Bug #5303
Updated by pespin over 2 years ago
We seem to be using a "000" IMSI as unknown IMSI, which matches the "all paging group".
<pre>
src/gprs_ms_storage.cpp
32:#define GPRS_UNDEFINED_IMSI "000"
92: if (imsi && imsi[0] && strcmp(imsi, GPRS_UNDEFINED_IMSI) != 0) {
</pre>
As seen on a deployed osmo-pcu:
<pre>
Wed Nov 10 05:07:15 2021 DLNSDATA INFO ../../../git/src/gb/gprs_ns2.c:1311 NSE(00103)-NSVC(00103) Rx NS-UNITDATA
Wed Nov 10 05:07:15 2021 DLNSDATA INFO ../../../git/src/gb/gprs_ns2_vc_fsm.c:671 NSE(00103)-NSVC(00103) Rx NS-UNITDAT NS-UNITDATA
Wed Nov 10 05:07:15 2021 DLBSSGP INFO gprs_bssgp_pcu.c:183 LLC [SGSN -> PCU] = TLLI: 0xa8aab557 IMSI: 000 len: 12
Wed Nov 10 05:07:15 2021 DRLCMAC INFO gprs_ms.c:475 Modifying MS object, TLLI: 0xa8aab557 confirmed
Wed Nov 10 05:07:15 2021 DTBF INFO tbf_dl.cpp:133 MS(TLLI=0xa8aab557, IMSI=000, TA=4, 12/0, UL) Allocating DL TBF
Wed Nov 10 05:07:15 2021 DTBF INFO ../../git/src/fsm.c:461 TBF[0x1962d0]{NEW}: Allocated
Wed Nov 10 05:07:15 2021 DTBF INFO ../../git/src/fsm.c:461 UL_ASS_TBF[0x196448]{NONE}: Allocated
Wed Nov 10 05:07:15 2021 DTBF INFO ../../git/src/fsm.c:461 DL_ASS_TBF[0x1964e8]{NONE}: Allocated
Wed Nov 10 05:07:15 2021 DRLCMAC INFO gprs_rlcmac_ts_alloc.cpp:947 [DL] algo B <multi> (suggested TRX: 0): using 3 slots
Wed Nov 10 05:07:15 2021 DRLCMAC INFO pdch.cpp:1159 PDCH(bts=0,trx=0,ts=4) Attaching TBF(TFI=3 TLLI=0xa8aab557 DIR=DL STATE=NEW), 2 TBFs, USFs = 00, TFIs = 0000000a.
Wed Nov 10 05:07:15 2021 DRLCMAC INFO pdch.cpp:1159 PDCH(bts=0,trx=0,ts=5) Attaching TBF(TFI=3 TLLI=0xa8aab557 DIR=DL STATE=NEW), 4 TBFs, USFs = 3f, TFIs = 0000000f.
Wed Nov 10 05:07:15 2021 DRLCMAC INFO pdch.cpp:1159 PDCH(bts=0,trx=0,ts=6) Attaching TBF(TFI=3 TLLI=0xa8aab557 DIR=DL STATE=NEW), 4 TBFs, USFs = 3f, TFIs = 0000000f.
Wed Nov 10 05:07:15 2021 DTBF INFO tbf.cpp:345 TBF(TFI=3 TLLI=0xa8aab557 DIR=DL STATE=NEW) Setting Control TS 5
Wed Nov 10 05:07:15 2021 DTBF INFO tbf.cpp:680 TBF(TFI=3 TLLI=0xa8aab557 DIR=DL STATE=NEW) Allocated: trx = 0, ul_slots = 20, dl_slots = 70
Wed Nov 10 05:07:15 2021 DRLCMAC INFO gprs_ms.c:321 MS(TLLI=0xa8aab557, IMSI=000, TA=4, 12/0, UL) Attaching DL TBF: TBF(TFI=3 TLLI=0xa8aab557 DIR=DL STATE=NEW)
</pre>
This happens due to related code:
<pre>
static int gprs_bssgp_pcu_rx_dl_ud(struct msgb *msg, struct tlv_parsed *tp)
{
...
/* TODO: is it really necessary to initialize this as a "000" IMSI? It seems, the function should just return an
* error if no IMSI IE was found. */
struct osmo_mobile_identity mi_imsi = {
.type = GSM_MI_TYPE_TMSI,
};
OSMO_STRLCPY_ARRAY(mi_imsi.imsi, "000");
...
/* read IMSI. if no IMSI exists, use first paging block (any paging),
* because during attachment the IMSI might not be known, so the MS
* will listen to all paging blocks. */
if (TLVP_PRESENT(tp, BSSGP_IE_IMSI))
{
rc = osmo_mobile_identity_decode(&mi_imsi, TLVP_VAL(tp, BSSGP_IE_IMSI), TLVP_LEN(tp, BSSGP_IE_IMSI),
true);
if (rc < 0 || mi_imsi.type != GSM_MI_TYPE_IMSI) {
LOGP(DBSSGP, LOGL_NOTICE, "Failed to parse IMSI IE (rc=%d)\n", rc);
return bssgp_tx_status(BSSGP_CAUSE_COND_IE_ERR, NULL, msg);
}
}
...
LOGP(DBSSGP, LOGL_INFO, "LLC [SGSN -> PCU] = TLLI: 0x%08x IMSI: %s len: %d\n", tlli, mi_imsi.imsi, len);
return dl_tbf_handle(the_pcu->bssgp.bts, tlli, tlli_old, mi_imsi.imsi,
ms_class, egprs_ms_class, delay_csec, data, len);
</pre>
So, we should clean up all that code path and any sort of reference to "000" (GPRS_UNDEFINED_IMSI) anywhere. We can either use NULL vs Non-NULL, and imsi[0] = '\0' (strlen==0) for string array in GprsMs. There's no need to have a third way of identifying an unset IMSI.
