLLI 0x78000001, creating LLME on the fly <0002> gprs_gmm.c:640 -> GMM ATTACH REQUEST MI(231010000000000) type="GPRS attach" <0012> gprs_gmm.c:752 gprs_gmm.c: Alokujeme nove p-tmsi!!!! <0012> gprs_sgsn.c:369 sgsn_alloc_ptmsi: Alokovali sme taketo p-tmsi 0x475b916b <0002> gprs_gmm.c:444 <- GPRS IDENTITY REQUEST: mi_type=02 <0011> gprs_bssgp.c:376 BSSGP TLLI=0x78000001 Rx UPLINK-UNITDATA <0012> gprs_llc.c:562 LLC SAPI=1 C FCS=0xae6b48CMD=UI DATA <0012> gprs_llc.c:826 tlli je random!!! <0002> gprs_gmm.c:582 -> GMM IDENTITY RESPONSE: mi_type=0x02 MI(123456789012310) <0002> gprs_gmm.c:352 <- GPRS ATTACH ACCEPT (new P-TMSI=0x475b916b) <0011> gprs_bssgp.c:376 BSSGP TLLI=0x475b916b Rx UPLINK-UNITDATA <0012> gprs_llc.c:562 LLC SAPI=1 C FCS=0xbcd739CMD=UI DATA <0012> gprs_llc.c:832 tlli je reserved!!! <0012> gprs_llc.c:256 LLC RX: unknown TLLI 0x475b916b, creating LLME on the fly <0002> gprs_gmm.c:1030 Cannot handle GMM for unknown MM CTX <0002> gprs_gmm.c:277 <- GPRS MM STATUS (cause: MS identity cannot be derived by the network) <0011> gprs_bssgp.c:376 BSSGP TLLI=0x475b916b Rx UPLINK-UNITDATA <0012> gprs_llc.c:562 LLC SAPI=1 R FCS=0x42e56dCMD=XID DATA <0012> gprs_llc.c:832 tlli je reserved!!! <0002> gprs_gmm.c:1574 Unknown GSM 04.08 discriminator 0x01 <0002> gprs_gmm.c:352 <- GPRS ATTACH ACCEPT (new P-TMSI=0x475b916b) <0002> gprs_gmm.c:352 <- GPRS ATTACH ACCEPT (new P-TMSI=0x475b916b) <0010> gprs_ns.c:523 NSEI=65534 Timer expired in mode tns-test (40 seconds) <0010> gprs_ns.c:466 NSEI=65534 Tx NS ALIVE (NSVCI=12345) <0010> gprs_ns.c:505 NSEI=65534 Starting timer in mode tns-alive (10 seconds) <0010> gprs_ns.c:505 NSEI=65534 Starting timer in mode tns-test (40 seconds) <0002> gprs_gmm.c:352 <- GPRS ATTACH ACCEPT (new P-TMSI=0x475b916b) <0002> gprs_gmm.c:352 <- GPRS ATTACH ACCEPT (new P-TMSI=0x475b916b) <0002> gprs_gmm.c:1104 T3350 expired >= 5 times <0010> gprs_ns.c:523 NSEI=65534 Timer expired in mode tns-test (40 seconds) <0010> gprs_ns.c:466 NSEI=65534 Tx NS ALIVE (NSVCI=12345) <0010> gprs_ns.c:505 NSEI=65534 Starting timer in mode tns-alive (10 seconds) <0010> gprs_ns.c:505 NSEI=65534 Starting timer in mode tns-test (40 seconds) <0010> gprs_ns.c:523 NSEI=65534 Timer expired in mode tns-test (40 seconds) <0010> gprs_ns.c:466 NSEI=65534 Tx NS ALIVE (NSVCI=12345) <0010> gprs_ns.c:505 NSEI=65534 Starting timer in mode tns-alive (10 seconds) <0010> gprs_ns.c:505 NSEI=65534 Starting timer in mode tns-test (40 seconds) <0010> gprs_ns.c:523 NSEI=65534 Timer expired in mode tns-test (40 seconds) <0010> gprs_ns.c:466 NSEI=65534 Tx NS ALIVE (NSVCI=12345) <0010> gprs_ns.c:505 NSEI=65534 Starting timer in mode tns-alive (10 seconds) <0010> gprs_ns.c:505 NSEI=65534 Starting timer in mode tns-test (40 seconds)
diff --git a/home/michal/Plocha/gprs_sgsn_before_patch.c b/home/michal/Plocha/gp index 753d85f..f637a82 100644 --- a/home/michal/Plocha/gprs_sgsn_before_patch.c +++ b/home/michal/Plocha/gprs_sgsn_patch.c @@ -361,7 +361,7 @@ uint32_t sgsn_alloc_ptmsi(void) uint32_t ptmsi; restart: - ptmsi = rand(); + ptmsi = rand() | 0xc0000000; //because of GPRS IMSI ATTACH llist_for_each_entry(mm, &sgsn_mm_ctxts, list) { if (mm->p_tmsi == ptmsi) goto restart;