Gitiles
Code Review Sign In
gerrit.osmocom.org / osmo-bsc / 3561bd48976dbee8dbd4659dad15be85a3e79ace / . / src / libbsc / bsc_subscr_conn_fsm.c
blob: 652fdcdec1aafc61b244c89d2bf4318c76225dc7 [file] [log] [blame]
Harald Welte3561bd42018-01-28 03:04:16 +0100[diff] [blame^]1/* (C) 2017 by Harald Welte <laforge@gnumonks.org>
2 * All Rights Reserved
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU Affero General Public License as published by
6 * the Free Software Foundation; either version 3 of the License, or
7 * (at your option) any later version.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU Affero General Public License for more details.
13 *
14 * You should have received a copy of the GNU Affero General Public License
15 * along with this program. If not, see <http://www.gnu.org/licenses/>.
16 *
17 */
18
19#include <osmocom/core/fsm.h>
20#include <osmocom/core/logging.h>
21#include <osmocom/gsm/gsm0808.h>
22#include <osmocom/sigtran/sccp_sap.h>
23#include <osmocom/gsm/gsm0808_utils.h>
24
25#include <osmocom/bsc/debug.h>
26#include <osmocom/bsc/bsc_api.h>
27#include <osmocom/bsc/gsm_data.h>
28#include <osmocom/bsc/handover.h>
29#include <osmocom/bsc/chan_alloc.h>
30#include <osmocom/bsc/bsc_subscriber.h>
31#include <osmocom/bsc/osmo_bsc_sigtran.h>
32#include <osmocom/bsc/bsc_subscr_conn_fsm.h>
33#include <osmocom/bsc/osmo_bsc.h>
34#include <osmocom/bsc/penalty_timers.h>
35#include <osmocom/mgcp_client/mgcp_client_fsm.h>
36#include <osmocom/core/byteswap.h>
37
38#define S(x) (1 << (x))
39
40#define MGCP_MGW_TIMEOUT 4 /* in seconds */
41#define MGCP_MGW_TIMEOUT_TIMER_NR 1
42
43#define MGCP_MGW_HO_TIMEOUT 4 /* in seconds */
44#define MGCP_MGW_HO_TIMEOUT_TIMER_NR 2
45
46#define GSM0808_T10_TIMER_NR 10
47#define GSM0808_T10_VALUE 6
48
49#define ENDPOINT_ID "rtpbridge/*@mgw"
50
51enum gscon_fsm_states {
52 ST_INIT,
53 /* waiting for CC from MSC */
54 ST_WAIT_CC,
55 /* active connection */
56 ST_ACTIVE,
57 /* during assignment; waiting for ASS_CMPL */
58 ST_WAIT_ASS_CMPL,
59 /* during assignment; waiting for MODE_MODIFY_ACK */
60 ST_WAIT_MODE_MODIFY_ACK,
61 /* BSSMAP CLEAR has been received */
62 ST_CLEARING,
63
64/* MGW handling */
65 /* during assignment; waiting for MGW response to CRCX for BTS */
66 ST_WAIT_CRCX_BTS,
67 /* during assignment; waiting for MGW response to MDCX for BTS */
68 ST_WAIT_MDCX_BTS,
69 /* during assignment; waiting for MGW response to CRCX for MSC */
70 ST_WAIT_CRCX_MSC,
71
72/* MT (inbound) handover */
73 /* Wait for Handover Access from MS/BTS */
74 ST_WAIT_MT_HO_ACC,
75 /* Wait for RR Handover Complete from MS/BTS */
76 ST_WAIT_MT_HO_COMPL,
77
78/* MO (outbound) handover */
79 /* Wait for Handover Command / Handover Required Reject from MSC */
80 ST_WAIT_MO_HO_CMD,
81 /* Wait for Clear Command from MSC */
82 ST_MO_HO_PROCEEDING,
83
84/* Internal HO handling */
85 /* Wait for the handover logic to complete the handover */
86 ST_WAIT_HO_COMPL,
87 /* during handover; waiting for MGW response to MDCX for BTS */
88 ST_WAIT_MDCX_BTS_HO,
89};
90
91static const struct value_string gscon_fsm_event_names[] = {
92 {GSCON_EV_A_CONN_IND, "MT-CONNECT.ind"},
93 {GSCON_EV_A_CONN_REQ, "MO-CONNECT.req"},
94 {GSCON_EV_A_CONN_CFM, "MO-CONNECT.cfm"},
95 {GSCON_EV_A_ASSIGNMENT_CMD, "ASSIGNMENT_CMD"},
96 {GSCON_EV_A_CLEAR_CMD, "CLEAR_CMD"},
97 {GSCON_EV_A_DISC_IND, "DISCONNET.ind"},
98 {GSCON_EV_A_HO_REQ, "HANDOVER_REQUEST"},
99
100 {GSCON_EV_RR_ASS_COMPL, "RR_ASSIGN_COMPL"},
101 {GSCON_EV_RR_ASS_FAIL, "RR_ASSIGN_FAIL"},
102 {GSCON_EV_RR_MODE_MODIFY_ACK, "RR_MODE_MODIFY_ACK"},
103 {GSCON_EV_RR_HO_ACC, "RR_HO_ACCESS"},
104 {GSCON_EV_RR_HO_COMPL, "RR_HO_COMPLETE"},
105 {GSCON_EV_RLL_REL_IND, "RLL_RELEASE.ind"},
106 {GSCON_EV_RSL_CONN_FAIL, "RSL_CONN_FAIL.ind"},
107 {GSCON_EV_RSL_CLEAR_COMPL, "RSL_CLEAR_COMPLETE"},
108
109 {GSCON_EV_MO_DTAP, "MO-DTAP"},
110 {GSCON_EV_MT_DTAP, "MT-DTAP"},
111 {GSCON_EV_TX_SCCP, "TX_SCCP"},
112
113 {GSCON_EV_MGW_FAIL_BTS, "MGW_FAILURE_BTS"},
114 {GSCON_EV_MGW_FAIL_MSC, "MGW_FAILURE_MSC"},
115 {GSCON_EV_MGW_CRCX_RESP_BTS, "MGW_CRCX_RESPONSE_BTS"},
116 {GSCON_EV_MGW_MDCX_RESP_BTS, "MGW_MDCX_RESPONSE_BTS"},
117 {GSCON_EV_MGW_CRCX_RESP_MSC, "MGW_CRCX_RESPONSE_MSC"},
118
119 {GSCON_EV_HO_START, "HO_START"},
120 {GSCON_EV_HO_TIMEOUT, "HO_TIMEOUT"},
121 {GSCON_EV_HO_FAIL, "HO_FAIL"},
122 {GSCON_EV_HO_COMPL, "HO_COMPL"},
123
124 {0, NULL}
125};
126
127/* Send data SCCP message through SCCP connection. All sigtran messages
128 * that are send from this FSM must use this function. Never use
129 * osmo_bsc_sigtran_send() directly since this would defeat the checks
130 * provided by this function. */
131static void sigtran_send(struct gsm_subscriber_connection *conn, struct msgb *msg, struct osmo_fsm_inst *fi)
132{
133 int rc;
134
135 /* Make sure that we only attempt to send SCCP messages if we have
136 * a life SCCP connection. Otherwise drop the message. */
137 if (fi->state == ST_INIT || fi->state == ST_WAIT_CC) {
138 LOGPFSML(fi, LOGL_ERROR, "No active SCCP connection, dropping message!\n");
139 msgb_free(msg);
140 return;
141 }
142
143 rc = osmo_bsc_sigtran_send(conn, msg);
144 if (rc < 0)
145 LOGPFSML(fi, LOGL_ERROR, "Unable to deliver SCCP message!\n");
146}
147
148/* Generate and send assignment complete message */
149static void send_ass_compl(struct gsm_lchan *lchan, struct osmo_fsm_inst *fi)
150{
151 struct msgb *resp;
152 struct gsm0808_speech_codec sc;
153 struct gsm_subscriber_connection *conn;
154
155 conn = lchan->conn;
156
157 OSMO_ASSERT(lchan->abis_ip.ass_compl.valid);
158 OSMO_ASSERT(conn);
159
160 LOGPFSML(fi, LOGL_DEBUG, "Sending assignment complete message... (id=%i)\n", conn->sccp.conn_id);
161
162 /* Extrapolate speech codec from speech mode */
163 gsm0808_speech_codec_from_chan_type(&sc, lchan->abis_ip.ass_compl.speech_mode);
164
165 /* Generate message */
166 resp = gsm0808_create_ass_compl(lchan->abis_ip.ass_compl.rr_cause,
167 lchan->abis_ip.ass_compl.chosen_channel,
168 lchan->abis_ip.ass_compl.encr_alg_id,
169 lchan->abis_ip.ass_compl.speech_mode,
170 &conn->user_plane.aoip_rtp_addr_local, &sc, NULL);
171
172 if (!resp) {
173 LOGPFSML(fi, LOGL_ERROR, "Failed to generate assignment completed message! (id=%i)\n",
174 conn->sccp.conn_id);
175 }
176
177 sigtran_send(conn, resp, fi);
178}
179
180/* forward MT DTAP from BSSAP side to RSL side */
181static void submit_dtap(struct gsm_subscriber_connection *conn, struct msgb *msg, struct osmo_fsm_inst *fi)
182{
183 int rc;
184 struct msgb *resp = NULL;
185
186 OSMO_ASSERT(fi);
187 OSMO_ASSERT(msg);
188 OSMO_ASSERT(conn);
189
190 rc = gsm0808_submit_dtap(conn, msg, OBSC_LINKID_CB(msg), 1);
191 if (rc != 0) {
192 LOGPFSML(fi, LOGL_ERROR, "Tx BSSMAP CLEAR REQUEST to MSC\n");
193 resp = gsm0808_create_clear_rqst(GSM0808_CAUSE_EQUIPMENT_FAILURE);
194 sigtran_send(conn, resp, fi);
195 osmo_fsm_inst_state_chg(fi, ST_ACTIVE, 0, 0);
196 return;
197 }
198}
199
200/* forward MO DTAP from RSL side to BSSAP side */
201/* FIXME: move fi parameter to the beginning */
202static void forward_dtap(struct msgb *msg, struct gsm_subscriber_connection *conn, struct osmo_fsm_inst *fi)
203{
204 struct msgb *resp = NULL;
205
206 OSMO_ASSERT(msg);
207 OSMO_ASSERT(conn);
208
209 resp = gsm0808_create_dtap(msg, OBSC_LINKID_CB(msg));
210 sigtran_send(conn, resp, fi);
211}
212
213/* In case there are open MGCP connections, toss
214 * those connections */
215static void toss_mgcp_conn(struct gsm_subscriber_connection *conn, struct osmo_fsm_inst *fi)
216{
217 LOGPFSML(fi, LOGL_ERROR, "tossing all MGCP connections...\n");
218
219 if (conn->user_plane.fi_bts) {
220 mgcp_conn_delete(conn->user_plane.fi_bts);
221 conn->user_plane.fi_bts = NULL;
222 }
223
224 if (conn->user_plane.fi_msc) {
225 mgcp_conn_delete(conn->user_plane.fi_msc);
226 conn->user_plane.fi_msc = NULL;
227 }
228
229 if (conn->user_plane.mgw_endpoint) {
230 talloc_free(conn->user_plane.mgw_endpoint);
231 conn->user_plane.mgw_endpoint = NULL;
232 }
233}
234
235static void gscon_fsm_init(struct osmo_fsm_inst *fi, uint32_t event, void *data)
236{
237 struct gsm_subscriber_connection *conn = fi->priv;
238 struct osmo_scu_prim *scu_prim = NULL;
239 struct msgb *msg = NULL;
240 int rc;
241
242 switch (event) {
243 case GSCON_EV_A_CONN_REQ:
244 /* RLL ESTABLISH IND with initial L3 Message */
245 msg = data;
246 /* FIXME: Extract Mobile ID and update FSM using osmo_fsm_inst_set_id()
247 * i.e. we will probably extract the mobile identity earlier, where the
248 * imsi filter code is. Then we could just use it here.
249 * related: OS#2969 */
250
251 rc = osmo_bsc_sigtran_open_conn(conn, msg);
252 if (rc < 0) {
253 osmo_fsm_inst_term(fi, OSMO_FSM_TERM_ERROR, NULL);
254 } else {
255 /* SCCP T(conn est) is 1-2 minutes, way too long. The MS will timeout
256 * using T3210 (20s), T3220 (5s) or T3230 (10s) */
257 osmo_fsm_inst_state_chg(fi, ST_WAIT_CC, 20, 993210);
258 }
259 break;
260 case GSCON_EV_A_CONN_IND:
261 scu_prim = data;
262 if (!conn->sccp.msc) {
263 LOGPFSML(fi, LOGL_NOTICE, "N-CONNECT.ind from unknown MSC %s\n",
264 osmo_sccp_addr_dump(&scu_prim->u.connect.calling_addr));
265 osmo_sccp_tx_disconn(conn->sccp.msc->a.sccp_user, scu_prim->u.connect.conn_id,
266 &scu_prim->u.connect.called_addr, 0);
267 osmo_fsm_inst_term(fi, OSMO_FSM_TERM_REGULAR, NULL);
268 }
269 /* FIXME: Extract optional IMSI and update FSM using osmo_fsm_inst_set_id()
270 * related: OS2969 (same as above) */
271
272 LOGPFSML(fi, LOGL_NOTICE, "No support for MSC-originated SCCP Connections yet\n");
273 osmo_sccp_tx_disconn(conn->sccp.msc->a.sccp_user, scu_prim->u.connect.conn_id,
274 &scu_prim->u.connect.called_addr, 0);
275 osmo_fsm_inst_term(fi, OSMO_FSM_TERM_REGULAR, NULL);
276 break;
277 default:
278 OSMO_ASSERT(false);
279 break;
280 }
281}
282
283/* We've sent the CONNECTION.req to the SCCP provider and are waiting for CC from MSC */
284static void gscon_fsm_wait_cc(struct osmo_fsm_inst *fi, uint32_t event, void *data)
285{
286 switch (event) {
287 case GSCON_EV_A_CONN_CFM:
288 /* MSC has confirmed the connection, we now change into the
289 * active state and wait there for further operations */
290 osmo_fsm_inst_state_chg(fi, ST_ACTIVE, 0, 0);
291 /* if there's user payload, forward it just like EV_MT_DTAP */
292 /* FIXME: Question: if there's user payload attached to the CC, forward it like EV_MT_DTAP? */
293 break;
294 default:
295 OSMO_ASSERT(false);
296 break;
297 }
298}
299
300/* We're on an active subscriber connection, passing DTAP back and forth */
301static void gscon_fsm_active(struct osmo_fsm_inst *fi, uint32_t event, void *data)
302{
303 struct gsm_subscriber_connection *conn = fi->priv;
304 struct msgb *resp = NULL;
305 struct mgcp_conn_peer conn_peer;
306 int rc;
307
308 switch (event) {
309 case GSCON_EV_A_ASSIGNMENT_CMD:
310 /* MSC requests us to perform assignment, this code section is
311 * triggered via signal GSCON_EV_A_ASSIGNMENT_CMD from
312 * bssmap_handle_assignm_req() in osmo_bsc_bssap.c, which does
313 * the parsing of incoming assignment requests. */
314
315 LOGPFSML(fi, LOGL_NOTICE, "Channel assignment: chan_mode=%s, full_rate=%i\n",
316 get_value_string(gsm48_chan_mode_names, conn->user_plane.chan_mode),
317 conn->user_plane.full_rate);
318
319 /* FIXME: We need to check if current channel is sufficient. If
320 * yes, do MODIFY. If not, do assignment (see commented lines below) */
321
322 /* FIXME: At the moment, the FSM is constructed in an
323 * unfortunate way. In case of a voice channel assignment
324 * we first go through a couple of MGCP related states,
325 * then reach the state where the actual channel assignment
326 * happens and then again we perform some MGCP related
327 * actions and eventually end up in ST_ACTIVE again. This
328 * could be restructured */
329
330 switch (conn->user_plane.chan_mode) {
331 case GSM48_CMODE_SPEECH_V1:
332 case GSM48_CMODE_SPEECH_EFR:
333 case GSM48_CMODE_SPEECH_AMR:
334 /* A voice channel is requested, so we run down the
335 * mgcp-ass-mgcp state-chain (see FIXME above) */
336 memset(&conn_peer, 0, sizeof(conn_peer));
337 conn_peer.call_id = conn->sccp.conn_id;
338 osmo_strlcpy(conn_peer.endpoint, ENDPOINT_ID, sizeof(conn_peer.endpoint));
339
340 /* (Pre)Change state and create the connection */
341 osmo_fsm_inst_state_chg(fi, ST_WAIT_CRCX_BTS, MGCP_MGW_TIMEOUT, MGCP_MGW_TIMEOUT_TIMER_NR);
342 conn->user_plane.fi_bts =
343 mgcp_conn_create(conn->network->mgw.client, fi, GSCON_EV_MGW_FAIL_BTS,
344 GSCON_EV_MGW_CRCX_RESP_BTS, &conn_peer);
345 if (!conn->user_plane.fi_bts) {
346 resp = gsm0808_create_assignment_failure(GSM0808_CAUSE_EQUIPMENT_FAILURE, NULL);
347 sigtran_send(conn, resp, fi);
348 osmo_fsm_inst_state_chg(fi, ST_ACTIVE, 0, 0);
349 return;
350 }
351 break;
352 case GSM48_CMODE_SIGN:
353 /* A signalling channel is requested, so we perform the
354 * channel assignment directly without performing any
355 * MGCP actions. ST_WAIT_ASS_CMPL will see by the
356 * conn->user_plane.chan_mode parameter that this
357 * assignment is for a signalling channel and will then
358 * change back to ST_ACTIVE (here) immediately. */
359 rc = gsm0808_assign_req(conn, conn->user_plane.full_rate, conn->user_plane.chan_mode);
360 if (rc != 0) {
361 resp = gsm0808_create_assignment_failure(GSM0808_CAUSE_EQUIPMENT_FAILURE, NULL);
362 sigtran_send(conn, resp, fi);
363 return;
364 }
365
366 osmo_fsm_inst_state_chg(fi, ST_WAIT_ASS_CMPL, GSM0808_T10_VALUE, GSM0808_T10_TIMER_NR);
367 break;
368 default:
369 /* An unsupported channel is requested, so we have to
370 * reject this request by sending an assignment failure
371 * message immediately */
372 LOGPFSML(fi, LOGL_ERROR, "Requested channel mode is not supported!\n",
373 get_value_string(gsm48_chan_mode_names, conn->user_plane.chan_mode),
374 conn->user_plane.full_rate);
375
376 /* The requested channel mode is not supported */
377 resp = gsm0808_create_assignment_failure(GSM0808_CAUSE_REQ_CODEC_TYPE_OR_CONFIG_NOT_SUPP, NULL);
378 sigtran_send(conn, resp, fi);
379 break;
380 }
381 break;
382 case GSCON_EV_HO_START:
383 rc = bsc_handover_start_gscon(conn);
384 if (rc) {
385 resp = gsm0808_create_clear_rqst(GSM0808_CAUSE_EQUIPMENT_FAILURE);
386 sigtran_send(conn, resp, fi);
387 osmo_fsm_inst_state_chg(fi, ST_CLEARING, 0, 0);
388 return;
389 }
390
391 /* Note: No timeout is set here, T3103 in handover_logic.c
392 * will generate a GSCON_EV_HO_TIMEOUT event should the
393 * handover time out, so we do not need another timeout
394 * here (maybe its worth to think about giving GSCON
395 * more power over the actual handover process). */
396 osmo_fsm_inst_state_chg(fi, ST_WAIT_HO_COMPL, 0, 0);
397 break;
398 case GSCON_EV_A_HO_REQ:
399 /* FIXME: reject any handover requests with HO FAIL until implemented */
400 break;
401 case GSCON_EV_MO_DTAP:
402 forward_dtap((struct msgb *)data, conn, fi);
403 break;
404 case GSCON_EV_MT_DTAP:
405 submit_dtap(conn, (struct msgb *)data, fi);
406 break;
407 case GSCON_EV_TX_SCCP:
408 sigtran_send(conn, (struct msgb *)data, fi);
409 break;
410 default:
411 OSMO_ASSERT(false);
412 break;
413 }
414}
415
416/* Before we may start the channel assignment we need to get an IP/Port for the
417 * RTP connection from the MGW */
418static void gscon_fsm_wait_crcx_bts(struct osmo_fsm_inst *fi, uint32_t event, void *data)
419{
420 struct gsm_subscriber_connection *conn = fi->priv;
421 struct mgcp_conn_peer *conn_peer = NULL;
422 struct msgb *resp = NULL;
423 int rc;
424
425 switch (event) {
426 case GSCON_EV_MGW_CRCX_RESP_BTS:
427 conn_peer = data;
428
429 /* Check if the MGW has assigned an enpoint to us, we can not
430 * proceed */
431 if (strlen(conn_peer->endpoint) <= 0) {
432 resp = gsm0808_create_assignment_failure(GSM0808_CAUSE_EQUIPMENT_FAILURE, NULL);
433 sigtran_send(conn, resp, fi);
434 osmo_fsm_inst_state_chg(fi, ST_ACTIVE, 0, 0);
435 return;
436 }
437
438 /* Memorize the endpoint name we got assigned from the MGW.
439 * When the BTS sided connection is done, we need to create
440 * a second connection on that same endpoint, so we need
441 * to know its ID */
442 if (!conn->user_plane.mgw_endpoint)
443 conn->user_plane.mgw_endpoint = talloc_zero_size(conn, MGCP_ENDPOINT_MAXLEN);
444 OSMO_ASSERT(conn->user_plane.mgw_endpoint);
445 osmo_strlcpy(conn->user_plane.mgw_endpoint, conn_peer->endpoint, MGCP_ENDPOINT_MAXLEN);
446
447 /* Store the IP-Address and the port the MGW assigned to us,
448 * then start the channel assignment. */
449 conn->user_plane.rtp_port = conn_peer->port;
450 conn->user_plane.rtp_ip = osmo_ntohl(inet_addr(conn_peer->addr));
451 rc = gsm0808_assign_req(conn, conn->user_plane.full_rate, conn->user_plane.chan_mode);
452 if (rc != 0) {
453 resp = gsm0808_create_assignment_failure(GSM0808_CAUSE_RQSTED_SPEECH_VERSION_UNAVAILABLE, NULL);
454 sigtran_send(conn, resp, fi);
455 osmo_fsm_inst_state_chg(fi, ST_ACTIVE, 0, 0);
456 return;
457 }
458
459 osmo_fsm_inst_state_chg(fi, ST_WAIT_ASS_CMPL, GSM0808_T10_VALUE, GSM0808_T10_TIMER_NR);
460 break;
461 case GSCON_EV_MO_DTAP:
462 forward_dtap((struct msgb *)data, conn, fi);
463 break;
464 case GSCON_EV_MT_DTAP:
465 submit_dtap(conn, (struct msgb *)data, fi);
466 break;
467 case GSCON_EV_TX_SCCP:
468 sigtran_send(conn, (struct msgb *)data, fi);
469 break;
470 default:
471 OSMO_ASSERT(false);
472 break;
473 }
474}
475
476/* We're waiting for an ASSIGNMENT COMPLETE from MS */
477static void gscon_fsm_wait_ass_cmpl(struct osmo_fsm_inst *fi, uint32_t event, void *data)
478{
479 struct gsm_subscriber_connection *conn = fi->priv;
480 struct gsm_lchan *lchan = conn->lchan;
481 struct mgcp_conn_peer conn_peer;
482 struct in_addr addr;
483 struct msgb *resp = NULL;
484 int rc;
485
486 switch (event) {
487 case GSCON_EV_RR_ASS_COMPL:
488 switch (conn->user_plane.chan_mode) {
489 case GSM48_CMODE_SPEECH_V1:
490 case GSM48_CMODE_SPEECH_EFR:
491 case GSM48_CMODE_SPEECH_AMR:
492 /* FIXME: What if we are using SCCP-Lite? */
493
494 /* We are dealing with a voice channel, so we can not
495 * confirm the assignment directly. We must first do
496 * some final steps on the MGCP side. */
497
498 /* Prepare parameters with the information we got during the assignment */
499 memset(&conn_peer, 0, sizeof(conn_peer));
500 addr.s_addr = osmo_ntohl(lchan->abis_ip.bound_ip);
501 osmo_strlcpy(conn_peer.addr, inet_ntoa(addr), sizeof(conn_peer.addr));
502 conn_peer.port = lchan->abis_ip.bound_port;
503
504 /* (Pre)Change state and modify the connection */
505 osmo_fsm_inst_state_chg(fi, ST_WAIT_MDCX_BTS, MGCP_MGW_TIMEOUT, MGCP_MGW_TIMEOUT_TIMER_NR);
506 rc = mgcp_conn_modify(conn->user_plane.fi_bts, GSCON_EV_MGW_MDCX_RESP_BTS, &conn_peer);
507 if (rc != 0) {
508 resp = gsm0808_create_assignment_failure(GSM0808_CAUSE_EQUIPMENT_FAILURE, NULL);
509 sigtran_send(conn, resp, fi);
510 osmo_fsm_inst_state_chg(fi, ST_ACTIVE, 0, 0);
511 return;
512 }
513 break;
514 case GSM48_CMODE_SIGN:
515 /* Confirm the successful assignment on BSSMAP and
516 * change back into active state */
517 send_ass_compl(lchan, fi);
518 osmo_fsm_inst_state_chg(fi, ST_ACTIVE, 0, 0);
519 break;
520 default:
521 /* Unsupported modes should have been already filtered
522 * by gscon_fsm_active(). If we reach the default
523 * section here anyway than some unsupported mode must
524 * have made it into the FSM, this would be a bug, so
525 * we fire an assertion here */
526 OSMO_ASSERT(false);
527 break;
528 }
529
530 break;
531 case GSCON_EV_RR_ASS_FAIL:
532 resp = gsm0808_create_assignment_failure(GSM0808_CAUSE_RQSTED_TERRESTRIAL_RESOURCE_UNAVAILABLE, NULL);
533 sigtran_send(conn, resp, fi);
534 osmo_fsm_inst_state_chg(fi, ST_ACTIVE, 0, 0);
535 break;
536 case GSCON_EV_MO_DTAP:
537 forward_dtap((struct msgb *)data, conn, fi);
538 break;
539 case GSCON_EV_MT_DTAP:
540 submit_dtap(conn, (struct msgb *)data, fi);
541 break;
542 case GSCON_EV_TX_SCCP:
543 sigtran_send(conn, (struct msgb *)data, fi);
544 break;
545 default:
546 OSMO_ASSERT(false);
547 break;
548 }
549}
550
551/* We are waiting for the MGW response to the MDCX */
552static void gscon_fsm_wait_mdcx_bts(struct osmo_fsm_inst *fi, uint32_t event, void *data)
553{
554 struct gsm_subscriber_connection *conn = fi->priv;
555 struct mgcp_conn_peer conn_peer;
556 struct sockaddr_in *sin = NULL;
557 struct msgb *resp = NULL;
558
559 switch (event) {
560 case GSCON_EV_MGW_MDCX_RESP_BTS:
561
562 /* Prepare parameters with the connection information we got
563 * with the assignment command */
564 memset(&conn_peer, 0, sizeof(conn_peer));
565 conn_peer.call_id = conn->sccp.conn_id;
566 sin = (struct sockaddr_in *)&conn->user_plane.aoip_rtp_addr_remote;
567 conn_peer.port = osmo_ntohs(sin->sin_port);
568 osmo_strlcpy(conn_peer.addr, inet_ntoa(sin->sin_addr), sizeof(conn_peer.addr));
569
570 /* Make sure we use the same endpoint where we created the
571 * BTS connection. */
572 osmo_strlcpy(conn_peer.endpoint, conn->user_plane.mgw_endpoint, sizeof(conn_peer.endpoint));
573
574 /* (Pre)Change state and create the connection */
575 osmo_fsm_inst_state_chg(fi, ST_WAIT_CRCX_MSC, MGCP_MGW_TIMEOUT, MGCP_MGW_TIMEOUT_TIMER_NR);
576 conn->user_plane.fi_msc =
577 mgcp_conn_create(conn->network->mgw.client, fi, GSCON_EV_MGW_FAIL_MSC, GSCON_EV_MGW_CRCX_RESP_MSC,
578 &conn_peer);
579 if (!conn->user_plane.fi_bts) {
580 resp = gsm0808_create_assignment_failure(GSM0808_CAUSE_EQUIPMENT_FAILURE, NULL);
581 sigtran_send(conn, resp, fi);
582 osmo_fsm_inst_state_chg(fi, ST_ACTIVE, 0, 0);
583 return;
584 }
585
586 break;
587 case GSCON_EV_MO_DTAP:
588 forward_dtap((struct msgb *)data, conn, fi);
589 break;
590 case GSCON_EV_MT_DTAP:
591 submit_dtap(conn, (struct msgb *)data, fi);
592 break;
593 case GSCON_EV_TX_SCCP:
594 sigtran_send(conn, (struct msgb *)data, fi);
595 break;
596 default:
597 OSMO_ASSERT(false);
598 break;
599 }
600}
601
602static void gscon_fsm_wait_crcx_msc(struct osmo_fsm_inst *fi, uint32_t event, void *data)
603{
604 struct gsm_subscriber_connection *conn = fi->priv;
605 struct mgcp_conn_peer *conn_peer = NULL;
606 struct gsm_lchan *lchan = conn->lchan;
607 struct sockaddr_in *sin = NULL;
608
609 switch (event) {
610 case GSCON_EV_MGW_CRCX_RESP_MSC:
611 conn_peer = data;
612
613 /* Store address information we got in response from the CRCX command. */
614 sin = (struct sockaddr_in *)&conn->user_plane.aoip_rtp_addr_local;
615 sin->sin_family = AF_INET;
616 sin->sin_addr.s_addr = inet_addr(conn_peer->addr);
617 sin->sin_port = osmo_ntohs(conn_peer->port);
618
619 /* Send assignment complete message to the MSC */
620 send_ass_compl(lchan, fi);
621
622 osmo_fsm_inst_state_chg(fi, ST_ACTIVE, 0, 0);
623
624 break;
625 case GSCON_EV_MO_DTAP:
626 forward_dtap((struct msgb *)data, conn, fi);
627 break;
628 case GSCON_EV_MT_DTAP:
629 submit_dtap(conn, (struct msgb *)data, fi);
630 break;
631 case GSCON_EV_TX_SCCP:
632 sigtran_send(conn, (struct msgb *)data, fi);
633 break;
634 default:
635 OSMO_ASSERT(false);
636 break;
637 }
638}
639
640/* We're waiting for a MODE MODIFY ACK from MS + BTS */
641static void gscon_fsm_wait_mode_modify_ack(struct osmo_fsm_inst *fi, uint32_t event, void *data)
642{
643 struct gsm_subscriber_connection *conn = fi->priv;
644 struct gsm_lchan *lchan = conn->lchan;
645
646 switch (event) {
647 case GSCON_EV_RR_MODE_MODIFY_ACK:
648 /* we assume that not only have we received the RR MODE_MODIFY_ACK, but
649 * actually that also the BTS side of the channel mode has been changed accordingly */
650 osmo_fsm_inst_state_chg(fi, ST_ACTIVE, 0, 0);
651
652 /* FIXME: Check if this requires special handling. For now I assume that the send_ass_compl()
653 * can be used. But I am not sure. */
654 send_ass_compl(lchan, fi);
655
656 break;
657 /* FIXME: Do we need to handle DTAP traffic in this state? Maybe yes? Needs to be checked. */
658 case GSCON_EV_MO_DTAP:
659 forward_dtap((struct msgb *)data, conn, fi);
660 break;
661 case GSCON_EV_MT_DTAP:
662 submit_dtap(conn, (struct msgb *)data, fi);
663 break;
664 case GSCON_EV_TX_SCCP:
665 sigtran_send(conn, (struct msgb *)data, fi);
666 break;
667 default:
668 OSMO_ASSERT(false);
669 break;
670 }
671}
672
673static void gscon_fsm_clearing(struct osmo_fsm_inst *fi, uint32_t event, void *data)
674{
675 struct gsm_subscriber_connection *conn = fi->priv;
676 struct msgb *resp;
677
678 switch (event) {
679 case GSCON_EV_RSL_CLEAR_COMPL:
680 resp = gsm0808_create_clear_complete();
681 sigtran_send(conn, resp, fi);
682 osmo_fsm_inst_term(fi, OSMO_FSM_TERM_REGULAR, data);
683 break;
684 default:
685 OSMO_ASSERT(false);
686 break;
687 }
688}
689
690/* Wait for the handover logic to tell us whether the handover completed,
691 * failed or has timed out */
692static void gscon_fsm_wait_ho_compl(struct osmo_fsm_inst *fi, uint32_t event, void *data)
693{
694 struct gsm_subscriber_connection *conn = fi->priv;
695 struct mgcp_conn_peer conn_peer;
696 struct gsm_lchan *lchan = conn->lchan;
697 struct in_addr addr;
698 struct msgb *resp;
699 int rc;
700
701 switch (event) {
702 case GSCON_EV_HO_COMPL:
703 /* The handover logic informs us that the handover has been
704 * completet. Now we have to tell the MGW the IP/Port on the
705 * new BTS so that the uplink RTP traffic can be redirected
706 * there. */
707
708 /* Prepare parameters with the information we got during the
709 * handover procedure (via IPACC) */
710 memset(&conn_peer, 0, sizeof(conn_peer));
711 addr.s_addr = osmo_ntohl(lchan->abis_ip.bound_ip);
712 osmo_strlcpy(conn_peer.addr, inet_ntoa(addr), sizeof(conn_peer.addr));
713 conn_peer.port = lchan->abis_ip.bound_port;
714
715 /* (Pre)Change state and modify the connection */
716 osmo_fsm_inst_state_chg(fi, ST_WAIT_MDCX_BTS_HO, MGCP_MGW_TIMEOUT, MGCP_MGW_HO_TIMEOUT_TIMER_NR);
717 rc = mgcp_conn_modify(conn->user_plane.fi_bts, GSCON_EV_MGW_MDCX_RESP_BTS, &conn_peer);
718 if (rc != 0) {
719 resp = gsm0808_create_clear_rqst(GSM0808_CAUSE_EQUIPMENT_FAILURE);
720 sigtran_send(conn, resp, fi);
721 osmo_fsm_inst_state_chg(fi, ST_CLEARING, 0, 0);
722 return;
723 }
724 break;
725 case GSCON_EV_HO_TIMEOUT:
726 case GSCON_EV_HO_FAIL:
727 /* The handover logic informs us that the handover failed for
728 * some reason. This means the phone stays on the TS/BTS on
729 * which it currently is. We will change back to the active
730 * state again as there are no further operations needed */
731 osmo_fsm_inst_state_chg(fi, ST_ACTIVE, 0, 0);
732 break;
733 default:
734 OSMO_ASSERT(false);
735 break;
736 }
737}
738
739/* Wait for the MGW to confirm handover related modification of the connection
740 * parameters */
741static void gscon_fsm_wait_mdcx_bts_ho(struct osmo_fsm_inst *fi, uint32_t event, void *data)
742{
743 struct gsm_subscriber_connection *conn = fi->priv;
744
745 switch (event) {
746 case GSCON_EV_MGW_MDCX_RESP_BTS:
747 /* The MGW has confirmed the handover MDCX, and the handover
748 * is now also done on the RTP side. We may now change back
749 * to the active state. */
750 osmo_fsm_inst_state_chg(fi, ST_ACTIVE, 0, 0);
751 break;
752 case GSCON_EV_MO_DTAP:
753 forward_dtap((struct msgb *)data, conn, fi);
754 break;
755 case GSCON_EV_MT_DTAP:
756 submit_dtap(conn, (struct msgb *)data, fi);
757 break;
758 case GSCON_EV_TX_SCCP:
759 sigtran_send(conn, (struct msgb *)data, fi);
760 break;
761 default:
762 OSMO_ASSERT(false);
763 break;
764 }
765}
766
767#define EV_TRANSPARENT_SCCP S(GSCON_EV_TX_SCCP) | S(GSCON_EV_MO_DTAP) | S(GSCON_EV_MT_DTAP)
768
769static const struct osmo_fsm_state gscon_fsm_states[] = {
770 [ST_INIT] = {
771 .name = OSMO_STRINGIFY(INIT),
772 .in_event_mask = S(GSCON_EV_A_CONN_REQ) | S(GSCON_EV_A_CONN_IND),
773 .out_state_mask = S(ST_WAIT_CC),
774 .action = gscon_fsm_init,
775 },
776 [ST_WAIT_CC] = {
777 .name = OSMO_STRINGIFY(WAIT_CC),
778 .in_event_mask = S(GSCON_EV_A_CONN_CFM),
779 .out_state_mask = S(ST_ACTIVE),
780 .action = gscon_fsm_wait_cc,
781 },
782 [ST_ACTIVE] = {
783 .name = OSMO_STRINGIFY(ACTIVE),
784 .in_event_mask = EV_TRANSPARENT_SCCP | S(GSCON_EV_A_ASSIGNMENT_CMD) | S(GSCON_EV_A_HO_REQ) |
785 S(GSCON_EV_HO_START),
786 .out_state_mask = S(ST_CLEARING) | S(ST_WAIT_CRCX_BTS) | S(ST_WAIT_ASS_CMPL) |
787 S(ST_WAIT_MODE_MODIFY_ACK) | S(ST_WAIT_MO_HO_CMD) | S(ST_WAIT_HO_COMPL),
788 .action = gscon_fsm_active,
789 },
790 [ST_WAIT_CRCX_BTS] = {
791 .name = OSMO_STRINGIFY(WAIT_CRCX_BTS),
792 .in_event_mask = EV_TRANSPARENT_SCCP | S(GSCON_EV_MGW_CRCX_RESP_BTS),
793 .out_state_mask = S(ST_ACTIVE) | S(ST_WAIT_ASS_CMPL),
794 .action = gscon_fsm_wait_crcx_bts,
795 },
796 [ST_WAIT_ASS_CMPL] = {
797 .name = OSMO_STRINGIFY(WAIT_ASS_CMPL),
798 .in_event_mask = EV_TRANSPARENT_SCCP | S(GSCON_EV_RR_ASS_COMPL) | S(GSCON_EV_RR_ASS_FAIL),
799 .out_state_mask = S(ST_ACTIVE) | S(ST_WAIT_MDCX_BTS),
800 .action = gscon_fsm_wait_ass_cmpl,
801 },
802 [ST_WAIT_MDCX_BTS] = {
803 .name = OSMO_STRINGIFY(WAIT_MDCX_BTS),
804 .in_event_mask = EV_TRANSPARENT_SCCP | S(GSCON_EV_MGW_MDCX_RESP_BTS),
805 .out_state_mask = S(ST_ACTIVE) | S(ST_WAIT_CRCX_MSC),
806 .action = gscon_fsm_wait_mdcx_bts,
807 },
808 [ST_WAIT_CRCX_MSC] = {
809 .name = OSMO_STRINGIFY(WAIT_CRCX_MSC),
810 .in_event_mask = EV_TRANSPARENT_SCCP | S(GSCON_EV_MGW_CRCX_RESP_MSC),
811 .out_state_mask = S(ST_ACTIVE),
812 .action = gscon_fsm_wait_crcx_msc,
813 },
814 [ST_WAIT_MODE_MODIFY_ACK] = {
815 .name = OSMO_STRINGIFY(WAIT_MODE_MODIFY_ACK),
816 .in_event_mask = EV_TRANSPARENT_SCCP | S(GSCON_EV_RR_MODE_MODIFY_ACK),
817 .out_state_mask = S(ST_ACTIVE) | S(ST_CLEARING),
818 .action = gscon_fsm_wait_mode_modify_ack,
819 },
820 [ST_CLEARING] = {
821 .name = OSMO_STRINGIFY(CLEARING),
822 .in_event_mask = S(GSCON_EV_RSL_CLEAR_COMPL),
823 .action = gscon_fsm_clearing,
824 },
825
826 /* TODO: external handover, probably it makes sense to break up the
827 * program flow in handover_logic.c a bit and handle some of the logic
828 * here? */
829 [ST_WAIT_MT_HO_ACC] = {
830 .name = OSMO_STRINGIFY(WAIT_MT_HO_ACC),
831 },
832 [ST_WAIT_MT_HO_COMPL] = {
833 .name = OSMO_STRINGIFY(WAIT_MT_HO_COMPL),
834 },
835 [ST_WAIT_MO_HO_CMD] = {
836 .name = OSMO_STRINGIFY(WAIT_MO_HO_CMD),
837 },
838 [ST_MO_HO_PROCEEDING] = {
839 .name = OSMO_STRINGIFY(MO_HO_PROCEEDING),
840 },
841
842 /* Internal handover */
843 [ST_WAIT_HO_COMPL] = {
844 .name = OSMO_STRINGIFY(WAIT_HO_COMPL),
845 .in_event_mask = S(GSCON_EV_HO_COMPL) | S(GSCON_EV_HO_FAIL) | S(GSCON_EV_HO_TIMEOUT),
846 .out_state_mask = S(ST_ACTIVE) | S(ST_WAIT_MDCX_BTS_HO),
847 .action = gscon_fsm_wait_ho_compl,
848 },
849 [ST_WAIT_MDCX_BTS_HO] = {
850 .name = OSMO_STRINGIFY(WAIT_MDCX_BTS_HO),
851 .in_event_mask = EV_TRANSPARENT_SCCP | S(GSCON_EV_MGW_MDCX_RESP_BTS),
852 .action = gscon_fsm_wait_mdcx_bts_ho,
853 .out_state_mask = S(ST_ACTIVE),
854 },
855};
856
857static void gscon_fsm_allstate(struct osmo_fsm_inst *fi, uint32_t event, void *data)
858{
859 struct gsm_subscriber_connection *conn = fi->priv;
860 struct msgb *resp = NULL;
861
862 /* When a connection on the MGW fails, make sure that the reference
863 * in our book-keeping is erased. */
864 switch (event) {
865 case GSCON_EV_MGW_FAIL_BTS:
866 conn->user_plane.fi_bts = NULL;
867 break;
868 case GSCON_EV_MGW_FAIL_MSC:
869 conn->user_plane.fi_msc = NULL;
870 break;
871 }
872
873 /* Regular allstate event processing */
874 switch (event) {
875 case GSCON_EV_MGW_FAIL_BTS:
876 case GSCON_EV_MGW_FAIL_MSC:
877 /* Note: An MGW connection die per definition at any time.
878 * However, if it dies during the assignment we must return
879 * with an assignment failure */
880 OSMO_ASSERT(fi->state != ST_INIT && fi->state != ST_WAIT_CC)
881 if (fi->state == ST_WAIT_CRCX_BTS || fi->state == ST_WAIT_ASS_CMPL || fi->state == ST_WAIT_MDCX_BTS
882 || fi->state == ST_WAIT_CRCX_MSC) {
883 resp = gsm0808_create_assignment_failure(GSM0808_CAUSE_EQUIPMENT_FAILURE, NULL);
884 sigtran_send(conn, resp, fi);
885 osmo_fsm_inst_state_chg(fi, ST_ACTIVE, 0, 0);
886 }
887 break;
888 case GSCON_EV_A_CLEAR_CMD:
889 /* MSC tells us to cleanly shut down */
890 osmo_fsm_inst_state_chg(fi, ST_CLEARING, 0, 0);
891 gsm0808_clear(conn);
892 /* FIXME: Release all terestrial resources in ST_CLEARING */
893 /* According to 3GPP 48.008 3.1.9.1. "The BSS need not wait for the radio channel
894 * release to be completed or for the guard timer to expire before returning the
895 * CLEAR COMPLETE message" */
896
897 /* Close MGCP connections */
898 toss_mgcp_conn(conn, fi);
899
900 /* FIXME: Question: Is this a hack to force a clear complete from internel?
901 * nobody seems to send the event from outside? */
902 osmo_fsm_inst_dispatch(conn->fi, GSCON_EV_RSL_CLEAR_COMPL, NULL);
903 break;
904 case GSCON_EV_A_DISC_IND:
905 /* MSC or SIGTRAN network has hard-released SCCP connection,
906 * terminate the FSM now. */
907 osmo_fsm_inst_term(fi, OSMO_FSM_TERM_REGULAR, data);
908 break;
909 case GSCON_EV_RLL_REL_IND:
910 /* BTS reports that one of the LAPDm data links was released */
911 /* send proper clear request to MSC */
912 LOGPFSML(fi, LOGL_DEBUG, "Tx BSSMAP CLEAR REQUEST to MSC\n");
913 resp = gsm0808_create_clear_rqst(GSM0808_CAUSE_RADIO_INTERFACE_MESSAGE_FAILURE);
914 sigtran_send(conn, resp, fi);
915 break;
916 case GSCON_EV_RSL_CONN_FAIL:
917 LOGPFSML(fi, LOGL_DEBUG, "Tx BSSMAP CLEAR REQUEST to MSC\n");
918 resp = gsm0808_create_clear_rqst(GSM0808_CAUSE_RADIO_INTERFACE_FAILURE);
919 sigtran_send(conn, resp, fi);
920 break;
921 default:
922 OSMO_ASSERT(false);
923 break;
924 }
925}
926
927void ho_dtap_cache_flush(struct gsm_subscriber_connection *conn, int send);
928
929static void gscon_cleanup(struct osmo_fsm_inst *fi, enum osmo_fsm_term_cause cause)
930{
931 struct gsm_subscriber_connection *conn = fi->priv;
932
933 if (conn->ho) {
934 LOGPFSML(fi, LOGL_DEBUG, "Releasing handover state\n");
935 bsc_clear_handover(conn, 1);
936 conn->ho = NULL;
937 }
938
939 if (conn->secondary_lchan) {
940 LOGPFSML(fi, LOGL_DEBUG, "Releasing secondary_lchan\n");
941 lchan_release(conn->secondary_lchan, 0, RSL_REL_LOCAL_END);
942 conn->secondary_lchan = NULL;
943 }
944 if (conn->lchan) {
945 LOGPFSML(fi, LOGL_DEBUG, "Releasing lchan\n");
946 lchan_release(conn->lchan, 0, RSL_REL_LOCAL_END);
947 conn->lchan = NULL;
948 }
949
950 if (conn->bsub) {
951 LOGPFSML(fi, LOGL_DEBUG, "Putting bsc_subscr\n");
952 bsc_subscr_put(conn->bsub);
953 conn->bsub = NULL;
954 }
955
956 if (conn->sccp.state != SUBSCR_SCCP_ST_NONE) {
957 LOGPFSML(fi, LOGL_DEBUG, "Disconnecting SCCP\n");
958 struct bsc_msc_data *msc = conn->sccp.msc;
959 /* FIXME: include a proper cause value / error message? */
960 osmo_sccp_tx_disconn(msc->a.sccp_user, conn->sccp.conn_id, &msc->a.bsc_addr, 0);
961 conn->sccp.state = SUBSCR_SCCP_ST_NONE;
962 }
963
964 /* drop pending messages */
965 ho_dtap_cache_flush(conn, 0);
966
967 penalty_timers_free(&conn->hodec2.penalty_timers);
968
969 llist_del(&conn->entry);
970 talloc_free(conn);
971 fi->priv = NULL;
972}
973
974static void gscon_pre_term(struct osmo_fsm_inst *fi, enum osmo_fsm_term_cause cause)
975{
976 struct gsm_subscriber_connection *conn = fi->priv;
977
978 /* Make sure all possibly still open MGCP connections get closed */
979 toss_mgcp_conn(conn, fi);
980}
981
982static int gscon_timer_cb(struct osmo_fsm_inst *fi)
983{
984 struct gsm_subscriber_connection *conn = fi->priv;
985 struct msgb *resp = NULL;
986
987 switch (fi->T) {
988 case 993210:
989 /* MSC has not responded/confirmed connection witH CC */
990 /* N-DISCONNET.req is sent in gscon_cleanup() above */
991 osmo_fsm_inst_term(fi, OSMO_FSM_TERM_REGULAR, NULL);
992 break;
993 case GSM0808_T10_TIMER_NR: /* Assignment Failed */
994 resp = gsm0808_create_assignment_failure(GSM0808_CAUSE_RADIO_INTERFACE_FAILURE, NULL);
995 sigtran_send(conn, resp, fi);
996 osmo_fsm_inst_state_chg(fi, ST_ACTIVE, 0, 0);
997 break;
998 case MGCP_MGW_TIMEOUT_TIMER_NR: /* Assignment failed (no response from MGW) */
999 resp = gsm0808_create_assignment_failure(GSM0808_CAUSE_EQUIPMENT_FAILURE, NULL);
1000 sigtran_send(conn, resp, fi);
1001 osmo_fsm_inst_state_chg(fi, ST_ACTIVE, 0, 0);
1002 break;
1003 case MGCP_MGW_HO_TIMEOUT_TIMER_NR: /* Handover failed (no response from MGW) */
1004 osmo_fsm_inst_state_chg(fi, ST_ACTIVE, 0, 0);
1005 break;
1006 default:
1007 OSMO_ASSERT(false);
1008 }
1009 return 0;
1010}
1011
1012static struct osmo_fsm gscon_fsm = {
1013 .name = "SUBSCR_CONN",
1014 .states = gscon_fsm_states,
1015 .num_states = ARRAY_SIZE(gscon_fsm_states),
1016 .allstate_event_mask = S(GSCON_EV_A_DISC_IND) | S(GSCON_EV_A_CLEAR_CMD) | S(GSCON_EV_RSL_CONN_FAIL) |
1017 S(GSCON_EV_RLL_REL_IND) | S(GSCON_EV_MGW_FAIL_BTS) | S(GSCON_EV_MGW_FAIL_MSC),
1018 .allstate_action = gscon_fsm_allstate,
1019 .cleanup = gscon_cleanup,
1020 .pre_term = gscon_pre_term,
1021 .timer_cb = gscon_timer_cb,
1022 .log_subsys = DMSC,
1023 .event_names = gscon_fsm_event_names,
1024};
1025
1026/* Allocate a subscriber connection and its associated FSM */
1027struct gsm_subscriber_connection *bsc_subscr_con_allocate(struct gsm_network *net)
1028{
1029 struct gsm_subscriber_connection *conn;
1030 static bool g_initialized = false;
1031
1032 if (!g_initialized) {
1033 osmo_fsm_register(&gscon_fsm);
1034 g_initialized = true;
1035 }
1036
1037 conn = talloc_zero(net, struct gsm_subscriber_connection);
1038 if (!conn)
1039 return NULL;
1040
1041 conn->network = net;
1042 INIT_LLIST_HEAD(&conn->ho_dtap_cache);
1043 /* BTW, penalty timers will be initialized on-demand. */
1044 conn->sccp.conn_id = -1;
1045
1046 /* don't allocate from 'conn' context, as gscon_cleanup() will call talloc_free(conn) before
1047 * libosmocore will call talloc_free(conn->fi), i.e. avoid use-after-free during cleanup */
1048 conn->fi = osmo_fsm_inst_alloc(&gscon_fsm, net, conn, LOGL_NOTICE, NULL);
1049 if (!conn->fi) {
1050 talloc_free(conn);
1051 return NULL;
1052 }
1053
1054 llist_add_tail(&conn->entry, &net->subscr_conns);
1055 return conn;
1056}