OsmoSGSN [PATCH], Network Service

[Michal Grznár]

So it is the communication between osmoSGSN and sim-bss (Attach procedure).
The problem comes in attach accept/complete. OsmoSGSN sends message attach
accept with currenr TLLI = 0x78000001 and with new allocated P-TMSI =
0x475b916b. Sim-bss answeres with message attach complete with new tlli
made/generated im osmoSGSN from new P-TMSI...and as I said and as 3GPP
24.008 spec. says new TLLI = new allocated P-TMSI = 0x475b916b. And there
comes the problem that it is not LOCAL TLLI. So the point of the problem is
that new P-TMSI/TLLI is not generated correctly and could be said osmoSGSN
rejects what it generated and that is the problem. If it helps, I connects
osmo-SGSN_vty output.

Regards Michal


2014-05-28 14:38 GMT+02:00 Michal Grznár <mihal.grznar at gmail.com>:

> Hi, it wasn´t handly written diffs but here I send diff made by using git
> diff. And the problem you can see in packets with number 27-40 (especially
> see in number 30 you see there the old tlli and newly generated P-TMSI in
> message attach accept and in number 31 there is new TLLI which is the same
> as generated P-TMSI in previous message) and that is the problem I needed
> to solve, that the new TLLI was not LOCAL.
>
> regards Michal
>
>
> 2014-05-23 13:16 GMT+02:00 Holger Hans Peter Freyther <holger at freyther.de>
> :
>
> On Fri, May 23, 2014 at 11:44:40AM +0200, Michal Grznár wrote:
>>
>> Hi,
>>
>> > And the problem was as I said in Imsi attach procedure new TLLI == new
>> > allocated P-tmsi, and there was a problem that the function
>>  gprs_tmsi2tlli()
>> > function there was not called and so I had to mask the upper bits in
>> > function where the p-tmsi is allocated, there is also a pcap trace where
>> > you can see it.
>>
>> Could you please elaborate of what/were (e.g. packet numbers) we
>> can see "it" and what it should be instead? And please use "git diff"
>> or preferable "git commit" and git format-patch. The "diff" you include
>> is hand-written and sadly not usable because of this.
>>
>> And as written by Harald before. The place you patch is not correct.
>> The method you patch should generate a unique P-TMSI. It might should
>> mask some of the higher bits. But you need to look at the callers of
>> this function if the tlli is not updated.
>>
>> e.g. in src/gprs/gprs_gmm.c you will see something like this:
>>
>>         ctx->p_tmsi = sgsn_alloc_ptmsi();
>> #endif
>>
>>         /* Even if there is no P-TMSI allocated, the MS will switch from
>>          * foreign TLLI to local TLLI */
>>         ctx->tlli_new = gprs_tmsi2tlli(ctx->p_tmsi, TLLI_LOCAL);
>>
>>         /* Inform LLC layer about new TLLI but keep old active */
>>         gprs_llgmm_assign(ctx->llme, ctx->tlli, ctx->tlli_new,
>>                           GPRS_ALGO_GEA0, NULL);
>>
>> So this call to gprs_tmsi2tlli will make sure that 0xc0000000 will
>> be set. In fact I see two calls to sgsn_alloc_ptmsi and both of them
>> do the above and assign the new tlli to the context. So please could
>> you try to explain what you are trying to solve?
>>
>> holger
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/openbsc/attachments/20140605/06b6f946/attachment.htm>
-------------- next part --------------
<0010> gprs_ns.c:1226 Rx NS ALIVE
<0010> gprs_ns.c:479 NSEI=65534 Tx NS ALIVE_ACK (NSVCI=12345)
<0010> gprs_ns.c:505 NSEI=65534 Starting timer in mode tns-test (40 seconds)
<0010> gprs_ns.c:1226 Rx NS ALIVE
<0010> gprs_ns.c:479 NSEI=65534 Tx NS ALIVE_ACK (NSVCI=12345)
<0010> gprs_ns.c:505 NSEI=65534 Starting timer in mode tns-test (40 seconds)
<0011> gprs_bssgp.c:249 BSSGP BVCI=0 Rx RESET cause=Processor overload
<0011> gprs_bssgp.c:249 BSSGP BVCI=2 Rx RESET cause=Processor overload
<0011> gprs_bssgp.c:272 Cell 208-2-11-1 CI 1 on BVCI 2
<0011> gprs_bssgp.c:249 BSSGP BVCI=3 Rx RESET cause=Processor overload
<0011> gprs_bssgp.c:272 Cell 208-2-11-2 CI 2 on BVCI 3
<0011> gprs_bssgp.c:249 BSSGP BVCI=4 Rx RESET cause=Processor overload
<0011> gprs_bssgp.c:272 Cell 208-2-11-3 CI 3 on BVCI 4
<0011> gprs_bssgp.c:249 BSSGP BVCI=5 Rx RESET cause=Processor overload
<0011> gprs_bssgp.c:272 Cell 208-2-11-4 CI 4 on BVCI 5
<0011> gprs_bssgp.c:753 BSSGP BVCI=2 Rx Flow Control BVC
<0011> gprs_bssgp.c:790 BSS instructs us to MS default bucket leak rate != 0, restarting DL GPRS!
<0011> gprs_bssgp.c:753 BSSGP BVCI=3 Rx Flow Control BVC
<0011> gprs_bssgp.c:790 BSS instructs us to MS default bucket leak rate != 0, restarting DL GPRS!
<0011> gprs_bssgp.c:753 BSSGP BVCI=4 Rx Flow Control BVC
<0011> gprs_bssgp.c:790 BSS instructs us to MS default bucket leak rate != 0, restarting DL GPRS!
<0011> gprs_bssgp.c:753 BSSGP BVCI=5 Rx Flow Control BVC
<0011> gprs_bssgp.c:790 BSS instructs us to MS default bucket leak rate != 0, restarting DL GPRS!
<0010> gprs_ns.c:523 NSEI=65534 Timer expired in mode tns-test (40 seconds)
<0010> gprs_ns.c:466 NSEI=65534 Tx NS ALIVE (NSVCI=12345)
<0010> gprs_ns.c:505 NSEI=65534 Starting timer in mode tns-alive (10 seconds)
<0010> gprs_ns.c:505 NSEI=65534 Starting timer in mode tns-test (40 seconds)
<0011> gprs_bssgp.c:376 BSSGP TLLI=0x78000001 Rx UPLINK-UNITDATA
<0012> gprs_llc.c:562 LLC SAPI=1 C   FCS=0xbbe727CMD=UI DATA 
<0012> gprs_llc.c:826 tlli je random!!!
<0012> gprs_llc.c:256 LLC RX: unknown TLLI 0x78000001, creating LLME on the fly
<0002> gprs_gmm.c:640 -> GMM ATTACH REQUEST MI(231010000000000) type="GPRS attach" <0012> gprs_gmm.c:752 gprs_gmm.c: Alokujeme nove p-tmsi!!!!
<0012> gprs_sgsn.c:369 sgsn_alloc_ptmsi: Alokovali sme taketo p-tmsi 0x475b916b 

<0002> gprs_gmm.c:444 <- GPRS IDENTITY REQUEST: mi_type=02
<0011> gprs_bssgp.c:376 BSSGP TLLI=0x78000001 Rx UPLINK-UNITDATA
<0012> gprs_llc.c:562 LLC SAPI=1 C   FCS=0xae6b48CMD=UI DATA 
<0012> gprs_llc.c:826 tlli je random!!!
<0002> gprs_gmm.c:582 -> GMM IDENTITY RESPONSE: mi_type=0x02 MI(123456789012310) 
<0002> gprs_gmm.c:352 <- GPRS ATTACH ACCEPT (new P-TMSI=0x475b916b)
<0011> gprs_bssgp.c:376 BSSGP TLLI=0x475b916b Rx UPLINK-UNITDATA
<0012> gprs_llc.c:562 LLC SAPI=1 C   FCS=0xbcd739CMD=UI DATA 
<0012> gprs_llc.c:832 tlli je reserved!!!
<0012> gprs_llc.c:256 LLC RX: unknown TLLI 0x475b916b, creating LLME on the fly
<0002> gprs_gmm.c:1030 Cannot handle GMM for unknown MM CTX
<0002> gprs_gmm.c:277 <- GPRS MM STATUS (cause: MS identity cannot be derived by the network)
<0011> gprs_bssgp.c:376 BSSGP TLLI=0x475b916b Rx UPLINK-UNITDATA
<0012> gprs_llc.c:562 LLC SAPI=1 R   FCS=0x42e56dCMD=XID DATA 
<0012> gprs_llc.c:832 tlli je reserved!!!
<0002> gprs_gmm.c:1574 Unknown GSM 04.08 discriminator 0x01
<0002> gprs_gmm.c:352 <- GPRS ATTACH ACCEPT (new P-TMSI=0x475b916b)
<0002> gprs_gmm.c:352 <- GPRS ATTACH ACCEPT (new P-TMSI=0x475b916b)
<0010> gprs_ns.c:523 NSEI=65534 Timer expired in mode tns-test (40 seconds)
<0010> gprs_ns.c:466 NSEI=65534 Tx NS ALIVE (NSVCI=12345)
<0010> gprs_ns.c:505 NSEI=65534 Starting timer in mode tns-alive (10 seconds)
<0010> gprs_ns.c:505 NSEI=65534 Starting timer in mode tns-test (40 seconds)
<0002> gprs_gmm.c:352 <- GPRS ATTACH ACCEPT (new P-TMSI=0x475b916b)
<0002> gprs_gmm.c:352 <- GPRS ATTACH ACCEPT (new P-TMSI=0x475b916b)
<0002> gprs_gmm.c:1104 T3350 expired >= 5 times
<0010> gprs_ns.c:523 NSEI=65534 Timer expired in mode tns-test (40 seconds)
<0010> gprs_ns.c:466 NSEI=65534 Tx NS ALIVE (NSVCI=12345)
<0010> gprs_ns.c:505 NSEI=65534 Starting timer in mode tns-alive (10 seconds)
<0010> gprs_ns.c:505 NSEI=65534 Starting timer in mode tns-test (40 seconds)
<0010> gprs_ns.c:523 NSEI=65534 Timer expired in mode tns-test (40 seconds)
<0010> gprs_ns.c:466 NSEI=65534 Tx NS ALIVE (NSVCI=12345)
<0010> gprs_ns.c:505 NSEI=65534 Starting timer in mode tns-alive (10 seconds)
<0010> gprs_ns.c:505 NSEI=65534 Starting timer in mode tns-test (40 seconds)
<0010> gprs_ns.c:523 NSEI=65534 Timer expired in mode tns-test (40 seconds)
<0010> gprs_ns.c:466 NSEI=65534 Tx NS ALIVE (NSVCI=12345)
<0010> gprs_ns.c:505 NSEI=65534 Starting timer in mode tns-alive (10 seconds)
<0010> gprs_ns.c:505 NSEI=65534 Starting timer in mode tns-test (40 seconds)