[M] Change in osmo-ttcn3-hacks[master]: sgsn: Introduce test TC_attach_rau_a_b_wrong_old_ra

19 Aug 2024

pespin has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-ttcn3-hacks/+/37872?usp=email )
Change subject: sgsn: Introduce test TC_attach_rau_a_b_wrong_old_ra
......................................................................
sgsn: Introduce test TC_attach_rau_a_b_wrong_old_ra
This test reproduces a crash in osmo-sgsn, and fixed in
osmo-sgsn.git Change-Id I5a4328c6e945b85dd815215724feecadba59c435.
Related: OS#6441
Change-Id: I3ce02f30a1e5becb80ab2a29f6bf5d08dd45b79c
---
M sgsn/SGSN_Tests.ttcn
M sgsn/expected-results.xml
2 files changed, 55 insertions(+), 2 deletions(-)
git pull ssh://gerrit.osmocom.org:29418/osmo-ttcn3-hacks refs/changes/72/37872/1

diff --git a/sgsn/SGSN_Tests.ttcn b/sgsn/SGSN_Tests.ttcn
index cbf50dd..9a50297 100644
--- a/sgsn/SGSN_Tests.ttcn
+++ b/sgsn/SGSN_Tests.ttcn
@@ -18,6 +18,7 @@
 import from Osmocom_Types all;
 import from GSM_Types all;
 import from Native_Functions all;
+import from Misc_Helpers all;
 import from NS_Types all;
 import from NS_Emulation all;
 import from BSSGP_Types all;
@@ -1904,7 +1905,6 @@
f_detach_mo(c_GMM_DTT_MO_GPRS, true, true);
 }
-
 testcase TC_attach_rau_a_a() runs on test_CT {
    /* MS <-> SGSN: Successful Attach
     * MS  -> SGSN: Routing Area Update Request
@@ -1936,7 +1936,6 @@
f_detach_mo(c_GMM_DTT_MO_GPRS, true, true, 1);
 }
-
 testcase TC_attach_rau_a_b() runs on test_CT {
    /* MS <-> SGSN: Successful Attach
     * MS  -> SGSN: Routing Area _a_ Update Request
@@ -1953,6 +1952,55 @@
    f_cleanup();
 }
+/* MS fills wrong Old RA during 2nd RAU. SGSN rejects it. */
+private function f_TC_attach_rau_a_b_wrong_old_ra(charstring id) runs on BSSGP_ConnHdlr {
+	var integer ran_index := 1;
+	f_TC_attach(id);
+
+	log("attach complete sending rau");
+	f_routing_area_update(g_pars.ra);
+
+	log("rau complete unregistering");
+	f_bssgp_client_unregister(g_pars.imsi);
+	f_bssgp_client_register(g_pars.imsi, g_pars.tlli, BSSGP_PROC[1]);
+
+	log("sending second RAU via different RA with wrong Old RA");
+	var RoutingAreaIdentificationV wrong_old_ra := g_pars.ra;
+	wrong_old_ra.rac := int2oct((oct2int(wrong_old_ra.rac) + 5) / 3, 1);
+	f_send_l3(ts_GMM_RAU_REQ(f_mi_get_lv(), GPRS_UPD_T_RA, old_ra := wrong_old_ra), ran_index);
+
+	timer T := 2.0;
+	T.start;
+	alt {
+	[] BSSGP[ran_index].receive(tr_GMM_RAU_REJECT);
+	[] BSSGP[ran_index].receive(tr_LLC_XID_MT_CMD(?, ?)) {
+		/* Ignore XID Reset */
+		repeat;
+		}
+	[] T.timeout {
+		setverdict(fail, "Timeout rx RAU Reject");
+		mtc.stop;
+		}
+	}
+
+	f_detach_mo(c_GMM_DTT_MO_GPRS, true, true, ran_index := ran_index);
+}
+testcase TC_attach_rau_a_b_wrong_old_ra() runs on test_CT {
+	/* MS <-> SGSN: Successful Attach
+	 * MS  -> SGSN: Routing Area _a_ Update Request
+	 * MS <-  SGSN: Routing Area _a_ Update Accept
+	 * MS  -> SGSN: Routing Area _b_ Update Request (Wrong Old Routing Area)
+	 * MS <-  SGSN: Routing Area _b_ Update Reject
+	 * MS  -> SGSN: Detach (PowerOff)
+	 */
+	var BSSGP_ConnHdlr vc_conn;
+	f_init();
+	f_sleep(1.0);
+	vc_conn := f_start_handler(refers(f_TC_attach_rau_a_b_wrong_old_ra), testcasename(), g_gb, 39);
+	vc_conn.done;
+	f_cleanup();
+}
+
 private function f_TC_attach_gmm_attach_req_while_gmm_attach(charstring id) runs on BSSGP_ConnHdlr {
    var integer count_req := 0;
    var MobileIdentityLV mi;
@@ -3177,6 +3225,10 @@
    execute( TC_attach_rau() );
    execute( TC_attach_rau_a_a() );
    execute( TC_attach_rau_a_b() );
+	if (Misc_Helpers.f_osmo_repo_is("nightly")) {
+		/* Will double-free and crash osmo-sgsn <= 1.12.0 */
+		execute( TC_attach_rau_a_b_wrong_old_ra() );
+	}
    execute( TC_attach_usim_resync() );
    execute( TC_attach_usim_a54_a54() );
    execute( TC_attach_usim_a54_a53() );
diff --git a/sgsn/expected-results.xml b/sgsn/expected-results.xml
index a29467d..40b6592 100644
--- a/sgsn/expected-results.xml
+++ b/sgsn/expected-results.xml
@@ -37,6 +37,7 @@
   <testcase classname='SGSN_Tests' name='TC_attach_rau' time='MASKED'/>
   <testcase classname='SGSN_Tests' name='TC_attach_rau_a_a' time='MASKED'/>
   <testcase classname='SGSN_Tests' name='TC_attach_rau_a_b' time='MASKED'/>
+  <testcase classname='SGSN_Tests' name='TC_attach_rau_a_b_wrong_old_ra' time='MASKED'/>
   <testcase classname='SGSN_Tests' name='TC_attach_usim_resync' time='MASKED'/>
   <testcase classname='SGSN_Tests' name='TC_attach_usim_a54_a54' time='MASKED'/>
   <testcase classname='SGSN_Tests' name='TC_attach_usim_a54_a53' time='MASKED'/>
-- 
To view, visit https://gerrit.osmocom.org/c/osmo-ttcn3-hacks/+/37872?usp=email
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings?usp=email

Gerrit-MessageType: newchange
Gerrit-Project: osmo-ttcn3-hacks
Gerrit-Branch: master
Gerrit-Change-Id: I3ce02f30a1e5becb80ab2a29f6bf5d08dd45b79c
Gerrit-Change-Number: 37872
Gerrit-PatchSet: 1
Gerrit-Owner: pespin pespin@sysmocom.de



    

2026

2025

2024

2023

2022

[M] Change in osmo-ttcn3-hacks[master]: sgsn: Introduce test TC_attach_rau_a_b_wrong_old_ra