lynxis lazus submitted this change.

View Change

Approvals: pespin: Looks good to me, but someone else must approve laforge: Looks good to me, approved Jenkins Builder: Verified 
SGSN: BSSGP_ConnHdlr: GMM Service Request: handle PMM IDLE UE correct

24.008: 4.7.13.3: explicitly mention the completion of the low layer security to be an implicit
Security Command Accept if the UE is in PMM Idle.
Extend the as_service_request() to handle both cases when UE is in PMM-IDLE as well in
PMM-CONNECTED.

Change-Id: I29237997e414aea80f254247da54f909410a4b36
---
M sgsn/BSSGP_ConnHdlr.ttcn
1 file changed, 30 insertions(+), 6 deletions(-)

diff --git a/sgsn/BSSGP_ConnHdlr.ttcn b/sgsn/BSSGP_ConnHdlr.ttcn
index 2a434aa..82788f5 100644
--- a/sgsn/BSSGP_ConnHdlr.ttcn
+++ b/sgsn/BSSGP_ConnHdlr.ttcn
@@ -618,24 +618,48 @@
 	}
 }
 
-/* Iu only */
-altstep as_service_request(integer ran_index := 0) runs on BSSGP_ConnHdlr {
+/* Iu only
+ *
+ * Handle a service request for a UE in PMM_IDLE or PMM_CONNECTED depending on exp_service_acc
+ * Depending on the PMM state:
+ * a) PMM_IDLE: The network will do a SecurityModeCommand on Iu, which the UE will treat as an implicit Service Accept
+ * b) PMM_CONNECTED: The Iu connection is already secured, do an explicit Service Accept
+ *
+ * NOTE: The old osmo-sgsn will always respond with a ServiceAccept even when the spec is clear this is not needed.
+ */
+altstep as_service_request(boolean exp_service_acc := true, integer ran_index := 0) runs on BSSGP_ConnHdlr {
 	var PDU_DTAP_PS_MT mt;
 
-	[] BSSAP.receive(tr_PDU_DTAP_PS_MT(tr_GMM_SERVICE_ACC)) -> value mt {
+	[exp_service_acc] BSSAP.receive(tr_PDU_DTAP_PS_MT(tr_GMM_SERVICE_ACC)) -> value mt {
 		setverdict(pass);
 		}
+	[not exp_service_acc] BSSAP.receive(tr_PDU_DTAP_PS_MT(tr_GMM_SERVICE_ACC)) -> value mt {
+		setverdict(fail, "Unexpected Service Accept");
+		mtc.stop;
+		}
 	[] BSSAP.receive(tr_PDU_DTAP_PS_MT(tr_GMM_SERVICE_REJ)) {
 		setverdict(fail, "Unexpected Service Reject");
 		mtc.stop;
 		}
+	/* 24.008 4.7.13.3: a SecurityModeCommand is an implicit Service Accept if UE was in PMM-IDLE */
 	[] BSSAP.receive(tr_RANAP_SecurityModeCmd(uia_algs := ?,
 						  uia_key := oct2bit(g_pars.vec.ik),
 						  key_sts := ?)) {
 		var IntegrityProtectionAlgorithm uia_chosen := 0; /* 0 = standard_UMTS_integrity_algorithm_UIA1 */
 		BSSAP.send(ts_RANAP_SecurityModeComplete(uia_chosen));
-		BSSAP.receive(tr_RANAP_CommonId(imsi_hex2oct(g_pars.imsi)))
-		repeat;
+		if (not exp_service_acc) {
+			/* Because we stop processing early, we need to consume the CommonID */
+			BSSAP.receive(tr_RANAP_CommonId(imsi_hex2oct(g_pars.imsi)));
+			setverdict(pass);
+		} else {
+			/* This repeat would be wrong if you follow the spec correct. Because:
+			 * a) the UE is in PMM Idle and in this case the exp_service_acc would be true
+			 * b) the UE is in PMM Connected and in this case the Iu Connection should be already secure and this would fail.
+			 * The old osmo-sgsn is doing for UE in PMM Idle both a Security Command and a Service Accept, after the VLR change, the
+			 * osmo-sgsn will follow the spec correct.
+			 */
+			repeat;
+		}
 	}
 }
 
@@ -671,7 +695,7 @@
 	}
 
 	alt {
-	[] as_service_request(ran_index) { setverdict(pass); }
+	[] as_service_request(exp_service_acc := true, ran_index := ran_index) { setverdict(pass); }
 	[] BSSAP.receive { repeat; }
 	[] T.timeout {
 		Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail,

To view, visit change 38397. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-MessageType: merged
Gerrit-Project: osmo-ttcn3-hacks
Gerrit-Branch: master
Gerrit-Change-Id: I29237997e414aea80f254247da54f909410a4b36
Gerrit-Change-Number: 38397
Gerrit-PatchSet: 8
Gerrit-Owner: lynxis lazus <lynxis@fe80.eu>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: fixeria <vyanitskiy@sysmocom.de>
Gerrit-Reviewer: laforge <laforge@osmocom.org>
Gerrit-Reviewer: lynxis lazus <lynxis@fe80.eu>
Gerrit-Reviewer: pespin <pespin@sysmocom.de>