From 2cc717b5066c377d2d214150ebd5e2960c4d0de2 Mon Sep 17 00:00:00 2001 From: Pedro Alvarez Date: Thu, 8 Feb 2018 13:57:30 +0000 Subject: [PATCH] Starting to check NAS intgrity of GUTI attach. --- srsepc/hdr/mme/s1ap.h | 4 ++-- srsepc/src/mme/s1ap.cc | 11 +++++----- srsepc/src/mme/s1ap_nas_transport.cc | 30 ++++++++++++++++++---------- 3 files changed, 28 insertions(+), 17 deletions(-) diff --git a/srsepc/hdr/mme/s1ap.h b/srsepc/hdr/mme/s1ap.h index 323e15df2..0025a2f39 100644 --- a/srsepc/hdr/mme/s1ap.h +++ b/srsepc/hdr/mme/s1ap.h @@ -94,7 +94,7 @@ public: void store_tmp_ue_emm_ctx(const ue_emm_ctx_t &ue_ecm_ctx); bool get_tmp_ue_emm_ctx(uint32_t mme_ue_s1ap_id, ue_emm_ctx_t* ue_emm_ptr); - uint32_t allocate_m_tmsi(uint32_t mme_ue_s1ap_id); + uint32_t allocate_m_tmsi(uint64_t imsi); s1ap_args_t m_s1ap_args; srslte::log_filter *m_s1ap_log; @@ -103,7 +103,7 @@ public: s1ap_nas_transport* m_s1ap_nas_transport; s1ap_ctx_mngmt_proc* m_s1ap_ctx_mngmt_proc; - std::map m_tmsi_to_s1ap_id; + std::map m_tmsi_to_s1ap_id; private: s1ap(); diff --git a/srsepc/src/mme/s1ap.cc b/srsepc/src/mme/s1ap.cc index 4f526ed58..9e59d9545 100644 --- a/srsepc/src/mme/s1ap.cc +++ b/srsepc/src/mme/s1ap.cc @@ -38,7 +38,8 @@ boost::mutex s1ap_instance_mutex; s1ap::s1ap(): m_s1mme(-1), - m_next_mme_ue_s1ap_id(1) + m_next_mme_ue_s1ap_id(1), + m_next_m_tmsi(0xA000) { } @@ -512,11 +513,11 @@ s1ap::activate_eps_bearer(uint32_t mme_s1ap_id, uint8_t ebi) } uint32_t -s1ap::allocate_m_tmsi(uint32_t mme_ue_s1ap_id) +s1ap::allocate_m_tmsi(uint64_t imsi) { - //uint32_t m_tmsi = m_next_m_tmsi++; - //m_tmsi_to_s1ap_id.insert(std::pair(m_tmsi,mme_ue_s1ap_id)); - uint32_t m_tmsi = 0x0123; + uint32_t m_tmsi = m_next_m_tmsi++; + m_tmsi_to_s1ap_id.insert(std::pair(m_tmsi,imsi)); + //uint32_t m_tmsi = 0x0123; return m_tmsi; } diff --git a/srsepc/src/mme/s1ap_nas_transport.cc b/srsepc/src/mme/s1ap_nas_transport.cc index df33ecf3a..27b6e4bb7 100644 --- a/srsepc/src/mme/s1ap_nas_transport.cc +++ b/srsepc/src/mme/s1ap_nas_transport.cc @@ -342,7 +342,7 @@ s1ap_nas_transport::handle_nas_guti_attach_request(uint32_t enb_ue_s1ap_id, { //GUTI style attach uint32_t m_tmsi = attach_req.eps_mobile_id.guti.m_tmsi; - std::map::iterator it = m_s1ap->m_tmsi_to_s1ap_id.find(m_tmsi); + std::map::iterator it = m_s1ap->m_tmsi_to_s1ap_id.find(m_tmsi); if(it == m_s1ap->m_tmsi_to_s1ap_id.end()) { //Could not find IMSI from M-TMSI, send Id request @@ -411,21 +411,31 @@ s1ap_nas_transport::handle_nas_guti_attach_request(uint32_t enb_ue_s1ap_id, else{ m_s1ap_log->console("Attach Request -- Found M-TMSI: %d\n",m_tmsi); - /* - ue_ctx_t *ue_ctx_ptr = m_s1ap->find_ue_ctx(it->second); - if(ue_ctx_ptr!=NULL) + //Get UE EMM context + ue_emm_ctx_t *ue_emm_ctx = find_ue_emm_ctx_from_imsi(it->second); + if(ue_emm_ctx_ptr!=NULL) { - m_s1ap_log->console("Found UE context. IMSI: %015lu\n",ue_ctx_ptr->imsi); - m_mme_gtpc->send_create_session_request(ue_ctx_ptr->imsi, ue_ctx_ptr->mme_ue_s1ap_id); - *reply_flag = false; //No reply needed - return true; + m_s1ap_log->console("Found UE context. IMSI: %015lu\n",ue_emm_ctx_ptr->imsi); + //Check NAS integrity + bool msg_valid = false; + + if(msg_valid == true) + { + //Create session request + m_mme_gtpc->send_create_session_request(ue_ctx_ptr->imsi, ue_ctx_ptr->mme_ue_s1ap_id); + *reply_flag = false; //No reply needed + return true; + } + else + { + //NAS integrity + } } else { m_s1ap_log->error("Found M-TMSI but could not find UE context\n"); return false; } - */ } return true; } @@ -1052,7 +1062,7 @@ s1ap_nas_transport::pack_attach_accept(ue_emm_ctx_t *ue_emm_ctx, ue_ecm_ctx_t *u attach_accept.guti.guti.mnc = mnc; attach_accept.guti.guti.mme_group_id = m_s1ap->m_s1ap_args.mme_group; attach_accept.guti.guti.mme_code = m_s1ap->m_s1ap_args.mme_code; - attach_accept.guti.guti.m_tmsi = m_s1ap->allocate_m_tmsi(ue_ecm_ctx->mme_ue_s1ap_id); + attach_accept.guti.guti.m_tmsi = m_s1ap->allocate_m_tmsi(ue_emm_ctx->imsi); m_s1ap_log->debug("Allocated GUTI: MCC %d, MNC %d, MME Group Id %d, MME Code 0x%x, M-TMSI 0x%x\n", attach_accept.guti.guti.mcc, attach_accept.guti.guti.mnc,