Cellular Network Infrastructure » Radio Access Network » OsmoPCU

We seem to be using a "000" IMSI as unknown IMSI, which matches the "all paging group".

src/gprs_ms_storage.cpp
32:#define GPRS_UNDEFINED_IMSI "000" 
92:    if (imsi && imsi[0] && strcmp(imsi, GPRS_UNDEFINED_IMSI) != 0) {

As seen on a deployed osmo-pcu:

Wed Nov 10 05:07:15 2021 DLNSDATA INFO ../../../git/src/gb/gprs_ns2.c:1311 NSE(00103)-NSVC(00103) Rx NS-UNITDATA
Wed Nov 10 05:07:15 2021 DLNSDATA INFO ../../../git/src/gb/gprs_ns2_vc_fsm.c:671 NSE(00103)-NSVC(00103) Rx NS-UNITDAT
Wed Nov 10 05:07:15 2021 DLBSSGP INFO gprs_bssgp_pcu.c:183 LLC [SGSN -> PCU] = TLLI: 0xa8aab557 IMSI: 000 len: 12
Wed Nov 10 05:07:15 2021 DRLCMAC INFO gprs_ms.c:475 Modifying MS object, TLLI: 0xa8aab557 confirmed
Wed Nov 10 05:07:15 2021 DTBF INFO tbf_dl.cpp:133 MS(TLLI=0xa8aab557, IMSI=000, TA=4, 12/0, UL) Allocating DL TBF
Wed Nov 10 05:07:15 2021 DTBF INFO ../../git/src/fsm.c:461 TBF[0x1962d0]{NEW}: Allocated
Wed Nov 10 05:07:15 2021 DTBF INFO ../../git/src/fsm.c:461 UL_ASS_TBF[0x196448]{NONE}: Allocated
Wed Nov 10 05:07:15 2021 DTBF INFO ../../git/src/fsm.c:461 DL_ASS_TBF[0x1964e8]{NONE}: Allocated
Wed Nov 10 05:07:15 2021 DRLCMAC INFO gprs_rlcmac_ts_alloc.cpp:947 [DL] algo B <multi> (suggested TRX: 0): using 3 slots
Wed Nov 10 05:07:15 2021 DRLCMAC INFO pdch.cpp:1159 PDCH(bts=0,trx=0,ts=4) Attaching TBF(TFI=3 TLLI=0xa8aab557 DIR=DL STATE=NEW), 2 TBFs, USFs = 00, TFIs = 0000000a.
Wed Nov 10 05:07:15 2021 DRLCMAC INFO pdch.cpp:1159 PDCH(bts=0,trx=0,ts=5) Attaching TBF(TFI=3 TLLI=0xa8aab557 DIR=DL STATE=NEW), 4 TBFs, USFs = 3f, TFIs = 0000000f.
Wed Nov 10 05:07:15 2021 DRLCMAC INFO pdch.cpp:1159 PDCH(bts=0,trx=0,ts=6) Attaching TBF(TFI=3 TLLI=0xa8aab557 DIR=DL STATE=NEW), 4 TBFs, USFs = 3f, TFIs = 0000000f.
Wed Nov 10 05:07:15 2021 DTBF INFO tbf.cpp:345 TBF(TFI=3 TLLI=0xa8aab557 DIR=DL STATE=NEW) Setting Control TS 5
Wed Nov 10 05:07:15 2021 DTBF INFO tbf.cpp:680 TBF(TFI=3 TLLI=0xa8aab557 DIR=DL STATE=NEW) Allocated: trx = 0, ul_slots = 20, dl_slots = 70
Wed Nov 10 05:07:15 2021 DRLCMAC INFO gprs_ms.c:321 MS(TLLI=0xa8aab557, IMSI=000, TA=4, 12/0, UL) Attaching DL TBF: TBF(TFI=3 TLLI=0xa8aab557 DIR=DL STATE=NEW)

This happens due to related code:

static int gprs_bssgp_pcu_rx_dl_ud(struct msgb *msg, struct tlv_parsed *tp)
{
...
    /* TODO: is it really necessary to initialize this as a "000" IMSI? It seems, the function should just return an
     * error if no IMSI IE was found. */
    struct osmo_mobile_identity mi_imsi = {
        .type = GSM_MI_TYPE_TMSI,
    };
    OSMO_STRLCPY_ARRAY(mi_imsi.imsi, "000");
...
    /* read IMSI. if no IMSI exists, use first paging block (any paging),
     * because during attachment the IMSI might not be known, so the MS
     * will listen to all paging blocks. */
    if (TLVP_PRESENT(tp, BSSGP_IE_IMSI))
    {
        rc = osmo_mobile_identity_decode(&mi_imsi, TLVP_VAL(tp, BSSGP_IE_IMSI), TLVP_LEN(tp, BSSGP_IE_IMSI),
                         true);
        if (rc < 0 || mi_imsi.type != GSM_MI_TYPE_IMSI) {
            LOGP(DBSSGP, LOGL_NOTICE, "Failed to parse IMSI IE (rc=%d)\n", rc);
            return bssgp_tx_status(BSSGP_CAUSE_COND_IE_ERR, NULL, msg);
        }
    }
...
    LOGP(DBSSGP, LOGL_INFO, "LLC [SGSN -> PCU] = TLLI: 0x%08x IMSI: %s len: %d\n", tlli, mi_imsi.imsi, len);

    return dl_tbf_handle(the_pcu->bssgp.bts, tlli, tlli_old, mi_imsi.imsi,
            ms_class, egprs_ms_class, delay_csec, data, len);

So, we should clean up all that code path and any sort of reference to "000" (GPRS_UNDEFINED_IMSI) anywhere. We can either use NULL vs Non-NULL, and imsi⁰ = '\0' (strlen==0) for string array in GprsMs. There's no need to have a third way of identifying an unset IMSI.