From 6bd7ded71ea3a1de200ad1190e7f7cbee6cae5f9 Mon Sep 17 00:00:00 2001 From: Jacob Erlbeck Date: Fri, 15 Aug 2014 17:20:06 +0200 Subject: gbproxy/test: Add test for TLLI patching Add LLC test messages containing XID (SAPI LLGMM, U frame) and IP traffic (SAPI LL11, UI frame). Add a test case containing a complete SGSN session with TLLI/PTMSI patching enabled. Sponsored-by: On-Waves ehf --- openbsc/tests/gbproxy/gbproxy_test.c | 238 +++++++++++++++++++++++++++++++++++ 1 file changed, 238 insertions(+) (limited to 'openbsc/tests/gbproxy/gbproxy_test.c') diff --git a/openbsc/tests/gbproxy/gbproxy_test.c b/openbsc/tests/gbproxy/gbproxy_test.c index 2a521eeec..d7ddafd80 100644 --- a/openbsc/tests/gbproxy/gbproxy_test.c +++ b/openbsc/tests/gbproxy/gbproxy_test.c @@ -233,6 +233,61 @@ static const unsigned char dtap_detach_acc[] = { 0x08, 0x06, 0x00 }; +/* GPRS-LLC - SAPI: LLGMM, U, XID */ +static const unsigned char llc_u_xid_ul[] = { + 0x41, 0xfb, 0x01, 0x00, 0x0e, 0x00, 0x64, 0x11, + 0x05, 0x16, 0x01, 0x90, 0x66, 0xb3, 0x28 +}; + +/* GPRS-LLC - SAPI: LLGMM, U, XID */ +static const unsigned char llc_u_xid_dl[] = { + 0x41, 0xfb, 0x30, 0x84, 0x10, 0x61, 0xb6, 0x64, + 0xe4, 0xa9, 0x1a, 0x9e +}; + +/* GPRS-LLC - SAPI: LL11, UI, NSAPI 5, DNS query */ +static const unsigned char llc_ui_ll11_dns_query_ul[] = { + 0x0b, 0xc0, 0x01, 0x65, 0x00, 0x00, 0x00, 0x45, + 0x00, 0x00, 0x38, 0x95, 0x72, 0x00, 0x00, 0x45, + 0x11, 0x20, 0x85, 0x0a, 0xc0, 0x07, 0xe4, 0xac, + 0x10, 0x01, 0x0a, 0xad, 0xab, 0x00, 0x35, 0x00, + 0x24, 0x0e, 0x1c, 0x3b, 0xe0, 0x01, 0x00, 0x00, + 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + 0x6d, 0x05, 0x68, 0x65, 0x69, 0x73, 0x65, 0x02, + 0x64, 0x65, 0x00, 0x00, 0x01, 0x00, 0x01, 0x47, + 0x8f, 0x07 +}; + +/* GPRS-LLC - SAPI: LL11, UI, NSAPI 5, DNS query */ +static const unsigned char llc_ui_ll11_dns_resp_dl[] = { + 0x4b, 0xc0, 0x01, 0x65, 0x00, 0x00, 0x00, 0x45, + 0x00, 0x00, 0xc6, 0x00, 0x00, 0x40, 0x00, 0x3e, + 0x11, 0x7c, 0x69, 0xac, 0x10, 0x01, 0x0a, 0x0a, + 0xc0, 0x07, 0xe4, 0x00, 0x35, 0xad, 0xab, 0x00, + 0xb2, 0x74, 0x4e, 0x3b, 0xe0, 0x81, 0x80, 0x00, + 0x01, 0x00, 0x01, 0x00, 0x05, 0x00, 0x00, 0x01, + 0x6d, 0x05, 0x68, 0x65, 0x69, 0x73, 0x65, 0x02, + 0x64, 0x65, 0x00, 0x00, 0x01, 0x00, 0x01, 0xc0, + 0x0c, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x0e, + 0x10, 0x00, 0x04, 0xc1, 0x63, 0x90, 0x58, 0xc0, + 0x0e, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x0e, + 0x10, 0x00, 0x16, 0x03, 0x6e, 0x73, 0x32, 0x0c, + 0x70, 0x6f, 0x70, 0x2d, 0x68, 0x61, 0x6e, 0x6e, + 0x6f, 0x76, 0x65, 0x72, 0x03, 0x6e, 0x65, 0x74, + 0x00, 0xc0, 0x0e, 0x00, 0x02, 0x00, 0x01, 0x00, + 0x00, 0x0e, 0x10, 0x00, 0x10, 0x02, 0x6e, 0x73, + 0x01, 0x73, 0x08, 0x70, 0x6c, 0x75, 0x73, 0x6c, + 0x69, 0x6e, 0x65, 0xc0, 0x14, 0xc0, 0x0e, 0x00, + 0x02, 0x00, 0x01, 0x00, 0x00, 0x0e, 0x10, 0x00, + 0x05, 0x02, 0x6e, 0x73, 0xc0, 0x0e, 0xc0, 0x0e, + 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x0e, 0x10, + 0x00, 0x05, 0x02, 0x6e, 0x73, 0xc0, 0x5f, 0xc0, + 0x0e, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00, 0x0e, + 0x10, 0x00, 0x12, 0x02, 0x6e, 0x73, 0x0c, 0x70, + 0x6f, 0x70, 0x2d, 0x68, 0x61, 0x6e, 0x6e, 0x6f, + 0x76, 0x65, 0x72, 0xc0, 0x14, 0xaa, 0xdf, 0x31 +}; + static int gprs_process_message(struct gprs_ns_inst *nsi, const char *text, struct sockaddr_in *peer, const unsigned char* data, size_t data_len); @@ -1315,6 +1370,188 @@ static void test_gbproxy_ra_patching() nsi = NULL; } +static void test_gbproxy_ptmsi_patching() +{ + struct gprs_ns_inst *nsi = gprs_ns_instantiate(gprs_ns_callback, NULL); + struct sockaddr_in bss_peer[1] = {{0},}; + struct sockaddr_in sgsn_peer= {0}; + struct gprs_ra_id rai_bss = + {.mcc = 112, .mnc = 332, .lac = 16464, .rac = 96}; + struct gprs_ra_id rai_sgsn = + {.mcc = 123, .mnc = 456, .lac = 16464, .rac = 96}; + struct gprs_ra_id rai_unknown = + {.mcc = 1, .mnc = 99, .lac = 99, .rac = 96}; + uint16_t cell_id = 0x1234; + + const uint32_t sgsn_ptmsi = 0xefe2b700; + const uint32_t local_sgsn_tlli = 0xefe2b700; + const uint32_t random_sgsn_tlli = 0x7c69fb81; + + const uint32_t bss_ptmsi = 0xc00f7304; + const uint32_t local_bss_tlli = 0xc00f7304; + const uint32_t foreign_bss_tlli = 0x8000dead; + + const uint8_t imsi[] = {0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18}; + struct gbproxy_tlli_info *tlli_info; + struct gbproxy_peer *peer; + unsigned bss_nu = 0; + unsigned sgsn_nu = 0; + + OSMO_ASSERT(local_sgsn_tlli == gprs_tmsi2tlli(sgsn_ptmsi, TLLI_LOCAL)); + + bssgp_nsi = nsi; + gbcfg.nsi = bssgp_nsi; + gbcfg.nsip_sgsn_nsei = SGSN_NSEI; + gbcfg.core_mcc = 123; + gbcfg.core_mnc = 456; + gbcfg.core_apn = talloc_zero_size(NULL, 100); + gbcfg.core_apn_size = gprs_str_to_apn(gbcfg.core_apn, 100, "foo.bar"); + gbcfg.patch_ptmsi = 1; + gbcfg.bss_ptmsi_state = 0; + gbcfg.sgsn_tlli_state = 1; + + configure_sgsn_peer(&sgsn_peer); + configure_bss_peers(bss_peer, ARRAY_SIZE(bss_peer)); + + printf("=== %s ===\n", __func__); + printf("--- Initialise SGSN ---\n\n"); + + connect_sgsn(nsi, &sgsn_peer); + + printf("--- Initialise BSS 1 ---\n\n"); + + setup_ns(nsi, &bss_peer[0], 0x1001, 0x1000); + setup_bssgp(nsi, &bss_peer[0], 0x1002); + + peer = gbprox_peer_by_nsei(&gbcfg, 0x1000); + OSMO_ASSERT(peer != NULL); + + send_bssgp_reset_ack(nsi, &sgsn_peer, 0x1002); + + send_bssgp_suspend(nsi, &bss_peer[0], &rai_bss); + send_bssgp_suspend_ack(nsi, &sgsn_peer, &rai_sgsn); + + gprs_dump_nsi(nsi); + dump_global(stdout, 0); + dump_peers(stdout, 0, 0, &gbcfg); + + printf("--- Send message from BSS 1 to SGSN, BVCI 0x1002 ---\n\n"); + + send_llc_ul_ui(nsi, "ATTACH REQUEST", &bss_peer[0], 0x1002, + foreign_bss_tlli, &rai_unknown, cell_id, + GPRS_SAPI_GMM, bss_nu++, + dtap_attach_req, sizeof(dtap_attach_req)); + + dump_peers(stdout, 0, 0, &gbcfg); + + send_llc_dl_ui(nsi, "IDENT REQUEST", &sgsn_peer, 0x1002, + random_sgsn_tlli, 0, NULL, 0, + GPRS_SAPI_GMM, sgsn_nu++, + dtap_identity_req, sizeof(dtap_identity_req)); + + dump_peers(stdout, 0, 0, &gbcfg); + + send_llc_ul_ui(nsi, "IDENT RESPONSE", &bss_peer[0], 0x1002, + foreign_bss_tlli, &rai_bss, cell_id, + GPRS_SAPI_GMM, bss_nu++, + dtap_identity_resp, sizeof(dtap_identity_resp)); + + dump_peers(stdout, 0, 0, &gbcfg); + + send_llc_dl_ui(nsi, "ATTACH ACCEPT", &sgsn_peer, 0x1002, + random_sgsn_tlli, 1, imsi, sizeof(imsi), + GPRS_SAPI_GMM, sgsn_nu++, + dtap_attach_acc, sizeof(dtap_attach_acc)); + + dump_peers(stdout, 0, 0, &gbcfg); + + tlli_info = gbprox_find_tlli_by_sgsn_tlli(peer, random_sgsn_tlli); + OSMO_ASSERT(tlli_info); + OSMO_ASSERT(tlli_info->tlli.assigned == local_bss_tlli); + OSMO_ASSERT(tlli_info->tlli.current == foreign_bss_tlli); + OSMO_ASSERT(!tlli_info->tlli.bss_validated); + OSMO_ASSERT(!tlli_info->tlli.net_validated); + OSMO_ASSERT(tlli_info->tlli.ptmsi == bss_ptmsi); + OSMO_ASSERT(tlli_info->sgsn_tlli.assigned == local_sgsn_tlli); + OSMO_ASSERT(tlli_info->sgsn_tlli.current == random_sgsn_tlli); + OSMO_ASSERT(!tlli_info->sgsn_tlli.bss_validated); + OSMO_ASSERT(!tlli_info->sgsn_tlli.net_validated); + OSMO_ASSERT(tlli_info->sgsn_tlli.ptmsi == sgsn_ptmsi); + + send_llc_ul_ui(nsi, "ATTACH COMPLETE", &bss_peer[0], 0x1002, + local_bss_tlli, &rai_bss, cell_id, + GPRS_SAPI_GMM, bss_nu++, + dtap_attach_complete, sizeof(dtap_attach_complete)); + + dump_peers(stdout, 0, 0, &gbcfg); + + tlli_info = gbprox_find_tlli_by_sgsn_tlli(peer, local_sgsn_tlli); + OSMO_ASSERT(tlli_info); + OSMO_ASSERT(tlli_info->tlli.assigned == local_bss_tlli); + OSMO_ASSERT(tlli_info->tlli.current == foreign_bss_tlli); + OSMO_ASSERT(tlli_info->tlli.bss_validated); + OSMO_ASSERT(!tlli_info->tlli.net_validated); + OSMO_ASSERT(tlli_info->sgsn_tlli.assigned == local_sgsn_tlli); + OSMO_ASSERT(tlli_info->sgsn_tlli.current == random_sgsn_tlli); + OSMO_ASSERT(tlli_info->sgsn_tlli.bss_validated); + OSMO_ASSERT(!tlli_info->sgsn_tlli.net_validated); + + send_llc_dl_ui(nsi, "GMM INFO", &sgsn_peer, 0x1002, + local_sgsn_tlli, 1, imsi, sizeof(imsi), + GPRS_SAPI_GMM, sgsn_nu++, + dtap_gmm_information, sizeof(dtap_gmm_information)); + + dump_peers(stdout, 0, 0, &gbcfg); + + tlli_info = gbprox_find_tlli_by_sgsn_tlli(peer, local_sgsn_tlli); + OSMO_ASSERT(tlli_info); + OSMO_ASSERT(tlli_info->tlli.current == local_bss_tlli); + OSMO_ASSERT(tlli_info->tlli.assigned == 0); + OSMO_ASSERT(tlli_info->sgsn_tlli.current == local_sgsn_tlli); + OSMO_ASSERT(tlli_info->sgsn_tlli.assigned == 0); + + /* Non-DTAP */ + send_bssgp_ul_unitdata(nsi, "XID (UL)", &bss_peer[0], 0x1002, + local_bss_tlli, &rai_bss, cell_id, + llc_u_xid_ul, sizeof(llc_u_xid_ul)); + + send_bssgp_dl_unitdata(nsi, "XID (DL)", &sgsn_peer, 0x1002, + local_sgsn_tlli, 1, imsi, sizeof(imsi), + llc_u_xid_dl, sizeof(llc_u_xid_dl)); + + send_bssgp_ul_unitdata(nsi, "LL11 DNS QUERY (UL)", &bss_peer[0], 0x1002, + local_bss_tlli, &rai_bss, cell_id, + llc_ui_ll11_dns_query_ul, + sizeof(llc_ui_ll11_dns_query_ul)); + + send_bssgp_dl_unitdata(nsi, "LL11 DNS RESP (DL)", &sgsn_peer, 0x1002, + local_sgsn_tlli, 1, imsi, sizeof(imsi), + llc_ui_ll11_dns_resp_dl, + sizeof(llc_ui_ll11_dns_resp_dl)); + + dump_peers(stdout, 0, 0, &gbcfg); + + /* Detach */ + send_llc_ul_ui(nsi, "DETACH REQ", &bss_peer[0], 0x1002, + local_bss_tlli, &rai_bss, cell_id, + GPRS_SAPI_GMM, bss_nu++, + dtap_detach_req, sizeof(dtap_detach_req)); + + dump_peers(stdout, 0, 0, &gbcfg); + + send_llc_dl_ui(nsi, "DETACH ACC", &sgsn_peer, 0x1002, + local_sgsn_tlli, 1, imsi, sizeof(imsi), + GPRS_SAPI_GMM, sgsn_nu++, + dtap_detach_acc, sizeof(dtap_detach_acc)); + + dump_peers(stdout, 0, 0, &gbcfg); + dump_global(stdout, 0); + + gbprox_reset(&gbcfg); + gprs_ns_destroy(nsi); + nsi = NULL; +} + /* TODO: Move tlv testing to libosmocore */ int v_fixed_shift(uint8_t **data, size_t *data_len, size_t len, uint8_t **value); int tv_fixed_match(uint8_t **data, size_t *data_len, uint8_t tag, size_t len, @@ -1899,6 +2136,7 @@ int main(int argc, char **argv) test_gbproxy_ident_changes(); test_gbproxy_imsi_matching(); test_gbproxy_ra_patching(); + test_gbproxy_ptmsi_patching(); test_gbproxy_tlli_expire(); printf("===== GbProxy test END\n\n"); -- cgit v1.2.3