From b3742cab88d2fe2df293359eea9e0bdadfd82cab Mon Sep 17 00:00:00 2001 From: Neels Hofmeyr Date: Sat, 4 Mar 2017 00:26:25 +0100 Subject: Always assign TMSI on UTRAN Change-Id: I016d6530cd1d96bb852f5881f6b192c2464c296d --- openbsc/include/openbsc/vlr.h | 3 +- openbsc/src/libmsc/gsm_04_08.c | 3 +- openbsc/src/libvlr/vlr_lu_fsm.c | 23 ++++-- openbsc/tests/msc_vlr/msc_vlr_test_umts_authen.c | 47 +++++++++++- openbsc/tests/msc_vlr/msc_vlr_test_umts_authen.err | 88 +++++++++++++++++----- openbsc/tests/vlr/vlr_test.c | 3 +- 6 files changed, 139 insertions(+), 28 deletions(-) diff --git a/openbsc/include/openbsc/vlr.h b/openbsc/include/openbsc/vlr.h index 694dede4a..4a76fe117 100644 --- a/openbsc/include/openbsc/vlr.h +++ b/openbsc/include/openbsc/vlr.h @@ -247,7 +247,8 @@ vlr_loc_update(struct osmo_fsm_inst *parent, const struct osmo_location_area_id *new_lai, bool authentication_required, enum vlr_ciph ciphering_required, - bool is_r99, bool is_utran); + bool is_r99, bool is_utran, + bool assign_tmsi); void vlr_loc_update_conn_timeout(struct osmo_fsm_inst *fi); diff --git a/openbsc/src/libmsc/gsm_04_08.c b/openbsc/src/libmsc/gsm_04_08.c index 02021bc67..4eac31232 100644 --- a/openbsc/src/libmsc/gsm_04_08.c +++ b/openbsc/src/libmsc/gsm_04_08.c @@ -418,7 +418,8 @@ int mm_rx_loc_upd_req(struct gsm_subscriber_connection *conn, struct msgb *msg) is_utran || conn->network->authentication_required, conn->network->a5_encryption, classmark_is_r99(&conn->classmark), - is_utran); + is_utran, + is_utran || net->vlr->cfg.assign_tmsi); if (!lu_fsm) { DEBUGP(DRR, "%s: Can't start LU FSM\n", mi_string); return 0; diff --git a/openbsc/src/libvlr/vlr_lu_fsm.c b/openbsc/src/libvlr/vlr_lu_fsm.c index 973887b40..128dae4ec 100644 --- a/openbsc/src/libvlr/vlr_lu_fsm.c +++ b/openbsc/src/libvlr/vlr_lu_fsm.c @@ -308,6 +308,7 @@ struct lu_compl_vlr_priv { void *parent_event_data; enum vlr_fsm_result result; uint8_t cause; + bool assign_tmsi; }; static void _vlr_lu_compl_fsm_done(struct osmo_fsm_inst *fi, @@ -426,7 +427,7 @@ static void lu_compl_vlr_wait_subscr_pres(struct osmo_fsm_inst *fi, if (vlr->cfg.check_imei_rqd) { /* Check IMEI VLR */ osmo_fsm_inst_state_chg(fi, - vlr->cfg.assign_tmsi ? + lcvp->assign_tmsi ? LU_COMPL_VLR_S_WAIT_IMEI_TMSI : LU_COMPL_VLR_S_WAIT_IMEI, vlr_timer(vlr, 3270), 3270); @@ -435,7 +436,7 @@ static void lu_compl_vlr_wait_subscr_pres(struct osmo_fsm_inst *fi, } /* Do we need to allocate a TMSI? */ - if (vlr->cfg.assign_tmsi) { + if (lcvp->assign_tmsi) { lu_compl_vlr_new_tmsi(fi); return; } @@ -471,7 +472,7 @@ static void lu_compl_vlr_wait_imei(struct osmo_fsm_inst *fi, uint32_t event, } /* IMEI is available. Allocate TMSI if needed. */ - if (vlr->cfg.assign_tmsi) { + if (lcvp->assign_tmsi) { if (fi->state != LU_COMPL_VLR_S_WAIT_IMEI_TMSI) LOGPFSML(fi, LOGL_ERROR, "TMSI required, expected to be in state" @@ -574,7 +575,8 @@ lu_compl_vlr_proc_alloc(struct osmo_fsm_inst *parent, struct vlr_subscr *vsub, void *msc_conn_ref, uint32_t parent_event_success, - uint32_t parent_event_failure) + uint32_t parent_event_failure, + bool assign_tmsi) { struct osmo_fsm_inst *fi; struct lu_compl_vlr_priv *lcvp; @@ -589,6 +591,7 @@ lu_compl_vlr_proc_alloc(struct osmo_fsm_inst *parent, lcvp->msc_conn_ref = msc_conn_ref; lcvp->parent_event_success = parent_event_success; lcvp->parent_event_failure = parent_event_failure; + lcvp->assign_tmsi = assign_tmsi; fi->priv = lcvp; return fi; @@ -638,6 +641,7 @@ struct lu_fsm_priv { enum vlr_ciph ciphering_required; bool is_r99; bool is_utran; + bool assign_tmsi; }; @@ -715,7 +719,8 @@ static void vlr_loc_upd_start_lu_compl_fsm(struct osmo_fsm_inst *fi) lfp->lu_compl_vlr_fsm = lu_compl_vlr_proc_alloc(fi, lfp->vsub, lfp->msc_conn_ref, VLR_ULA_E_LU_COMPL_SUCCESS, - VLR_ULA_E_LU_COMPL_FAILURE); + VLR_ULA_E_LU_COMPL_FAILURE, + lfp->assign_tmsi); osmo_fsm_inst_dispatch(lfp->lu_compl_vlr_fsm, LU_COMPL_VLR_E_START, NULL); } @@ -1360,7 +1365,8 @@ vlr_loc_update(struct osmo_fsm_inst *parent, const struct osmo_location_area_id *new_lai, bool authentication_required, enum vlr_ciph ciphering_required, - bool is_r99, bool is_utran) + bool is_r99, bool is_utran, + bool assign_tmsi) { struct osmo_fsm_inst *fi; struct lu_fsm_priv *lfp; @@ -1384,6 +1390,7 @@ vlr_loc_update(struct osmo_fsm_inst *parent, lfp->ciphering_required = ciphering_required; lfp->is_r99 = is_r99; lfp->is_utran = is_utran; + lfp->assign_tmsi = assign_tmsi; if (imsi) { strncpy(lfp->imsi, imsi, sizeof(lfp->imsi)-1); lfp->imsi[sizeof(lfp->imsi)-1] = '\0'; @@ -1404,6 +1411,10 @@ vlr_loc_update(struct osmo_fsm_inst *parent, LOGPFSML(fi, LOGL_ERROR, "Authentication off on UTRAN network. Good luck.\n"); + if (is_utran && !assign_tmsi) + LOGPFSML(fi, LOGL_ERROR, + "Assigning TMSI is off on UTRAN network. Good luck.\n"); + osmo_fsm_inst_dispatch(fi, VLR_ULA_E_UPDATE_LA, NULL); return fi; diff --git a/openbsc/tests/msc_vlr/msc_vlr_test_umts_authen.c b/openbsc/tests/msc_vlr/msc_vlr_test_umts_authen.c index 701d8c178..6b49dcba3 100644 --- a/openbsc/tests/msc_vlr/msc_vlr_test_umts_authen.c +++ b/openbsc/tests/msc_vlr/msc_vlr_test_umts_authen.c @@ -112,8 +112,28 @@ void _test_umts_authen(enum ran_type via_ran) btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT"); gsup_rx("06010809710000000156f0", NULL); - btw("LU was successful, and the conn has already been closed"); VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d"); + + /* On UTRAN we always assign a TMSI */ + if (via_ran == RAN_UTRAN_IU) { + btw("a LU Accept with a new TMSI was sent, waiting for TMSI Realloc Compl"); + EXPECT_CONN_COUNT(1); + EXPECT_ACCEPTED(false); + thwart_rx_non_initial_requests(); + + btw("even though the TMSI is not acked, we can already find the subscr with it"); + vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100); + VERBOSE_ASSERT(vsub != NULL, == true, "%d"); + VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d"); + VERBOSE_ASSERT(vsub->tmsi_new, == 0x03020100, "0x%08x"); + VERBOSE_ASSERT(vsub->tmsi, == GSM_RESERVED_TMSI, "0x%08x"); + vlr_subscr_put(vsub); + + btw("MS sends TMSI Realloc Complete"); + ms_sends_msg("055b"); + } + + btw("LU was successful, and the conn has already been closed"); EXPECT_CONN_COUNT(0); BTW("after a while, a new conn sends a CM Service Request. VLR responds with Auth Req, 2nd auth vector"); @@ -264,6 +284,9 @@ extern int milenage_f1(const u8 *opc, const u8 *k, const u8 *_rand, void _test_umts_authen_resync(enum ran_type via_ran) { + struct vlr_subscr *vsub; + const char *imsi = "901700000010650"; + net->authentication_required = true; rx_from_ran = via_ran; @@ -416,8 +439,28 @@ void _test_umts_authen_resync(enum ran_type via_ran) btw("HLR also sends GSUP _UPDATE_LOCATION_RESULT"); gsup_rx("06010809710000000156f0", NULL); - btw("LU was successful, and the conn has already been closed"); VERBOSE_ASSERT(lu_result_sent, == RES_ACCEPT, "%d"); + + /* On UTRAN we always assign a TMSI */ + if (via_ran == RAN_UTRAN_IU) { + btw("a LU Accept with a new TMSI was sent, waiting for TMSI Realloc Compl"); + EXPECT_CONN_COUNT(1); + EXPECT_ACCEPTED(false); + thwart_rx_non_initial_requests(); + + btw("even though the TMSI is not acked, we can already find the subscr with it"); + vsub = vlr_subscr_find_by_tmsi(net->vlr, 0x03020100); + VERBOSE_ASSERT(vsub != NULL, == true, "%d"); + VERBOSE_ASSERT(strcmp(vsub->imsi, imsi), == 0, "%d"); + VERBOSE_ASSERT(vsub->tmsi_new, == 0x03020100, "0x%08x"); + VERBOSE_ASSERT(vsub->tmsi, == GSM_RESERVED_TMSI, "0x%08x"); + vlr_subscr_put(vsub); + + btw("MS sends TMSI Realloc Complete"); + ms_sends_msg("055b"); + } + + btw("LU was successful, and the conn has already been closed"); EXPECT_CONN_COUNT(0); clear_vlr(); diff --git a/openbsc/tests/msc_vlr/msc_vlr_test_umts_authen.err b/openbsc/tests/msc_vlr/msc_vlr_test_umts_authen.err index 36a845fc7..b20540277 100644 --- a/openbsc/tests/msc_vlr/msc_vlr_test_umts_authen.err +++ b/openbsc/tests/msc_vlr/msc_vlr_test_umts_authen.err @@ -129,8 +129,8 @@ DVLR Subscr_Conn(901700000010650){SUBSCR_CONN_S_RELEASED}: Freeing instance DVLR Subscr_Conn(901700000010650){SUBSCR_CONN_S_RELEASED}: Deallocated DREF VLR subscr MSISDN:42342 usage decreases to: 1 <-- GSUP rx OSMO_GSUP_MSGT_UPDATE_LOCATION_RESULT: vlr_gsupc_read_cb() returns 0 -- LU was successful, and the conn has already been closed lu_result_sent == 1 +- LU was successful, and the conn has already been closed llist_count(&net->subscr_conns) == 0 --- - after a while, a new conn sends a CM Service Request. VLR responds with Auth Req, 2nd auth vector @@ -489,9 +489,39 @@ DVLR sub_pres_vlr_fsm(901700000010650){SUB_PRES_VLR_S_DONE}: Removing from paren DVLR sub_pres_vlr_fsm(901700000010650){SUB_PRES_VLR_S_DONE}: Freeing instance DVLR sub_pres_vlr_fsm(901700000010650){SUB_PRES_VLR_S_DONE}: Deallocated DVLR lu_compl_vlr_fsm(901700000010650){LU_COMPL_VLR_S_WAIT_SUB_PRES}: Received Event LU_COMPL_VLR_E_SUB_PRES_COMPL -- sending LU Accept for MSISDN:42342 -DREF VLR subscr MSISDN:42342 usage increases to: 3 -DVLR lu_compl_vlr_fsm(901700000010650){LU_COMPL_VLR_S_WAIT_SUB_PRES}: state_chg to LU_COMPL_VLR_S_DONE +DVLR lu_compl_vlr_fsm(901700000010650){LU_COMPL_VLR_S_WAIT_SUB_PRES}: lu_compl_vlr_new_tmsi() +DVLR lu_compl_vlr_fsm(901700000010650){LU_COMPL_VLR_S_WAIT_SUB_PRES}: state_chg to LU_COMPL_VLR_S_WAIT_TMSI_CNF +- sending LU Accept for MSISDN:42342, with TMSI 0x03020100 +DREF VLR subscr MSISDN:42342 usage decreases to: 1 +<-- GSUP rx OSMO_GSUP_MSGT_UPDATE_LOCATION_RESULT: vlr_gsupc_read_cb() returns 0 + lu_result_sent == 1 +- a LU Accept with a new TMSI was sent, waiting for TMSI Realloc Compl + llist_count(&net->subscr_conns) == 1 +msc_subscr_conn_is_accepted() == false + requests shall be thwarted +DRLL Dispatching 04.08 message, pdisc=3 +DRLL subscr MSISDN:42342: Message not permitted for initial conn: pdisc=0x03 msg_type=0x05 +DRLL Dispatching 04.08 message, pdisc=5 +DRLL subscr MSISDN:42342: Message not permitted for initial conn: pdisc=0x05 msg_type=0x33 +DRLL Dispatching 04.08 message, pdisc=6 +DRLL subscr MSISDN:42342: Message not permitted for initial conn: pdisc=0x06 msg_type=0x19 +DRLL Dispatching 04.08 message, pdisc=9 +DRLL subscr MSISDN:42342: Message not permitted for initial conn: pdisc=0x09 msg_type=0x01 +- even though the TMSI is not acked, we can already find the subscr with it +DREF VLR subscr MSISDN:42342 usage increases to: 2 + vsub != NULL == 1 + strcmp(vsub->imsi, imsi) == 0 + vsub->tmsi_new == 0x03020100 + vsub->tmsi == 0xffffffff +DREF VLR subscr MSISDN:42342 usage decreases to: 1 +- MS sends TMSI Realloc Complete + rx from MS: pdisc=0x05 msg_type=0x5b +DRLL Dispatching 04.08 message, pdisc=5 +DMM TMSI Reallocation Completed. Subscriber: MSISDN:42342 +DVLR vlr_lu_fsm(901700000010650){VLR_ULA_S_WAIT_LU_COMPL}: Received Event VLR_ULA_E_NEW_TMSI_ACK +DVLR lu_compl_vlr_fsm(901700000010650){LU_COMPL_VLR_S_WAIT_TMSI_CNF}: Received Event LU_COMPL_VLR_E_NEW_TMSI_ACK +DREF VLR subscr MSISDN:42342 usage increases to: 2 +DVLR lu_compl_vlr_fsm(901700000010650){LU_COMPL_VLR_S_WAIT_TMSI_CNF}: state_chg to LU_COMPL_VLR_S_DONE DVLR vlr_lu_fsm(901700000010650){VLR_ULA_S_WAIT_LU_COMPL}: Received Event VLR_ULA_E_LU_COMPL_SUCCESS DVLR lu_compl_vlr_fsm(901700000010650){LU_COMPL_VLR_S_DONE}: Terminating (cause = OSMO_FSM_TERM_PARENT) DVLR lu_compl_vlr_fsm(901700000010650){LU_COMPL_VLR_S_DONE}: Removing from parent vlr_lu_fsm(901700000010650) @@ -510,13 +540,10 @@ DVLR vlr_lu_fsm(901700000010650){VLR_ULA_S_DONE}: fsm_lu_cleanup called with cau DVLR vlr_lu_fsm(901700000010650){VLR_ULA_S_DONE}: Freeing instance DVLR vlr_lu_fsm(901700000010650){VLR_ULA_S_DONE}: Deallocated DRLL subscr MSISDN:42342: Freeing subscriber connection -DREF VLR subscr MSISDN:42342 usage decreases to: 2 +DREF VLR subscr MSISDN:42342 usage decreases to: 1 DVLR Subscr_Conn(901700000010650){SUBSCR_CONN_S_RELEASED}: Freeing instance DVLR Subscr_Conn(901700000010650){SUBSCR_CONN_S_RELEASED}: Deallocated -DREF VLR subscr MSISDN:42342 usage decreases to: 1 -<-- GSUP rx OSMO_GSUP_MSGT_UPDATE_LOCATION_RESULT: vlr_gsupc_read_cb() returns 0 - LU was successful, and the conn has already been closed - lu_result_sent == 1 llist_count(&net->subscr_conns) == 0 --- - after a while, a new conn sends a CM Service Request. VLR responds with Auth Req, 2nd auth vector @@ -623,7 +650,7 @@ DREF VLR subscr MSISDN:42342 usage increases to: 2 llist_count(&vsub->cs.requests) == 0 DREF VLR subscr MSISDN:42342 usage increases to: 3 DMM Subscriber MSISDN:42342 not paged yet, start paging. - RAN_UTRAN_IU sends out paging request to IMSI 901700000010650, TMSI 0xffffffff, LAC 0 + RAN_UTRAN_IU sends out paging request to IMSI 901700000010650, TMSI 0x03020100, LAC 0 strcmp(paging_expecting_imsi, imsi) == 0 DREF VLR subscr MSISDN:42342 usage increases to: 4 llist_count(&vsub->cs.requests) == 1 @@ -929,8 +956,8 @@ DVLR Subscr_Conn(901700000010650){SUBSCR_CONN_S_RELEASED}: Freeing instance DVLR Subscr_Conn(901700000010650){SUBSCR_CONN_S_RELEASED}: Deallocated DREF VLR subscr MSISDN:42342 usage decreases to: 1 <-- GSUP rx OSMO_GSUP_MSGT_UPDATE_LOCATION_RESULT: vlr_gsupc_read_cb() returns 0 -- LU was successful, and the conn has already been closed lu_result_sent == 1 +- LU was successful, and the conn has already been closed llist_count(&net->subscr_conns) == 0 DREF freeing VLR subscr MSISDN:42342 ===== test_umts_authen_resync_geran: SUCCESS @@ -1071,9 +1098,39 @@ DVLR sub_pres_vlr_fsm(901700000010650){SUB_PRES_VLR_S_DONE}: Removing from paren DVLR sub_pres_vlr_fsm(901700000010650){SUB_PRES_VLR_S_DONE}: Freeing instance DVLR sub_pres_vlr_fsm(901700000010650){SUB_PRES_VLR_S_DONE}: Deallocated DVLR lu_compl_vlr_fsm(901700000010650){LU_COMPL_VLR_S_WAIT_SUB_PRES}: Received Event LU_COMPL_VLR_E_SUB_PRES_COMPL -- sending LU Accept for MSISDN:42342 -DREF VLR subscr MSISDN:42342 usage increases to: 3 -DVLR lu_compl_vlr_fsm(901700000010650){LU_COMPL_VLR_S_WAIT_SUB_PRES}: state_chg to LU_COMPL_VLR_S_DONE +DVLR lu_compl_vlr_fsm(901700000010650){LU_COMPL_VLR_S_WAIT_SUB_PRES}: lu_compl_vlr_new_tmsi() +DVLR lu_compl_vlr_fsm(901700000010650){LU_COMPL_VLR_S_WAIT_SUB_PRES}: state_chg to LU_COMPL_VLR_S_WAIT_TMSI_CNF +- sending LU Accept for MSISDN:42342, with TMSI 0x03020100 +DREF VLR subscr MSISDN:42342 usage decreases to: 1 +<-- GSUP rx OSMO_GSUP_MSGT_UPDATE_LOCATION_RESULT: vlr_gsupc_read_cb() returns 0 + lu_result_sent == 1 +- a LU Accept with a new TMSI was sent, waiting for TMSI Realloc Compl + llist_count(&net->subscr_conns) == 1 +msc_subscr_conn_is_accepted() == false + requests shall be thwarted +DRLL Dispatching 04.08 message, pdisc=3 +DRLL subscr MSISDN:42342: Message not permitted for initial conn: pdisc=0x03 msg_type=0x05 +DRLL Dispatching 04.08 message, pdisc=5 +DRLL subscr MSISDN:42342: Message not permitted for initial conn: pdisc=0x05 msg_type=0x33 +DRLL Dispatching 04.08 message, pdisc=6 +DRLL subscr MSISDN:42342: Message not permitted for initial conn: pdisc=0x06 msg_type=0x19 +DRLL Dispatching 04.08 message, pdisc=9 +DRLL subscr MSISDN:42342: Message not permitted for initial conn: pdisc=0x09 msg_type=0x01 +- even though the TMSI is not acked, we can already find the subscr with it +DREF VLR subscr MSISDN:42342 usage increases to: 2 + vsub != NULL == 1 + strcmp(vsub->imsi, imsi) == 0 + vsub->tmsi_new == 0x03020100 + vsub->tmsi == 0xffffffff +DREF VLR subscr MSISDN:42342 usage decreases to: 1 +- MS sends TMSI Realloc Complete + rx from MS: pdisc=0x05 msg_type=0x5b +DRLL Dispatching 04.08 message, pdisc=5 +DMM TMSI Reallocation Completed. Subscriber: MSISDN:42342 +DVLR vlr_lu_fsm(901700000010650){VLR_ULA_S_WAIT_LU_COMPL}: Received Event VLR_ULA_E_NEW_TMSI_ACK +DVLR lu_compl_vlr_fsm(901700000010650){LU_COMPL_VLR_S_WAIT_TMSI_CNF}: Received Event LU_COMPL_VLR_E_NEW_TMSI_ACK +DREF VLR subscr MSISDN:42342 usage increases to: 2 +DVLR lu_compl_vlr_fsm(901700000010650){LU_COMPL_VLR_S_WAIT_TMSI_CNF}: state_chg to LU_COMPL_VLR_S_DONE DVLR vlr_lu_fsm(901700000010650){VLR_ULA_S_WAIT_LU_COMPL}: Received Event VLR_ULA_E_LU_COMPL_SUCCESS DVLR lu_compl_vlr_fsm(901700000010650){LU_COMPL_VLR_S_DONE}: Terminating (cause = OSMO_FSM_TERM_PARENT) DVLR lu_compl_vlr_fsm(901700000010650){LU_COMPL_VLR_S_DONE}: Removing from parent vlr_lu_fsm(901700000010650) @@ -1092,13 +1149,10 @@ DVLR vlr_lu_fsm(901700000010650){VLR_ULA_S_DONE}: fsm_lu_cleanup called with cau DVLR vlr_lu_fsm(901700000010650){VLR_ULA_S_DONE}: Freeing instance DVLR vlr_lu_fsm(901700000010650){VLR_ULA_S_DONE}: Deallocated DRLL subscr MSISDN:42342: Freeing subscriber connection -DREF VLR subscr MSISDN:42342 usage decreases to: 2 +DREF VLR subscr MSISDN:42342 usage decreases to: 1 DVLR Subscr_Conn(901700000010650){SUBSCR_CONN_S_RELEASED}: Freeing instance DVLR Subscr_Conn(901700000010650){SUBSCR_CONN_S_RELEASED}: Deallocated -DREF VLR subscr MSISDN:42342 usage decreases to: 1 -<-- GSUP rx OSMO_GSUP_MSGT_UPDATE_LOCATION_RESULT: vlr_gsupc_read_cb() returns 0 - LU was successful, and the conn has already been closed - lu_result_sent == 1 llist_count(&net->subscr_conns) == 0 DREF freeing VLR subscr MSISDN:42342 ===== test_umts_authen_resync_utran: SUCCESS diff --git a/openbsc/tests/vlr/vlr_test.c b/openbsc/tests/vlr/vlr_test.c index 5433e3e41..9a7aab65a 100644 --- a/openbsc/tests/vlr/vlr_test.c +++ b/openbsc/tests/vlr/vlr_test.c @@ -169,7 +169,8 @@ static void fsm_f_null(struct osmo_fsm_inst *fi, uint32_t event, void *data) true, true, false, - false); + false, + true); OSMO_ASSERT(priv->subscr); osmo_fsm_inst_state_chg(fi, ST_LU_SENT, 0, 0); break; -- cgit v1.2.3