/* Test the SGSN */ /* * (C) 2014 by Holger Hans Peter Freyther * (C) 2014 by sysmocom s.f.m.c. GmbH * All Rights Reserved * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . * */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "gprs_gb_parse.h" void *tall_sgsn_ctx; struct sgsn_instance *sgsn; unsigned sgsn_tx_counter = 0; struct msgb *last_msg = NULL; struct gprs_gb_parse_context last_dl_parse_ctx; static void reset_last_msg(void) { if (last_msg) msgb_free(last_msg); last_msg = NULL; memset(&last_dl_parse_ctx, 0, sizeof(last_dl_parse_ctx)); } static void cleanup_test(void) { reset_last_msg(); TALLOC_FREE(sgsn); } static uint32_t get_new_ptmsi(const struct gprs_gb_parse_context *parse_ctx) { uint32_t new_ptmsi = GSM_RESERVED_TMSI; if (parse_ctx->new_ptmsi_enc) gprs_parse_tmsi(parse_ctx->new_ptmsi_enc, &new_ptmsi); return new_ptmsi; } /* override */ int bssgp_tx_dl_ud(struct msgb *msg, uint16_t pdu_lifetime, struct bssgp_dl_ud_par *dup) { int rc; reset_last_msg(); last_msg = msg; OSMO_ASSERT(msgb_data(last_msg) != NULL); rc = gprs_gb_parse_llc(msgb_data(last_msg), msgb_length(last_msg), &last_dl_parse_ctx); fprintf(stderr, "Got DL LLC message: %s\n", gprs_gb_message_name(&last_dl_parse_ctx, "UNKNOWN")); OSMO_ASSERT(rc > 0); sgsn_tx_counter += 1; return 0; } /* override, requires '-Wl,--wrap=osmo_get_rand_id' */ int __real_osmo_get_rand_id(uint8_t *data, size_t len); int mock_osmo_get_rand_id(uint8_t *data, size_t len); int (*osmo_get_rand_id_cb)(uint8_t *, size_t) = &mock_osmo_get_rand_id; int __wrap_osmo_get_rand_id(uint8_t *buf, size_t num) { return (*osmo_get_rand_id_cb)(buf, num); } /* make results of A&C ref predictable */ int mock_osmo_get_rand_id(uint8_t *buf, size_t num) { if (num > 1) return __real_osmo_get_rand_id(buf, num); buf[0] = 0; return 1; } /* override, requires '-Wl,--wrap=sgsn_update_subscriber_data' */ void __real_sgsn_update_subscriber_data(struct sgsn_mm_ctx *); void (*update_subscriber_data_cb)(struct sgsn_mm_ctx *) = &__real_sgsn_update_subscriber_data; void __wrap_sgsn_update_subscriber_data(struct sgsn_mm_ctx *mmctx) { (*update_subscriber_data_cb)(mmctx); } /* override, requires '-Wl,--wrap=gprs_subscr_request_update_location' */ int __real_gprs_subscr_request_update_location(struct sgsn_mm_ctx *mmctx); int (*subscr_request_update_location_cb)(struct sgsn_mm_ctx *mmctx) = &__real_gprs_subscr_request_update_location; int __wrap_gprs_subscr_request_update_location(struct sgsn_mm_ctx *mmctx) { return (*subscr_request_update_location_cb)(mmctx); }; /* override, requires '-Wl,--wrap=gprs_subscr_request_auth_info' */ int __real_gprs_subscr_request_auth_info(struct sgsn_mm_ctx *mmctx, const uint8_t *auts, const uint8_t *auts_rand); int (*subscr_request_auth_info_cb)(struct sgsn_mm_ctx *mmctx, const uint8_t *auts, const uint8_t *auts_rand) = &__real_gprs_subscr_request_auth_info; int __wrap_gprs_subscr_request_auth_info(struct sgsn_mm_ctx *mmctx, const uint8_t *auts, const uint8_t *auts_rand) { return (*subscr_request_auth_info_cb)(mmctx, auts, auts_rand); }; /* override, requires '-Wl,--wrap=gsup_client_send' */ int __real_osmo_gsup_client_send(struct osmo_gsup_client *gsupc, struct msgb *msg); int (*osmo_gsup_client_send_cb)(struct osmo_gsup_client *gsupc, struct msgb *msg) = &__real_osmo_gsup_client_send; int __wrap_osmo_gsup_client_send(struct osmo_gsup_client *gsupc, struct msgb *msg) { return (*osmo_gsup_client_send_cb)(gsupc, msg); }; static int count(struct llist_head *head) { struct llist_head *cur; int count = 0; llist_for_each(cur, head) count += 1; return count; } static struct msgb *create_msg(const uint8_t *data, size_t len) { struct msgb *msg = msgb_alloc(len + 8, "test message"); msg->l1h = msgb_put(msg, 8); msg->l2h = msgb_put(msg, len); memcpy(msg->l2h, data, len); msgb_bcid(msg) = msg->l1h; msgb_gmmh(msg) = msg->l2h; return msg; } /* * Create a context and search for it */ static struct sgsn_mm_ctx *alloc_mm_ctx(uint32_t tlli, struct osmo_routing_area_id *raid) { struct sgsn_mm_ctx *ctx, *ictx; struct gprs_llc_lle *lle; int old_count = count(gprs_llme_list()); lle = gprs_lle_get_or_create(tlli, 3); ctx = sgsn_mm_ctx_alloc_gb(tlli, raid); ctx->gb.llme = lle->llme; ictx = sgsn_mm_ctx_by_tlli(tlli, raid); OSMO_ASSERT(ictx == ctx); OSMO_ASSERT(count(gprs_llme_list()) == old_count + 1); return ctx; } static void send_0408_message(struct gprs_llc_llme *llme, uint32_t tlli, const struct osmo_routing_area_id *bssgp_raid, const uint8_t *data, size_t data_len) { struct msgb *msg; reset_last_msg(); sgsn_tx_counter = 0; msg = create_msg(data, data_len); msgb_tlli(msg) = tlli; bssgp_create_cell_id2(msgb_bcid(msg), 8, bssgp_raid, 0); gsm0408_gprs_rcvmsg_gb(msg, llme, false); msgb_free(msg); } static void test_llme(void) { struct gprs_llc_lle *lle, *lle_copy; uint32_t local_tlli; printf("Testing LLME allocations\n"); local_tlli = gprs_tmsi2tlli(0x234, TLLI_LOCAL); /* initial state */ OSMO_ASSERT(count(gprs_llme_list()) == 0); /* Create a new entry */ lle = gprs_lle_get_or_create(local_tlli, 3); OSMO_ASSERT(lle); OSMO_ASSERT(count(gprs_llme_list()) == 1); /* No new entry is created */ lle_copy = gprs_lle_get_or_create(local_tlli, 3); OSMO_ASSERT(lle == lle_copy); OSMO_ASSERT(count(gprs_llme_list()) == 1); /* unassign which should delete it*/ gprs_llgmm_unassign(lle->llme); /* Check that everything was cleaned up */ OSMO_ASSERT(count(gprs_llme_list()) == 0); cleanup_test(); } struct gprs_subscr *last_updated_subscr = NULL; void my_dummy_sgsn_update_subscriber_data(struct sgsn_mm_ctx *mmctx) { OSMO_ASSERT(mmctx); fprintf(stderr, "Called %s, mmctx = %p, subscr = %p\n", __func__, mmctx, mmctx->subscr); last_updated_subscr = mmctx->subscr; } static void assert_subscr(const struct gprs_subscr *subscr, const char *imsi) { struct gprs_subscr *sfound; OSMO_ASSERT(subscr); OSMO_ASSERT(strcmp(subscr->imsi, imsi) == 0); sfound = gprs_subscr_get_by_imsi(imsi); OSMO_ASSERT(sfound == subscr); gprs_subscr_put(sfound); } static void show_subscrs(FILE *out) { struct gprs_subscr *subscr; llist_for_each_entry(subscr, gprs_subscribers, entry) { fprintf(out, " Subscriber: %s, " "use count: %d\n", subscr->imsi, subscr->use_count); } } static void assert_no_subscrs(void) { show_subscrs(stdout); fflush(stdout); OSMO_ASSERT(llist_empty(gprs_subscribers)); } #define VERBOSE_ASSERT(val, expect_op, fmt) \ do { \ printf(#val " == " fmt "\n", (val)); \ OSMO_ASSERT((val) expect_op); \ } while (0); static void test_subscriber(void) { struct gprs_subscr *s1, *s2, *s3; const char *imsi1 = "1234567890"; const char *imsi2 = "9876543210"; const char *imsi3 = "5656565656"; update_subscriber_data_cb = my_dummy_sgsn_update_subscriber_data; printf("Testing core subscriber data API\n"); /* Check for emptiness */ OSMO_ASSERT(gprs_subscr_get_by_imsi(imsi1) == NULL); OSMO_ASSERT(gprs_subscr_get_by_imsi(imsi2) == NULL); OSMO_ASSERT(gprs_subscr_get_by_imsi(imsi3) == NULL); VERBOSE_ASSERT(llist_count(gprs_subscribers), == 0, "%d"); /* Allocate entry 1 */ s1 = gprs_subscr_get_or_create(imsi1); VERBOSE_ASSERT(llist_count(gprs_subscribers), == 1, "%d"); s1->flags |= GPRS_SUBSCRIBER_FIRST_CONTACT; assert_subscr(s1, imsi1); VERBOSE_ASSERT(llist_count(gprs_subscribers), == 1, "%d"); OSMO_ASSERT(gprs_subscr_get_by_imsi(imsi2) == NULL); /* Allocate entry 2 */ s2 = gprs_subscr_get_or_create(imsi2); VERBOSE_ASSERT(llist_count(gprs_subscribers), == 2, "%d"); s2->flags |= GPRS_SUBSCRIBER_FIRST_CONTACT; /* Allocate entry 3 */ s3 = gprs_subscr_get_or_create(imsi3); VERBOSE_ASSERT(llist_count(gprs_subscribers), == 3, "%d"); /* Check entries */ assert_subscr(s1, imsi1); assert_subscr(s2, imsi2); assert_subscr(s3, imsi3); /* Update entry 1 */ last_updated_subscr = NULL; gprs_subscr_update(s1); OSMO_ASSERT(last_updated_subscr == NULL); OSMO_ASSERT(s1->sgsn_data->mm == NULL); OSMO_ASSERT((s1->flags & GPRS_SUBSCRIBER_FIRST_CONTACT) == 0); /* There is no subscriber cache. Verify it */ gprs_subscr_cleanup(s1); gprs_subscr_put(s1); s1 = NULL; VERBOSE_ASSERT(llist_count(gprs_subscribers), == 2, "%d"); OSMO_ASSERT(gprs_subscr_get_by_imsi(imsi1) == NULL); assert_subscr(s2, imsi2); assert_subscr(s3, imsi3); /* Free entry 2 (GPRS_SUBSCRIBER_FIRST_CONTACT is set) */ gprs_subscr_cleanup(s2); gprs_subscr_put(s2); s2 = NULL; VERBOSE_ASSERT(llist_count(gprs_subscribers), == 1, "%d"); OSMO_ASSERT(gprs_subscr_get_by_imsi(imsi1) == NULL); OSMO_ASSERT(gprs_subscr_get_by_imsi(imsi2) == NULL); assert_subscr(s3, imsi3); /* Try to delete entry 3 */ gprs_subscr_cleanup(s3); gprs_subscr_put(s3); s3 = NULL; VERBOSE_ASSERT(llist_count(gprs_subscribers), == 0, "%d"); OSMO_ASSERT(gprs_subscr_get_by_imsi(imsi3) == NULL); OSMO_ASSERT(llist_empty(gprs_subscribers)); update_subscriber_data_cb = __real_sgsn_update_subscriber_data; cleanup_test(); } static void test_auth_triplets(void) { struct gprs_subscr *s1, *s1found; const char *imsi1 = "1234567890"; struct gsm_auth_tuple *at; struct sgsn_mm_ctx *ctx; struct osmo_routing_area_id raid = { 0, }; uint32_t local_tlli = 0xffeeddcc; printf("Testing authentication triplet handling\n"); sgsn = sgsn_instance_alloc(tall_sgsn_ctx); /* Check for emptiness */ OSMO_ASSERT(gprs_subscr_get_by_imsi(imsi1) == NULL); /* Allocate entry 1 */ s1 = gprs_subscr_get_or_create(imsi1); s1->flags |= GPRS_SUBSCRIBER_FIRST_CONTACT; s1found = gprs_subscr_get_by_imsi(imsi1); OSMO_ASSERT(s1found == s1); gprs_subscr_put(s1found); /* Create a context */ OSMO_ASSERT(count(gprs_llme_list()) == 0); ctx = alloc_mm_ctx(local_tlli, &raid); /* Attach s1 to ctx */ ctx->subscr = gprs_subscr_get(s1); ctx->subscr->sgsn_data->mm = ctx; /* Try to get auth tuple */ at = sgsn_auth_get_tuple(ctx, GSM_KEY_SEQ_INVAL); OSMO_ASSERT(at == NULL); /* Add triplets */ s1->sgsn_data->auth_triplets[0].key_seq = 0; s1->sgsn_data->auth_triplets[1].key_seq = 1; s1->sgsn_data->auth_triplets[2].key_seq = 2; /* Try to get auth tuple */ at = sgsn_auth_get_tuple(ctx, GSM_KEY_SEQ_INVAL); OSMO_ASSERT(at != NULL); OSMO_ASSERT(at->key_seq == 0); OSMO_ASSERT(at->use_count == 1); at = sgsn_auth_get_tuple(ctx, at->key_seq); OSMO_ASSERT(at != NULL); OSMO_ASSERT(at->key_seq == 1); OSMO_ASSERT(at->use_count == 1); at = sgsn_auth_get_tuple(ctx, at->key_seq); OSMO_ASSERT(at != NULL); OSMO_ASSERT(at->key_seq == 2); OSMO_ASSERT(at->use_count == 1); at = sgsn_auth_get_tuple(ctx, at->key_seq); OSMO_ASSERT(at == NULL); /* Free MM context and subscriber */ gprs_subscr_put(s1); sgsn_mm_ctx_cleanup_free(ctx); s1found = gprs_subscr_get_by_imsi(imsi1); OSMO_ASSERT(s1found == NULL); cleanup_test(); } #define TEST_GSUP_IMSI1_IE 0x01, 0x05, 0x21, 0x43, 0x65, 0x87, 0x09 static int rx_gsup_message(const uint8_t *data, size_t data_len) { struct msgb *msg; int rc; msg = msgb_alloc(1024, __func__); msg->l2h = msgb_put(msg, data_len); OSMO_ASSERT(msg->l2h != NULL); memcpy(msg->l2h, data, data_len); rc = gprs_subscr_rx_gsup_message(msg); msgb_free(msg); return rc; } static void test_subscriber_gsup(void) { struct gprs_subscr *s1, *s1found; const char *imsi1 = "1234567890"; struct sgsn_mm_ctx *ctx; struct osmo_routing_area_id raid = { 0, }; uint32_t local_tlli = 0xffeeddcc; struct sgsn_subscriber_pdp_data *pdpd; int rc; static const uint8_t send_auth_info_res[] = { 0x0a, TEST_GSUP_IMSI1_IE, 0x03, 0x22, /* Auth tuple */ 0x20, 0x10, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x21, 0x04, 0x21, 0x22, 0x23, 0x24, 0x22, 0x08, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x03, 0x22, /* Auth tuple */ 0x20, 0x10, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x21, 0x04, 0xa1, 0xa2, 0xa3, 0xa4, 0x22, 0x08, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7, 0xb8, }; static const uint8_t send_auth_info_err[] = { 0x09, TEST_GSUP_IMSI1_IE, 0x02, 0x01, 0x07 /* GPRS not allowed */ }; #define MSISDN 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09 static const uint8_t s1_msisdn[] = { MSISDN }; static const uint8_t update_location_res[] = { 0x06, TEST_GSUP_IMSI1_IE, 0x08, 0x09, MSISDN, 0x04, 0x00, /* PDP info complete */ 0x05, 0x12, 0x10, 0x01, 0x01, 0x11, 0x02, 0xf1, 0x21, /* IPv4 */ 0x12, 0x09, 0x04, 't', 'e', 's', 't', 0x03, 'a', 'p', 'n', 0x05, 0x11, 0x10, 0x01, 0x02, 0x11, 0x02, 0xf1, 0x21, /* IPv4 */ 0x12, 0x08, 0x03, 'f', 'o', 'o', 0x03, 'a', 'p', 'n', }; #undef MSISDN static const uint8_t update_location_err[] = { 0x05, TEST_GSUP_IMSI1_IE, 0x02, 0x01, 0x07 /* GPRS not allowed */ }; static const uint8_t location_cancellation_req[] = { 0x1c, TEST_GSUP_IMSI1_IE, 0x06, 0x01, 0x00, }; static const uint8_t location_cancellation_req_withdraw[] = { 0x1c, TEST_GSUP_IMSI1_IE, 0x06, 0x01, 0x01, }; static const uint8_t location_cancellation_req_other[] = { 0x1c, 0x01, 0x05, 0x11, 0x11, 0x11, 0x11, 0x01, 0x06, 0x01, 0x00, }; static const uint8_t purge_ms_err[] = { 0x0d, TEST_GSUP_IMSI1_IE, 0x02, 0x01, 0x02, /* IMSI unknown in HLR */ }; static const uint8_t purge_ms_err_no_cause[] = { 0x0d, TEST_GSUP_IMSI1_IE, }; static const uint8_t purge_ms_res[] = { 0x0e, TEST_GSUP_IMSI1_IE, 0x07, 0x00, }; static const uint8_t insert_data_req[] = { 0x10, TEST_GSUP_IMSI1_IE, 0x05, 0x11, 0x10, 0x01, 0x03, 0x11, 0x02, 0xf1, 0x21, /* IPv4 */ 0x12, 0x08, 0x03, 'b', 'a', 'r', 0x03, 'a', 'p', 'n', }; static const uint8_t delete_data_req[] = { 0x14, TEST_GSUP_IMSI1_IE, 0x10, 0x01, 0x03, }; printf("Testing subscriber GSUP handling\n"); update_subscriber_data_cb = my_dummy_sgsn_update_subscriber_data; sgsn = sgsn_instance_alloc(tall_sgsn_ctx); /* Check for emptiness */ OSMO_ASSERT(gprs_subscr_get_by_imsi(imsi1) == NULL); /* Allocate entry 1 */ s1 = gprs_subscr_get_or_create(imsi1); s1->flags |= GPRS_SUBSCRIBER_FIRST_CONTACT; s1found = gprs_subscr_get_by_imsi(imsi1); OSMO_ASSERT(s1found == s1); gprs_subscr_put(s1found); /* Create a context */ OSMO_ASSERT(count(gprs_llme_list()) == 0); ctx = alloc_mm_ctx(local_tlli, &raid); /* Attach s1 to ctx */ ctx->subscr = gprs_subscr_get(s1); ctx->subscr->sgsn_data->mm = ctx; /* Inject SendAuthInfoReq GSUP message */ rc = rx_gsup_message(send_auth_info_res, sizeof(send_auth_info_res)); OSMO_ASSERT(rc >= 0); OSMO_ASSERT(last_updated_subscr == s1); /* Check triplets */ OSMO_ASSERT(s1->sgsn_data->auth_triplets[0].key_seq == 0); OSMO_ASSERT(s1->sgsn_data->auth_triplets[1].key_seq == 1); OSMO_ASSERT(s1->sgsn_data->auth_triplets[2].key_seq == GSM_KEY_SEQ_INVAL); /* Inject SendAuthInfoErr GSUP message */ rc = rx_gsup_message(send_auth_info_err, sizeof(send_auth_info_err)); OSMO_ASSERT(rc == -GMM_CAUSE_GPRS_NOTALLOWED); OSMO_ASSERT(last_updated_subscr == s1); OSMO_ASSERT(s1->sgsn_data->error_cause == GMM_CAUSE_GPRS_NOTALLOWED); /* Check triplets */ OSMO_ASSERT(s1->sgsn_data->auth_triplets[0].key_seq == GSM_KEY_SEQ_INVAL); OSMO_ASSERT(s1->sgsn_data->auth_triplets[1].key_seq == GSM_KEY_SEQ_INVAL); OSMO_ASSERT(s1->sgsn_data->auth_triplets[2].key_seq == GSM_KEY_SEQ_INVAL); /* Inject UpdateLocRes GSUP message */ rc = rx_gsup_message(update_location_res, sizeof(update_location_res)); OSMO_ASSERT(rc >= 0); OSMO_ASSERT(last_updated_subscr == s1); OSMO_ASSERT(s1->flags & GPRS_SUBSCRIBER_ENABLE_PURGE); OSMO_ASSERT(s1->sgsn_data->error_cause == SGSN_ERROR_CAUSE_NONE); OSMO_ASSERT(s1->sgsn_data->msisdn_len == sizeof(s1_msisdn)); OSMO_ASSERT(memcmp(s1->sgsn_data->msisdn, s1_msisdn, sizeof(s1_msisdn)) == 0); OSMO_ASSERT(!llist_empty(&s1->sgsn_data->pdp_list)); pdpd = llist_entry(s1->sgsn_data->pdp_list.next, struct sgsn_subscriber_pdp_data, list); OSMO_ASSERT(strcmp(pdpd->apn_str, "test.apn") == 0); pdpd = llist_entry(pdpd->list.next, struct sgsn_subscriber_pdp_data, list); OSMO_ASSERT(strcmp(pdpd->apn_str, "foo.apn") == 0); /* Check authorization */ OSMO_ASSERT(s1->authorized == 1); /* Inject UpdateLocErr GSUP message */ rc = rx_gsup_message(update_location_err, sizeof(update_location_err)); OSMO_ASSERT(rc == -GMM_CAUSE_GPRS_NOTALLOWED); OSMO_ASSERT(last_updated_subscr == s1); OSMO_ASSERT(s1->sgsn_data->error_cause == GMM_CAUSE_GPRS_NOTALLOWED); /* Check authorization */ OSMO_ASSERT(s1->authorized == 0); /* Inject InsertSubscrData GSUP message */ last_updated_subscr = NULL; rc = rx_gsup_message(insert_data_req, sizeof(insert_data_req)); OSMO_ASSERT(rc == -ENOTSUP); /* not connected */ OSMO_ASSERT(last_updated_subscr == s1); /* Inject DeleteSubscrData GSUP message */ last_updated_subscr = NULL; rc = rx_gsup_message(delete_data_req, sizeof(delete_data_req)); if (rc != -GMM_CAUSE_SEM_INCORR_MSG) printf("Unexpected response to DSD: %d\n", rc); OSMO_ASSERT(last_updated_subscr == NULL); /* Inject wrong LocCancelReq GSUP message */ last_updated_subscr = NULL; rc = rx_gsup_message(location_cancellation_req_other, sizeof(location_cancellation_req_other)); OSMO_ASSERT(rc == -GMM_CAUSE_IMSI_UNKNOWN); OSMO_ASSERT(last_updated_subscr == NULL); /* Check cancellation result */ OSMO_ASSERT(!(s1->flags & GPRS_SUBSCRIBER_CANCELLED)); OSMO_ASSERT(s1->sgsn_data->mm != NULL); /* Inject LocCancelReq GSUP message */ rc = rx_gsup_message(location_cancellation_req, sizeof(location_cancellation_req)); OSMO_ASSERT(rc >= 0); OSMO_ASSERT(last_updated_subscr == s1); OSMO_ASSERT(s1->sgsn_data->error_cause == SGSN_ERROR_CAUSE_NONE); /* Check cancellation result */ OSMO_ASSERT(s1->flags & GPRS_SUBSCRIBER_CANCELLED); OSMO_ASSERT(s1->sgsn_data->mm == NULL); /* Inject LocCancelReq(withdraw) GSUP message */ rc = rx_gsup_message(location_cancellation_req_withdraw, sizeof(location_cancellation_req_withdraw)); OSMO_ASSERT(rc >= 0); OSMO_ASSERT(s1->sgsn_data->error_cause == GMM_CAUSE_IMPL_DETACHED); /* Inject PurgeMsRes GSUP message */ rc = rx_gsup_message(purge_ms_res, sizeof(purge_ms_res)); OSMO_ASSERT(rc >= 0); OSMO_ASSERT(!(s1->flags & GPRS_SUBSCRIBER_ENABLE_PURGE)); /* Free MM context and subscriber */ OSMO_ASSERT(ctx->subscr == NULL); sgsn_mm_ctx_cleanup_free(ctx); gprs_subscr_put(s1); s1found = gprs_subscr_get_by_imsi(imsi1); OSMO_ASSERT(s1found == NULL); /* Inject PurgeMsRes GSUP message */ rc = rx_gsup_message(purge_ms_res, sizeof(purge_ms_res)); OSMO_ASSERT(rc >= 0); /* Inject PurgeMsErr(IMSI unknown in HLR) GSUP message */ rc = rx_gsup_message(purge_ms_err, sizeof(purge_ms_err)); OSMO_ASSERT(rc == -GMM_CAUSE_IMSI_UNKNOWN); /* Inject PurgeMsErr() GSUP message */ rc = rx_gsup_message(purge_ms_err_no_cause, sizeof(purge_ms_err_no_cause)); OSMO_ASSERT(rc == -GMM_CAUSE_NET_FAIL); /* Inject InsertSubscrData GSUP message (unknown IMSI) */ last_updated_subscr = NULL; rc = rx_gsup_message(insert_data_req, sizeof(insert_data_req)); OSMO_ASSERT(rc == -GMM_CAUSE_IMSI_UNKNOWN); OSMO_ASSERT(last_updated_subscr == NULL); /* Inject DeleteSubscrData GSUP message (unknown IMSI) */ rc = rx_gsup_message(delete_data_req, sizeof(delete_data_req)); OSMO_ASSERT(rc == -GMM_CAUSE_IMSI_UNKNOWN); OSMO_ASSERT(last_updated_subscr == NULL); /* Inject LocCancelReq GSUP message (unknown IMSI) */ rc = rx_gsup_message(location_cancellation_req, sizeof(location_cancellation_req)); OSMO_ASSERT(rc == -GMM_CAUSE_IMSI_UNKNOWN); OSMO_ASSERT(last_updated_subscr == NULL); update_subscriber_data_cb = __real_sgsn_update_subscriber_data; cleanup_test(); } int my_gsup_client_send_dummy(struct osmo_gsup_client *gsupc, struct msgb *msg) { msgb_free(msg); return 0; }; /* * Test that a GMM Detach will remove the MMCTX and the * associated LLME. */ static void test_gmm_detach(void) { struct osmo_routing_area_id raid = { 0, }; struct sgsn_mm_ctx *ctx, *ictx; uint32_t local_tlli; printf("Testing GMM detach\n"); sgsn = sgsn_instance_alloc(tall_sgsn_ctx); /* DTAP - Detach Request (MO) */ /* normal detach, power_off = 0 */ static const unsigned char detach_req[] = { 0x08, 0x05, 0x01, 0x18, 0x05, 0xf4, 0xef, 0xe2, 0xb7, 0x00, 0x19, 0x03, 0xb9, 0x97, 0xcb }; local_tlli = gprs_tmsi2tlli(0x23, TLLI_LOCAL); /* Create a context */ OSMO_ASSERT(count(gprs_llme_list()) == 0); ctx = alloc_mm_ctx(local_tlli, &raid); /* inject the detach */ send_0408_message(ctx->gb.llme, local_tlli, &raid, detach_req, ARRAY_SIZE(detach_req)); /* verify that a single message (hopefully the Detach Accept) has been * sent by the SGSN */ OSMO_ASSERT(sgsn_tx_counter == 1); /* verify that things are gone */ OSMO_ASSERT(count(gprs_llme_list()) == 0); ictx = sgsn_mm_ctx_by_tlli(local_tlli, &raid); OSMO_ASSERT(!ictx); cleanup_test(); } /* * Test that a GMM Detach will remove the MMCTX and the associated LLME but * will not sent a Detach Accept message (power_off = 1) */ static void test_gmm_detach_power_off(void) { struct osmo_routing_area_id raid = { 0, }; struct sgsn_mm_ctx *ctx, *ictx; uint32_t local_tlli; printf("Testing GMM detach (power off)\n"); sgsn = sgsn_instance_alloc(tall_sgsn_ctx); /* DTAP - Detach Request (MO) */ /* normal detach, power_off = 1 */ static const unsigned char detach_req[] = { 0x08, 0x05, 0x09, 0x18, 0x05, 0xf4, 0xef, 0xe2, 0xb7, 0x00, 0x19, 0x03, 0xb9, 0x97, 0xcb }; local_tlli = gprs_tmsi2tlli(0x23, TLLI_LOCAL); /* Create a context */ OSMO_ASSERT(count(gprs_llme_list()) == 0); ctx = alloc_mm_ctx(local_tlli, &raid); /* inject the detach */ send_0408_message(ctx->gb.llme, local_tlli, &raid, detach_req, ARRAY_SIZE(detach_req)); /* verify that no message (and therefore no Detach Accept) has been * sent by the SGSN */ OSMO_ASSERT(sgsn_tx_counter == 0); /* verify that things are gone */ OSMO_ASSERT(count(gprs_llme_list()) == 0); ictx = sgsn_mm_ctx_by_tlli(local_tlli, &raid); OSMO_ASSERT(!ictx); cleanup_test(); } /* * Test that a GMM Detach will remove the associated LLME if there is no MMCTX. */ static void test_gmm_detach_no_mmctx(void) { struct osmo_routing_area_id raid = { 0, }; struct gprs_llc_lle *lle; uint32_t local_tlli; printf("Testing GMM detach (no MMCTX)\n"); sgsn = sgsn_instance_alloc(tall_sgsn_ctx); /* DTAP - Detach Request (MO) */ /* normal detach, power_off = 0 */ static const unsigned char detach_req[] = { 0x08, 0x05, 0x01, 0x18, 0x05, 0xf4, 0xef, 0xe2, 0xb7, 0x00, 0x19, 0x03, 0xb9, 0x97, 0xcb }; /* Create an LLME */ OSMO_ASSERT(count(gprs_llme_list()) == 0); local_tlli = gprs_tmsi2tlli(0x23, TLLI_LOCAL); lle = gprs_lle_get_or_create(local_tlli, 3); OSMO_ASSERT(count(gprs_llme_list()) == 1); /* inject the detach */ send_0408_message(lle->llme, local_tlli, &raid, detach_req, ARRAY_SIZE(detach_req)); /* verify that the LLME is gone */ OSMO_ASSERT(count(gprs_llme_list()) == 0); cleanup_test(); } /* * Test that a single GMM Detach Accept message will not cause the SGSN to send * any message or leave an MM context at the SGSN. */ static void test_gmm_detach_accept_unexpected(void) { struct osmo_routing_area_id raid = { 0, }; struct gprs_llc_lle *lle; uint32_t local_tlli; printf("Testing GMM detach accept (unexpected)\n"); sgsn = sgsn_instance_alloc(tall_sgsn_ctx); /* DTAP - Detach Accept (MT) */ /* normal detach */ static const unsigned char detach_acc[] = { 0x08, 0x06 }; /* Create an LLME */ OSMO_ASSERT(count(gprs_llme_list()) == 0); local_tlli = gprs_tmsi2tlli(0x23, TLLI_LOCAL); lle = gprs_lle_get_or_create(local_tlli, 3); /* inject the detach */ send_0408_message(lle->llme, local_tlli, &raid, detach_acc, ARRAY_SIZE(detach_acc)); /* verify that no message (and therefore no Status or XID reset) has been * sent by the SGSN */ OSMO_ASSERT(sgsn_tx_counter == 0); /* verify that things are gone */ OSMO_ASSERT(count(gprs_llme_list()) == 0); cleanup_test(); } /* * Test that a GMM Status will remove the associated LLME if there is no MMCTX. */ static void test_gmm_status_no_mmctx(void) { struct osmo_routing_area_id raid = { 0, }; struct gprs_llc_lle *lle; uint32_t local_tlli; printf("Testing GMM Status (no MMCTX)\n"); sgsn = sgsn_instance_alloc(tall_sgsn_ctx); /* DTAP - GMM Status, protocol error */ static const unsigned char gmm_status[] = { 0x08, 0x20, 0x6f }; /* Create an LLME */ OSMO_ASSERT(count(gprs_llme_list()) == 0); local_tlli = gprs_tmsi2tlli(0x23, TLLI_LOCAL); lle = gprs_lle_get_or_create(local_tlli, 3); OSMO_ASSERT(count(gprs_llme_list()) == 1); /* inject the detach */ send_0408_message(lle->llme, local_tlli, &raid, gmm_status, ARRAY_SIZE(gmm_status)); /* verify that no message has been sent by the SGSN */ OSMO_ASSERT(sgsn_tx_counter == 0); /* verify that the LLME is gone */ OSMO_ASSERT(count(gprs_llme_list()) == 0); cleanup_test(); } int my_subscr_request_update_location(struct sgsn_mm_ctx *mmctx) { int rc; rc = __real_gprs_subscr_request_update_location(mmctx); if (rc == -ENOTSUP) { OSMO_ASSERT(mmctx->subscr); gprs_subscr_update(mmctx->subscr); } return rc; } int my_subscr_request_auth_info(struct sgsn_mm_ctx *mmctx, const uint8_t *auts, const uint8_t *auts_rand) { gprs_subscr_update(mmctx->subscr); return 0; } int my_subscr_request_auth_info_fake_auth(struct sgsn_mm_ctx *mmctx, const uint8_t *auts, const uint8_t *auts_rand) { /* Fake an authentication */ OSMO_ASSERT(mmctx->subscr); mmctx->sec_ctx = OSMO_AUTH_TYPE_GSM; gprs_subscr_update_auth_info(mmctx->subscr); return 0; } int my_subscr_request_auth_info_real_auth(struct sgsn_mm_ctx *mmctx, const uint8_t *auts, const uint8_t *auts_rand) { struct gsm_auth_tuple at = { .vec.sres = {0x51, 0xe5, 0x51, 0xe5}, .vec.auth_types = OSMO_AUTH_TYPE_GSM, .key_seq = 0 }; /* Fake an authentication */ OSMO_ASSERT(mmctx->subscr); mmctx->subscr->sgsn_data->auth_triplets[0] = at; gprs_subscr_update_auth_info(mmctx->subscr); return 0; } #define TEST_GSUP_IMSI_LONG_IE 0x01, 0x08, \ 0x21, 0x43, 0x65, 0x87, 0x09, 0x21, 0x43, 0xf5 static int auth_info_skip = 0; static int upd_loc_skip = 0; int my_subscr_request_auth_info_gsup_auth(struct sgsn_mm_ctx *mmctx, const uint8_t *auts, const uint8_t *auts_rand) { static const uint8_t send_auth_info_res[] = { 0x0a, TEST_GSUP_IMSI_LONG_IE, 0x03, 0x22, /* Auth tuple */ 0x20, 0x10, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x21, 0x04, 0x51, 0xe5, 0x51, 0xe5, 0x22, 0x08, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, }; OSMO_ASSERT(!mmctx || mmctx->subscr); if (auth_info_skip > 0) { auth_info_skip -= 1; return -EAGAIN; } /* Fake an SendAuthInfoRes */ rx_gsup_message(send_auth_info_res, sizeof(send_auth_info_res)); return 0; }; int my_subscr_request_update_gsup_auth(struct sgsn_mm_ctx *mmctx) { static const uint8_t update_location_res[] = { 0x06, TEST_GSUP_IMSI_LONG_IE, 0x04, 0x00, /* PDP info complete */ 0x05, 0x12, 0x10, 0x01, 0x01, 0x11, 0x02, 0xf1, 0x21, /* IPv4 */ 0x12, 0x09, 0x04, 't', 'e', 's', 't', 0x03, 'a', 'p', 'n', 0x08, 0x07, /* MSISDN 49166213323 encoded */ 0x91, 0x94, 0x61, 0x26, 0x31, 0x23, 0xF3, 0x09, 0x07, /* MSISDN 38166213323 encoded */ 0x91, 0x83, 0x61, 0x26, 0x31, 0x23, 0xF3, }; OSMO_ASSERT(!mmctx || mmctx->subscr); if (upd_loc_skip > 0) { upd_loc_skip -= 1; return -EAGAIN; } /* Fake an UpdateLocRes */ return rx_gsup_message(update_location_res, sizeof(update_location_res)); }; int my_gsup_client_send(struct osmo_gsup_client *gsupc, struct msgb *msg) { struct osmo_gsup_message to_peer = {0}; struct osmo_gsup_message from_peer = {0}; struct msgb *reply_msg; int rc; /* Simulate the GSUP peer */ rc = osmo_gsup_decode(msgb_data(msg), msgb_length(msg), &to_peer); OSMO_ASSERT(rc >= 0); OSMO_ASSERT(to_peer.imsi[0] != 0); osmo_strlcpy(from_peer.imsi, to_peer.imsi, sizeof(from_peer.imsi)); /* This invalidates the pointers in to_peer */ msgb_free(msg); switch (to_peer.message_type) { case OSMO_GSUP_MSGT_UPDATE_LOCATION_REQUEST: /* Send UPDATE_LOCATION_RESULT */ return my_subscr_request_update_gsup_auth(NULL); case OSMO_GSUP_MSGT_SEND_AUTH_INFO_REQUEST: /* Send SEND_AUTH_INFO_RESULT */ return my_subscr_request_auth_info_gsup_auth(NULL, NULL, NULL); case OSMO_GSUP_MSGT_PURGE_MS_REQUEST: from_peer.message_type = OSMO_GSUP_MSGT_PURGE_MS_RESULT; break; default: if ((to_peer.message_type & 0b00000011) == 0) { /* Unhandled request */ /* Send error(NOT_IMPL) */ from_peer.message_type = to_peer.message_type + 1; from_peer.cause = GMM_CAUSE_MSGT_NOTEXIST_NOTIMPL; break; } /* Ignore it */ return 0; } reply_msg = osmo_gsup_client_msgb_alloc(); reply_msg->l2h = reply_msg->data; osmo_gsup_encode(reply_msg, &from_peer); gprs_subscr_rx_gsup_message(reply_msg); msgb_free(reply_msg); return 0; }; /* * Test the GMM Rejects */ static void test_gmm_reject(void) { struct osmo_routing_area_id raid = { 0, }; struct sgsn_mm_ctx *ctx = NULL; uint32_t foreign_tlli; struct gprs_llc_lle *lle; int idx; /* DTAP - Attach Request */ /* Invalid MI length */ static const unsigned char attach_req_inv_mi_len[] = { 0x08, 0x01, 0x02, 0xf5, 0xe0, 0x21, 0x08, 0x02, 0x09, 0xf4, 0xfb, 0xc5, 0x46, 0x79, 0xff, 0xff, 0xff, 0xff, 0x11, 0x22, 0x33, 0x40, 0x50, 0x60, 0x19, 0x18, 0xb3, 0x43, 0x2b, 0x25, 0x96, 0x62, 0x00, 0x60, 0x80, 0x9a, 0xc2, 0xc6, 0x62, 0x00, 0x60, 0x80, 0xba, 0xc8, 0xc6, 0x62, 0x00, 0x60, 0x80, 0x00 }; /* DTAP - Attach Request */ /* Invalid MI type (IMEI) */ static const unsigned char attach_req_inv_mi_type[] = { 0x08, 0x01, 0x02, 0xf5, 0xe0, 0x21, 0x08, 0x02, 0x05, 0xf2, 0xfb, 0xc5, 0x46, 0x79, 0x11, 0x22, 0x33, 0x40, 0x50, 0x60, 0x19, 0x18, 0xb3, 0x43, 0x2b, 0x25, 0x96, 0x62, 0x00, 0x60, 0x80, 0x9a, 0xc2, 0xc6, 0x62, 0x00, 0x60, 0x80, 0xba, 0xc8, 0xc6, 0x62, 0x00, 0x60, 0x80, 0x00 }; /* DTAP - Routing Area Update Request */ static const unsigned char dtap_ra_upd_req[] = { 0x08, 0x08, 0x10, 0x11, 0x22, 0x33, 0x40, 0x50, 0x60, 0x1d, 0x19, 0x13, 0x42, 0x33, 0x57, 0x2b, 0xf7, 0xc8, 0x48, 0x02, 0x13, 0x48, 0x50, 0xc8, 0x48, 0x02, 0x14, 0x48, 0x50, 0xc8, 0x48, 0x02, 0x17, 0x49, 0x10, 0xc8, 0x48, 0x02, 0x00, 0x19, 0x8b, 0xb2, 0x92, 0x17, 0x16, 0x27, 0x07, 0x04, 0x31, 0x02, 0xe5, 0xe0, 0x32, 0x02, 0x20, 0x00 }; /* DTAP - Routing Area Update Request */ /* Invalid type: GPRS_UPD_T_RA_LA_IMSI_ATT */ static const unsigned char dtap_ra_upd_req_inv_type[] = { 0x08, 0x08, 0x12, 0x11, 0x22, 0x33, 0x40, 0x50, 0x60, 0x1d, 0x19, 0x13, 0x42, 0x33, 0x57, 0x2b, 0xf7, 0xc8, 0x48, 0x02, 0x13, 0x48, 0x50, 0xc8, 0x48, 0x02, 0x14, 0x48, 0x50, 0xc8, 0x48, 0x02, 0x17, 0x49, 0x10, 0xc8, 0x48, 0x02, 0x00, 0x19, 0x8b, 0xb2, 0x92, 0x17, 0x16, 0x27, 0x07, 0x04, 0x31, 0x02, 0xe5, 0xe0, 0x32, 0x02, 0x20, 0x00 }; /* DTAP - Routing Area Update Request */ /* Invalid cap length */ static const unsigned char dtap_ra_upd_req_inv_cap_len[] = { 0x08, 0x08, 0x10, 0x11, 0x22, 0x33, 0x40, 0x50, 0x60, 0x3d, 0x19, 0x13, 0x42, 0x33, 0x57, 0x2b, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xf7, 0xc8, 0x48, 0x02, 0x13, 0x48, 0x50, 0xc8, 0x48, 0x02, 0x14, 0x48, 0x50, 0xc8, 0x48, 0x02, 0x17, 0x49, 0x10, 0xc8, 0x48, 0x02, 0x00, 0x19, 0x8b, 0xb2, 0x92, 0x17, 0x16, 0x27, 0x07, 0x04, 0x31, 0x02, 0xe5, 0xe0, 0x32, 0x02, 0x20, 0x00 }; struct test { const char *title; const unsigned char *msg; unsigned msg_len; unsigned num_resp; }; static struct test tests[] = { { .title = "Attach Request (invalid MI length)", .msg = attach_req_inv_mi_len, .msg_len = sizeof(attach_req_inv_mi_len), .num_resp = 1 /* Reject */ }, { .title = "Attach Request (invalid MI type)", .msg = attach_req_inv_mi_type, .msg_len = sizeof(attach_req_inv_mi_type), .num_resp = 1 /* Reject */ }, { .title = "Routing Area Update Request (valid)", .msg = dtap_ra_upd_req, .msg_len = sizeof(dtap_ra_upd_req), .num_resp = 2 /* XID Reset + Reject */ }, { .title = "Routing Area Update Request (invalid type)", .msg = dtap_ra_upd_req_inv_type, .msg_len = sizeof(dtap_ra_upd_req_inv_type), .num_resp = 1 /* Reject */ }, { .title = "Routing Area Update Request (invalid CAP length)", .msg = dtap_ra_upd_req_inv_cap_len, .msg_len = sizeof(dtap_ra_upd_req_inv_cap_len), .num_resp = 1 /* Reject */ }, }; printf("Testing GMM reject\n"); sgsn = sgsn_instance_alloc(tall_sgsn_ctx); /* reset the PRNG used by sgsn_alloc_ptmsi */ srand(1); foreign_tlli = gprs_tmsi2tlli(0xc0000023, TLLI_FOREIGN); OSMO_ASSERT(count(gprs_llme_list()) == 0); for (idx = 0; idx < ARRAY_SIZE(tests); idx++) { const struct test *test = &tests[idx]; printf(" - %s\n", test->title); /* Create a LLE/LLME */ lle = gprs_lle_get_or_create(foreign_tlli, 3); OSMO_ASSERT(count(gprs_llme_list()) == 1); /* Inject the Request message */ send_0408_message(lle->llme, foreign_tlli, &raid, test->msg, test->msg_len); /* We expect a Reject message */ fprintf(stderr, "sgsn_tx_counter = %d (expected %d)\n", sgsn_tx_counter, test->num_resp); OSMO_ASSERT(sgsn_tx_counter == test->num_resp); /* verify that LLME/MM are removed */ ctx = sgsn_mm_ctx_by_tlli(foreign_tlli, &raid); OSMO_ASSERT(ctx == NULL); OSMO_ASSERT(count(gprs_llme_list()) == 0); } cleanup_test(); } /* * Test cancellation of attached MM contexts */ static void test_gmm_cancel(void) { struct osmo_routing_area_id raid = { 0, }; struct sgsn_mm_ctx *ctx = NULL; struct sgsn_mm_ctx *ictx; uint32_t ptmsi1; uint32_t foreign_tlli; uint32_t local_tlli = 0; struct gprs_llc_lle *lle; sgsn = sgsn_instance_alloc(tall_sgsn_ctx); sgsn->cfg.gea_encryption_mask = 0x1; const enum sgsn_auth_policy saved_auth_policy = sgsn->cfg.auth_policy; /* DTAP - Attach Request */ /* The P-TMSI is not known by the SGSN */ static const unsigned char attach_req[] = { 0x08, 0x01, 0x02, 0xf5, 0xe0, 0x21, 0x08, 0x02, 0x05, 0xf4, 0xfb, 0xc5, 0x46, 0x79, 0x11, 0x22, 0x33, 0x40, 0x50, 0x60, 0x19, 0x18, 0xb3, 0x43, 0x2b, 0x25, 0x96, 0x62, 0x00, 0x60, 0x80, 0x9a, 0xc2, 0xc6, 0x62, 0x00, 0x60, 0x80, 0xba, 0xc8, 0xc6, 0x62, 0x00, 0x60, 0x80, 0x00 }; /* DTAP - Identity Response IMEI */ static const unsigned char ident_resp_imei[] = { 0x08, 0x16, 0x08, 0x9a, 0x78, 0x56, 0x34, 0x12, 0x90, 0x78, 0x56 }; /* DTAP - Identity Response IMSI */ static const unsigned char ident_resp_imsi[] = { 0x08, 0x16, 0x08, 0x19, 0x32, 0x54, 0x76, 0x98, 0x10, 0x32, 0x54 }; /* DTAP - Attach Complete */ static const unsigned char attach_compl[] = { 0x08, 0x03 }; printf("Testing cancellation\n"); sgsn->cfg.auth_policy = SGSN_AUTH_POLICY_OPEN; foreign_tlli = gprs_tmsi2tlli(0xc0000023, TLLI_FOREIGN); /* Create a LLE/LLME */ OSMO_ASSERT(count(gprs_llme_list()) == 0); lle = gprs_lle_get_or_create(foreign_tlli, 3); OSMO_ASSERT(count(gprs_llme_list()) == 1); /* inject the attach request */ send_0408_message(lle->llme, foreign_tlli, &raid, attach_req, ARRAY_SIZE(attach_req)); ctx = sgsn_mm_ctx_by_tlli(foreign_tlli, &raid); OSMO_ASSERT(ctx != NULL); OSMO_ASSERT(ctx->gmm_fsm->state == ST_GMM_COMMON_PROC_INIT); /* we expect an identity request (IMEI) */ OSMO_ASSERT(sgsn_tx_counter == 1); /* inject the identity response (IMEI) */ send_0408_message(ctx->gb.llme, foreign_tlli, &raid, ident_resp_imei, ARRAY_SIZE(ident_resp_imei)); /* we expect an identity request (IMSI) */ OSMO_ASSERT(sgsn_tx_counter == 1); /* inject the identity response (IMSI) */ send_0408_message(ctx->gb.llme, foreign_tlli, &raid, ident_resp_imsi, ARRAY_SIZE(ident_resp_imsi)); /* check that the MM context has not been removed due to a failed * authorization */ OSMO_ASSERT(ctx == sgsn_mm_ctx_by_tlli(foreign_tlli, &raid)); OSMO_ASSERT(ctx->gmm_fsm->state == ST_GMM_COMMON_PROC_INIT); /* we expect an attach accept/reject */ OSMO_ASSERT(sgsn_tx_counter == 1); ptmsi1 = get_new_ptmsi(&last_dl_parse_ctx); OSMO_ASSERT(ptmsi1 != GSM_RESERVED_TMSI); /* this has been randomly assigned by the SGSN */ local_tlli = gprs_tmsi2tlli(ptmsi1, TLLI_LOCAL); /* inject the attach complete */ send_0408_message(ctx->gb.llme, foreign_tlli, &raid, attach_compl, ARRAY_SIZE(attach_compl)); OSMO_ASSERT(ctx->gmm_fsm->state == ST_GMM_REGISTERED_NORMAL); /* we don't expect a response */ OSMO_ASSERT(sgsn_tx_counter == 0); /* cancel */ gsm0408_gprs_access_cancelled(ctx, 0); /* verify that things are gone */ OSMO_ASSERT(count(gprs_llme_list()) == 0); ictx = sgsn_mm_ctx_by_tlli(local_tlli, &raid); OSMO_ASSERT(!ictx); sgsn->cfg.auth_policy = saved_auth_policy; cleanup_test(); } static void test_apn_matching(void) { struct apn_ctx *actx, *actxs[9]; printf("Testing APN matching\n"); sgsn = sgsn_instance_alloc(tall_sgsn_ctx); actxs[0] = sgsn_apn_ctx_find_alloc("*.test", ""); actxs[1] = sgsn_apn_ctx_find_alloc("*.def.test", ""); actxs[2] = sgsn_apn_ctx_find_alloc("abc.def.test", ""); actxs[3] = NULL; actxs[4] = sgsn_apn_ctx_find_alloc("abc.def.test", "456"); actxs[5] = sgsn_apn_ctx_find_alloc("abc.def.test", "456123"); actxs[6] = sgsn_apn_ctx_find_alloc("*.def.test", "456"); actxs[7] = sgsn_apn_ctx_find_alloc("*.def.test", "456123"); actxs[8] = sgsn_apn_ctx_find_alloc("ghi.def.test", "456"); actx = sgsn_apn_ctx_match("abc.def.test", "12345678"); OSMO_ASSERT(actx == actxs[2]); actx = sgsn_apn_ctx_match("aBc.dEf.test", "12345678"); OSMO_ASSERT(actx == actxs[2]); actx = sgsn_apn_ctx_match("xyz.def.test", "12345678"); OSMO_ASSERT(actx == actxs[1]); actx = sgsn_apn_ctx_match("xyz.dEf.test", "12345678"); OSMO_ASSERT(actx == actxs[1]); actx = sgsn_apn_ctx_match("xyz.uvw.test", "12345678"); OSMO_ASSERT(actx == actxs[0]); actx = sgsn_apn_ctx_match("xyz.uvw.foo", "12345678"); OSMO_ASSERT(actx == NULL); actxs[3] = sgsn_apn_ctx_find_alloc("*", ""); actx = sgsn_apn_ctx_match("xyz.uvw.foo", "12345678"); OSMO_ASSERT(actx == actxs[3]); actx = sgsn_apn_ctx_match("abc.def.test", "45699900"); OSMO_ASSERT(actx == actxs[4]); actx = sgsn_apn_ctx_match("xyz.def.test", "45699900"); OSMO_ASSERT(actx == actxs[6]); actx = sgsn_apn_ctx_match("abc.def.test", "45612300"); OSMO_ASSERT(actx == actxs[5]); actx = sgsn_apn_ctx_match("xyz.def.test", "45612300"); OSMO_ASSERT(actx == actxs[7]); actx = sgsn_apn_ctx_match("ghi.def.test", "45699900"); OSMO_ASSERT(actx == actxs[8]); actx = sgsn_apn_ctx_match("ghi.def.test", "45612300"); OSMO_ASSERT(actx == actxs[7]); /* Free APN contexts and check how the matching changes */ sgsn_apn_ctx_free(actxs[7]); actx = sgsn_apn_ctx_match("ghi.def.test", "45612300"); OSMO_ASSERT(actx == actxs[8]); sgsn_apn_ctx_free(actxs[8]); actx = sgsn_apn_ctx_match("ghi.def.test", "45612300"); OSMO_ASSERT(actx == actxs[6]); sgsn_apn_ctx_free(actxs[6]); actx = sgsn_apn_ctx_match("ghi.def.test", "45612300"); OSMO_ASSERT(actx == actxs[1]); sgsn_apn_ctx_free(actxs[5]); actx = sgsn_apn_ctx_match("abc.def.test", "45612300"); OSMO_ASSERT(actx == actxs[4]); sgsn_apn_ctx_free(actxs[4]); actx = sgsn_apn_ctx_match("abc.def.test", "45612300"); OSMO_ASSERT(actx == actxs[2]); sgsn_apn_ctx_free(actxs[2]); actx = sgsn_apn_ctx_match("abc.def.test", "12345678"); OSMO_ASSERT(actx == actxs[1]); sgsn_apn_ctx_free(actxs[1]); actx = sgsn_apn_ctx_match("abc.def.test", "12345678"); OSMO_ASSERT(actx == actxs[0]); sgsn_apn_ctx_free(actxs[0]); actx = sgsn_apn_ctx_match("abc.def.test", "12345678"); OSMO_ASSERT(actx == actxs[3]); sgsn_apn_ctx_free(actxs[3]); actx = sgsn_apn_ctx_match("abc.def.test", "12345678"); OSMO_ASSERT(actx == NULL); cleanup_test(); } static void test_ggsn_selection(void) { struct apn_ctx *actxs[4]; struct sgsn_ggsn_ctx *ggc, *ggcs[3]; struct gprs_subscr *s1; const char *imsi1 = "1234567890"; struct sgsn_mm_ctx *ctx; struct osmo_routing_area_id raid = { 0, }; uint32_t local_tlli = 0xffeeddcc; enum gsm48_gsm_cause gsm_cause; struct tlv_parsed tp; uint8_t apn_enc[GSM_APN_LENGTH + 10]; struct sgsn_subscriber_pdp_data *pdp_data; char apn_str[GSM_APN_LENGTH]; printf("Testing GGSN selection\n"); osmo_gsup_client_send_cb = my_gsup_client_send_dummy; sgsn = sgsn_instance_alloc(tall_sgsn_ctx); /* Check for emptiness */ OSMO_ASSERT(gprs_subscr_get_by_imsi(imsi1) == NULL); /* Create a context */ OSMO_ASSERT(count(gprs_llme_list()) == 0); ctx = alloc_mm_ctx(local_tlli, &raid); osmo_strlcpy(ctx->imsi, imsi1, sizeof(ctx->imsi)); /* Allocate and attach a subscriber */ s1 = gprs_subscr_get_or_create_by_mmctx(ctx); assert_subscr(s1, imsi1); tp.lv[GSM48_IE_GSM_APN].len = 0; tp.lv[GSM48_IE_GSM_APN].val = apn_enc; /* TODO: Add PDP info entries to s1 */ ggcs[0] = sgsn_ggsn_ctx_find_alloc(sgsn, 0); ggcs[1] = sgsn_ggsn_ctx_find_alloc(sgsn, 1); ggcs[2] = sgsn_ggsn_ctx_find_alloc(sgsn, 2); actxs[0] = sgsn_apn_ctx_find_alloc("test.apn", "123456"); actxs[0]->ggsn = ggcs[0]; actxs[1] = sgsn_apn_ctx_find_alloc("*.apn", "123456"); actxs[1]->ggsn = ggcs[1]; actxs[2] = sgsn_apn_ctx_find_alloc("*", "456789"); actxs[2]->ggsn = ggcs[2]; pdp_data = sgsn_subscriber_pdp_data_alloc(s1->sgsn_data); pdp_data->context_id = 1; pdp_data->pdp_type_org = PDP_TYPE_ORG_IETF; pdp_data->pdp_type_nr = PDP_TYPE_N_IETF_IPv4; osmo_strlcpy(pdp_data->apn_str, "*", sizeof(pdp_data->apn_str)); /* Resolve GGSNs */ tp.lv[GSM48_IE_GSM_APN].len = osmo_apn_from_str(apn_enc, sizeof(apn_enc), "Test.Apn"); ggc = sgsn_mm_ctx_find_ggsn_ctx(ctx, &tp, &gsm_cause, apn_str); OSMO_ASSERT(ggc != NULL); OSMO_ASSERT(ggc->id == 0); OSMO_ASSERT(strcmp(apn_str, "Test.Apn") == 0); tp.lv[GSM48_IE_GSM_APN].len = osmo_apn_from_str(apn_enc, sizeof(apn_enc), "Other.Apn"); ggc = sgsn_mm_ctx_find_ggsn_ctx(ctx, &tp, &gsm_cause, apn_str); OSMO_ASSERT(ggc != NULL); OSMO_ASSERT(ggc->id == 1); OSMO_ASSERT(strcmp(apn_str, "Other.Apn") == 0); tp.lv[GSM48_IE_GSM_APN].len = 0; tp.lv[GSM48_IE_GSM_APN].val = NULL; ggc = sgsn_mm_ctx_find_ggsn_ctx(ctx, &tp, &gsm_cause, apn_str); OSMO_ASSERT(ggc != NULL); OSMO_ASSERT(ggc->id == 0); OSMO_ASSERT(strcmp(apn_str, "") == 0); actxs[3] = sgsn_apn_ctx_find_alloc("*", "123456"); actxs[3]->ggsn = ggcs[2]; ggc = sgsn_mm_ctx_find_ggsn_ctx(ctx, &tp, &gsm_cause, apn_str); OSMO_ASSERT(ggc != NULL); OSMO_ASSERT(ggc->id == 2); OSMO_ASSERT(strcmp(apn_str, "") == 0); sgsn_apn_ctx_free(actxs[3]); tp.lv[GSM48_IE_GSM_APN].val = apn_enc; tp.lv[GSM48_IE_GSM_APN].len = osmo_apn_from_str(apn_enc, sizeof(apn_enc), "Foo.Bar"); ggc = sgsn_mm_ctx_find_ggsn_ctx(ctx, &tp, &gsm_cause, apn_str); OSMO_ASSERT(ggc == NULL); OSMO_ASSERT(gsm_cause == GSM_CAUSE_MISSING_APN); OSMO_ASSERT(strcmp(apn_str, "Foo.Bar") == 0); tp.lv[GSM48_IE_GSM_APN].len = sizeof(apn_enc); ggc = sgsn_mm_ctx_find_ggsn_ctx(ctx, &tp, &gsm_cause, apn_str); OSMO_ASSERT(ggc == NULL); OSMO_ASSERT(gsm_cause == GSM_CAUSE_INV_MAND_INFO); /* Add PDP data entry to subscriber */ osmo_strlcpy(pdp_data->apn_str, "Test.Apn", sizeof(pdp_data->apn_str)); tp.lv[GSM48_IE_GSM_APN].len = osmo_apn_from_str(apn_enc, sizeof(apn_enc), "Test.Apn"); ggc = sgsn_mm_ctx_find_ggsn_ctx(ctx, &tp, &gsm_cause, apn_str); OSMO_ASSERT(ggc != NULL); OSMO_ASSERT(ggc->id == 0); OSMO_ASSERT(strcmp(apn_str, "Test.Apn") == 0); tp.lv[GSM48_IE_GSM_APN].len = osmo_apn_from_str(apn_enc, sizeof(apn_enc), "Other.Apn"); ggc = sgsn_mm_ctx_find_ggsn_ctx(ctx, &tp, &gsm_cause, apn_str); OSMO_ASSERT(ggc == NULL); OSMO_ASSERT(gsm_cause == GSM_CAUSE_REQ_SERV_OPT_NOTSUB); OSMO_ASSERT(strcmp(apn_str, "") == 0); /* Cleanup */ gprs_subscr_put(s1); sgsn_mm_ctx_cleanup_free(ctx); assert_no_subscrs(); sgsn_apn_ctx_free(actxs[0]); sgsn_apn_ctx_free(actxs[1]); sgsn_apn_ctx_free(actxs[2]); sgsn_ggsn_ctx_free(ggcs[0]); sgsn_ggsn_ctx_free(ggcs[1]); sgsn_ggsn_ctx_free(ggcs[2]); osmo_gsup_client_send_cb = __real_osmo_gsup_client_send; cleanup_test(); } bool pdp_status_has_active_nsapis(const uint8_t *pdp_status, const size_t pdp_status_len); static void test_pdp_status_has_active_nsapis(void) { const size_t pdp_status_len = 2; const uint8_t pdp_status1[] = { 0b00100000, 0b00000000 }; /* PDP NSAPI 5 active */ const uint8_t pdp_status2[] = { 0b00000000, 0b00000000 }; /* no active PDP NSAPI */ const uint8_t pdp_status3[] = { 0b00000000, 0b00000001 }; /* PDP NSAPI 8 active */ printf("Testing pdp_status_has_active_nsapis\n"); OSMO_ASSERT(pdp_status_has_active_nsapis(pdp_status1, pdp_status_len)); OSMO_ASSERT(!pdp_status_has_active_nsapis(pdp_status2, pdp_status_len)); OSMO_ASSERT(pdp_status_has_active_nsapis(pdp_status3, pdp_status_len)); } static struct log_info_cat gprs_categories[] = { [DMM] = { .name = "DMM", .description = "Layer3 Mobility Management (MM)", .color = "\033[1;33m", .enabled = 1, .loglevel = LOGL_DEBUG, }, [DPAG] = { .name = "DPAG", .description = "Paging Subsystem", .color = "\033[1;38m", .enabled = 1, .loglevel = LOGL_NOTICE, }, [DMEAS] = { .name = "DMEAS", .description = "Radio Measurement Processing", .enabled = 0, .loglevel = LOGL_NOTICE, }, [DREF] = { .name = "DREF", .description = "Reference Counting", .enabled = 0, .loglevel = LOGL_NOTICE, }, [DGPRS] = { .name = "DGPRS", .description = "GPRS Packet Service", .enabled = 1, .loglevel = LOGL_DEBUG, }, [DLLC] = { .name = "DLLC", .description = "GPRS Logical Link Control Protocol (LLC)", .enabled = 1, .loglevel = LOGL_DEBUG, }, [DSNDCP] = { .name = "DSNDCP", .description = "GPRS Sub-Network Dependent Control Protocol (SNDCP)", .enabled = 1, .loglevel = LOGL_DEBUG, }, }; static struct log_info info = { .cat = gprs_categories, .num_cat = ARRAY_SIZE(gprs_categories), }; static struct vty_app_info vty_info = { .name = "testSGSN", }; int main(int argc, char **argv) { void *osmo_sgsn_ctx; void *msgb_ctx; osmo_sgsn_ctx = talloc_named_const(NULL, 0, "osmo_sgsn"); osmo_init_logging2(osmo_sgsn_ctx, &info); tall_sgsn_ctx = talloc_named_const(osmo_sgsn_ctx, 0, "sgsn"); msgb_ctx = msgb_talloc_ctx_init(osmo_sgsn_ctx, 0); vty_init(&vty_info); test_llme(); test_subscriber(); test_auth_triplets(); test_subscriber_gsup(); test_gmm_detach(); test_gmm_detach_power_off(); test_gmm_detach_no_mmctx(); test_gmm_detach_accept_unexpected(); test_gmm_status_no_mmctx(); test_gmm_reject(); test_gmm_cancel(); test_apn_matching(); test_ggsn_selection(); test_pdp_status_has_active_nsapis(); printf("Done\n"); talloc_report_full(osmo_sgsn_ctx, stderr); OSMO_ASSERT(talloc_total_blocks(msgb_ctx) == 1); OSMO_ASSERT(talloc_total_blocks(tall_sgsn_ctx) == 1); return 0; } /* stubs */ struct osmo_prim_hdr; int bssgp_prim_cb(struct osmo_prim_hdr *oph, void *ctx) { abort(); }