TLLI problems and proposed solution

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/OpenBSC@lists.osmocom.org/.

Holger Hans Peter Freyther holger at freyther.de
Sun Jul 28 20:01:04 UTC 2013 

Dear LaF0rge,

I pushed "zecke/features/emulator" to the osmo-pcu repository. All it
does is to send a static GPRS Attach for a foreign TLLI. Looking at the
communication with Wireshark one will see:

  Identity Requests messages.. always with N(U) = 0

and in the SGSN log one can see:

  <0012> gprs_llc.c:773 LLC RX: unknown TLLI 0xadf11820, creating LLME on the fly
  ...
  <0012> gprs_llc.c:357 LLC TX: unknown TLLI 0xedf11820, creating LLME on the fly 


What happens is the following:
 
When receiving the GPRS Attach we create a LLME for the 'foreign' TLLI,
but the look-up will never compare tlli/old_tlli with the foreign one. It
will always be localized. 


The smallest change is this one:

diff --git a/openbsc/src/gprs/gprs_llc.c b/openbsc/src/gprs/gprs_llc.c
index 8af5367..52727ce 100644
--- a/openbsc/src/gprs/gprs_llc.c
+++ b/openbsc/src/gprs/gprs_llc.c
@@ -777,9 +777,10 @@ int gprs_llc_rcvmsg(struct msgb *msg, struct tlv_parsed *tv)
                    (llhp.cmd == GPRS_LLC_XID || llhp.cmd == GPRS_LLC_UI)) {
                        struct gprs_llc_llme *llme;
                        /* FIXME: don't use the TLLI but the 0xFFFF unassigned? */
-                       llme = llme_alloc(msgb_tlli(msg));
+                       llme = llme_alloc(tlli_foreign2local(msgb_tlli(msg)));
                        LOGP(DLLC, LOGL_DEBUG, "LLC RX: unknown TLLI 0x%08x, "
-                               "creating LLME on the fly\n", msgb_tlli(msg));
+                               "creating LLME on the fly\n",
+                               tlli_foreign2local(msgb_tlli(msg)));
                        lle = &llme->lle[llhp.sapi];
                } else {
                        LOGP(DLLC, LOGL_NOTICE,

(but one could move that into llme_alloc and then it works for RX/TX). After
this patch the Identity Request requests will have an increasting N(U) and the
tlli in the message will be 0xadf11820. The SGSN will still print:

  <0012> gprs_llc.c:142 TLLI 0xadf11820 is foreign, converting to local TLLI 0xedf11820


So this means that for the entire GPRS attach procedure we will use the
initial foreign TLLI.... so somehow... the code in the MM handling...


        /* Even if there is no P-TMSI allocated, the MS will switch from
         * foreign TLLI to local TLLI */
        ctx->tlli_new = gprs_tmsi2tlli(ctx->p_tmsi, TLLI_LOCAL);

        /* Inform LLC layer about new TLLI but keep old active */
        gprs_llgmm_assign(ctx->llme, ctx->tlli, ctx->tlli_new,
                          GPRS_ALGO_GEA0, NULL);


So this tlli_new does not appear to be used at all and I don't see how/where
we would use/create the OLD_TLLI IE? Is it implemented?


holger

More information about the OpenBSC mailing list