Announce SGSN own TEID during UpdatePDPCtxReq after UE goes PMM-IDLE

When the UE/RNC closes the Iu conn (while keeping the PDP Context
activated), the SGSN updates the GGSN to point the GTPU tunnel to
itself. Unfortunately, only the IP address was being updated while the
TEID was kept the same (the one from the RNC).

As a result, when new MT data arrived at the GGSN, it would forward it
over GTPU to the SGSN using the incorrect RNC TEID, which the libgtp
stack at osmo-sgsn would silently drop due to not being known (because
it was >PDP_MAX=1024).

The issue can be triggered in test SGSN_Tests_Iu.TC_pmm_idle_rx_mt_data.

Related: OS#5773
Related: SYS#5435
Change-Id: I782aa43c71569922a945bd44544bb1388bf8c878
---
M include/osmocom/sgsn/pdpctx.h
M src/sgsn/gprs_mm_state_iu_fsm.c
M src/sgsn/sgsn_libgtp.c
3 files changed, 36 insertions(+), 3 deletions(-)

diff --git a/include/osmocom/sgsn/pdpctx.h b/include/osmocom/sgsn/pdpctx.h
index f3cf0ed..39d744a 100644
--- a/include/osmocom/sgsn/pdpctx.h
+++ b/include/osmocom/sgsn/pdpctx.h
@@ -69,6 +69,9 @@
 	uint8_t			radio_prio;
 	//uint32_t		charging_id;
 	bool			ue_pdp_active; /* PDP Context is active for this NSAPI?  */
+	/* Keeps original SGSN local TEID when lib->teid_own is updated with
+	 * RNC's TEID upon use of Direct Tunnel feature: */
+	uint32_t		sgsn_teid_own;
 
 	struct osmo_timer_list	timer;
 	unsigned int		T;		/* Txxxx number */
diff --git a/src/sgsn/gprs_mm_state_iu_fsm.c b/src/sgsn/gprs_mm_state_iu_fsm.c
index 2bf3568..e770b7c 100644
--- a/src/sgsn/gprs_mm_state_iu_fsm.c
+++ b/src/sgsn/gprs_mm_state_iu_fsm.c
@@ -49,9 +49,11 @@
 	char buf[INET_ADDRSTRLEN];
 	struct sgsn_pdp_ctx *pdp;
 	llist_for_each_entry(pdp, &mm_ctx->pdp_list, list) {
-		LOGMMCTXP(LOGL_INFO, mm_ctx, "Changing GTP-U endpoints %s -> %s\n",
-			  sgsn_gtp_ntoa(&pdp->lib->gsnlu),
-			  inet_ntop(AF_INET, &sgsn->cfg.gtp_listenaddr.sin_addr, buf, sizeof(buf)));
+		LOGMMCTXP(LOGL_INFO, mm_ctx, "Changing GTP-U endpoints %s/0x%08x -> %s/0x%08x\n",
+			  sgsn_gtp_ntoa(&pdp->lib->gsnlu), pdp->lib->teid_own,
+			  inet_ntop(AF_INET, &sgsn->cfg.gtp_listenaddr.sin_addr, buf, sizeof(buf)),
+			  pdp->sgsn_teid_own);
+		pdp->lib->teid_own = pdp->sgsn_teid_own;
 		/* Disable Direct Tunnel Flags DTI. Other flags make no sense here, so also set to 0. */
 		pdp->lib->dir_tun_flags.l = 1;
 		pdp->lib->dir_tun_flags.v[0] = 0x00;
diff --git a/src/sgsn/sgsn_libgtp.c b/src/sgsn/sgsn_libgtp.c
index 4885ada..f497609 100644
--- a/src/sgsn/sgsn_libgtp.c
+++ b/src/sgsn/sgsn_libgtp.c
@@ -166,6 +166,9 @@
 	pdp->priv = pctx;
 	pctx->lib = pdp;
 
+	/* Back up our own local TEID in case we update the library one with RNC TEID when setting up Direct Tunnel: */
+	pctx->sgsn_teid_own = pdp->teid_own;
+
 	//pdp->peer =	/* sockaddr_in of GGSN (receive) */
 	//pdp->ipif =	/* not used by library */
 	pdp->version = ggsn->gtp_version;
@@ -783,6 +786,8 @@
 #ifdef BUILD_IU
 		/* Ignore the packet for now and page the UE to get the RAB
 		 * reestablished */
+		LOGMMCTXP(LOGL_INFO, mm, "Rx GTP for UE in PMM state %s, paging it\n",
+			  osmo_fsm_inst_state_name(mm->iu.mm_state_fsm));
 		ranap_iu_page_ps(mm->imsi, &mm->p_tmsi, mm->ra.lac, mm->ra.rac);
 
 		return 0;

