https://projects.osmocom.org/https://projects.osmocom.org/favicon.ico?16647414092018-05-17T13:57:07ZOpen Source Mobile CommunicationsOsmoSGSN - Bug #2951: OsmoSGSN Accepts two MO L3 Messages with N(U) set to zerohttps://projects.osmocom.org/issues/2951?journal_id=93932018-05-17T13:57:07Zlaforge
<ul><li><strong>Assignee</strong> changed from <i>4368</i> to <i>lynxis</i></li></ul> OsmoSGSN - Bug #2951: OsmoSGSN Accepts two MO L3 Messages with N(U) set to zerohttps://projects.osmocom.org/issues/2951?journal_id=126522018-11-22T11:04:23Zlaforge
<ul><li><strong>Assignee</strong> changed from <i>lynxis</i> to <i>osmith</i></li></ul> OsmoSGSN - Bug #2951: OsmoSGSN Accepts two MO L3 Messages with N(U) set to zerohttps://projects.osmocom.org/issues/2951?journal_id=148422019-06-17T13:02:32Zosmith
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>In Progress</i></li></ul> OsmoSGSN - Bug #2951: OsmoSGSN Accepts two MO L3 Messages with N(U) set to zerohttps://projects.osmocom.org/issues/2951?journal_id=148732019-06-19T09:29:11Zosmith
<ul><li><strong>File</strong> <a href="/attachments/3736">TC_attach_pdp_resp_nu_0.pcapng</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/3736/TC_attach_pdp_resp_nu_0.pcapng">TC_attach_pdp_resp_nu_0.pcapng</a> added</li><li><strong>% Done</strong> changed from <i>0</i> to <i>50</i></li></ul><p>I've created a TTCN3 test case to reproduce and analyze this issue. The first two times, OsmoSGSN drops the message due to invalid N(U), hits a timeout and sends the identity request again:</p>
<pre>
20190619112529961 DLLC <0011> ../../../../src/osmo-sgsn/src/gprs/gprs_llc.c:858 TLLI=f0f864f2 dropping UI, N(U=0) not in window V(URV(UR:1).
20190619112535947 DMM <0002> ../../../src/libosmocore/src/fsm.c:284 GMM_ATTACH_REQ_FSM(gb_gmm_req)[0x562334545b70]{CheckIdentity}: Timeout of T3370
20190619112535947 DMM <0002> ../../../../src/osmo-sgsn/src/gprs/gprs_gmm.c:565 MM(262420000000002/f0f864f2) <- GPRS IDENTITY REQUEST: mi_type=IMEI
</pre>
<p>The third time, it performs <a href="https://git.osmocom.org/osmo-sgsn/tree/src/gprs/gprs_llc.c?id=df9b39142f566937fc191caaaf655f7b1cae8210#n860" class="external">recovery handling</a>:</p>
<pre>
/* HACK: non-standard recovery handling. If remote LLE
* is re-transmitting the same sequence number for
* three times, don't discard the frame but pass it on
* and 'learn' the new sequence number */
</pre>
<p>So this seems to be a feature, not a bug?</p>
<p>WIP test case: <a class="external" href="https://gerrit.osmocom.org/c/osmo-ttcn3-hacks/+/14516">https://gerrit.osmocom.org/c/osmo-ttcn3-hacks/+/14516</a></p>
<p><a class="user active" href="https://projects.osmocom.org/users/7">laforge</a>: how to proceed here, should we instantly reject N(U) = 0 during identity response messages, because it never makes sense?</p>
<p>Do we have more information about how this issue was discovered?</p> OsmoSGSN - Bug #2951: OsmoSGSN Accepts two MO L3 Messages with N(U) set to zerohttps://projects.osmocom.org/issues/2951?journal_id=159222019-09-11T12:24:07Zosmith
<ul><li><strong>Status</strong> changed from <i>In Progress</i> to <i>Feedback</i></li></ul>