Change in osmo-pcu[master]: tests/rlcmac: fix malformed MS RA capability in testRAcap()

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

fixeria gerrit-no-reply at lists.osmocom.org
Wed Feb 19 10:31:10 UTC 2020 

fixeria has submitted this change. ( https://gerrit.osmocom.org/c/osmo-pcu/+/17209 )

Change subject: tests/rlcmac: fix malformed MS RA capability in testRAcap()
......................................................................

tests/rlcmac: fix malformed MS RA capability in testRAcap()

Long story short: as it turns out the test vector '12a5146200'O
has been generated by TITAN, and it's malformed. The length
indicator it contains must be at least 29 bits, not 21. This
field is calculated by TITAN automatically, so I guess there
is a bug somewhere in its RAW encoder implementation.

It's funny that Wireshark decodes the old malformed vector without
any problems if it's encapsulated into the BSSGP DL-UNITDATA. The
reason for that is because BSSGP dissector does not actually use
the CSN.1 codec and relies on its own hand-written parser [1],
which does not respect the length constraints.

Furthermore, table 10.5.146/3GPP TS 24.008, describing the format
of MS Radio Access Capability IE, has the following comment:

  < Multislot capability struct > ::=
    { 0 | 1 < HSCSD multislot class : bit (5) > }
    ...
  -- error: struct too short, assume features do not exist

so ideally our CSN.1 decoder should be more tolerant to the old
malformed vector, but unfortunately error handling is not implemented.

[1] See de_gmm_ms_radio_acc_cap() in epan/dissectors/packet-gsm_a_gm.c.

Change-Id: I5f810397b8d09c18e069168023429f6a4d899c86
---
M tests/rlcmac/RLCMACTest.cpp
M tests/rlcmac/RLCMACTest.err
M tests/rlcmac/RLCMACTest.ok
3 files changed, 22 insertions(+), 13 deletions(-)

Approvals:
  Jenkins Builder: Verified
  laforge: Looks good to me, but someone else must approve
  pespin: Looks good to me, approved



diff --git a/tests/rlcmac/RLCMACTest.cpp b/tests/rlcmac/RLCMACTest.cpp
index a8d6217..de63fe6 100644
--- a/tests/rlcmac/RLCMACTest.cpp
+++ b/tests/rlcmac/RLCMACTest.cpp
@@ -224,7 +224,7 @@
 /*
 	MS RA capability 1
 	    0001 .... = Access Technology Type: GSM E --note that GSM E covers GSM P (1)
-	    .... 0010  101. .... = Length in bits: 0x15 (21)
+	    .... 0011  101. .... = Length in bits: 0x1d (29)
 	    ...0 01.. RF Power Capability, GMSK Power Class: Not specified (1)
 	    A5 Bits: Same values apply for parameters as in the immediately preceding Access capabilities field within this IE (0)
 	    .... ...1 = Controlled early Classmark Sending: Implemented
@@ -235,22 +235,27 @@
 	    .... ..00  011. .... = GPRS multislot class: Max Rx-Slot/TDMA:2 Max Tx-Slot/TDMA:2 Max-Sum-Slot/TDMA:3 Tta:3 Ttb:2 Tra:3 Trb:1 Type:1 (3)
 	    ...0 .... = GPRS Extended Dynamic Allocation Capability: Not Implemented
 */
-	bitvec_unhex(vector, "12a5146200");
+	bitvec_unhex(vector, "13a5146200");
 
 	rc = decode_gsm_ra_cap(vector, &data);
-	printf("decode_gsm_ra_cap fails? %s\n", rc !=0 ? "yes" : "no");
-#if 0
-	/* FIXME: OS#1525, OS#3499: csn1 fails to parse this MS RA Cap IE value */
-	assert (rc == 0);
+	OSMO_ASSERT(rc == 0);
 
 	/* Make sure there's 1 value (currently fails due to failed decoding) */
-	osmo_assert(cap->Count_MS_RA_capability_value == 1);
+	OSMO_ASSERT(data.Count_MS_RA_capability_value == 1);
 
-	/* Make sure MS multislot class is parsed correctly (currently fails due
-	   to failed decoding and count being 0) */
-	uint8_t ms_class = Decoding::get_ms_class_by_capability(&data);
-	assert(ms_class == 3);
-#endif
+	/* Make sure GPRS / EGPRS multislot class is parsed correctly */
+	printf("GPRS multislot class = %u\n", Decoding::get_ms_class_by_capability(&data));
+	printf("EGPRS multislot class = %u\n", Decoding::get_egprs_ms_class_by_capability(&data));
+
+	/* Mangle the length indicator (set it to 21) */
+	unsigned int writeIndex = 4;
+	rc = bitvec_write_field(vector, &writeIndex, 21, 7);
+	OSMO_ASSERT(rc == 0);
+
+	/* Make sure decoding attempt fails */
+	printf("Test decoding of a malformed vector (short length indicator)\n");
+	rc = decode_gsm_ra_cap(vector, &data);
+	printf("decode_gsm_ra_cap() returns %d\n", rc);
 }
 
 int main(int argc, char *argv[])
diff --git a/tests/rlcmac/RLCMACTest.err b/tests/rlcmac/RLCMACTest.err
index 2d7de59..52a3cc3 100644
--- a/tests/rlcmac/RLCMACTest.err
+++ b/tests/rlcmac/RLCMACTest.err
@@ -29,4 +29,5 @@
 DCSN1 INFO csnStreamDecoder (type=2): PayloadType = 1 | spare = 0 | R = 0 | MESSAGE_TYPE = 2 | DOWNLINK_TFI = 20 |  : Ack_Nack_Description | FINAL_ACK_INDICATION = 1 | STARTING_SEQUENCE_NUMBER = 1 | RECEIVED_BLOCK_BITMAP[0] = 0 | RECEIVED_BLOCK_BITMAP[1] = 0 | RECEIVED_BLOCK_BITMAP[2] = 0 | RECEIVED_BLOCK_BITMAP[3] = 0 | RECEIVED_BLOCK_BITMAP[4] = 0 | RECEIVED_BLOCK_BITMAP[5] = 0 | RECEIVED_BLOCK_BITMAP[6] = 0 | RECEIVED_BLOCK_BITMAP[7] = 1 | : End Ack_Nack_Description | Exist_Channel_Request_Description = 1 |  : Channel_Request_Description | PEAK_THROUGHPUT_CLASS = 0 | RADIO_PRIORITY = 0 | RLC_MODE = 0 | LLC_PDU_TYPE = 1 | RLC_OCTET_COUNT = 18 | : End Channel_Request_Description |  : Channel_Quality_Report | C_VALUE = 40 | RXQUAL = 1 | SIGN_VAR = 0 | Slot[0].Exist = 0 | Slot[1].Exist = 0 | Slot[2].Exist = 0 | Slot[3].Exist = 0 | Slot[4].Exist = 0 | Slot[5].Exist = 0 | Slot[6].Exist = 0 | Slot[7].Exist = 0 | : End Channel_Quality_Report | Exist_AdditionsR99 = 1 |  : AdditionsR99 | Exist_PFI = 0 | : End AdditionsR99 | Padding = 3|43|43|43|43|43|
 DCSN1 INFO csnStreamEncoder (type=2): PayloadType = 1 | spare = 0 | R = 0 | MESSAGE_TYPE = 2 | DOWNLINK_TFI = 20 |  : Ack_Nack_Description | FINAL_ACK_INDICATION = 1 | STARTING_SEQUENCE_NUMBER = 1 | RECEIVED_BLOCK_BITMAP[0] = 0 | RECEIVED_BLOCK_BITMAP[1] = 0 | RECEIVED_BLOCK_BITMAP[2] = 0 | RECEIVED_BLOCK_BITMAP[3] = 0 | RECEIVED_BLOCK_BITMAP[4] = 0 | RECEIVED_BLOCK_BITMAP[5] = 0 | RECEIVED_BLOCK_BITMAP[6] = 0 | RECEIVED_BLOCK_BITMAP[7] = 1 |  : End Ack_Nack_Description | Exist_Channel_Request_Description = 1 |  : Channel_Request_Description | PEAK_THROUGHPUT_CLASS = 0 | RADIO_PRIORITY = 0 | RLC_MODE = 0 | LLC_PDU_TYPE = 1 | RLC_OCTET_COUNT = 18 |  : End Channel_Request_Description |  : Channel_Quality_Report | C_VALUE = 40 | RXQUAL = 1 | SIGN_VAR = 0 | Slot[0].Exist = 0 | Slot[1].Exist = 0 | Slot[2].Exist = 0 | Slot[3].Exist = 0 | Slot[4].Exist = 0 | Slot[5].Exist = 0 | Slot[6].Exist = 0 | Slot[7].Exist = 0 |  : End Channel_Quality_Report | Exist_AdditionsR99 = 1 |  : AdditionsR99 | Exist_PFI = 0 |  : End AdditionsR99 | Padding = 3|43|43|43|43|43|
 DCSN1 INFO csnStreamDecoder (type=8): PayloadType = 1 | spare = 0 | R = 0 | MESSAGE_TYPE = 8 | DOWNLINK_TFI = 0 | MS_OUT_OF_MEMORY = 0 | Exist_EGPRS_ChannelQualityReport = 1 |  : EGPRS_ChannelQualityReport |  : EGPRS_BEP_LinkQualityMeasurements | Exist_MEAN_CV_BEP_GMSK = 0 | Exist_MEAN_CV_BEP_8PSK = 1 | MEAN_BEP_8PSK = 31 | CV_BEP_8PSK = 7 | : End EGPRS_BEP_LinkQualityMeasurements | C_VALUE = 58 |  : EGPRS_TimeslotLinkQualityMeasurements | Exist_BEP_MEASUREMENTS = 0 | Exist_INTERFERENCE_MEASUREMENTS = 0 | : End EGPRS_TimeslotLinkQualityMeasurements | : End EGPRS_ChannelQualityReport | Exist_ChannelRequestDescription = 1 |  : ChannelRequestDescription | PEAK_THROUGHPUT_CLASS = 6 | RADIO_PRIORITY = 0 | RLC_MODE = 0 | LLC_PDU_TYPE = 1 | RLC_OCTET_COUNT = 62 | : End ChannelRequestDescription | Exist_PFI = 0 | Exist_ExtensionBits = 0 |  : EGPRS_AckNack | Desc = 0 |  : Desc | FINAL_ACK_INDICATION = 0 | BEGINNING_OF_WINDOW = 1 | END_OF_WINDOW = 1 | STARTING_SEQUENCE_NUMBER = 1187 | Exist_CRBB = 0 | URBB = 127 | URBB = 255 | URBB = 255 | URBB = 238 | URBB = 0 | URBB = 0 | URBB = 0 | URBB = 0 | URBB = 0 | URBB = 0 | URBB = 0 | URBB = 0 | URBB = 0 |  : End Desc | : End EGPRS_AckNack | Padding = 
+DCSN1 INFO csnStreamDecoder (RAcap): MS_RA_capability_value { | Choice MS_RA_capability_value_Choice = 1 | u.Content length = 29 | offset = 4 | RF_Power_Capability = 1 | Exist_A5_bits = 0 | ES_IND = 1 | PS = 0 | VGCS = 0 | VBS = 0 | Exist_Multislot_capability = 1 |  : Multislot_capability | Exist_HSCSD_multislot_class = 0 | Exist_GPRS_multislot_class = 1 | GPRS_multislot_class = 3 | GPRS_Extended_Dynamic_Allocation_Capability = 0 | Exist_SM = 0 | Exist_ECSD_multislot_class = 0 | Exist_EGPRS_multislot_class = 1 | EGPRS_multislot_class = 0 | EGPRS_Extended_Dynamic_Allocation_Capability = 0 | Exist_DTM_GPRS_multislot_class = 0 | : End Multislot_capability | Exist_Eight_PSK_Power_Capability = 0 | COMPACT_Interference_Measurement_Capability = 0 | Revision_Level_Indicator = NULL | UMTS_FDD_Radio_Access_Technology_Capability = NULL | UMTS_384_TDD_Radio_Access_Technology_Capability = NULL | CDMA2000_Radio_Access_Technology_Capability = NULL | UMTS_128_TDD_Radio_Access_Technology_Capability = NULL | GERAN_Feature_Package_1 = NULL | Modulation_based_multislot_class_support = NULL | GMSK_MultislotPowerProfile = NULL | EightPSK_MultislotProfile = NULL | MultipleTBF_Capability = NULL | DownlinkAdvancedReceiverPerformance = NULL | ExtendedRLC_MAC_ControlMessageSegmentionsCapability = NULL | DTM_EnhancementsCapability = NULL | PS_HandoverCapability = NULL | MS_RA_capability_value } | 
 DCSN1 INFO csnStreamDecoder (RAcap): MS_RA_capability_value { | Choice MS_RA_capability_value_Choice = 1 | u.Content length = 21 | offset = 4 | RF_Power_Capability = 1 | Exist_A5_bits = 0 | ES_IND = 1 | PS = 0 | VGCS = 0 | VBS = 0 | Exist_Multislot_capability = 1 |  : Multislot_capability | Exist_HSCSD_multislot_class = 0 | Exist_GPRS_multislot_class = 1 | GPRS_multislot_class = 3 | GPRS_Extended_Dynamic_Allocation_Capability = 0 | Exist_SM = 0 | Exist_ECSD_multislot_class = 0 | Exist_EGPRS_multislot_class = 1 | DCSN1 ERROR csnStreamDecoder: error NEED_MORE BITS TO UNPACK (-5) at EGPRS_multislot_class (idx 31): End Multislot_capability | 
diff --git a/tests/rlcmac/RLCMACTest.ok b/tests/rlcmac/RLCMACTest.ok
index 2d27ca4..96c1bfb 100644
--- a/tests/rlcmac/RLCMACTest.ok
+++ b/tests/rlcmac/RLCMACTest.ok
@@ -124,4 +124,7 @@
 vector1 == vector2 : TRUE
 *** testCsnLeftAlignedVarBmpBounds ***
 *** testRAcap ***
-decode_gsm_ra_cap fails? yes
+GPRS multislot class = 3
+EGPRS multislot class = 0
+Test decoding of a malformed vector (short length indicator)
+decode_gsm_ra_cap() returns -5

-- 
To view, visit https://gerrit.osmocom.org/c/osmo-pcu/+/17209
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: osmo-pcu
Gerrit-Branch: master
Gerrit-Change-Id: I5f810397b8d09c18e069168023429f6a4d899c86
Gerrit-Change-Number: 17209
Gerrit-PatchSet: 2
Gerrit-Owner: fixeria <axilirator at gmail.com>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: fixeria <axilirator at gmail.com>
Gerrit-Reviewer: laforge <laforge at osmocom.org>
Gerrit-Reviewer: pespin <pespin at sysmocom.de>
Gerrit-MessageType: merged
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20200219/a8f681df/attachment.htm>

More information about the gerrit-log mailing list