Harald Welte | fd355a3 | 2011-03-04 13:41:31 +0100 | [diff] [blame] | 1 | /* OpenBSC Abis input driver for HSL Femto */ |
| 2 | |
| 3 | /* (C) 2011 by Harald Welte <laforge@gnumonks.org> |
| 4 | * (C) 2011 by On-Waves |
| 5 | * |
| 6 | * All Rights Reserved |
| 7 | * |
| 8 | * This program is free software; you can redistribute it and/or modify |
| 9 | * it under the terms of the GNU Affero General Public License as published by |
| 10 | * the Free Software Foundation; either version 3 of the License, or |
| 11 | * (at your option) any later version. |
| 12 | * |
| 13 | * This program is distributed in the hope that it will be useful, |
| 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 16 | * GNU Affero General Public License for more details. |
| 17 | * |
| 18 | * You should have received a copy of the GNU Affero General Public License |
| 19 | * along with this program. If not, see <http://www.gnu.org/licenses/>. |
| 20 | * |
| 21 | */ |
| 22 | |
| 23 | /* HSL uses a much more primitive/simplified version of the IPA multiplex. |
| 24 | * |
| 25 | * They have taken out the nice parts like the ID_GET / ID_RESP for resolving |
| 26 | * the UNIT ID, as well as the keepalive ping/pong messages. Furthermore, the |
| 27 | * Stream Identifiers are fixed on the BTS side (RSL always 0, OML always 0xff) |
| 28 | * and both OML+RSL share a single TCP connection. |
| 29 | * |
| 30 | * Other oddities include the encapsulation of BSSGP messages in the L3_INFO IE |
| 31 | * of RSL |
| 32 | */ |
| 33 | |
| 34 | #include <stdio.h> |
| 35 | #include <unistd.h> |
| 36 | #include <stdlib.h> |
| 37 | #include <errno.h> |
| 38 | #include <string.h> |
| 39 | #include <time.h> |
| 40 | #include <sys/fcntl.h> |
| 41 | #include <sys/types.h> |
| 42 | #include <sys/socket.h> |
| 43 | #include <sys/ioctl.h> |
| 44 | #include <arpa/inet.h> |
| 45 | |
Pablo Neira Ayuso | 136f453 | 2011-03-22 16:47:59 +0100 | [diff] [blame] | 46 | #include <osmocom/core/select.h> |
| 47 | #include <osmocom/gsm/tlv.h> |
| 48 | #include <osmocom/core/msgb.h> |
Harald Welte | fd355a3 | 2011-03-04 13:41:31 +0100 | [diff] [blame] | 49 | #include <openbsc/debug.h> |
| 50 | #include <openbsc/gsm_data.h> |
| 51 | #include <openbsc/abis_nm.h> |
| 52 | #include <openbsc/abis_rsl.h> |
| 53 | #include <openbsc/subchan_demux.h> |
| 54 | #include <openbsc/e1_input.h> |
| 55 | #include <openbsc/ipaccess.h> |
| 56 | #include <openbsc/socket.h> |
| 57 | #include <openbsc/signal.h> |
Pablo Neira Ayuso | 136f453 | 2011-03-22 16:47:59 +0100 | [diff] [blame] | 58 | #include <osmocom/core/talloc.h> |
Harald Welte | fd355a3 | 2011-03-04 13:41:31 +0100 | [diff] [blame] | 59 | |
| 60 | #define HSL_TCP_PORT 2500 |
| 61 | #define HSL_PROTO_DEBUG 0xdd |
| 62 | |
| 63 | #define PRIV_OML 1 |
| 64 | #define PRIV_RSL 2 |
| 65 | |
| 66 | /* data structure for one E1 interface with A-bis */ |
| 67 | struct hsl_e1_handle { |
| 68 | struct bsc_fd listen_fd; |
| 69 | struct gsm_network *gsmnet; |
| 70 | }; |
| 71 | |
| 72 | static struct hsl_e1_handle *e1h; |
| 73 | |
| 74 | |
| 75 | #define TS1_ALLOC_SIZE 900 |
| 76 | |
| 77 | #define OML_UP 0x0001 |
| 78 | #define RSL_UP 0x0002 |
| 79 | |
| 80 | int hsl_drop_oml(struct gsm_bts *bts) |
| 81 | { |
| 82 | struct gsm_bts_trx *trx; |
| 83 | struct e1inp_ts *ts; |
| 84 | struct e1inp_line *line; |
| 85 | struct bsc_fd *bfd; |
| 86 | |
| 87 | if (!bts || !bts->oml_link) |
| 88 | return -1; |
| 89 | |
| 90 | /* send OML down */ |
| 91 | ts = bts->oml_link->ts; |
| 92 | line = ts->line; |
| 93 | e1inp_event(ts, S_INP_TEI_DN, bts->oml_link->tei, bts->oml_link->sapi); |
| 94 | |
| 95 | bfd = &ts->driver.ipaccess.fd; |
| 96 | bsc_unregister_fd(bfd); |
| 97 | close(bfd->fd); |
| 98 | bfd->fd = -1; |
| 99 | |
| 100 | /* clean up OML and RSL */ |
| 101 | e1inp_sign_link_destroy(bts->oml_link); |
| 102 | bts->oml_link = NULL; |
| 103 | e1inp_sign_link_destroy(bts->c0->rsl_link); |
| 104 | bts->c0->rsl_link = NULL; |
| 105 | bts->ip_access.flags = 0; |
| 106 | |
| 107 | /* kill the E1 line now... as we have no one left to use it */ |
| 108 | talloc_free(line); |
| 109 | |
| 110 | return -1; |
| 111 | } |
| 112 | |
| 113 | static int hsl_drop_ts_fd(struct e1inp_ts *ts, struct bsc_fd *bfd) |
| 114 | { |
| 115 | struct e1inp_sign_link *link, *link2; |
| 116 | int bts_nr = -1; |
| 117 | |
| 118 | llist_for_each_entry_safe(link, link2, &ts->sign.sign_links, list) { |
| 119 | bts_nr = link->trx->bts->bts_nr; |
| 120 | e1inp_sign_link_destroy(link); |
| 121 | } |
| 122 | |
| 123 | bsc_unregister_fd(bfd); |
| 124 | close(bfd->fd); |
| 125 | bfd->fd = -1; |
| 126 | |
| 127 | talloc_free(ts->line); |
| 128 | |
| 129 | return bts_nr; |
| 130 | } |
| 131 | |
| 132 | struct gsm_bts *find_bts_by_serno(struct gsm_network *net, unsigned long serno) |
| 133 | { |
| 134 | struct gsm_bts *bts; |
| 135 | |
| 136 | llist_for_each_entry(bts, &net->bts_list, list) { |
| 137 | if (bts->type != GSM_BTS_TYPE_HSL_FEMTO) |
| 138 | continue; |
| 139 | |
| 140 | if (serno == bts->hsl.serno) |
| 141 | return bts; |
| 142 | } |
| 143 | |
| 144 | return NULL; |
| 145 | } |
| 146 | |
| 147 | |
| 148 | static int process_hsl_rsl(struct msgb *msg, struct e1inp_line *line) |
| 149 | { |
| 150 | char serno_buf[16]; |
| 151 | uint8_t serno_len; |
| 152 | unsigned long serno; |
| 153 | struct gsm_bts *bts; |
| 154 | |
| 155 | switch (msg->l2h[1]) { |
| 156 | case 0x80: |
| 157 | /*, contains Serial Number + SW version */ |
| 158 | if (msg->l2h[2] != 0xc0) |
| 159 | break; |
| 160 | serno_len = msg->l2h[3]; |
| 161 | if (serno_len > sizeof(serno_buf)-1) |
| 162 | serno_len = sizeof(serno_buf)-1; |
| 163 | memcpy(serno_buf, msg->l2h+4, serno_len); |
| 164 | serno_buf[serno_len] = '\0'; |
| 165 | serno = strtoul(serno_buf, NULL, 10); |
| 166 | bts = find_bts_by_serno(e1h->gsmnet, serno); |
| 167 | if (!bts) { |
| 168 | LOGP(DINP, LOGL_ERROR, "Unable to find BTS config for " |
| 169 | "serial number %lu(%s)\n", serno, serno_buf); |
| 170 | return -EIO; |
| 171 | } |
| 172 | |
| 173 | DEBUGP(DINP, "Identified HSL BTS Serial Number %lu\n", serno); |
| 174 | |
| 175 | /* we shouldn't hardcode it, but HSL femto also hardcodes it... */ |
| 176 | bts->oml_tei = 255; |
| 177 | bts->c0->rsl_tei = 0; |
| 178 | bts->oml_link = e1inp_sign_link_create(&line->ts[PRIV_OML - 1], |
| 179 | E1INP_SIGN_OML, bts->c0, |
| 180 | bts->oml_tei, 0); |
| 181 | bts->c0->rsl_link = e1inp_sign_link_create(&line->ts[PRIV_OML - 1], |
| 182 | E1INP_SIGN_RSL, bts->c0, |
| 183 | bts->c0->rsl_tei, 0); |
| 184 | e1inp_event(&line->ts[PRIV_OML-1], S_INP_TEI_UP, 255, 0); |
| 185 | e1inp_event(&line->ts[PRIV_OML-1], S_INP_TEI_UP, 0, 0); |
| 186 | bts->ip_access.flags |= OML_UP; |
| 187 | bts->ip_access.flags |= (RSL_UP << 0); |
| 188 | msgb_free(msg); |
| 189 | return 1; /* == we have taken over the msg */ |
| 190 | case 0x82: |
| 191 | /* FIXME: do something with BSSGP, i.e. forward it over |
| 192 | * NSIP to OsmoSGSN */ |
Harald Welte | 63467e8 | 2011-01-14 23:21:13 +0100 | [diff] [blame] | 193 | msgb_free(msg); |
| 194 | return 1; |
Harald Welte | fd355a3 | 2011-03-04 13:41:31 +0100 | [diff] [blame] | 195 | } |
| 196 | return 0; |
| 197 | } |
| 198 | |
| 199 | static int handle_ts1_read(struct bsc_fd *bfd) |
| 200 | { |
| 201 | struct e1inp_line *line = bfd->data; |
| 202 | unsigned int ts_nr = bfd->priv_nr; |
| 203 | struct e1inp_ts *e1i_ts = &line->ts[ts_nr-1]; |
| 204 | struct e1inp_sign_link *link; |
| 205 | struct msgb *msg; |
| 206 | struct ipaccess_head *hh; |
| 207 | int ret = 0, error; |
| 208 | |
| 209 | msg = ipaccess_read_msg(bfd, &error); |
| 210 | if (!msg) { |
| 211 | if (error == 0) { |
| 212 | int ret = hsl_drop_ts_fd(e1i_ts, bfd); |
| 213 | if (ret >= 0) |
| 214 | LOGP(DINP, LOGL_NOTICE, "BTS %u disappeared, dead socket\n", |
| 215 | ret); |
| 216 | else |
| 217 | LOGP(DINP, LOGL_NOTICE, "unknown BTS disappeared, dead socket\n"); |
| 218 | } |
| 219 | return error; |
| 220 | } |
| 221 | |
| 222 | DEBUGP(DMI, "RX %u: %s\n", ts_nr, hexdump(msgb_l2(msg), msgb_l2len(msg))); |
| 223 | |
| 224 | hh = (struct ipaccess_head *) msg->data; |
| 225 | if (hh->proto == HSL_PROTO_DEBUG) { |
| 226 | LOGP(DINP, LOGL_NOTICE, "HSL debug: %s\n", msg->data + sizeof(*hh)); |
| 227 | msgb_free(msg); |
| 228 | return ret; |
| 229 | } |
| 230 | |
| 231 | /* HSL proprietary RSL extension */ |
Harald Welte | 26d7907 | 2011-01-14 23:18:59 +0100 | [diff] [blame] | 232 | if (hh->proto == 0 && (msg->l2h[0] == 0x81 || msg->l2h[0] == 0x80)) { |
Harald Welte | fd355a3 | 2011-03-04 13:41:31 +0100 | [diff] [blame] | 233 | ret = process_hsl_rsl(msg, line); |
| 234 | if (ret < 0) { |
| 235 | /* FIXME: close connection */ |
| 236 | hsl_drop_ts_fd(e1i_ts, bfd); |
| 237 | return ret; |
| 238 | } else if (ret == 1) |
| 239 | return 0; |
| 240 | /* else: continue... */ |
| 241 | } |
Harald Welte | 26d7907 | 2011-01-14 23:18:59 +0100 | [diff] [blame] | 242 | #ifdef HSL_SR_1_0 |
Harald Welte | fd355a3 | 2011-03-04 13:41:31 +0100 | [diff] [blame] | 243 | /* HSL for whatever reason chose to use 0x81 instead of 0x80 for FOM */ |
| 244 | if (hh->proto == 255 && msg->l2h[0] == (ABIS_OM_MDISC_FOM | 0x01)) |
| 245 | msg->l2h[0] = ABIS_OM_MDISC_FOM; |
Harald Welte | 26d7907 | 2011-01-14 23:18:59 +0100 | [diff] [blame] | 246 | #endif |
Harald Welte | fd355a3 | 2011-03-04 13:41:31 +0100 | [diff] [blame] | 247 | link = e1inp_lookup_sign_link(e1i_ts, hh->proto, 0); |
| 248 | if (!link) { |
| 249 | LOGP(DINP, LOGL_ERROR, "no matching signalling link for " |
| 250 | "hh->proto=0x%02x\n", hh->proto); |
| 251 | msgb_free(msg); |
| 252 | return -EIO; |
| 253 | } |
| 254 | msg->trx = link->trx; |
| 255 | |
| 256 | switch (link->type) { |
| 257 | case E1INP_SIGN_RSL: |
| 258 | if (!(msg->trx->bts->ip_access.flags & (RSL_UP << msg->trx->nr))) { |
| 259 | e1inp_event(e1i_ts, S_INP_TEI_UP, link->tei, link->sapi); |
| 260 | msg->trx->bts->ip_access.flags |= (RSL_UP << msg->trx->nr); |
| 261 | } |
| 262 | ret = abis_rsl_rcvmsg(msg); |
| 263 | break; |
| 264 | case E1INP_SIGN_OML: |
| 265 | if (!(msg->trx->bts->ip_access.flags & OML_UP)) { |
| 266 | e1inp_event(e1i_ts, S_INP_TEI_UP, link->tei, link->sapi); |
| 267 | msg->trx->bts->ip_access.flags |= OML_UP; |
| 268 | } |
| 269 | ret = abis_nm_rcvmsg(msg); |
| 270 | break; |
| 271 | default: |
| 272 | LOGP(DINP, LOGL_NOTICE, "Unknown HSL protocol class 0x%02x\n", hh->proto); |
| 273 | msgb_free(msg); |
| 274 | break; |
| 275 | } |
| 276 | return ret; |
| 277 | } |
| 278 | |
| 279 | static int ts_want_write(struct e1inp_ts *e1i_ts) |
| 280 | { |
| 281 | e1i_ts->driver.ipaccess.fd.when |= BSC_FD_WRITE; |
| 282 | |
| 283 | return 0; |
| 284 | } |
| 285 | |
| 286 | static void timeout_ts1_write(void *data) |
| 287 | { |
| 288 | struct e1inp_ts *e1i_ts = (struct e1inp_ts *)data; |
| 289 | |
| 290 | /* trigger write of ts1, due to tx delay timer */ |
| 291 | ts_want_write(e1i_ts); |
| 292 | } |
| 293 | |
| 294 | static int handle_ts1_write(struct bsc_fd *bfd) |
| 295 | { |
| 296 | struct e1inp_line *line = bfd->data; |
| 297 | unsigned int ts_nr = bfd->priv_nr; |
| 298 | struct e1inp_ts *e1i_ts = &line->ts[ts_nr-1]; |
| 299 | struct e1inp_sign_link *sign_link; |
| 300 | struct msgb *msg; |
| 301 | u_int8_t proto; |
| 302 | int ret; |
| 303 | |
| 304 | bfd->when &= ~BSC_FD_WRITE; |
| 305 | |
| 306 | /* get the next msg for this timeslot */ |
| 307 | msg = e1inp_tx_ts(e1i_ts, &sign_link); |
| 308 | if (!msg) { |
| 309 | /* no message after tx delay timer */ |
| 310 | return 0; |
| 311 | } |
| 312 | |
| 313 | switch (sign_link->type) { |
| 314 | case E1INP_SIGN_OML: |
| 315 | proto = IPAC_PROTO_OML; |
Harald Welte | 26d7907 | 2011-01-14 23:18:59 +0100 | [diff] [blame] | 316 | #ifdef HSL_SR_1_0 |
Harald Welte | fd355a3 | 2011-03-04 13:41:31 +0100 | [diff] [blame] | 317 | /* HSL uses 0x81 for FOM for some reason */ |
| 318 | if (msg->data[0] == ABIS_OM_MDISC_FOM) |
| 319 | msg->data[0] = ABIS_OM_MDISC_FOM | 0x01; |
Harald Welte | 26d7907 | 2011-01-14 23:18:59 +0100 | [diff] [blame] | 320 | #endif |
Harald Welte | fd355a3 | 2011-03-04 13:41:31 +0100 | [diff] [blame] | 321 | break; |
| 322 | case E1INP_SIGN_RSL: |
| 323 | proto = IPAC_PROTO_RSL; |
| 324 | break; |
| 325 | default: |
| 326 | msgb_free(msg); |
| 327 | bfd->when |= BSC_FD_WRITE; /* come back for more msg */ |
| 328 | return -EINVAL; |
| 329 | } |
| 330 | |
| 331 | msg->l2h = msg->data; |
| 332 | ipaccess_prepend_header(msg, sign_link->tei); |
| 333 | |
| 334 | DEBUGP(DMI, "TX %u: %s\n", ts_nr, hexdump(msg->l2h, msgb_l2len(msg))); |
| 335 | |
| 336 | ret = send(bfd->fd, msg->data, msg->len, 0); |
| 337 | msgb_free(msg); |
| 338 | |
| 339 | /* set tx delay timer for next event */ |
| 340 | e1i_ts->sign.tx_timer.cb = timeout_ts1_write; |
| 341 | e1i_ts->sign.tx_timer.data = e1i_ts; |
| 342 | |
| 343 | /* Reducing this might break the nanoBTS 900 init. */ |
| 344 | bsc_schedule_timer(&e1i_ts->sign.tx_timer, 0, e1i_ts->sign.delay); |
| 345 | |
| 346 | return ret; |
| 347 | } |
| 348 | |
| 349 | /* callback from select.c in case one of the fd's can be read/written */ |
| 350 | static int hsl_fd_cb(struct bsc_fd *bfd, unsigned int what) |
| 351 | { |
| 352 | struct e1inp_line *line = bfd->data; |
| 353 | unsigned int ts_nr = bfd->priv_nr; |
| 354 | unsigned int idx = ts_nr-1; |
| 355 | struct e1inp_ts *e1i_ts; |
| 356 | int rc = 0; |
| 357 | |
| 358 | /* In case of early RSL we might not yet have a line */ |
| 359 | |
| 360 | if (line) |
| 361 | e1i_ts = &line->ts[idx]; |
| 362 | |
| 363 | if (!line || e1i_ts->type == E1INP_TS_TYPE_SIGN) { |
| 364 | if (what & BSC_FD_READ) |
| 365 | rc = handle_ts1_read(bfd); |
| 366 | if (what & BSC_FD_WRITE) |
| 367 | rc = handle_ts1_write(bfd); |
| 368 | } else |
| 369 | LOGP(DINP, LOGL_ERROR, "unknown E1 TS type %u\n", e1i_ts->type); |
| 370 | |
| 371 | return rc; |
| 372 | } |
| 373 | |
| 374 | struct e1inp_driver hsl_driver = { |
| 375 | .name = "HSL", |
| 376 | .want_write = ts_want_write, |
| 377 | .default_delay = 0, |
| 378 | }; |
| 379 | |
| 380 | /* callback of the OML listening filedescriptor */ |
| 381 | static int listen_fd_cb(struct bsc_fd *listen_bfd, unsigned int what) |
| 382 | { |
| 383 | int ret; |
| 384 | int idx = 0; |
| 385 | int i; |
| 386 | struct e1inp_line *line; |
| 387 | struct e1inp_ts *e1i_ts; |
| 388 | struct bsc_fd *bfd; |
| 389 | struct sockaddr_in sa; |
| 390 | socklen_t sa_len = sizeof(sa); |
| 391 | |
| 392 | if (!(what & BSC_FD_READ)) |
| 393 | return 0; |
| 394 | |
| 395 | ret = accept(listen_bfd->fd, (struct sockaddr *) &sa, &sa_len); |
| 396 | if (ret < 0) { |
| 397 | perror("accept"); |
| 398 | return ret; |
| 399 | } |
| 400 | LOGP(DINP, LOGL_NOTICE, "accept()ed new HSL link from %s\n", |
| 401 | inet_ntoa(sa.sin_addr)); |
| 402 | |
| 403 | line = talloc_zero(tall_bsc_ctx, struct e1inp_line); |
| 404 | if (!line) { |
| 405 | close(ret); |
| 406 | return -ENOMEM; |
| 407 | } |
| 408 | line->driver = &hsl_driver; |
| 409 | //line->driver_data = e1h; |
| 410 | /* create virrtual E1 timeslots for signalling */ |
| 411 | e1inp_ts_config(&line->ts[1-1], line, E1INP_TS_TYPE_SIGN); |
| 412 | |
| 413 | /* initialize the fds */ |
| 414 | for (i = 0; i < ARRAY_SIZE(line->ts); ++i) |
| 415 | line->ts[i].driver.ipaccess.fd.fd = -1; |
| 416 | |
| 417 | e1i_ts = &line->ts[idx]; |
| 418 | |
| 419 | bfd = &e1i_ts->driver.ipaccess.fd; |
| 420 | bfd->fd = ret; |
| 421 | bfd->data = line; |
| 422 | bfd->priv_nr = PRIV_OML; |
| 423 | bfd->cb = hsl_fd_cb; |
| 424 | bfd->when = BSC_FD_READ; |
| 425 | ret = bsc_register_fd(bfd); |
| 426 | if (ret < 0) { |
| 427 | LOGP(DINP, LOGL_ERROR, "could not register FD\n"); |
| 428 | close(bfd->fd); |
| 429 | talloc_free(line); |
| 430 | return ret; |
| 431 | } |
| 432 | |
| 433 | return ret; |
| 434 | //return e1inp_line_register(line); |
| 435 | } |
| 436 | |
| 437 | int hsl_setup(struct gsm_network *gsmnet) |
| 438 | { |
| 439 | int ret; |
| 440 | |
| 441 | /* register the driver with the core */ |
| 442 | /* FIXME: do this in the plugin initializer function */ |
| 443 | ret = e1inp_driver_register(&hsl_driver); |
| 444 | if (ret) |
| 445 | return ret; |
| 446 | |
| 447 | e1h = talloc_zero(tall_bsc_ctx, struct hsl_e1_handle); |
| 448 | if (!e1h) |
| 449 | return -ENOMEM; |
| 450 | |
| 451 | e1h->gsmnet = gsmnet; |
| 452 | |
| 453 | /* Listen for connections */ |
Pablo Neira Ayuso | 165fe56 | 2011-04-05 18:33:24 +0200 | [diff] [blame^] | 454 | ret = make_sock(&e1h->listen_fd, IPPROTO_TCP, INADDR_ANY, HSL_TCP_PORT, |
| 455 | 0, listen_fd_cb, NULL); |
Harald Welte | fd355a3 | 2011-03-04 13:41:31 +0100 | [diff] [blame] | 456 | if (ret < 0) |
| 457 | return ret; |
| 458 | |
| 459 | return 0; |
| 460 | } |