canghaiwuhen has uploaded this change for review. (
https://gerrit.osmocom.org/c/osmo-sgsn/+/42050?usp=email )
Change subject: Related: OS#6922
......................................................................
Related: OS#6922
Some older modules, such as the Air20X module, may crash during PDP attachment
due to excessively long QoS response packets. If the PDP is not released after
successful attachment, the module will restart, and subsequent TCP connections
will fail.
Change-Id: I11c24b64f0e49cf80c825969dbf018b2948d855c
---
M src/sgsn/gprs_gmm.c
M src/sgsn/gprs_sm.c
2 files changed, 29 insertions(+), 3 deletions(-)
git pull ssh://gerrit.osmocom.org:29418/osmo-sgsn refs/changes/50/42050/1
diff --git a/src/sgsn/gprs_gmm.c b/src/sgsn/gprs_gmm.c
index 3d4b940..ce77d35 100644
--- a/src/sgsn/gprs_gmm.c
+++ b/src/sgsn/gprs_gmm.c
@@ -1336,7 +1336,15 @@
goto rejected;
}
OSMO_STRLCPY_ARRAY(ctx->imsi, mi.imsi);
- }
+ } else {
+ /* [FIX] Known IMSI context. If the module initiates an Attach,
it means it has restarted and lost its PDP state.
+ * We must clean up the old PDP context on the SGSN side;
otherwise, the SGSN will not recreate them, leading to communication failure. */
+ struct sgsn_pdp_ctx *pdp, *pdp2;
+ llist_for_each_entry_safe(pdp, pdp2, &ctx->pdp_list, list) {
+ LOGMMCTXP(LOGL_NOTICE, ctx, "Re-Attach: Dropping stale PDP
context for NSAPI=%u\n", pdp->nsapi);
+ sgsn_pdp_ctx_terminate(pdp);
+ }
+ }
break;
case GSM_MI_TYPE_TMSI:
/* Try to find MM context based on P-TMSI */
@@ -1354,7 +1362,14 @@
goto rejected;
}
ctx->p_tmsi = mi.tmsi;
- }
+ } else {
+ /* [FIX] Known P-TMSI context. Similarly, if the module
re-attaches, clean up the old PDP context. */
+ struct sgsn_pdp_ctx *pdp, *pdp2;
+ llist_for_each_entry_safe(pdp, pdp2, &ctx->pdp_list, list) {
+ LOGMMCTXP(LOGL_NOTICE, ctx, "Re-Attach: Dropping stale PDP
context for NSAPI=%u\n", pdp->nsapi);
+ sgsn_pdp_ctx_terminate(pdp);
+ }
+ }
break;
default:
LOGMMCTXP(LOGL_NOTICE, ctx, "Rejecting ATTACH REQUEST with "
diff --git a/src/sgsn/gprs_sm.c b/src/sgsn/gprs_sm.c
index bcf2923..aebebe7 100644
--- a/src/sgsn/gprs_sm.c
+++ b/src/sgsn/gprs_sm.c
@@ -206,7 +206,18 @@
/* FIXME: copy QoS parameters from original request */
//msgb_lv_put(msg, pdp->lib->qos_neg.l, pdp->lib->qos_neg.v);
- msgb_lv_put(msg, sizeof(default_qos), (uint8_t *)&default_qos);
+ //msgb_lv_put(msg, sizeof(default_qos), (uint8_t *)&default_qos);
+
+ /* Use the explicitly stored original Air Interface QoS length
(req_qos_len).
+ * Modern modules send 14+ bytes (R99) and expect full responses.
+ * SOLUTION: Reply with exactly the length they asked for.
+ */
+ uint8_t qos_len = sizeof(default_qos);
+ if (pdp->lib && pdp->lib->qos_req.l > 1)
+ qos_len = pdp->lib->qos_req.l - 1;
+ if (qos_len > sizeof(default_qos))
+ qos_len = sizeof(default_qos);
+ msgb_lv_put(msg, qos_len, (uint8_t *)&default_qos);
/* Radio priority 10.5.7.2 */
msgb_v_put(msg, pdp->lib->radio_pri);
--
To view, visit https://gerrit.osmocom.org/c/osmo-sgsn/+/42050?usp=email
To unsubscribe, or for help writing mail filters, visit
https://gerrit.osmocom.org/settings?usp=email
Gerrit-MessageType: newchange
Gerrit-Project: osmo-sgsn
Gerrit-Branch: master
Gerrit-Change-Id: I11c24b64f0e49cf80c825969dbf018b2948d855c
Gerrit-Change-Number: 42050
Gerrit-PatchSet: 1
Gerrit-Owner: canghaiwuhen <[email protected]>
