Gitiles
Code Review Sign In
gerrit.osmocom.org / osmo-gbproxy / 6094ef27c06385b9c7dab6d7f69cb33b202642fd / . / openbsc / src / sccp / sccp.c
blob: 8b111b2f5f8336ddcd511c0c25dbea61d2696689 [file] [log] [blame]
Holger Hans Peter Freyther6094ef22009-07-29 07:37:48 +0200[diff] [blame^]1/*
2 * SCCP management code
3 *
4 * (C) 2009 by Holger Hans Peter Freyther <zecke@selfish.org>
5 * (C) 2009 by on-waves.com
6 *
7 * All Rights Reserved
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, write to the Free Software Foundation, Inc.,
21 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22 *
23 */
24
25#include <string.h>
26
27#include <sccp/sccp.h>
28
29#include <openbsc/debug.h>
30#include <openbsc/talloc.h>
31#include <openbsc/linuxlist.h>
32
33static void *tall_sccp_ctx;
34static LLIST_HEAD(sccp_connections);
35
36#define SCCP_MSG_SIZE 4096
37#define SCCP_MSG_HEADROOM 128
38
39/* global data */
40const struct sockaddr_sccp sccp_ssn_bssap = {
41 .sccp_family = 0,
42 .sccp_ssn = SCCP_SSN_BSSAP,
43};
44
45struct sccp_system {
46 /* layer3 -> layer2 */
47 int (*write_data)(struct msgb *data, void *context);
48 void *write_context;
49};
50
51
52static struct sccp_system sccp_system = {
53 .write_data = NULL,
54};
55
56struct sccp_data_callback {
57 /* connection based */
58 int (*accept_cb)(struct sccp_connection *, void *);
59 void *accept_context;
60
61 /* connection less */
62 int (*read_cb)(struct msgb *, unsigned int, void *);
63 void *read_context;
64
65 u_int8_t ssn;
66 struct llist_head callback;
67};
68
69static LLIST_HEAD(sccp_callbacks);
70
71static struct sccp_data_callback *_find_ssn(u_int8_t ssn)
72{
73 struct sccp_data_callback *cb;
74
75 llist_for_each_entry(cb, &sccp_callbacks, callback) {
76 if (cb->ssn == ssn)
77 return cb;
78 }
79
80 /* need to add one */
81 cb = talloc_zero(tall_sccp_ctx, struct sccp_data_callback);
82 if (!cb) {
83 DEBUGP(DSCCP, "Failed to allocate sccp callback.\n");
84 return NULL;
85 }
86
87 cb->ssn = ssn;
88 llist_add_tail(&cb->callback, &sccp_callbacks);
89 return cb;
90}
91
92
93static int _send_msg(struct msgb *msg)
94{
95 return sccp_system.write_data(msg, sccp_system.write_context);
96}
97
98/*
99 * parsing routines
100 */
101static int copy_address(struct sccp_address *addr, u_int8_t offset, struct msgb *msgb)
102{
103 struct sccp_called_party_address *party;
104
105 int room = msgb_l2len(msgb) - offset;
106 u_int8_t read = 0;
107 u_int8_t length;
108
109 if (room <= 0) {
110 DEBUGP(DSCCP, "Not enough room for an address: %u\n", room);
111 return -1;
112 }
113
114 length = msgb->l2h[offset];
115 if (room <= length) {
116 DEBUGP(DSCCP, "Not enough room for optional data %u %u\n", room, length);
117 return -1;
118 }
119
120
121 party = (struct sccp_called_party_address *)(msgb->l2h + offset + 1);
122 if (party->point_code_indicator) {
123 if (length <= read + 2) {
124 DEBUGP(DSCCP, "POI does not fit %u\n", length);
125 return -1;
126 }
127
128
129 memcpy(&addr->poi, &party->data[read], 2);
130 read += 2;
131 }
132
133 if (party->ssn_indicator) {
134 if (length <= read + 1) {
135 DEBUGP(DSCCP, "SSN does not fit %u\n", length);
136 return -1;
137 }
138
139 addr->ssn = party->data[read];
140 read += 1;
141 }
142
143 if (party->global_title_indicator) {
144 DEBUGP(DSCCP, "GTI not supported %u\n", *(u_int8_t *)party);
145 return -1;
146 }
147
148 addr->address = *party;
149 return 0;
150}
151
152static int check_address(struct sccp_address *addr)
153{
154 /* ignore point_code_indicator... it should be zero... but */
155 if (addr->address.ssn_indicator != 1
156 || addr->address.global_title_indicator == 1
157 || addr->address.routing_indicator != 1) {
158 DEBUGP(DSCCP, "Invalid called address according to 08.06: 0x%x 0x%x\n",
159 *(u_int8_t *)&addr->address, addr->ssn);
160 return -1;
161 }
162
163 return 0;
164}
165
166static int _sccp_parse_optional_data(const int offset,
167 struct msgb *msgb, struct sccp_optional_data *data)
168{
169 u_int16_t room = msgb_l2len(msgb) - offset;
170 u_int16_t read = 0;
171
172 while (room > read) {
173 u_int8_t type = msgb->l2h[offset + read];
174 if (type == SCCP_PNC_END_OF_OPTIONAL)
175 return 0;
176
177 if (read + 1 >= room) {
178 DEBUGP(DSCCP, "no place for length\n");
179 return 0;
180 }
181
182 u_int8_t length = msgb->l2h[offset + read + 1];
183 read += 2 + length;
184
185
186 if (room <= read) {
187 DEBUGP(DSCCP, "no space for the data: type: %d read: %d room: %d l2: %d\n",
188 type, read, room, msgb_l2len(msgb));
189 return 0;
190 }
191
192 if (type == SCCP_PNC_DATA) {
193 data->data_len = length;
194 data->data_start = offset + read - length;
195 }
196
197 }
198
199 return -1;
200}
201
202/*
203 * Send UDT. Currently we have a fixed address...
204 */
205static int _sccp_send_data(int class, const struct sockaddr_sccp *in,
206 const struct sockaddr_sccp *out, struct msgb *payload)
207{
208 struct sccp_data_unitdata *udt;
209 u_int8_t *data;
210 int ret;
211
212 if (msgb_l3len(payload) > 256) {
213 DEBUGP(DSCCP, "The payload is too big for one udt\n");
214 return -1;
215 }
216
217 struct msgb *msg = msgb_alloc_headroom(SCCP_MSG_SIZE,
218 SCCP_MSG_HEADROOM, "sccp: udt");
219 msg->l2h = &msg->data[0];
220 udt = (struct sccp_data_unitdata *)msgb_put(msg, sizeof(*udt));
221
222 udt->type = SCCP_MSG_TYPE_UDT;
223 udt->proto_class = class;
224 udt->variable_called = 3;
225 udt->variable_calling = 5;
226 udt->variable_data = 7;
227
228 /* for variable data we start with a size and the data */
229 data = msgb_put(msg, 1 + 2);
230 data[0] = 2;
231 data[1] = 0x42;
232 data[2] = out->sccp_ssn;
233
234 data = msgb_put(msg, 1 + 2);
235 data[0] = 2;
236 data[1] = 0x42;
237 data[2] = in->sccp_ssn;
238
239 /* copy the payload */
240 data = msgb_put(msg, 1 + msgb_l3len(payload));
241 data[0] = msgb_l3len(payload);
242 memcpy(&data[1], payload->l3h, msgb_l3len(payload));
243
244 ret = _send_msg(msg);
245 msgb_free(msg);
246
247 return ret;
248}
249
250static int _sccp_handle_read(struct msgb *msgb)
251{
252 static const u_int32_t header_size = sizeof(struct sccp_data_unitdata);
253 static const u_int32_t called_offset = offsetof(struct sccp_data_unitdata, variable_called);
254 static const u_int32_t calling_offset = offsetof(struct sccp_data_unitdata, variable_calling);
255 static const u_int32_t data_offset = offsetof(struct sccp_data_unitdata, variable_data);
256
257 struct sccp_data_callback *cb;
258 struct sccp_data_unitdata *udt = (struct sccp_data_unitdata *)msgb->l2h;
259 struct sccp_address called, calling;
260
261 /* we don't have enough size for the struct */
262 if (msgb_l2len(msgb) < header_size) {
263 DEBUGP(DSCCP, "msgb < header_size %u %u\n",
264 msgb_l2len(msgb), header_size);
265 return -1;
266 }
267
268 /* copy out the calling and called address. Add the off */
269 if (copy_address(&called, called_offset + udt->variable_called, msgb) != 0)
270 return -1;
271
272 if (check_address(&called) != 0) {
273 DEBUGP(DSCCP, "Invalid called address according to 08.06: 0x%x 0x%x\n",
274 *(u_int8_t *)&called.address, called.ssn);
275 return -1;
276 }
277
278 cb = _find_ssn(called.ssn);
279 if (!cb || !cb->read_cb) {
280 DEBUGP(DSCCP, "No routing for UDT for called SSN: %u\n", called.ssn);
281 return -1;
282 }
283
284 if (copy_address(&calling, calling_offset + udt->variable_calling, msgb) != 0)
285 return -1;
286
287 if (check_address(&calling) != 0) {
288 DEBUGP(DSCCP, "Invalid called address according to 08.06: 0x%x 0x%x\n",
289 *(u_int8_t *)&called.address, called.ssn);
290 }
291
292 /* we don't have enough size for the data */
293 if (msgb_l2len(msgb) < data_offset + udt->variable_data + 1) {
294 DEBUGP(DSCCP, "msgb < header + offset %u %u %u\n",
295 msgb_l2len(msgb), header_size, udt->variable_data);
296 return -1;
297 }
298
299
300 msgb->l3h = &udt->data[udt->variable_data];
301
302 if (msgb_l3len(msgb) != msgb->l3h[-1]) {
303 DEBUGP(DSCCP, "msgb is truncated %u %u\n",
304 msgb_l3len(msgb), msgb->l3h[-1]);
305 return -1;
306 }
307
308 /* sanity check */
309 return cb->read_cb(msgb, msgb_l3len(msgb), cb->read_context);
310}
311
312/*
313 * handle connection orientated methods
314 */
315static int source_local_reference_is_free(struct sccp_source_reference *reference)
316{
317 struct sccp_connection *connection;
318
319 llist_for_each_entry(connection, &sccp_connections, list) {
320 if (memcmp(reference, &connection->source_local_reference, sizeof(*reference)) == 0)
321 return -1;
322 }
323
324 return 0;
325}
326
327static int destination_local_reference_is_free(struct sccp_source_reference *reference)
328{
329 struct sccp_connection *connection;
330
331 llist_for_each_entry(connection, &sccp_connections, list) {
332 if (memcmp(reference, &connection->destination_local_reference, sizeof(*reference)) == 0)
333 return -1;
334 }
335
336 return 0;
337}
338
339static int assign_source_local_reference(struct sccp_connection *connection)
340{
341 static u_int32_t last_ref = 0x30000;
342 int wrapped = 0;
343
344 do {
345 struct sccp_source_reference reference;
346 reference.octet1 = (last_ref >> 0) & 0xff;
347 reference.octet2 = (last_ref >> 8) & 0xff;
348 reference.octet3 = (last_ref >> 16) & 0xff;
349
350 ++last_ref;
351 /* do not use the reversed word and wrap around */
352 if ((last_ref & 0x00FFFFFF) == 0x00FFFFFF) {
353 DEBUGP(DSCCP, "Wrapped searching for a free code\n");
354 last_ref = 0;
355 ++wrapped;
356 }
357
358 if (source_local_reference_is_free(&reference) == 0) {
359 connection->source_local_reference = reference;
360 return 0;
361 }
362 } while (wrapped != 2);
363
364 DEBUGP(DSCCP, "Finding a free reference failed\n");
365 return -1;
366}
367
368static void _sccp_set_connection_state(struct sccp_connection *connection, int new_state)
369{
370 int old_state = connection->connection_state;
371
372 connection->connection_state = new_state;
373 if (connection->state_cb)
374 connection->state_cb(connection, old_state);
375}
376
377static int _sccp_send_refuse(struct sccp_connection_request *req, int cause)
378{
379 struct msgb *msgb;
380 struct sccp_connection_refused *ref;
381 u_int8_t *data;
382 int ret;
383
384 msgb = msgb_alloc_headroom(SCCP_MSG_SIZE,
385 SCCP_MSG_HEADROOM, "sccp ref");
386 msgb->l2h = &msgb->data[0];
387
388 ref = (struct sccp_connection_refused *) msgb_put(msgb, sizeof(*ref));
389 ref->type = SCCP_MSG_TYPE_CREF;
390 memcpy(&ref->destination_local_reference, &req->source_local_reference,
391 sizeof(struct sccp_source_reference));
392 ref->cause = cause;
393 ref->optional_start = 1;
394
395 data = msgb_put(msgb, 1);
396 data[0] = SCCP_PNC_END_OF_OPTIONAL;
397
398 ret = _send_msg(msgb);
399 msgb_free(msgb);
400 return ret;
401}
402
403static int _sccp_send_connection_confirm(struct sccp_connection *connection)
404{
405 struct msgb *response;
406 struct sccp_connection_confirm *confirm;
407 u_int8_t *optional_data;
408 int ret;
409
410 if (assign_source_local_reference(connection) != 0)
411 return -1;
412
413 response = msgb_alloc_headroom(SCCP_MSG_SIZE,
414 SCCP_MSG_HEADROOM, "sccp confirm");
415 response->l2h = &response->data[0];
416
417 confirm = (struct sccp_connection_confirm *) msgb_put(response, sizeof(*confirm));
418
419 confirm->type = SCCP_MSG_TYPE_CC;
420 memcpy(&confirm->destination_local_reference,
421 &connection->destination_local_reference,
422 sizeof(connection->destination_local_reference));
423 memcpy(&confirm->source_local_reference,
424 &connection->source_local_reference,
425 sizeof(connection->source_local_reference));
426 confirm->proto_class = 2;
427 confirm->optional_start = 1;
428
429 optional_data = (u_int8_t *) msgb_put(response, 1);
430 optional_data[0] = SCCP_PNC_END_OF_OPTIONAL;
431
432 ret = _send_msg(response);
433 msgb_free(response);
434
435 _sccp_set_connection_state(connection, SCCP_CONNECTION_STATE_ESTABLISHED);
436 return ret;
437}
438
439static int _sccp_send_connection_request(struct sccp_connection *connection,
440 const struct sockaddr_sccp *called, struct msgb *msg)
441{
442 struct msgb *request;
443 struct sccp_connection_request *req;
444 u_int8_t *data;
445 u_int8_t extra_size = 3 + 1;
446 int ret;
447
448
449 if (msg && (msgb_l3len(msg) < 3 || msgb_l3len(msg) > 130)) {
450 DEBUGP(DSCCP, "Invalid amount of data... %d\n", msgb_l3len(msg));
451 return -1;
452 }
453
454 /* try to find a id */
455 if (assign_source_local_reference(connection) != 0) {
456 DEBUGP(DSCCP, "Assigning a local reference failed.\n");
457 _sccp_set_connection_state(connection, SCCP_CONNECTION_STATE_SETUP_ERROR);
458 return -1;
459 }
460
461
462 if (msg)
463 extra_size += 2 + msgb_l3len(msg);
464 request = msgb_alloc_headroom(SCCP_MSG_SIZE,
465 SCCP_MSG_HEADROOM, "sccp connection request");
466 request->l2h = &request->data[0];
467 req = (struct sccp_connection_request *) msgb_put(request, sizeof(*req));
468
469 req->type = SCCP_MSG_TYPE_CR;
470 memcpy(&req->source_local_reference, &connection->source_local_reference,
471 sizeof(connection->source_local_reference));
472 req->proto_class = 2;
473 req->variable_called = 2;
474 req->optional_start = 4;
475
476 /* write the called party address */
477 data = msgb_put(request, 1 + 2);
478 data[0] = 2;
479 data[1] = 0x42;
480 data[2] = called->sccp_ssn;
481
482 /* write the payload */
483 if (msg) {
484 data = msgb_put(request, 2 + msgb_l3len(msg));
485 data[0] = SCCP_PNC_DATA;
486 data[1] = msgb_l3len(msg);
487 memcpy(&data[2], msg->l3h, msgb_l3len(msg));
488 }
489
490 data = msgb_put(request, 1);
491 data[0] = SCCP_PNC_END_OF_OPTIONAL;
492
493 llist_add_tail(&connection->list, &sccp_connections);
494 _sccp_set_connection_state(connection, SCCP_CONNECTION_STATE_REQUEST);
495
496 ret = _send_msg(request);
497 msgb_free(request);
498
499 return ret;
500}
501
502static int _sccp_send_connection_data(struct sccp_connection *conn, struct msgb *_data)
503{
504 struct msgb *msgb;
505 struct sccp_data_form1 *dt1;
506 u_int8_t *data;
507 int extra_size;
508 int ret;
509
510 if (msgb_l3len(_data) < 2 || msgb_l3len(_data) > 256) {
511 DEBUGP(DSCCP, "data size too big, segmenting unimplemented.\n");
512 return -1;
513 }
514
515 extra_size = 1 + msgb_l3len(_data);
516 msgb = msgb_alloc_headroom(SCCP_MSG_SIZE,
517 SCCP_MSG_HEADROOM, "sccp dt1");
518 msgb->l2h = &msgb->data[0];
519
520 dt1 = (struct sccp_data_form1 *) msgb_put(msgb, sizeof(*dt1));
521 dt1->type = SCCP_MSG_TYPE_DT1;
522 memcpy(&dt1->destination_local_reference, &conn->destination_local_reference,
523 sizeof(struct sccp_source_reference));
524 dt1->segmenting = 0;
525
526 /* copy the data */
527 dt1->variable_start = 1;
528 data = msgb_put(msgb, extra_size);
529 data[0] = extra_size - 1;
530 memcpy(&data[1], _data->l3h, extra_size - 1);
531
532 ret = _send_msg(msgb);
533 msgb_free(msgb);
534
535 return ret;
536}
537
538static int _sccp_send_connection_released(struct sccp_connection *conn, int cause)
539{
540 struct msgb *msg;
541 struct sccp_connection_released *rel;
542 u_int8_t *data;
543 int ret;
544
545 msg = msgb_alloc_headroom(SCCP_MSG_SIZE, SCCP_MSG_HEADROOM,
546 "sccp: connection released");
547 msg->l2h = &msg->data[0];
548 rel = (struct sccp_connection_released *) msgb_put(msg, sizeof(*rel));
549 rel->type = SCCP_MSG_TYPE_RLSD;
550 rel->release_cause = cause;
551
552 /* copy the source references */
553 memcpy(&rel->destination_local_reference, &conn->destination_local_reference,
554 sizeof(struct sccp_source_reference));
555 memcpy(&rel->source_local_reference, &conn->source_local_reference,
556 sizeof(struct sccp_source_reference));
557
558 data = msgb_put(msg, 1);
559 data[0] = SCCP_PNC_END_OF_OPTIONAL;
560
561 _sccp_set_connection_state(conn, SCCP_CONNECTION_STATE_RELEASE);
562 ret = _send_msg(msg);
563 msgb_free(msg);
564
565 return ret;
566}
567
568/*
569 * Open a connection. The following is going to happen:
570 *
571 * - Verify the packet, e.g. that we have no other connection
572 * that id.
573 * - Ask the user if he wants to accept the connection
574 * - Try to open the connection by assigning a source local reference
575 * and sending the packet
576 */
577static int _sccp_handle_connection_request(struct msgb *msgb)
578{
579 static const u_int32_t header_size =
580 sizeof(struct sccp_connection_request);
581 static const u_int32_t optional_offset =
582 offsetof(struct sccp_connection_request, optional_start);
583 static const u_int32_t called_offset =
584 offsetof(struct sccp_connection_request, variable_called);
585
586 struct sccp_data_callback *cb;
587 struct sccp_connection_request *req = (struct sccp_connection_request *)msgb->data;
588 struct sccp_address called;
589 struct sccp_connection *connection;
590 struct sccp_optional_data optional_data;
591
592 /* header check */
593 if (msgb_l2len(msgb) < header_size) {
594 DEBUGP(DSCCP, "msgb < header_size %u %u\n",
595 msgb_l2len(msgb), header_size);
596 return -1;
597 }
598
599 /* copy out the calling and called address. Add the offset */
600 if (copy_address(&called, called_offset + req->variable_called, msgb) != 0)
601 return -1;
602
603 if (check_address(&called) != 0) {
604 DEBUGP(DSCCP, "Invalid called address according to 08.06: 0x%x 0x%x\n",
605 *(u_int8_t *)&called.address, called.ssn);
606 return -1;
607 }
608
609 cb = _find_ssn(called.ssn);
610 if (!cb || !cb->accept_cb) {
611 DEBUGP(DSCCP, "No routing for CR for called SSN: %u\n", called.ssn);
612 return -1;
613 }
614
615 /* check if the system wants this connection */
616 connection = talloc_zero(tall_sccp_ctx, struct sccp_connection);
617 if (!connection) {
618 DEBUGP(DSCCP, "Allocation failed\n");
619 return -1;
620 }
621
622 /*
623 * sanity checks:
624 * - Is the source_local_reference in any other connection?
625 * then will call accept, assign a "destination" local reference
626 * and send a connection confirm, otherwise we will send a refuseed
627 * one....
628 */
629 if (destination_local_reference_is_free(&req->source_local_reference) != 0) {
630 DEBUGP(DSCCP, "Need to reject connection with existing reference\n");
631 _sccp_send_refuse(req, SCCP_REFUSAL_SCCP_FAILURE);
632 talloc_free(connection);
633 return -1;
634 }
635
636 connection->incoming = 1;
637 connection->destination_local_reference = req->source_local_reference;
638
639 /*
640 * parse optional data.
641 */
642 memset(&optional_data, 0, sizeof(optional_data));
643 if (_sccp_parse_optional_data(optional_offset + req->optional_start, msgb, &optional_data) != 0) {
644 DEBUGP(DSCCP, "parsing of optional data failed.\n");
645 talloc_free(connection);
646 return -1;
647 }
648
649 if (cb->accept_cb(connection, cb->accept_context) != 0) {
650 _sccp_send_refuse(req, SCCP_REFUSAL_END_USER_ORIGINATED);
651 _sccp_set_connection_state(connection, SCCP_CONNECTION_STATE_REFUSED);
652 talloc_free(connection);
653 return 0;
654 }
655
656
657 llist_add_tail(&connection->list, &sccp_connections);
658
659 if (_sccp_send_connection_confirm(connection) != 0) {
660 DEBUGP(DSCCP, "Sending confirm failed... no available source reference?\n");
661
662 _sccp_send_refuse(req, SCCP_REFUSAL_SCCP_FAILURE);
663 _sccp_set_connection_state(connection, SCCP_CONNECTION_STATE_REFUSED);
664 llist_del(&connection->list);
665 talloc_free(connection);
666
667 return -1;
668 }
669
670 /*
671 * If we have data let us forward things.
672 */
673 if (optional_data.data_len != 0 && connection->data_cb) {
674 msgb->l3h = &msgb->l2h[optional_data.data_start];
675 connection->data_cb(connection, msgb, optional_data.data_len);
676 }
677
678 return 0;
679}
680
681/* Handle the release confirmed */
682static int _sccp_handle_connection_release_complete(struct msgb *data)
683{
684 static int header_size = sizeof(struct sccp_connection_release_complete);
685
686 struct sccp_connection_release_complete *cmpl;
687 struct sccp_connection *conn;
688
689 /* header check */
690 if (msgb_l2len(data) < header_size) {
691 DEBUGP(DSCCP, "msgb < header_size %u %u\n",
692 msgb_l2len(data), header_size);
693 return -1;
694 }
695
696 cmpl = (struct sccp_connection_release_complete *) data->l2h;
697
698 /* find the connection */
699 llist_for_each_entry(conn, &sccp_connections, list) {
700 if (conn->data_cb
701 && memcmp(&conn->source_local_reference,
702 &cmpl->destination_local_reference,
703 sizeof(conn->source_local_reference)) == 0
704 && memcmp(&conn->destination_local_reference,
705 &cmpl->source_local_reference,
706 sizeof(conn->destination_local_reference)) == 0) {
707 goto found;
708 }
709 }
710
711
712 DEBUGP(DSCCP, "Release complete of unknown connection\n");
713 return -1;
714
715found:
716 llist_del(&conn->list);
717 _sccp_set_connection_state(conn, SCCP_CONNECTION_STATE_RELEASE_COMPLETE);
718 return 0;
719}
720
721/* Handle the Data Form 1 message */
722static int _sccp_handle_connection_dt1(struct msgb *data)
723{
724 static int variable_offset = offsetof(struct sccp_data_form1, variable_start);
725 static int header_size = sizeof(struct sccp_data_form1);
726
727 struct sccp_data_form1 *dt1 = (struct sccp_data_form1 *)data->l2h;
728 struct sccp_connection *conn;
729 int size;
730
731 /* we don't have enough size for the struct */
732 if (msgb_l2len(data) < header_size) {
733 DEBUGP(DSCCP, "msgb > header_size %u %u\n",
734 msgb_l2len(data), header_size);
735 return -1;
736 }
737
738 if (dt1->segmenting != 0) {
739 DEBUGP(DSCCP, "This packet has segmenting, not supported: %d\n", dt1->segmenting);
740 return -1;
741 }
742
743 /* lookup if we have a connection with the given reference */
744 llist_for_each_entry(conn, &sccp_connections, list) {
745 if (conn->data_cb
746 && memcmp(&conn->source_local_reference,
747 &dt1->destination_local_reference,
748 sizeof(conn->source_local_reference)) == 0) {
749
750 /* some more size checks in here */
751 if (msgb_l2len(data) < variable_offset + dt1->variable_start + 1) {
752 DEBUGP(DSCCP, "Not enough space for variable start: %u %u\n",
753 msgb_l2len(data), dt1->variable_start);
754 return -1;
755 }
756
757 size = data->l2h[variable_offset + dt1->variable_start];
758 data->l3h = &data->l2h[dt1->variable_start + variable_offset + 1];
759
760 if (msgb_l3len(data) < size) {
761 DEBUGP(DSCCP, "Not enough room for the payload: %u %u\n",
762 msgb_l3len(data), size);
763 return -1;
764 }
765
766 conn->data_cb(conn, data, size);
767 return 0;
768 }
769 }
770
771 DEBUGP(DSCCP, "No connection found for dt1 data\n");
772 return -1;
773}
774
775/* confirm a connection release */
776static int _sccp_send_connection_release_complete(struct sccp_connection *connection)
777{
778 struct msgb *msgb;
779 struct sccp_connection_release_complete *rlc;
780 int ret;
781
782 msgb = msgb_alloc_headroom(SCCP_MSG_SIZE,
783 SCCP_MSG_HEADROOM, "sccp rlc");
784 msgb->l2h = &msgb->data[0];
785
786 rlc = (struct sccp_connection_release_complete *) msgb_put(msgb, sizeof(*rlc));
787 rlc->type = SCCP_MSG_TYPE_RLC;
788 memcpy(&rlc->destination_local_reference,
789 &connection->destination_local_reference, sizeof(struct sccp_source_reference));
790 memcpy(&rlc->source_local_reference,
791 &connection->source_local_reference, sizeof(struct sccp_source_reference));
792
793 ret = _send_msg(msgb);
794 msgb_free(msgb);
795
796 /*
797 * Remove from the list of active connections and set the state. User code
798 * should now free the entry.
799 */
800 llist_del(&connection->list);
801 _sccp_set_connection_state(connection, SCCP_CONNECTION_STATE_RELEASE_COMPLETE);
802
803 return ret;
804}
805
806/* connection released, send a released confirm */
807static int _sccp_handle_connection_released(struct msgb *data)
808{
809 static int header_size = sizeof(struct sccp_connection_released);
810 static int optional_offset = offsetof(struct sccp_connection_released, optional_start);
811
812 struct sccp_optional_data optional_data;
813 struct sccp_connection_released *rls = (struct sccp_connection_released *)data->l2h;
814 struct sccp_connection *conn;
815
816 /* we don't have enough size for the struct */
817 if (msgb_l2len(data) < header_size) {
818 DEBUGP(DSCCP, "msgb > header_size %u %u\n",
819 msgb_l2len(data), header_size);
820 return -1;
821 }
822
823 /* lookup if we have a connection with the given reference */
824 llist_for_each_entry(conn, &sccp_connections, list) {
825 if (conn->data_cb
826 && memcmp(&conn->source_local_reference,
827 &rls->destination_local_reference,
828 sizeof(conn->source_local_reference)) == 0
829 && memcmp(&conn->destination_local_reference,
830 &rls->source_local_reference,
831 sizeof(conn->destination_local_reference)) == 0) {
832 goto found;
833 }
834 }
835
836
837 DEBUGP(DSCCP, "Unknown connection was released.\n");
838 return -1;
839
840 /* we have found a connection */
841found:
842 memset(&optional_data, 0, sizeof(optional_data));
843 if (_sccp_parse_optional_data(optional_offset + rls->optional_start, data, &optional_data) != 0) {
844 DEBUGP(DSCCP, "parsing of optional data failed.\n");
845 return -1;
846 }
847
848 /* optional data */
849 if (optional_data.data_len != 0 && conn->data_cb) {
850 data->l3h = &data->l2h[optional_data.data_start];
851 conn->data_cb(conn, data, optional_data.data_len);
852 }
853
854 /* generate a response */
855 if (_sccp_send_connection_release_complete(conn) != 0) {
856 DEBUGP(DSCCP, "Sending release confirmed failed\n");
857 return -1;
858 }
859
860 return 0;
861}
862
863static int _sccp_handle_connection_refused(struct msgb *msgb)
864{
865 static const u_int32_t header_size =
866 sizeof(struct sccp_connection_refused);
867 static int optional_offset = offsetof(struct sccp_connection_refused, optional_start);
868
869 struct sccp_optional_data optional_data;
870 struct sccp_connection *conn;
871 struct sccp_connection_refused *ref;
872
873 /* header check */
874 if (msgb_l2len(msgb) < header_size) {
875 DEBUGP(DSCCP, "msgb < header_size %u %u\n",
876 msgb_l2len(msgb), header_size);
877 return -1;
878 }
879
880 ref = (struct sccp_connection_refused *) msgb->l2h;
881
882 /* lookup if we have a connection with the given reference */
883 llist_for_each_entry(conn, &sccp_connections, list) {
884 if (conn->incoming == 0 && conn->data_cb
885 && memcmp(&conn->source_local_reference,
886 &ref->destination_local_reference,
887 sizeof(conn->source_local_reference)) == 0) {
888 goto found;
889 }
890 }
891
892 DEBUGP(DSCCP, "Refused but no connection found\n");
893 return -1;
894
895found:
896 memset(&optional_data, 0, sizeof(optional_data));
897 if (_sccp_parse_optional_data(optional_offset + ref->optional_start, msgb, &optional_data) != 0) {
898 DEBUGP(DSCCP, "parsing of optional data failed.\n");
899 return -1;
900 }
901
902 /* optional data */
903 if (optional_data.data_len != 0 && conn->data_cb) {
904 msgb->l3h = &msgb->l2h[optional_data.data_start];
905 conn->data_cb(conn, msgb, optional_data.data_len);
906 }
907
908
909 llist_del(&conn->list);
910 _sccp_set_connection_state(conn, SCCP_CONNECTION_STATE_REFUSED);
911 return 0;
912}
913
914static int _sccp_handle_connection_confirm(struct msgb *msgb)
915{
916 static u_int32_t header_size =
917 sizeof(struct sccp_connection_confirm);
918 static const u_int32_t optional_offset =
919 offsetof(struct sccp_connection_confirm, optional_start);
920
921 struct sccp_optional_data optional_data;
922 struct sccp_connection *conn;
923 struct sccp_connection_confirm *con;
924
925 /* header check */
926 if (msgb_l2len(msgb) < header_size) {
927 DEBUGP(DSCCP, "msgb < header_size %u %u\n",
928 msgb_l2len(msgb), header_size);
929 return -1;
930 }
931
932 con = (struct sccp_connection_confirm *) msgb->l2h;
933
934 /* lookup if we have a connection with the given reference */
935 llist_for_each_entry(conn, &sccp_connections, list) {
936 if (conn->incoming == 0 && conn->data_cb
937 && memcmp(&conn->source_local_reference,
938 &con->destination_local_reference,
939 sizeof(conn->source_local_reference)) == 0) {
940 goto found;
941 }
942 }
943
944 DEBUGP(DSCCP, "Confirmed but no connection found\n");
945 return -1;
946
947found:
948 /* copy the addresses of the connection */
949 conn->destination_local_reference = con->source_local_reference;
950 _sccp_set_connection_state(conn, SCCP_CONNECTION_STATE_ESTABLISHED);
951
952 memset(&optional_data, 0, sizeof(optional_data));
953 if (_sccp_parse_optional_data(optional_offset + con->optional_start, msgb, &optional_data) != 0) {
954 DEBUGP(DSCCP, "parsing of optional data failed.\n");
955 return -1;
956 }
957
958 /* optional data */
959 if (optional_data.data_len != 0 && conn->data_cb) {
960 msgb->l3h = &msgb->l2h[optional_data.data_start];
961 conn->data_cb(conn, msgb, optional_data.data_len);
962 }
963
964 return 0;
965}
966
967
968int sccp_system_init(int (*outgoing)(struct msgb *data, void *ctx), void *ctx)
969{
970 sccp_system.write_data = outgoing;
971 sccp_system.write_context = ctx;
972
973 return 0;
974}
975
976/* oh my god a real SCCP packet. need to dispatch it now */
977int sccp_system_incoming(struct msgb *msgb)
978{
979 if (msgb_l2len(msgb) < 1 ) {
980 DEBUGP(DSCCP, "Too short packet\n");
981 return -1;
982 }
983
984 int type = msgb->l2h[0];
985
986 switch(type) {
987 case SCCP_MSG_TYPE_CR:
988 return _sccp_handle_connection_request(msgb);
989 break;
990 case SCCP_MSG_TYPE_RLSD:
991 return _sccp_handle_connection_released(msgb);
992 break;
993 case SCCP_MSG_TYPE_CREF:
994 return _sccp_handle_connection_refused(msgb);
995 break;
996 case SCCP_MSG_TYPE_CC:
997 return _sccp_handle_connection_confirm(msgb);
998 break;
999 case SCCP_MSG_TYPE_RLC:
1000 return _sccp_handle_connection_release_complete(msgb);
1001 break;
1002 case SCCP_MSG_TYPE_DT1:
1003 return _sccp_handle_connection_dt1(msgb);
1004 break;
1005 case SCCP_MSG_TYPE_UDT:
1006 return _sccp_handle_read(msgb);
1007 break;
1008 default:
1009 DEBUGP(DSCCP, "unimplemented msg type: %d\n", type);
1010 };
1011
1012 return -1;
1013}
1014
1015/* create a packet from the data */
1016int sccp_connection_write(struct sccp_connection *connection, struct msgb *data)
1017{
1018 if (connection->connection_state < SCCP_CONNECTION_STATE_CONFIRM
1019 || connection->connection_state > SCCP_CONNECTION_STATE_ESTABLISHED) {
1020 DEBUGP(DSCCP, "sccp_connection_write: Wrong connection state: %p %d\n",
1021 connection, connection->connection_state);
1022 return -1;
1023 }
1024
1025 return _sccp_send_connection_data(connection, data);
1026}
1027
1028/* send a connection release and wait for the connection released */
1029int sccp_connection_close(struct sccp_connection *connection, int cause)
1030{
1031 if (connection->connection_state < SCCP_CONNECTION_STATE_CONFIRM
1032 || connection->connection_state > SCCP_CONNECTION_STATE_ESTABLISHED) {
1033 DEBUGPC(DSCCP, "Can not close the connection. It was never opened: %p %d\n",
1034 connection, connection->connection_state);
1035 return -1;
1036 }
1037
1038 return _sccp_send_connection_released(connection, cause);
1039}
1040
1041int sccp_connection_free(struct sccp_connection *connection)
1042{
1043 if (connection->connection_state > SCCP_CONNECTION_STATE_NONE
1044 && connection->connection_state < SCCP_CONNECTION_STATE_RELEASE_COMPLETE) {
1045 DEBUGP(DSCCP, "The connection needs to be released before it is freed");
1046 return -1;
1047 }
1048
1049 talloc_free(connection);
1050 return 0;
1051}
1052
1053struct sccp_connection *sccp_connection_socket(void)
1054{
1055 return talloc_zero(tall_sccp_ctx, struct sccp_connection);
1056}
1057
1058int sccp_connection_connect(struct sccp_connection *conn,
1059 const struct sockaddr_sccp *local,
1060 struct msgb *data)
1061{
1062 return _sccp_send_connection_request(conn, local, data);
1063}
1064
1065int sccp_connection_set_incoming(const struct sockaddr_sccp *sock,
1066 int (*accept_cb)(struct sccp_connection *, void *), void *context)
1067{
1068 struct sccp_data_callback *cb;
1069
1070 if (!sock)
1071 return -2;
1072
1073 cb = _find_ssn(sock->sccp_ssn);
1074 if (!cb)
1075 return -1;
1076
1077 cb->accept_cb = accept_cb;
1078 cb->accept_context = context;
1079 return 0;
1080}
1081
1082int sccp_write(struct msgb *data, const struct sockaddr_sccp *in,
1083 const struct sockaddr_sccp *out, int class)
1084{
1085 return _sccp_send_data(class, in, out, data);
1086}
1087
1088int sccp_set_read(const struct sockaddr_sccp *sock,
1089 int (*read_cb)(struct msgb *, unsigned int, void *), void *context)
1090{
1091 struct sccp_data_callback *cb;
1092
1093 if (!sock)
1094 return -2;
1095
1096 cb = _find_ssn(sock->sccp_ssn);
1097 if (!cb)
1098 return -1;
1099
1100 cb->read_cb = read_cb;
1101 cb->read_context = context;
1102 return 0;
1103}
1104
1105static_assert(sizeof(struct sccp_source_reference) <= sizeof(u_int32_t), enough_space);
1106
1107u_int32_t sccp_src_ref_to_int(struct sccp_source_reference *ref)
1108{
1109 u_int32_t src_ref = 0;
1110 memcpy(&src_ref, ref, sizeof(*ref));
1111 return src_ref;
1112}
1113
1114struct sccp_source_reference sccp_src_ref_from_int(u_int32_t int_ref)
1115{
1116 struct sccp_source_reference ref;
1117 memcpy(&ref, &int_ref, sizeof(ref));
1118 return ref;
1119}
1120
1121static __attribute__((constructor)) void on_dso_load(void)
1122{
1123 tall_sccp_ctx = talloc_named_const(NULL, 1, "sccp");
1124}
1125
1126static __attribute__((destructor)) void on_dso_unload(void)
1127{
1128 talloc_report_full(tall_sccp_ctx, stderr);
1129}