Neels Hofmeyr | c4628a3 | 2018-12-07 14:47:34 +0100 | [diff] [blame] | 1 | /* BSSAP/BSSMAP encoding and decoding for MSC */ |
| 2 | /* |
| 3 | * (C) 2019 by sysmocom - s.m.f.c. GmbH <info@sysmocom.de> |
| 4 | * All Rights Reserved |
| 5 | * |
| 6 | * Author: Neels Hofmeyr |
| 7 | * |
| 8 | * SPDX-License-Identifier: GPL-2.0+ |
| 9 | * |
| 10 | * This program is free software; you can redistribute it and/or modify |
| 11 | * it under the terms of the GNU General Public License as published by |
| 12 | * the Free Software Foundation; either version 2 of the License, or |
| 13 | * (at your option) any later version. |
| 14 | * |
| 15 | * This program is distributed in the hope that it will be useful, |
| 16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 18 | * GNU General Public License for more details. |
| 19 | * |
| 20 | * You should have received a copy of the GNU General Public License along |
| 21 | * with this program; if not, write to the Free Software Foundation, Inc., |
| 22 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
| 23 | */ |
| 24 | |
| 25 | #include <osmocom/core/byteswap.h> |
| 26 | |
| 27 | #include <osmocom/crypt/auth.h> |
| 28 | |
| 29 | #include <osmocom/gsm/tlv.h> |
| 30 | #include <osmocom/gsm/gsm0808.h> |
| 31 | #include <osmocom/gsm/mncc.h> |
| 32 | #include <osmocom/gsm/gsm48.h> |
| 33 | |
| 34 | #include <osmocom/msc/debug.h> |
| 35 | #include <osmocom/msc/ran_msg_a.h> |
| 36 | #include <osmocom/msc/sccp_ran.h> |
Pau Espin Pedrol | c9ba754 | 2019-05-07 12:23:49 +0200 | [diff] [blame] | 37 | #include <osmocom/msc/gsm_data.h> |
Neels Hofmeyr | c4628a3 | 2018-12-07 14:47:34 +0100 | [diff] [blame] | 38 | |
| 39 | #define LOG_RAN_A_DEC(RAN_DEC, level, fmt, args...) \ |
| 40 | LOG_RAN_DEC(RAN_DEC, DBSSAP, level, "BSSMAP: " fmt, ## args) |
| 41 | |
| 42 | /* Assumes presence of struct ran_dec *ran_dec and ran_dec_msg.msg_name (set) in the local scope. */ |
| 43 | #define LOG_RAN_A_DEC_MSG(level, fmt, args...) \ |
| 44 | LOG_RAN_DEC(ran_dec, DBSSAP, level, "%s: " fmt, ran_dec_msg.msg_name, ## args) |
| 45 | |
| 46 | #define LOG_RAN_A_ENC(FI, level, fmt, args...) \ |
| 47 | LOG_RAN_ENC(FI, DBSSAP, level, "BSSMAP: " fmt, ## args) |
| 48 | |
| 49 | static int ran_a_decode_l3_compl(struct ran_dec *ran_dec, struct msgb *msg, struct tlv_parsed *tp) |
| 50 | { |
| 51 | struct gsm0808_cell_id_list2 cil; |
| 52 | struct gsm0808_cell_id cell_id; |
| 53 | struct tlv_p_entry *ie_cell_id = TLVP_GET(tp, GSM0808_IE_CELL_IDENTIFIER); |
| 54 | struct tlv_p_entry *ie_l3_info = TLVP_GET(tp, GSM0808_IE_LAYER_3_INFORMATION); |
| 55 | struct ran_msg ran_dec_msg = { |
| 56 | .msg_type = RAN_MSG_COMPL_L3, |
| 57 | .msg_name = "BSSMAP Complete Layer 3", |
| 58 | .compl_l3 = { |
| 59 | .cell_id = &cell_id, |
| 60 | .msg = msg, |
| 61 | }, |
| 62 | }; |
| 63 | int rc; |
| 64 | |
| 65 | if (!ie_cell_id) { |
| 66 | LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Mandatory CELL IDENTIFIER not present, discarding message\n"); |
| 67 | return -EINVAL; |
| 68 | } |
| 69 | if (!ie_l3_info) { |
| 70 | LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Mandatory LAYER 3 INFORMATION not present, discarding message\n"); |
| 71 | return -EINVAL; |
| 72 | } |
| 73 | |
| 74 | /* Parse Cell ID element -- this should yield a cell identifier "list" with 1 element. */ |
| 75 | |
| 76 | rc = gsm0808_dec_cell_id_list2(&cil, ie_cell_id->val, ie_cell_id->len); |
| 77 | if (rc < 0) { |
| 78 | LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Decoding CELL IDENTIFIER gave rc=%d\n", rc); |
| 79 | return -EINVAL; |
| 80 | } |
| 81 | if (cil.id_list_len != 1) { |
| 82 | LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Unable to parse element CELL IDENTIFIER, discarding message\n"); |
| 83 | return -EINVAL; |
| 84 | } |
| 85 | |
| 86 | /* Sanity check the Cell Identity */ |
| 87 | switch (cil.id_discr) { |
| 88 | case CELL_IDENT_WHOLE_GLOBAL: |
| 89 | case CELL_IDENT_LAI_AND_LAC: |
| 90 | case CELL_IDENT_LAC_AND_CI: |
| 91 | case CELL_IDENT_LAC: |
| 92 | break; |
| 93 | |
| 94 | case CELL_IDENT_CI: |
| 95 | case CELL_IDENT_NO_CELL: |
| 96 | case CELL_IDENT_BSS: |
| 97 | default: |
| 98 | LOG_RAN_A_DEC_MSG(LOGL_ERROR, "CELL IDENTIFIER does not specify a LAC, discarding message: %s\n", |
| 99 | gsm0808_cell_id_list_name(&cil)); |
| 100 | return -EINVAL; |
| 101 | } |
| 102 | |
| 103 | cell_id = (struct gsm0808_cell_id){ |
| 104 | .id_discr = cil.id_discr, |
| 105 | .id = cil.id_list[0], |
| 106 | }; |
| 107 | |
| 108 | /* Parse Layer 3 Information element */ |
| 109 | msg->l3h = (uint8_t*)ie_l3_info->val; |
| 110 | msgb_l3trim(msg, ie_l3_info->len); |
| 111 | |
| 112 | if (msgb_l3len(msg) < sizeof(struct gsm48_hdr)) { |
| 113 | LOG_RAN_A_DEC_MSG(LOGL_ERROR, "too short L3 info (%d), discarding message\n", msgb_l3len(msg)); |
| 114 | return -ENODATA; |
| 115 | } |
| 116 | |
| 117 | return ran_decoded(ran_dec, &ran_dec_msg); |
| 118 | } |
| 119 | |
| 120 | static int ran_a_decode_clear_request(struct ran_dec *ran_dec, struct msgb *msg, struct tlv_parsed *tp) |
| 121 | { |
| 122 | struct tlv_p_entry *ie_cause = TLVP_GET(tp, GSM0808_IE_CAUSE); |
| 123 | struct ran_msg ran_dec_msg = { |
| 124 | .msg_type = RAN_MSG_CLEAR_REQUEST, |
| 125 | .msg_name = "BSSMAP Clear Request", |
| 126 | }; |
| 127 | |
| 128 | if (!ie_cause) { |
| 129 | LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Cause code is missing, using GSM0808_CAUSE_EQUIPMENT_FAILURE\n"); |
| 130 | ran_dec_msg.clear_request.bssap_cause = GSM0808_CAUSE_EQUIPMENT_FAILURE; |
| 131 | } else { |
| 132 | ran_dec_msg.clear_request.bssap_cause = ie_cause->val[0]; |
| 133 | } |
| 134 | |
| 135 | return ran_decoded(ran_dec, &ran_dec_msg); |
| 136 | } |
| 137 | |
| 138 | static int ran_a_decode_clear_complete(struct ran_dec *ran_dec, struct msgb *msg, struct tlv_parsed *tp) |
| 139 | { |
| 140 | struct ran_msg ran_dec_msg = { |
| 141 | .msg_type = RAN_MSG_CLEAR_COMPLETE, |
| 142 | .msg_name = "BSSMAP Clear Complete", |
| 143 | }; |
| 144 | return ran_decoded(ran_dec, &ran_dec_msg); |
| 145 | } |
| 146 | |
| 147 | static int ran_a_decode_classmark_update(struct ran_dec *ran_dec, struct msgb *msg, struct tlv_parsed *tp) |
| 148 | { |
| 149 | struct tlv_p_entry *ie_cm2 = TLVP_GET(tp, GSM0808_IE_CLASSMARK_INFORMATION_T2); |
| 150 | struct tlv_p_entry *ie_cm3 = TLVP_GET(tp, GSM0808_IE_CLASSMARK_INFORMATION_T3); |
| 151 | struct osmo_gsm48_classmark cm = {}; |
| 152 | struct ran_msg ran_dec_msg = { |
| 153 | .msg_type = RAN_MSG_CLASSMARK_UPDATE, |
| 154 | .msg_name = "BSSMAP Classmark Update", |
| 155 | .classmark_update = { |
| 156 | .classmark = &cm, |
| 157 | }, |
| 158 | }; |
| 159 | |
| 160 | if (!ie_cm2) { |
| 161 | LOG_RAN_A_DEC_MSG(LOGL_ERROR, "mandatory Classmark Information Type 2 not present, discarding message\n"); |
| 162 | return -EINVAL; |
| 163 | } |
| 164 | |
| 165 | cm.classmark2_len = OSMO_MIN(sizeof(cm.classmark2), ie_cm2->len); |
| 166 | memcpy(&cm.classmark2, ie_cm2->val, cm.classmark2_len); |
| 167 | |
| 168 | if (ie_cm3) { |
| 169 | cm.classmark3_len = OSMO_MIN(sizeof(cm.classmark3), ie_cm3->len); |
| 170 | memcpy(&cm.classmark3, ie_cm3->val, cm.classmark3_len); |
| 171 | } |
| 172 | |
| 173 | return ran_decoded(ran_dec, &ran_dec_msg); |
| 174 | } |
| 175 | |
| 176 | static int ran_a_decode_cipher_mode_complete(struct ran_dec *ran_dec, struct msgb *msg, struct tlv_parsed *tp) |
| 177 | { |
| 178 | struct tlv_p_entry *ie_chosen_encr_alg = TLVP_GET(tp, GSM0808_IE_CHOSEN_ENCR_ALG); |
| 179 | struct tlv_p_entry *ie_l3_msg = TLVP_GET(tp, GSM0808_IE_LAYER_3_MESSAGE_CONTENTS); |
| 180 | int rc; |
| 181 | struct ran_msg ran_dec_msg = { |
| 182 | .msg_type = RAN_MSG_CIPHER_MODE_COMPLETE, |
| 183 | .msg_name = "BSSMAP Ciphering Mode Complete", |
| 184 | }; |
| 185 | |
| 186 | if (ie_chosen_encr_alg) { |
| 187 | uint8_t ie_val = ie_chosen_encr_alg->val[0]; |
| 188 | /* 3GPP TS 48.008 3.2.2.44 Chosen Encryption Algorithm encodes as 1 = no encryption, 2 = A5/1, 4 = A5/3. |
| 189 | * Internally we handle without this weird off-by-one. */ |
| 190 | if (ie_val < 1 || ie_val > 8) |
| 191 | LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Unsupported value for 3.2.2.44 Chosen Encryption Algorithm: %u\n", |
| 192 | ie_val); |
| 193 | else |
| 194 | ran_dec_msg.cipher_mode_complete.alg_id = ie_chosen_encr_alg->val[0]; |
| 195 | } |
| 196 | |
| 197 | rc = ran_decoded(ran_dec, &ran_dec_msg); |
| 198 | |
| 199 | if (ie_l3_msg) { |
| 200 | msg->l3h = (uint8_t*)ie_l3_msg->val; |
| 201 | msgb_l3trim(msg, ie_l3_msg->len); |
| 202 | ran_dec_msg = (struct ran_msg){ |
| 203 | .msg_type = RAN_MSG_DTAP, |
| 204 | .msg_name = "BSSMAP Ciphering Mode Complete (L3 Message Contents)", |
| 205 | .dtap = msg, |
| 206 | }; |
| 207 | ran_decoded(ran_dec, &ran_dec_msg); |
| 208 | } |
| 209 | |
| 210 | return rc; |
| 211 | } |
| 212 | |
| 213 | static int ran_a_decode_cipher_mode_reject(struct ran_dec *ran_dec, struct msgb *msg, struct tlv_parsed *tp) |
| 214 | { |
| 215 | int rc; |
| 216 | struct ran_msg ran_dec_msg = { |
| 217 | .msg_type = RAN_MSG_CIPHER_MODE_REJECT, |
| 218 | .msg_name = "BSSMAP Ciphering Mode Reject", |
| 219 | }; |
| 220 | |
| 221 | rc = gsm0808_get_cipher_reject_cause(tp); |
| 222 | if (rc < 0) { |
| 223 | LOG_RAN_A_DEC_MSG(LOGL_ERROR, "failed to extract Cause\n"); |
| 224 | ran_dec_msg.cipher_mode_reject.bssap_cause = GSM0808_CAUSE_EQUIPMENT_FAILURE; |
| 225 | } else { |
| 226 | ran_dec_msg.cipher_mode_reject.bssap_cause = (enum gsm0808_cause)rc; |
| 227 | } |
| 228 | |
| 229 | return ran_decoded(ran_dec, &ran_dec_msg); |
| 230 | } |
| 231 | |
| 232 | enum mgcp_codecs ran_a_mgcp_codec_from_sc(const struct gsm0808_speech_codec *sc) |
| 233 | { |
| 234 | switch (sc->type) { |
| 235 | case GSM0808_SCT_FR1: |
| 236 | return CODEC_GSM_8000_1; |
| 237 | break; |
| 238 | case GSM0808_SCT_FR2: |
| 239 | return CODEC_GSMEFR_8000_1; |
| 240 | break; |
| 241 | case GSM0808_SCT_FR3: |
| 242 | return CODEC_AMR_8000_1; |
| 243 | break; |
| 244 | case GSM0808_SCT_FR4: |
| 245 | return CODEC_AMRWB_16000_1; |
| 246 | break; |
| 247 | case GSM0808_SCT_FR5: |
| 248 | return CODEC_AMRWB_16000_1; |
| 249 | break; |
| 250 | case GSM0808_SCT_HR1: |
| 251 | return CODEC_GSMHR_8000_1; |
| 252 | break; |
| 253 | case GSM0808_SCT_HR3: |
| 254 | return CODEC_AMR_8000_1; |
| 255 | break; |
| 256 | case GSM0808_SCT_HR4: |
| 257 | return CODEC_AMRWB_16000_1; |
| 258 | break; |
| 259 | case GSM0808_SCT_HR6: |
| 260 | return CODEC_AMRWB_16000_1; |
| 261 | break; |
| 262 | default: |
| 263 | return CODEC_PCMU_8000_1; |
| 264 | break; |
| 265 | } |
| 266 | } |
| 267 | |
| 268 | static int ran_a_decode_assignment_complete(struct ran_dec *ran_dec, struct msgb *msg, struct tlv_parsed *tp) |
| 269 | { |
| 270 | struct tlv_p_entry *ie_aoip_transp_addr = TLVP_GET(tp, GSM0808_IE_AOIP_TRASP_ADDR); |
| 271 | struct tlv_p_entry *ie_speech_codec = TLVP_GET(tp, GSM0808_IE_SPEECH_CODEC); |
Pau Espin Pedrol | a3cdab4 | 2019-05-09 17:54:08 +0200 | [diff] [blame] | 272 | struct tlv_p_entry *ie_osmux_cid = TLVP_GET(tp, GSM0808_IE_OSMO_OSMUX_CID); |
Neels Hofmeyr | c4628a3 | 2018-12-07 14:47:34 +0100 | [diff] [blame] | 273 | struct sockaddr_storage rtp_addr; |
| 274 | struct sockaddr_in *rtp_addr_in; |
| 275 | struct gsm0808_speech_codec sc; |
| 276 | int rc; |
| 277 | struct ran_msg ran_dec_msg = { |
| 278 | .msg_type = RAN_MSG_ASSIGNMENT_COMPLETE, |
| 279 | .msg_name = "BSSMAP Assignment Complete", |
| 280 | }; |
| 281 | |
| 282 | if (ie_aoip_transp_addr) { |
| 283 | /* Decode AoIP transport address element */ |
| 284 | rc = gsm0808_dec_aoip_trasp_addr(&rtp_addr, ie_aoip_transp_addr->val, ie_aoip_transp_addr->len); |
| 285 | if (rc < 0) { |
| 286 | LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Unable to decode AoIP Transport Layer Address\n"); |
| 287 | return -EINVAL; |
| 288 | } |
| 289 | |
| 290 | rtp_addr_in = (struct sockaddr_in*)&rtp_addr; |
| 291 | |
| 292 | if (rtp_addr.ss_family != AF_INET) { |
| 293 | LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Assignment Complete: IE AoIP Transport Address:" |
| 294 | " unsupported addressing scheme (only IPV4 supported)\n"); |
| 295 | return -EINVAL; |
| 296 | } |
| 297 | |
| 298 | if (osmo_sockaddr_str_from_sockaddr_in(&ran_dec_msg.assignment_complete.remote_rtp, rtp_addr_in)) { |
| 299 | LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Assignment Complete: unable to decode remote RTP IP address\n"); |
| 300 | return -EINVAL; |
| 301 | } |
| 302 | } |
| 303 | |
Pau Espin Pedrol | a3cdab4 | 2019-05-09 17:54:08 +0200 | [diff] [blame] | 304 | if (ie_osmux_cid) { |
| 305 | rc = gsm0808_dec_osmux_cid(&ran_dec_msg.assignment_complete.osmux_cid, ie_osmux_cid->val, ie_osmux_cid->len); |
| 306 | if (rc < 0) { |
| 307 | LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Unable to decode Osmux CID\n"); |
| 308 | return -EINVAL; |
| 309 | } |
| 310 | ran_dec_msg.assignment_complete.osmux_present = true; |
| 311 | } |
| 312 | |
Neels Hofmeyr | c4628a3 | 2018-12-07 14:47:34 +0100 | [diff] [blame] | 313 | if (ie_speech_codec) { |
| 314 | /* Decode Speech Codec (Chosen) element */ |
| 315 | rc = gsm0808_dec_speech_codec(&sc, ie_speech_codec->val, ie_speech_codec->len); |
| 316 | if (rc < 0) { |
| 317 | LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Assignment Complete: unable to decode IE Speech Codec (Chosen)" |
| 318 | " (rc=%d).\n", rc); |
| 319 | return -EINVAL; |
| 320 | } |
| 321 | ran_dec_msg.assignment_complete.codec_present = true; |
| 322 | ran_dec_msg.assignment_complete.codec = ran_a_mgcp_codec_from_sc(&sc); |
| 323 | } |
| 324 | |
| 325 | return ran_decoded(ran_dec, &ran_dec_msg); |
| 326 | } |
| 327 | |
| 328 | static int ran_a_decode_assignment_failure(struct ran_dec *ran_dec, struct msgb *msg, struct tlv_parsed *tp) |
| 329 | { |
| 330 | struct tlv_p_entry *ie_cause = TLVP_GET(tp, GSM0808_IE_CAUSE); |
| 331 | struct tlv_p_entry *ie_rr_cause = TLVP_GET(tp, GSM0808_IE_RR_CAUSE); |
| 332 | struct tlv_p_entry *ie_speech_codec_list = TLVP_GET(tp, GSM0808_IE_SPEECH_CODEC_LIST); |
| 333 | struct gsm0808_speech_codec_list scl; |
| 334 | struct ran_msg ran_dec_msg = { |
| 335 | .msg_type = RAN_MSG_ASSIGNMENT_FAILURE, |
| 336 | .msg_name = "BSSMAP Assignment Failure", |
| 337 | .assignment_failure = { |
| 338 | .bssap_cause = GSM0808_CAUSE_EQUIPMENT_FAILURE, |
| 339 | .rr_cause = GSM48_RR_CAUSE_ABNORMAL_UNSPEC, |
| 340 | }, |
| 341 | }; |
| 342 | |
| 343 | if (ie_cause) |
| 344 | ran_dec_msg.assignment_failure.bssap_cause = ie_cause->val[0]; |
| 345 | if (ie_rr_cause) |
| 346 | ran_dec_msg.assignment_failure.rr_cause = ie_rr_cause->val[0]; |
| 347 | |
| 348 | if (ie_speech_codec_list |
| 349 | && gsm0808_dec_speech_codec_list(&scl, ie_speech_codec_list->val, ie_speech_codec_list->len) == 0) |
| 350 | ran_dec_msg.assignment_failure.scl_bss_supported = &scl; |
| 351 | |
| 352 | return ran_decoded(ran_dec, &ran_dec_msg); |
| 353 | } |
| 354 | |
| 355 | static int ran_a_decode_sapi_n_reject(struct ran_dec *ran_dec, struct msgb *msg, struct tlv_parsed *tp) |
| 356 | { |
| 357 | struct tlv_p_entry *ie_cause = TLVP_GET(tp, GSM0808_IE_CAUSE); |
| 358 | struct tlv_p_entry *ie_dlci = TLVP_GET(tp, GSM0808_IE_DLCI); |
| 359 | struct ran_msg ran_dec_msg = { |
| 360 | .msg_type = RAN_MSG_SAPI_N_REJECT, |
| 361 | .msg_name = "BSSMAP SAPI-N Reject", |
| 362 | }; |
| 363 | |
| 364 | /* Note: The MSC code seems not to care about the cause code, but by |
| 365 | * the specification it is mandatory, so we check its presence. See |
| 366 | * also 3GPP TS 48.008 3.2.1.34 SAPI "n" REJECT */ |
| 367 | if (!ie_cause) { |
| 368 | LOG_RAN_A_DEC_MSG(LOGL_ERROR, "SAPI-N Reject: cause code IE is missing, discarding message\n"); |
| 369 | return -EINVAL; |
| 370 | } |
| 371 | ran_dec_msg.sapi_n_reject.bssap_cause = ie_cause->val[0]; |
| 372 | |
| 373 | if (!ie_dlci) { |
| 374 | LOG_RAN_A_DEC_MSG(LOGL_ERROR, "SAPI-N Reject: DLCI IE is missing, discarding message\n"); |
| 375 | return -EINVAL; |
| 376 | } |
| 377 | ran_dec_msg.sapi_n_reject.dlci = ie_dlci->val[0]; |
| 378 | |
| 379 | return ran_decoded(ran_dec, &ran_dec_msg); |
| 380 | } |
| 381 | |
| 382 | static int ran_a_decode_lcls_notification(struct ran_dec *ran_dec, const struct msgb *msg, const struct tlv_parsed *tp) |
| 383 | { |
| 384 | const struct tlv_p_entry *ie_lcls_bss_status = TLVP_GET(tp, GSM0808_IE_LCLS_BSS_STATUS); |
| 385 | const struct tlv_p_entry *ie_lcls_break_req = TLVP_GET(tp, GSM0808_IE_LCLS_BREAK_REQ); |
| 386 | struct ran_msg ran_dec_msg; |
| 387 | |
| 388 | /* Either §3.2.2.119 LCLS-BSS-Status or §3.2.2.120 LCLS-Break-Request shall be present */ |
Vadim Yanitskiy | 18e8b39 | 2019-05-11 04:22:55 +0700 | [diff] [blame] | 389 | if (ie_lcls_bss_status && !ie_lcls_break_req) { |
Neels Hofmeyr | c4628a3 | 2018-12-07 14:47:34 +0100 | [diff] [blame] | 390 | ran_dec_msg = (struct ran_msg){ |
| 391 | .msg_type = RAN_MSG_LCLS_STATUS, |
| 392 | .msg_name = "BSSMAP LCLS Notification (LCLS Status)", |
| 393 | .lcls_status = { |
| 394 | .status = ie_lcls_bss_status->len ? |
| 395 | ie_lcls_bss_status->val[0] : GSM0808_LCLS_STS_NA, |
| 396 | }, |
| 397 | }; |
| 398 | return ran_decoded(ran_dec, &ran_dec_msg); |
Vadim Yanitskiy | 18e8b39 | 2019-05-11 04:22:55 +0700 | [diff] [blame] | 399 | } else if (ie_lcls_break_req && !ie_lcls_bss_status) { |
Neels Hofmeyr | c4628a3 | 2018-12-07 14:47:34 +0100 | [diff] [blame] | 400 | ran_dec_msg = (struct ran_msg){ |
| 401 | .msg_type = RAN_MSG_LCLS_BREAK_REQ, |
| 402 | .msg_name = "BSSMAP LCLS Notification (LCLS Break Req)", |
| 403 | .lcls_break_req = { |
| 404 | .todo = 23, |
| 405 | }, |
| 406 | }; |
| 407 | return ran_decoded(ran_dec, &ran_dec_msg); |
| 408 | } |
| 409 | |
Vadim Yanitskiy | 18e8b39 | 2019-05-11 04:22:55 +0700 | [diff] [blame] | 410 | LOG_RAN_A_DEC(ran_dec, LOGL_ERROR, "Ignoring broken LCLS Notification message\n"); |
Neels Hofmeyr | c4628a3 | 2018-12-07 14:47:34 +0100 | [diff] [blame] | 411 | return -EINVAL; |
| 412 | } |
| 413 | |
| 414 | static int ran_a_decode_handover_required(struct ran_dec *ran_dec, const struct msgb *msg, const struct tlv_parsed *tp) |
| 415 | { |
| 416 | const struct tlv_p_entry *ie_cause = TLVP_GET(tp, GSM0808_IE_CAUSE); |
| 417 | const struct tlv_p_entry *ie_cil = TLVP_GET(tp, GSM0808_IE_CELL_IDENTIFIER_LIST); |
| 418 | struct ran_msg ran_dec_msg = { |
| 419 | .msg_type = RAN_MSG_HANDOVER_REQUIRED, |
| 420 | .msg_name = "BSSMAP Handover Required", |
| 421 | }; |
| 422 | /* On decoding failures, dispatch an invalid RAN_MSG_HANDOVER_REQUIRED so msc_a can pass down a |
| 423 | * BSS_MAP_MSG_HANDOVER_REQUIRED_REJECT message. */ |
| 424 | |
| 425 | if (ie_cause) |
| 426 | ran_dec_msg.handover_required.cause = ie_cause->val[0]; |
| 427 | else |
| 428 | LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Cause IE missing\n"); |
| 429 | |
| 430 | if (!ie_cil |
| 431 | || gsm0808_dec_cell_id_list2(&ran_dec_msg.handover_required.cil, ie_cil->val, ie_cil->len) <= 0) { |
| 432 | LOG_RAN_A_DEC_MSG(LOGL_ERROR, "No or invalid Cell Identifier List IE\n"); |
| 433 | ran_dec_msg.handover_required.cil = (struct gsm0808_cell_id_list2){}; |
| 434 | } |
| 435 | |
| 436 | return ran_decoded(ran_dec, &ran_dec_msg); |
| 437 | } |
| 438 | |
| 439 | static uint8_t a5_encryption_mask_from_gsm0808_chosen_enc_alg(enum gsm0808_chosen_enc_alg val) |
| 440 | { |
| 441 | return 1 << val; |
| 442 | } |
| 443 | |
| 444 | static int ran_a_decode_handover_request(struct ran_dec *ran_dec, const struct msgb *msg, const struct tlv_parsed *tp) |
| 445 | { |
| 446 | struct osmo_gsm48_classmark classmark = {}; |
| 447 | struct ran_msg ran_dec_msg = { |
| 448 | .msg_type = RAN_MSG_HANDOVER_REQUEST, |
| 449 | .msg_name = "BSSMAP Handover Request", |
| 450 | .handover_request = { |
| 451 | .classmark = &classmark, |
| 452 | }, |
| 453 | }; |
| 454 | struct ran_handover_request *r = &ran_dec_msg.handover_request; |
| 455 | |
| 456 | const struct tlv_p_entry *ie_channel_type = TLVP_GET(tp, GSM0808_IE_CHANNEL_TYPE); |
| 457 | const struct tlv_p_entry *ie_encryption_information = TLVP_GET(tp, GSM0808_IE_ENCRYPTION_INFORMATION); |
| 458 | const struct tlv_p_entry *ie_classmark1 = TLVP_GET(tp, GSM0808_IE_CLASSMARK_INFORMATION_TYPE_1); |
| 459 | const struct tlv_p_entry *ie_classmark2 = TLVP_GET(tp, GSM0808_IE_CLASSMARK_INFORMATION_T2); |
| 460 | const struct tlv_p_entry *ie_cell_id_serving = TLVP_GET(&tp[0], GSM0808_IE_CELL_IDENTIFIER); |
| 461 | const struct tlv_p_entry *ie_cell_id_target = TLVP_GET(&tp[1], GSM0808_IE_CELL_IDENTIFIER); |
| 462 | const struct tlv_p_entry *ie_cause = TLVP_GET(tp, GSM0808_IE_CAUSE); |
| 463 | const struct tlv_p_entry *ie_classmark3 = TLVP_GET(tp, GSM0808_IE_CLASSMARK_INFORMATION_T3); |
| 464 | const struct tlv_p_entry *ie_current_channel_type_1 = TLVP_GET(tp, GSM0808_IE_CURRENT_CHANNEL_TYPE_1); |
| 465 | const struct tlv_p_entry *ie_speech_version_used = TLVP_GET(tp, GSM0808_IE_SPEECH_VERSION); |
| 466 | const struct tlv_p_entry *ie_chosen_encr_alg_serving = TLVP_GET(tp, GSM0808_IE_CHOSEN_ENCR_ALG); |
| 467 | const struct tlv_p_entry *ie_old_bss_to_new_bss_info = TLVP_GET(tp, GSM0808_IE_OLD_BSS_TO_NEW_BSS_INFORMATION); |
| 468 | const struct tlv_p_entry *ie_imsi = TLVP_GET(tp, GSM0808_IE_IMSI); |
| 469 | const struct tlv_p_entry *ie_aoip_transp_addr = TLVP_GET(tp, GSM0808_IE_AOIP_TRASP_ADDR); |
| 470 | const struct tlv_p_entry *ie_codec_list_msc_preferred = TLVP_GET(tp, GSM0808_IE_SPEECH_CODEC_LIST); |
| 471 | const struct tlv_p_entry *ie_call_id = TLVP_GET(tp, GSM0808_IE_CALL_ID); |
| 472 | const struct tlv_p_entry *ie_global_call_ref = TLVP_GET(tp, GSM0808_IE_GLOBAL_CALL_REF); |
| 473 | |
| 474 | struct gsm0808_channel_type channel_type; |
| 475 | struct gsm0808_encrypt_info encr_info; |
| 476 | struct gsm0808_speech_codec_list scl; |
| 477 | struct geran_encr geran_encr = {}; |
| 478 | char imsi[OSMO_IMSI_BUF_SIZE]; |
| 479 | struct osmo_sockaddr_str rtp_ran_local; |
| 480 | |
| 481 | if (!ie_channel_type) { |
| 482 | LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Mandatory IE missing: Channel Type\n"); |
| 483 | return -EINVAL; |
| 484 | } |
| 485 | if (gsm0808_dec_channel_type(&channel_type, ie_channel_type->val, ie_channel_type->len) <= 0) { |
| 486 | LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Failed to decode Channel Type IE\n"); |
| 487 | return -EINVAL; |
| 488 | } |
| 489 | r->geran.channel_type = &channel_type; |
| 490 | |
| 491 | if (ie_encryption_information) { |
| 492 | int i; |
| 493 | if (gsm0808_dec_encrypt_info(&encr_info, ie_encryption_information->val, ie_encryption_information->len) |
| 494 | <= 0) { |
| 495 | LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Failed to decode Encryption Informaiton IE\n"); |
| 496 | return -EINVAL; |
| 497 | } |
| 498 | |
| 499 | for (i = 0; i < encr_info.perm_algo_len; i++) { |
| 500 | r->geran.a5_encryption_mask |= |
| 501 | a5_encryption_mask_from_gsm0808_chosen_enc_alg(encr_info.perm_algo[i]); |
| 502 | } |
| 503 | |
| 504 | if (encr_info.key_len > sizeof(geran_encr.key)) { |
| 505 | LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Failed to decode Encryption Informaiton IE:" |
| 506 | " encryption key is too long: %u\n", geran_encr.key_len); |
| 507 | return -EINVAL; |
| 508 | } |
| 509 | |
| 510 | if (encr_info.key_len) { |
| 511 | memcpy(geran_encr.key, encr_info.key, encr_info.key_len); |
| 512 | geran_encr.key_len = encr_info.key_len; |
| 513 | } |
| 514 | |
| 515 | r->geran.chosen_encryption = &geran_encr; |
| 516 | } |
| 517 | |
| 518 | if (!ie_classmark1 && !ie_classmark2) { |
| 519 | LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Mandatory IE missing: either Classmark Information 1" |
| 520 | " or Classmark Information 2 must be included\n"); |
| 521 | return -EINVAL; |
| 522 | } |
| 523 | |
| 524 | if (ie_classmark1) { |
| 525 | if (ie_classmark1->len != sizeof(classmark.classmark1)) { |
| 526 | LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Invalid size for Classmark 1: %u, expected %zu\n", |
| 527 | ie_classmark1->len, sizeof(classmark.classmark1)); |
| 528 | return -EINVAL; |
| 529 | } |
| 530 | memcpy((uint8_t*)&classmark.classmark1, ie_classmark1->val, ie_classmark1->len); |
| 531 | classmark.classmark1_set = true; |
| 532 | } |
| 533 | |
| 534 | if (ie_classmark2) { |
| 535 | uint8_t len = OSMO_MIN(ie_classmark2->len, sizeof(classmark.classmark2)); |
| 536 | memcpy((uint8_t*)&classmark.classmark2, ie_classmark2->val, len); |
| 537 | classmark.classmark2_len = len; |
| 538 | } |
| 539 | |
| 540 | if (!ie_cell_id_serving) { |
| 541 | LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Mandatory IE missing: Cell Identifier (Serving)\n"); |
| 542 | return -EINVAL; |
| 543 | } |
| 544 | if (gsm0808_dec_cell_id(&r->cell_id_serving, ie_cell_id_serving->val, |
| 545 | ie_cell_id_serving->len) <= 0) { |
| 546 | LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Failed to decode Cell Identifier (Serving) IE\n"); |
| 547 | return -EINVAL; |
| 548 | } |
| 549 | |
| 550 | if (!ie_cell_id_target) { |
| 551 | LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Mandatory IE missing: Cell Identifier (Target)\n"); |
| 552 | return -EINVAL; |
| 553 | } |
| 554 | if (gsm0808_dec_cell_id(&r->cell_id_target, ie_cell_id_target->val, |
| 555 | ie_cell_id_target->len) <= 0) { |
| 556 | LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Failed to decode Cell Identifier (Target) IE\n"); |
| 557 | return -EINVAL; |
| 558 | } |
| 559 | |
| 560 | if (ie_cause) |
| 561 | r->bssap_cause = ie_cause->val[0]; |
| 562 | |
| 563 | if (ie_classmark3) { |
| 564 | uint8_t len = OSMO_MIN(ie_classmark3->len, sizeof(classmark.classmark3)); |
| 565 | memcpy(classmark.classmark3, ie_classmark3->val, len); |
| 566 | classmark.classmark3_len = len; |
| 567 | } |
| 568 | |
| 569 | if (ie_current_channel_type_1) { |
| 570 | r->current_channel_type_1 = ie_current_channel_type_1->val[0]; |
| 571 | r->current_channel_type_1_present = true; |
| 572 | } |
| 573 | |
| 574 | if (ie_speech_version_used) { |
| 575 | r->speech_version_used = ie_speech_version_used->val[0]; |
| 576 | } |
| 577 | |
| 578 | if (ie_chosen_encr_alg_serving && ie_chosen_encr_alg_serving->len) { |
| 579 | geran_encr.alg_id = ie_chosen_encr_alg_serving->val[0]; |
| 580 | r->geran.chosen_encryption = &geran_encr; |
| 581 | } |
| 582 | |
| 583 | if (ie_old_bss_to_new_bss_info) { |
| 584 | r->old_bss_to_new_bss_info_raw = ie_old_bss_to_new_bss_info->val; |
| 585 | r->old_bss_to_new_bss_info_raw_len = ie_old_bss_to_new_bss_info->len; |
| 586 | } |
| 587 | |
| 588 | if (ie_imsi) { |
| 589 | gsm48_mi_to_string(imsi, sizeof(imsi), ie_imsi->val, ie_imsi->len); |
| 590 | r->imsi = imsi; |
| 591 | } |
| 592 | |
| 593 | if (ie_aoip_transp_addr) { |
| 594 | do { |
| 595 | struct sockaddr_storage rtp_addr; |
| 596 | if (gsm0808_dec_aoip_trasp_addr(&rtp_addr, ie_aoip_transp_addr->val, ie_aoip_transp_addr->len) < 0) { |
| 597 | LOG_RAN_A_DEC_MSG(LOGL_ERROR, "unable to decode AoIP transport address\n"); |
| 598 | break; |
| 599 | } |
| 600 | if (rtp_addr.ss_family != AF_INET) { |
| 601 | LOG_RAN_A_DEC_MSG(LOGL_ERROR, "IE AoIP Transport Address:" |
| 602 | " unsupported addressing scheme (only IPV4 supported)\n"); |
| 603 | break; |
| 604 | } |
| 605 | if (osmo_sockaddr_str_from_sockaddr_in(&rtp_ran_local, (struct sockaddr_in*)&rtp_addr)) { |
| 606 | LOG_RAN_A_DEC_MSG(LOGL_ERROR, "unable to decode remote RTP IP address\n"); |
| 607 | break; |
| 608 | } |
| 609 | r->rtp_ran_local = &rtp_ran_local; |
| 610 | } while(0); |
| 611 | } |
| 612 | |
| 613 | if (ie_codec_list_msc_preferred |
| 614 | && gsm0808_dec_speech_codec_list(&scl, ie_codec_list_msc_preferred->val, |
| 615 | ie_codec_list_msc_preferred->len) == 0) |
| 616 | r->codec_list_msc_preferred = &scl; |
| 617 | |
| 618 | if (ie_call_id && ie_call_id->len == 4) { |
| 619 | r->call_id = osmo_load32le(ie_call_id->val); |
| 620 | r->call_id_present = true; |
| 621 | } |
| 622 | |
| 623 | if (ie_global_call_ref) { |
| 624 | r->global_call_reference = ie_global_call_ref->val; |
| 625 | r->global_call_reference_len = ie_global_call_ref->len; |
| 626 | } |
| 627 | |
| 628 | return ran_decoded(ran_dec, &ran_dec_msg); |
| 629 | } |
| 630 | |
| 631 | static int ran_a_decode_handover_request_ack(struct ran_dec *ran_dec, const struct msgb *msg, const struct tlv_parsed *tp) |
| 632 | { |
| 633 | struct ran_msg ran_dec_msg = { |
| 634 | .msg_type = RAN_MSG_HANDOVER_REQUEST_ACK, |
| 635 | .msg_name = "BSSMAP Handover Request Acknowledge", |
| 636 | }; |
| 637 | const struct tlv_p_entry *ie_l3_info = TLVP_GET(tp, GSM0808_IE_LAYER_3_INFORMATION); |
| 638 | const struct tlv_p_entry *ie_aoip_transp_addr = TLVP_GET(tp, GSM0808_IE_AOIP_TRASP_ADDR); |
| 639 | const struct tlv_p_entry *ie_speech_codec = TLVP_GET(tp, GSM0808_IE_SPEECH_CODEC); |
| 640 | const struct tlv_p_entry *ie_chosen_channel = TLVP_GET(tp, GSM0808_IE_CHOSEN_CHANNEL); |
| 641 | const struct tlv_p_entry *ie_chosen_encr_alg = TLVP_GET(tp, GSM0808_IE_CHOSEN_ENCR_ALG); |
| 642 | const struct tlv_p_entry *ie_chosen_speech_version = TLVP_GET(tp, GSM0808_IE_SPEECH_VERSION); |
| 643 | |
| 644 | /* On missing mandatory IEs, dispatch an invalid RAN_MSG_HANDOVER_REQUEST_ACK so msc_a can act on the failure. */ |
| 645 | |
| 646 | if (ie_l3_info) { |
| 647 | ran_dec_msg.handover_request_ack.rr_ho_command = ie_l3_info->val; |
| 648 | ran_dec_msg.handover_request_ack.rr_ho_command_len = ie_l3_info->len; |
| 649 | } |
| 650 | |
| 651 | if (ie_chosen_channel) { |
| 652 | ran_dec_msg.handover_request_ack.chosen_channel_present = true; |
| 653 | ran_dec_msg.handover_request_ack.chosen_channel = *ie_chosen_channel->val; |
| 654 | } |
| 655 | |
| 656 | if (ie_chosen_encr_alg) { |
| 657 | ran_dec_msg.handover_request_ack.chosen_encr_alg = *ie_chosen_encr_alg->val; |
| 658 | if (ran_dec_msg.handover_request_ack.chosen_encr_alg < 1 |
| 659 | || ran_dec_msg.handover_request_ack.chosen_encr_alg > 8) { |
| 660 | LOG_RAN_A_DEC_MSG(LOGL_ERROR, "invalid Chosen Encryption Algorithm: %u\n", |
| 661 | ran_dec_msg.handover_request_ack.chosen_encr_alg); |
| 662 | } |
| 663 | } |
| 664 | |
| 665 | if (ie_chosen_speech_version) { |
| 666 | struct gsm0808_speech_codec sc; |
| 667 | ran_dec_msg.handover_request_ack.chosen_speech_version = ie_chosen_speech_version->val[0]; |
| 668 | |
| 669 | /* the codec may be extrapolated from this Speech Version or below from Speech Codec */ |
| 670 | gsm0808_speech_codec_from_chan_type(&sc, ran_dec_msg.handover_request_ack.chosen_speech_version); |
| 671 | ran_dec_msg.handover_request_ack.codec_present = true; |
| 672 | ran_dec_msg.handover_request_ack.codec = ran_a_mgcp_codec_from_sc(&sc); |
| 673 | } |
| 674 | |
| 675 | if (ie_aoip_transp_addr) { |
| 676 | do { |
| 677 | struct sockaddr_storage rtp_addr; |
| 678 | if (gsm0808_dec_aoip_trasp_addr(&rtp_addr, ie_aoip_transp_addr->val, ie_aoip_transp_addr->len) < 0) { |
| 679 | LOG_RAN_A_DEC_MSG(LOGL_ERROR, "unable to decode AoIP transport address\n"); |
| 680 | break; |
| 681 | } |
| 682 | if (rtp_addr.ss_family != AF_INET) { |
| 683 | LOG_RAN_A_DEC_MSG(LOGL_ERROR, "IE AoIP Transport Address:" |
| 684 | " unsupported addressing scheme (only IPV4 supported)\n"); |
| 685 | break; |
| 686 | } |
| 687 | if (osmo_sockaddr_str_from_sockaddr_in(&ran_dec_msg.handover_request_ack.remote_rtp, |
| 688 | (struct sockaddr_in*)&rtp_addr)) { |
| 689 | LOG_RAN_A_DEC_MSG(LOGL_ERROR, "unable to decode remote RTP IP address\n"); |
| 690 | ran_dec_msg.handover_request_ack.remote_rtp = (struct osmo_sockaddr_str){}; |
| 691 | break; |
| 692 | } |
| 693 | } while(0); |
| 694 | } |
| 695 | |
| 696 | if (ie_speech_codec) { |
| 697 | struct gsm0808_speech_codec sc; |
| 698 | if (gsm0808_dec_speech_codec(&sc, ie_speech_codec->val, ie_speech_codec->len) < 0) |
| 699 | LOG_RAN_A_DEC_MSG(LOGL_ERROR, "unable to decode IE Speech Codec (Chosen)\n"); |
| 700 | else { |
| 701 | /* the codec may be extrapolated from above Speech Version or from this Speech Codec */ |
| 702 | ran_dec_msg.handover_request_ack.codec_present = true; |
| 703 | ran_dec_msg.handover_request_ack.codec = ran_a_mgcp_codec_from_sc(&sc); |
| 704 | } |
| 705 | } |
| 706 | |
| 707 | return ran_decoded(ran_dec, &ran_dec_msg); |
| 708 | } |
| 709 | |
| 710 | static int ran_a_decode_handover_detect(struct ran_dec *ran_dec, const struct msgb *msg, const struct tlv_parsed *tp) |
| 711 | { |
| 712 | struct ran_msg ran_dec_msg = { |
| 713 | .msg_type = RAN_MSG_HANDOVER_DETECT, |
| 714 | .msg_name = "BSSMAP Handover Detect", |
| 715 | }; |
| 716 | |
| 717 | return ran_decoded(ran_dec, &ran_dec_msg); |
| 718 | } |
| 719 | |
| 720 | static int ran_a_decode_handover_succeeded(struct ran_dec *ran_dec, const struct msgb *msg, const struct tlv_parsed *tp) |
| 721 | { |
| 722 | struct ran_msg ran_dec_msg = { |
| 723 | .msg_type = RAN_MSG_HANDOVER_SUCCEEDED, |
| 724 | .msg_name = "BSSMAP Handover Succeeded", |
| 725 | }; |
| 726 | |
| 727 | return ran_decoded(ran_dec, &ran_dec_msg); |
| 728 | } |
| 729 | |
| 730 | static int ran_a_decode_handover_complete(struct ran_dec *ran_dec, const struct msgb *msg, const struct tlv_parsed *tp) |
| 731 | { |
| 732 | struct ran_msg ran_dec_msg = { |
| 733 | .msg_type = RAN_MSG_HANDOVER_COMPLETE, |
| 734 | .msg_name = "BSSMAP Handover Complete", |
| 735 | }; |
| 736 | |
| 737 | return ran_decoded(ran_dec, &ran_dec_msg); |
| 738 | } |
| 739 | |
| 740 | static int ran_a_decode_handover_failure(struct ran_dec *ran_dec, const struct msgb *msg, const struct tlv_parsed *tp) |
| 741 | { |
| 742 | struct ran_msg ran_dec_msg = { |
| 743 | .msg_type = RAN_MSG_HANDOVER_FAILURE, |
| 744 | .msg_name = "BSSMAP Handover Failure", |
| 745 | }; |
| 746 | |
| 747 | return ran_decoded(ran_dec, &ran_dec_msg); |
| 748 | } |
| 749 | |
| 750 | static int ran_a_decode_bssmap(struct ran_dec *ran_dec, struct msgb *bssmap) |
| 751 | { |
| 752 | struct tlv_parsed tp[2]; |
| 753 | int rc; |
| 754 | struct bssmap_header *h = msgb_l2(bssmap); |
| 755 | uint8_t msg_type; |
| 756 | bssmap->l3h = bssmap->l2h + sizeof(*h); |
| 757 | |
| 758 | if (msgb_l3len(bssmap) < 1) { |
| 759 | LOG_RAN_A_DEC(ran_dec, LOGL_ERROR, "No data received, discarding message\n"); |
| 760 | return -1; |
| 761 | } |
| 762 | |
| 763 | if (msgb_l3len(bssmap) < h->length) { |
| 764 | LOG_RAN_A_DEC(ran_dec, LOGL_ERROR, "BSSMAP data truncated, discarding message\n"); |
| 765 | return -1; |
| 766 | } |
| 767 | |
| 768 | if (msgb_l3len(bssmap) > h->length) { |
| 769 | LOG_RAN_A_DEC(ran_dec, LOGL_NOTICE, "There are %u extra bytes after the BSSMAP data, truncating\n", |
| 770 | msgb_l3len(bssmap) - h->length); |
| 771 | msgb_l3trim(bssmap, h->length); |
| 772 | } |
| 773 | |
| 774 | /* h->type == BSSAP_MSG_BSS_MANAGEMENT; h->length is the data length, |
| 775 | * which starts with the MAP msg_type, followed by IEs. */ |
| 776 | msg_type = bssmap->l3h[0]; |
| 777 | rc = osmo_bssap_tlv_parse2(tp, ARRAY_SIZE(tp), bssmap->l3h + 1, h->length - 1); |
| 778 | if (rc < 0) { |
| 779 | LOG_RAN_A_DEC(ran_dec, LOGL_ERROR, "Failed parsing TLV, discarding message\n"); |
| 780 | return -EINVAL; |
| 781 | } |
| 782 | |
| 783 | LOG_RAN_A_DEC(ran_dec, LOGL_DEBUG, "Rx BSSMAP DT1 %s\n", gsm0808_bssmap_name(msg_type)); |
| 784 | |
| 785 | switch (msg_type) { |
| 786 | case BSS_MAP_MSG_COMPLETE_LAYER_3: |
| 787 | return ran_a_decode_l3_compl(ran_dec, bssmap, tp); |
| 788 | case BSS_MAP_MSG_CLEAR_RQST: |
| 789 | return ran_a_decode_clear_request(ran_dec, bssmap, tp); |
| 790 | case BSS_MAP_MSG_CLEAR_COMPLETE: |
| 791 | return ran_a_decode_clear_complete(ran_dec, bssmap, tp); |
| 792 | case BSS_MAP_MSG_CLASSMARK_UPDATE: |
| 793 | return ran_a_decode_classmark_update(ran_dec, bssmap, tp); |
| 794 | case BSS_MAP_MSG_CIPHER_MODE_COMPLETE: |
| 795 | return ran_a_decode_cipher_mode_complete(ran_dec, bssmap, tp); |
| 796 | case BSS_MAP_MSG_CIPHER_MODE_REJECT: |
| 797 | return ran_a_decode_cipher_mode_reject(ran_dec, bssmap, tp); |
| 798 | case BSS_MAP_MSG_ASSIGMENT_COMPLETE: |
| 799 | rc = ran_a_decode_assignment_complete(ran_dec, bssmap, tp); |
| 800 | if (rc < 0) { |
| 801 | struct ran_msg ran_dec_msg = { |
| 802 | .msg_type = RAN_MSG_ASSIGNMENT_FAILURE, |
| 803 | .msg_name = "BSSMAP Assignment Complete but failed to decode", |
| 804 | .clear_request = { |
| 805 | .bssap_cause = GSM0808_CAUSE_EQUIPMENT_FAILURE, |
| 806 | }, |
| 807 | }; |
| 808 | ran_decoded(ran_dec, &ran_dec_msg); |
| 809 | } |
| 810 | return rc; |
| 811 | case BSS_MAP_MSG_ASSIGMENT_FAILURE: |
| 812 | return ran_a_decode_assignment_failure(ran_dec, bssmap, tp); |
| 813 | case BSS_MAP_MSG_SAPI_N_REJECT: |
| 814 | return ran_a_decode_sapi_n_reject(ran_dec, bssmap, tp); |
| 815 | case BSS_MAP_MSG_LCLS_NOTIFICATION: |
| 816 | return ran_a_decode_lcls_notification(ran_dec, bssmap, tp); |
| 817 | |
| 818 | /* From current RAN peer, the Handover origin: */ |
| 819 | case BSS_MAP_MSG_HANDOVER_REQUIRED: |
| 820 | return ran_a_decode_handover_required(ran_dec, bssmap, tp); |
| 821 | |
| 822 | /* From current MSC to remote handover target MSC */ |
| 823 | case BSS_MAP_MSG_HANDOVER_RQST: |
| 824 | return ran_a_decode_handover_request(ran_dec, bssmap, tp); |
| 825 | |
| 826 | /* From potential new RAN peer, the Handover target: */ |
| 827 | case BSS_MAP_MSG_HANDOVER_RQST_ACKNOWLEDGE: |
| 828 | return ran_a_decode_handover_request_ack(ran_dec, bssmap, tp); |
| 829 | case BSS_MAP_MSG_HANDOVER_DETECT: |
| 830 | return ran_a_decode_handover_detect(ran_dec, bssmap, tp); |
| 831 | case BSS_MAP_MSG_HANDOVER_SUCCEEDED: |
| 832 | return ran_a_decode_handover_succeeded(ran_dec, bssmap, tp); |
| 833 | case BSS_MAP_MSG_HANDOVER_COMPLETE: |
| 834 | return ran_a_decode_handover_complete(ran_dec, bssmap, tp); |
| 835 | |
| 836 | /* From any Handover peer: */ |
| 837 | case BSS_MAP_MSG_HANDOVER_FAILURE: |
| 838 | return ran_a_decode_handover_failure(ran_dec, bssmap, tp); |
| 839 | |
| 840 | default: |
| 841 | LOG_RAN_A_DEC(ran_dec, LOGL_ERROR, "Unimplemented msg type: %s\n", gsm0808_bssmap_name(msg_type)); |
| 842 | return -EINVAL; |
| 843 | } |
| 844 | |
| 845 | return -EINVAL; |
| 846 | } |
| 847 | |
| 848 | static int ran_a_decode_l3(struct ran_dec *ran_dec, struct msgb *l3) |
| 849 | { |
| 850 | struct dtap_header *dtap = msgb_l2(l3); |
| 851 | struct ran_msg ran_dec_msg = { |
| 852 | .msg_type = RAN_MSG_DTAP, |
| 853 | .msg_name = "BSSAP DTAP", |
| 854 | .dtap = l3, |
| 855 | }; |
| 856 | l3->l3h = l3->l2h + sizeof(struct dtap_header); |
| 857 | OMSC_LINKID_CB(l3) = dtap->link_id; |
| 858 | return ran_decoded(ran_dec, &ran_dec_msg); |
| 859 | } |
| 860 | |
| 861 | int ran_a_decode_l2(struct ran_dec *ran_dec, struct msgb *bssap) |
| 862 | { |
| 863 | uint8_t bssap_type; |
| 864 | OSMO_ASSERT(bssap); |
| 865 | |
| 866 | if (!msgb_l2(bssap) || !msgb_l2len(bssap)) { |
| 867 | LOG_RAN_A_DEC(ran_dec, LOGL_ERROR, "Cannot decode L2, msg->l2h is unset / empty: %s\n", |
| 868 | msgb_hexdump(bssap)); |
| 869 | return -EINVAL; |
| 870 | } |
| 871 | |
| 872 | if (msgb_l2len(bssap) < sizeof(struct bssmap_header)) { |
| 873 | LOG_RAN_A_DEC(ran_dec, LOGL_ERROR, "The header is too short -- discarding message\n"); |
| 874 | return -EINVAL; |
| 875 | } |
| 876 | |
| 877 | bssap_type = bssap->l2h[0]; |
| 878 | switch (bssap_type) { |
| 879 | case BSSAP_MSG_BSS_MANAGEMENT: |
| 880 | return ran_a_decode_bssmap(ran_dec, bssap); |
| 881 | case BSSAP_MSG_DTAP: |
| 882 | return ran_a_decode_l3(ran_dec, bssap); |
| 883 | default: |
| 884 | LOG_RAN_A_DEC(ran_dec, LOGL_ERROR, "Unimplemented BSSAP msg type: %s\n", gsm0808_bssap_name(bssap_type)); |
| 885 | return -EINVAL; |
| 886 | } |
| 887 | } |
| 888 | |
| 889 | static struct msgb *ran_a_wrap_dtap(struct msgb *dtap) |
| 890 | { |
| 891 | struct msgb *an_apdu; |
| 892 | dtap->l3h = dtap->data; |
| 893 | an_apdu = gsm0808_create_dtap(dtap, OMSC_LINKID_CB(dtap)); |
| 894 | an_apdu->l2h = an_apdu->data; |
| 895 | msgb_free(dtap); |
| 896 | return an_apdu; |
| 897 | } |
| 898 | |
| 899 | static int ran_a_channel_type_to_speech_codec_list(struct gsm0808_speech_codec_list *scl, const struct gsm0808_channel_type *ct) |
| 900 | { |
| 901 | unsigned int i; |
| 902 | int rc; |
| 903 | |
| 904 | memset(scl, 0, sizeof(*scl)); |
| 905 | for (i = 0; i < ct->perm_spch_len; i++) { |
| 906 | rc = gsm0808_speech_codec_from_chan_type(&scl->codec[i], ct->perm_spch[i]); |
| 907 | if (rc != 0) |
| 908 | return -EINVAL; |
| 909 | } |
| 910 | scl->len = i; |
| 911 | |
| 912 | return 0; |
| 913 | } |
| 914 | |
Pau Espin Pedrol | a3cdab4 | 2019-05-09 17:54:08 +0200 | [diff] [blame] | 915 | static void _gsm0808_assignment_extend_osmux(struct msgb *msg, uint8_t cid) |
| 916 | { |
| 917 | OSMO_ASSERT(msg->l3h[1] == msgb_l3len(msg) - 2); /*TL not in len */ |
| 918 | msgb_tv_put(msg, GSM0808_IE_OSMO_OSMUX_CID, cid); |
| 919 | msg->l3h[1] = msgb_l3len(msg) - 2; |
| 920 | } |
| 921 | |
Neels Hofmeyr | c4628a3 | 2018-12-07 14:47:34 +0100 | [diff] [blame] | 922 | /* Compose a BSSAP Assignment Command. |
| 923 | * Passing an RTP address is optional. |
| 924 | * The msub is passed merely for error logging. */ |
| 925 | static struct msgb *ran_a_make_assignment_command(struct osmo_fsm_inst *log_fi, |
| 926 | const struct ran_assignment_command *ac) |
| 927 | { |
| 928 | struct gsm0808_speech_codec_list scl; |
| 929 | struct gsm0808_speech_codec_list *use_scl = NULL; |
| 930 | struct sockaddr_storage rtp_addr; |
| 931 | struct sockaddr_storage *use_rtp_addr = NULL; |
Pau Espin Pedrol | a3cdab4 | 2019-05-09 17:54:08 +0200 | [diff] [blame] | 932 | struct msgb *msg; |
Neels Hofmeyr | c4628a3 | 2018-12-07 14:47:34 +0100 | [diff] [blame] | 933 | int rc; |
| 934 | |
| 935 | if (!ac->channel_type) { |
| 936 | LOG_RAN_A_ENC(log_fi, LOGL_ERROR, "Assignment Command: missing Channel Type\n"); |
| 937 | return NULL; |
| 938 | } |
| 939 | |
| 940 | if (ac->channel_type->ch_indctr == GSM0808_CHAN_SPEECH) { |
| 941 | rc = ran_a_channel_type_to_speech_codec_list(&scl, ac->channel_type); |
| 942 | if (rc < 0) { |
| 943 | LOG_RAN_A_ENC(log_fi, LOGL_ERROR, "Assignment Command: Cannot translate Channel Type to Speech Codec List\n"); |
| 944 | return NULL; |
| 945 | } |
| 946 | use_scl = &scl; |
| 947 | |
| 948 | /* Package RTP-Address data */ |
| 949 | if (osmo_sockaddr_str_is_set(ac->cn_rtp)) { |
| 950 | struct sockaddr_in rtp_addr_in; |
| 951 | |
| 952 | memset(&rtp_addr_in, 0, sizeof(rtp_addr_in)); |
| 953 | rtp_addr_in.sin_family = AF_INET; |
| 954 | rtp_addr_in.sin_port = osmo_htons(ac->cn_rtp->port), |
| 955 | rtp_addr_in.sin_addr.s_addr = inet_addr(ac->cn_rtp->ip); |
| 956 | |
| 957 | if (rtp_addr_in.sin_addr.s_addr == INADDR_NONE) { |
| 958 | LOG_RAN_A_ENC(log_fi, LOGL_ERROR, "Assignment Command: Invalid RTP-Address\n"); |
| 959 | return NULL; |
| 960 | } |
| 961 | if (rtp_addr_in.sin_port == 0) { |
| 962 | LOG_RAN_A_ENC(log_fi, LOGL_ERROR, "Assignment Command: Invalid RTP-Port\n"); |
| 963 | return NULL; |
| 964 | } |
| 965 | |
| 966 | memset(&rtp_addr, 0, sizeof(rtp_addr)); |
| 967 | memcpy(&rtp_addr, &rtp_addr_in, sizeof(rtp_addr_in)); |
| 968 | |
| 969 | use_rtp_addr = &rtp_addr; |
| 970 | } |
| 971 | } |
| 972 | |
Pau Espin Pedrol | a3cdab4 | 2019-05-09 17:54:08 +0200 | [diff] [blame] | 973 | msg = gsm0808_create_ass(ac->channel_type, NULL, use_rtp_addr, use_scl, NULL); |
| 974 | if (ac->osmux_present) |
| 975 | _gsm0808_assignment_extend_osmux(msg, ac->osmux_cid); |
| 976 | return msg; |
Neels Hofmeyr | c4628a3 | 2018-12-07 14:47:34 +0100 | [diff] [blame] | 977 | } |
| 978 | |
| 979 | /* For an A5/N number a5_n set dst to the matching GSM0808_ALG_ID_A5_<n>. */ |
| 980 | static int a5_n_to_gsm0808_chosen_enc_alg(uint8_t *dst, int a5_n) |
| 981 | { |
| 982 | switch (a5_n) { |
| 983 | case 0: |
| 984 | *dst = GSM0808_ALG_ID_A5_0; |
| 985 | return 0; |
| 986 | case 1: |
| 987 | *dst = GSM0808_ALG_ID_A5_1; |
| 988 | return 0; |
| 989 | case 2: |
| 990 | *dst = GSM0808_ALG_ID_A5_2; |
| 991 | return 0; |
| 992 | case 3: |
| 993 | *dst = GSM0808_ALG_ID_A5_3; |
| 994 | return 0; |
| 995 | default: |
| 996 | return -ENOTSUP; |
| 997 | } |
| 998 | } |
| 999 | |
| 1000 | static int make_encrypt_info_perm_algo(struct osmo_fsm_inst *fi, struct gsm0808_encrypt_info *ei, |
| 1001 | uint8_t a5_encryption_mask, const struct osmo_gsm48_classmark *cm) |
| 1002 | { |
| 1003 | int i; |
| 1004 | int j = 0; |
| 1005 | for (i = 0; i < 8; i++) { |
| 1006 | int supported; |
| 1007 | |
| 1008 | /* A5/n permitted by osmo-msc.cfg? */ |
| 1009 | if (!(a5_encryption_mask & (1 << i))) |
| 1010 | continue; |
| 1011 | |
| 1012 | /* A5/n supported by MS? */ |
| 1013 | supported = osmo_gsm48_classmark_supports_a5(cm, i); |
| 1014 | if (supported != 1) |
| 1015 | continue; |
| 1016 | |
| 1017 | if (a5_n_to_gsm0808_chosen_enc_alg(&ei->perm_algo[j], i)) { |
| 1018 | LOG_RAN_A_ENC(fi, LOGL_ERROR, "Not supported: A5/%d algorithm\n", i); |
| 1019 | return -1; |
| 1020 | } |
| 1021 | j++; |
| 1022 | ei->perm_algo_len = j; |
| 1023 | } |
| 1024 | return 0; |
| 1025 | } |
| 1026 | |
| 1027 | /* For ran_a_make_cipher_mode_command(), for |
| 1028 | * memcpy(ei.key, cm->vec->kc, sizeof(cm->vec->kc)); |
| 1029 | */ |
| 1030 | osmo_static_assert(sizeof(((struct gsm0808_encrypt_info*)0)->key) >= sizeof(((struct osmo_auth_vector*)0)->kc), |
| 1031 | gsm0808_encrypt_info_key_fits_osmo_auth_vec_kc); |
| 1032 | static struct msgb *ran_a_make_cipher_mode_command(struct osmo_fsm_inst *fi, const struct ran_cipher_mode_command *cm) |
| 1033 | { |
| 1034 | struct gsm0808_encrypt_info ei = {}; |
| 1035 | char buf[16 * 2 + 1]; |
| 1036 | const uint8_t cipher_response_mode = 1; |
| 1037 | |
| 1038 | if (make_encrypt_info_perm_algo(fi, &ei, cm->geran.a5_encryption_mask, cm->classmark)) |
| 1039 | return NULL; |
| 1040 | |
| 1041 | if (ei.perm_algo_len == 0) { |
| 1042 | LOG_RAN_A_ENC(fi, LOGL_ERROR, "cannot start ciphering, no intersection between MSC-configured" |
| 1043 | " and MS-supported A5 algorithms. MSC: 0x%02x MS: %s\n", |
| 1044 | cm->geran.a5_encryption_mask, osmo_gsm48_classmark_a5_name(cm->classmark)); |
| 1045 | return NULL; |
| 1046 | } |
| 1047 | |
| 1048 | /* In case of UMTS AKA, the Kc for ciphering must be derived from the 3G auth |
| 1049 | * tokens. vec->kc was calculated from the GSM algorithm and is not |
| 1050 | * necessarily a match for the UMTS AKA tokens. */ |
| 1051 | if (cm->geran.umts_aka) |
| 1052 | osmo_auth_c3(ei.key, cm->vec->ck, cm->vec->ik); |
| 1053 | else |
| 1054 | memcpy(ei.key, cm->vec->kc, sizeof(cm->vec->kc)); |
| 1055 | ei.key_len = sizeof(cm->vec->kc); |
| 1056 | |
| 1057 | /* Store chosen GERAN key where the caller asked it to be stored. |
| 1058 | * alg_id remains unknown until we receive a Cipher Mode Complete from the BSC */ |
| 1059 | if (cm->geran.chosen_key) { |
| 1060 | if (ei.key_len > sizeof(cm->geran.chosen_key->key)) { |
| 1061 | LOG_RAN_A_ENC(fi, LOGL_ERROR, "Chosen key is larger than I can store\n"); |
| 1062 | return NULL; |
| 1063 | } |
| 1064 | memcpy(cm->geran.chosen_key->key, ei.key, ei.key_len); |
| 1065 | cm->geran.chosen_key->key_len = ei.key_len; |
| 1066 | } |
| 1067 | |
| 1068 | LOG_RAN_A_ENC(fi, LOGL_DEBUG, "Tx BSSMAP CIPHER MODE COMMAND to BSC, %u ciphers (%s) key %s\n", |
| 1069 | ei.perm_algo_len, osmo_hexdump_nospc(ei.perm_algo, ei.perm_algo_len), |
| 1070 | osmo_hexdump_buf(buf, sizeof(buf), ei.key, ei.key_len, NULL, false)); |
| 1071 | return gsm0808_create_cipher(&ei, cm->geran.retrieve_imeisv ? &cipher_response_mode : NULL); |
| 1072 | } |
| 1073 | |
| 1074 | struct msgb *ran_a_make_handover_request(struct osmo_fsm_inst *log_fi, const struct ran_handover_request *n) |
| 1075 | { |
| 1076 | struct sockaddr_storage ss; |
| 1077 | struct gsm0808_handover_request r = { |
| 1078 | .cell_identifier_serving = n->cell_id_serving, |
| 1079 | .cell_identifier_target = n->cell_id_target, |
| 1080 | .cause = n->bssap_cause, |
| 1081 | .current_channel_type_1_present = n->current_channel_type_1_present, |
| 1082 | .current_channel_type_1 = n->current_channel_type_1, |
| 1083 | |
| 1084 | .speech_version_used = n->speech_version_used, |
| 1085 | |
Neels Hofmeyr | c4628a3 | 2018-12-07 14:47:34 +0100 | [diff] [blame] | 1086 | .old_bss_to_new_bss_info_raw = n->old_bss_to_new_bss_info_raw, |
| 1087 | .old_bss_to_new_bss_info_raw_len = n->old_bss_to_new_bss_info_raw_len, |
| 1088 | |
| 1089 | .imsi = n->imsi, |
| 1090 | .codec_list_msc_preferred = n->codec_list_msc_preferred, |
| 1091 | .call_id = n->call_id, |
| 1092 | .global_call_reference = n->global_call_reference, |
| 1093 | .global_call_reference_len = n->global_call_reference_len, |
| 1094 | }; |
| 1095 | |
| 1096 | if (!n->geran.channel_type) { |
| 1097 | LOG_RAN_A_ENC(log_fi, LOGL_ERROR, "Channel Type required for encoding Handover Request in BSSAP\n"); |
| 1098 | return NULL; |
| 1099 | } |
| 1100 | r.channel_type = *n->geran.channel_type; |
| 1101 | |
| 1102 | /* Encryption Information */ |
| 1103 | make_encrypt_info_perm_algo(log_fi, &r.encryption_information, n->geran.a5_encryption_mask, n->classmark); |
| 1104 | if (n->geran.chosen_encryption && n->geran.chosen_encryption->key_len) { |
Vadim Yanitskiy | 444771d | 2019-05-11 04:46:24 +0700 | [diff] [blame] | 1105 | /* Prevent both source / destination buffer overrun / overflow */ |
| 1106 | if (n->geran.chosen_encryption->key_len > sizeof(r.encryption_information.key) |
| 1107 | || n->geran.chosen_encryption->key_len > sizeof(n->geran.chosen_encryption->key)) { |
Neels Hofmeyr | c4628a3 | 2018-12-07 14:47:34 +0100 | [diff] [blame] | 1108 | LOG_RAN_A_ENC(log_fi, LOGL_ERROR, "Handover Request: invalid chosen encryption key size %u\n", |
| 1109 | n->geran.chosen_encryption->key_len); |
| 1110 | return NULL; |
| 1111 | } |
| 1112 | memcpy(r.encryption_information.key, |
| 1113 | n->geran.chosen_encryption->key, n->geran.chosen_encryption->key_len); |
| 1114 | r.encryption_information.key_len = n->geran.chosen_encryption->key_len; |
Vadim Yanitskiy | bfe8eb7 | 2019-05-11 03:52:28 +0700 | [diff] [blame] | 1115 | r.chosen_encryption_algorithm_serving = n->geran.chosen_encryption->alg_id; |
Neels Hofmeyr | c4628a3 | 2018-12-07 14:47:34 +0100 | [diff] [blame] | 1116 | } |
| 1117 | |
| 1118 | if (n->classmark) |
| 1119 | r.classmark_information = *n->classmark; |
| 1120 | |
| 1121 | if (osmo_sockaddr_str_is_set(n->rtp_ran_local)) { |
| 1122 | if (osmo_sockaddr_str_to_sockaddr(n->rtp_ran_local, &ss)) { |
| 1123 | LOG_RAN_A_ENC(log_fi, LOGL_ERROR, |
| 1124 | "Handover Request: invalid AoIP Transport Layer address/port: " |
| 1125 | OSMO_SOCKADDR_STR_FMT "\n", OSMO_SOCKADDR_STR_FMT_ARGS(n->rtp_ran_local)); |
| 1126 | return NULL; |
| 1127 | } |
| 1128 | r.aoip_transport_layer = &ss; |
| 1129 | } |
| 1130 | |
| 1131 | return gsm0808_create_handover_request(&r); |
| 1132 | } |
| 1133 | |
| 1134 | static struct msgb *ran_a_make_handover_request_ack(struct osmo_fsm_inst *caller_fi, const struct ran_handover_request_ack *r) |
| 1135 | { |
| 1136 | struct sockaddr_storage ss; |
| 1137 | struct gsm0808_handover_request_ack params = { |
| 1138 | .l3_info = r->rr_ho_command, |
| 1139 | .l3_info_len = r->rr_ho_command_len, |
| 1140 | .chosen_channel_present = r->chosen_channel_present, |
| 1141 | .chosen_channel = r->chosen_channel, |
| 1142 | .chosen_encr_alg = r->chosen_encr_alg, |
| 1143 | .chosen_speech_version = r->chosen_speech_version, |
| 1144 | }; |
| 1145 | |
| 1146 | if (osmo_sockaddr_str_is_set(&r->remote_rtp)) { |
| 1147 | osmo_sockaddr_str_to_sockaddr(&r->remote_rtp, &ss); |
| 1148 | params.aoip_transport_layer = &ss; |
| 1149 | } |
| 1150 | |
| 1151 | return gsm0808_create_handover_request_ack2(¶ms); |
| 1152 | } |
| 1153 | |
| 1154 | struct msgb *ran_a_make_handover_command(struct osmo_fsm_inst *log_fi, const struct ran_handover_command *n) |
| 1155 | { |
| 1156 | struct gsm0808_handover_command c = { |
| 1157 | .l3_info = n->rr_ho_command, |
| 1158 | .l3_info_len = n->rr_ho_command_len, |
| 1159 | }; |
| 1160 | |
| 1161 | return gsm0808_create_handover_command(&c); |
| 1162 | } |
| 1163 | |
| 1164 | struct msgb *ran_a_make_handover_failure(struct osmo_fsm_inst *log_fi, const struct ran_msg *msg) |
| 1165 | { |
| 1166 | struct gsm0808_handover_failure params = { |
| 1167 | .cause = msg->handover_failure.cause, |
| 1168 | }; |
| 1169 | return gsm0808_create_handover_failure(¶ms); |
| 1170 | } |
| 1171 | |
| 1172 | static struct msgb *_ran_a_encode(struct osmo_fsm_inst *caller_fi, const struct ran_msg *ran_enc_msg) |
| 1173 | { |
| 1174 | |
| 1175 | LOG_RAN_A_ENC(caller_fi, LOGL_DEBUG, "%s\n", ran_msg_type_name(ran_enc_msg->msg_type)); |
| 1176 | |
| 1177 | switch (ran_enc_msg->msg_type) { |
| 1178 | |
| 1179 | case RAN_MSG_DTAP: |
| 1180 | return ran_a_wrap_dtap(ran_enc_msg->dtap); |
| 1181 | |
| 1182 | case RAN_MSG_CLASSMARK_REQUEST: |
| 1183 | return gsm0808_create_classmark_request(); |
| 1184 | |
| 1185 | case RAN_MSG_CLEAR_COMMAND: |
| 1186 | return gsm0808_create_clear_command2(ran_enc_msg->clear_command.gsm0808_cause, |
| 1187 | ran_enc_msg->clear_command.csfb_ind); |
| 1188 | |
| 1189 | case RAN_MSG_ASSIGNMENT_COMMAND: |
| 1190 | return ran_a_make_assignment_command(caller_fi, &ran_enc_msg->assignment_command); |
| 1191 | |
| 1192 | case RAN_MSG_CIPHER_MODE_COMMAND: |
| 1193 | return ran_a_make_cipher_mode_command(caller_fi, &ran_enc_msg->cipher_mode_command); |
| 1194 | |
| 1195 | case RAN_MSG_HANDOVER_REQUIRED_REJECT: |
| 1196 | return gsm0808_create_handover_required_reject(&ran_enc_msg->handover_required_reject); |
| 1197 | |
| 1198 | case RAN_MSG_HANDOVER_REQUEST: |
| 1199 | return ran_a_make_handover_request(caller_fi, &ran_enc_msg->handover_request); |
| 1200 | |
| 1201 | case RAN_MSG_HANDOVER_REQUEST_ACK: |
| 1202 | return ran_a_make_handover_request_ack(caller_fi, &ran_enc_msg->handover_request_ack); |
| 1203 | |
| 1204 | case RAN_MSG_HANDOVER_COMMAND: |
| 1205 | return ran_a_make_handover_command(caller_fi, &ran_enc_msg->handover_command); |
| 1206 | |
| 1207 | case RAN_MSG_HANDOVER_SUCCEEDED: |
| 1208 | return gsm0808_create_handover_succeeded(); |
| 1209 | |
| 1210 | case RAN_MSG_HANDOVER_FAILURE: |
| 1211 | return ran_a_make_handover_failure(caller_fi, ran_enc_msg); |
| 1212 | |
| 1213 | default: |
| 1214 | LOG_RAN_A_ENC(caller_fi, LOGL_ERROR, "Unimplemented RAN-encode message type: %s\n", |
| 1215 | ran_msg_type_name(ran_enc_msg->msg_type)); |
| 1216 | return NULL; |
| 1217 | } |
| 1218 | } |
| 1219 | |
| 1220 | struct msgb *ran_a_encode(struct osmo_fsm_inst *caller_fi, const struct ran_msg *ran_enc_msg) |
| 1221 | { |
| 1222 | struct msgb *msg = _ran_a_encode(caller_fi, ran_enc_msg); |
| 1223 | |
| 1224 | if (!msg) |
| 1225 | return NULL; |
| 1226 | |
| 1227 | msg->l2h = msg->data; |
| 1228 | |
| 1229 | /* some consistency checks to ensure we don't send invalid length */ |
| 1230 | switch (msg->l2h[0]) { |
| 1231 | case BSSAP_MSG_DTAP: |
| 1232 | OSMO_ASSERT(msgb_l2len(msg) == msg->l2h[2] + 3); |
| 1233 | break; |
| 1234 | case BSSAP_MSG_BSS_MANAGEMENT: |
| 1235 | OSMO_ASSERT(msgb_l2len(msg) == msg->l2h[1] + 2); |
| 1236 | break; |
| 1237 | default: |
| 1238 | break; |
| 1239 | } |
| 1240 | |
| 1241 | return msg; |
| 1242 | } |
| 1243 | |
| 1244 | /* Return 1 for a RESET, 2 for a RESET ACK message, 0 otherwise */ |
| 1245 | enum reset_msg_type bssmap_is_reset_msg(const struct sccp_ran_inst *sri, const struct msgb *l2) |
| 1246 | { |
| 1247 | struct bssmap_header *bs = (struct bssmap_header *)msgb_l2(l2); |
| 1248 | |
| 1249 | if (!bs |
| 1250 | || msgb_l2len(l2) < (sizeof(*bs) + 1) |
| 1251 | || bs->type != BSSAP_MSG_BSS_MANAGEMENT) |
| 1252 | return SCCP_RAN_MSG_NON_RESET; |
| 1253 | |
| 1254 | switch (l2->l2h[sizeof(*bs)]) { |
| 1255 | case BSS_MAP_MSG_RESET: |
| 1256 | return SCCP_RAN_MSG_RESET; |
| 1257 | case BSS_MAP_MSG_RESET_ACKNOWLEDGE: |
| 1258 | return SCCP_RAN_MSG_RESET_ACK; |
| 1259 | default: |
| 1260 | return SCCP_RAN_MSG_NON_RESET; |
| 1261 | } |
| 1262 | } |
| 1263 | |
Pau Espin Pedrol | c9ba754 | 2019-05-07 12:23:49 +0200 | [diff] [blame] | 1264 | /* Patch regular BSSMAP RESET to add extra T to announce Osmux support (osmocom extension) */ |
| 1265 | static void _gsm0808_extend_announce_osmux(struct msgb *msg) |
| 1266 | { |
| 1267 | OSMO_ASSERT(msg->l3h[1] == msgb_l3len(msg) - 2); /*TL not in len */ |
| 1268 | msgb_put_u8(msg, GSM0808_IE_OSMO_OSMUX_SUPPORT); |
| 1269 | msg->l3h[1] = msgb_l3len(msg) - 2; |
| 1270 | } |
| 1271 | |
Neels Hofmeyr | c4628a3 | 2018-12-07 14:47:34 +0100 | [diff] [blame] | 1272 | struct msgb *bssmap_make_reset_msg(const struct sccp_ran_inst *sri, enum reset_msg_type type) |
| 1273 | { |
Pau Espin Pedrol | c9ba754 | 2019-05-07 12:23:49 +0200 | [diff] [blame] | 1274 | struct gsm_network *net = sri->user_data; |
| 1275 | struct msgb *msg; |
| 1276 | |
Neels Hofmeyr | c4628a3 | 2018-12-07 14:47:34 +0100 | [diff] [blame] | 1277 | switch (type) { |
| 1278 | case SCCP_RAN_MSG_RESET: |
Pau Espin Pedrol | c9ba754 | 2019-05-07 12:23:49 +0200 | [diff] [blame] | 1279 | msg = gsm0808_create_reset(); |
| 1280 | break; |
Neels Hofmeyr | c4628a3 | 2018-12-07 14:47:34 +0100 | [diff] [blame] | 1281 | case SCCP_RAN_MSG_RESET_ACK: |
Pau Espin Pedrol | c9ba754 | 2019-05-07 12:23:49 +0200 | [diff] [blame] | 1282 | msg = gsm0808_create_reset_ack(); |
| 1283 | break; |
Neels Hofmeyr | c4628a3 | 2018-12-07 14:47:34 +0100 | [diff] [blame] | 1284 | default: |
| 1285 | return NULL; |
| 1286 | } |
Pau Espin Pedrol | c9ba754 | 2019-05-07 12:23:49 +0200 | [diff] [blame] | 1287 | |
| 1288 | if (!msg) |
| 1289 | return NULL; |
| 1290 | |
| 1291 | if (net->use_osmux != OSMUX_USAGE_OFF) |
| 1292 | _gsm0808_extend_announce_osmux(msg); |
| 1293 | |
| 1294 | return msg; |
Neels Hofmeyr | c4628a3 | 2018-12-07 14:47:34 +0100 | [diff] [blame] | 1295 | } |
| 1296 | |
| 1297 | struct msgb *bssmap_make_paging_msg(const struct sccp_ran_inst *sri, const struct gsm0808_cell_id *page_cell_id, |
| 1298 | const char *imsi, uint32_t tmsi, enum paging_cause cause) |
| 1299 | { |
| 1300 | struct gsm0808_cell_id_list2 cil; |
| 1301 | gsm0808_cell_id_to_list(&cil, page_cell_id); |
| 1302 | return gsm0808_create_paging2(imsi, tmsi == GSM_RESERVED_TMSI ? NULL : &tmsi, &cil, NULL); |
| 1303 | } |
| 1304 | |
| 1305 | const char *bssmap_msg_name(const struct sccp_ran_inst *sri, const struct msgb *l2) |
| 1306 | { |
| 1307 | struct bssmap_header *bs; |
| 1308 | |
| 1309 | if (!l2->l2h) |
| 1310 | return "?"; |
| 1311 | |
| 1312 | bs = (struct bssmap_header *)msgb_l2(l2); |
| 1313 | switch (bs->type) { |
| 1314 | case BSSAP_MSG_BSS_MANAGEMENT: |
| 1315 | return gsm0808_bssmap_name(l2->l2h[0]); |
| 1316 | case BSSAP_MSG_DTAP: |
| 1317 | return "DTAP"; |
| 1318 | default: |
| 1319 | return "?"; |
| 1320 | } |
| 1321 | } |