[PATCH] osmo-msc[master]: ciph command: return more meaningful cause values

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

Neels Hofmeyr gerrit-no-reply at lists.osmocom.org
Fri Mar 2 02:52:39 UTC 2018 

Review at  https://gerrit.osmocom.org/7059

ciph command: return more meaningful cause values

Instead of just GSM48_REJECT_NETWORK_FAILURE, allow returning GSM48_REJECT_*
causes from the vlr_ops.set_ciph_mode() callback.

In msc_vlr_set_ciph_mode(), return ILLEGAL_MS if no usable cipher could be
determined or PROTOCOL_ERROR for RAN mismatches.

This is just a feeble attempt at getting going in the right direction with
cause values, while I'm still looking at the Cipher Mode Command code...

Change-Id: I4db77fea1a4bcd161218582126a5d83ca171f7cb
---
M include/osmocom/msc/vlr.h
M src/libmsc/gsm_04_08.c
M src/libvlr/vlr_access_req_fsm.c
M src/libvlr/vlr_lu_fsm.c
M tests/msc_vlr/msc_vlr_test_gsm_ciph.err
5 files changed, 36 insertions(+), 17 deletions(-)


  git pull ssh://gerrit.osmocom.org:29418/osmo-msc refs/changes/59/7059/1

diff --git a/include/osmocom/msc/vlr.h b/include/osmocom/msc/vlr.h
index c4b8cf6..57e3fc9 100644
--- a/include/osmocom/msc/vlr.h
+++ b/include/osmocom/msc/vlr.h
@@ -212,6 +212,8 @@
 	int (*tx_cm_serv_acc)(void *msc_conn_ref);
 	int (*tx_cm_serv_rej)(void *msc_conn_ref, enum vlr_proc_arq_result result);
 
+	/* \returns 0 on success, positive to return specific GSM48_REJECT_* causes, or negative to
+	 * indicate GSM48_REJECT_NETWORK_FAILURE. */
 	int (*set_ciph_mode)(void *msc_conn_ref, bool umts_aka, bool retrieve_imeisv);
 
 	/* UTRAN: send Common Id (when auth+ciph are complete) */
diff --git a/src/libmsc/gsm_04_08.c b/src/libmsc/gsm_04_08.c
index 995bbf6..93796d8 100644
--- a/src/libmsc/gsm_04_08.c
+++ b/src/libmsc/gsm_04_08.c
@@ -3624,7 +3624,7 @@
 	if (!conn || !conn->vsub) {
 		LOGP(DMM, LOGL_ERROR, "Cannot send Ciphering Mode Command to"
 		     " NULL conn/subscriber");
-		return -EINVAL;
+		return GSM48_REJECT_ILLEGAL_MS;
 	}
 
 	vsub = conn->vsub;
@@ -3634,7 +3634,7 @@
 		LOGP(DMM, LOGL_ERROR, "subscr %s: Cannot send Ciphering Mode"
 		     " Command: no auth tuple available\n",
 		     vlr_subscr_name(vsub));
-		return -EINVAL;
+		return GSM48_REJECT_ILLEGAL_MS;
 	}
 
 	switch (conn->via_ran) {
@@ -3657,7 +3657,7 @@
 				LOGP(DMM, LOGL_ERROR, "%s: cannot start ciphering, no intersection "
 					"between MSC-configured and MS-supported A5 algorithms\n",
 					vlr_subscr_name(conn->vsub));
-				return -ENOTSUP;
+				return GSM48_REJECT_ILLEGAL_MS;
 			}
 
 			/* In case of UMTS AKA, the Kc for ciphering must be derived from the 3G auth
@@ -3680,7 +3680,7 @@
 #else
 		LOGP(DMM, LOGL_ERROR, "Cannot send Security Mode Control over RAN_UTRAN_IU,"
 		     " built without Iu support\n");
-		return -ENOTSUP;
+		return GSM48_REJECT_PROTOCOL_ERROR;
 #endif
 
 	default:
@@ -3689,7 +3689,7 @@
 	LOGP(DMM, LOGL_ERROR,
 	     "%s: cannot start ciphering, unknown RAN type %d\n",
 	     vlr_subscr_name(conn->vsub), conn->via_ran);
-	return -ENOTSUP;
+	return GSM48_REJECT_PROTOCOL_ERROR;
 }
 
 void msc_rx_sec_mode_compl(struct gsm_subscriber_connection *conn)
diff --git a/src/libvlr/vlr_access_req_fsm.c b/src/libvlr/vlr_access_req_fsm.c
index 556e694..94ce8fc 100644
--- a/src/libvlr/vlr_access_req_fsm.c
+++ b/src/libvlr/vlr_access_req_fsm.c
@@ -284,6 +284,7 @@
 {
 	struct proc_arq_priv *par = fi->priv;
 	struct vlr_subscr *vsub = par->vsub;
+	int rc;
 
 	LOGPFSM(fi, "%s()\n", __func__);
 
@@ -292,13 +293,27 @@
 		return;
 	}
 
-	if (vlr_set_ciph_mode(vsub->vlr, fi, par->msc_conn_ref,
-			      par->ciphering_required,
-			      vlr_use_umts_aka(&vsub->last_tuple->vec, par->is_r99),
-			      vsub->vlr->cfg.retrieve_imeisv_ciphered)) {
+	rc = vlr_set_ciph_mode(vsub->vlr, fi, par->msc_conn_ref,
+			       par->ciphering_required,
+			       vlr_use_umts_aka(&vsub->last_tuple->vec, par->is_r99),
+			       vsub->vlr->cfg.retrieve_imeisv_ciphered);
+	if (rc) {
+		enum vlr_proc_arq_result err;
 		LOGPFSML(fi, LOGL_ERROR,
 			 "Failed to send Ciphering Mode Command\n");
-		proc_arq_fsm_done(fi, VLR_PR_ARQ_RES_SYSTEM_FAILURE);
+		switch (rc) {
+		case GSM48_REJECT_ILLEGAL_MS:
+			err = VLR_PR_ARQ_RES_ILLEGAL_SUBSCR;
+			break;
+		case GSM48_REJECT_ILLEGAL_ME:
+			err = VLR_PR_ARQ_RES_ILLEGAL_EQUIP;
+			break;
+		/* TODO: more meaningful causes */
+		default:
+			err = VLR_PR_ARQ_RES_SYSTEM_FAILURE;
+			break;
+		}
+		proc_arq_fsm_done(fi, err);
 		return;
 	}
 
diff --git a/src/libvlr/vlr_lu_fsm.c b/src/libvlr/vlr_lu_fsm.c
index b36e4e3..127d488 100644
--- a/src/libvlr/vlr_lu_fsm.c
+++ b/src/libvlr/vlr_lu_fsm.c
@@ -846,6 +846,7 @@
 {
 	struct lu_fsm_priv *lfp = lu_fsm_fi_priv(fi);
 	struct vlr_subscr *vsub = lfp->vsub;
+	int rc;
 
 	LOGPFSM(fi, "%s()\n", __func__);
 
@@ -862,13 +863,14 @@
 		return;
 	}
 
-	if (vlr_set_ciph_mode(vsub->vlr, fi, lfp->msc_conn_ref,
-			      lfp->ciphering_required,
-			      vlr_use_umts_aka(&vsub->last_tuple->vec, lfp->is_r99),
-			      vsub->vlr->cfg.retrieve_imeisv_ciphered)) {
+	rc = vlr_set_ciph_mode(vsub->vlr, fi, lfp->msc_conn_ref,
+			       lfp->ciphering_required,
+			       vlr_use_umts_aka(&vsub->last_tuple->vec, lfp->is_r99),
+			       vsub->vlr->cfg.retrieve_imeisv_ciphered);
+	if (rc) {
 		LOGPFSML(fi, LOGL_ERROR,
 			 "Failed to send Ciphering Mode Command\n");
-		lu_fsm_failure(fi, GSM48_REJECT_NETWORK_FAILURE);
+		lu_fsm_failure(fi, rc > 0? rc : GSM48_REJECT_NETWORK_FAILURE);
 		return;
 	}
 
diff --git a/tests/msc_vlr/msc_vlr_test_gsm_ciph.err b/tests/msc_vlr/msc_vlr_test_gsm_ciph.err
index 71c5b28..4786412 100644
--- a/tests/msc_vlr/msc_vlr_test_gsm_ciph.err
+++ b/tests/msc_vlr/msc_vlr_test_gsm_ciph.err
@@ -1787,9 +1787,9 @@
 DMM -> CIPHER MODE COMMAND IMSI:901700000004620
 DMSC CLASSMARK 2 unknown, assuming MS doesn't support A5/3
 DMM IMSI:901700000004620: cannot start ciphering, no intersection between MSC-configured and MS-supported A5 algorithms
-- ERROR sending ciphering mode command: rc=-95
+- ERROR sending ciphering mode command: rc=3
 DVLR vlr_lu_fsm(901700000004620){VLR_ULA_S_WAIT_AUTH}: Failed to send Ciphering Mode Command
-- sending LU Reject for IMSI:901700000004620, cause 17
+- sending LU Reject for IMSI:901700000004620, cause 3
 DVLR vlr_lu_fsm(901700000004620){VLR_ULA_S_WAIT_AUTH}: state_chg to VLR_ULA_S_DONE
 DMM Subscr_Conn(901700000004620){SUBSCR_CONN_S_NEW}: Received Event SUBSCR_CONN_E_CN_CLOSE
 DMM Subscr_Conn(901700000004620){SUBSCR_CONN_S_NEW}: SUBSCR_CONN_FROM_LU

-- 
To view, visit https://gerrit.osmocom.org/7059
To unsubscribe, visit https://gerrit.osmocom.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I4db77fea1a4bcd161218582126a5d83ca171f7cb
Gerrit-PatchSet: 1
Gerrit-Project: osmo-msc
Gerrit-Branch: master
Gerrit-Owner: Neels Hofmeyr <nhofmeyr at sysmocom.de>

More information about the gerrit-log mailing list