diff options
author | Vadim Yanitskiy <vyanitskiy@sysmocom.de> | 2024-04-02 21:21:51 +0700 |
---|---|---|
committer | laforge <laforge@osmocom.org> | 2024-04-03 07:53:27 +0000 |
commit | 3c88c3591228b95ee1da6f2cc8d898a0604ee655 (patch) | |
tree | 44301dbf873dabf0efc924b3e09231c0c5d4bd7c | |
parent | af3e21687a16545ecc9600066c3a00bf285c91d1 (diff) |
msc: fix race condition in TC_mm_id_resp_no_identity
This testcase is failing sporadically ever since it was introduced
back in 2019, during 36C3. The problem is that osmo-msc does not
react to the malformed MM IDENTITY RESPONSE immediately, but only
after timeout of timer X1 (5 seconds, by default); while the
testsuite expects the LU REJECT to be received within 5 seconds.
We should ideally fix osmo-msc to react immediately, but for now
let's enlarge the LU REJECT waiting timeout in the testcase.
Change-Id: I5d2b5d49df8f7ae1eb12fc137f4256fe6fab9117
Related: OS#6426, OS#4340
-rw-r--r-- | msc/BSC_ConnectionHandler.ttcn | 6 | ||||
-rw-r--r-- | msc/MSC_Tests.ttcn | 11 |
2 files changed, 9 insertions, 8 deletions
diff --git a/msc/BSC_ConnectionHandler.ttcn b/msc/BSC_ConnectionHandler.ttcn index be12fae8..6f8078bc 100644 --- a/msc/BSC_ConnectionHandler.ttcn +++ b/msc/BSC_ConnectionHandler.ttcn @@ -916,11 +916,11 @@ altstep as_accept_reject_lu(boolean expect_accept := true) runs on BSC_ConnHdlr } } -function f_expect_lu_reject(template OCT1 cause := ?) runs on BSC_ConnHdlr { +function f_expect_lu_reject(template OCT1 cause := ?, float Tval := 5.0) runs on BSC_ConnHdlr { var PDU_DTAP_MT dtap_mt; - timer T := 5.0; + timer T; - T.start; + T.start(Tval); alt { [] BSSAP.receive(tr_PDU_DTAP_MT(tr_ML3_MT_LU_Rej(cause))) { setverdict(pass); diff --git a/msc/MSC_Tests.ttcn b/msc/MSC_Tests.ttcn index 52a5c2fb..513e3465 100644 --- a/msc/MSC_Tests.ttcn +++ b/msc/MSC_Tests.ttcn @@ -6616,15 +6616,13 @@ testcase TC_invalid_mgcp_crash() runs on MTC_CT { vc_conn.done; } +/* Test how the MSC handles a malformed MM IDENTITY RESPONSE with no identity. */ friend function f_tc_mm_id_resp_no_identity(charstring id, BSC_ConnHdlrPars pars) runs on BSC_ConnHdlr { - pars.tmsi := 'FFFFFFFF'O; f_init_handler(pars); - f_create_gsup_expect(hex2str(g_pars.imsi)); - /* Initiate Location Updating using an unknown TMSI */ - f_bssap_compl_l3(f_build_lu_tmsi(pars.tmsi)); + f_bssap_compl_l3(f_build_lu_tmsi('FFFFFFFF'O)); /* Expect an Identity Request, send response with no identity */ BSSAP.receive(tr_PDU_DTAP_MT(tr_ML3_MT_MM_ID_Req(CM_ID_TYPE_IMSI))); @@ -6641,7 +6639,10 @@ runs on BSC_ConnHdlr { } }))); - f_expect_lu_reject(); + /* XXX: Current osmo-msc does not react on bad/malformed MM IDENTITY RESPONSE immediately. + * It instead relies on expiry of timer X1, which is set to 5.0 seconds by default. This + * is not good (DoS vector) and should ideally be fixed, but for now just work it around. */ + f_expect_lu_reject(Tval := 5.0 + 1.0); f_expect_clear(); } testcase TC_mm_id_resp_no_identity() runs on MTC_CT { |