Harald Welte | fd355a3 | 2011-03-04 13:41:31 +0100 | [diff] [blame] | 1 | /* OpenBSC Abis input driver for HSL Femto */ |
| 2 | |
| 3 | /* (C) 2011 by Harald Welte <laforge@gnumonks.org> |
| 4 | * (C) 2011 by On-Waves |
| 5 | * |
| 6 | * All Rights Reserved |
| 7 | * |
| 8 | * This program is free software; you can redistribute it and/or modify |
| 9 | * it under the terms of the GNU Affero General Public License as published by |
| 10 | * the Free Software Foundation; either version 3 of the License, or |
| 11 | * (at your option) any later version. |
| 12 | * |
| 13 | * This program is distributed in the hope that it will be useful, |
| 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 16 | * GNU Affero General Public License for more details. |
| 17 | * |
| 18 | * You should have received a copy of the GNU Affero General Public License |
| 19 | * along with this program. If not, see <http://www.gnu.org/licenses/>. |
| 20 | * |
| 21 | */ |
| 22 | |
| 23 | /* HSL uses a much more primitive/simplified version of the IPA multiplex. |
| 24 | * |
| 25 | * They have taken out the nice parts like the ID_GET / ID_RESP for resolving |
| 26 | * the UNIT ID, as well as the keepalive ping/pong messages. Furthermore, the |
| 27 | * Stream Identifiers are fixed on the BTS side (RSL always 0, OML always 0xff) |
| 28 | * and both OML+RSL share a single TCP connection. |
| 29 | * |
| 30 | * Other oddities include the encapsulation of BSSGP messages in the L3_INFO IE |
| 31 | * of RSL |
| 32 | */ |
| 33 | |
| 34 | #include <stdio.h> |
| 35 | #include <unistd.h> |
| 36 | #include <stdlib.h> |
| 37 | #include <errno.h> |
| 38 | #include <string.h> |
| 39 | #include <time.h> |
| 40 | #include <sys/fcntl.h> |
Harald Welte | fd355a3 | 2011-03-04 13:41:31 +0100 | [diff] [blame] | 41 | #include <sys/socket.h> |
| 42 | #include <sys/ioctl.h> |
| 43 | #include <arpa/inet.h> |
| 44 | |
Pablo Neira Ayuso | 136f453 | 2011-03-22 16:47:59 +0100 | [diff] [blame] | 45 | #include <osmocom/core/select.h> |
| 46 | #include <osmocom/gsm/tlv.h> |
| 47 | #include <osmocom/core/msgb.h> |
Harald Welte | fd355a3 | 2011-03-04 13:41:31 +0100 | [diff] [blame] | 48 | #include <openbsc/debug.h> |
| 49 | #include <openbsc/gsm_data.h> |
| 50 | #include <openbsc/abis_nm.h> |
| 51 | #include <openbsc/abis_rsl.h> |
| 52 | #include <openbsc/subchan_demux.h> |
| 53 | #include <openbsc/e1_input.h> |
| 54 | #include <openbsc/ipaccess.h> |
| 55 | #include <openbsc/socket.h> |
| 56 | #include <openbsc/signal.h> |
Pablo Neira Ayuso | 136f453 | 2011-03-22 16:47:59 +0100 | [diff] [blame] | 57 | #include <osmocom/core/talloc.h> |
Harald Welte | fd355a3 | 2011-03-04 13:41:31 +0100 | [diff] [blame] | 58 | |
| 59 | #define HSL_TCP_PORT 2500 |
| 60 | #define HSL_PROTO_DEBUG 0xdd |
| 61 | |
| 62 | #define PRIV_OML 1 |
| 63 | #define PRIV_RSL 2 |
| 64 | |
| 65 | /* data structure for one E1 interface with A-bis */ |
| 66 | struct hsl_e1_handle { |
| 67 | struct bsc_fd listen_fd; |
| 68 | struct gsm_network *gsmnet; |
| 69 | }; |
| 70 | |
| 71 | static struct hsl_e1_handle *e1h; |
| 72 | |
| 73 | |
| 74 | #define TS1_ALLOC_SIZE 900 |
| 75 | |
| 76 | #define OML_UP 0x0001 |
| 77 | #define RSL_UP 0x0002 |
| 78 | |
| 79 | int hsl_drop_oml(struct gsm_bts *bts) |
| 80 | { |
| 81 | struct gsm_bts_trx *trx; |
| 82 | struct e1inp_ts *ts; |
| 83 | struct e1inp_line *line; |
| 84 | struct bsc_fd *bfd; |
| 85 | |
| 86 | if (!bts || !bts->oml_link) |
| 87 | return -1; |
| 88 | |
| 89 | /* send OML down */ |
| 90 | ts = bts->oml_link->ts; |
| 91 | line = ts->line; |
| 92 | e1inp_event(ts, S_INP_TEI_DN, bts->oml_link->tei, bts->oml_link->sapi); |
| 93 | |
| 94 | bfd = &ts->driver.ipaccess.fd; |
| 95 | bsc_unregister_fd(bfd); |
| 96 | close(bfd->fd); |
| 97 | bfd->fd = -1; |
| 98 | |
| 99 | /* clean up OML and RSL */ |
| 100 | e1inp_sign_link_destroy(bts->oml_link); |
| 101 | bts->oml_link = NULL; |
| 102 | e1inp_sign_link_destroy(bts->c0->rsl_link); |
| 103 | bts->c0->rsl_link = NULL; |
| 104 | bts->ip_access.flags = 0; |
| 105 | |
| 106 | /* kill the E1 line now... as we have no one left to use it */ |
| 107 | talloc_free(line); |
| 108 | |
| 109 | return -1; |
| 110 | } |
| 111 | |
| 112 | static int hsl_drop_ts_fd(struct e1inp_ts *ts, struct bsc_fd *bfd) |
| 113 | { |
| 114 | struct e1inp_sign_link *link, *link2; |
| 115 | int bts_nr = -1; |
| 116 | |
| 117 | llist_for_each_entry_safe(link, link2, &ts->sign.sign_links, list) { |
| 118 | bts_nr = link->trx->bts->bts_nr; |
| 119 | e1inp_sign_link_destroy(link); |
| 120 | } |
| 121 | |
| 122 | bsc_unregister_fd(bfd); |
| 123 | close(bfd->fd); |
| 124 | bfd->fd = -1; |
| 125 | |
| 126 | talloc_free(ts->line); |
| 127 | |
| 128 | return bts_nr; |
| 129 | } |
| 130 | |
| 131 | struct gsm_bts *find_bts_by_serno(struct gsm_network *net, unsigned long serno) |
| 132 | { |
| 133 | struct gsm_bts *bts; |
| 134 | |
| 135 | llist_for_each_entry(bts, &net->bts_list, list) { |
| 136 | if (bts->type != GSM_BTS_TYPE_HSL_FEMTO) |
| 137 | continue; |
| 138 | |
| 139 | if (serno == bts->hsl.serno) |
| 140 | return bts; |
| 141 | } |
| 142 | |
| 143 | return NULL; |
| 144 | } |
| 145 | |
| 146 | |
| 147 | static int process_hsl_rsl(struct msgb *msg, struct e1inp_line *line) |
| 148 | { |
| 149 | char serno_buf[16]; |
| 150 | uint8_t serno_len; |
| 151 | unsigned long serno; |
| 152 | struct gsm_bts *bts; |
| 153 | |
| 154 | switch (msg->l2h[1]) { |
| 155 | case 0x80: |
| 156 | /*, contains Serial Number + SW version */ |
| 157 | if (msg->l2h[2] != 0xc0) |
| 158 | break; |
| 159 | serno_len = msg->l2h[3]; |
| 160 | if (serno_len > sizeof(serno_buf)-1) |
| 161 | serno_len = sizeof(serno_buf)-1; |
| 162 | memcpy(serno_buf, msg->l2h+4, serno_len); |
| 163 | serno_buf[serno_len] = '\0'; |
| 164 | serno = strtoul(serno_buf, NULL, 10); |
| 165 | bts = find_bts_by_serno(e1h->gsmnet, serno); |
| 166 | if (!bts) { |
| 167 | LOGP(DINP, LOGL_ERROR, "Unable to find BTS config for " |
| 168 | "serial number %lu(%s)\n", serno, serno_buf); |
| 169 | return -EIO; |
| 170 | } |
| 171 | |
| 172 | DEBUGP(DINP, "Identified HSL BTS Serial Number %lu\n", serno); |
| 173 | |
| 174 | /* we shouldn't hardcode it, but HSL femto also hardcodes it... */ |
| 175 | bts->oml_tei = 255; |
| 176 | bts->c0->rsl_tei = 0; |
| 177 | bts->oml_link = e1inp_sign_link_create(&line->ts[PRIV_OML - 1], |
| 178 | E1INP_SIGN_OML, bts->c0, |
| 179 | bts->oml_tei, 0); |
| 180 | bts->c0->rsl_link = e1inp_sign_link_create(&line->ts[PRIV_OML - 1], |
| 181 | E1INP_SIGN_RSL, bts->c0, |
| 182 | bts->c0->rsl_tei, 0); |
| 183 | e1inp_event(&line->ts[PRIV_OML-1], S_INP_TEI_UP, 255, 0); |
| 184 | e1inp_event(&line->ts[PRIV_OML-1], S_INP_TEI_UP, 0, 0); |
| 185 | bts->ip_access.flags |= OML_UP; |
| 186 | bts->ip_access.flags |= (RSL_UP << 0); |
| 187 | msgb_free(msg); |
| 188 | return 1; /* == we have taken over the msg */ |
| 189 | case 0x82: |
| 190 | /* FIXME: do something with BSSGP, i.e. forward it over |
| 191 | * NSIP to OsmoSGSN */ |
Harald Welte | 63467e8 | 2011-01-14 23:21:13 +0100 | [diff] [blame] | 192 | msgb_free(msg); |
| 193 | return 1; |
Harald Welte | fd355a3 | 2011-03-04 13:41:31 +0100 | [diff] [blame] | 194 | } |
| 195 | return 0; |
| 196 | } |
| 197 | |
| 198 | static int handle_ts1_read(struct bsc_fd *bfd) |
| 199 | { |
| 200 | struct e1inp_line *line = bfd->data; |
| 201 | unsigned int ts_nr = bfd->priv_nr; |
| 202 | struct e1inp_ts *e1i_ts = &line->ts[ts_nr-1]; |
| 203 | struct e1inp_sign_link *link; |
| 204 | struct msgb *msg; |
| 205 | struct ipaccess_head *hh; |
| 206 | int ret = 0, error; |
| 207 | |
| 208 | msg = ipaccess_read_msg(bfd, &error); |
| 209 | if (!msg) { |
| 210 | if (error == 0) { |
| 211 | int ret = hsl_drop_ts_fd(e1i_ts, bfd); |
| 212 | if (ret >= 0) |
| 213 | LOGP(DINP, LOGL_NOTICE, "BTS %u disappeared, dead socket\n", |
| 214 | ret); |
| 215 | else |
| 216 | LOGP(DINP, LOGL_NOTICE, "unknown BTS disappeared, dead socket\n"); |
| 217 | } |
| 218 | return error; |
| 219 | } |
| 220 | |
| 221 | DEBUGP(DMI, "RX %u: %s\n", ts_nr, hexdump(msgb_l2(msg), msgb_l2len(msg))); |
| 222 | |
| 223 | hh = (struct ipaccess_head *) msg->data; |
| 224 | if (hh->proto == HSL_PROTO_DEBUG) { |
| 225 | LOGP(DINP, LOGL_NOTICE, "HSL debug: %s\n", msg->data + sizeof(*hh)); |
| 226 | msgb_free(msg); |
| 227 | return ret; |
| 228 | } |
| 229 | |
| 230 | /* HSL proprietary RSL extension */ |
Harald Welte | 26d7907 | 2011-01-14 23:18:59 +0100 | [diff] [blame] | 231 | if (hh->proto == 0 && (msg->l2h[0] == 0x81 || msg->l2h[0] == 0x80)) { |
Harald Welte | fd355a3 | 2011-03-04 13:41:31 +0100 | [diff] [blame] | 232 | ret = process_hsl_rsl(msg, line); |
| 233 | if (ret < 0) { |
| 234 | /* FIXME: close connection */ |
| 235 | hsl_drop_ts_fd(e1i_ts, bfd); |
| 236 | return ret; |
| 237 | } else if (ret == 1) |
| 238 | return 0; |
| 239 | /* else: continue... */ |
| 240 | } |
Harald Welte | 26d7907 | 2011-01-14 23:18:59 +0100 | [diff] [blame] | 241 | #ifdef HSL_SR_1_0 |
Harald Welte | fd355a3 | 2011-03-04 13:41:31 +0100 | [diff] [blame] | 242 | /* HSL for whatever reason chose to use 0x81 instead of 0x80 for FOM */ |
| 243 | if (hh->proto == 255 && msg->l2h[0] == (ABIS_OM_MDISC_FOM | 0x01)) |
| 244 | msg->l2h[0] = ABIS_OM_MDISC_FOM; |
Harald Welte | 26d7907 | 2011-01-14 23:18:59 +0100 | [diff] [blame] | 245 | #endif |
Harald Welte | fd355a3 | 2011-03-04 13:41:31 +0100 | [diff] [blame] | 246 | link = e1inp_lookup_sign_link(e1i_ts, hh->proto, 0); |
| 247 | if (!link) { |
| 248 | LOGP(DINP, LOGL_ERROR, "no matching signalling link for " |
| 249 | "hh->proto=0x%02x\n", hh->proto); |
| 250 | msgb_free(msg); |
| 251 | return -EIO; |
| 252 | } |
| 253 | msg->trx = link->trx; |
| 254 | |
| 255 | switch (link->type) { |
| 256 | case E1INP_SIGN_RSL: |
| 257 | if (!(msg->trx->bts->ip_access.flags & (RSL_UP << msg->trx->nr))) { |
| 258 | e1inp_event(e1i_ts, S_INP_TEI_UP, link->tei, link->sapi); |
| 259 | msg->trx->bts->ip_access.flags |= (RSL_UP << msg->trx->nr); |
| 260 | } |
| 261 | ret = abis_rsl_rcvmsg(msg); |
| 262 | break; |
| 263 | case E1INP_SIGN_OML: |
| 264 | if (!(msg->trx->bts->ip_access.flags & OML_UP)) { |
| 265 | e1inp_event(e1i_ts, S_INP_TEI_UP, link->tei, link->sapi); |
| 266 | msg->trx->bts->ip_access.flags |= OML_UP; |
| 267 | } |
| 268 | ret = abis_nm_rcvmsg(msg); |
| 269 | break; |
| 270 | default: |
| 271 | LOGP(DINP, LOGL_NOTICE, "Unknown HSL protocol class 0x%02x\n", hh->proto); |
| 272 | msgb_free(msg); |
| 273 | break; |
| 274 | } |
| 275 | return ret; |
| 276 | } |
| 277 | |
| 278 | static int ts_want_write(struct e1inp_ts *e1i_ts) |
| 279 | { |
| 280 | e1i_ts->driver.ipaccess.fd.when |= BSC_FD_WRITE; |
| 281 | |
| 282 | return 0; |
| 283 | } |
| 284 | |
| 285 | static void timeout_ts1_write(void *data) |
| 286 | { |
| 287 | struct e1inp_ts *e1i_ts = (struct e1inp_ts *)data; |
| 288 | |
| 289 | /* trigger write of ts1, due to tx delay timer */ |
| 290 | ts_want_write(e1i_ts); |
| 291 | } |
| 292 | |
| 293 | static int handle_ts1_write(struct bsc_fd *bfd) |
| 294 | { |
| 295 | struct e1inp_line *line = bfd->data; |
| 296 | unsigned int ts_nr = bfd->priv_nr; |
| 297 | struct e1inp_ts *e1i_ts = &line->ts[ts_nr-1]; |
| 298 | struct e1inp_sign_link *sign_link; |
| 299 | struct msgb *msg; |
Holger Hans Peter Freyther | c42ad8b | 2011-04-18 17:04:00 +0200 | [diff] [blame] | 300 | uint8_t proto; |
Harald Welte | fd355a3 | 2011-03-04 13:41:31 +0100 | [diff] [blame] | 301 | int ret; |
| 302 | |
| 303 | bfd->when &= ~BSC_FD_WRITE; |
| 304 | |
| 305 | /* get the next msg for this timeslot */ |
| 306 | msg = e1inp_tx_ts(e1i_ts, &sign_link); |
| 307 | if (!msg) { |
| 308 | /* no message after tx delay timer */ |
| 309 | return 0; |
| 310 | } |
| 311 | |
| 312 | switch (sign_link->type) { |
| 313 | case E1INP_SIGN_OML: |
| 314 | proto = IPAC_PROTO_OML; |
Harald Welte | 26d7907 | 2011-01-14 23:18:59 +0100 | [diff] [blame] | 315 | #ifdef HSL_SR_1_0 |
Harald Welte | fd355a3 | 2011-03-04 13:41:31 +0100 | [diff] [blame] | 316 | /* HSL uses 0x81 for FOM for some reason */ |
| 317 | if (msg->data[0] == ABIS_OM_MDISC_FOM) |
| 318 | msg->data[0] = ABIS_OM_MDISC_FOM | 0x01; |
Harald Welte | 26d7907 | 2011-01-14 23:18:59 +0100 | [diff] [blame] | 319 | #endif |
Harald Welte | fd355a3 | 2011-03-04 13:41:31 +0100 | [diff] [blame] | 320 | break; |
| 321 | case E1INP_SIGN_RSL: |
| 322 | proto = IPAC_PROTO_RSL; |
| 323 | break; |
| 324 | default: |
| 325 | msgb_free(msg); |
| 326 | bfd->when |= BSC_FD_WRITE; /* come back for more msg */ |
| 327 | return -EINVAL; |
| 328 | } |
| 329 | |
| 330 | msg->l2h = msg->data; |
| 331 | ipaccess_prepend_header(msg, sign_link->tei); |
| 332 | |
| 333 | DEBUGP(DMI, "TX %u: %s\n", ts_nr, hexdump(msg->l2h, msgb_l2len(msg))); |
| 334 | |
| 335 | ret = send(bfd->fd, msg->data, msg->len, 0); |
| 336 | msgb_free(msg); |
| 337 | |
| 338 | /* set tx delay timer for next event */ |
| 339 | e1i_ts->sign.tx_timer.cb = timeout_ts1_write; |
| 340 | e1i_ts->sign.tx_timer.data = e1i_ts; |
| 341 | |
| 342 | /* Reducing this might break the nanoBTS 900 init. */ |
| 343 | bsc_schedule_timer(&e1i_ts->sign.tx_timer, 0, e1i_ts->sign.delay); |
| 344 | |
| 345 | return ret; |
| 346 | } |
| 347 | |
| 348 | /* callback from select.c in case one of the fd's can be read/written */ |
| 349 | static int hsl_fd_cb(struct bsc_fd *bfd, unsigned int what) |
| 350 | { |
| 351 | struct e1inp_line *line = bfd->data; |
| 352 | unsigned int ts_nr = bfd->priv_nr; |
| 353 | unsigned int idx = ts_nr-1; |
| 354 | struct e1inp_ts *e1i_ts; |
| 355 | int rc = 0; |
| 356 | |
| 357 | /* In case of early RSL we might not yet have a line */ |
| 358 | |
| 359 | if (line) |
| 360 | e1i_ts = &line->ts[idx]; |
| 361 | |
| 362 | if (!line || e1i_ts->type == E1INP_TS_TYPE_SIGN) { |
| 363 | if (what & BSC_FD_READ) |
| 364 | rc = handle_ts1_read(bfd); |
| 365 | if (what & BSC_FD_WRITE) |
| 366 | rc = handle_ts1_write(bfd); |
| 367 | } else |
| 368 | LOGP(DINP, LOGL_ERROR, "unknown E1 TS type %u\n", e1i_ts->type); |
| 369 | |
| 370 | return rc; |
| 371 | } |
| 372 | |
| 373 | struct e1inp_driver hsl_driver = { |
| 374 | .name = "HSL", |
| 375 | .want_write = ts_want_write, |
| 376 | .default_delay = 0, |
| 377 | }; |
| 378 | |
| 379 | /* callback of the OML listening filedescriptor */ |
| 380 | static int listen_fd_cb(struct bsc_fd *listen_bfd, unsigned int what) |
| 381 | { |
| 382 | int ret; |
| 383 | int idx = 0; |
| 384 | int i; |
| 385 | struct e1inp_line *line; |
| 386 | struct e1inp_ts *e1i_ts; |
| 387 | struct bsc_fd *bfd; |
| 388 | struct sockaddr_in sa; |
| 389 | socklen_t sa_len = sizeof(sa); |
| 390 | |
| 391 | if (!(what & BSC_FD_READ)) |
| 392 | return 0; |
| 393 | |
| 394 | ret = accept(listen_bfd->fd, (struct sockaddr *) &sa, &sa_len); |
| 395 | if (ret < 0) { |
| 396 | perror("accept"); |
| 397 | return ret; |
| 398 | } |
| 399 | LOGP(DINP, LOGL_NOTICE, "accept()ed new HSL link from %s\n", |
| 400 | inet_ntoa(sa.sin_addr)); |
| 401 | |
| 402 | line = talloc_zero(tall_bsc_ctx, struct e1inp_line); |
| 403 | if (!line) { |
| 404 | close(ret); |
| 405 | return -ENOMEM; |
| 406 | } |
| 407 | line->driver = &hsl_driver; |
| 408 | //line->driver_data = e1h; |
| 409 | /* create virrtual E1 timeslots for signalling */ |
| 410 | e1inp_ts_config(&line->ts[1-1], line, E1INP_TS_TYPE_SIGN); |
| 411 | |
| 412 | /* initialize the fds */ |
| 413 | for (i = 0; i < ARRAY_SIZE(line->ts); ++i) |
| 414 | line->ts[i].driver.ipaccess.fd.fd = -1; |
| 415 | |
| 416 | e1i_ts = &line->ts[idx]; |
| 417 | |
| 418 | bfd = &e1i_ts->driver.ipaccess.fd; |
| 419 | bfd->fd = ret; |
| 420 | bfd->data = line; |
| 421 | bfd->priv_nr = PRIV_OML; |
| 422 | bfd->cb = hsl_fd_cb; |
| 423 | bfd->when = BSC_FD_READ; |
| 424 | ret = bsc_register_fd(bfd); |
| 425 | if (ret < 0) { |
| 426 | LOGP(DINP, LOGL_ERROR, "could not register FD\n"); |
| 427 | close(bfd->fd); |
| 428 | talloc_free(line); |
| 429 | return ret; |
| 430 | } |
| 431 | |
| 432 | return ret; |
| 433 | //return e1inp_line_register(line); |
| 434 | } |
| 435 | |
| 436 | int hsl_setup(struct gsm_network *gsmnet) |
| 437 | { |
| 438 | int ret; |
| 439 | |
| 440 | /* register the driver with the core */ |
| 441 | /* FIXME: do this in the plugin initializer function */ |
| 442 | ret = e1inp_driver_register(&hsl_driver); |
| 443 | if (ret) |
| 444 | return ret; |
| 445 | |
| 446 | e1h = talloc_zero(tall_bsc_ctx, struct hsl_e1_handle); |
| 447 | if (!e1h) |
| 448 | return -ENOMEM; |
| 449 | |
| 450 | e1h->gsmnet = gsmnet; |
| 451 | |
| 452 | /* Listen for connections */ |
Pablo Neira Ayuso | 165fe56 | 2011-04-05 18:33:24 +0200 | [diff] [blame] | 453 | ret = make_sock(&e1h->listen_fd, IPPROTO_TCP, INADDR_ANY, HSL_TCP_PORT, |
| 454 | 0, listen_fd_cb, NULL); |
Harald Welte | fd355a3 | 2011-03-04 13:41:31 +0100 | [diff] [blame] | 455 | if (ret < 0) |
| 456 | return ret; |
| 457 | |
| 458 | return 0; |
| 459 | } |