Bug #5646
closedSynchronization failures are not handled
100%
Description
Attached is a pcap with four packets (order by time, not no.):
1. (no. 4) Synchronization failure from the eNodeb/UE that includes the AUTS value
1. (no. 1) AIR from the MME to the HSS (osmo-dia2gsup) including the Re-Synchronization-Info
1. (no. 2) SendAuthInfo Request from osmo-dia2gsup to osmo-hlr without either the AUTS or RAND IEs
Here's what osmo-dia2gsup reports for 2. (packet no.1):
Aug 16 15:01:56 sysmonitb osmo-dia2gsup[668]: 15:01:56.234 [info] AIR: {'AIR',"mme.localdomain;1660658436;38;app_s6a",1,"mme.localdomain","localdomain","localdomain", "901700000043352",[153,249,7],[{'Vendor-Specific-Application-Id',10415,[16777251],[]}],[], [{'Requested-EUTRAN-Authentication-Info',[1],[1],[[154,153,78,226,63,248,178,208,169,186,215,18,159,150,252,103,249,220,169,90,223,249,219,26,172,118,171,193,216,221]], []}],[],[],[],[],[]} Aug 16 15:01:56 sysmonitb osmo-dia2gsup[668]: 15:01:56.234 [info] Num EUTRAN=1, UTRAN=false
There is code in server_cb.erl (around line. 191) to include rand and auts if #'Requested-EUTRAN-Authentication-Info'{'Re-Synchronization-Info' = ReSyncInfo}
, but it seems to me that the data in 'Requested-EUTRAN-Authentication-Info' isn't actually decoded.
If I look at the [1],[1],[[154,153,...]]
this seems to match what Wireshark is telling me about the Requested-EUTRAN-Authentication-Info:
Number-Of-Requested-Vectors:1, Immediate-Response-Preferred:1, Re-Synchronization-Info: 0x9a(154), 0x99(153), ...
Files
Related issues
Updated by daniel over 1 year ago
- Related to Feature #2604: GSUP-to-DIAMETER converter / IWF added
Updated by laforge over 1 year ago
If this becomes critical in a specific, closed lab environment without security requirements with sysmoISIM and you cannot fix it right away, you can disable sqn checking on the SIM
Updated by fixeria over 1 year ago
While reading the attached PCAP, I submitted a PR adding missing GSUP IEs:
https://gitlab.com/wireshark/wireshark/-/merge_requests/7819
Updated by fixeria over 1 year ago
- Status changed from In Progress to Feedback
- Assignee changed from fixeria to daniel
daniel please give this [untested] patch a try:
https://gerrit.osmocom.org/c/erlang/osmo_dia2gsup/+/29160 Fix handling of Re-Synchronization-Info AVP in AIR [NEW]
Updated by daniel over 1 year ago
laforge wrote in #note-2:
If this becomes critical in a specific, closed lab environment without security requirements with sysmoISIM and you cannot fix it right away, you can disable sqn checking on the SIM
Thanks, good to know
Updated by daniel over 1 year ago
fixeria wrote in #note-5:
daniel please give this [untested] patch a try:
https://gerrit.osmocom.org/c/erlang/osmo_dia2gsup/+/29160 Fix handling of Re-Synchronization-Info AVP in AIR [NEW]
Will try it out, thanks! I noticed this patch conflicts with an open one from 2020: https://gerrit.osmocom.org/c/erlang/osmo_dia2gsup/+/20021
This seems to do more or less the same thing and already had a +2 - too bad that we didn't merge it back then.
Updated by daniel over 1 year ago
- Status changed from Feedback to Resolved
- % Done changed from 0 to 100
I merged the patch by matt9j now, because the other one didn't quite work.
See https://gerrit.osmocom.org/c/erlang/osmo_dia2gsup/+/20021