Bug #3499

pcu is logging "Allocating DL TBF: MS_CLASS=0/0" ; TLV parsing code commented?

Added by keith about 2 years ago. Updated 7 months ago.

Target version:
Start date:
Due date:
% Done:


Spec Reference:


This also relates to this error seen with EGPRS capable phone:
"Not accepting non-EGPRS phone in EGPRS-only mode"

However, in GPRS mode, this does not appear to make any immediately obvious difference to functionality, but all the same, MS_CLASS=0/0 is obviously wrong.

This is because the code to parse the MS RA Cap is commented, with a note:

"Do not rely on this IE."

As far as I can tell from analysis of NS trace, the BSSGP contains correct Radio Access Capability IE, that is to say, It is corresponding with what the MS sent in the Attach Request.

So why "do not rely?" Why is the code commented? Perhaps in 2016, this information from the BSSGP was not reliable?

and the two previous commits.

Related issues

Related to OsmoPCU - Feature #1525: Use the Radio Access Capabilites that are being transferred via BSSGP (downlink)Resolved02/22/2016


#1 Updated by laforge about 2 years ago

#2 Updated by msuraev almost 2 years ago

  • Related to Feature #1525: Use the Radio Access Capabilites that are being transferred via BSSGP (downlink) added

#3 Updated by laforge over 1 year ago

  • Assignee set to lynxis

#4 Updated by laforge 10 months ago

  • Assignee deleted (lynxis)

#5 Updated by pespin 9 months ago

This ticket is a duplicate (talking about same issue) of #1525

We need to add some TTCN3 test to check emulation-SGSN sending this data to PCU and make sure it's taken into account.

Related code: gprs_bssgp_pcu_rx_dl_ud() (src/gprs_bssgp_pcu.cpp).

Related commits (from older to newer, they are together in history):

#6 Updated by pespin 9 months ago

  • Assignee set to pespin

#7 Updated by keith 9 months ago

pespin wrote:

This ticket is a duplicate (talking about same issue) of #1525

Yes, I did not see #1525 when I made this. Feel free to close this one. (maybe move the description to a comment in the other ticket if you feel it's helpful in any way)

#8 Updated by pespin 9 months ago

According to some TTCN3 tests I'm doing, decode_gsm_ra_cap() is broken an returns an error, that's probably why it was commented out (probably they thought messages sent by SGSN were wrong, but actually decoding in PCU seems broken.).
I'm working on fixing it now.

#9 Updated by pespin 9 months ago

I just saw that csn1.cpp/csn1.hpp files are actually coming initially from wireshark. In current master, they are named:

I think it may make sense to try updating our code to match the one in wireshark instead of fixing this exact issue, because wireshark is decoding it fine.

#10 Updated by pespin 9 months ago

I went over commits in wireshark.git/packet-csn1{.cpp,.h} and ported changes to our csn1.* files to have a closer code from there, since the one in wireshark is more prone to get fixes and better support.

remote: csn1: Update M_NULL CSN_DESCR to match wireshark
remote: csn1: packet-csn1.c:179: warning: 'pui8' may be used uninitialized in this ...
remote: csn1: shuffle decrements of remaining_bits_len
remote: csn1: Extend CSN_SERIALIZE to allow 0 bit of length
remote: csn1: Allow CHOICE elements to re-process the bits used for the choice
remote: csn1: Fix pedantic compiler warnings in csn.1 dissectors
remote: csn1: Fix an infinite loop in CSN.1 dissector when having more than 255 ...
remote: csn1: Fix warning with -Wmissing-prototypes
remote: csn1: Don't cast away constness
remote: csn1: Try to fix cast discards '__attribute__((const))' qualifier from ...
remote: csn1: Drop format_p union from CSN_DESCR
remote: csn1: fix this statement may fall through [-Werror=implicit-fallthrough=] ...


  • Check commits in following wireshark files, which matches with the structs we have in src/gsm_rlcmac.cpp of osmo-pcu.git. In there there may be fixes which could help us with this task.
  • Fix #4375: enable logging messing with decoder test result
  • Improve logging in csn1.cpp
  • Find out what fails exactly during decode of RA cap.

#11 Updated by pespin 9 months ago

  • Status changed from New to In Progress
  • % Done changed from 0 to 20

I submitted a bunch of commits ported from wireshark's current packet-gsm_rlcmac.cpp/h files (wireshark master=0d4e81e7c7392222446526370d93499fab7ee4f9)

remote: gsm_rlcmac.h: #if 0 unused stuff
remote: gsm_rlcmac.h: Make sure we have a corresponding 'u' member to RlcMacDownlink_...
remote: gsm_rlcmac.h: Remove Uplink messages from the RlcMacDownlink_t structure
remote: gsm_rlcmac: Enhance dissection of PSI1
remote: gsm_rlcmac.cpp: Fix trailing whitespace
remote: gsm_rlcmac.cpp: hanged all M_BIT macros to M_UINT, as M_BIT does not use the ...
remote: gsm_rlcmac.cpp: Do not skip too many lines of the CSN_DESCR when the field ...
remote: gsm_rlcmac.cpp: fix an out of bounds access
remote: gsm_rlcmac: add dissection of NAS container
remote: gsm_rlcmac: improve dissection of Packet Resource Request message
remote: gsm_rlcmac: Update : PACKET RESOURCE REQUEST to Release 14.0.0
remote: gsm_rlcmac.cpp: fix global-buffer-overflow error reported by ASAN
remote: gsm_rlcmac.cpp: fix another global-buffer-overflow error reported by ASAN

Notice one of the patches is breaking a unit test and I had it change, so I changed the expected output. It needs to be investigated before merging it.

Some patches are still remaining but are not critical to the task here, and have been left as a separate ticket #4382.

  • Investigate one ported patch breaking unit test (may be related to #1640).
  • Fix #4375: enable logging messing with decoder test result
  • Improve logging in csn1.cpp
  • Find out what fails exactly during decode of RA cap.

#12 Updated by pespin 7 months ago

  • Status changed from In Progress to Feedback
  • % Done changed from 20 to 90

Thanks to all recent work done in osmo-pcu CSN1/RLCMAC decoder, I could investigate the issue further, and it should be fixed by

Tested with:

This ticket can be closed once the patches are merged.

keith give it a try if you want.

PS: I also submitted a patch to wirershark to be able to decode non CS-1 (e)gprs data blocks, see #1542.

#13 Updated by pespin 7 months ago

  • Status changed from Feedback to Resolved
  • % Done changed from 90 to 100

Should be definitely fixed after all changes merged today 81b40cbaf3070f70954663f68375100128bdc77e..e50ce6e45c4509805807d599cadf1a1b23d37f63

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 48.8 MB)