fixeria has uploaded this change for review. (
https://gerrit.osmocom.org/c/osmo-ttcn3-hacks/+/36502?usp=email )
Change subject: msc: fix race condition in TC_mm_id_resp_no_identity
......................................................................
msc: fix race condition in TC_mm_id_resp_no_identity
This testcase is failing sporadically ever since it was introduced
back in 2019, during 36C3. The problem is that osmo-msc does not
react to the malformed MM IDENTITY RESPONSE immediately, but only
after timeout of timer X1 (5 seconds, by default); while the
testsuite expects the LU REJECT to be received within 5 seconds.
We should ideally fix osmo-msc to react immediately, but for now
let's enlarge the LU REJECT waiting timeout in the testcase.
Change-Id: I5d2b5d49df8f7ae1eb12fc137f4256fe6fab9117
Related: OS#6426, OS#4340
---
M msc/BSC_ConnectionHandler.ttcn
M msc/MSC_Tests.ttcn
2 files changed, 28 insertions(+), 8 deletions(-)
git pull ssh://gerrit.osmocom.org:29418/osmo-ttcn3-hacks
refs/changes/02/36502/1
diff --git a/msc/BSC_ConnectionHandler.ttcn b/msc/BSC_ConnectionHandler.ttcn
index be12fae..6f8078b 100644
--- a/msc/BSC_ConnectionHandler.ttcn
+++ b/msc/BSC_ConnectionHandler.ttcn
@@ -916,11 +916,11 @@
}
}
-function f_expect_lu_reject(template OCT1 cause := ?) runs on BSC_ConnHdlr {
+function f_expect_lu_reject(template OCT1 cause := ?, float Tval := 5.0) runs
on BSC_ConnHdlr {
var PDU_DTAP_MT dtap_mt;
- timer T := 5.0;
+ timer T;
- T.start;
+ T.start(Tval);
alt {
[] BSSAP.receive(tr_PDU_DTAP_MT(tr_ML3_MT_LU_Rej(cause))) {
setverdict(pass);
diff --git a/msc/MSC_Tests.ttcn b/msc/MSC_Tests.ttcn
index 52a5c2f..513e346 100644
--- a/msc/MSC_Tests.ttcn
+++ b/msc/MSC_Tests.ttcn
@@ -6616,15 +6616,13 @@
vc_conn.done;
}
+/* Test how the MSC handles a malformed MM IDENTITY RESPONSE with no identity.
*/
friend function f_tc_mm_id_resp_no_identity(charstring id, BSC_ConnHdlrPars
pars)
runs on BSC_ConnHdlr {
- pars.tmsi := 'FFFFFFFF'O;
f_init_handler(pars);
- f_create_gsup_expect(hex2str(g_pars.imsi));
-
/* Initiate Location Updating using an unknown TMSI */
- f_bssap_compl_l3(f_build_lu_tmsi(pars.tmsi));
+ f_bssap_compl_l3(f_build_lu_tmsi('FFFFFFFF'O));
/* Expect an Identity Request, send response with no identity */
BSSAP.receive(tr_PDU_DTAP_MT(tr_ML3_MT_MM_ID_Req(CM_ID_TYPE_IMSI)));
@@ -6641,7 +6639,10 @@
}
})));
- f_expect_lu_reject();
+ /* XXX: Current osmo-msc does not react on bad/malformed MM IDENTITY
RESPONSE immediately.
+ * It instead relies on expiry of timer X1, which is set to 5.0 seconds
by default. This
+ * is not good (DoS vector) and should ideally be fixed, but for now
just work it around. */
+ f_expect_lu_reject(Tval := 5.0 + 1.0);
f_expect_clear();
}
testcase TC_mm_id_resp_no_identity() runs on MTC_CT {
--
To view, visit https://gerrit.osmocom.org/c/osmo-ttcn3-hacks/+/36502?usp=email
To unsubscribe, or for help writing mail filters, visit
https://gerrit.osmocom.org/settings
Gerrit-Project: osmo-ttcn3-hacks
Gerrit-Branch: master
Gerrit-Change-Id: I5d2b5d49df8f7ae1eb12fc137f4256fe6fab9117
Gerrit-Change-Number: 36502
Gerrit-PatchSet: 1
Gerrit-Owner: fixeria <[email protected]>
Gerrit-MessageType: newchange
