From a05b80792266c3e74b9386c2e02a6a05aa09a845 Mon Sep 17 00:00:00 2001 From: Harald Welte Date: Tue, 23 Apr 2019 22:35:05 +0200 Subject: sgsn: Add TC_llc_null to test if SGSN survives a LLC NULL packet This test case reproduces a bug in OsmoSGSN where it would crash as a result to sending LLC NULL frames. Change-Id: I38326f2ebaaff009d4357edad9511ce2ce7736fd Related: OS#3952 --- sgsn/SGSN_Tests.ttcn | 27 +++++++++++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) (limited to 'sgsn') diff --git a/sgsn/SGSN_Tests.ttcn b/sgsn/SGSN_Tests.ttcn index 74cdece3..78bee58d 100644 --- a/sgsn/SGSN_Tests.ttcn +++ b/sgsn/SGSN_Tests.ttcn @@ -375,12 +375,16 @@ testcase TC_wait_ns_up() runs on test_CT { f_sleep(20.0); } +function f_send_llc(template (value) PDU_LLC llc_pdu, integer gb_index := 0) runs on BSSGP_ConnHdlr { + var octetstring llc_enc := enc_PDU_LLC(valueof(llc_pdu)); + BSSGP[gb_index].send(ts_BSSGP_UL_UD(g_pars.tlli, g_pars.bssgp_cell_id[gb_index], llc_enc)); +} + function f_send_l3_gmm_llc(template PDU_L3_MS_SGSN l3_mo, integer gb_index := 0) runs on BSSGP_ConnHdlr { var octetstring l3_enc := enc_PDU_L3_MS_SGSN(valueof(l3_mo)); var BIT4 sapi := f_llc_sapi_by_l3_mo(valueof(l3_mo)); var integer n_u := f_llc_get_n_u_tx(llc[bit2int(sapi)]); - var octetstring llc_enc := enc_PDU_LLC(valueof(ts_LLC_UI(l3_enc, sapi, '0'B, n_u))); - BSSGP[gb_index].send(ts_BSSGP_UL_UD(g_pars.tlli, g_pars.bssgp_cell_id[gb_index], llc_enc)); + f_send_llc(ts_LLC_UI(l3_enc, sapi, '0'B, n_u)); } altstep as_mm_identity() runs on BSSGP_ConnHdlr { @@ -2153,6 +2157,23 @@ testcase TC_attach_usim_resync() runs on test_CT { vc_conn.done; } + +/* Send LLC NULL to see if the SGSN survives it (OS#3952) */ +private function f_TC_llc_null(charstring id) runs on BSSGP_ConnHdlr { + f_gmm_attach(false, false); + f_sleep(1.0); + f_send_llc(ts_LLC_NULL('0'B, c_LLC_SAPI_LLGMM, LLC_CR_UL_CMD)); + /* try to detach to check if SGSN is still alive */ + f_detach_mo(c_GMM_DTT_MO_GPRS, true, true); +} +testcase TC_llc_null() runs on test_CT { + var BSSGP_ConnHdlr vc_conn; + f_init(); + f_sleep(1.0); + vc_conn := f_start_handler(refers(f_TC_llc_null), testcasename(), g_gb, 41); + vc_conn.done; +} + control { execute( TC_attach() ); execute( TC_attach_mnc3() ); @@ -2197,6 +2218,8 @@ control { execute( TC_attach_pdp_act_deact_mt_t3395_expire() ); execute( TC_attach_pdp_act_user_error_ind_ggsn() ); execute( TC_attach_gmm_attach_req_while_gmm_attach() ); + + execute( TC_llc_null() ); } -- cgit v1.2.3