4 files changed, 26 insertions, 28 deletions

diff --git a/include/openbsc/gprs_sgsn.h b/include/openbsc/gprs_sgsn.h
index b470c536c..e641e9918 100644
--- a/include/openbsc/gprs_sgsn.h
+++ b/include/openbsc/gprs_sgsn.h
@@ -50,7 +50,8 @@ enum gprs_t3350_mode {
 	GMM_T3350_MODE_PTMSI_REALL,
 };
 
-#define MS_RADIO_ACCESS_CAPA
+#define MS_RADIO_ACCESS_CAPA_MAX_LENGTH 255
+#define MS_NETWORK_CAPA_MAX_LENGTH 32
 
 /* According to TS 03.60, Table 5: SGSN MM and PDP Contexts */
 /* Extended by 3GPP TS 23.060, Table 6: SGSN MM and PDP Contexts */
@@ -78,11 +79,11 @@ struct sgsn_mm_ctx {
 	/* CKSN */
 	enum gprs_ciph_algo	ciph_algo;
 	struct {
-		uint8_t	buf[14];	/* 10.5.5.12a */
+		uint8_t	buf[MS_RADIO_ACCESS_CAPA_MAX_LENGTH];	/* 10.5.5.12a */
 		uint8_t	len;
 	} ms_radio_access_capa;
 	struct {
-		uint8_t	buf[4];		/* 10.5.5.12 */
+		uint8_t	buf[MS_NETWORK_CAPA_MAX_LENGTH];	/* 10.5.5.12 */
 		uint8_t	len;
 	} ms_network_capa;
 	uint16_t		drx_parms;
diff --git a/src/gprs/gprs_gmm.c b/src/gprs/gprs_gmm.c
index 0730388eb..467c7a0bd 100644
--- a/src/gprs/gprs_gmm.c
+++ b/src/gprs/gprs_gmm.c
@@ -644,7 +644,7 @@ static int gsm48_rx_gmm_att_req(struct sgsn_mm_ctx *ctx, struct msgb *msg,
 	/* MS network capability 10.5.5.12 */
 	msnc_len = *cur++;
 	msnc = cur;
-	if (msnc_len > 8)
+	if (msnc_len > MS_NETWORK_CAPA_MAX_LENGTH)
 		goto err_inval;
 	cur += msnc_len;
 
@@ -675,7 +675,7 @@ static int gsm48_rx_gmm_att_req(struct sgsn_mm_ctx *ctx, struct msgb *msg,
 	/* MS Radio Access Capability 10.5.5.12a */
 	ms_ra_acc_cap_len = *cur++;
 	ms_ra_acc_cap = cur;
-	if (ms_ra_acc_cap_len > 51)
+	if (ms_ra_acc_cap_len > MS_RADIO_ACCESS_CAPA_MAX_LENGTH)
 		goto err_inval;
 
 	/* Optional: Old P-TMSI Signature, Requested READY timer, TMSI Status */
@@ -740,10 +740,6 @@ static int gsm48_rx_gmm_att_req(struct sgsn_mm_ctx *ctx, struct msgb *msg,
 	 * foreign TLLI to local TLLI */
 	ctx->tlli_new = gprs_tmsi2tlli(ctx->p_tmsi, TLLI_LOCAL);
 
-	/* Inform LLC layer about new TLLI but keep old active */
-	gprs_llgmm_assign(ctx->llme, ctx->tlli, ctx->tlli_new,
-			  GPRS_ALGO_GEA0, NULL);
-
 	DEBUGPC(DMM, "\n");
 	return ctx ? gsm48_gmm_authorize(ctx, GMM_T3350_MODE_ATT) : 0;
 
@@ -953,10 +949,6 @@ static int gsm48_rx_gmm_ra_upd_req(struct sgsn_mm_ctx *mmctx, struct msgb *msg,
 	 * foreign TLLI to local TLLI */
 	mmctx->tlli_new = gprs_tmsi2tlli(mmctx->p_tmsi, TLLI_LOCAL);
 
-	/* Inform LLC layer about new TLLI but keep old active */
-	gprs_llgmm_assign(mmctx->llme, mmctx->tlli, mmctx->tlli_new,
-			  GPRS_ALGO_GEA0, NULL);
-
 	/* Look at PDP Context Status IE and see if MS's view of
 	 * activated/deactivated NSAPIs agrees with our view */
 	if (TLVP_PRESENT(&tp, GSM48_IE_GMM_PDP_CTX_STATUS)) {
@@ -1016,28 +1008,29 @@ static int gsm0408_rcv_gmm(struct sgsn_mm_ctx *mmctx, struct msgb *msg,
 		DEBUGP(DMM, "-> ATTACH COMPLETE\n");
 		mmctx_timer_stop(mmctx, 3350);
 		mmctx->p_tmsi_old = 0;
-		/* Unassign the old TLLI */
+		/* Inform LLC layer about new TLLI but keep old active */
+		gprs_llgmm_assign(mmctx->llme, mmctx->tlli, mmctx->tlli_new,
+				GPRS_ALGO_GEA0, NULL);
 		mmctx->tlli = mmctx->tlli_new;
-		gprs_llgmm_assign(mmctx->llme, 0xffffffff, mmctx->tlli_new,
-				  GPRS_ALGO_GEA0, NULL);
 		break;
 	case GSM48_MT_GMM_RA_UPD_COMPL:
 		/* only in case SGSN offered new P-TMSI */
 		DEBUGP(DMM, "-> ROUTEING AREA UPDATE COMPLETE\n");
 		mmctx_timer_stop(mmctx, 3350);
 		mmctx->p_tmsi_old = 0;
-		/* Unassign the old TLLI */
+		/* Inform LLC layer about new TLLI but keep old active */
+		gprs_llgmm_assign(mmctx->llme, mmctx->tlli, mmctx->tlli_new,
+				GPRS_ALGO_GEA0, NULL);
 		mmctx->tlli = mmctx->tlli_new;
-		gprs_llgmm_assign(mmctx->llme, 0xffffffff, mmctx->tlli_new,
-				  GPRS_ALGO_GEA0, NULL);
 		break;
 	case GSM48_MT_GMM_PTMSI_REALL_COMPL:
 		DEBUGP(DMM, "-> PTMSI REALLLICATION COMPLETE\n");
 		mmctx_timer_stop(mmctx, 3350);
 		mmctx->p_tmsi_old = 0;
-		/* Unassign the old TLLI */
+		/* Inform LLC layer about new TLLI but keep old active */
+		gprs_llgmm_assign(mmctx->llme, mmctx->tlli, mmctx->tlli_new,
+				GPRS_ALGO_GEA0, NULL);
 		mmctx->tlli = mmctx->tlli_new;
-		//gprs_llgmm_assign(mmctx->llme, 0xffffffff, mmctx->tlli_new, GPRS_ALGO_GEA0, NULL);
 		break;
 	case GSM48_MT_GMM_AUTH_CIPH_RESP:
 		rc = gsm48_rx_gmm_auth_ciph_resp(mmctx, msg);
@@ -1513,7 +1506,12 @@ int gsm0408_gprs_rcvmsg(struct msgb *msg, struct gprs_llc_llme *llme)
 	int rc = -EINVAL;
 
 	bssgp_parse_cell_id(&ra_id, msgb_bcid(msg));
-	mmctx = sgsn_mm_ctx_by_tlli(msgb_tlli(msg), &ra_id);
+	mmctx = sgsn_mm_ctx_by_tlli(llme->tlli, &ra_id);
+	
+	if (!mmctx && (llme->old_tlli != 0xffffffff)) {
+		mmctx = sgsn_mm_ctx_by_tlli(llme->old_tlli, &ra_id);
+	}
+
 	if (mmctx) {
 		msgid2mmctx(mmctx, msg);
 		rate_ctr_inc(&mmctx->ctrg->ctr[GMM_CTR_PKTS_SIG_IN]);
diff --git a/src/gprs/gprs_llc.c b/src/gprs/gprs_llc.c
index 7991f4c1e..37bd8804f 100644
--- a/src/gprs/gprs_llc.c
+++ b/src/gprs/gprs_llc.c
@@ -340,7 +340,7 @@ int gprs_llc_tx_ui(struct msgb *msg, uint8_t sapi, int command,
 		struct gprs_llc_llme *llme;
 		LOGP(DLLC, LOGL_ERROR, "LLC TX: unknown TLLI 0x%08x, "
 			"creating LLME on the fly\n", msgb_tlli(msg));
-		llme = llme_alloc(msgb_tlli(msg));
+		llme = llme_alloc(tlli_foreign2local(msgb_tlli(msg)));
 		lle = &llme->lle[sapi];
 	}
 
@@ -808,12 +808,12 @@ int gprs_llgmm_assign(struct gprs_llc_llme *llme,
 		 * received from peer. */
 		if (llme->old_tlli != 0xffffffff) {
 			llme->old_tlli = 0xffffffff;
-			llme->tlli = new_tlli;
+			llme->tlli = tlli_foreign2local(new_tlli);
 		} else {
 			/* If TLLI old == 0xffffffff was assigned to LLME, then this is
 			 * TLLI assignmemt according to 8.3.1 */
 			llme->old_tlli = 0xffffffff;
-			llme->tlli = new_tlli;
+			llme->tlli = tlli_foreign2local(new_tlli);
 			llme->state = GPRS_LLMS_ASSIGNED;
 			/* 8.5.3.1 For all LLE's */
 			for (i = 0; i < ARRAY_SIZE(llme->lle); i++) {
@@ -828,8 +828,8 @@ int gprs_llgmm_assign(struct gprs_llc_llme *llme,
 		/* TLLI Change 8.3.2 */
 		/* Both TLLI Old and TLLI New are assigned; use New when
 		 * (re)transmitting.  Accept toth Old and New on Rx */
-		llme->old_tlli = llme->tlli;
-		llme->tlli = new_tlli;
+		llme->old_tlli = tlli_foreign2local(llme->tlli);
+		llme->tlli = tlli_foreign2local(new_tlli);
 		llme->state = GPRS_LLMS_ASSIGNED;
 	} else if (old_tlli != 0xffffffff && new_tlli == 0xffffffff) {
 		/* TLLI Unassignment 8.3.3) */
diff --git a/src/gprs/gprs_sgsn.c b/src/gprs/gprs_sgsn.c
index 443655418..a46711b45 100644
--- a/src/gprs/gprs_sgsn.c
+++ b/src/gprs/gprs_sgsn.c
@@ -108,7 +108,6 @@ struct sgsn_mm_ctx *sgsn_mm_ctx_by_tlli(uint32_t tlli,
 		llist_for_each_entry(ctx, &sgsn_mm_ctxts, list) {
 			if ((ctx->p_tmsi | 0xC0000000) == tlli ||
 			     (ctx->p_tmsi_old && (ctx->p_tmsi_old | 0xC0000000) == tlli)) {
-				ctx->tlli = tlli;
 				return ctx;
 			}
 		}