[gprs] Move all GPRS related code to src/gprs subdirectory
diff --git a/openbsc/src/gprs/Makefile.am b/openbsc/src/gprs/Makefile.am
new file mode 100644
index 0000000..ac177f7
--- /dev/null
+++ b/openbsc/src/gprs/Makefile.am
@@ -0,0 +1,17 @@
+INCLUDES = $(all_includes) -I$(top_srcdir)/include -I$(top_builddir)
+AM_CFLAGS=-Wall $(LIBOSMOCORE_CFLAGS)
+AM_LDFLAGS = $(LIBOSMOCORE_LIBS)
+
+sbin_PROGRAMS = osmo-gbproxy osmo-sgsn
+noinst_LIBRARIES = libsgsn.a
+
+libsgsn_a_SOURCES = gprs_ns.c gprs_bssgp.c gprs_llc.c gsm_04_08_gprs.c \
+ crc24.c gprs_sgsn.c
+
+osmo_gbproxy_SOURCES = gb_proxy.c gb_proxy_main.c gb_proxy_vty.c \
+ gprs_ns.c ../socket.c ../debug.c
+osmo_gbproxy_LDADD = ../libvty.a
+
+osmo_sgsn_SOURCES = sgsn_main.c sgsn_vty.c \
+ ../socket.c ../debug.c
+osmo_sgsn_LDADD = ../libvty.a libsgsn.a
diff --git a/openbsc/src/gprs/crc24.c b/openbsc/src/gprs/crc24.c
new file mode 100644
index 0000000..1082120
--- /dev/null
+++ b/openbsc/src/gprs/crc24.c
@@ -0,0 +1,69 @@
+/* GPRS LLC CRC-24 Implementation */
+
+/* (C) 2008-2009 by Harald Welte <laforge@gnumonks.org>
+ *
+ * All Rights Reserved
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ */
+
+#include <sys/types.h>
+#include <openbsc/crc24.h>
+
+/* CRC24 table - FCS */
+static const u_int32_t tbl_crc24[256] = {
+ 0x00000000, 0x00d6a776, 0x00f64557, 0x0020e221, 0x00b78115, 0x00612663, 0x0041c442, 0x00976334,
+ 0x00340991, 0x00e2aee7, 0x00c24cc6, 0x0014ebb0, 0x00838884, 0x00552ff2, 0x0075cdd3, 0x00a36aa5,
+ 0x00681322, 0x00beb454, 0x009e5675, 0x0048f103, 0x00df9237, 0x00093541, 0x0029d760, 0x00ff7016,
+ 0x005c1ab3, 0x008abdc5, 0x00aa5fe4, 0x007cf892, 0x00eb9ba6, 0x003d3cd0, 0x001ddef1, 0x00cb7987,
+ 0x00d02644, 0x00068132, 0x00266313, 0x00f0c465, 0x0067a751, 0x00b10027, 0x0091e206, 0x00474570,
+ 0x00e42fd5, 0x003288a3, 0x00126a82, 0x00c4cdf4, 0x0053aec0, 0x008509b6, 0x00a5eb97, 0x00734ce1,
+ 0x00b83566, 0x006e9210, 0x004e7031, 0x0098d747, 0x000fb473, 0x00d91305, 0x00f9f124, 0x002f5652,
+ 0x008c3cf7, 0x005a9b81, 0x007a79a0, 0x00acded6, 0x003bbde2, 0x00ed1a94, 0x00cdf8b5, 0x001b5fc3,
+ 0x00fb4733, 0x002de045, 0x000d0264, 0x00dba512, 0x004cc626, 0x009a6150, 0x00ba8371, 0x006c2407,
+ 0x00cf4ea2, 0x0019e9d4, 0x00390bf5, 0x00efac83, 0x0078cfb7, 0x00ae68c1, 0x008e8ae0, 0x00582d96,
+ 0x00935411, 0x0045f367, 0x00651146, 0x00b3b630, 0x0024d504, 0x00f27272, 0x00d29053, 0x00043725,
+ 0x00a75d80, 0x0071faf6, 0x005118d7, 0x0087bfa1, 0x0010dc95, 0x00c67be3, 0x00e699c2, 0x00303eb4,
+ 0x002b6177, 0x00fdc601, 0x00dd2420, 0x000b8356, 0x009ce062, 0x004a4714, 0x006aa535, 0x00bc0243,
+ 0x001f68e6, 0x00c9cf90, 0x00e92db1, 0x003f8ac7, 0x00a8e9f3, 0x007e4e85, 0x005eaca4, 0x00880bd2,
+ 0x00437255, 0x0095d523, 0x00b53702, 0x00639074, 0x00f4f340, 0x00225436, 0x0002b617, 0x00d41161,
+ 0x00777bc4, 0x00a1dcb2, 0x00813e93, 0x005799e5, 0x00c0fad1, 0x00165da7, 0x0036bf86, 0x00e018f0,
+ 0x00ad85dd, 0x007b22ab, 0x005bc08a, 0x008d67fc, 0x001a04c8, 0x00cca3be, 0x00ec419f, 0x003ae6e9,
+ 0x00998c4c, 0x004f2b3a, 0x006fc91b, 0x00b96e6d, 0x002e0d59, 0x00f8aa2f, 0x00d8480e, 0x000eef78,
+ 0x00c596ff, 0x00133189, 0x0033d3a8, 0x00e574de, 0x007217ea, 0x00a4b09c, 0x008452bd, 0x0052f5cb,
+ 0x00f19f6e, 0x00273818, 0x0007da39, 0x00d17d4f, 0x00461e7b, 0x0090b90d, 0x00b05b2c, 0x0066fc5a,
+ 0x007da399, 0x00ab04ef, 0x008be6ce, 0x005d41b8, 0x00ca228c, 0x001c85fa, 0x003c67db, 0x00eac0ad,
+ 0x0049aa08, 0x009f0d7e, 0x00bfef5f, 0x00694829, 0x00fe2b1d, 0x00288c6b, 0x00086e4a, 0x00dec93c,
+ 0x0015b0bb, 0x00c317cd, 0x00e3f5ec, 0x0035529a, 0x00a231ae, 0x007496d8, 0x005474f9, 0x0082d38f,
+ 0x0021b92a, 0x00f71e5c, 0x00d7fc7d, 0x00015b0b, 0x0096383f, 0x00409f49, 0x00607d68, 0x00b6da1e,
+ 0x0056c2ee, 0x00806598, 0x00a087b9, 0x007620cf, 0x00e143fb, 0x0037e48d, 0x001706ac, 0x00c1a1da,
+ 0x0062cb7f, 0x00b46c09, 0x00948e28, 0x0042295e, 0x00d54a6a, 0x0003ed1c, 0x00230f3d, 0x00f5a84b,
+ 0x003ed1cc, 0x00e876ba, 0x00c8949b, 0x001e33ed, 0x008950d9, 0x005ff7af, 0x007f158e, 0x00a9b2f8,
+ 0x000ad85d, 0x00dc7f2b, 0x00fc9d0a, 0x002a3a7c, 0x00bd5948, 0x006bfe3e, 0x004b1c1f, 0x009dbb69,
+ 0x0086e4aa, 0x005043dc, 0x0070a1fd, 0x00a6068b, 0x003165bf, 0x00e7c2c9, 0x00c720e8, 0x0011879e,
+ 0x00b2ed3b, 0x00644a4d, 0x0044a86c, 0x00920f1a, 0x00056c2e, 0x00d3cb58, 0x00f32979, 0x00258e0f,
+ 0x00eef788, 0x003850fe, 0x0018b2df, 0x00ce15a9, 0x0059769d, 0x008fd1eb, 0x00af33ca, 0x007994bc,
+ 0x00dafe19, 0x000c596f, 0x002cbb4e, 0x00fa1c38, 0x006d7f0c, 0x00bbd87a, 0x009b3a5b, 0x004d9d2d
+};
+
+#define INIT_CRC24 0xffffff
+
+u_int32_t crc24_calc(u_int32_t fcs, u_int8_t *cp, unsigned int len)
+{
+ while (len--)
+ fcs = (fcs >> 8) ^ tbl_crc24[(fcs ^ *cp++) & 0xff];
+ return fcs;
+}
diff --git a/openbsc/src/gprs/gb_proxy.c b/openbsc/src/gprs/gb_proxy.c
new file mode 100644
index 0000000..fe5ad70
--- /dev/null
+++ b/openbsc/src/gprs/gb_proxy.c
@@ -0,0 +1,416 @@
+/* NS-over-IP proxy */
+
+/* (C) 2010 by Harald Welte <laforge@gnumonks.org>
+ * (C) 2010 by On Waves
+ * All Rights Reserved
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ */
+
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <getopt.h>
+#include <errno.h>
+#include <sys/fcntl.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+
+#include <osmocore/talloc.h>
+#include <osmocore/select.h>
+
+#include <openbsc/signal.h>
+#include <openbsc/debug.h>
+#include <openbsc/gprs_ns.h>
+#include <openbsc/gprs_bssgp.h>
+#include <openbsc/gb_proxy.h>
+
+struct gbprox_peer {
+ struct llist_head list;
+
+ /* NS-VC over which we send/receive data to this BVC */
+ struct gprs_nsvc *nsvc;
+
+ /* BVCI used for Point-to-Point to this peer */
+ uint16_t bvci;
+
+ /* Routeing Area that this peer is part of (raw 04.08 encoding) */
+ uint8_t ra[6];
+};
+
+/* Linked list of all Gb peers (except SGSN) */
+static LLIST_HEAD(gbprox_bts_peers);
+
+extern struct gprs_ns_inst *gbprox_nsi;
+
+/* Find the gbprox_peer by its BVCI */
+static struct gbprox_peer *peer_by_bvci(uint16_t bvci)
+{
+ struct gbprox_peer *peer;
+ llist_for_each_entry(peer, &gbprox_bts_peers, list) {
+ if (peer->bvci == bvci)
+ return peer;
+ }
+ return NULL;
+}
+
+static struct gbprox_peer *peer_by_nsvc(struct gprs_nsvc *nsvc)
+{
+ struct gbprox_peer *peer;
+ llist_for_each_entry(peer, &gbprox_bts_peers, list) {
+ if (peer->nsvc == nsvc)
+ return peer;
+ }
+ return NULL;
+}
+
+/* look-up a peer by its Routeing Area Code (RAC) */
+static struct gbprox_peer *peer_by_rac(const uint8_t *ra)
+{
+ struct gbprox_peer *peer;
+ llist_for_each_entry(peer, &gbprox_bts_peers, list) {
+ if (!memcmp(&peer->ra, ra, 6))
+ return peer;
+ }
+ return NULL;
+}
+
+/* look-up a peer by its Location Area Code (LAC) */
+static struct gbprox_peer *peer_by_lac(const uint8_t *la)
+{
+ struct gbprox_peer *peer;
+ llist_for_each_entry(peer, &gbprox_bts_peers, list) {
+ if (!memcmp(&peer->ra, la, 5))
+ return peer;
+ }
+ return NULL;
+}
+
+static struct gbprox_peer *peer_alloc(uint16_t bvci)
+{
+ struct gbprox_peer *peer;
+
+ peer = talloc_zero(tall_bsc_ctx, struct gbprox_peer);
+ if (!peer)
+ return NULL;
+
+ peer->bvci = bvci;
+ llist_add(&peer->list, &gbprox_bts_peers);
+
+ return peer;
+}
+
+static void peer_free(struct gbprox_peer *peer)
+{
+ llist_del(&peer->list);
+ talloc_free(peer);
+}
+
+/* strip off the NS header */
+static void strip_ns_hdr(struct msgb *msg)
+{
+ int strip_len = msgb_bssgph(msg) - msg->data;
+ msgb_pull(msg, strip_len);
+}
+
+/* FIXME: this is copy+paste from gprs_bssgp.c */
+static inline struct msgb *bssgp_msgb_alloc(void)
+{
+ return msgb_alloc_headroom(4096, 128, "BSSGP");
+}
+static int bssgp_tx_simple_bvci(uint8_t pdu_type, uint16_t nsei,
+ uint16_t bvci, uint16_t ns_bvci)
+{
+ struct msgb *msg = bssgp_msgb_alloc();
+ struct bssgp_normal_hdr *bgph =
+ (struct bssgp_normal_hdr *) msgb_put(msg, sizeof(*bgph));
+ uint16_t _bvci;
+
+ msgb_nsei(msg) = nsei;
+ msgb_bvci(msg) = ns_bvci;
+
+ bgph->pdu_type = pdu_type;
+ _bvci = htons(bvci);
+ msgb_tvlv_put(msg, BSSGP_IE_BVCI, 2, (uint8_t *) &_bvci);
+
+ return gprs_ns_sendmsg(gbprox_nsi, msg);
+}
+
+
+/* feed a message down the NS-VC associated with the specified peer */
+static int gbprox_relay2sgsn(struct msgb *msg, uint16_t ns_bvci)
+{
+ DEBUGP(DGPRS, "NSEI=%u proxying to SGSN (NS_BVCI=%u, NSEI=%u)\n",
+ msgb_nsei(msg), ns_bvci, gbcfg.nsip_sgsn_nsei);
+
+ msgb_bvci(msg) = ns_bvci;
+ msgb_nsei(msg) = gbcfg.nsip_sgsn_nsei;
+
+ strip_ns_hdr(msg);
+
+ return gprs_ns_sendmsg(gbprox_nsi, msg);
+}
+
+/* feed a message down the NS-VC associated with the specified peer */
+static int gbprox_relay2peer(struct msgb *msg, struct gbprox_peer *peer,
+ uint16_t ns_bvci)
+{
+ DEBUGP(DGPRS, "NSEI=%u proxying to BSS (NS_BVCI=%u, NSEI=%u)\n",
+ msgb_nsei(msg), ns_bvci, peer->nsvc->nsei);
+
+ msgb_bvci(msg) = ns_bvci;
+ msgb_nsei(msg) = peer->nsvc->nsei;
+
+ strip_ns_hdr(msg);
+
+ return gprs_ns_sendmsg(gbprox_nsi, msg);
+}
+
+/* Send a message to a peer identified by ptp_bvci but using ns_bvci
+ * in the NS hdr */
+static int gbprox_relay2bvci(struct msgb *msg, uint16_t ptp_bvci,
+ uint16_t ns_bvci)
+{
+ struct gbprox_peer *peer;
+
+ peer = peer_by_bvci(ptp_bvci);
+ if (!peer) {
+ LOGP(DGPRS, LOGL_ERROR, "Cannot find BSS for BVCI %u\n",
+ ptp_bvci);
+ return -ENOENT;
+ }
+
+ return gbprox_relay2peer(msg, peer, ns_bvci);
+}
+
+/* Receive an incoming signalling message from a BSS-side NS-VC */
+static int gbprox_rx_sig_from_bss(struct msgb *msg, struct gprs_nsvc *nsvc,
+ uint16_t ns_bvci)
+{
+ struct bssgp_normal_hdr *bgph = (struct bssgp_normal_hdr *) msgb_bssgph(msg);
+ struct tlv_parsed tp;
+ uint8_t pdu_type = bgph->pdu_type;
+ int data_len = msgb_bssgp_len(msg) - sizeof(*bgph);
+ struct gbprox_peer *from_peer;
+ struct gprs_ra_id raid;
+
+ if (ns_bvci != 0) {
+ LOGP(DGPRS, LOGL_NOTICE, "NSEI=%u BVCI %u is not signalling\n",
+ nsvc->nsei, ns_bvci);
+ return -EINVAL;
+ }
+
+ /* we actually should never see those two for BVCI == 0, but double-check
+ * just to make sure */
+ if (pdu_type == BSSGP_PDUT_UL_UNITDATA ||
+ pdu_type == BSSGP_PDUT_DL_UNITDATA) {
+ LOGP(DGPRS, LOGL_NOTICE, "NSEI=%u UNITDATA not allowed in "
+ "signalling\n", nsvc->nsei);
+ return -EINVAL;
+ }
+
+ bssgp_tlv_parse(&tp, bgph->data, data_len);
+
+ switch (pdu_type) {
+ case BSSGP_PDUT_SUSPEND:
+ case BSSGP_PDUT_RESUME:
+ /* We implement RAC snooping during SUSPEND/RESUME, since
+ * it establishes a relationsip between BVCI/peer and the
+ * routeing area code. The snooped information is then
+ * used for routing the {SUSPEND,RESUME}_[N]ACK back to
+ * the correct BSSGP */
+ if (!TLVP_PRESENT(&tp, BSSGP_IE_ROUTEING_AREA))
+ goto err_mand_ie;
+ from_peer = peer_by_nsvc(nsvc);
+ if (!from_peer)
+ goto err_no_peer;
+ memcpy(&from_peer->ra, TLVP_VAL(&tp, BSSGP_IE_ROUTEING_AREA),
+ sizeof(&from_peer->ra));
+ gsm48_parse_ra(&raid, &from_peer->ra);
+ DEBUGP(DGPRS, "NSEI=%u RAC snooping: RAC %u/%u/%u/%u behind BVCI=%u, "
+ "NSVCI=%u\n", nsvc->nsei, raid.mcc, raid.mnc, raid.lac,
+ raid.rac , from_peer->bvci, nsvc->nsvci);
+ /* FIXME: This only supports one BSS per RA */
+ break;
+ case BSSGP_PDUT_BVC_RESET:
+ /* If we receive a BVC reset on the signalling endpoint, we
+ * don't want the SGSN to reset, as the signalling endpoint
+ * is common for all point-to-point BVCs (and thus all BTS) */
+ if (TLVP_PRESENT(&tp, BSSGP_IE_BVCI)) {
+ uint16_t bvci = ntohs(*(uint16_t *)TLVP_VAL(&tp, BSSGP_IE_BVCI));
+ if (bvci == 0) {
+ /* FIXME: only do this if SGSN is alive! */
+ LOGP(DGPRS, LOGL_INFO, "NSEI=%u Sending fake "
+ "BVC RESET ACK of BVCI=0\n", nsvc->nsei);
+ return bssgp_tx_simple_bvci(BSSGP_PDUT_BVC_RESET_ACK,
+ nsvc->nsei, 0, ns_bvci);
+ } else if (!peer_by_bvci(bvci)) {
+ /* if a PTP-BVC is reset, and we don't know that
+ * PTP-BVCI yet, we should allocate a new peer */
+ LOGP(DGPRS, LOGL_INFO, "Allocationg new peer for "
+ "BVCI=%u via NSVCI=%u/NSEI=%u\n", bvci,
+ nsvc->nsvci, nsvc->nsei);
+ from_peer = peer_alloc(bvci);
+ from_peer->nsvc = nsvc;
+ }
+ }
+ break;
+ }
+
+ /* Normally, we can simply pass on all signalling messages from BSS to SGSN */
+ return gbprox_relay2sgsn(msg, ns_bvci);
+err_no_peer:
+err_mand_ie:
+ /* FIXME: do something */
+ ;
+}
+
+/* Receive paging request from SGSN, we need to relay to proper BSS */
+static int gbprox_rx_paging(struct msgb *msg, struct tlv_parsed *tp,
+ struct gprs_nsvc *nsvc, uint16_t ns_bvci)
+{
+ struct gbprox_peer *peer;
+
+ if (TLVP_PRESENT(tp, BSSGP_IE_BVCI)) {
+ uint16_t bvci = ntohs(*(uint16_t *)TLVP_VAL(tp, BSSGP_IE_BVCI));
+ return gbprox_relay2bvci(msg, bvci, ns_bvci);
+ } else if (TLVP_PRESENT(tp, BSSGP_IE_ROUTEING_AREA)) {
+ peer = peer_by_rac(TLVP_VAL(tp, BSSGP_IE_ROUTEING_AREA));
+ return gbprox_relay2peer(msg, peer, ns_bvci);
+ } else if (TLVP_PRESENT(tp, BSSGP_IE_LOCATION_AREA)) {
+ peer = peer_by_lac(TLVP_VAL(tp, BSSGP_IE_LOCATION_AREA));
+ return gbprox_relay2peer(msg, peer, ns_bvci);
+ } else
+ return -EINVAL;
+}
+
+/* Receive an incoming signalling message from the SGSN-side NS-VC */
+static int gbprox_rx_sig_from_sgsn(struct msgb *msg, struct gprs_nsvc *nsvc,
+ uint16_t ns_bvci)
+{
+ struct bssgp_normal_hdr *bgph = (struct bssgp_normal_hdr *) msgb_bssgph(msg);
+ struct tlv_parsed tp;
+ uint8_t pdu_type = bgph->pdu_type;
+ int data_len = msgb_bssgp_len(msg) - sizeof(*bgph);
+ struct gbprox_peer *peer;
+ uint16_t bvci;
+ int rc = 0;
+
+ if (ns_bvci != 0) {
+ LOGP(DGPRS, LOGL_NOTICE, "NSEI=%u(SGSN) BVCI %u is not "
+ "signalling\n", nsvc->nsei, ns_bvci);
+ return -EINVAL;
+ }
+
+ /* we actually should never see those two for BVCI == 0, but double-check
+ * just to make sure */
+ if (pdu_type == BSSGP_PDUT_UL_UNITDATA ||
+ pdu_type == BSSGP_PDUT_DL_UNITDATA) {
+ LOGP(DGPRS, LOGL_NOTICE, "NSEI=%u(SGSN) UNITDATA not allowed in "
+ "signalling\n", nsvc->nsei);
+ return -EINVAL;
+ }
+
+ rc = bssgp_tlv_parse(&tp, bgph->data, data_len);
+
+ switch (pdu_type) {
+ case BSSGP_PDUT_FLUSH_LL:
+ case BSSGP_PDUT_BVC_BLOCK_ACK:
+ case BSSGP_PDUT_BVC_UNBLOCK_ACK:
+ case BSSGP_PDUT_BVC_RESET:
+ case BSSGP_PDUT_BVC_RESET_ACK:
+ /* simple case: BVCI IE is mandatory */
+ if (!TLVP_PRESENT(&tp, BSSGP_IE_BVCI))
+ goto err_mand_ie;
+ bvci = ntohs(*(uint16_t *)TLVP_VAL(&tp, BSSGP_IE_BVCI));
+ rc = gbprox_relay2bvci(msg, bvci, ns_bvci);
+ break;
+ case BSSGP_PDUT_PAGING_PS:
+ case BSSGP_PDUT_PAGING_CS:
+ /* process the paging request (LAC/RAC lookup) */
+ rc = gbprox_rx_paging(msg, &tp, nsvc, ns_bvci);
+ break;
+ case BSSGP_PDUT_STATUS:
+ /* FIXME: Some exception has occurred */
+ LOGP(DGPRS, LOGL_NOTICE,
+ "NSEI=%u(SGSN) STATUS not implemented yet\n", nsvc->nsei);
+ break;
+ /* those only exist in the SGSN -> BSS direction */
+ case BSSGP_PDUT_SUSPEND_ACK:
+ case BSSGP_PDUT_SUSPEND_NACK:
+ case BSSGP_PDUT_RESUME_ACK:
+ case BSSGP_PDUT_RESUME_NACK:
+ /* RAC IE is mandatory */
+ if (!TLVP_PRESENT(&tp, BSSGP_IE_ROUTEING_AREA))
+ goto err_mand_ie;
+ peer = peer_by_rac(TLVP_VAL(&tp, BSSGP_IE_ROUTEING_AREA));
+ if (!peer)
+ goto err_no_peer;
+ rc = gbprox_relay2peer(msg, peer, ns_bvci);
+ break;
+ case BSSGP_PDUT_SGSN_INVOKE_TRACE:
+ LOGP(DGPRS, LOGL_ERROR,
+ "NSEI=%u(SGSN) INVOKE TRACE not supported\n", nsvc->nsei);
+ break;
+ default:
+ DEBUGP(DGPRS, "BSSGP PDU type 0x%02x unknown\n", pdu_type);
+ break;
+ }
+
+ return rc;
+err_mand_ie:
+ LOGP(DGPRS, LOGL_ERROR, "NSEI=%u(SGSN) missing mandatory IE\n",
+ nsvc->nsei);
+ /* FIXME: this would pull gprs_bssgp.c in, which in turn has dependencies */
+ //return bssgp_tx_status(BSSGP_CAUSE_MISSING_MAND_IE, NULL, msg);
+ return;
+err_no_peer:
+ LOGP(DGPRS, LOGL_ERROR, "NSEI=%u(SGSN) cannot find peer based on RAC\n");
+ /* FIXME */
+ return;
+}
+
+/* Main input function for Gb proxy */
+int gbprox_rcvmsg(struct msgb *msg, struct gprs_nsvc *nsvc, uint16_t ns_bvci)
+{
+ int rc;
+
+ /* Only BVCI=0 messages need special treatment */
+ if (ns_bvci == 0 || ns_bvci == 1) {
+ if (nsvc->remote_end_is_sgsn)
+ rc = gbprox_rx_sig_from_sgsn(msg, nsvc, ns_bvci);
+ else
+ rc = gbprox_rx_sig_from_bss(msg, nsvc, ns_bvci);
+ } else {
+ /* All other BVCI are PTP and thus can be simply forwarded */
+ if (!nsvc->remote_end_is_sgsn) {
+ rc = gbprox_relay2sgsn(msg, ns_bvci);
+ } else {
+ struct gbprox_peer *peer = peer_by_bvci(ns_bvci);
+ if (!peer) {
+ LOGP(DGPRS, LOGL_NOTICE, "Allocationg new peer for "
+ "BVCI=%u via NSVC=%u/NSEI=%u\n", ns_bvci,
+ nsvc->nsvci, nsvc->nsei);
+ peer = peer_alloc(ns_bvci);
+ peer->nsvc = nsvc;
+ }
+ rc = gbprox_relay2peer(msg, peer, ns_bvci);
+ }
+ }
+
+ return rc;
+}
diff --git a/openbsc/src/gprs/gb_proxy_main.c b/openbsc/src/gprs/gb_proxy_main.c
new file mode 100644
index 0000000..0054b78
--- /dev/null
+++ b/openbsc/src/gprs/gb_proxy_main.c
@@ -0,0 +1,149 @@
+/* NS-over-IP proxy */
+
+/* (C) 2010 by Harald Welte <laforge@gnumonks.org>
+ * (C) 2010 by On Waves
+ * All Rights Reserved
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ */
+
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <getopt.h>
+#include <errno.h>
+#include <sys/fcntl.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
+#include <osmocore/talloc.h>
+#include <osmocore/select.h>
+
+#include <openbsc/signal.h>
+#include <openbsc/debug.h>
+#include <openbsc/gprs_ns.h>
+#include <openbsc/telnet_interface.h>
+#include <openbsc/vty.h>
+#include <openbsc/gb_proxy.h>
+
+#include "../../bscconfig.h"
+
+/* this is here for the vty... it will never be called */
+void subscr_put() { abort(); }
+
+#define _GNU_SOURCE
+#include <getopt.h>
+
+void *tall_bsc_ctx;
+
+struct gprs_ns_inst *gbprox_nsi;
+
+const char *openbsc_version = "Osmocom NSIP Proxy " PACKAGE_VERSION;
+const char *openbsc_copyright =
+ "Copyright (C) 2010 Harald Welte and On-Waves\n"
+ "Contributions by Daniel Willmann, Jan Lübbe, Stefan Schmidt\n"
+ "Dieter Spaar, Andreas Eversberg, Holger Freyther\n\n"
+ "License GPLv2+: GNU GPL version 2 or later <http://gnu.org/licenses/gpl.html>\n"
+ "This is free software: you are free to change and redistribute it.\n"
+ "There is NO WARRANTY, to the extent permitted by law.\n";
+
+static char *config_file = "osmo_gbproxy.cfg";
+struct gbproxy_config gbcfg;
+
+/* Pointer to the SGSN peer */
+extern struct gbprox_peer *gbprox_peer_sgsn;
+
+/* call-back function for the NS protocol */
+static int proxy_ns_cb(enum gprs_ns_evt event, struct gprs_nsvc *nsvc,
+ struct msgb *msg, u_int16_t bvci)
+{
+ int rc = 0;
+
+ switch (event) {
+ case GPRS_NS_EVT_UNIT_DATA:
+ rc = gbprox_rcvmsg(msg, nsvc, bvci);
+ break;
+ default:
+ LOGP(DGPRS, LOGL_ERROR, "SGSN: Unknown event %u from NS\n", event);
+ if (msg)
+ talloc_free(msg);
+ rc = -EIO;
+ break;
+ }
+ return rc;
+}
+
+
+int main(int argc, char **argv)
+{
+ struct gsm_network dummy_network;
+ struct log_target *stderr_target;
+ struct sockaddr_in sin;
+ int rc;
+
+ tall_bsc_ctx = talloc_named_const(NULL, 0, "nsip_proxy");
+
+ log_init(&log_info);
+ stderr_target = log_target_create_stderr();
+ log_add_target(stderr_target);
+ log_set_all_filter(stderr_target, 1);
+
+ telnet_init(&dummy_network, 4244);
+ rc = gbproxy_parse_config(config_file, &gbcfg);
+ if (rc < 0) {
+ LOGP(DGPRS, LOGL_FATAL, "Cannot parse config file\n");
+ exit(2);
+ }
+
+ gbprox_nsi = gprs_ns_instantiate(&proxy_ns_cb);
+ if (!gbprox_nsi) {
+ LOGP(DGPRS, LOGL_ERROR, "Unable to instantiate NS\n");
+ exit(1);
+ }
+ gbcfg.nsi = gbprox_nsi;
+ nsip_listen(gbprox_nsi, gbcfg.nsip_listen_port);
+
+ /* 'establish' the outgoing connection to the SGSN */
+ sin.sin_family = AF_INET;
+ sin.sin_port = htons(gbcfg.nsip_sgsn_port);
+ sin.sin_addr.s_addr = htonl(gbcfg.nsip_sgsn_ip);
+ nsip_connect(gbprox_nsi, &sin, gbcfg.nsip_sgsn_nsei,
+ gbcfg.nsip_sgsn_nsvci);
+
+ while (1) {
+ rc = bsc_select_main(0);
+ if (rc < 0)
+ exit(3);
+ }
+
+ exit(0);
+}
+
+struct gsm_network;
+int bsc_vty_init(struct gsm_network *dummy)
+{
+ cmd_init(1);
+ vty_init();
+
+ openbsc_vty_add_cmds();
+ gbproxy_vty_init();
+ return 0;
+}
+
diff --git a/openbsc/src/gprs/gb_proxy_vty.c b/openbsc/src/gprs/gb_proxy_vty.c
new file mode 100644
index 0000000..16f6a1e
--- /dev/null
+++ b/openbsc/src/gprs/gb_proxy_vty.c
@@ -0,0 +1,207 @@
+/*
+ * (C) 2010 by Harald Welte <laforge@gnumonks.org>
+ * (C) 2010 by On-Waves
+ * All Rights Reserved
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
+#include <osmocore/talloc.h>
+
+#include <openbsc/debug.h>
+#include <openbsc/gb_proxy.h>
+#include <openbsc/gprs_ns.h>
+
+#include <vty/command.h>
+#include <vty/vty.h>
+
+static struct gbproxy_config *g_cfg = NULL;
+
+/*
+ * vty code for mgcp below
+ */
+static struct cmd_node gbproxy_node = {
+ GBPROXY_NODE,
+ "%s(gbproxy)#",
+ 1,
+};
+
+static int config_write_gbproxy(struct vty *vty)
+{
+ struct in_addr ia;
+
+ vty_out(vty, "gbproxy%s", VTY_NEWLINE);
+
+ if (g_cfg->nsip_listen_ip) {
+ ia.s_addr = htonl(g_cfg->nsip_listen_ip);
+ vty_out(vty, " nsip bss local ip %s%s", inet_ntoa(ia),
+ VTY_NEWLINE);
+ }
+ vty_out(vty, " nsip bss local port %u%s", g_cfg->nsip_listen_port,
+ VTY_NEWLINE);
+ ia.s_addr = htonl(g_cfg->nsip_sgsn_ip);
+ vty_out(vty, " nsip sgsn remote ip %s%s", inet_ntoa(ia),
+ VTY_NEWLINE);
+ vty_out(vty, " nsip sgsn remote port %u%s", g_cfg->nsip_sgsn_port,
+ VTY_NEWLINE);
+ vty_out(vty, " nsip sgsn nsei %u%s", g_cfg->nsip_sgsn_nsei,
+ VTY_NEWLINE);
+ vty_out(vty, " nsip sgsn nsvci %u%s", g_cfg->nsip_sgsn_nsvci,
+ VTY_NEWLINE);
+
+ return CMD_SUCCESS;
+}
+
+DEFUN(show_gbproxy, show_gbproxy_cmd, "show gbproxy",
+ SHOW_STR "Display information about the Gb proxy")
+{
+ /* FIXME: iterate over list of NS-VC's and display their state */
+ struct gprs_ns_inst *nsi = g_cfg->nsi;
+ struct gprs_nsvc *nsvc;
+
+ llist_for_each_entry(nsvc, &nsi->gprs_nsvcs, list) {
+ vty_out(vty, "NSEI %5u, NS-VC %5u, %s-mode, %s %s%s",
+ nsvc->nsei, nsvc->nsvci,
+ nsvc->remote_end_is_sgsn ? "BSS" : "SGSN",
+ nsvc->state & NSE_S_ALIVE ? "ALIVE" : "DEAD",
+ nsvc->state & NSE_S_BLOCKED ? "BLOCKED" : "UNBLOCKED",
+ VTY_NEWLINE);
+ if (nsvc->nsi->ll == GPRS_NS_LL_UDP)
+ vty_out(vty, " remote peer %s:%u%s",
+ inet_ntoa(nsvc->ip.bts_addr.sin_addr),
+ ntohs(nsvc->ip.bts_addr.sin_port), VTY_NEWLINE);
+ }
+
+ return CMD_SUCCESS;
+}
+
+DEFUN(cfg_gbproxy,
+ cfg_gbproxy_cmd,
+ "gbproxy",
+ "Configure the Gb proxy")
+{
+ vty->node = GBPROXY_NODE;
+ return CMD_SUCCESS;
+}
+
+DEFUN(cfg_nsip_bss_local_ip,
+ cfg_nsip_bss_local_ip_cmd,
+ "nsip bss local ip A.B.C.D",
+ "Set the IP address on which we listen for BSS connects")
+{
+ struct in_addr ia;
+
+ inet_aton(argv[0], &ia);
+ g_cfg->nsip_listen_ip = ntohl(ia.s_addr);
+
+ return CMD_SUCCESS;
+}
+
+DEFUN(cfg_nsip_bss_local_port,
+ cfg_nsip_bss_local_port_cmd,
+ "nsip bss local port <0-65534>",
+ "Set the UDP port on which we listen for BSS connects")
+{
+ unsigned int port = atoi(argv[0]);
+
+ g_cfg->nsip_listen_port = port;
+ return CMD_SUCCESS;
+}
+
+
+DEFUN(cfg_nsip_sgsn_ip,
+ cfg_nsip_sgsn_ip_cmd,
+ "nsip sgsn remote ip A.B.C.D",
+ "Set the IP of the SGSN to which the proxy shall connect")
+{
+ struct in_addr ia;
+
+ inet_aton(argv[0], &ia);
+ g_cfg->nsip_sgsn_ip = ntohl(ia.s_addr);
+
+ return CMD_SUCCESS;
+}
+
+DEFUN(cfg_nsip_sgsn_port,
+ cfg_nsip_sgsn_port_cmd,
+ "nsip sgsn remote port <0-65534>",
+ "Set the UDP port of the SGSN to which the proxy shall connect")
+{
+ unsigned int port = atoi(argv[0]);
+
+ g_cfg->nsip_sgsn_port = port;
+ return CMD_SUCCESS;
+}
+
+DEFUN(cfg_nsip_sgsn_nsei,
+ cfg_nsip_sgsn_nsei_cmd,
+ "nsip sgsn nsei <0-65534>",
+ "Set the NSEI to be used in the connection with the SGSN")
+{
+ unsigned int port = atoi(argv[0]);
+
+ g_cfg->nsip_sgsn_nsei = port;
+ return CMD_SUCCESS;
+}
+
+DEFUN(cfg_nsip_sgsn_nsvci,
+ cfg_nsip_sgsn_nsvci_cmd,
+ "nsip sgsn nsvci <0-65534>",
+ "Set the NSVCI to be used in the connection with the SGSN")
+{
+ unsigned int port = atoi(argv[0]);
+
+ g_cfg->nsip_sgsn_nsvci = port;
+ return CMD_SUCCESS;
+}
+
+
+int gbproxy_vty_init(void)
+{
+ install_element(VIEW_NODE, &show_gbproxy_cmd);
+
+ install_element(CONFIG_NODE, &cfg_gbproxy_cmd);
+ install_node(&gbproxy_node, config_write_gbproxy);
+ install_default(GBPROXY_NODE);
+ install_element(GBPROXY_NODE, &cfg_nsip_bss_local_ip_cmd);
+ install_element(GBPROXY_NODE, &cfg_nsip_bss_local_port_cmd);
+ install_element(GBPROXY_NODE, &cfg_nsip_sgsn_ip_cmd);
+ install_element(GBPROXY_NODE, &cfg_nsip_sgsn_port_cmd);
+ install_element(GBPROXY_NODE, &cfg_nsip_sgsn_nsei_cmd);
+ install_element(GBPROXY_NODE, &cfg_nsip_sgsn_nsvci_cmd);
+
+ return 0;
+}
+
+int gbproxy_parse_config(const char *config_file, struct gbproxy_config *cfg)
+{
+ int rc;
+
+ g_cfg = cfg;
+ rc = vty_read_config_file(config_file);
+ if (rc < 0) {
+ fprintf(stderr, "Failed to parse the config file: '%s'\n", config_file);
+ return rc;
+ }
+
+ return 0;
+}
+
diff --git a/openbsc/src/gprs/gprs_bssgp.c b/openbsc/src/gprs/gprs_bssgp.c
new file mode 100644
index 0000000..554738b
--- /dev/null
+++ b/openbsc/src/gprs/gprs_bssgp.c
@@ -0,0 +1,537 @@
+/* GPRS BSSGP protocol implementation as per 3GPP TS 08.18 */
+
+/* (C) 2009-2010 by Harald Welte <laforge@gnumonks.org>
+ *
+ * All Rights Reserved
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ */
+
+#include <errno.h>
+#include <stdint.h>
+
+#include <netinet/in.h>
+
+#include <osmocore/msgb.h>
+#include <osmocore/tlv.h>
+#include <osmocore/talloc.h>
+
+#include <openbsc/debug.h>
+#include <openbsc/gsm_data.h>
+#include <openbsc/gsm_04_08_gprs.h>
+#include <openbsc/gprs_bssgp.h>
+#include <openbsc/gprs_llc.h>
+#include <openbsc/gprs_ns.h>
+
+/* global pointer to the gsm network data structure */
+/* FIXME: this must go! */
+extern struct gsm_network *bsc_gsmnet;
+struct gprs_ns_inst *bssgp_nsi;
+
+void *bssgp_tall_ctx = NULL;
+
+/* BSSGP Protocol specific, not implementation specific */
+/* FIXME: This needs to go into libosmocore after finished */
+
+/* Chapter 11.3.9 / Table 11.10: Cause coding */
+static const struct value_string bssgp_cause_strings[] = {
+ { BSSGP_CAUSE_PROC_OVERLOAD, "Processor overload" },
+ { BSSGP_CAUSE_EQUIP_FAIL, "Equipment Failure" },
+ { BSSGP_CAUSE_TRASIT_NET_FAIL, "Transit netowkr service failure" },
+ { BSSGP_CAUSE_CAPA_GREATER_0KPBS,"Transmission capacity modified" },
+ { BSSGP_CAUSE_UNKNOWN_MS, "Unknown MS" },
+ { BSSGP_CAUSE_UNKNOWN_BVCI, "Unknown BVCI" },
+ { BSSGP_CAUSE_CELL_TRAF_CONG, "Cell traffic congestion" },
+ { BSSGP_CAUSE_SGSN_CONG, "SGSN congestion" },
+ { BSSGP_CAUSE_OML_INTERV, "O&M intervention" },
+ { BSSGP_CAUSE_BVCI_BLOCKED, "BVCI blocked" },
+ { BSSGP_CAUSE_PFC_CREATE_FAIL, "PFC create failure" },
+ { BSSGP_CAUSE_SEM_INCORR_PDU, "Semantically incorrect PDU" },
+ { BSSGP_CAUSE_INV_MAND_INF, "Invalid mandatory information" },
+ { BSSGP_CAUSE_MISSING_MAND_IE, "Missing mandatory IE" },
+ { BSSGP_CAUSE_MISSING_COND_IE, "Missing conditional IE" },
+ { BSSGP_CAUSE_UNEXP_COND_IE, "Unexpected conditional IE" },
+ { BSSGP_CAUSE_COND_IE_ERR, "Conditional IE error" },
+ { BSSGP_CAUSE_PDU_INCOMP_STATE, "PDU incompatible with protocol state" },
+ { BSSGP_CAUSE_PROTO_ERR_UNSPEC, "Protocol error - unspecified" },
+ { BSSGP_CAUSE_PDU_INCOMP_FEAT, "PDU not compatible with feature set" },
+ { 0, NULL },
+};
+
+const char *bssgp_cause_str(enum gprs_bssgp_cause cause)
+{
+ return get_value_string(bssgp_cause_strings, cause);
+}
+
+
+/* Our actual implementation */
+
+#define BVC_F_BLOCKED 0x0001
+
+/* The per-BTS context that we keep on the SGSN side of the BSSGP link */
+struct bssgp_bts_ctx {
+ struct llist_head list;
+
+ /* parsed RA ID and Cell ID of the remote BTS */
+ struct gprs_ra_id ra_id;
+ uint16_t cell_id;
+
+ /* NSEI and BVCI of underlying Gb link. Together they
+ * uniquely identify a link to a BTS (5.4.4) */
+ uint16_t bvci;
+ uint16_t nsei;
+
+ uint32_t bvc_state;
+
+ /* we might want to add this as a shortcut later, avoiding the NSVC
+ * lookup for every packet, similar to a routing cache */
+ //struct gprs_nsvc *nsvc;
+};
+LLIST_HEAD(bts_ctxts);
+
+/* Find a BTS Context based on parsed RA ID and Cell ID */
+struct bssgp_bts_ctx *btsctx_by_raid_cid(const struct gprs_ra_id *raid, uint16_t cid)
+{
+ struct bssgp_bts_ctx *bctx;
+
+ llist_for_each_entry(bctx, &bts_ctxts, list) {
+ if (!memcmp(&bctx->ra_id, raid, sizeof(bctx->ra_id)) &&
+ bctx->cell_id == cid)
+ return bctx;
+ }
+ return NULL;
+}
+
+/* Find a BTS context based on BVCI+NSEI tuple */
+struct bssgp_bts_ctx *btsctx_by_bvci_nsei(uint16_t bvci, uint16_t nsei)
+{
+ struct bssgp_bts_ctx *bctx;
+
+ llist_for_each_entry(bctx, &bts_ctxts, list) {
+ if (bctx->nsei == nsei && bctx->bvci == bvci)
+ return bctx;
+ }
+ return NULL;
+}
+
+struct bssgp_btx_ctx *btsctx_alloc(uint16_t bvci, uint16_t nsei)
+{
+ struct bssgp_bts_ctx *ctx;
+
+ ctx = talloc_zero(bssgp_tall_ctx, struct bssgp_bts_ctx);
+ if (!ctx)
+ return NULL;
+ ctx->bvci = bvci;
+ ctx->nsei = nsei;
+ llist_add(&ctx->list, &bts_ctxts);
+
+ return ctx;
+}
+
+static inline struct msgb *bssgp_msgb_alloc(void)
+{
+ return msgb_alloc_headroom(4096, 128, "BSSGP");
+}
+
+/* Transmit a simple response such as BLOCK/UNBLOCK/RESET ACK/NACK */
+static int bssgp_tx_simple_bvci(uint8_t pdu_type, uint16_t nsei,
+ uint16_t bvci, uint16_t ns_bvci)
+{
+ struct msgb *msg = bssgp_msgb_alloc();
+ struct bssgp_normal_hdr *bgph =
+ (struct bssgp_normal_hdr *) msgb_put(msg, sizeof(*bgph));
+ uint16_t _bvci;
+
+ msgb_nsei(msg) = nsei;
+ msgb_bvci(msg) = ns_bvci;
+
+ bgph->pdu_type = pdu_type;
+ _bvci = htons(bvci);
+ msgb_tvlv_put(msg, BSSGP_IE_BVCI, 2, (uint8_t *) &_bvci);
+
+ return gprs_ns_sendmsg(bssgp_nsi, msg);
+}
+
+/* Chapter 10.4.5: Flow Control BVC ACK */
+static int bssgp_tx_fc_bvc_ack(uint16_t nsei, uint8_t tag, uint16_t ns_bvci)
+{
+ struct msgb *msg = bssgp_msgb_alloc();
+ struct bssgp_normal_hdr *bgph =
+ (struct bssgp_normal_hdr *) msgb_put(msg, sizeof(*bgph));
+
+ msgb_nsei(msg) = nsei;
+ msgb_bvci(msg) = ns_bvci;
+
+ bgph->pdu_type = BSSGP_PDUT_FLOW_CONTROL_BVC_ACK;
+ msgb_tvlv_put(msg, BSSGP_IE_TAG, 1, &tag);
+
+ return gprs_ns_sendmsg(bssgp_nsi, msg);
+}
+
+/* Chapter 10.4.14: Status */
+int bssgp_tx_status(uint8_t cause, uint16_t *bvci, struct msgb *orig_msg)
+{
+ struct msgb *msg = bssgp_msgb_alloc();
+ struct bssgp_normal_hdr *bgph =
+ (struct bssgp_normal_hdr *) msgb_put(msg, sizeof(*bgph));
+
+ DEBUGPC(DGPRS, "BSSGP: TX STATUS, cause=%s\n", bssgp_cause_str(cause));
+ msgb_nsei(msg) = msgb_nsei(orig_msg);
+ msgb_bvci(msg) = 0;
+
+ bgph->pdu_type = BSSGP_PDUT_STATUS;
+ msgb_tvlv_put(msg, BSSGP_IE_CAUSE, 1, &cause);
+ if (bvci) {
+ uint16_t _bvci = htons(*bvci);
+ msgb_tvlv_put(msg, BSSGP_IE_BVCI, 2, (uint8_t *) &_bvci);
+ }
+ if (orig_msg)
+ msgb_tvlv_put(msg, BSSGP_IE_PDU_IN_ERROR,
+ msgb_bssgp_len(orig_msg), msgb_bssgph(orig_msg));
+
+ return gprs_ns_sendmsg(bssgp_nsi, msg);
+}
+
+uint16_t bssgp_parse_cell_id(struct gprs_ra_id *raid, const uint8_t *buf)
+{
+ /* 6 octets RAC */
+ gsm48_parse_ra(raid, buf);
+ /* 2 octets CID */
+ return ntohs(*(uint16_t *) (buf+6));
+}
+
+/* Chapter 8.4 BVC-Reset Procedure */
+static int bssgp_rx_bvc_reset(struct msgb *msg, struct tlv_parsed *tp,
+ uint16_t ns_bvci)
+{
+ struct bssgp_bts_ctx *bctx;
+ uint16_t nsei = msgb_nsei(msg);
+ uint16_t bvci;
+ int rc;
+
+ bvci = ntohs(*(uint16_t *)TLVP_VAL(tp, BSSGP_IE_BVCI));
+ DEBUGPC(DGPRS, "BVCI=%u, cause=%s\n", bvci,
+ bssgp_cause_str(*TLVP_VAL(tp, BSSGP_IE_CAUSE)));
+
+ /* look-up or create the BTS context for this BVC */
+ bctx = btsctx_by_bvci_nsei(bvci, nsei);
+ if (!bctx)
+ bctx = btsctx_alloc(bvci, nsei);
+
+ /* When we receive a BVC-RESET PDU (at least of a PTP BVCI), the BSS
+ * informs us about its RAC + Cell ID, so we can create a mapping */
+ if (bvci != 0 && bvci != 1) {
+ if (!TLVP_PRESENT(tp, BSSGP_IE_CELL_ID)) {
+ LOGP(DGPRS, LOGL_ERROR, "BSSGP RESET BVCI=%u "
+ "missing mandatory IE\n", bvci);
+ return -EINVAL;
+ }
+ /* actually extract RAC / CID */
+ bctx->cell_id = bssgp_parse_cell_id(&bctx->ra_id,
+ TLVP_VAL(tp, BSSGP_IE_CELL_ID));
+ LOGP(DGPRS, LOGL_NOTICE, "Cell %u-%u-%u-%u CI %u on BVCI %u\n",
+ bctx->ra_id.mcc, bctx->ra_id.mnc, bctx->ra_id.lac,
+ bctx->ra_id.rac, bctx->cell_id, bvci);
+ }
+
+ /* Acknowledge the RESET to the BTS */
+ rc = bssgp_tx_simple_bvci(BSSGP_PDUT_BVC_RESET_ACK,
+ nsei, bvci, ns_bvci);
+ return 0;
+}
+
+/* Uplink unit-data */
+static int bssgp_rx_ul_ud(struct msgb *msg)
+{
+ struct bssgp_ud_hdr *budh = (struct bssgp_ud_hdr *) msgb_bssgph(msg);
+ int data_len = msgb_bssgp_len(msg) - sizeof(*budh);
+ struct tlv_parsed tp;
+ int rc;
+
+ DEBUGP(DGPRS, "BSSGP UL-UD\n");
+
+ /* extract TLLI and parse TLV IEs */
+ msgb_tlli(msg) = ntohl(budh->tlli);
+ rc = bssgp_tlv_parse(&tp, budh->data, data_len);
+
+ /* Cell ID and LLC_PDU are the only mandatory IE */
+ if (!TLVP_PRESENT(&tp, BSSGP_IE_CELL_ID) ||
+ !TLVP_PRESENT(&tp, BSSGP_IE_LLC_PDU))
+ return -EIO;
+
+ /* FIXME: lookup bssgp_bts_ctx based on BVCI + NSEI */
+
+ /* store pointer to LLC header and CELL ID in msgb->cb */
+ msgb_llch(msg) = TLVP_VAL(&tp, BSSGP_IE_LLC_PDU);
+ msgb_bcid(msg) = TLVP_VAL(&tp, BSSGP_IE_CELL_ID);
+
+ return gprs_llc_rcvmsg(msg, &tp);
+}
+
+static int bssgp_rx_suspend(struct msgb *msg)
+{
+ struct bssgp_normal_hdr *bgph =
+ (struct bssgp_normal_hdr *) msgb_bssgph(msg);
+ int data_len = msgb_bssgp_len(msg) - sizeof(*bgph);
+ struct tlv_parsed tp;
+ int rc;
+
+ DEBUGP(DGPRS, "BSSGP SUSPEND\n");
+
+ rc = bssgp_tlv_parse(&tp, bgph->data, data_len);
+ if (rc < 0)
+ return rc;
+
+ if (!TLVP_PRESENT(&tp, BSSGP_IE_TLLI) ||
+ !TLVP_PRESENT(&tp, BSSGP_IE_ROUTEING_AREA))
+ return -EIO;
+
+ /* FIXME: pass the SUSPEND request to GMM */
+ /* SEND SUSPEND_ACK or SUSPEND_NACK */
+}
+
+static int bssgp_rx_resume(struct msgb *msg)
+{
+ struct bssgp_normal_hdr *bgph =
+ (struct bssgp_normal_hdr *) msgb_bssgph(msg);
+ int data_len = msgb_bssgp_len(msg) - sizeof(*bgph);
+ struct tlv_parsed tp;
+ int rc;
+
+ DEBUGP(DGPRS, "BSSGP RESUME\n");
+
+ rc = bssgp_tlv_parse(&tp, bgph->data, data_len);
+ if (rc < 0)
+ return rc;
+
+ if (!TLVP_PRESENT(&tp, BSSGP_IE_TLLI) ||
+ !TLVP_PRESENT(&tp, BSSGP_IE_ROUTEING_AREA) ||
+ !TLVP_PRESENT(&tp, BSSGP_IE_SUSPEND_REF_NR))
+ return -EIO;
+
+ /* FIXME: pass the RESUME request to GMM */
+ /* SEND RESUME_ACK or RESUME_NACK */
+}
+
+static int bssgp_rx_fc_bvc(struct msgb *msg, struct tlv_parsed *tp)
+{
+
+ DEBUGP(DGPRS, "BSSGP FC BVC\n");
+
+ if (!TLVP_PRESENT(tp, BSSGP_IE_TAG) ||
+ !TLVP_PRESENT(tp, BSSGP_IE_BVC_BUCKET_SIZE) ||
+ !TLVP_PRESENT(tp, BSSGP_IE_BUCKET_LEAK_RATE) ||
+ !TLVP_PRESENT(tp, BSSGP_IE_BMAX_DEFAULT_MS) ||
+ !TLVP_PRESENT(tp, BSSGP_IE_R_DEFAULT_MS))
+ return bssgp_tx_status(BSSGP_CAUSE_MISSING_MAND_IE, NULL, msg);
+
+ /* FIXME: actually implement flow control */
+
+ /* Send FLOW_CONTROL_BVC_ACK */
+ return bssgp_tx_fc_bvc_ack(msgb_nsei(msg), *TLVP_VAL(tp, BSSGP_IE_TAG),
+ msgb_bvci(msg));
+}
+
+/* We expect msgb_bssgph() to point to the BSSGP header */
+int gprs_bssgp_rcvmsg(struct msgb *msg)
+{
+ struct bssgp_normal_hdr *bgph =
+ (struct bssgp_normal_hdr *) msgb_bssgph(msg);
+ struct tlv_parsed tp;
+ uint8_t pdu_type = bgph->pdu_type;
+ int data_len = msgb_bssgp_len(msg) - sizeof(*bgph);
+ uint16_t bvci; /* PTP BVCI */
+ uint16_t ns_bvci = msgb_bvci(msg);
+ int rc = 0;
+
+ /* Identifiers from DOWN: NSEI, BVCI (both in msg->cb) */
+
+ /* UNITDATA BSSGP headers have TLLI in front */
+ if (pdu_type != BSSGP_PDUT_UL_UNITDATA &&
+ pdu_type != BSSGP_PDUT_DL_UNITDATA)
+ rc = bssgp_tlv_parse(&tp, bgph->data, data_len);
+
+ switch (pdu_type) {
+ case BSSGP_PDUT_UL_UNITDATA:
+ /* some LLC data from the MS */
+ rc = bssgp_rx_ul_ud(msg);
+ break;
+ case BSSGP_PDUT_RA_CAPABILITY:
+ /* BSS requests RA capability or IMSI */
+ DEBUGP(DGPRS, "BSSGP RA CAPABILITY UPDATE\n");
+ /* FIXME: send RA_CAPA_UPDATE_ACK */
+ break;
+ case BSSGP_PDUT_RADIO_STATUS:
+ DEBUGP(DGPRS, "BSSGP RADIO STATUS\n");
+ /* BSS informs us of some exception */
+ /* FIXME: notify GMM */
+ break;
+ case BSSGP_PDUT_SUSPEND:
+ /* MS wants to suspend */
+ rc = bssgp_rx_suspend(msg);
+ break;
+ case BSSGP_PDUT_RESUME:
+ /* MS wants to resume */
+ rc = bssgp_rx_resume(msg);
+ break;
+ case BSSGP_PDUT_FLUSH_LL:
+ /* BSS informs MS has moved to one cell to other cell */
+ DEBUGP(DGPRS, "BSSGP FLUSH LL\n");
+ /* FIXME: notify GMM */
+ /* Send FLUSH_LL_ACK */
+ break;
+ case BSSGP_PDUT_LLC_DISCARD:
+ /* BSS informs that some LLC PDU's have been discarded */
+ DEBUGP(DGPRS, "BSSGP LLC DISCARDED\n");
+ /* FIXME: notify GMM */
+ break;
+ case BSSGP_PDUT_FLOW_CONTROL_BVC:
+ /* BSS informs us of available bandwidth in Gb interface */
+ rc = bssgp_rx_fc_bvc(msg, &tp);
+ break;
+ case BSSGP_PDUT_FLOW_CONTROL_MS:
+ /* BSS informs us of available bandwidth to one MS */
+ DEBUGP(DGPRS, "BSSGP FC MS\n");
+ /* FIXME: actually implement flow control */
+ /* FIXME: Send FLOW_CONTROL_MS_ACK */
+ break;
+ case BSSGP_PDUT_BVC_BLOCK:
+ /* BSS tells us that BVC shall be blocked */
+ DEBUGP(DGPRS, "BSSGP BVC BLOCK ");
+ if (!TLVP_PRESENT(&tp, BSSGP_IE_BVCI) ||
+ !TLVP_PRESENT(&tp, BSSGP_IE_CAUSE))
+ goto err_mand_ie;
+ bvci = ntohs(*(uint16_t *)TLVP_VAL(&tp, BSSGP_IE_BVCI));
+ DEBUGPC(DGPRS, "BVCI=%u, cause=%s\n", bvci,
+ bssgp_cause_str(*TLVP_VAL(&tp, BSSGP_IE_CAUSE)));
+ /* We always acknowledge the BLOCKing */
+ rc = bssgp_tx_simple_bvci(BSSGP_PDUT_BVC_BLOCK_ACK,
+ msgb_nsei(msg), bvci, ns_bvci);
+ break;
+ case BSSGP_PDUT_BVC_UNBLOCK:
+ /* BSS tells us that BVC shall be unblocked */
+ DEBUGP(DGPRS, "BSSGP BVC UNBLOCK ");
+ if (!TLVP_PRESENT(&tp, BSSGP_IE_BVCI))
+ goto err_mand_ie;
+ bvci = ntohs(*(uint16_t *)TLVP_VAL(&tp, BSSGP_IE_BVCI));
+ DEBUGPC(DGPRS, "BVCI=%u\n", bvci);
+ /* We always acknowledge the unBLOCKing */
+ rc = bssgp_tx_simple_bvci(BSSGP_PDUT_BVC_UNBLOCK_ACK,
+ msgb_nsei(msg), bvci, ns_bvci);
+ break;
+ case BSSGP_PDUT_BVC_RESET:
+ /* BSS tells us that BVC init is required */
+ DEBUGP(DGPRS, "BSSGP BVC RESET ");
+ if (!TLVP_PRESENT(&tp, BSSGP_IE_BVCI) ||
+ !TLVP_PRESENT(&tp, BSSGP_IE_CAUSE))
+ goto err_mand_ie;
+ rc = bssgp_rx_bvc_reset(msg, &tp, ns_bvci);
+ break;
+ case BSSGP_PDUT_STATUS:
+ /* Some exception has occurred */
+ /* FIXME: notify GMM */
+ case BSSGP_PDUT_DOWNLOAD_BSS_PFC:
+ case BSSGP_PDUT_CREATE_BSS_PFC_ACK:
+ case BSSGP_PDUT_CREATE_BSS_PFC_NACK:
+ case BSSGP_PDUT_MODIFY_BSS_PFC:
+ case BSSGP_PDUT_DELETE_BSS_PFC_ACK:
+ DEBUGP(DGPRS, "BSSGP PDU type 0x%02x not [yet] implemented\n",
+ pdu_type);
+ break;
+ /* those only exist in the SGSN -> BSS direction */
+ case BSSGP_PDUT_DL_UNITDATA:
+ case BSSGP_PDUT_PAGING_PS:
+ case BSSGP_PDUT_PAGING_CS:
+ case BSSGP_PDUT_RA_CAPA_UPDATE_ACK:
+ case BSSGP_PDUT_SUSPEND_ACK:
+ case BSSGP_PDUT_SUSPEND_NACK:
+ case BSSGP_PDUT_RESUME_ACK:
+ case BSSGP_PDUT_RESUME_NACK:
+ case BSSGP_PDUT_FLUSH_LL_ACK:
+ case BSSGP_PDUT_FLOW_CONTROL_BVC_ACK:
+ case BSSGP_PDUT_FLOW_CONTROL_MS_ACK:
+ case BSSGP_PDUT_BVC_BLOCK_ACK:
+ case BSSGP_PDUT_BVC_UNBLOCK_ACK:
+ case BSSGP_PDUT_SGSN_INVOKE_TRACE:
+ DEBUGP(DGPRS, "BSSGP PDU type 0x%02x only exists in DL\n",
+ pdu_type);
+ rc = -EINVAL;
+ break;
+ default:
+ DEBUGP(DGPRS, "BSSGP PDU type 0x%02x unknown\n", pdu_type);
+ break;
+ }
+
+ return rc;
+err_mand_ie:
+ return bssgp_tx_status(BSSGP_CAUSE_MISSING_MAND_IE, NULL, msg);
+}
+
+/* Entry function from upper level (LLC), asking us to transmit a BSSGP PDU
+ * to a remote MS (identified by TLLI) at a BTS identified by its BVCI and NSEI */
+int gprs_bssgp_tx_dl_ud(struct msgb *msg)
+{
+ struct bssgp_bts_ctx *bctx;
+ struct bssgp_ud_hdr *budh;
+ uint8_t llc_pdu_tlv_hdr_len = 2;
+ uint8_t *llc_pdu_tlv, *qos_profile;
+ uint16_t pdu_lifetime = 1000; /* centi-seconds */
+ uint8_t qos_profile_default[3] = { 0x00, 0x00, 0x21 };
+ uint16_t msg_len = msg->len;
+ uint16_t bvci = msgb_bvci(msg);
+ uint16_t nsei = msgb_nsei(msg);
+
+ /* Identifiers from UP: TLLI, BVCI, NSEI (all in msgb->cb) */
+ if (bvci < 2) {
+ LOGP(DGPRS, LOGL_ERROR, "Cannot send DL-UD to BVCI %u\n",
+ bvci);
+ return -EINVAL;
+ }
+
+ bctx = btsctx_by_bvci_nsei(bvci, nsei);
+ if (!bctx)
+ bctx = btsctx_alloc(bvci, nsei);
+
+ if (msg->len > TVLV_MAX_ONEBYTE)
+ llc_pdu_tlv_hdr_len += 1;
+
+ /* prepend the tag and length of the LLC-PDU TLV */
+ llc_pdu_tlv = msgb_push(msg, llc_pdu_tlv_hdr_len);
+ llc_pdu_tlv[0] = BSSGP_IE_LLC_PDU;
+ if (llc_pdu_tlv_hdr_len > 2) {
+ llc_pdu_tlv[1] = msg_len >> 8;
+ llc_pdu_tlv[2] = msg_len & 0xff;
+ } else {
+ llc_pdu_tlv[1] = msg_len & 0x3f;
+ llc_pdu_tlv[1] |= 0x80;
+ }
+
+ /* FIXME: optional elements */
+
+ /* prepend the pdu lifetime */
+ pdu_lifetime = htons(pdu_lifetime);
+ msgb_tvlv_push(msg, BSSGP_IE_PDU_LIFETIME, 2, (uint8_t *)&pdu_lifetime);
+
+ /* prepend the QoS profile, TLLI and pdu type */
+ budh = (struct bssgp_ud_hdr *) msgb_push(msg, sizeof(*budh));
+ memcpy(budh->qos_profile, qos_profile_default, sizeof(qos_profile_default));
+ budh->tlli = htonl(msgb_tlli(msg));
+ budh->pdu_type = BSSGP_PDUT_DL_UNITDATA;
+
+ /* Identifiers down: BVCI, NSEI (in msgb->cb) */
+
+ return gprs_ns_sendmsg(bssgp_nsi, msg);
+}
diff --git a/openbsc/src/gprs/gprs_llc.c b/openbsc/src/gprs/gprs_llc.c
new file mode 100644
index 0000000..9c75a3d
--- /dev/null
+++ b/openbsc/src/gprs/gprs_llc.c
@@ -0,0 +1,549 @@
+/* GPRS LLC protocol implementation as per 3GPP TS 04.64 */
+
+/* (C) 2009-2010 by Harald Welte <laforge@gnumonks.org>
+ *
+ * All Rights Reserved
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ */
+
+#include <errno.h>
+#include <stdint.h>
+
+#include <osmocore/msgb.h>
+#include <osmocore/linuxlist.h>
+#include <osmocore/timer.h>
+#include <osmocore/talloc.h>
+
+#include <openbsc/gsm_data.h>
+#include <openbsc/debug.h>
+#include <openbsc/gprs_bssgp.h>
+#include <openbsc/gprs_llc.h>
+#include <openbsc/crc24.h>
+
+/* Section 4.5.2 Logical Link States + Annex C.2 */
+enum gprs_llc_ll_state {
+ GPRS_LLS_UNASSIGNED = 1, /* No TLLI yet */
+ GPRS_LLS_ASSIGNED_ADM = 2, /* TLLI assigned */
+ GPRS_LLS_LOCAL_EST = 3, /* Local Establishment */
+ GPRS_LLS_REMOTE_EST = 4, /* Remote Establishment */
+ GPRS_LLS_ABM = 5,
+ GPRS_LLS_LOCAL_REL = 6, /* Local Release */
+ GPRS_LLS_TIMER_REC = 7, /* Timer Recovery */
+};
+
+/* Section 4.7.1: Logical Link Entity: One per DLCI (TLLI + SAPI) */
+struct gprs_llc_lle {
+ struct llist_head list;
+ struct timer_list t200;
+ struct timer_list t201; /* wait for acknowledgement */
+
+ enum gprs_llc_ll_state state;
+
+ uint32_t tlli;
+ uint32_t sapi;
+
+ uint8_t v_sent;
+ uint8_t v_ack;
+ uint8_t v_recv;
+
+ unsigned int n200;
+ unsigned int retrans_ctr;
+
+ /* over which BSSGP BTS ctx do we need to transmit */
+ uint16_t bvci;
+ uint16_t nsei;
+};
+
+static LLIST_HEAD(gprs_llc_lles);
+void *llc_tall_ctx;
+
+/* lookup LLC Entity based on DLCI (TLLI+SAPI tuple) */
+static struct gprs_llc_lle *lle_by_tlli_sapi(uint32_t tlli, uint32_t sapi)
+{
+ struct gprs_llc_lle *lle;
+
+ llist_for_each_entry(lle, &gprs_llc_lles, list) {
+ if (lle->tlli == tlli && lle->sapi == sapi)
+ return lle;
+ }
+ return NULL;
+}
+
+static struct gprs_llc_lle *lle_alloc(uint32_t tlli, uint32_t sapi)
+{
+ struct gprs_llc_lle *lle;
+
+ lle = talloc_zero(llc_tall_ctx, struct gprs_llc_lle);
+ if (!lle)
+ return NULL;
+
+ lle->tlli = tlli;
+ lle->sapi = sapi;
+ lle->state = GPRS_LLS_UNASSIGNED;
+ llist_add(&lle->list, &gprs_llc_lles);
+
+ return lle;
+}
+
+enum gprs_llc_cmd {
+ GPRS_LLC_NULL,
+ GPRS_LLC_RR,
+ GPRS_LLC_ACK,
+ GPRS_LLC_RNR,
+ GPRS_LLC_SACK,
+ GPRS_LLC_DM,
+ GPRS_LLC_DISC,
+ GPRS_LLC_UA,
+ GPRS_LLC_SABM,
+ GPRS_LLC_FRMR,
+ GPRS_LLC_XID,
+};
+
+struct gprs_llc_hdr_parsed {
+ uint8_t sapi;
+ uint8_t is_cmd:1,
+ ack_req:1,
+ is_encrypted:1;
+ uint32_t seq_rx;
+ uint32_t seq_tx;
+ uint32_t fcs;
+ uint32_t fcs_calc;
+ uint8_t *data;
+ uint16_t data_len;
+ enum gprs_llc_cmd cmd;
+};
+
+#define LLC_ALLOC_SIZE 16384
+#define UI_HDR_LEN 3
+#define N202 4
+#define CRC24_LENGTH 3
+
+static int gprs_llc_fcs(uint8_t *data, unsigned int len)
+{
+ uint32_t fcs_calc;
+
+ fcs_calc = crc24_calc(INIT_CRC24, data, len);
+ fcs_calc = ~fcs_calc;
+ fcs_calc &= 0xffffff;
+
+ return fcs_calc;
+}
+
+static void t200_expired(void *data)
+{
+ struct gprs_llc_lle *lle = data;
+
+ /* 8.5.1.3: Expiry of T200 */
+
+ if (lle->retrans_ctr >= lle->n200) {
+ /* FIXME: LLGM-STATUS-IND, LL-RELEASE-IND/CNF */
+ lle->state = GPRS_LLS_ASSIGNED_ADM;
+ }
+
+ switch (lle->state) {
+ case GPRS_LLS_LOCAL_EST:
+ /* retransmit SABM */
+ /* re-start T200 */
+ lle->retrans_ctr++;
+ break;
+ case GPRS_LLS_LOCAL_REL:
+ /* retransmit DISC */
+ /* re-start T200 */
+ lle->retrans_ctr++;
+ break;
+ }
+
+}
+
+static void t201_expired(void *data)
+{
+ struct gprs_llc_lle *lle = data;
+
+ if (lle->retrans_ctr < lle->n200) {
+ /* transmit apropriate supervisory frame (8.6.4.1) */
+ /* set timer T201 */
+ lle->retrans_ctr++;
+ }
+}
+
+int gprs_llc_tx_u(struct msgb *msg, uint8_t sapi, int command,
+ enum gprs_llc_u_cmd u_cmd, int pf_bit)
+{
+ uint8_t *fcs, *llch;
+ uint8_t addr, ctrl;
+ uint32_t fcs_calc;
+
+ /* Identifiers from UP: (TLLI, SAPI) + (BVCI, NSEI) */
+
+ /* Address Field */
+ addr = sapi & 0xf;
+ if (command)
+ addr |= 0x40;
+
+ /* 6.3 Figure 8 */
+ ctrl = 0xe0 | u_cmd;
+ if (pf_bit)
+ ctrl |= 0x10;
+
+ /* prepend LLC UI header */
+ llch = msgb_push(msg, 2);
+ llch[0] = addr;
+ llch[1] = ctrl;
+
+ /* append FCS to end of frame */
+ fcs = msgb_put(msg, 3);
+ fcs_calc = gprs_llc_fcs(llch, fcs - llch);
+ fcs[0] = fcs_calc & 0xff;
+ fcs[1] = (fcs_calc >> 8) & 0xff;
+ fcs[2] = (fcs_calc >> 16) & 0xff;
+
+ /* Identifiers passed down: (BVCI, NSEI) */
+
+ return gprs_bssgp_tx_dl_ud(msg);
+}
+
+/* Send XID response to LLE */
+static int gprs_llc_tx_xid(struct gprs_llc_lle *lle, struct msgb *msg)
+{
+ /* copy identifiers from LLE to ensure lower layers can route */
+ msgb_tlli(msg) = lle->tlli;
+ msgb_bvci(msg) = lle->bvci;
+ msgb_nsei(msg) = lle->nsei;
+
+ return gprs_llc_tx_u(msg, lle->sapi, 0, GPRS_LLC_U_XID, 1);
+}
+
+/* Transmit a UI frame over the given SAPI */
+int gprs_llc_tx_ui(struct msgb *msg, uint8_t sapi, int command)
+{
+ struct gprs_llc_lle *lle;
+ uint8_t *fcs, *llch;
+ uint8_t addr, ctrl[2];
+ uint32_t fcs_calc;
+ uint16_t nu = 0;
+
+ /* Identifiers from UP: (TLLI, SAPI) + (BVCI, NSEI) */
+
+ /* look-up or create the LL Entity for this (TLLI, SAPI) tuple */
+ lle = lle_by_tlli_sapi(msgb_tlli(msg), sapi);
+ if (!lle)
+ lle = lle_alloc(msgb_tlli(msg), sapi);
+ /* Update LLE's (BVCI, NSEI) tuple */
+ lle->bvci = msgb_bvci(msg);
+ lle->nsei = msgb_nsei(msg);
+
+ /* Address Field */
+ addr = sapi & 0xf;
+ if (command)
+ addr |= 0x40;
+
+ /* Control Field */
+ ctrl[0] = 0xc0;
+ ctrl[0] |= nu >> 6;
+ ctrl[1] = (nu << 2) & 0xfc;
+ ctrl[1] |= 0x01; /* Protected Mode */
+
+ /* prepend LLC UI header */
+ llch = msgb_push(msg, 3);
+ llch[0] = addr;
+ llch[1] = ctrl[0];
+ llch[2] = ctrl[1];
+
+ /* append FCS to end of frame */
+ fcs = msgb_put(msg, 3);
+ fcs_calc = gprs_llc_fcs(llch, fcs - llch);
+ fcs[0] = fcs_calc & 0xff;
+ fcs[1] = (fcs_calc >> 8) & 0xff;
+ fcs[2] = (fcs_calc >> 16) & 0xff;
+
+ /* Identifiers passed down: (BVCI, NSEI) */
+
+ return gprs_bssgp_tx_dl_ud(msg);
+}
+
+static int gprs_llc_hdr_dump(struct gprs_llc_hdr_parsed *gph)
+{
+ DEBUGP(DGPRS, "LLC SAPI=%u %c %c FCS=0x%06x(%s) ",
+ gph->sapi, gph->is_cmd ? 'C' : 'R', gph->ack_req ? 'A' : ' ',
+ gph->fcs, gph->fcs_calc == gph->fcs ? "correct" : "WRONG");
+
+ if (gph->cmd)
+ DEBUGPC(DGPRS, "CMD=%u ", gph->cmd);
+
+ if (gph->data)
+ DEBUGPC(DGPRS, "DATA ");
+
+ DEBUGPC(DGPRS, "\n");
+}
+static int gprs_llc_hdr_rx(struct gprs_llc_hdr_parsed *gph,
+ struct gprs_llc_lle *lle)
+{
+ switch (gph->cmd) {
+ case GPRS_LLC_SABM: /* Section 6.4.1.1 */
+ lle->v_sent = lle->v_ack = lle->v_recv = 0;
+ if (lle->state == GPRS_LLS_ASSIGNED_ADM) {
+ /* start re-establishment (8.7.1) */
+ }
+ lle->state = GPRS_LLS_REMOTE_EST;
+ /* FIXME: Send UA */
+ lle->state = GPRS_LLS_ABM;
+ /* FIXME: process data */
+ break;
+ case GPRS_LLC_DISC: /* Section 6.4.1.2 */
+ /* FIXME: Send UA */
+ /* terminate ABM */
+ lle->state = GPRS_LLS_ASSIGNED_ADM;
+ break;
+ case GPRS_LLC_UA: /* Section 6.4.1.3 */
+ if (lle->state == GPRS_LLS_LOCAL_EST)
+ lle->state = GPRS_LLS_ABM;
+ break;
+ case GPRS_LLC_DM: /* Section 6.4.1.4: ABM cannot be performed */
+ if (lle->state == GPRS_LLS_LOCAL_EST)
+ lle->state = GPRS_LLS_ASSIGNED_ADM;
+ break;
+ case GPRS_LLC_FRMR: /* Section 6.4.1.5 */
+ break;
+ case GPRS_LLC_XID: /* Section 6.4.1.6 */
+ /* FIXME: implement XID negotiation using SNDCP */
+ {
+ struct msgb *resp;
+ uint8_t *xid;
+ resp = msgb_alloc_headroom(4096, 1024, "LLC_XID");
+ xid = msgb_put(resp, gph->data_len);
+ memcpy(xid, gph->data, gph->data_len);
+ gprs_llc_tx_xid(lle, resp);
+ }
+ break;
+ }
+
+ return 0;
+}
+
+/* parse a GPRS LLC header, also check for invalid frames */
+static int gprs_llc_hdr_parse(struct gprs_llc_hdr_parsed *ghp,
+ const uint8_t *llc_hdr, int len)
+{
+ uint8_t *ctrl = llc_hdr+1;
+ int is_sack = 0;
+ unsigned int crc_length;
+ uint32_t fcs_calc;
+
+ if (len <= CRC24_LENGTH)
+ return -EIO;
+
+ crc_length = len - CRC24_LENGTH;
+
+ ghp->ack_req = 0;
+
+ /* Section 5.5: FCS */
+ ghp->fcs = *(llc_hdr + len - 3);
+ ghp->fcs |= *(llc_hdr + len - 2) << 8;
+ ghp->fcs |= *(llc_hdr + len - 1) << 16;
+
+ /* Section 6.2.1: invalid PD field */
+ if (llc_hdr[0] & 0x80)
+ return -EIO;
+
+ /* This only works for the MS->SGSN direction */
+ if (llc_hdr[0] & 0x40)
+ ghp->is_cmd = 0;
+ else
+ ghp->is_cmd = 1;
+
+ ghp->sapi = llc_hdr[0] & 0xf;
+
+ /* Section 6.2.3: check for reserved SAPI */
+ switch (ghp->sapi) {
+ case 0:
+ case 4:
+ case 6:
+ case 0xa:
+ case 0xc:
+ case 0xd:
+ case 0xf:
+ return -EINVAL;
+ }
+
+ if ((ctrl[0] & 0x80) == 0) {
+ /* I (Information transfer + Supervisory) format */
+ uint8_t k;
+
+ ghp->data = ctrl + 3;
+
+ if (ctrl[0] & 0x40)
+ ghp->ack_req = 1;
+
+ ghp->seq_tx = (ctrl[0] & 0x1f) << 4;
+ ghp->seq_tx |= (ctrl[1] >> 4);
+
+ ghp->seq_rx = (ctrl[1] & 0x7) << 6;
+ ghp->seq_rx |= (ctrl[2] >> 2);
+
+ switch (ctrl[2] & 0x03) {
+ case 0:
+ ghp->cmd = GPRS_LLC_RR;
+ break;
+ case 1:
+ ghp->cmd = GPRS_LLC_ACK;
+ break;
+ case 2:
+ ghp->cmd = GPRS_LLC_RNR;
+ break;
+ case 3:
+ ghp->cmd = GPRS_LLC_SACK;
+ k = ctrl[3] & 0x1f;
+ ghp->data += 1 + k;
+ break;
+ }
+ ghp->data_len = (llc_hdr + len - 3) - ghp->data;
+ } else if ((ctrl[0] & 0xc0) == 0x80) {
+ /* S (Supervisory) format */
+ ghp->data = NULL;
+ ghp->data_len = 0;
+
+ if (ctrl[0] & 0x20)
+ ghp->ack_req = 1;
+ ghp->seq_rx = (ctrl[0] & 0x7) << 6;
+ ghp->seq_rx |= (ctrl[1] >> 2);
+
+ switch (ctrl[1] & 0x03) {
+ case 0:
+ ghp->cmd = GPRS_LLC_RR;
+ break;
+ case 1:
+ ghp->cmd = GPRS_LLC_ACK;
+ break;
+ case 2:
+ ghp->cmd = GPRS_LLC_RNR;
+ break;
+ case 3:
+ ghp->cmd = GPRS_LLC_SACK;
+ break;
+ }
+ } else if ((ctrl[0] & 0xe0) == 0xc0) {
+ /* UI (Unconfirmed Inforamtion) format */
+ ghp->data = ctrl + 2;
+ ghp->data_len = (llc_hdr + len - 3) - ghp->data;
+
+ ghp->seq_tx = (ctrl[0] & 0x7) << 6;
+ ghp->seq_tx |= (ctrl[1] >> 2);
+ if (ctrl[1] & 0x02) {
+ ghp->is_encrypted = 1;
+ /* FIXME: encryption */
+ }
+ if (ctrl[1] & 0x01) {
+ /* FCS over hdr + all inf fields */
+ } else {
+ /* FCS over hdr + N202 octets (4) */
+ if (crc_length > UI_HDR_LEN + N202)
+ crc_length = UI_HDR_LEN + N202;
+ }
+ } else {
+ /* U (Unnumbered) format: 1 1 1 P/F M4 M3 M2 M1 */
+ ghp->data = NULL;
+ ghp->data_len = 0;
+
+ switch (ctrl[0] & 0xf) {
+ case GPRS_LLC_U_NULL_CMD:
+ ghp->cmd = GPRS_LLC_NULL;
+ break;
+ case GPRS_LLC_U_DM_RESP:
+ ghp->cmd = GPRS_LLC_DM;
+ break;
+ case GPRS_LLC_U_DISC_CMD:
+ ghp->cmd = GPRS_LLC_DISC;
+ break;
+ case GPRS_LLC_U_UA_RESP:
+ ghp->cmd = GPRS_LLC_UA;
+ break;
+ case GPRS_LLC_U_SABM_CMD:
+ ghp->cmd = GPRS_LLC_SABM;
+ break;
+ case GPRS_LLC_U_FRMR_RESP:
+ ghp->cmd = GPRS_LLC_FRMR;
+ break;
+ case GPRS_LLC_U_XID:
+ ghp->cmd = GPRS_LLC_XID;
+ ghp->data = ctrl + 1;
+ ghp->data_len = (llc_hdr + len - 3) - ghp->data;
+ break;
+ default:
+ return -EIO;
+ }
+ }
+
+ /* calculate what FCS we expect */
+ ghp->fcs_calc = gprs_llc_fcs(llc_hdr, crc_length);
+
+ /* FIXME: parse sack frame */
+}
+
+/* receive an incoming LLC PDU (BSSGP-UL-UNITDATA-IND, 7.2.4.2) */
+int gprs_llc_rcvmsg(struct msgb *msg, struct tlv_parsed *tv)
+{
+ struct bssgp_ud_hdr *udh = (struct bssgp_ud_hdr *) msgb_bssgph(msg);
+ struct gprs_llc_hdr *lh = msgb_llch(msg);
+ struct gprs_llc_hdr_parsed llhp;
+ struct gprs_llc_lle *lle;
+ int rc = 0;
+
+ /* Identifiers from DOWN: NSEI, BVCI, TLLI */
+
+ rc = gprs_llc_hdr_parse(&llhp, lh, TLVP_LEN(tv, BSSGP_IE_LLC_PDU));
+ /* FIXME */
+
+ gprs_llc_hdr_dump(&llhp);
+
+ /* find the LLC Entity for this TLLI+SAPI tuple */
+ lle = lle_by_tlli_sapi(msgb_tlli(msg), llhp.sapi);
+ /* allocate a new LLE if needed */
+ if (!lle)
+ lle = lle_alloc(msgb_tlli(msg), llhp.sapi);
+
+ /* Update LLE's (BVCI, NSEI) tuple */
+ lle->bvci = msgb_bvci(msg);
+ lle->nsei = msgb_nsei(msg);
+
+ rc = gprs_llc_hdr_rx(&llhp, lle);
+ /* FIXME */
+
+ if (llhp.data) {
+ msgb_gmmh(msg) = llhp.data;
+ switch (llhp.sapi) {
+ case GPRS_SAPI_GMM:
+ rc = gsm0408_gprs_rcvmsg(msg);
+ break;
+ case GPRS_SAPI_TOM2:
+ case GPRS_SAPI_TOM8:
+ /* FIXME */
+ case GPRS_SAPI_SNDCP3:
+ case GPRS_SAPI_SNDCP5:
+ case GPRS_SAPI_SNDCP9:
+ case GPRS_SAPI_SNDCP11:
+ /* FIXME */
+ case GPRS_SAPI_SMS:
+ /* FIXME */
+ default:
+ LOGP(DGPRS, LOGL_NOTICE, "Unsupported SAPI %u\n", llhp.sapi);
+ rc = -EINVAL;
+ break;
+ }
+ }
+
+ return rc;
+}
diff --git a/openbsc/src/gprs/gprs_ns.c b/openbsc/src/gprs/gprs_ns.c
new file mode 100644
index 0000000..3d9bb89
--- /dev/null
+++ b/openbsc/src/gprs/gprs_ns.c
@@ -0,0 +1,644 @@
+/* GPRS Networks Service (NS) messages on the Gb interfacebvci = msgb_bvci(msg);
+ * 3GPP TS 08.16 version 8.0.1 Release 1999 / ETSI TS 101 299 V8.0.1 (2002-05) */
+
+/* (C) 2009-2010 by Harald Welte <laforge@gnumonks.org>
+ *
+ * All Rights Reserved
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ */
+
+/* Some introduction into NS: NS is used typically on top of frame relay,
+ * but in the ip.access world it is encapsulated in UDP packets. It serves
+ * as an intermediate shim betwen BSSGP and the underlying medium. It doesn't
+ * do much, apart from providing congestion notification and status indication.
+ *
+ * Terms:
+ * NS Network Service
+ * NSVC NS Virtual Connection
+ * NSEI NS Entity Identifier
+ * NSVL NS Virtual Link
+ * NSVLI NS Virtual Link Identifier
+ * BVC BSSGP Virtual Connection
+ * BVCI BSSGP Virtual Connection Identifier
+ * NSVCG NS Virtual Connection Goup
+ * Blocked NS-VC cannot be used for user traffic
+ * Alive Ability of a NS-VC to provide communication
+ *
+ * There can be multiple BSSGP virtual connections over one (group of) NSVC's. BSSGP will
+ * therefore identify the BSSGP virtual connection by a BVCI passed down to NS.
+ * NS then has to firgure out which NSVC's are responsible for this BVCI.
+ * Those mappings are administratively configured.
+ */
+
+#include <stdlib.h>
+#include <unistd.h>
+#include <errno.h>
+#include <stdint.h>
+
+#include <arpa/inet.h>
+
+#include <openbsc/gsm_data.h>
+#include <osmocore/msgb.h>
+#include <osmocore/tlv.h>
+#include <osmocore/talloc.h>
+#include <osmocore/select.h>
+#include <openbsc/debug.h>
+#include <openbsc/gprs_ns.h>
+#include <openbsc/gprs_bssgp.h>
+
+#define NS_ALLOC_SIZE 1024
+
+static const struct tlv_definition ns_att_tlvdef = {
+ .def = {
+ [NS_IE_CAUSE] = { TLV_TYPE_TvLV, 0 },
+ [NS_IE_VCI] = { TLV_TYPE_TvLV, 0 },
+ [NS_IE_PDU] = { TLV_TYPE_TvLV, 0 },
+ [NS_IE_BVCI] = { TLV_TYPE_TvLV, 0 },
+ [NS_IE_NSEI] = { TLV_TYPE_TvLV, 0 },
+ },
+};
+
+/* Lookup struct gprs_nsvc based on NSVCI */
+static struct gprs_nsvc *nsvc_by_nsvci(struct gprs_ns_inst *nsi,
+ uint16_t nsvci)
+{
+ struct gprs_nsvc *nsvc;
+ llist_for_each_entry(nsvc, &nsi->gprs_nsvcs, list) {
+ if (nsvc->nsvci == nsvci)
+ return nsvc;
+ }
+ return NULL;
+}
+
+/* Lookup struct gprs_nsvc based on NSVCI */
+static struct gprs_nsvc *nsvc_by_nsei(struct gprs_ns_inst *nsi,
+ uint16_t nsei)
+{
+ struct gprs_nsvc *nsvc;
+ llist_for_each_entry(nsvc, &nsi->gprs_nsvcs, list) {
+ if (nsvc->nsei == nsei)
+ return nsvc;
+ }
+ return NULL;
+}
+
+
+/* Lookup struct gprs_nsvc based on remote peer socket addr */
+static struct gprs_nsvc *nsvc_by_rem_addr(struct gprs_ns_inst *nsi,
+ struct sockaddr_in *sin)
+{
+ struct gprs_nsvc *nsvc;
+ llist_for_each_entry(nsvc, &nsi->gprs_nsvcs, list) {
+ if (!memcmp(&nsvc->ip.bts_addr, sin, sizeof(*sin)))
+ return nsvc;
+ }
+ return NULL;
+}
+
+static void gprs_ns_timer_cb(void *data);
+
+static struct gprs_nsvc *nsvc_create(struct gprs_ns_inst *nsi, uint16_t nsvci)
+{
+ struct gprs_nsvc *nsvc;
+
+ nsvc = talloc_zero(nsi, struct gprs_nsvc);
+ nsvc->nsvci = nsvci;
+ /* before RESET procedure: BLOCKED and DEAD */
+ nsvc->state = NSE_S_BLOCKED;
+ nsvc->nsi = nsi;
+ nsvc->timer.cb = gprs_ns_timer_cb;
+ nsvc->timer.data = nsvc;
+
+ llist_add(&nsvc->list, &nsi->gprs_nsvcs);
+
+ return nsvc;
+}
+
+/* Section 10.3.2, Table 13 */
+static const struct value_string ns_cause_str[] = {
+ { NS_CAUSE_TRANSIT_FAIL, "Transit network failure" },
+ { NS_CAUSE_OM_INTERVENTION, "O&M intervention" },
+ { NS_CAUSE_EQUIP_FAIL, "Equipment failure" },
+ { NS_CAUSE_NSVC_BLOCKED, "NS-VC blocked" },
+ { NS_CAUSE_NSVC_UNKNOWN, "NS-VC unknown" },
+ { NS_CAUSE_BVCI_UNKNOWN, "BVCI unknown" },
+ { NS_CAUSE_SEM_INCORR_PDU, "Semantically incorrect PDU" },
+ { NS_CAUSE_PDU_INCOMP_PSTATE, "PDU not compatible with protocol state" },
+ { NS_CAUSE_PROTO_ERR_UNSPEC, "Protocol error, unspecified" },
+ { NS_CAUSE_INVAL_ESSENT_IE, "Invalid essential IE" },
+ { NS_CAUSE_MISSING_ESSENT_IE, "Missing essential IE" },
+ { 0, NULL }
+};
+
+const char *gprs_ns_cause_str(enum ns_cause cause)
+{
+ return get_value_string(ns_cause_str, cause);
+}
+
+static int nsip_sendmsg(struct gprs_nsvc *nsvc, struct msgb *msg);
+
+static int gprs_ns_tx(struct gprs_nsvc *nsvc, struct msgb *msg)
+{
+ int ret;
+
+ switch (nsvc->nsi->ll) {
+ case GPRS_NS_LL_UDP:
+ ret = nsip_sendmsg(nsvc, msg);
+ break;
+ default:
+ LOGP(DGPRS, LOGL_ERROR, "unsupported NS linklayer %u\n", nsvc->nsi->ll);
+ msgb_free(msg);
+ ret = -EIO;
+ break;
+ }
+ return ret;
+}
+
+static int gprs_ns_tx_simple(struct gprs_nsvc *nsvc, uint8_t pdu_type)
+{
+ struct msgb *msg = msgb_alloc(NS_ALLOC_SIZE, "GPRS/NS");
+ struct gprs_ns_hdr *nsh;
+
+ if (!msg)
+ return -ENOMEM;
+
+ nsh = (struct gprs_ns_hdr *) msgb_put(msg, sizeof(*nsh));
+
+ nsh->pdu_type = pdu_type;
+
+ return gprs_ns_tx(nsvc, msg);
+}
+
+static int gprs_ns_tx_reset(struct gprs_nsvc *nsvc, uint8_t cause)
+{
+ struct msgb *msg = msgb_alloc(NS_ALLOC_SIZE, "GPRS/NS");
+ struct gprs_ns_hdr *nsh;
+ uint16_t nsvci = htons(nsvc->nsvci);
+ uint16_t nsei = htons(nsvc->nsei);
+
+ if (!msg)
+ return -ENOMEM;
+
+ nsh = (struct gprs_ns_hdr *) msgb_put(msg, sizeof(*nsh));
+ nsh->pdu_type = NS_PDUT_RESET;
+
+ msgb_tvlv_put(msg, NS_IE_CAUSE, 1, &cause);
+ msgb_tvlv_put(msg, NS_IE_VCI, 2, (uint8_t *) &nsvci);
+ msgb_tvlv_put(msg, NS_IE_NSEI, 2, (uint8_t *) &nsei);
+
+ return gprs_ns_tx(nsvc, msg);
+
+}
+
+#define NS_ALIVE_RETRIES 10 /* after 3 failed retransmit we declare BTS as dead */
+
+static const uint8_t timer_mode_tout[_NSVC_TIMER_NR] = {
+ [NSVC_TIMER_TNS_RESET] = 60,
+ [NSVC_TIMER_TNS_ALIVE] = 3,
+ [NSVC_TIMER_TNS_TEST] = 30,
+};
+
+static void nsvc_start_timer(struct gprs_nsvc *nsvc, enum nsvc_timer_mode mode)
+{
+ nsvc->alive_retries = 0;
+
+ if (bsc_timer_pending(&nsvc->timer))
+ bsc_del_timer(&nsvc->timer);
+
+ nsvc->timer_mode = mode;
+ bsc_schedule_timer(&nsvc->timer, timer_mode_tout[mode], 0);
+}
+
+static void gprs_ns_timer_cb(void *data)
+{
+ struct gprs_nsvc *nsvc = data;
+
+ switch (nsvc->timer_mode) {
+ case NSVC_TIMER_TNS_ALIVE:
+ /* Tns-alive case: we expired without response ! */
+ nsvc->alive_retries++;
+ if (nsvc->alive_retries > NS_ALIVE_RETRIES) {
+ /* mark as dead and blocked */
+ nsvc->state = NSE_S_BLOCKED;
+ DEBUGP(DGPRS, "NSEI=%u Tns-alive expired more then "
+ "%u times, blocking NS-VC\n", nsvc->nsei,
+ NS_ALIVE_RETRIES);
+ /* FIXME: inform higher layers */
+ return;
+ }
+ nsvc_start_timer(nsvc, NSVC_TIMER_TNS_ALIVE);
+ break;
+ case NSVC_TIMER_TNS_TEST:
+ /* Tns-test case: send NS-ALIVE PDU */
+ gprs_ns_tx_simple(nsvc, NS_PDUT_ALIVE);
+ /* start Tns-alive timer */
+ nsvc_start_timer(nsvc, NSVC_TIMER_TNS_ALIVE);
+ break;
+ case NSVC_TIMER_TNS_RESET:
+ /* Chapter 7.3: Re-send the RESET */
+ gprs_ns_tx_reset(nsvc, NS_CAUSE_OM_INTERVENTION);
+ nsvc_start_timer(nsvc, NSVC_TIMER_TNS_RESET);
+ break;
+ }
+}
+
+/* Section 9.2.6 */
+static int gprs_ns_tx_reset_ack(struct gprs_nsvc *nsvc)
+{
+ struct msgb *msg = msgb_alloc(NS_ALLOC_SIZE, "GPRS/NS");
+ struct gprs_ns_hdr *nsh;
+ uint16_t nsvci, nsei;
+
+ if (!msg)
+ return -ENOMEM;
+
+ nsvci = htons(nsvc->nsvci);
+ nsei = htons(nsvc->nsei);
+
+ nsh = (struct gprs_ns_hdr *) msgb_put(msg, sizeof(*nsh));
+
+ nsh->pdu_type = NS_PDUT_RESET_ACK;
+
+ DEBUGP(DGPRS, "NSEI=%u Tx NS RESET ACK (NSVCI=%u)\n",
+ nsvc->nsei, nsvc->nsvci);
+
+ msgb_tvlv_put(msg, NS_IE_VCI, 2, (uint8_t *)&nsvci);
+ msgb_tvlv_put(msg, NS_IE_NSEI, 2, (uint8_t *)&nsei);
+
+ return gprs_ns_tx(nsvc, msg);
+}
+
+/* Section 9.2.10: transmit side / NS-UNITDATA-REQUEST primitive */
+int gprs_ns_sendmsg(struct gprs_ns_inst *nsi, struct msgb *msg)
+{
+ struct gprs_nsvc *nsvc;
+ struct gprs_ns_hdr *nsh;
+ uint16_t bvci = msgb_bvci(msg);
+
+ nsvc = nsvc_by_nsei(nsi, msgb_nsei(msg));
+ if (!nsvc) {
+ LOGP(DGPRS, LOGL_ERROR, "Unable to resolve NSEI %u "
+ "to NS-VC!\n", msgb_nsei(msg));
+ return -EINVAL;
+ }
+
+ if (!(nsvc->state & NSE_S_ALIVE)) {
+ LOGP(DGPRS, LOGL_ERROR, "NSEI=%u is not alive, cannot send\n",
+ nsvc->nsei);
+ return -EBUSY;
+ }
+ if (nsvc->state & NSE_S_BLOCKED) {
+ LOGP(DGPRS, LOGL_ERROR, "NSEI=%u is blocked, cannot send\n",
+ nsvc->nsei);
+ return -EBUSY;
+ }
+
+ nsh = (struct gprs_ns_hdr *) msgb_push(msg, sizeof(*nsh) + 3);
+ if (!nsh) {
+ LOGP(DGPRS, LOGL_ERROR, "Not enough headroom for NS header\n");
+ return -EIO;
+ }
+
+ nsh->pdu_type = NS_PDUT_UNITDATA;
+ /* spare octet in data[0] */
+ nsh->data[1] = bvci >> 8;
+ nsh->data[2] = bvci & 0xff;
+
+ return gprs_ns_tx(nsvc, msg);
+}
+
+/* Section 9.2.10: receive side */
+static int gprs_ns_rx_unitdata(struct gprs_nsvc *nsvc, struct msgb *msg)
+{
+ struct gprs_ns_hdr *nsh = (struct gprs_ns_hdr *)msg->l2h;
+ uint16_t bvci;
+
+ /* spare octet in data[0] */
+ bvci = nsh->data[1] << 8 | nsh->data[2];
+ msgb_bssgph(msg) = &nsh->data[3];
+ msgb_bvci(msg) = bvci;
+
+ /* call upper layer (BSSGP) */
+ return nsvc->nsi->cb(GPRS_NS_EVT_UNIT_DATA, nsvc, msg, bvci);
+}
+
+/* Section 9.2.7 */
+static int gprs_ns_rx_status(struct gprs_nsvc *nsvc, struct msgb *msg)
+{
+ struct gprs_ns_hdr *nsh = (struct gprs_ns_hdr *) msg->l2h;
+ struct tlv_parsed tp;
+ uint8_t cause;
+ int rc;
+
+ DEBUGP(DGPRS, "NSEI=%u NS STATUS ", nsvc->nsei);
+
+ rc = tlv_parse(&tp, &ns_att_tlvdef, nsh->data, msgb_l2len(msg), 0, 0);
+
+ if (!TLVP_PRESENT(&tp, NS_IE_CAUSE)) {
+ DEBUGPC(DGPRS, "missing cause IE\n");
+ return -EINVAL;
+ }
+
+ cause = *TLVP_VAL(&tp, NS_IE_CAUSE);
+ DEBUGPC(DGPRS, "cause=%s\n", gprs_ns_cause_str(cause));
+
+ return 0;
+}
+
+/* Section 7.3 */
+static int gprs_ns_rx_reset(struct gprs_nsvc *nsvc, struct msgb *msg)
+{
+ struct gprs_ns_hdr *nsh = (struct gprs_ns_hdr *) msg->l2h;
+ struct tlv_parsed tp;
+ uint8_t *cause;
+ uint16_t *nsvci, *nsei;
+ int rc;
+
+ rc = tlv_parse(&tp, &ns_att_tlvdef, nsh->data, msgb_l2len(msg), 0, 0);
+
+ if (!TLVP_PRESENT(&tp, NS_IE_CAUSE) ||
+ !TLVP_PRESENT(&tp, NS_IE_VCI) ||
+ !TLVP_PRESENT(&tp, NS_IE_NSEI)) {
+ /* FIXME: respond with NS_CAUSE_MISSING_ESSENT_IE */
+ LOGP(DGPRS, LOGL_ERROR, "NS RESET Missing mandatory IE\n");
+ return -EINVAL;
+ }
+
+ cause = (uint8_t *) TLVP_VAL(&tp, NS_IE_CAUSE);
+ nsvci = (uint16_t *) TLVP_VAL(&tp, NS_IE_VCI);
+ nsei = (uint16_t *) TLVP_VAL(&tp, NS_IE_NSEI);
+
+ DEBUGP(DGPRS, "NSEI=%u NS RESET (NSVCI=%u, cause=%s)\n",
+ nsvc->nsvci, nsvc->nsei, gprs_ns_cause_str(*cause));
+
+ nsvc->state = NSE_S_BLOCKED | NSE_S_ALIVE;
+ nsvc->nsei = ntohs(*nsei);
+ nsvc->nsvci = ntohs(*nsvci);
+
+ /* mark the NS-VC as blocked and alive */
+ /* start the test procedure */
+ nsvc_start_timer(nsvc, NSVC_TIMER_TNS_ALIVE);
+
+ return gprs_ns_tx_reset_ack(nsvc);
+}
+
+/* main entry point, here incoming NS frames enter */
+int gprs_ns_rcvmsg(struct gprs_ns_inst *nsi, struct msgb *msg,
+ struct sockaddr_in *saddr)
+{
+ struct gprs_ns_hdr *nsh = (struct gprs_ns_hdr *) msg->l2h;
+ struct gprs_nsvc *nsvc;
+ int rc = 0;
+
+ /* look up the NSVC based on source address */
+ nsvc = nsvc_by_rem_addr(nsi, saddr);
+ if (!nsvc) {
+ /* Only the RESET procedure creates a new NSVC */
+ if (nsh->pdu_type != NS_PDUT_RESET) {
+ LOGP(DGPRS, LOGL_INFO, "Ignoring NS PDU type 0x%0x "
+ "from %s for non-existing NS-VC\n",
+ nsh->pdu_type, inet_ntoa(saddr->sin_addr));
+ //gprs_ns_tx_reset(nsvc, NS_CAUSE_NSVC_UNKNOWN);
+ return -EIO;
+ }
+ LOGP(DGPRS, LOGL_INFO, "Creating NS-VC for BSS at %s:%u\n",
+ inet_ntoa(saddr->sin_addr), ntohs(saddr->sin_port));
+ nsvc = nsvc_create(nsi, 0xffff);
+ nsvc->ip.bts_addr = *saddr;
+ } else
+ msgb_nsei(msg) = nsvc->nsei;
+
+ switch (nsh->pdu_type) {
+ case NS_PDUT_ALIVE:
+ /* remote end inquires whether we're still alive,
+ * we need to respond with ALIVE_ACK */
+ rc = gprs_ns_tx_simple(nsvc, NS_PDUT_ALIVE_ACK);
+ break;
+ case NS_PDUT_ALIVE_ACK:
+ /* stop Tns-alive */
+ bsc_del_timer(&nsvc->timer);
+ /* start Tns-test */
+ nsvc_start_timer(nsvc, NSVC_TIMER_TNS_TEST);
+ if (nsvc->remote_end_is_sgsn) {
+ /* FIXME: this should be one level higher */
+ if (nsvc->state & NSE_S_BLOCKED)
+ rc = gprs_ns_tx_simple(nsvc, NS_PDUT_UNBLOCK);
+ }
+ break;
+ case NS_PDUT_UNITDATA:
+ /* actual user data */
+ rc = gprs_ns_rx_unitdata(nsvc, msg);
+ break;
+ case NS_PDUT_STATUS:
+ rc = gprs_ns_rx_status(nsvc, msg);
+ break;
+ case NS_PDUT_RESET:
+ rc = gprs_ns_rx_reset(nsvc, msg);
+ break;
+ case NS_PDUT_RESET_ACK:
+ DEBUGP(DGPRS, "NSEI=%u Rx NS RESET ACK\n", nsvc->nsei);
+ /* mark remote NS-VC as blocked + active */
+ nsvc->remote_state = NSE_S_BLOCKED | NSE_S_ALIVE;
+ if (nsvc->remote_end_is_sgsn) {
+ /* stop RESET timer */
+ bsc_del_timer(&nsvc->timer);
+ /* send ALIVE PDU */
+ rc = gprs_ns_tx_simple(nsvc, NS_PDUT_ALIVE);
+ nsvc_start_timer(nsvc, NSVC_TIMER_TNS_ALIVE);
+ /* mark local state as BLOCKED + ALIVE */
+ nsvc->state = NSE_S_BLOCKED | NSE_S_ALIVE;
+ }
+ break;
+ case NS_PDUT_UNBLOCK:
+ /* Section 7.2: unblocking procedure */
+ DEBUGP(DGPRS, "NSEI=%u Rx NS UNBLOCK\n", nsvc->nsei);
+ nsvc->state &= ~NSE_S_BLOCKED;
+ rc = gprs_ns_tx_simple(nsvc, NS_PDUT_UNBLOCK_ACK);
+ break;
+ case NS_PDUT_UNBLOCK_ACK:
+ DEBUGP(DGPRS, "NSEI=%u Rx NS UNBLOCK ACK\n", nsvc->nsei);
+ /* mark remote NS-VC as unblocked + active */
+ nsvc->remote_state = NSE_S_ALIVE;
+ if (nsvc->remote_end_is_sgsn)
+ nsvc->state = NSE_S_ALIVE;
+ break;
+ case NS_PDUT_BLOCK:
+ DEBUGP(DGPRS, "NSEI=%u Rx NS BLOCK\n", nsvc->nsei);
+ nsvc->state |= NSE_S_BLOCKED;
+ rc = gprs_ns_tx_simple(nsvc, NS_PDUT_UNBLOCK_ACK);
+ break;
+ case NS_PDUT_BLOCK_ACK:
+ DEBUGP(DGPRS, "NSEI=%u Rx NS BLOCK ACK\n", nsvc->nsei);
+ /* mark remote NS-VC as blocked + active */
+ nsvc->remote_state = NSE_S_BLOCKED | NSE_S_ALIVE;
+ break;
+ default:
+ DEBUGP(DGPRS, "NSEI=%u Rx Unknown NS PDU type 0x%02x\n",
+ nsvc->nsei, nsh->pdu_type);
+ rc = -EINVAL;
+ break;
+ }
+ return rc;
+}
+
+struct gprs_ns_inst *gprs_ns_instantiate(gprs_ns_cb_t *cb)
+{
+ struct gprs_ns_inst *nsi = talloc_zero(tall_bsc_ctx, struct gprs_ns_inst);
+
+ nsi->cb = cb;
+ INIT_LLIST_HEAD(&nsi->gprs_nsvcs);
+
+ return nsi;
+}
+
+void gprs_ns_destroy(struct gprs_ns_inst *nsi)
+{
+ /* FIXME: clear all timers */
+
+ /* recursively free the NSI and all its NSVCs */
+ talloc_free(nsi);
+}
+
+
+/* NS-over-IP code, according to 3GPP TS 48.016 Chapter 6.2
+ * We don't support Size Procedure, Configuration Procedure, ChangeWeight Procedure */
+
+/* Read a single NS-over-IP message */
+static struct msgb *read_nsip_msg(struct bsc_fd *bfd, int *error,
+ struct sockaddr_in *saddr)
+{
+ struct msgb *msg = msgb_alloc(NS_ALLOC_SIZE, "Abis/IP/GPRS-NS");
+ int ret = 0;
+ socklen_t saddr_len = sizeof(*saddr);
+
+ if (!msg) {
+ *error = -ENOMEM;
+ return NULL;
+ }
+
+ ret = recvfrom(bfd->fd, msg->data, NS_ALLOC_SIZE, 0,
+ (struct sockaddr *)saddr, &saddr_len);
+ if (ret < 0) {
+ LOGP(DGPRS, LOGL_ERROR, "recv error %s during NSIP recv\n",
+ strerror(errno));
+ msgb_free(msg);
+ *error = ret;
+ return NULL;
+ } else if (ret == 0) {
+ msgb_free(msg);
+ *error = ret;
+ return NULL;
+ }
+
+ msg->l2h = msg->data;
+ msgb_put(msg, ret);
+
+ return msg;
+}
+
+static int handle_nsip_read(struct bsc_fd *bfd)
+{
+ int error;
+ struct sockaddr_in saddr;
+ struct gprs_ns_inst *nsi = bfd->data;
+ struct msgb *msg = read_nsip_msg(bfd, &error, &saddr);
+
+ if (!msg)
+ return error;
+
+ return gprs_ns_rcvmsg(nsi, msg, &saddr);
+}
+
+static int handle_nsip_write(struct bsc_fd *bfd)
+{
+ /* FIXME: actually send the data here instead of nsip_sendmsg() */
+ return -EIO;
+}
+
+int nsip_sendmsg(struct gprs_nsvc *nsvc, struct msgb *msg)
+{
+ int rc;
+ struct gprs_ns_inst *nsi = nsvc->nsi;
+ struct sockaddr_in *daddr = &nsvc->ip.bts_addr;
+
+ rc = sendto(nsi->nsip.fd.fd, msg->data, msg->len, 0,
+ (struct sockaddr *)daddr, sizeof(*daddr));
+
+ talloc_free(msg);
+
+ return rc;
+}
+
+/* UDP Port 23000 carries the LLC-in-BSSGP-in-NS protocol stack */
+static int nsip_fd_cb(struct bsc_fd *bfd, unsigned int what)
+{
+ int rc = 0;
+
+ if (what & BSC_FD_READ)
+ rc = handle_nsip_read(bfd);
+ if (what & BSC_FD_WRITE)
+ rc = handle_nsip_write(bfd);
+
+ return rc;
+}
+
+
+/* FIXME: this is currently in input/ipaccess.c */
+extern int make_sock(struct bsc_fd *bfd, int proto, uint16_t port,
+ int (*cb)(struct bsc_fd *fd, unsigned int what));
+
+/* Listen for incoming GPRS packets */
+int nsip_listen(struct gprs_ns_inst *nsi, uint16_t udp_port)
+{
+ int ret;
+
+ ret = make_sock(&nsi->nsip.fd, IPPROTO_UDP, udp_port, nsip_fd_cb);
+ if (ret < 0)
+ return ret;
+
+ nsi->ll = GPRS_NS_LL_UDP;
+ nsi->nsip.fd.data = nsi;
+
+ return ret;
+}
+
+/* Establish a connection (from the BSS) to the SGSN */
+struct gprs_nsvc *nsip_connect(struct gprs_ns_inst *nsi,
+ struct sockaddr_in *dest, uint16_t nsei,
+ uint16_t nsvci)
+{
+ struct gprs_nsvc *nsvc;
+
+ nsvc = nsvc_by_rem_addr(nsi, dest);
+ if (!nsvc) {
+ nsvc = nsvc_create(nsi, nsvci);
+ nsvc->ip.bts_addr = *dest;
+ }
+ nsvc->nsei = nsei;
+ nsvc->nsvci = nsvci;
+ nsvc->remote_end_is_sgsn = 1;
+
+ /* Initiate a RESET procedure */
+ if (gprs_ns_tx_reset(nsvc, NS_CAUSE_OM_INTERVENTION) < 0) {
+ LOGP(DGPRS, LOGL_ERROR, "NSEI=%u, error resetting NS-VC\n",
+ nsei);
+ }
+ /* run a timer and re-transmit the reset request? */
+ nsvc_start_timer(nsvc, NSVC_TIMER_TNS_RESET);
+
+ return nsvc;
+}
diff --git a/openbsc/src/gprs/gprs_sgsn.c b/openbsc/src/gprs/gprs_sgsn.c
new file mode 100644
index 0000000..ba46719
--- /dev/null
+++ b/openbsc/src/gprs/gprs_sgsn.c
@@ -0,0 +1,96 @@
+/* GPRS SGSN functionality */
+
+/* (C) 2009 by Harald Welte <laforge@gnumonks.org>
+ *
+ * All Rights Reserved
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ */
+
+#include <stdint.h>
+
+#include <osmocore/linuxlist.h>
+#include <osmocore/talloc.h>
+#include <osmocore/timer.h>
+#include <openbsc/gsm_subscriber.h>
+#include <openbsc/debug.h>
+#include <openbsc/gprs_sgsn.h>
+#include <openbsc/gprs_ns.h>
+#include <openbsc/gprs_bssgp.h>
+
+static LLIST_HEAD(sgsn_mm_ctxts);
+
+static int ra_id_equals(const struct gprs_ra_id *id1,
+ const struct gprs_ra_id *id2)
+{
+ return (id1->mcc == id2->mcc && id1->mnc == id2->mnc &&
+ id1->lac == id2->lac && id1->rac == id2->rac);
+}
+
+/* look-up a SGSN MM context based on TLLI + RAI */
+struct sgsn_mm_ctx *sgsn_mm_ctx_by_tlli(uint32_t tlli,
+ const struct gprs_ra_id *raid)
+{
+ struct sgsn_mm_ctx *ctx;
+
+ llist_for_each_entry(ctx, &sgsn_mm_ctxts, list) {
+ if (tlli == ctx->tlli &&
+ ra_id_equals(raid, &ctx->ra))
+ return ctx;
+ }
+ return NULL;
+}
+
+struct sgsn_mm_ctx *sgsn_mm_ctx_by_ptmsi(uint32_t p_tmsi)
+{
+ struct sgsn_mm_ctx *ctx;
+
+ llist_for_each_entry(ctx, &sgsn_mm_ctxts, list) {
+ if (p_tmsi == ctx->p_tmsi)
+ return ctx;
+ }
+ return NULL;
+}
+
+struct sgsn_mm_ctx *sgsn_mm_ctx_by_imsi(const char *imsi)
+{
+ struct sgsn_mm_ctx *ctx;
+
+ llist_for_each_entry(ctx, &sgsn_mm_ctxts, list) {
+ if (!strcmp(imsi, ctx->imsi))
+ return ctx;
+ }
+ return NULL;
+
+}
+
+/* Allocate a new SGSN MM context */
+struct sgsn_mm_ctx *sgsn_mm_ctx_alloc(uint32_t tlli,
+ const struct gprs_ra_id *raid)
+{
+ struct sgsn_mm_ctx *ctx = talloc_zero(NULL, struct sgsn_mm_ctx);
+
+ if (!ctx)
+ return NULL;
+
+ memcpy(&ctx->ra, raid, sizeof(ctx->ra));
+ ctx->tlli = tlli;
+ ctx->mm_state = GMM_DEREGISTERED;
+
+ llist_add(&ctx->list, &sgsn_mm_ctxts);
+
+ return ctx;
+}
diff --git a/openbsc/src/gprs/gprs_sndcp.c b/openbsc/src/gprs/gprs_sndcp.c
new file mode 100644
index 0000000..0d1a390
--- /dev/null
+++ b/openbsc/src/gprs/gprs_sndcp.c
@@ -0,0 +1,70 @@
+/* GPRS SNDCP protocol implementation as per 3GPP TS 04.65 */
+
+/* (C) 2010 by Harald Welte <laforge@gnumonks.org>
+ *
+ * All Rights Reserved
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ */
+
+#include <errno.h>
+#include <stdint.h>
+
+#include <osmocore/msgb.h>
+#include <osmocore/linuxlist.h>
+#include <osmocore/timer.h>
+#include <osmocore/talloc.h>
+
+#include <openbsc/gsm_data.h>
+#include <openbsc/debug.h>
+#include <openbsc/gprs_bssgp.h>
+#include <openbsc/gprs_llc.h>
+
+/* Chapter 7.2: SN-PDU Formats */
+struct sndcp_common_hdr {
+ /* octet 1 */
+ uint8_t nsapi:4;
+ uint8_t more:1;
+ uint8_t type:1;
+ uint8_t first:1;
+ uint8_t spare:1;
+ /* octet 2 */
+ uint8_t pcomp;
+ uint8_t dcomp;
+};
+
+struct sndcp_udata_hdr {
+ /* octet 3 */
+ uint8_t npdu_high:4;
+ uint8_t seg_nr:4;
+ /* octet 4 */
+ uint8_t npdu_low;
+};
+
+/* Entry point for the LL-UNITDATA.indication */
+int sndcp_unitdata_ind(struct msgb *msg, uint8_t sapi, uint8_t *hdr, uint8_t len)
+{
+ struct sndcp_udata_hdr *suh;
+ uint16_t npdu;
+
+ if (suh->type == 0) {
+ LOGP(DGPRS, LOGL_ERROR, "SN-DATA PDU at unitdata_ind() function\n");
+ return -EINVAL;
+ }
+
+ npdu = (suh->npdu_high << 8) | suh->npdu_low;
+}
+
diff --git a/openbsc/src/gprs/gsm_04_08_gprs.c b/openbsc/src/gprs/gsm_04_08_gprs.c
new file mode 100644
index 0000000..4a42113
--- /dev/null
+++ b/openbsc/src/gprs/gsm_04_08_gprs.c
@@ -0,0 +1,762 @@
+/* GSM Mobile Radio Interface Layer 3 messages on the A-bis interface
+ * 3GPP TS 04.08 version 7.21.0 Release 1998 / ETSI TS 100 940 V7.21.0 */
+
+/* (C) 2009-2010 by Harald Welte <laforge@gnumonks.org>
+ *
+ * All Rights Reserved
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+#include <errno.h>
+
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
+#include <openbsc/db.h>
+#include <osmocore/msgb.h>
+#include <osmocore/tlv.h>
+#include <osmocore/gsm_utils.h>
+#include <osmocore/signal.h>
+#include <osmocore/talloc.h>
+
+#include <openbsc/debug.h>
+#include <openbsc/gsm_data.h>
+#include <openbsc/gsm_subscriber.h>
+#include <openbsc/gsm_04_08.h>
+#include <openbsc/gsm_04_08_gprs.h>
+#include <openbsc/paging.h>
+#include <openbsc/transaction.h>
+#include <openbsc/gprs_bssgp.h>
+#include <openbsc/gprs_llc.h>
+#include <openbsc/gprs_sgsn.h>
+
+/* 10.5.5.14 GPRS MM Cause / Table 10.5.147 */
+struct value_string gmm_cause_names[] = {
+ /* FIXME */
+ { GMM_CAUSE_SEM_INCORR_MSG, "Semantically incorrect message" },
+ { GMM_CAUSE_INV_MAND_INFO, "Invalid mandatory information" },
+ { GMM_CAUSE_MSGT_NOTEXIST_NOTIMPL,
+ "Message type non-existant or not implemented" },
+ { GMM_CAUSE_MSGT_INCOMP_P_STATE,
+ "Message type not compatible with protocol state" },
+ { GMM_CAUSE_IE_NOTEXIST_NOTIMPL,
+ "Information element non-existent or not implemented" },
+ { GMM_CAUSE_COND_IE_ERR, "Conditional IE error" },
+ { GMM_CAUSE_MSG_INCOMP_P_STATE,
+ "Message not compatible with protocol state " },
+ { GMM_CAUSE_PROTO_ERR_UNSPEC, "Protocol error, unspecified" },
+ { 0, NULL }
+};
+
+/* 10.5.6.6 SM Cause / Table 10.5.157 */
+struct value_string gsm_cause_names[] = {
+ { GSM_CAUSE_INSUFF_RSRC, "Insufficient resources" },
+ { GSM_CAUSE_MISSING_APN, "Missing or unknown APN" },
+ { GSM_CAUSE_UNKNOWN_PDP, "Unknown PDP address or PDP type" },
+ { GSM_CAUSE_AUTH_FAILED, "User Authentication failed" },
+ { GSM_CAUSE_ACT_REJ_GGSN, "Activation rejected by GGSN" },
+ { GSM_CAUSE_ACT_REJ_UNSPEC, "Activation rejected, unspecified" },
+ { GSM_CAUSE_SERV_OPT_NOTSUPP, "Service option not supported" },
+ { GSM_CAUSE_REQ_SERV_OPT_NOTSUB,
+ "Requested service option not subscribed" },
+ { GSM_CAUSE_SERV_OPT_TEMP_OOO,
+ "Service option temporarily out of order" },
+ { GSM_CAUSE_NSAPI_IN_USE, "NSAPI already used" },
+ { GSM_CAUSE_DEACT_REGULAR, "Regular deactivation" },
+ { GSM_CAUSE_QOS_NOT_ACCEPTED, "QoS not accepted" },
+ { GSM_CAUSE_NET_FAIL, "Network Failure" },
+ { GSM_CAUSE_REACT_RQD, "Reactivation required" },
+ { GSM_CAUSE_FEATURE_NOTSUPP, "Feature not supported " },
+ { GSM_CAUSE_INVALID_TRANS_ID, "Invalid transaction identifier" },
+ { GSM_CAUSE_SEM_INCORR_MSG, "Semantically incorrect message" },
+ { GSM_CAUSE_INV_MAND_INFO, "Invalid mandatory information" },
+ { GSM_CAUSE_MSGT_NOTEXIST_NOTIMPL,
+ "Message type non-existant or not implemented" },
+ { GSM_CAUSE_MSGT_INCOMP_P_STATE,
+ "Message type not compatible with protocol state" },
+ { GSM_CAUSE_IE_NOTEXIST_NOTIMPL,
+ "Information element non-existent or not implemented" },
+ { GSM_CAUSE_COND_IE_ERR, "Conditional IE error" },
+ { GSM_CAUSE_MSG_INCOMP_P_STATE,
+ "Message not compatible with protocol state " },
+ { GSM_CAUSE_PROTO_ERR_UNSPEC, "Protocol error, unspecified" },
+ { 0, NULL }
+};
+
+static const char *att_name(uint8_t type)
+{
+ switch (type) {
+ case GPRS_ATT_T_ATTACH:
+ return "GPRS attach";
+ case GPRS_ATT_T_ATT_WHILE_IMSI:
+ return "GPRS attach while IMSI attached";
+ case GPRS_ATT_T_COMBINED:
+ return "Combined GPRS/IMSI attach";
+ default:
+ return "unknown";
+ }
+}
+
+static const char *upd_name(uint8_t type)
+{
+ switch (type) {
+ case GPRS_UPD_T_RA:
+ return "RA updating";
+ case GPRS_UPD_T_RA_LA:
+ return "combined RA/LA updating";
+ case GPRS_UPD_T_RA_LA_IMSI_ATT:
+ return "combined RA/LA updating + IMSI attach";
+ case GPRS_UPD_T_PERIODIC:
+ return "periodic updating";
+ }
+ return "unknown";
+}
+
+/* Send a message through the underlying layer */
+static int gsm48_gmm_sendmsg(struct msgb *msg, int command)
+{
+ /* caller needs to provide TLLI, BVCI and NSEI */
+ return gprs_llc_tx_ui(msg, GPRS_SAPI_GMM, command);
+}
+
+/* copy identifiers from old message to new message, this
+ * is required so lower layers can route it correctly */
+static void gmm_copy_id(struct msgb *msg, const struct msgb *old)
+{
+ msgb_tlli(msg) = msgb_tlli(old);
+ msgb_bvci(msg) = msgb_bvci(old);
+ msgb_nsei(msg) = msgb_nsei(old);
+}
+
+static struct gsm48_qos default_qos = {
+ .delay_class = 4, /* best effort */
+ .reliab_class = GSM48_QOS_RC_LLC_UN_RLC_ACK_DATA_PROT,
+ .peak_tput = GSM48_QOS_PEAK_TPUT_32000bps,
+ .preced_class = GSM48_QOS_PC_NORMAL,
+ .mean_tput = GSM48_QOS_MEAN_TPUT_BEST_EFFORT,
+ .traf_class = GSM48_QOS_TC_INTERACTIVE,
+ .deliv_order = GSM48_QOS_DO_UNORDERED,
+ .deliv_err_sdu = GSM48_QOS_ERRSDU_YES,
+ .max_sdu_size = GSM48_QOS_MAXSDU_1520,
+ .max_bitrate_up = GSM48_QOS_MBRATE_63k,
+ .max_bitrate_down = GSM48_QOS_MBRATE_63k,
+ .resid_ber = GSM48_QOS_RBER_5e_2,
+ .sdu_err_ratio = GSM48_QOS_SERR_1e_2,
+ .handling_prio = 3,
+ .xfer_delay = 0x10, /* 200ms */
+ .guar_bitrate_up = GSM48_QOS_MBRATE_0k,
+ .guar_bitrate_down = GSM48_QOS_MBRATE_0k,
+ .sig_ind = 0, /* not optimised for signalling */
+ .max_bitrate_down_ext = 0, /* use octet 9 */
+ .guar_bitrate_down_ext = 0, /* use octet 13 */
+};
+
+/* Chapter 9.4.2: Attach accept */
+static int gsm48_tx_gmm_att_ack(struct msgb *old_msg)
+{
+ struct msgb *msg = gsm48_msgb_alloc();
+ struct gsm48_hdr *gh;
+ struct gsm48_attach_ack *aa;
+ struct gprs_ra_id ra_id;
+
+ DEBUGP(DMM, "<- GPRS ATTACH ACCEPT\n");
+
+ gmm_copy_id(msg, old_msg);
+
+ gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh));
+ gh->proto_discr = GSM48_PDISC_MM_GPRS;
+ gh->msg_type = GSM48_MT_GMM_ATTACH_ACK;
+
+ aa = (struct gsm48_attach_ack *) msgb_put(msg, sizeof(*aa));
+ aa->force_stby = 0; /* not indicated */
+ aa->att_result = 1; /* GPRS only */
+ aa->ra_upd_timer = GPRS_TMR_MINUTE | 10;
+ aa->radio_prio = 4; /* lowest */
+ bssgp_parse_cell_id(&ra_id, msgb_bcid(old_msg));
+ gsm48_construct_ra(aa->ra_id.digits, &ra_id);
+
+ /* Option: P-TMSI signature, allocated P-TMSI, MS ID, ... */
+ return gsm48_gmm_sendmsg(msg, 0);
+}
+
+/* Chapter 9.4.5: Attach reject */
+static int gsm48_tx_gmm_att_rej(struct msgb *old_msg, uint8_t gmm_cause)
+{
+ struct msgb *msg = gsm48_msgb_alloc();
+ struct gsm48_hdr *gh;
+
+ DEBUGP(DMM, "<- GPRS ATTACH REJECT\n");
+
+ gmm_copy_id(msg, old_msg);
+
+ gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh) + 1);
+ gh->proto_discr = GSM48_PDISC_MM_GPRS;
+ gh->msg_type = GSM48_MT_GMM_ATTACH_REJ;
+ gh->data[0] = gmm_cause;
+
+ return gsm48_gmm_sendmsg(msg, 0);
+}
+
+/* Transmit Chapter 9.4.12 Identity Request */
+static int gsm48_tx_gmm_id_req(struct msgb *old_msg, uint8_t id_type)
+{
+ struct msgb *msg = gsm48_msgb_alloc();
+ struct gsm48_hdr *gh;
+
+ DEBUGP(DMM, "-> GPRS IDENTITY REQUEST: mi_type=%02x\n", id_type);
+
+ gmm_copy_id(msg, old_msg);
+
+ gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh) + 1);
+ gh->proto_discr = GSM48_PDISC_MM_GPRS;
+ gh->msg_type = GSM48_MT_GMM_ID_REQ;
+ /* 10.5.5.9 ID type 2 + identity type and 10.5.5.7 'force to standby' IE */
+ gh->data[0] = id_type & 0xf;
+
+ return gsm48_gmm_sendmsg(msg, 0);
+}
+
+/* Check if we can already authorize a subscriber */
+static int gsm48_gmm_authorize(struct sgsn_mm_ctx *ctx, struct msgb *msg)
+{
+ if (strlen(ctx->imei) && strlen(ctx->imsi)) {
+ ctx->mm_state = GMM_REGISTERED_NORMAL;
+ return gsm48_tx_gmm_att_ack(msg);
+ }
+ if (!strlen(ctx->imei))
+ return gsm48_tx_gmm_id_req(msg, GSM_MI_TYPE_IMEI);
+
+ if (!strlen(ctx->imsi))
+ return gsm48_tx_gmm_id_req(msg, GSM_MI_TYPE_IMSI);
+
+ return 0;
+}
+
+/* Parse Chapter 9.4.13 Identity Response */
+static int gsm48_rx_gmm_id_resp(struct msgb *msg)
+{
+ struct gsm48_hdr *gh = (struct gsm48_hdr *) msgb_gmmh(msg);
+ uint8_t mi_type = gh->data[1] & GSM_MI_TYPE_MASK;
+ char mi_string[GSM48_MI_SIZE];
+ struct gprs_ra_id ra_id;
+ struct sgsn_mm_ctx *ctx;
+
+ gsm48_mi_to_string(mi_string, sizeof(mi_string), &gh->data[1], gh->data[0]);
+ DEBUGP(DMM, "GMM IDENTITY RESPONSE: mi_type=0x%02x MI(%s) ",
+ mi_type, mi_string);
+
+ bssgp_parse_cell_id(&ra_id, msgb_bcid(msg));
+ ctx = sgsn_mm_ctx_by_tlli(msgb_tlli(msg), &ra_id);
+ if (!ctx) {
+ DEBUGP(DMM, "from unknown TLLI 0x%08x?!?\n", msgb_tlli(msg));
+ return -EINVAL;
+ }
+
+ switch (mi_type) {
+ case GSM_MI_TYPE_IMSI:
+ /* we already have a mm context with current TLLI, but no
+ * P-TMSI / IMSI yet. What we now need to do is to fill
+ * this initial context with data from the HLR */
+ strncpy(ctx->imsi, mi_string, sizeof(ctx->imei));
+ break;
+ case GSM_MI_TYPE_IMEI:
+ strncpy(ctx->imei, mi_string, sizeof(ctx->imei));
+ break;
+ case GSM_MI_TYPE_IMEISV:
+ break;
+ }
+
+ DEBUGPC(DMM, "\n");
+ /* Check if we can let the mobile station enter */
+ return gsm48_gmm_authorize(ctx, msg);
+}
+
+static void attach_rej_cb(void *data)
+{
+ struct sgsn_mm_ctx *ctx = data;
+
+ /* FIXME: determine through which BTS/TRX to send this */
+ //gsm48_tx_gmm_att_rej(ctx->tlli, GMM_CAUSE_MS_ID_NOT_DERIVED);
+ ctx->mm_state = GMM_DEREGISTERED;
+ /* FIXME: release the context */
+}
+
+static void schedule_reject(struct sgsn_mm_ctx *ctx)
+{
+ ctx->T = 3370;
+ ctx->timer.cb = attach_rej_cb;
+ ctx->timer.data = ctx;
+ bsc_schedule_timer(&ctx->timer, 6, 0);
+}
+
+/* Section 9.4.1 Attach request */
+static int gsm48_rx_gmm_att_req(struct msgb *msg)
+{
+ struct gsm48_hdr *gh = (struct gsm48_hdr *) msgb_gmmh(msg);
+ uint8_t *cur = gh->data, *msnc, *mi, *old_ra_info;
+ uint8_t msnc_len, att_type, mi_len, mi_type;
+ uint16_t drx_par;
+ uint32_t tmsi;
+ char mi_string[GSM48_MI_SIZE];
+ struct gprs_ra_id ra_id;
+ uint16_t cid;
+ struct sgsn_mm_ctx *ctx;
+
+ DEBUGP(DMM, "GMM ATTACH REQUEST ");
+
+ /* As per TS 04.08 Chapter 4.7.1.4, the attach request arrives either
+ * with a foreign TLLI (P-TMSI that was allocated to the MS before),
+ * or with random TLLI. */
+
+ cid = bssgp_parse_cell_id(&ra_id, msgb_bcid(msg));
+
+ /* MS network capability 10.5.5.12 */
+ msnc_len = *cur++;
+ msnc = cur;
+ if (msnc_len > 2)
+ goto err_inval;
+ cur += msnc_len;
+
+ /* aTTACH Type 10.5.5.2 */
+ att_type = *cur++ & 0x0f;
+
+ /* DRX parameter 10.5.5.6 */
+ drx_par = *cur++;
+ drx_par |= *cur++ << 8;
+
+ /* Mobile Identity (P-TMSI or IMSI) 10.5.1.4 */
+ mi_len = *cur++;
+ mi = cur;
+ if (mi_len > 8)
+ goto err_inval;
+ mi_type = *mi & GSM_MI_TYPE_MASK;
+ cur += mi_len;
+
+ gsm48_mi_to_string(mi_string, sizeof(mi_string), mi, mi_len);
+
+ DEBUGPC(DMM, "MI(%s) type=\"%s\" ", mi_string, att_name(att_type));
+
+ /* Old routing area identification 10.5.5.15 */
+ old_ra_info = cur;
+ cur += 6;
+
+ /* MS Radio Access Capability 10.5.5.12a */
+
+ /* Optional: Old P-TMSI Signature, Requested READY timer, TMSI Status */
+
+ switch (mi_type) {
+ case GSM_MI_TYPE_IMSI:
+ /* Try to find MM context based on IMSI */
+ ctx = sgsn_mm_ctx_by_imsi(mi_string);
+ if (!ctx) {
+#if 0
+ return gsm48_tx_gmm_att_rej(msg, GMM_CAUSE_IMSI_UNKNOWN);
+#else
+ /* As a temorary hack, we simply assume that the IMSI exists */
+ ctx = sgsn_mm_ctx_alloc(0, &ra_id);
+ if (!ctx)
+ return gsm48_tx_gmm_att_rej(msg, GMM_CAUSE_NET_FAIL);
+ strncpy(ctx->imsi, mi_string, sizeof(ctx->imsi));
+#endif
+ }
+ /* FIXME: Start some timer */
+ ctx->mm_state = GMM_COMMON_PROC_INIT;
+ ctx->tlli = msgb_tlli(msg);
+ break;
+ case GSM_MI_TYPE_TMSI:
+ tmsi = strtoul(mi_string, NULL, 10);
+ /* Try to find MM context based on P-TMSI */
+ ctx = sgsn_mm_ctx_by_ptmsi(tmsi);
+ if (!ctx) {
+ ctx = sgsn_mm_ctx_alloc(msgb_tlli(msg), &ra_id);
+ /* FIXME: Start some timer */
+ ctx->mm_state = GMM_COMMON_PROC_INIT;
+ ctx->tlli = msgb_tlli(msg);
+ }
+ break;
+ default:
+ return 0;
+ }
+ /* Update MM Context with currient RA and Cell ID */
+ ctx->ra = ra_id;
+ ctx->cell_id = cid;
+
+ /* FIXME: allocate a new P-TMSI (+ P-TMSI signature) */
+ /* FIXME: update the TLLI with the new local TLLI based on the P-TMSI */
+
+ DEBUGPC(DMM, "\n");
+
+ return ctx ? gsm48_gmm_authorize(ctx, msg) : 0;
+
+err_inval:
+ DEBUGPC(DMM, "\n");
+ return gsm48_tx_gmm_att_rej(msg, GMM_CAUSE_SEM_INCORR_MSG);
+}
+
+/* Chapter 9.4.15: Routing area update accept */
+static int gsm48_tx_gmm_ra_upd_ack(struct msgb *old_msg)
+{
+ struct msgb *msg = gsm48_msgb_alloc();
+ struct gsm48_hdr *gh;
+ struct gsm48_ra_upd_ack *rua;
+ struct gprs_ra_id ra_id;
+
+ DEBUGP(DMM, "<- ROUTING AREA UPDATE ACCEPT\n");
+
+ gmm_copy_id(msg, old_msg);
+
+ gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh));
+ gh->proto_discr = GSM48_PDISC_MM_GPRS;
+ gh->msg_type = GSM48_MT_GMM_RA_UPD_ACK;
+
+ rua = (struct gsm48_ra_upd_ack *) msgb_put(msg, sizeof(*rua));
+ rua->force_stby = 0; /* not indicated */
+ rua->upd_result = 0; /* RA updated */
+ rua->ra_upd_timer = GPRS_TMR_MINUTE | 10;
+
+ bssgp_parse_cell_id(&ra_id, msgb_bcid(old_msg));
+ gsm48_construct_ra(rua->ra_id.digits, &ra_id);
+
+ /* Option: P-TMSI signature, allocated P-TMSI, MS ID, ... */
+ return gsm48_gmm_sendmsg(msg, 0);
+}
+
+/* Chapter 9.4.17: Routing area update reject */
+static int gsm48_tx_gmm_ra_upd_rej(struct msgb *old_msg, uint8_t cause)
+{
+ struct msgb *msg = gsm48_msgb_alloc();
+ struct gsm48_hdr *gh;
+
+ DEBUGP(DMM, "<- ROUTING AREA UPDATE REJECT\n");
+
+ gmm_copy_id(msg, old_msg);
+
+ gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh) + 2);
+ gh->proto_discr = GSM48_PDISC_MM_GPRS;
+ gh->msg_type = GSM48_MT_GMM_RA_UPD_REJ;
+ gh->data[0] = cause;
+ gh->data[1] = 0; /* ? */
+
+ /* Option: P-TMSI signature, allocated P-TMSI, MS ID, ... */
+ return gsm48_gmm_sendmsg(msg, 0);
+}
+
+/* Chapter 9.4.14: Routing area update request */
+static int gsm48_rx_gmm_ra_upd_req(struct msgb *msg)
+{
+ struct gsm48_hdr *gh = (struct gsm48_hdr *) msgb_gmmh(msg);
+ struct sgsn_mm_ctx *mmctx;
+ uint8_t *cur = gh->data;
+ struct gprs_ra_id old_ra_id;
+ uint8_t upd_type;
+
+ /* Update Type 10.5.5.18 */
+ upd_type = *cur++ & 0x0f;
+
+ DEBUGP(DMM, "GMM RA UPDATE REQUEST type=\"%s\" ", upd_name(upd_type));
+
+ /* Old routing area identification 10.5.5.15 */
+ gsm48_parse_ra(&old_ra_id, cur);
+ cur += 6;
+
+ /* MS Radio Access Capability 10.5.5.12a */
+
+ /* Optional: Old P-TMSI Signature, Requested READY timer, TMSI Status,
+ * DRX parameter, MS network capability */
+
+ switch (upd_type) {
+ case GPRS_UPD_T_RA_LA:
+ case GPRS_UPD_T_RA_LA_IMSI_ATT:
+ DEBUGPC(DMM, " unsupported in Mode III, is your SI13 corrupt?\n");
+ return gsm48_tx_gmm_ra_upd_rej(msg, GMM_CAUSE_PROTO_ERR_UNSPEC);
+ break;
+ case GPRS_UPD_T_RA:
+ case GPRS_UPD_T_PERIODIC:
+ break;
+ }
+
+ /* Look-up the MM context based on old RA-ID and TLLI */
+ mmctx = sgsn_mm_ctx_by_tlli(msgb_tlli(msg), &old_ra_id);
+ if (!mmctx || mmctx->mm_state == GMM_DEREGISTERED) {
+ /* The MS has to perform GPRS attach */
+ DEBUGPC(DMM, " REJECT\n");
+ return gsm48_tx_gmm_ra_upd_rej(msg, GMM_CAUSE_IMPL_DETACHED);
+ }
+
+ /* Update the MM context with the new RA-ID */
+ bssgp_parse_cell_id(&mmctx->ra, msgb_bcid(msg));
+ /* Update the MM context with the new TLLI */
+ mmctx->tlli = msgb_tlli(msg);
+ /* FIXME: Update the MM context with the MS radio acc capabilities */
+ /* FIXME: Update the MM context with the MS network capabilities */
+
+ DEBUGPC(DMM, " ACCEPT\n");
+ return gsm48_tx_gmm_ra_upd_ack(msg);
+}
+
+static int gsm48_rx_gmm_status(struct msgb *msg)
+{
+ struct gsm48_hdr *gh = msgb_l3(msg);
+
+ DEBUGP(DMM, "GPRS MM STATUS (cause: %s)\n",
+ get_value_string(gmm_cause_names, gh->data[0]));
+
+ return 0;
+}
+
+/* GPRS Mobility Management */
+static int gsm0408_rcv_gmm(struct msgb *msg)
+{
+ struct gsm48_hdr *gh = (struct gsm48_hdr *) msgb_gmmh(msg);
+ int rc;
+
+ switch (gh->msg_type) {
+ case GSM48_MT_GMM_RA_UPD_REQ:
+ rc = gsm48_rx_gmm_ra_upd_req(msg);
+ break;
+ case GSM48_MT_GMM_ATTACH_REQ:
+ rc = gsm48_rx_gmm_att_req(msg);
+ break;
+ case GSM48_MT_GMM_ID_RESP:
+ rc = gsm48_rx_gmm_id_resp(msg);
+ break;
+ case GSM48_MT_GMM_STATUS:
+ rc = gsm48_rx_gmm_status(msg);
+ break;
+ case GSM48_MT_GMM_RA_UPD_COMPL:
+ /* only in case SGSN offered new P-TMSI */
+ case GSM48_MT_GMM_ATTACH_COMPL:
+ /* only in case SGSN offered new P-TMSI */
+ case GSM48_MT_GMM_DETACH_REQ:
+ case GSM48_MT_GMM_PTMSI_REALL_COMPL:
+ case GSM48_MT_GMM_AUTH_CIPH_RESP:
+ DEBUGP(DMM, "Unimplemented GSM 04.08 GMM msg type 0x%02x\n",
+ gh->msg_type);
+ break;
+ default:
+ DEBUGP(DMM, "Unknown GSM 04.08 GMM msg type 0x%02x\n",
+ gh->msg_type);
+ break;
+ }
+
+ return rc;
+}
+
+static void msgb_put_pdp_addr_ipv4(struct msgb *msg, uint32_t ipaddr)
+{
+ uint8_t v[6];
+
+ v[0] = PDP_TYPE_ORG_IETF;
+ v[1] = PDP_TYPE_N_IETF_IPv4;
+ *(uint32_t *)(v+2) = htonl(ipaddr);
+
+ msgb_tlv_put(msg, GSM48_IE_GSM_PDP_ADDR, sizeof(v), v);
+}
+
+static void msgb_put_pdp_addr_ppp(struct msgb *msg)
+{
+ uint8_t v[2];
+
+ v[0] = PDP_TYPE_ORG_ETSI;
+ v[1] = PDP_TYPE_N_ETSI_PPP;
+
+ msgb_tlv_put(msg, GSM48_IE_GSM_PDP_ADDR, sizeof(v), v);
+}
+
+/* Section 9.5.2: Ativate PDP Context Accept */
+static int gsm48_tx_gsm_act_pdp_acc(struct msgb *old_msg, struct gsm48_act_pdp_ctx_req *req)
+{
+ struct gsm48_hdr *old_gh = (struct gsm48_hdr *) msgb_gmmh(old_msg);
+ struct msgb *msg = gsm48_msgb_alloc();
+ struct gsm48_act_pdp_ctx_ack *act_ack;
+ struct gsm48_hdr *gh;
+ uint8_t transaction_id = ((old_gh->proto_discr >> 4) ^ 0x8); /* flip */
+
+ DEBUGP(DMM, "<- ACTIVATE PDP CONTEXT ACK\n");
+
+ gmm_copy_id(msg, old_msg);
+
+ gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh));
+ gh->proto_discr = GSM48_PDISC_SM_GPRS | (transaction_id << 4);
+ gh->msg_type = GSM48_MT_GSM_ACT_PDP_ACK;
+
+ /* Negotiated LLC SAPI */
+ msgb_v_put(msg, req->req_llc_sapi);
+ /* copy QoS parameters from original request */
+ msgb_lv_put(msg, sizeof(default_qos), (uint8_t *)&default_qos);
+ /* Radio priority 10.5.7.2 */
+ msgb_v_put(msg, 4);
+ /* PDP address */
+ msgb_put_pdp_addr_ipv4(msg, 0x01020304);
+ /* Optional: Protocol configuration options */
+ /* Optional: Packet Flow Identifier */
+
+ return gsm48_gmm_sendmsg(msg, 0);
+}
+
+/* Section 9.5.9: Deactivate PDP Context Accept */
+static int gsm48_tx_gsm_deact_pdp_acc(struct msgb *old_msg)
+{
+ struct gsm48_hdr *old_gh = (struct gsm48_hdr *) msgb_gmmh(old_msg);
+ struct msgb *msg = gsm48_msgb_alloc();
+ struct gsm48_hdr *gh;
+ uint8_t transaction_id = ((old_gh->proto_discr >> 4) ^ 0x8); /* flip */
+
+ DEBUGP(DMM, "<- DEACTIVATE PDP CONTEXT ACK\n");
+
+ gmm_copy_id(msg, old_msg);
+
+ gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh));
+ gh->proto_discr = GSM48_PDISC_SM_GPRS | (transaction_id << 4);
+ gh->msg_type = GSM48_MT_GSM_DEACT_PDP_ACK;
+
+ return gsm48_gmm_sendmsg(msg, 0);
+}
+
+/* Section 9.5.1: Activate PDP Context Request */
+static int gsm48_rx_gsm_act_pdp_req(struct msgb *msg)
+{
+ struct gsm48_hdr *gh = (struct gsm48_hdr *) msgb_gmmh(msg);
+ struct gsm48_act_pdp_ctx_req *act_req = (struct gsm48_act_pdp_ctx_req *) gh->data;
+ uint8_t *pdp_addr_lv = act_req->data;
+ uint8_t req_qos_len, req_pdpa_len;
+ uint8_t *req_qos, *req_pdpa;
+ struct tlv_parsed tp;
+
+ DEBUGP(DMM, "ACTIVATE PDP CONTEXT REQ: ");
+ req_qos_len = act_req->data[0];
+ req_qos = act_req->data + 1; /* 10.5.6.5 */
+ req_pdpa_len = act_req->data[1 + req_qos_len];
+ req_pdpa = act_req->data + 1 + req_qos_len + 1; /* 10.5.6.4 */
+
+ switch (req_pdpa[0] & 0xf) {
+ case 0x0:
+ DEBUGPC(DMM, "ETSI ");
+ break;
+ case 0x1:
+ DEBUGPC(DMM, "IETF ");
+ break;
+ case 0xf:
+ DEBUGPC(DMM, "Empty ");
+ break;
+ }
+
+ switch (req_pdpa[1]) {
+ case 0x21:
+ DEBUGPC(DMM, "IPv4 ");
+ if (req_pdpa_len >= 6) {
+ struct in_addr ia;
+ ia.s_addr = ntohl(*((uint32_t *) (req_pdpa+2)));
+ DEBUGPC(DMM, "%s ", inet_ntoa(ia));
+ }
+ break;
+ case 0x57:
+ DEBUGPC(DMM, "IPv6 ");
+ if (req_pdpa_len >= 18) {
+ /* FIXME: print IPv6 address */
+ }
+ break;
+ default:
+ DEBUGPC(DMM, "0x%02x ", req_pdpa[1]);
+ break;
+ }
+
+ /* FIXME: parse TLV for AP name and protocol config options */
+ if (TLVP_PRESENT(&tp, GSM48_IE_GSM_APN)) {}
+ if (TLVP_PRESENT(&tp, GSM48_IE_GSM_PROTO_CONF_OPT)) {}
+
+ return gsm48_tx_gsm_act_pdp_acc(msg, act_req);
+}
+
+/* Section 9.5.8: Deactivate PDP Context Request */
+static int gsm48_rx_gsm_deact_pdp_req(struct msgb *msg)
+{
+ struct gsm48_hdr *gh = (struct gsm48_hdr *) msgb_gmmh(msg);
+
+ DEBUGP(DMM, "DEACTIVATE PDP CONTEXT REQ (cause: %s)\n",
+ get_value_string(gsm_cause_names, gh->data[0]));
+
+ return gsm48_tx_gsm_deact_pdp_acc(msg);
+}
+
+static int gsm48_rx_gsm_status(struct msgb *msg)
+{
+ struct gsm48_hdr *gh = msgb_l3(msg);
+
+ DEBUGP(DMM, "GPRS SM STATUS (cause: %s)\n",
+ get_value_string(gsm_cause_names, gh->data[0]));
+
+ return 0;
+}
+
+/* GPRS Session Management */
+static int gsm0408_rcv_gsm(struct msgb *msg)
+{
+ struct gsm48_hdr *gh = (struct gsm48_hdr *) msgb_gmmh(msg);
+ int rc;
+
+ switch (gh->msg_type) {
+ case GSM48_MT_GSM_ACT_PDP_REQ:
+ rc = gsm48_rx_gsm_act_pdp_req(msg);
+ break;
+ case GSM48_MT_GSM_DEACT_PDP_REQ:
+ rc = gsm48_rx_gsm_deact_pdp_req(msg);
+ case GSM48_MT_GSM_STATUS:
+ rc = gsm48_rx_gsm_status(msg);
+ break;
+ case GSM48_MT_GSM_REQ_PDP_ACT_REJ:
+ case GSM48_MT_GSM_ACT_AA_PDP_REQ:
+ case GSM48_MT_GSM_DEACT_AA_PDP_REQ:
+ DEBUGP(DMM, "Unimplemented GSM 04.08 GSM msg type 0x%02x\n",
+ gh->msg_type);
+ break;
+ default:
+ DEBUGP(DMM, "Unknown GSM 04.08 GSM msg type 0x%02x\n",
+ gh->msg_type);
+ break;
+
+ }
+
+ return rc;
+}
+
+/* Main entry point for incoming 04.08 GPRS messages */
+int gsm0408_gprs_rcvmsg(struct msgb *msg)
+{
+ struct gsm48_hdr *gh = (struct gsm48_hdr *) msgb_gmmh(msg);
+ uint8_t pdisc = gh->proto_discr & 0x0f;
+ int rc = -EINVAL;
+
+ switch (pdisc) {
+ case GSM48_PDISC_MM_GPRS:
+ rc = gsm0408_rcv_gmm(msg);
+ break;
+ case GSM48_PDISC_SM_GPRS:
+ rc = gsm0408_rcv_gsm(msg);
+ break;
+ default:
+ DEBUGP(DMM, "Unknown GSM 04.08 discriminator 0x%02x\n",
+ pdisc);
+ break;
+ }
+
+ return rc;
+}
diff --git a/openbsc/src/gprs/osmo_gbproxy.cfg b/openbsc/src/gprs/osmo_gbproxy.cfg
new file mode 100644
index 0000000..f2ef141
--- /dev/null
+++ b/openbsc/src/gprs/osmo_gbproxy.cfg
@@ -0,0 +1,13 @@
+!
+! OpenBSC configuration saved from vty
+! !
+!
+line vty
+ no login
+!
+gbproxy
+ nsip bss local port 23000
+ nsip sgsn remote ip 192.168.100.239
+ nsip sgsn remote port 23000
+ nsip sgsn nsei 1
+ nsip sgsn nsvci 11
diff --git a/openbsc/src/gprs/osmo_sgsn.cfg b/openbsc/src/gprs/osmo_sgsn.cfg
new file mode 100644
index 0000000..f39e853
--- /dev/null
+++ b/openbsc/src/gprs/osmo_sgsn.cfg
@@ -0,0 +1,9 @@
+!
+! OpenBSC configuration saved from vty
+! !
+!
+line vty
+ no login
+!
+sgsn
+ nsip local port 23000
diff --git a/openbsc/src/gprs/sgsn_main.c b/openbsc/src/gprs/sgsn_main.c
new file mode 100644
index 0000000..15f760d
--- /dev/null
+++ b/openbsc/src/gprs/sgsn_main.c
@@ -0,0 +1,143 @@
+/* GPRS SGSN Implementation */
+
+/* (C) 2010 by Harald Welte <laforge@gnumonks.org>
+ * (C) 2010 by On Waves
+ * All Rights Reserved
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ */
+
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <getopt.h>
+#include <errno.h>
+#include <sys/fcntl.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
+#include <osmocore/talloc.h>
+#include <osmocore/select.h>
+
+#include <openbsc/signal.h>
+#include <openbsc/debug.h>
+#include <openbsc/telnet_interface.h>
+#include <openbsc/vty.h>
+#include <openbsc/sgsn.h>
+#include <openbsc/gprs_ns.h>
+#include <openbsc/gprs_bssgp.h>
+
+#include "../../bscconfig.h"
+
+/* this is here for the vty... it will never be called */
+void subscr_put() { abort(); }
+
+#define _GNU_SOURCE
+#include <getopt.h>
+
+void *tall_bsc_ctx;
+
+struct gprs_ns_inst *sgsn_nsi;
+
+const char *openbsc_version = "Osmocom NSIP Proxy " PACKAGE_VERSION;
+const char *openbsc_copyright =
+ "Copyright (C) 2010 Harald Welte and On-Waves\n"
+ "Contributions by Daniel Willmann, Jan Lübbe, Stefan Schmidt\n"
+ "Dieter Spaar, Andreas Eversberg, Holger Freyther\n\n"
+ "License GPLv2+: GNU GPL version 2 or later <http://gnu.org/licenses/gpl.html>\n"
+ "This is free software: you are free to change and redistribute it.\n"
+ "There is NO WARRANTY, to the extent permitted by law.\n";
+
+static char *config_file = "osmo_sgsn.cfg";
+static struct sgsn_config sgcfg;
+
+/* call-back function for the NS protocol */
+static int sgsn_ns_cb(enum gprs_ns_evt event, struct gprs_nsvc *nsvc,
+ struct msgb *msg, u_int16_t bvci)
+{
+ int rc = 0;
+
+ switch (event) {
+ case GPRS_NS_EVT_UNIT_DATA:
+ /* hand the message into the BSSGP implementation */
+ rc = gprs_bssgp_rcvmsg(msg);
+ break;
+ default:
+ LOGP(DGPRS, LOGL_ERROR, "SGSN: Unknown event %u from NS\n", event);
+ if (msg)
+ talloc_free(msg);
+ rc = -EIO;
+ break;
+ }
+ return rc;
+}
+
+/* NSI that BSSGP uses when transmitting on NS */
+extern struct gprs_ns_inst *bssgp_nsi;
+
+int main(int argc, char **argv)
+{
+ struct gsm_network dummy_network;
+ struct log_target *stderr_target;
+ struct sockaddr_in sin;
+ int rc;
+
+ tall_bsc_ctx = talloc_named_const(NULL, 0, "osmo_sgsn");
+
+ log_init(&log_info);
+ stderr_target = log_target_create_stderr();
+ log_add_target(stderr_target);
+ log_set_all_filter(stderr_target, 1);
+
+ telnet_init(&dummy_network, 4245);
+ rc = sgsn_parse_config(config_file, &sgcfg);
+ if (rc < 0) {
+ LOGP(DGPRS, LOGL_FATAL, "Cannot parse config file\n");
+ exit(2);
+ }
+
+ sgsn_nsi = gprs_ns_instantiate(&sgsn_ns_cb);
+ if (!sgsn_nsi) {
+ LOGP(DGPRS, LOGL_ERROR, "Unable to instantiate NS\n");
+ exit(1);
+ }
+ bssgp_nsi = sgcfg.nsi = sgsn_nsi;
+ nsip_listen(sgsn_nsi, sgcfg.nsip_listen_port);
+
+ while (1) {
+ rc = bsc_select_main(0);
+ if (rc < 0)
+ exit(3);
+ }
+
+ exit(0);
+}
+
+struct gsm_network;
+int bsc_vty_init(struct gsm_network *dummy)
+{
+ cmd_init(1);
+ vty_init();
+
+ openbsc_vty_add_cmds();
+ sgsn_vty_init();
+ return 0;
+}
+
diff --git a/openbsc/src/gprs/sgsn_vty.c b/openbsc/src/gprs/sgsn_vty.c
new file mode 100644
index 0000000..ec18fcb
--- /dev/null
+++ b/openbsc/src/gprs/sgsn_vty.c
@@ -0,0 +1,146 @@
+/*
+ * (C) 2010 by Harald Welte <laforge@gnumonks.org>
+ * (C) 2010 by On-Waves
+ * All Rights Reserved
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
+#include <osmocore/talloc.h>
+
+#include <openbsc/debug.h>
+#include <openbsc/sgsn.h>
+#include <openbsc/gprs_ns.h>
+
+#include <vty/command.h>
+#include <vty/vty.h>
+
+static struct sgsn_config *g_cfg = NULL;
+
+static struct cmd_node sgsn_node = {
+ SGSN_NODE,
+ "%s(sgsn)#",
+ 1,
+};
+
+static int config_write_sgsn(struct vty *vty)
+{
+ struct in_addr ia;
+
+ vty_out(vty, "sgsn%s", VTY_NEWLINE);
+
+ if (g_cfg->nsip_listen_ip) {
+ ia.s_addr = htonl(g_cfg->nsip_listen_ip);
+ vty_out(vty, " nsip local ip %s%s", inet_ntoa(ia),
+ VTY_NEWLINE);
+ }
+ vty_out(vty, " nsip local port %u%s", g_cfg->nsip_listen_port,
+ VTY_NEWLINE);
+
+ return CMD_SUCCESS;
+}
+
+DEFUN(show_sgsn, show_sgsn_cmd, "show sgsn",
+ SHOW_STR "Display information about the SGSN")
+{
+ /* FIXME: iterate over list of NS-VC's and display their state */
+ struct gprs_ns_inst *nsi = g_cfg->nsi;
+ struct gprs_nsvc *nsvc;
+
+ llist_for_each_entry(nsvc, &nsi->gprs_nsvcs, list) {
+ vty_out(vty, "NSEI %5u, NS-VC %5u, %s-mode, %s %s%s",
+ nsvc->nsei, nsvc->nsvci,
+ nsvc->remote_end_is_sgsn ? "BSS" : "SGSN",
+ nsvc->state & NSE_S_ALIVE ? "ALIVE" : "DEAD",
+ nsvc->state & NSE_S_BLOCKED ? "BLOCKED" : "UNBLOCKED",
+ VTY_NEWLINE);
+ if (nsvc->nsi->ll == GPRS_NS_LL_UDP)
+ vty_out(vty, " remote peer %s:%u%s",
+ inet_ntoa(nsvc->ip.bts_addr.sin_addr),
+ ntohs(nsvc->ip.bts_addr.sin_port), VTY_NEWLINE);
+ }
+
+ return CMD_SUCCESS;
+}
+
+DEFUN(cfg_sgsn,
+ cfg_sgsn_cmd,
+ "sgsn",
+ "Configure the SGSN")
+{
+ vty->node = SGSN_NODE;
+ return CMD_SUCCESS;
+}
+
+
+DEFUN(cfg_nsip_local_ip,
+ cfg_nsip_local_ip_cmd,
+ "nsip local ip A.B.C.D",
+ "Set the IP address on which we listen for BSS connects")
+{
+ struct in_addr ia;
+
+ inet_aton(argv[0], &ia);
+ g_cfg->nsip_listen_ip = ntohl(ia.s_addr);
+
+ return CMD_SUCCESS;
+}
+
+DEFUN(cfg_nsip_local_port,
+ cfg_nsip_local_port_cmd,
+ "nsip local port <0-65534>",
+ "Set the UDP port on which we listen for BSS connects")
+{
+ unsigned int port = atoi(argv[0]);
+
+ g_cfg->nsip_listen_port = port;
+ return CMD_SUCCESS;
+}
+
+
+
+
+int sgsn_vty_init(void)
+{
+ install_element(VIEW_NODE, &show_sgsn_cmd);
+
+ install_element(CONFIG_NODE, &cfg_sgsn_cmd);
+ install_node(&sgsn_node, config_write_sgsn);
+ install_default(SGSN_NODE);
+ install_element(SGSN_NODE, &cfg_nsip_local_ip_cmd);
+ install_element(SGSN_NODE, &cfg_nsip_local_port_cmd);
+
+ return 0;
+}
+
+int sgsn_parse_config(const char *config_file, struct sgsn_config *cfg)
+{
+ int rc;
+
+ g_cfg = cfg;
+ rc = vty_read_config_file(config_file);
+ if (rc < 0) {
+ fprintf(stderr, "Failed to parse the config file: '%s'\n", config_file);
+ return rc;
+ }
+
+ return 0;
+}