Question on Uplink 'sequence count' handling in MME

Harald Welte laforge at
Sat Jul 13 13:18:47 UTC 2019

Hi Sukchan and list,

I'm currently reading the MME code and I'm having some trouble understanding
the handling of the uplink counter for NAS security.

I only see mme_ue->ul_count.i32 ever being set to '0' when a new security
context is used.  But I don't see it ever being incremented?  I only see
ul_count.sqn incremented, but then the nas_mac_calculate() always gets
ul_count.i32 passed as input.

So I'm somehow not understanding how the MAC can ever verify on any uplink
message beyond/after the first one which establishes a new security context.

What am I missing?  Thanks for your insight!

- Harald Welte <laforge at> 
"Privacy in residential applications is a desirable marketing option."
                                                  (ETSI EN 300 175-7 Ch. A6)

