From 2b697a667131740a113b82b22db2616733318033 Mon Sep 17 00:00:00 2001 From: Harald Welte Date: Sun, 16 Oct 2011 18:50:56 +0200 Subject: GPRS GMM: Send LLGMM-RESET.req when talking to unknown MS In case a MS (of which we have no MM context) sends us anything but a GMM ATTACH REQUEST, we need to send it a LLC XID RESET (by means of issuing LLGMM-RESET.req). Otherwise the phone will expect us to send a specific unacknowledged sequence number that we don't know. Thanks to Holger for pointing this bug out to me. It seems to commonly occur when a MS is doing network re-selection and (erroneously) sends a RA UPD REQ instead of an ATTACH REQ. The RA UPD REJ that we sent was never seen by the GMM entity in the MS, as the LLC entity discarded it due to sequence number mis-match. --- openbsc/src/gprs/gprs_gmm.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/openbsc/src/gprs/gprs_gmm.c b/openbsc/src/gprs/gprs_gmm.c index 3c450d15a..73f62d387 100644 --- a/openbsc/src/gprs/gprs_gmm.c +++ b/openbsc/src/gprs/gprs_gmm.c @@ -945,6 +945,10 @@ static int gsm48_rx_gmm_ra_upd_req(struct sgsn_mm_ctx *mmctx, struct msgb *msg, /* Look-up the MM context based on old RA-ID and TLLI */ mmctx = sgsn_mm_ctx_by_tlli(msgb_tlli(msg), &old_ra_id); if (!mmctx || mmctx->mm_state == GMM_DEREGISTERED) { + /* send a XID reset to re-set all LLC sequence numbers + * in the MS */ + DEBUGPC(DMM, " LLC XID RESET "); + gprs_llgmm_reset(llme); /* The MS has to perform GPRS attach */ DEBUGPC(DMM, " REJECT\n"); /* Device is still IMSI atached for CS but initiate GPRS ATTACH */ @@ -1015,6 +1019,7 @@ static int gsm0408_rcv_gmm(struct sgsn_mm_ctx *mmctx, struct msgb *msg, gh->msg_type != GSM48_MT_GMM_ATTACH_REQ && gh->msg_type != GSM48_MT_GMM_RA_UPD_REQ) { LOGP(DMM, LOGL_NOTICE, "Cannot handle GMM for unknown MM CTX\n"); + gprs_llgmm_reset(llme); return gsm48_tx_gmm_status_oldmsg(msg, GMM_CAUSE_MS_ID_NOT_DERIVED); } -- cgit v1.2.3