/* MME (Mobility Management Engine) test suite in TTCN-3 * (C) 2019 Harald Welte * All rights reserved. * * Released under the terms of GNU General Public License, Version 2 or * (at your option) any later version. * * SPDX-License-Identifier: GPL-2.0-or-later */ module MME_Tests { import from General_Types all; import from Native_Functions all; import from IPL4asp_Types all; import from Misc_Helpers all; import from S1AP_Types all; import from S1AP_Templates all; import from S1AP_Emulation all; import from S1AP_PDU_Descriptions all; import from S1AP_IEs all; import from S1AP_PDU_Contents all; import from S1AP_Constants all; import from NAS_EPS_Types all; import from NAS_Templates all; import from DIAMETER_Types all; import from DIAMETER_Templates all; import from DIAMETER_ts29_272_Templates all; import from DIAMETER_Emulation all; import from SGsAP_Types all; import from SGsAP_Templates all; import from SGsAP_Emulation all; import from GTP_Emulation all; import from GTPC_Types all; import from GTPv1C_CodecPort all; import from GTPv1C_Templates all; import from LTE_CryptoFunctions all; import from L3_Templates all; import from DNS_Helpers all; import from Osmocom_Types all; import from Osmocom_Gb_Types all; import from GTPv2_Types all; import from GTPv2_Templates all; import from GTPv2_Emulation all; friend module MME_Tests_SGsAP; /* (maximum) number of emulated eNBs */ const integer NUM_ENB := 3; /* (maximum) number of emulated UEs */ const integer NUM_UE := 3; /* parameters of emulated ENB */ type record EnbParams { Global_ENB_ID global_enb_id, integer cell_identity, SupportedTAs supported_tas } type record BearerConfig { /* EPS Bearer ID */ uint4_t ebi optional, /* TEI (Data) local side, S11 (SGW) */ OCT4 s11_teid_local optional, /* TEI (Data) remote side, S11 (SGW) */ OCT4 s11_teid_remote optional, /* TEI (Data) local side, S5c (PGW) */ OCT4 s5c_teid_local optional, /* TEI (Data) remote side, S5c (PGW) */ OCT4 s5c_teid_remote optional }; /* parameters of emulated UE */ type record UeParams { hexstring imsi, charstring ue_ip, NAS_EPS_Types.GUTI guti optional, octetstring kasme optional, /* TEI (Control) local side, S11 (SGW) */ OCT4 s11_teic_local, /* TEI (Control) remote side, S11 (SGW) */ OCT4 s11_teic_remote optional, /* TEI (Control) local side, S5c (PGW) */ OCT4 s5c_teic_local, /* TEI (Control) remote side, S5c (PGW) */ OCT4 s5c_teic_remote optional, BearerConfig bearer optional } type component MTC_CT { /* S1 intreface of emulated ENBs */ var EnbParams g_enb_pars[NUM_ENB]; var S1AP_Emulation_CT vc_S1AP[NUM_ENB]; port S1AP_PT S1AP_UNIT[NUM_ENB]; port S1APEM_PROC_PT S1AP_PROC[NUM_ENB]; /* S6a/S6d interface of emulated HSS */ var DIAMETER_Emulation_CT vc_DIAMETER; port DIAMETER_PT DIAMETER_UNIT; port DIAMETEREM_PROC_PT DIAMETER_PROC; /* SGs interface of emulated MSC/VLR */ var SGsAP_Emulation_CT vc_SGsAP; port SGsAP_PT SGsAP_UNIT; port SGsAPEM_PROC_PT SGsAP_PROC; /* Gn interface (GTPv1C) of emulated SGSN (Rel. 7) */ var GTP_Emulation_CT vc_GTP; /* S11 interface (GTPv2C) of emulated SGW-C */ var GTPv2_Emulation_CT vc_GTP2; port GTP2EM_PT TEID0; var UeParams g_ue_pars[NUM_UE]; } /* Encode an S1AP Global-ENB-ID into an octetstring */ private function enc_S1AP_Global_ENB_ID(Global_ENB_ID global_enb_id) return octetstring { /* Due to the limitations of libfftranscode, we can not define encoders (or decoders) for individual * information elements (in S1AP_Types.cc). Unfortuantely Global-ENB-ID also appears in BSSGP in its * encoded form. (see also: GTP-C 3GPP TS 48.018, section 11.3.70). To encode a given Global-ENB-ID * we craft a full S1AP PDU and encode it. Then we can cut out the encoded Global-ENB-ID from the * generated octetstring. */ var SupportedTAs supported_tas_dummy := {{ tAC := '0000'O, broadcastPLMNs := { '00f000'O }, iE_Extensions := omit }}; var octetstring encoded; var integer global_enb_id_len; if (ispresent(global_enb_id.eNB_ID.macroENB_ID)) { global_enb_id_len := 8; } else { /* All other ENB ID types fit into 8 byte (homeENB_ID, short_macroENB_ID, long_macroENB_ID) */ global_enb_id_len := 9; } encoded := enc_S1AP_PDU(valueof(ts_S1AP_SetupReq(global_enb_id, supported_tas_dummy, v32))); return substr(encoded, 11, global_enb_id_len); } type component ConnHdlr extends S1AP_ConnHdlr, SGsAP_ConnHdlr, DIAMETER_ConnHdlr, GTP_ConnHdlr, GTP2_ConnHdlr { var ConnHdlrPars g_pars; timer g_Tguard := 30.0; var Gtp1cPeer g_gn_iface_peer := { connId := 1, remName := mp_gn_remote_ip, remPort := mp_gn_remote_port }; } type record ConnHdlrPars { /* copied over from MTC_CT on start of component */ EnbParams enb_pars[NUM_ENB], /* copied over from MTC_CT on start of component */ UeParams ue_pars, /* currently used MME (index into enb_pars, S1AP, ...) */ integer mme_idx } modulepar { /* S1 interface */ charstring mp_mme_ip := "127.0.0.1"; integer mp_mme_s1ap_port := 36412; charstring mp_s1_local_ip := "127.0.0.1"; integer mp_s1_local_port := 50000; /* S6 interface */ charstring mp_s6_local_ip := "127.0.0.4"; integer mp_s6_local_port := 3868; charstring mp_s6_diam_realm := "localdomain"; charstring mp_s6_local_diam_host := "hss.localdomain"; charstring mp_s6_remote_diam_host := "mme.localdomain"; /* SGs interface */ charstring mp_sgs_local_ip := "127.0.0.1"; integer mp_sgs_local_port := 29118; charstring mp_vlr_name := "vlr.example.net"; charstring mp_mme_name := "mmec01.mmegi0001.mme.epc.mnc070.mcc901.3gppnetwork.org"; /* Gn interface (GTPv1C) */ charstring mp_gn_local_ip := "127.0.0.22"; integer mp_gn_local_port := 2123; charstring mp_gn_remote_ip := "127.0.0.2"; /* RAI+CI served from emulated peer SGSN: */ integer mp_gn_remote_port := 2123; hexstring mp_gn_local_mcc := '262'H; hexstring mp_gn_local_mnc := 'f42'H; uint16_t mp_gn_local_lac := 39594; uint8_t mp_gn_local_rac := 187; uint16_t mp_gn_local_ci := 1223; /* S11 interface (GTPv2C, interface between MME and SGW) */ charstring mp_s11_local_ip := "127.0.0.3"; integer mp_s11_local_port := 2123; charstring mp_s11_remote_ip := "127.0.0.2"; integer mp_s11_remote_port := 2123; /* PGW information announced by SGWC. MME never really interacts with these. */ charstring mp_s5c_pgw_ip := "1.2.3.4"; } /* send incoming unit data messages (like reset) to global SGsAP_UNIT port */ friend function ForwardUnitdataCallback(PDU_SGsAP msg) runs on SGsAP_Emulation_CT return template PDU_SGsAP { SGsAP_UNIT.send(msg); return omit; } friend function f_init_sgsap(charstring id) runs on MTC_CT { id := id & "-SGsAP"; var SGsAPOps ops := { create_cb := refers(SGsAP_Emulation.ExpectedCreateCallback), unitdata_cb := refers(ForwardUnitdataCallback) } var SGsAP_conn_parameters pars := { remote_ip := "", remote_sctp_port := -1, local_ip := mp_sgs_local_ip, local_sctp_port := mp_sgs_local_port } vc_SGsAP := SGsAP_Emulation_CT.create(id); map(vc_SGsAP:SGsAP, system:SGsAP_CODEC_PT); connect(vc_SGsAP:SGsAP_PROC, self:SGsAP_PROC); connect(vc_SGsAP:SGsAP_UNIT, self:SGsAP_UNIT); vc_SGsAP.start(SGsAP_Emulation.main(ops, pars, id)); } /* send incoming unit data messages (like reset) to global S1AP_UNIT port */ friend function S1apForwardUnitdataCallback(S1AP_PDU msg) runs on S1AP_Emulation_CT return template S1AP_PDU { S1AP_UNIT.send(msg); return omit; } friend function f_init_one_enb(charstring id, integer num := 0) runs on MTC_CT { id := id & "-S1AP" & int2str(num); var S1APOps ops := { create_cb := refers(S1AP_Emulation.ExpectedCreateCallback), unitdata_cb := refers(S1apForwardUnitdataCallback) } var S1AP_conn_parameters pars := { remote_ip := mp_mme_ip, remote_sctp_port := mp_mme_s1ap_port, local_ip := mp_s1_local_ip, local_sctp_port := mp_s1_local_port + num, role := NAS_ROLE_UE } var PLMNidentity plmn_id := '00f110'O; var EnbParams enb_pars := { global_enb_id := { pLMNidentity := plmn_id, eNB_ID := { macroENB_ID := int2bit(num, 20) }, iE_Extensions := omit }, cell_identity := num, supported_tas := { { tAC := int2oct(12345, 2), broadcastPLMNs := { plmn_id }, iE_Extensions := omit } } }; g_enb_pars[num] := enb_pars; vc_S1AP[num] := S1AP_Emulation_CT.create(id); map(vc_S1AP[num]:S1AP, system:S1AP_CODEC_PT); connect(vc_S1AP[num]:S1AP_PROC, self:S1AP_PROC[num]); connect(vc_S1AP[num]:S1AP_UNIT, self:S1AP_UNIT[num]); vc_S1AP[num].start(S1AP_Emulation.main(ops, pars, id)); S1AP_UNIT[num].receive(S1APEM_Event:{up_down:=S1APEM_EVENT_UP}); } friend function f_init_one_ue(inout UeParams uep, integer imsi_suffix) { uep := { imsi := f_gen_imsi(imsi_suffix), ue_ip := "192.168.123.50", guti := omit, kasme := omit, s11_teic_local := '00000000'O, s11_teic_remote := omit, s5c_teic_local := '00000000'O, s5c_teic_remote := omit, bearer := { ebi := omit, s11_teid_local := omit, s11_teid_remote := omit, s5c_teid_local := omit, s5c_teid_remote := omit } } } friend function f_init_s1ap(charstring id, integer imsi_suffix) runs on MTC_CT { var integer i; for (i := 0; i < NUM_ENB; i := i+1) { f_init_one_enb(id, i); } for (i := 0; i < NUM_UE; i := i+1) { f_init_one_ue(g_ue_pars[i], i*1000 + imsi_suffix); } } friend function DiameterForwardUnitdataCallback(PDU_DIAMETER msg) runs on DIAMETER_Emulation_CT return template PDU_DIAMETER { DIAMETER_UNIT.send(msg); return omit; } friend function f_init_diameter(charstring id) runs on MTC_CT { var DIAMETEROps ops := { create_cb := refers(DIAMETER_Emulation.ExpectedCreateCallback), unitdata_cb := refers(DiameterForwardUnitdataCallback), raw := false /* handler mode (IMSI based routing) */ }; var DIAMETER_conn_parameters pars := { remote_ip := mp_mme_ip, remote_sctp_port := -1, local_ip := mp_s6_local_ip, local_sctp_port := mp_s6_local_port, origin_host := "hss.localdomain", origin_realm := "localdomain", auth_app_id := omit, vendor_app_id := c_DIAMETER_3GPP_S6_AID }; vc_DIAMETER := DIAMETER_Emulation_CT.create(id); map(vc_DIAMETER:DIAMETER, system:DIAMETER_CODEC_PT); connect(vc_DIAMETER:DIAMETER_UNIT, self:DIAMETER_UNIT); connect(vc_DIAMETER:DIAMETER_PROC, self:DIAMETER_PROC); vc_DIAMETER.start(DIAMETER_Emulation.main(ops, pars, id)); f_diameter_wait_capability(DIAMETER_UNIT); } friend function f_init_gtp(charstring id) runs on MTC_CT { id := id & "-GTP"; var GtpEmulationCfg gtp_cfg := { gtpc_bind_ip := mp_gn_local_ip, gtpc_bind_port := mp_gn_local_port, gtpu_bind_ip := omit, gtpu_bind_port := omit, sgsn_role := true }; vc_GTP := GTP_Emulation_CT.create(id); vc_GTP.start(GTP_Emulation.main(gtp_cfg)); } friend function f_init_gtpv2_s11(charstring id) runs on MTC_CT { id := id & "-GTPV2"; var Gtp2EmulationCfg cfg := { gtpc_bind_ip := mp_s11_local_ip, gtpc_bind_port := mp_s11_local_port, gtpc_remote_ip := mp_s11_remote_ip, gtpc_remote_port := mp_s11_remote_port, gtpu_bind_ip := omit, /* using gtpu daemon */ gtpu_bind_port := omit, /* using gtpu daemon */ sgw_role := true, use_gtpu_daemon := false }; vc_GTP2 := GTPv2_Emulation_CT.create(id); map(vc_GTP2:GTP2C, system:GTP2C); connect(vc_GTP2:TEID0, self:TEID0); vc_GTP2.start(GTPv2_Emulation.main(cfg)); } friend template (value) S1AP_IEs.TAI ts_enb_S1AP_TAI(EnbParams enb) := { pLMNidentity := enb.global_enb_id.pLMNidentity, tAC := enb.supported_tas[0].tAC, iE_Extensions := omit } friend template (value) EUTRAN_CGI ts_enb_S1AP_CGI(EnbParams enb) := { pLMNidentity := enb.global_enb_id.pLMNidentity, cell_ID := int2bit(enb.cell_identity, 28), iE_Extensions := omit } /* generate parameters for a connection handler */ friend function f_init_pars(integer ue_idx := 0) runs on MTC_CT return ConnHdlrPars { var ConnHdlrPars pars := { enb_pars := g_enb_pars, ue_pars := g_ue_pars[ue_idx], mme_idx := 0 }; return pars; } type function void_fn(ConnHdlrPars pars) runs on ConnHdlr; /* start a connection handler with given parameters */ friend function f_start_handler_with_pars(void_fn fn, ConnHdlrPars pars, integer s1ap_idx := 0) runs on MTC_CT return ConnHdlr { var ConnHdlr vc_conn; var charstring id := testcasename() & int2str(s1ap_idx); vc_conn := ConnHdlr.create(id); /* S1AP part */ connect(vc_conn:S1AP, vc_S1AP[s1ap_idx]:S1AP_CLIENT); connect(vc_conn:S1AP_PROC, vc_S1AP[s1ap_idx]:S1AP_PROC); if (isbound(vc_SGsAP)) { /* SGsAP part */ connect(vc_conn:SGsAP, vc_SGsAP:SGsAP_CLIENT); connect(vc_conn:SGsAP_PROC, vc_SGsAP:SGsAP_PROC); } if (isbound(vc_DIAMETER)) { connect(vc_conn:DIAMETER, vc_DIAMETER:DIAMETER_CLIENT); connect(vc_conn:DIAMETER_PROC, vc_DIAMETER:DIAMETER_PROC); } if (isbound(vc_GTP)) { connect(vc_conn:GTP[0], vc_GTP:CLIENT); connect(vc_conn:GTP_PROC[0], vc_GTP:CLIENT_PROC); } if (isbound(vc_GTP2)) { connect(vc_conn:GTP2, vc_GTP2:CLIENT); connect(vc_conn:GTP2_PROC, vc_GTP2:CLIENT_PROC); } /* We cannot use vc_conn.start(f_init_handler(fn, id, pars)); as we cannot have * a stand-alone 'derefers()' call, see https://www.eclipse.org/forums/index.php/t/1091364/ */ vc_conn.start(derefers(fn)(pars)); return vc_conn; } /* altstep for the global guard timer */ private altstep as_Tguard()runs on ConnHdlr { [] g_Tguard.timeout { setverdict(fail, "Tguard timeout"); mtc.stop; } } friend function f_init_handler(ConnHdlrPars pars, float t_guard := 30.0) runs on ConnHdlr { /* make parameters available via component variable */ g_pars := pars; /* start guard timre and activate it as default */ g_Tguard.start(t_guard); activate(as_Tguard()); if (DIAMETER_PROC.checkstate("Connected")) { f_diameter_expect_imsi(g_pars.ue_pars.imsi); } if (SGsAP_PROC.checkstate("Connected")) { /* Route all SGsAP mesages for our IMSIto us */ f_create_sgsap_expect(pars.ue_pars.imsi); } } friend function f_s1ap_setup(integer idx := 0, template S1AP_IEs.Cause cause := omit) runs on MTC_CT { var template (present) S1AP_IEs.Cause exp_cause; var boolean exp_fail := false; timer T := 5.0; if (not istemplatekind(cause, "omit")) { exp_fail := true; exp_cause := cause; } S1AP_UNIT[idx].send(ts_S1AP_SetupReq(g_enb_pars[idx].global_enb_id, g_enb_pars[idx].supported_tas, v32)); T.start; alt { [exp_fail] S1AP_UNIT[idx].receive(tr_S1AP_SetupFail(exp_cause)) { setverdict(pass); } [not exp_fail] S1AP_UNIT[idx].receive(tr_S1AP_SetupResp) { setverdict(pass); } [] S1AP_UNIT[idx].receive { setverdict(fail, "Received unexpected S1AP"); } [] T.timeout { setverdict(fail, "Timeout waiting for S1AP Setup result"); } } } /* Unsuccessful S1 Setup procedure to MME (wrong PLMN) */ testcase TC_s1ap_setup_wrong_plmn() runs on MTC_CT { var charstring id := testcasename(); f_init_s1ap(id, 1); g_enb_pars[0].global_enb_id.pLMNidentity := '62F224'O; f_s1ap_setup(0, {misc:=unknown_PLMN}); } /* Unsuccessful S1 Setup procedure to MME (wrong PLMN) */ testcase TC_s1ap_setup_wrong_tac() runs on MTC_CT { var charstring id := testcasename(); f_init_s1ap(id, 2); g_enb_pars[0].supported_tas[0].broadcastPLMNs[0] := '62F224'O; f_s1ap_setup(0, {misc:=unknown_PLMN}); } /* Successful S1 Setup procedure to MME */ testcase TC_s1ap_setup() runs on MTC_CT { var charstring id := testcasename(); f_init_s1ap(id, 3); f_s1ap_setup(0); } private const EPS_QualityOfServiceV c_NAS_defaultQoS := { qCI := '00'O, maxBitRateUplink := omit, maxBitRateDownlink := omit, guaranteedBitRateUplink := omit, guaranteedBitRateDownlink := omit, maxBitRateUplinkExt := omit, maxBitRateDownlinkExt := omit, guaranteedBitRateUplinkExt := omit, guaranteedBitRateDownlinkExt := omit, maxBitRateUplinkExt2 := omit, maxBitRateDownlinkExt2 := omit, guaranteedBitRateUplinkExt2 := omit, guaranteedBitRateDownlinkExt2 := omit }; private const UENetworkCapabilityV c_NAS_defaultUeNetCap := { eEA := '10000000'B, eIA := '11000000'B, uEA := omit, uIA := omit, uCS2 := omit, nF := omit, vCC := omit, lCS := omit, lPP := omit, aCC_CSFB := omit, h245_ASH := omit, proSe := omit, proSe_dd := omit, proSe_dc := omit, proSe_relay := omit, cP_CIoT := omit, uP_CIoT := omit, s1_Udata := omit, eRwoPDN := omit, hC_CP_CIoT := omit, ePCO := omit, multipleDRB := omit, v2XPC5 := omit, restrictEC := omit, cPbackoff := omit, dCNR := omit, n1Mode := omit, sGC := omit, spare1 := omit, spare := omit }; private const octetstring c_NAS_defaultAPN := '00'O; private altstep as_s1ap_handle_auth() runs on ConnHdlr { var PDU_NAS_EPS rx_nas; [] S1AP.receive(tr_NAS_AuthReq) -> value rx_nas { /* static XRES result as we fixed the HSS RAND value and always have the following RAND: 20080c3818183b522614162c07601d0d AUTN: f11b89a2a8be00001f9c526f3d75d44c IK: 11329aae8e8d2941bb226b2061137c58 CK: 740d62df9803eebde5120acf358433d0 RES: 6a91970e838fd079 SRES: e91e4777 Kc: 3b0f999e42198874 SQN: 32 IND: 0 */ /* KASME: 95AFAD9A0D29AFAA079A9451DF7161D7EE4CBF2AF9387F766D058BB6B44B905D */ const OCT16 ck := '740d62df9803eebde5120acf358433d0'O; const OCT16 ik := '11329aae8e8d2941bb226b2061137c58'O; const OCT16 autn := 'f11b89a2a8be00001f9c526f3d75d44c'O; const OCT8 res := '6a91970e838fd079'O; const OCT3 plmn_id := '00F110'O; const OCT6 sqn := '000000000020'O; const OCT6 ak := substr(autn, 0, 6) xor4b sqn; g_pars.ue_pars.kasme := f_kdf_kasme(ck, ik, plmn_id, sqn, ak); var S1APEM_Config cfg := { set_nas_keys := { k_nas_int := f_kdf_nas_int(1, g_pars.ue_pars.kasme), k_nas_enc := f_kdf_nas_enc(1, g_pars.ue_pars.kasme) } }; S1AP.send(cfg); S1AP.send(ts_NAS_AuthResp(res)); } } private altstep as_s1ap_handle_sec_mode() runs on ConnHdlr { var S1APEM_Config cfg; var PDU_NAS_EPS rx_nas; var NAS_SecurityAlgorithmsV alg := { typeOfIntegrityProtection := '001'B, spare1 := '0'B, typeOfCiphering := '000'B, spare2 := '0'B }; var NAS_KeySetIdentifierV kset_id := { identifier := '000'B, tSC := '0'B }; [] S1AP.receive(tr_NAS_SecModeCmd(alg, kset_id, ?)) { /* TODO: apply below integrity and ciphering based on * Security Mode Command field "NAS security algorithms - Selected NAS security algorithms"*/ /* Configure integrity protection: */ cfg := { set_nas_alg_int := NAS_ALG_IP_EIA1 }; S1AP.send(cfg); /* Configure Ciphering: */ cfg := { set_nas_alg_enc := NAS_ALG_ENC_EEA0 }; S1AP.send(cfg); S1AP.send(ts_NAS_SecModeCmpl); } } private altstep as_s1ap_handle_IntialCtxSetupReq_Attach_Accept() runs on ConnHdlr { var S1AP_PDU rx_msg; var PDU_NAS_EPS rx_nas; [] S1AP.receive(tr_S1AP_IntialCtxSetupReq) -> value rx_msg { var template (omit) MME_UE_S1AP_ID mme_ue_id := f_S1AP_get_MME_UE_S1AP_ID(rx_msg); var template (omit) ENB_UE_S1AP_ID enb_ue_id := f_S1AP_get_ENB_UE_S1AP_ID(rx_msg); var template (value) E_RABSetupItemCtxtSURes rab_setup_it; var template (value) E_RABSetupListCtxtSURes rab_setup_items; var octetstring esm_enc; var template (value) PDU_NAS_EPS nas; var EPS_MobileIdentityTLV mi_tlv; S1AP.receive(tr_NAS_AttachAccept()) -> value rx_nas; mi_tlv := rx_nas.ePS_messages.ePS_MobilityManagement.pDU_NAS_EPS_AttachAccept.gUTI; if (mi_tlv.ePS_MobileIdentity.ePS_MobileIdentity.typeOfIdentity != '110'B) { Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail, log2str("Rx GUTI of unexpected MI type: ", mi_tlv)); } g_pars.ue_pars.guti := mi_tlv.ePS_MobileIdentity.ePS_MobileIdentity.oddEvenInd_identity.guti rab_setup_it := ts_S1AP_RABSetupItemCtxtSURes(rab_id := 5, tla := oct2bit(f_inet_addr(mp_mme_ip)), gtp_teid := '00000002'O); rab_setup_items := ts_S1AP_RABSetupListCtxtSURes(rab_setup_it); S1AP.send(ts_S1AP_InitialCtxSetupResp(valueof(mme_ue_id), valueof(enb_ue_id), rab_setup_items)); nas := ts_NAS_ActDefEpsBearCtxAck(int2bit(g_pars.ue_pars.bearer.ebi, 4), '00000000'B, omit); esm_enc := enc_PDU_NAS_EPS(valueof(nas)); S1AP.send(ts_NAS_AttachComplete(esm_enc)); /* Optional from the network: */ S1AP.receive(tr_NAS_EMMInformation); } [] S1AP.receive(PDU_NAS_EPS:?) -> value rx_nas { Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail, log2str("Rx Unexpected NAS PDU msg: ", rx_nas)); } } private altstep as_s1ap_handle_IntialCtxSetupReq_TAU_Accept() runs on ConnHdlr { var S1AP_PDU rx_msg; var PDU_NAS_EPS rx_nas; [] S1AP.receive(tr_S1AP_IntialCtxSetupReq) -> value rx_msg { /* 3GPP TS 23.401 D.3.6 step 22: */ var template (omit) MME_UE_S1AP_ID mme_ue_id := f_S1AP_get_MME_UE_S1AP_ID(rx_msg); var template (omit) ENB_UE_S1AP_ID enb_ue_id := f_S1AP_get_ENB_UE_S1AP_ID(rx_msg); var template (value) E_RABSetupItemCtxtSURes rab_setup_it; var template (value) E_RABSetupListCtxtSURes rab_setup_items; var S1APEM_Config cfg; S1AP.receive(tr_PDU_NAS_EPS_TrackingAreaUpdateAccept)-> value rx_nas; /* Configure integrity protection: */ cfg := { set_nas_alg_int := NAS_ALG_IP_EIA1 }; S1AP.send(cfg); rab_setup_it := ts_S1AP_RABSetupItemCtxtSURes(rab_id := 5, tla := oct2bit(f_inet_addr(mp_mme_ip)), gtp_teid := '00000002'O); rab_setup_items := ts_S1AP_RABSetupListCtxtSURes(rab_setup_it); S1AP.send(ts_S1AP_InitialCtxSetupResp(valueof(mme_ue_id), valueof(enb_ue_id), rab_setup_items)); /* 3GPP TS 23.401 D.3.6 step 23: */ /* Integrity Protection and Ciphering implemented by S1AP_Emulation: */ S1AP.send(ts_PDU_NAS_EPS_TrackingAreaUpdateComplete(c_EPS_SEC_NONE)); } [] S1AP.receive(PDU_NAS_EPS:?) -> value rx_nas { Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail, log2str("Rx Unexpected NAS PDU msg: ", rx_nas)); } } private altstep as_s1ap_handle_UeContextReleaseCmd(template S1AP_IEs.Cause cause := ?) runs on ConnHdlr { var S1AP_PDU rx_msg; var PDU_NAS_EPS rx_nas; [] S1AP.receive(tr_S1AP_UeContextReleaseCmd(?, cause)) -> value rx_msg { var template MME_UE_S1AP_ID mme_ue_id; var template ENB_UE_S1AP_ID enb_ue_id; if (not ispresent(rx_msg.initiatingMessage.value_.uEContextReleaseCommand.protocolIEs[0].value_.uE_S1AP_IDs.uE_S1AP_ID_pair)) { /* TODO: The UE CONTEXT RELEASE COMMAND (see also: 3GPP TS 36.413, section 9.1.4.6), may identify the * context by either an uE_S1AP_ID_pair (MME_UE_S1AP_ID and ENB_UE_S1AP_ID) or an MME_UE_S1AP_ID alone. * The latter case is not implemented here yet. */ Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail, log2str("complete implementation of UeContextReleaseCmd handling")); return; } mme_ue_id := rx_msg.initiatingMessage.value_.uEContextReleaseCommand.protocolIEs[0].value_.uE_S1AP_IDs.uE_S1AP_ID_pair.mME_UE_S1AP_ID; enb_ue_id := rx_msg.initiatingMessage.value_.uEContextReleaseCommand.protocolIEs[0].value_.uE_S1AP_IDs.uE_S1AP_ID_pair.eNB_UE_S1AP_ID; S1AP.send(ts_S1AP_UeContextReleaseCompl(mme_ue_id, enb_ue_id)); } [] S1AP.receive(PDU_NAS_EPS:?) -> value rx_nas { Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail, log2str("Rx Unexpected NAS PDU msg: ", rx_nas)); } } /* Exepect AuthInfoReq (AIR) from HSS; respond with AuthInforAnswer (AIA) */ private altstep as_DIA_AuthInfo() runs on ConnHdlr { var PDU_DIAMETER rx_dia; [] DIAMETER.receive(tr_DIA_AIR(g_pars.ue_pars.imsi)) -> value rx_dia { var template (omit) AVP avp; var octetstring sess_id; var octetstring vplmn_id; var hexstring imsi; var template (value) AVP_list auth_info_content; /* retrieve input data */ imsi := valueof(f_DIAMETER_get_imsi(rx_dia)); avp := f_DIAMETER_get_avp(rx_dia, c_AVP_Code_BASE_NONE_Session_Id); sess_id := valueof(avp.avp_data.avp_BASE_NONE_Session_Id); avp := f_DIAMETER_get_avp(rx_dia, c_AVP_Code_AAA_3GPP_Visited_PLMN_Id); vplmn_id := valueof(avp.avp_data.avp_AAA_3GPP_Visited_PLMN_Id); /* compute tuple */ auth_info_content := { ts_AVP_EutranVec(1, '20080c3818183b522614162c07601d0d'O, '6a91970e838fd079'O, 'f11b89a2a8be00001f9c526f3d75d44c'O, '95AFAD9A0D29AFAA079A9451DF7161D7EE4CBF2AF9387F766D058BB6B44B905D'O) }; DIAMETER.send(ts_DIA_AIA(auth_info_content, sess_id, hbh_id := rx_dia.hop_by_hop_id, ete_id := rx_dia.end_to_end_id)); } } /* Expect UpdateLocationReq (ULR); respond with UpdateLocationAnswer (ULA) */ private altstep as_DIA_UpdLoc() runs on ConnHdlr { var PDU_DIAMETER rx_dia; [] DIAMETER.receive(tr_DIA_ULR(g_pars.ue_pars.imsi)) -> value rx_dia { var template (omit) AVP avp; var hexstring imsi; var template (value) AVP_list sub_data; /* retrieve input data */ imsi := valueof(f_DIAMETER_get_imsi(rx_dia)); avp := f_DIAMETER_get_avp(rx_dia, c_AVP_Code_BASE_NONE_Session_Id); sub_data := { ts_AVP_3GPP_SubscriberStatus(SERVICE_GRANTED), ts_AVP_3GPP_SubscrRauTauTmr(30), ts_AVP_3GPP_AMBR(1000, 2000), ts_AVP_3GPP_ApnConfigProfile({ ts_AVP_3GPP_ContextId(1), ts_AVP_3GPP_AllApnConfigsIncl, ts_AVP_3GPP_ApnConfig(1, IPv4, "*") }) }; DIAMETER.send(ts_DIA_ULA(sub_data, avp.avp_data.avp_BASE_NONE_Session_Id, hbh_id := rx_dia.hop_by_hop_id, ete_id := rx_dia.end_to_end_id)); } } private function f_DIA_CancelLocation(integer idx := 0, template S1AP_IEs.Cause cause := omit) runs on ConnHdlr { var UINT32 hbh_id := f_rnd_octstring(4); var UINT32 ete_id := f_rnd_octstring(4); var PDU_DIAMETER rx_dia; /* Unlike CLR, CLA contains no IMSI. Register ete_id in DIAMETER_Emulation, * so AIA is forwarded back to us in DIAMETER port instead of MTC_CT.DIAMETER_UNIT. */ f_diameter_expect_eteid(ete_id); DIAMETER.send(ts_DIA_CLR(g_pars.ue_pars.imsi, SGSN_UPDATE_PROCEDURE, orig_host := mp_s6_local_diam_host, orig_realm := mp_s6_diam_realm, dest_host := mp_s6_remote_diam_host, dest_realm := mp_s6_diam_realm, hbh_id := hbh_id, ete_id := ete_id)); alt { [] DIAMETER.receive(tr_DIA_CLA) -> value rx_dia {} [] DIAMETER.receive(PDU_DIAMETER:?) -> value rx_dia { Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail, log2str("Unexpected Diameter S6b msg rx: ", rx_dia)); } } } private altstep as_GTP2C_CreateSession_success() runs on ConnHdlr { var PDU_GTPCv2 rx_msg; var BearerContextIEs rx_bctx_ies; var template (value) FullyQualifiedTEID s11_fteid_c_ie, s11_fteid_u_ie, s5c_fteid_c_ie, s5c_fteid_u_ie; var template (value) PDN_AddressAllocation paa; var template (value) BearerContextIEs bctx_ies; [] GTP2.receive(tr_GTP2C_CreateSessionReq(g_pars.ue_pars.imsi)) -> value rx_msg { /* Parse TEIC and Bearer EBI and TEID and store it in g_pars */ g_pars.ue_pars.s11_teic_remote := rx_msg.gtpcv2_pdu.createSessionRequest.fullyQualifiedTEID[0].tEID_GRE_Key; g_pars.ue_pars.s5c_teic_remote := rx_msg.gtpcv2_pdu.createSessionRequest.fullyQualifiedTEID[1].tEID_GRE_Key; rx_bctx_ies := rx_msg.gtpcv2_pdu.createSessionRequest.bearerContextGrouped[0].bearerContextIEs; g_pars.ue_pars.bearer.ebi := rx_bctx_ies.ePS_Bearer_ID.ePS_Bearer_ID_Value; /* allocate + register TEID-C on local side */ g_pars.ue_pars.s11_teic_local := f_gtp2_allocate_teid(); g_pars.ue_pars.bearer.s11_teid_local := g_pars.ue_pars.s11_teic_local; g_pars.ue_pars.s5c_teic_local := f_gtp2_allocate_teid(); g_pars.ue_pars.bearer.s5c_teid_local := g_pars.ue_pars.s5c_teic_local; s11_fteid_c_ie := ts_GTP2C_FTEID(FTEID_IF_S11_MME_GTPC, g_pars.ue_pars.s11_teic_local, 0, f_inet_addr(mp_s11_local_ip), omit); s5c_fteid_c_ie := ts_GTP2C_FTEID(FTEID_IF_S5S8_PGW_GTPC, g_pars.ue_pars.s5c_teic_local, 1, f_inet_addr(mp_s5c_pgw_ip), omit); s11_fteid_u_ie := ts_GTP2C_FTEID(FTEID_IF_S1U_SGW_GTPU, g_pars.ue_pars.bearer.s11_teid_local, 0, f_inet_addr(mp_s11_local_ip), omit); s5c_fteid_u_ie := ts_GTP2C_FTEID(FTEID_IF_S5S8_PGW_GTPU, g_pars.ue_pars.bearer.s5c_teid_local, 2, f_inet_addr(mp_s5c_pgw_ip), omit); paa := ts_GTP2C_PdnAddrAlloc_v4(f_inet_addr(g_pars.ue_pars.ue_ip)); bctx_ies := ts_GTP2C_BcContextIE(ebi := g_pars.ue_pars.bearer.ebi, teid_list := { s11_fteid_u_ie, s5c_fteid_u_ie }, qos := ts_GTP2C_BearerQos('09'O, 0, 0, 0, 0), charging_id := ts_GTP2C_ChargingID(g_pars.ue_pars.bearer.s11_teid_local)); GTP2.send(ts_GTP2C_CreateSessionResp(g_pars.ue_pars.s11_teic_remote, rx_msg.sequenceNumber, Request_accepted, { s11_fteid_c_ie, s5c_fteid_c_ie }, paa, { ts_GTP2C_BcGrouped(bctx_ies) } )); setverdict(pass); } [] GTP2.receive { Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail, log2str("Unexpected GTPv2/S11 message from MME")); } } private altstep as_GTP2C_ModifyBearer_success() runs on ConnHdlr { var PDU_GTPCv2 rx_msg; var BearerContextIEs rx_bctx_ies; var template (value) FullyQualifiedTEID s11_fteid_c_ie, s11_fteid_u_ie, s5c_fteid_c_ie, s5c_fteid_u_ie; var template (value) BearerContextIEs bctx_ies; [] GTP2.receive(tr_GTP2C_ModifyBearerReq(g_pars.ue_pars.s11_teic_local)) -> value rx_msg { rx_bctx_ies := rx_msg.gtpcv2_pdu.modifyBearerRequest.bearerContextGrouped[0].bearerContextIEs; /* TODO: validate the S1-U fullyQualifiedTEID announces the IP address provided by the ENB in InitialCtxSetupResp */ // rx_bctx_ies.fullyQualifiedTEID[0]. == f_inet_addr(mp_mme_ip) /* Update S11 TEID */ g_pars.ue_pars.bearer.s11_teid_remote := rx_bctx_ies.fullyQualifiedTEID[0].tEID_GRE_Key; s11_fteid_u_ie := ts_GTP2C_FTEID(FTEID_IF_S1U_SGW_GTPU, g_pars.ue_pars.bearer.s11_teid_local, 0, f_inet_addr(mp_s11_local_ip), omit); bctx_ies := ts_GTP2C_BcContextIE(ebi := g_pars.ue_pars.bearer.ebi, teid_list := { s11_fteid_u_ie }, qos := ts_GTP2C_BearerQos('09'O, 0, 0, 0, 0), charging_id := ts_GTP2C_ChargingID(g_pars.ue_pars.bearer.s11_teid_local)); GTP2.send(ts_GTP2C_ModifyBearerResp(g_pars.ue_pars.s11_teic_remote, rx_msg.sequenceNumber, Request_accepted, g_pars.ue_pars.bearer.ebi, { ts_GTP2C_BcGrouped(bctx_ies) } )); setverdict(pass); } [] GTP2.receive { Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail, log2str("Unexpected GTPv2/S11 message from MME")); } } private altstep as_GTP2C_DeleteSession_success(template Indication ind_flags := *) runs on ConnHdlr { var PDU_GTPCv2 rx_msg; [] GTP2.receive(tr_GTP2C_DeleteSessionReq(g_pars.ue_pars.s11_teic_local, indicationFlags := ind_flags)) -> value rx_msg { GTP2.send(ts_GTP2C_DeleteSessionResp(g_pars.ue_pars.s11_teic_remote, rx_msg.sequenceNumber, Request_accepted)); setverdict(pass); } [] GTP2.receive { Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail, log2str("Unexpected GTPv2/S11 message from MME")); } } /* 3GPP TS 23.401 D.3.5, TS 23.003 2.8.2.1 */ private function guti2rai_ptmsi(in NAS_EPS_Types.GUTI guti, in OCT2 truncated_nas_token, out RoutingAreaIdentity rai, out OCT4 ptmsi, out OCT3 ptmsi_sig) runs on ConnHdlr { var bitstring mtmsi_bits := oct2bit(guti.mTMSI); var bitstring ptmsi_bits; var bitstring ptmsi_sig_bits; rai := valueof(ts_RoutingAreaIdentity(guti.mccDigit1 & guti.mccDigit2 & guti.mccDigit3, guti.mncDigit3 & guti.mncDigit1 & guti.mncDigit2, guti.mMEGI, guti.mMEC)); /* 3GPP TS 23.003 2.8.2.0: "P-TMSI shall be of 32 bits length where the two topmost bits are * reserved and always set to '11'. Hence, for a UE which may handover to GERAN/UTRAN (based on * subscription and UE capabilities), the corresponding bits in the M-TMSI are set to '11'" */ ptmsi_bits := '11'B & substr(mtmsi_bits, 2, 6) & oct2bit(guti.mMEC) & substr(mtmsi_bits, 16, 16); ptmsi_sig_bits := substr(mtmsi_bits, 8, 8) & oct2bit(truncated_nas_token); ptmsi := bit2oct(ptmsi_bits); ptmsi_sig := bit2oct(ptmsi_sig_bits); /* TODO: The UE shall fill the remaining 2 octets of the according to clauses 9.1.1, 9.4.1, 10.2.1, or * 10.5.1 of 3GPP TS.33.401 [89] , as appropriate, for RAU/Attach procedures.*/ } /* Test UE attached to EUTRAN reselecting a GERAN cell. In this scenario, the * new SGSN will attempt to obtain information of the UE from the old SGSN (MME) * through Gn interface using SGSN Context Request/Response procedure (OS#6294). */ private function f_gtp_sgsn_context_4g_to_2g(OCT4 new_sgsn_local_teid := '12345678'O) runs on ConnHdlr { var template (value) GTPC_PDUs SGSNContextReqPDU; var RoutingAreaIdentity rai; var OCT4 ptmsi; var OCT3 ptmsi_sig; var Gtp1cUnitdata gtpc_pdu; var OCT4 old_mme_local_teid; var uint16_t gtpc_seq_nr := f_rnd_int(65535); /* Derive NAS Token (and post-increment ul_count): */ var OCT32 nas_token := f_s1apem_derive_nas_token(g_pars.ue_pars.kasme); var OCT2 truncated_nas_token := substr(nas_token, 30, 2); guti2rai_ptmsi(g_pars.ue_pars.guti, truncated_nas_token, rai, ptmsi, ptmsi_sig); SGSNContextReqPDU := ts_SGSNContextReqPDU(rai, new_sgsn_local_teid, f_inet_addr(mp_gn_local_ip), ptmsi := ts_PTMSI(ptmsi), ptmsi_sig := ts_PTMSI_sig(ptmsi_sig)); GTP[0].send(ts_GTPC_SGSNContextReq(g_gn_iface_peer, gtpc_seq_nr, SGSNContextReqPDU)); timer T := 5.0; T.start; alt { [] GTP[0].receive(tr_GTPC_SGSNContextResp(g_gn_iface_peer, new_sgsn_local_teid, tr_SGSNContextRespPDU(GTP_CAUSE_REQUEST_ACCEPTED, g_pars.ue_pars.imsi))) -> value gtpc_pdu { old_mme_local_teid := gtpc_pdu.gtpc.gtpc_pdu.sgsn_ContextResponse.teidControlPlane.teidControlPlane; setverdict(pass); } [] GTP[0].receive { Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail, log2str("unexpected GTPC message from MME")); } [] T.timeout { Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail, log2str("no SGSN Context Response from MME")); } } GTP[0].send(ts_GTPC_SGSNContextAck(g_gn_iface_peer, old_mme_local_teid, oct2int(gtpc_pdu.gtpc.opt_part.sequenceNumber), ts_SGSNContextAckPDU(GTP_CAUSE_REQUEST_ACCEPTED))); } private altstep as_gtp_sgsn_context_2g_to_4g(OCT4 new_sgsn_teid := 'ABABABAB'O, GTPv1C_Templates.GTP_RATType rat_type := GTP_RAT_TYPE_EUTRAN, RoutingAreaIdentity rai, OCT4 ptmsi, OCT3 ptmsi_sig, boolean exp_auth := false ) runs on ConnHdlr { var Gtp1cUnitdata gtpc_pdu; [] GTP[0].receive(tr_GTPC_SGSNContextReq(g_gn_iface_peer, tr_SGSNContextReqPDU(rai := rai, ptmsi := ts_PTMSI(ptmsi), ptmsi_sig := ts_PTMSI_sig(ptmsi_sig), rat_type := int2oct(enum2int(rat_type), 1)))) -> value gtpc_pdu { var template (value) PDP_Context_GTPC pdp_ctx; var template (value) GTPC_PDUs SGSNContextRespPDU; var Gtp1cUnitdata gtpc_pdu_ack; var OCT4 old_mme_remote_teid := gtpc_pdu.gtpc.gtpc_pdu.sgsn_ContextRequest.teidControlPlane.teidControlPlane; const OCT16 ck := '740d62df9803eebde5120acf358433d0'O; const OCT16 ik := '11329aae8e8d2941bb226b2061137c58'O; pdp_ctx := ts_PDP_Context_GTPC(f_inet_addr(g_pars.ue_pars.ue_ip), f_inet_addr(mp_gn_local_ip), c_NAS_defaultAPN, ggsn_teic := '12345678'O, ggsn_teid := '87654321'O); SGSNContextRespPDU := ts_SGSNContextRespPDU(GTP_CAUSE_REQUEST_ACCEPTED, g_pars.ue_pars.imsi, new_sgsn_teid, f_inet_addr(mp_gn_local_ip), ts_MM_ContextUMTS(ck, ik), { pdp_ctx }); GTP[0].send(ts_GTPC_SGSNContextResp(g_gn_iface_peer, old_mme_remote_teid, oct2int(gtpc_pdu.gtpc.opt_part.sequenceNumber), SGSNContextRespPDU)); if (exp_auth) { as_DIA_AuthInfo(); as_s1ap_handle_auth(); as_s1ap_handle_sec_mode(); } GTP[0].receive(tr_GTPC_SGSNContextAck(g_gn_iface_peer, new_sgsn_teid, tr_SGSNContextAckPDU(GTP_CAUSE_REQUEST_ACCEPTED))) -> value gtpc_pdu; setverdict(pass); } [] GTP[0].receive { setverdict(fail, "unexpected GTPC message from MME"); } } private function f_attach() runs on ConnHdlr { var template (value) EPS_MobileIdentityV mi := ts_NAS_MobileId_IMSI(g_pars.ue_pars.imsi); var template (value) PDU_NAS_EPS nas_esm, nas_emm; timer T := 5.0; nas_esm := ts_NAS_PdnConnReq(bearer_id := '0000'B, proc_tid := int2bit(1,8), pdn_type := NAS_PDN_T_IPv4, req_type := '001'B); nas_emm := ts_NAS_AttachRequest(att_type := '000'B, kset_id := '000'B, mobile_id := mi, ue_net_cap := c_NAS_defaultUeNetCap, esm_enc := enc_PDU_NAS_EPS(valueof(nas_esm))); var template (value) S1AP_PDU tx; tx := ts_S1AP_InitialUE(p_eNB_value := 0, p_nasPdu := enc_PDU_NAS_EPS(valueof(nas_emm)), p_tAI := ts_enb_S1AP_TAI(g_pars.enb_pars[g_pars.mme_idx]), p_eUTRAN_CGI := ts_enb_S1AP_CGI(g_pars.enb_pars[g_pars.mme_idx]), p_rrcCause := mo_Signalling); S1AP.send(tx); as_DIA_AuthInfo(); as_s1ap_handle_auth(); alt { [] as_DIA_UpdLoc() { as_s1ap_handle_sec_mode(); } [] as_s1ap_handle_sec_mode() { as_DIA_UpdLoc(); } } /* We now expect the MME to send a Create Session Request to the SGW-C */ f_gtp2_register_udmsg('20'O); T.start; alt { [] as_GTP2C_CreateSession_success(); [] T.timeout { Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail, log2str("No message from MME")); } } T.start; alt { [] as_s1ap_handle_IntialCtxSetupReq_Attach_Accept(); [] T.timeout { Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail, log2str("No message from MME")); } } /* We now expect the MME to send a Modify Bearer Request to the SGW-C */ f_gtp2_register_udmsg('22'O); T.start; alt { [] as_GTP2C_ModifyBearer_success(); [] T.timeout { Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail, log2str("No message from MME")); } } } private function f_TC_attach(ConnHdlrPars pars) runs on ConnHdlr { f_init_handler(pars); f_attach(); } testcase TC_s1ap_attach() runs on MTC_CT { var charstring id := testcasename(); f_init_diameter(id); f_sleep(10.0); f_init_s1ap(id, 4); f_init_gtpv2_s11(id); f_s1ap_setup(0); var ConnHdlrPars pars := f_init_pars(ue_idx := 0); var ConnHdlr vc_conn; vc_conn := f_start_handler_with_pars(refers(f_TC_attach), pars); vc_conn.done; } private function f_TC_gn_echo_request(ConnHdlrPars pars) runs on ConnHdlr { timer T := 5.0; f_init_handler(pars); f_gtp_register_teid('00000000'O); GTP[0].send(ts_GTPC_PING(g_gn_iface_peer, 1)); T.start; alt { [] GTP[0].receive(tr_GTPC_PONG(?)) { setverdict(pass); } [] GTP[0].receive { setverdict(fail, "unexpected GTPC message from MME"); } [] T.timeout { setverdict(fail, "no GTPC ECHO RESPONSE from MME"); } } } testcase TC_gn_echo_request() runs on MTC_CT { var charstring id := testcasename(); f_init_diameter(id); f_init_s1ap(id, 0); f_s1ap_setup(0); f_init_gtp(id); var ConnHdlrPars pars := f_init_pars(ue_idx := 0); var ConnHdlr vc_conn; vc_conn := f_start_handler_with_pars(refers(f_TC_gn_echo_request), pars); vc_conn.done; } external function enc_PDU_GTPC_RAN_INF_REQ(in PDU_BSSGP_RAN_INFORMATION_REQUEST_GTPC gtpc_pdu) return octetstring with { extension "prototype(convert)" extension "encode(RAW)" } external function enc_PDU_GTPC_RAN_INF(in PDU_BSSGP_RAN_INFORMATION_GTPC gtpc_pdu) return octetstring with { extension "prototype(convert)" extension "encode(RAW)" } function f_convert_plmn(OCT3 pLMNidentity) return hexstring { var hexstring pLMNidentity_hex := oct2hex(pLMNidentity); var hexstring pLMNidentity_hex_swapped; pLMNidentity_hex_swapped[0] := pLMNidentity_hex[1]; pLMNidentity_hex_swapped[1] := pLMNidentity_hex[0]; pLMNidentity_hex_swapped[2] := pLMNidentity_hex[3]; pLMNidentity_hex_swapped[3] := pLMNidentity_hex[2]; pLMNidentity_hex_swapped[4] := pLMNidentity_hex[5]; pLMNidentity_hex_swapped[5] := pLMNidentity_hex[4]; return pLMNidentity_hex_swapped; } /* Make a template for a GTPC BSSGP container that contains a RAN INFORMATION REQUEST. The template can be used to * craft the request for the S1AP/S1-MME interface and also to verfify the contents of the coresponding request on * the GTPC/Gn interface */ private function f_make_ts_GTPC_RAN_Information_Request(GTP_CellId geran_gtp_ci) runs on ConnHdlr return template (value) PDU_BSSGP_RAN_INFORMATION_REQUEST_GTPC { var template (value) RIM_Routing_Address_GTPC gtpc_dst_addr, gtpc_src_addr; var template (value) RAN_Information_Request_RIM_Container_GTPC gtpc_rim_req_cont; var template (value) PDU_BSSGP_RAN_INFORMATION_REQUEST_GTPC gtpc_bssgp_cont; var octetstring gnbid; var GTP_CellId eutran_gtp_ci; eutran_gtp_ci.ra_id.lai.mcc_mnc := f_convert_plmn(g_pars.enb_pars[g_pars.mme_idx].global_enb_id.pLMNidentity); gnbid := enc_S1AP_Global_ENB_ID(g_pars.enb_pars[g_pars.mme_idx].global_enb_id); gtpc_dst_addr := ts_GTPC_RIM_Routing_Address_cid(geran_gtp_ci); gtpc_src_addr := ts_GTPC_RIM_Routing_Address_enbid(eutran_gtp_ci, oct2int(g_pars.enb_pars[g_pars.mme_idx].supported_tas[0].tAC), gnbid); gtpc_rim_req_cont := ts_GTPC_RAN_Information_Request_RIM_Container( ts_GTPC_RIM_Application_Identity(RIM_APP_ID_NACC), ts_GTPC_RIM_Sequence_Number(1), ts_GTPC_RIM_PDU_Indications(false, RIM_PDU_TYPE_SING_REP), ts_GTPC_RIM_Protocol_Version_Number(1), tsu_GTPC_RAN_Information_Request_Application_Container_NACC(geran_gtp_ci), omit); gtpc_bssgp_cont := ts_GTPC_RAN_Information_Request( ts_GTPC_RIM_Routing_Information(RIM_ADDR_GERAN_CELL_ID, gtpc_dst_addr), ts_GTPC_RIM_Routing_Information(RIM_ADDR_EUTRAN_NODEB_ID, gtpc_src_addr), gtpc_rim_req_cont); return gtpc_bssgp_cont; } private function f_make_tr_GTPC_RAN_Information_Request(GTP_CellId geran_gtp_ci) runs on ConnHdlr return template (present) PDU_BSSGP_RAN_INFORMATION_REQUEST_GTPC { var template (present) RIM_Routing_Address_GTPC gtpc_dst_addr, gtpc_src_addr; var template (present) RAN_Information_Request_RIM_Container_GTPC gtpc_rim_req_cont; var template (present) PDU_BSSGP_RAN_INFORMATION_REQUEST_GTPC gtpc_bssgp_cont; var octetstring gnbid; var GTP_CellId eutran_gtp_ci; eutran_gtp_ci.ra_id.lai.mcc_mnc := f_convert_plmn(g_pars.enb_pars[g_pars.mme_idx].global_enb_id.pLMNidentity); gnbid := enc_S1AP_Global_ENB_ID(g_pars.enb_pars[g_pars.mme_idx].global_enb_id); gtpc_dst_addr := ts_GTPC_RIM_Routing_Address_cid(geran_gtp_ci); gtpc_src_addr := ts_GTPC_RIM_Routing_Address_enbid(eutran_gtp_ci, oct2int(g_pars.enb_pars[g_pars.mme_idx].supported_tas[0].tAC), gnbid); gtpc_rim_req_cont := tr_GTPC_RAN_Information_Request_RIM_Container( ts_GTPC_RIM_Application_Identity(RIM_APP_ID_NACC), ts_GTPC_RIM_Sequence_Number(1), ts_GTPC_RIM_PDU_Indications(false, RIM_PDU_TYPE_SING_REP), ts_GTPC_RIM_Protocol_Version_Number(1), tru_GTPC_RAN_Information_Request_Application_Container_NACC(geran_gtp_ci)); gtpc_bssgp_cont := tr_GTPC_RAN_Information_Request( tr_GTPC_RIM_Routing_Information(RIM_ADDR_GERAN_CELL_ID, gtpc_dst_addr), tr_GTPC_RIM_Routing_Information(RIM_ADDR_EUTRAN_NODEB_ID, gtpc_src_addr), gtpc_rim_req_cont); return gtpc_bssgp_cont; } /* Make initial RAN INFORMATION REQUEST message that is sent on the S1AP/S1-MME interface */ private function f_make_ts_S1AP_eNBDirectInfTrans(GTP_CellId geran_gtp_ci) runs on ConnHdlr return template (value) S1AP_PDU { var template (value) Inter_SystemInformationTransferType inf; inf.rIMTransfer.rIMInformation := enc_PDU_GTPC_RAN_INF_REQ(valueof(f_make_ts_GTPC_RAN_Information_Request(geran_gtp_ci))); inf.rIMTransfer.rIMRoutingAddress.gERAN_Cell_ID.lAI.pLMNidentity := hex2oct(f_convert_plmn(hex2oct(geran_gtp_ci.ra_id.lai.mcc_mnc))); inf.rIMTransfer.rIMRoutingAddress.gERAN_Cell_ID.lAI.lAC := int2oct(geran_gtp_ci.ra_id.lai.lac, 2); inf.rIMTransfer.rIMRoutingAddress.gERAN_Cell_ID.lAI.iE_Extensions := omit; inf.rIMTransfer.rIMRoutingAddress.gERAN_Cell_ID.rAC := int2oct(geran_gtp_ci.ra_id.rac, 1); inf.rIMTransfer.rIMRoutingAddress.gERAN_Cell_ID.cI := int2oct(geran_gtp_ci.cell_id, 2); inf.rIMTransfer.rIMRoutingAddress.gERAN_Cell_ID.iE_Extensions := omit; inf.rIMTransfer.iE_Extensions := omit; return ts_S1AP_eNBDirectInfTrans(inf); } /* Make RAN INFORMATION (response) message that is sent on the GTPC/Gn interface */ private function f_make_ts_GTPC_RANInfoRelay(template Gtp1cUnitdata req_gtpc_pdu, GTP_CellId geran_gtp_ci, octetstring geran_si) runs on ConnHdlr return template (value) Gtp1cUnitdata { var template Gtp1cUnitdata res_gtpc_pdu; var template RAN_Information_RIM_Container_GTPC gtpc_rim_res_cont; var template PDU_BSSGP_RAN_INFORMATION_GTPC gtpc_bssgp_rim_res_pdu; var template RIM_Routing_Information_GTPC gtpc_rim_dst_cell_id, gtpc_rim_src_cell_id; var template RIM_RoutingAddress gtpc_rim_ra; var template RIM_RoutingAddress_Discriminator gtpc_rim_ra_discr; /* Assemble GTPC RAN Information */ gtpc_rim_res_cont := ts_GTPC_RAN_Information_RIM_Container(ts_GTPC_RIM_Application_Identity(RIM_APP_ID_NACC), ts_GTPC_RIM_Sequence_Number(2), ts_GTPC_RIM_PDU_Indications(false, RIM_PDU_TYPE_SING_REP), ts_GTPC_RIM_Protocol_Version_Number(1), tsu_GTPC_ApplContainer_or_ApplErrContainer_NACC(tsu_GTPC_ApplContainer_NACC(geran_gtp_ci, false, 3, geran_si)), omit); /* The source becomes the destination and vice versa */ gtpc_rim_dst_cell_id := req_gtpc_pdu.gtpc.gtpc_pdu.ranInformationRelay.transparentContainer. rANTransparentContainerField.pDU_BSSGP_RAN_INFORMATION_REQUEST.source_Cell_Identifier gtpc_rim_src_cell_id := req_gtpc_pdu.gtpc.gtpc_pdu.ranInformationRelay.transparentContainer. rANTransparentContainerField.pDU_BSSGP_RAN_INFORMATION_REQUEST.destination_Cell_Identifier gtpc_bssgp_rim_res_pdu := ts_GTPC_RAN_Information(gtpc_rim_dst_cell_id, gtpc_rim_src_cell_id, gtpc_rim_res_cont); /* Assemble RIM Routing Address (essentially a copy of the destination cell identifier)*/ gtpc_rim_ra := ts_RIM_RoutingAddress(enc_RIM_Routing_Address_GTPC(valueof(gtpc_rim_dst_cell_id.rIM_Routing_Address))); gtpc_rim_ra_discr := ts_RIM_RoutingAddress_Discriminator(hex2bit(valueof(gtpc_rim_dst_cell_id.rIMRoutingAddressDiscriminator))); res_gtpc_pdu := ts_GTPC_RANInfoRelay(g_gn_iface_peer, ts_RANTransparentContainer_RAN_INFO(gtpc_bssgp_rim_res_pdu), gtpc_rim_ra, gtpc_rim_ra_discr); return res_gtpc_pdu; } /* Make template to verify the RAN INFORMATION REQUEST as it appears on the GTPC/Gn interface */ private function f_make_tr_GTPC_MsgType(GTP_CellId geran_gtp_ci) runs on ConnHdlr return template (present) Gtp1cUnitdata { var template Gtp1cUnitdata msg; var template GTPC_PDUs pdus; var template RANTransparentContainer ran_transp_cont; ran_transp_cont := tr_RANTransparentContainer_RAN_INFO_REQ( f_make_tr_GTPC_RAN_Information_Request(geran_gtp_ci)); pdus := tr_RANInfoRelay(ran_transp_cont); msg := tr_GTPC_MsgType(g_gn_iface_peer, rANInformationRelay, '00000000'O, pdus); return msg; } /* Make template to verify the RAN INFORMATION (response) as it appears on the S1AP/S1-MME interface */ private function f_make_tr_S1AP_MMEDirectInfTrans(Gtp1cUnitdata ran_information_gtpc_pdu) runs on ConnHdlr return template (present) S1AP_PDU { var template S1AP_PDU msg; var template Inter_SystemInformationTransferType inf; inf.rIMTransfer.rIMInformation := enc_PDU_GTPC_RAN_INF( ran_information_gtpc_pdu.gtpc.gtpc_pdu.ranInformationRelay. transparentContainer.rANTransparentContainerField. pDU_BSSGP_RAN_INFORMATION); inf.rIMTransfer.rIMRoutingAddress := omit; inf.rIMTransfer.iE_Extensions := omit; msg := tr_S1AP_MMEDirectInfTrans(inf); return msg; } private function f_TC_RIM_RAN_INF(ConnHdlrPars pars) runs on ConnHdlr { timer T := 5.0; f_init_handler(pars); f_gtp_register_teid('00000000'O); var Gtp1cUnitdata req_gtpc_pdu; var Gtp1cUnitdata resp_gtpc_pdu; var GTP_CellId geran_gtp_ci; /* Assemble data of a fictitiously GERAN cell */ geran_gtp_ci.ra_id.rac := mp_gn_local_rac; geran_gtp_ci.ra_id.lai.mcc_mnc := mp_gn_local_mcc & mp_gn_local_mnc; geran_gtp_ci.ra_id.lai.lac := mp_gn_local_lac; geran_gtp_ci.cell_id := mp_gn_local_ci; const octetstring geran_si1 := '198fb100000000000000000000000000007900002b'O; const octetstring geran_si3 := '1b753000f110236ec9033c2747407900003c0b2b2b'O; const octetstring geran_si13 := '009000185a6fc9e08410ab2b2b2b2b2b2b2b2b2b2b'O; const octetstring geran_si := geran_si1 & geran_si3 & geran_si13; /* Send initial RAN information request via S1AP to MME and expect the MME to forward the request on GTP-C * (eNB -> MME -> SGSN) */ S1AP.send(f_make_ts_S1AP_eNBDirectInfTrans(geran_gtp_ci)); T.start; alt { [] GTP[0].receive(f_make_tr_GTPC_MsgType(geran_gtp_ci)) -> value req_gtpc_pdu { setverdict(pass); } [] GTP[0].receive { setverdict(fail, "unexpected GTPC message from MME"); } [] T.timeout { setverdict(fail, "no GTPC RAN INFORMATION REQUEST from MME"); } } /* Send RAN information response via GTP-C to MME and expect the MME to forward the respnse on S1AP * (SGSN -> MME -> eNB) */ f_create_s1ap_expect_proc(id_MMEDirectInformationTransfer, self); resp_gtpc_pdu := valueof(f_make_ts_GTPC_RANInfoRelay(req_gtpc_pdu, geran_gtp_ci, geran_si)); GTP[0].send(resp_gtpc_pdu); T.start; alt { [] S1AP.receive(f_make_tr_S1AP_MMEDirectInfTrans(resp_gtpc_pdu)) { setverdict(pass); } [] S1AP.receive { setverdict(fail, "unexpected S1AP message from MME"); } [] T.timeout { setverdict(fail, "no S1AP RAN INFORMATION from MME"); } } setverdict(pass); } testcase TC_RIM_RAN_INF() runs on MTC_CT { var charstring id := testcasename(); f_init_diameter(id); f_init_s1ap(id, 0); f_s1ap_setup(0); f_init_gtp(id); var ConnHdlrPars pars := f_init_pars(ue_idx := 0); var ConnHdlr vc_conn; vc_conn := f_start_handler_with_pars(refers(f_TC_RIM_RAN_INF), pars); vc_conn.done; } /* Successful RESET procedure from eNB to MME */ testcase TC_s1ap_reset() runs on MTC_CT { var charstring id := testcasename(); f_init_s1ap(id, 0); f_s1ap_setup(0); var template (value) S1AP_IEs.Cause reset_cause := {misc := om_intervention}; var template (value) ResetType reset_type := {s1_Interface := reset_all}; timer T := 5.0; S1AP_UNIT[0].send(ts_S1AP_Reset(reset_cause, reset_type)); T.start; alt { [] S1AP_UNIT[0].receive(tr_S1AP_ResetAck_any) { setverdict(pass); } [] S1AP_UNIT[0].receive { setverdict(fail, "Received unexpected S1AP"); } [] T.timeout { setverdict(fail, "Timeout waiting for S1AP Setup result"); } } } /* Tracking area update with a GUTI (TMSI) that is unknown to the MME. The MME is expected to reject this TAU * request. */ private function f_TC_tau_unknown_guti(ConnHdlrPars pars) runs on ConnHdlr { f_init_handler(pars); var template (value) EPS_MobileIdentityV mi := ts_NAS_MobileId_IMSI(pars.ue_pars.imsi); var template (value) S1AP_PDU tx; var template (value) PDU_NAS_EPS nas_tau; timer T := 5.0; var hexstring mcc_mnc := f_convert_plmn(g_pars.enb_pars[g_pars.mme_idx].global_enb_id.pLMNidentity); var EPS_MobileIdentityLV old_guti := valueof(ts_EPS_MobileId_GUTI(mcc_mnc, '0001'O, '01'O, 'AABBCCDD'O)); nas_tau := ts_PDU_NAS_EPS_TrackingAreaUpdateRequest(old_guti); tx := ts_S1AP_InitialUE(p_eNB_value := 0, p_nasPdu := enc_PDU_NAS_EPS(valueof(nas_tau)), p_tAI := ts_enb_S1AP_TAI(g_pars.enb_pars[g_pars.mme_idx]), p_eUTRAN_CGI := ts_enb_S1AP_CGI(g_pars.enb_pars[g_pars.mme_idx]), p_rrcCause := mo_Signalling); S1AP.send(tx); T.start; alt { [] S1AP.receive(tr_PDU_NAS_EPS_TrackingAreaUpdateReject) { setverdict(pass); } [] S1AP.receive { setverdict(fail, "unexpected S1AP message from MME"); } [] T.timeout { setverdict(fail, "no message from MME"); } } as_s1ap_handle_UeContextReleaseCmd(); } testcase TC_s1ap_tau_unknown_guti() runs on MTC_CT { var charstring id := testcasename(); f_init_diameter(id); f_init_s1ap(id, 5); f_s1ap_setup(0); var ConnHdlrPars pars := f_init_pars(ue_idx := 0); var ConnHdlr vc_conn; vc_conn := f_start_handler_with_pars(refers(f_TC_tau_unknown_guti), pars); vc_conn.done; } private function f_TC_ue_cell_reselect_eutran_to_geran(ConnHdlrPars pars) runs on ConnHdlr { f_init_handler(pars); f_gtp_register_imsi(g_pars.ue_pars.imsi); f_attach(); /* TS 23.401 Figure D.3.5-1 Steps 1,2,3,4: */ f_gtp_sgsn_context_4g_to_2g(); /* TS 23.401 Figure D.3.5-1 Step 8: */ f_DIA_CancelLocation(); /* TS 23.401 Figure D.3.5-1 Step 13: * After Gn timer triggers, the SGW session is deleted. * Make sure Operation Indication is set to 0, to tell the SGW to keep the Session up at the PGW. */ as_GTP2C_DeleteSession_success(tr_GTP2C_Indication(oI := '0'B)); /* TS 23.401 Figure D.3.5-1 Step 13: * Upon rx of SGSN Context Acknowledge, MME released the ENB/UE context: */ as_s1ap_handle_UeContextReleaseCmd(); /* Let MME some time to handle the Create Session Response: */ f_sleep(3.0); } testcase TC_ue_cell_reselect_eutran_to_geran() runs on MTC_CT { var charstring id := testcasename(); f_init_diameter(id); f_init_s1ap(id, 6); f_init_gtpv2_s11(id); f_s1ap_setup(0); f_init_gtp(id); var ConnHdlrPars pars := f_init_pars(ue_idx := 0); var ConnHdlr vc_conn; vc_conn := f_start_handler_with_pars(refers(f_TC_ue_cell_reselect_eutran_to_geran), pars); vc_conn.done; } /* 3GPP TS 23.401 D.3.6, TS 23.003 2.8.2.2.2 (Mapping in the UE) */ private function rai_ptmsi2_guti(in RoutingAreaIdentity rai, in OCT4 ptmsi, out NAS_EPS_Types.GUTI guti) { var bitstring ptmsi_bits := oct2bit(ptmsi); var bitstring rac_bits := oct2bit(rai.rac); var bitstring mtmsi_bits := '11'B & substr(ptmsi_bits, 2, 6) & substr(rac_bits, 0, 8) & substr(ptmsi_bits, 16, 16); guti := valueof(ts_NAS_GUTI(mcc_mnc := rai.mcc_digits & rai.mnc_digits, mmegi := rai.lac, mmec := bit2oct(substr(ptmsi_bits, 8, 8)), tmsi := bit2oct(mtmsi_bits))); } /* Test UE attached to GERAN reselecting a EUTRAN cell. In this scenario, the * new MME will attempt to obtain information of the UE from the old SGSN * through Gn interface using SGSN Context Request/Response procedure (OS#6294). */ /* 3GPP TS 23.401 D.3.6, TS 23.003 2.8.2.2.2 */ private function f_TC_ue_cell_reselect_geran_to_eutran(ConnHdlrPars pars) runs on ConnHdlr { f_init_handler(pars); f_gtp_register_imsi(g_pars.ue_pars.imsi); f_gtp2_register_imsi(g_pars.ue_pars.imsi); /* SGSN Context Req doesn't necessarily contain IMSI, hence expect it through TEID=0 */ f_gtp_register_teid('00000000'O); /* passed in SGSN Context Resp to MME, will be used by MME when answering with SGSN Context Ack: */ const OCT4 new_sgsn_teid := 'ABABABAB'O; f_gtp_register_teid(new_sgsn_teid); var template (value) EPS_MobileIdentityV mi := ts_NAS_MobileId_IMSI(pars.ue_pars.imsi); var template (value) S1AP_PDU tx; var template (value) PDU_NAS_EPS nas_tau; var RoutingAreaIdentity rai; var OCT4 ptmsi := f_gen_tmsi(suffix := 0, nri_v := 0, nri_bitlen := 8); var OCT3 ptmsi_sig := f_rnd_octstring(3); var NAS_EPS_Types.GUTI guti_val; var template (value) EPS_MobileIdentityLV old_guti; var S1APEM_Config cfg; timer T := 5.0; var bitstring ptmsi_bits := oct2bit(ptmsi); var OCT4 ptmsi_exp := bit2oct('11'B & substr(ptmsi_bits, 2, 30)); var template (value) UENetworkCapabilityTLV ue_net_cap := ts_UENetworkCapabilityTLV(c_NAS_defaultUeNetCap); rai := valueof(ts_RoutingAreaIdentity(mp_gn_local_mcc, mp_gn_local_mnc, int2oct(mp_gn_local_lac, 2), int2oct(mp_gn_local_rac, 1))); rai_ptmsi2_guti(rai, ptmsi, guti_val); old_guti := ts_EPS_MobileId_GUTI_(guti_val); nas_tau := ts_PDU_NAS_EPS_TrackingAreaUpdateRequest(old_guti, ts_PTMSI_SignatureTV(ptmsi_sig), ts_GUTI_TypeTV(GUTI_TYPE_MAPPED), ts_NonceTV('12345678'O), ts_CipheringKeySequenceNumberTV('000'B), ue_net_cap := ue_net_cap); tx := ts_S1AP_InitialUE(p_eNB_value := 0, p_nasPdu := enc_PDU_NAS_EPS(valueof(nas_tau)), p_tAI := ts_enb_S1AP_TAI(g_pars.enb_pars[g_pars.mme_idx]), p_eUTRAN_CGI := ts_enb_S1AP_CGI(g_pars.enb_pars[g_pars.mme_idx]), p_rrcCause := mo_Signalling); S1AP.send(tx); /* NAS counts are reset to zero when a mapped security context is created. */ cfg := { reset_nas_counts := {} }; S1AP.send(cfg); as_gtp_sgsn_context_2g_to_4g(new_sgsn_teid, GTP_RAT_TYPE_EUTRAN, rai, ptmsi_exp, ptmsi_sig, exp_auth := true); /* We now expect the MME to send a Create Session Request to the SGW-C */ T.start; alt { [] as_GTP2C_CreateSession_success(); [] T.timeout { Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail, log2str("No message from MME")); } } /* 3GPP TS 23.401 D.3.6 steps 14-21: */ as_DIA_UpdLoc(); /* 3GPP TS 23.401 D.3.6 step 22, 23: */ as_s1ap_handle_IntialCtxSetupReq_TAU_Accept(); /* We now expect the MME to send a Modify Bearer Request to the SGW-C */ T.start; alt { [] as_GTP2C_ModifyBearer_success(); [] T.timeout { Misc_Helpers.f_shutdown(__BFILE__, __LINE__, fail, log2str("No message from MME")); } } /* Leave some time for MME to handle Modify Bearer Response: */ f_sleep(1.0); } testcase TC_ue_cell_reselect_geran_to_eutran() runs on MTC_CT { var charstring id := testcasename(); f_init_diameter(id); f_init_s1ap(id, 7); f_init_gtpv2_s11(id); f_s1ap_setup(0); f_init_gtp(id); var ConnHdlrPars pars := f_init_pars(ue_idx := 0); var ConnHdlr vc_conn; vc_conn := f_start_handler_with_pars(refers(f_TC_ue_cell_reselect_geran_to_eutran), pars); vc_conn.done; } control { execute( TC_s1ap_setup_wrong_plmn() ); execute( TC_s1ap_setup_wrong_tac() ); execute( TC_s1ap_setup() ); execute( TC_s1ap_attach() ); execute( TC_s1ap_tau_unknown_guti() ); execute( TC_gn_echo_request() ); execute( TC_RIM_RAN_INF() ); execute( TC_s1ap_reset() ); execute( TC_ue_cell_reselect_eutran_to_geran() ); execute( TC_ue_cell_reselect_geran_to_eutran() ); } }