This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/OpenBSC@lists.osmocom.org/.
Harald Welte hwelte at sysmocom.deHi Neels, On Wed, Feb 17, 2016 at 02:18:54PM +0100, Neels Hofmeyr wrote: > in osmo-iuh/doc/hnb_cs_lu.msc I find that after the location update > request from the UE, an identity request "should" follow from the CN. it is no 'should at all'. There are some "Common MM Procedures" that can be invoked by MM (on the network side) at any time. This includes, AFAIR: * IDENTITY REQ / RESP * AUTHENTICATION REQ / RESP * MM INFO So the network can at any point in time ask the MS/UE about any of its identities. > Yesterday I made my first pcap using our hNodeB and that weighty black UE > we use for testing, and saw that the MSC indeed sends out an identity > request at that time [1], however, the UE simply never responds to it. OsmoNITB was originally developed as part of security research, and thus we wanted to demonstrate the fact that we can query the IMSI and IMEI of every phone at a very early stage. This is why we always ask for the IMEI, and we ask for the IMSI if we don't already know it (because it was contained in the LU / CM SERV REQ, or because we know the TMSI and can use it to map to the IMSI). If there's no response from the phone, then it's likely something is going wrong somehwere in between. Do you see the request on the RUA interface towards the HNB? What does the HNB logging/tracing tell you about that message? What does a protocol trace on a UE with xgoldmon tell you? > My question: is the hnb_cs_lu.msc declarative and definitely correct, or > could it be that in 3G, UEs in general expect authentication first, as > the "osmo-iuh/pcap/UPP RANAP.pcap" suggests (starting at packet #335). No. There might still be situtaions where the IMSI is not known to the network at LU time, and the network must be able to obtain it via IDENTITY REQUEST before being able to obtain the auth quintuples and perform authentication. What else would you do if you'd get a LU with an unknown TMSI? -- - Harald Welte <hwelte at sysmocom.de> http://www.sysmocom.de/ ======================================================================= * sysmocom - systems for mobile communications GmbH * Alt-Moabit 93 * 10559 Berlin, Germany * Sitz / Registered office: Berlin, HRB 134158 B * Geschaeftsfuehrer / Managing Directors: Holger Freyther, Harald Welte