Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 1 | /* SGs Interface according to 3GPP TS 23.272 + TS 29.118 */ |
| 2 | |
| 3 | /* (C) 2018-2019 by sysmocom s.f.m.c. GmbH |
| 4 | * All Rights Reserved |
| 5 | * |
| 6 | * Author: Harald Welte, Philipp Maier |
| 7 | * |
| 8 | * This program is free software; you can redistribute it and/or modify |
| 9 | * it under the terms of the GNU Affero General Public License as published by |
| 10 | * the Free Software Foundation; either version 3 of the License, or |
| 11 | * (at your option) any later version. |
| 12 | * |
| 13 | * This program is distributed in the hope that it will be useful, |
| 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 16 | * GNU Affero General Public License for more details. |
| 17 | * |
| 18 | * You should have received a copy of the GNU Affero General Public License |
| 19 | * along with this program. If not, see <http://www.gnu.org/licenses/>. |
| 20 | * |
| 21 | */ |
| 22 | |
| 23 | #include <osmocom/core/utils.h> |
| 24 | #include <osmocom/core/msgb.h> |
| 25 | #include <osmocom/core/fsm.h> |
| 26 | #include <osmocom/core/socket.h> |
| 27 | #include <osmocom/core/select.h> |
| 28 | |
| 29 | #include <osmocom/gsm/tlv.h> |
| 30 | #include <osmocom/gsm/gsm48.h> |
| 31 | #include <osmocom/gsm/gsm23003.h> |
| 32 | #include <osmocom/gsm/gsm29118.h> |
| 33 | |
| 34 | #include <osmocom/netif/stream.h> |
| 35 | |
| 36 | #include <osmocom/msc/vlr.h> |
| 37 | #include <osmocom/msc/vlr_sgs.h> |
| 38 | #include <osmocom/msc/gsm_data.h> |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 39 | #include <osmocom/msc/gsm_04_08.h> |
Neels Hofmeyr | c4628a3 | 2018-12-07 14:47:34 +0100 | [diff] [blame] | 40 | #include <osmocom/msc/msub.h> |
| 41 | #include <osmocom/msc/msc_a.h> |
| 42 | #include <osmocom/msc/msc_i.h> |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 43 | |
| 44 | #include <osmocom/msc/debug.h> |
| 45 | #include <osmocom/msc/sgs_iface.h> |
| 46 | #include <osmocom/msc/sgs_server.h> |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 47 | #include <osmocom/gsm/protocol/gsm_29_118.h> |
| 48 | |
| 49 | #include <osmocom/gsm/apn.h> |
| 50 | |
| 51 | #define S(x) (1 << (x)) |
| 52 | |
| 53 | /* A pointer to the GSM network we work with. By the current paradigm, |
| 54 | * there can only be one gsm_network per MSC. The pointer is set once |
Vadim Yanitskiy | 118a0b8 | 2019-03-21 20:51:55 +0700 | [diff] [blame] | 55 | * when calling sgs_iface_init() */ |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 56 | static struct gsm_network *gsm_network = NULL; |
| 57 | |
| 58 | static struct osmo_fsm sgs_vlr_reset_fsm; |
| 59 | static void sgs_tx(struct sgs_connection *sgc, struct msgb *msg); |
| 60 | |
| 61 | struct sgs_state *g_sgs; |
| 62 | |
| 63 | /*********************************************************************** |
| 64 | * SGs state per MME connection |
| 65 | ***********************************************************************/ |
| 66 | |
| 67 | #define LOGSGC(sgc, lvl, fmt, args...) \ |
| 68 | LOGP(DSGS, lvl, "%s: " fmt, sgc->sockname, ## args) |
| 69 | |
| 70 | #define LOGSGC_VSUB(sgc, sub_info, lvl, fmt, args...) \ |
| 71 | LOGP(DSGS, lvl, "(sub %s) %s: " fmt, sub_info, sgc->sockname, ## args) |
| 72 | |
| 73 | #define LOGMME(mme, lvl, fmt, args...) \ |
| 74 | LOGP(DSGS, lvl, "%s: " fmt, mme->fqdn ? mme->fqdn : mme->conn->sockname, ## args) |
| 75 | |
| 76 | enum sgs_vlr_reset_fsm_state { |
| 77 | SGS_VLRR_ST_NULL, |
| 78 | SGS_VLRR_ST_WAIT_ACK, |
| 79 | SGS_VLRR_ST_COMPLETE, |
| 80 | }; |
| 81 | |
| 82 | enum sgs_vlr_reset_fsm_event { |
| 83 | SGS_VLRR_E_START_RESET, |
| 84 | SGS_VLRR_E_RX_RESET_ACK, |
| 85 | }; |
| 86 | |
| 87 | /*********************************************************************** |
| 88 | * SGs utility functions |
| 89 | ***********************************************************************/ |
| 90 | |
| 91 | /* Allocate a new subscriber connection */ |
Neels Hofmeyr | c4628a3 | 2018-12-07 14:47:34 +0100 | [diff] [blame] | 92 | static struct msc_a *subscr_conn_allocate_sgs(struct sgs_connection *sgc, struct vlr_subscr *vsub, bool mt) |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 93 | { |
Neels Hofmeyr | c4628a3 | 2018-12-07 14:47:34 +0100 | [diff] [blame] | 94 | struct msub *msub; |
| 95 | struct msc_a *msc_a; |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 96 | |
Neels Hofmeyr | c4628a3 | 2018-12-07 14:47:34 +0100 | [diff] [blame] | 97 | msub = msub_alloc(gsm_network); |
| 98 | msc_a = msc_a_alloc(msub, |
| 99 | &msc_ran_infra[OSMO_RAT_EUTRAN_SGS]); |
| 100 | msc_a->complete_layer3_type = mt ? COMPLETE_LAYER3_PAGING_RESP : COMPLETE_LAYER3_CM_SERVICE_REQ; |
| 101 | msub_set_vsub(msub, vsub); |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 102 | |
Neels Hofmeyr | c4628a3 | 2018-12-07 14:47:34 +0100 | [diff] [blame] | 103 | if (mt) |
| 104 | msc_a_get(msc_a, MSC_A_USE_PAGING_RESPONSE); |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 105 | |
| 106 | /* Accept the connection immediately, since the UE is already |
| 107 | * authenticated by the MME no authentication is required. */ |
Neels Hofmeyr | c4628a3 | 2018-12-07 14:47:34 +0100 | [diff] [blame] | 108 | osmo_fsm_inst_dispatch(msc_a->c.fi, MSC_A_EV_COMPLETE_LAYER_3_OK, NULL); |
| 109 | osmo_fsm_inst_dispatch(msc_a->c.fi, MSC_A_EV_AUTHENTICATED, NULL); |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 110 | |
Neels Hofmeyr | c4628a3 | 2018-12-07 14:47:34 +0100 | [diff] [blame] | 111 | return msc_a; |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 112 | } |
| 113 | |
| 114 | /* Check if there are connections associated with a given subscriber. If yes, |
| 115 | * make sure that those connections are tossed. */ |
| 116 | static void subscr_conn_toss(struct vlr_subscr *vsub) |
| 117 | { |
Neels Hofmeyr | c4628a3 | 2018-12-07 14:47:34 +0100 | [diff] [blame] | 118 | struct msub *msub; |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 119 | |
Neels Hofmeyr | c4628a3 | 2018-12-07 14:47:34 +0100 | [diff] [blame] | 120 | msub = msub_for_vsub(vsub); |
| 121 | if (!msub) |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 122 | return; |
| 123 | |
Neels Hofmeyr | c4628a3 | 2018-12-07 14:47:34 +0100 | [diff] [blame] | 124 | LOG_MSUB(msub, LOGL_ERROR, "Force releasing previous subscriber connection: an SGs connection for this" |
| 125 | " subscriber is being initiated\n"); |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 126 | |
Neels Hofmeyr | c4628a3 | 2018-12-07 14:47:34 +0100 | [diff] [blame] | 127 | msc_a_release_mo(msub_msc_a(msub), GSM48_REJECT_CONGESTION); |
| 128 | /* TODO: is this strong enough? After this, it should be completely disassociated with this subscriber. */ |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 129 | } |
| 130 | |
| 131 | struct sgs_mme_ctx *sgs_mme_by_fqdn(struct sgs_state *sgs, const char *mme_fqdn) |
| 132 | { |
| 133 | struct sgs_mme_ctx *mme; |
| 134 | |
| 135 | llist_for_each_entry(mme, &sgs->mme_list, entry) { |
| 136 | if (!strcasecmp(mme_fqdn, mme->fqdn)) |
| 137 | return mme; |
| 138 | } |
| 139 | return NULL; |
| 140 | } |
| 141 | |
| 142 | static struct sgs_mme_ctx *sgs_mme_alloc(struct sgs_state *sgs, const char *mme_fqdn, const struct osmo_gummei *gummei) |
| 143 | { |
| 144 | struct sgs_mme_ctx *mme; |
| 145 | |
| 146 | OSMO_ASSERT(sgs_mme_by_fqdn(sgs, mme_fqdn) == NULL); |
| 147 | |
| 148 | mme = talloc_zero(sgs, struct sgs_mme_ctx); |
| 149 | if (!mme) |
| 150 | return NULL; |
| 151 | mme->sgs = sgs; |
| 152 | OSMO_STRLCPY_ARRAY(mme->fqdn, mme_fqdn); |
| 153 | mme->fi = osmo_fsm_inst_alloc(&sgs_vlr_reset_fsm, mme, mme, LOGL_INFO, osmo_gummei_name(gummei)); |
| 154 | if (!mme->fi) { |
| 155 | talloc_free(mme); |
| 156 | return NULL; |
| 157 | } |
| 158 | llist_add_tail(&mme->entry, &sgs->mme_list); |
| 159 | return mme; |
| 160 | } |
| 161 | |
| 162 | /* Decode and verify MME name */ |
| 163 | static int decode_mme_name(char *mme_name, const struct tlv_parsed *tp) |
| 164 | { |
| 165 | const uint8_t *mme_name_enc = TLVP_VAL_MINLEN(tp, SGSAP_IE_MME_NAME, SGS_MME_NAME_LEN); |
| 166 | struct osmo_gummei gummei; |
| 167 | |
| 168 | if (!mme_name_enc) |
| 169 | return -EINVAL; |
| 170 | |
Omar Ramadan | e2bd9eb | 2019-04-12 09:03:39 -0700 | [diff] [blame] | 171 | /* some implementations use FDQN format violating TS 29.118 9.3.14 */ |
| 172 | if (!osmo_parse_mme_domain(&gummei, (const char *) mme_name_enc)) { |
| 173 | memcpy(mme_name, mme_name_enc, TLVP_LEN(tp, SGSAP_IE_MME_NAME)); |
| 174 | return 0; |
| 175 | } |
| 176 | |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 177 | /* decode the MME name from DNS labels to string */ |
| 178 | osmo_apn_to_str(mme_name, TLVP_VAL(tp, SGSAP_IE_MME_NAME), TLVP_LEN(tp, SGSAP_IE_MME_NAME)); |
| 179 | |
| 180 | /* try to parse the MME name into a GUMMEI as a test for the format */ |
| 181 | if (osmo_parse_mme_domain(&gummei, mme_name) < 0) |
| 182 | return -EINVAL; |
| 183 | |
| 184 | return 0; |
| 185 | } |
| 186 | |
| 187 | /* A MME FQDN was received (e.g. RESET-IND/RESET-ACK/LU-REQ) */ |
| 188 | static int sgs_mme_fqdn_received(struct sgs_connection *sgc, const char *mme_fqdn) |
| 189 | { |
| 190 | struct sgs_mme_ctx *mme; |
| 191 | struct osmo_gummei gummei; |
| 192 | |
| 193 | /* caller must pass in a valid FQDN string syntax */ |
| 194 | OSMO_ASSERT(osmo_parse_mme_domain(&gummei, mme_fqdn) == 0); |
| 195 | |
| 196 | if (!sgc->mme) { |
| 197 | /* attempt to find MME with given name */ |
| 198 | mme = sgs_mme_by_fqdn(sgc->sgs, mme_fqdn); |
| 199 | if (!mme) |
| 200 | mme = sgs_mme_alloc(sgc->sgs, mme_fqdn, &gummei); |
| 201 | OSMO_ASSERT(mme); |
| 202 | |
| 203 | if (mme->conn) { |
| 204 | /* The MME context has another connection !?! */ |
| 205 | LOGSGC(sgc, LOGL_ERROR, "Rx MME name %s, but that MME already has other " |
| 206 | "SCTP connection?!?\n", mme_fqdn); |
| 207 | return -1; |
| 208 | } else { |
| 209 | /* associate the two */ |
| 210 | mme->conn = sgc; |
| 211 | sgc->mme = mme; |
| 212 | } |
| 213 | } else { |
| 214 | mme = sgc->mme; |
| 215 | if (strcasecmp(mme->fqdn, mme_fqdn) != 0) { |
| 216 | LOGMME(mme, LOGL_ERROR, "Rx MME name \"%s\" in packet from MME \"%s\" ?!?\n", mme_fqdn, |
| 217 | mme->fqdn); |
| 218 | return -2; |
| 219 | } |
| 220 | } |
| 221 | return 0; |
| 222 | } |
| 223 | |
| 224 | /* Safely get the mme-name for an sgs-connection */ |
| 225 | static char *sgs_mme_fqdn_get(struct sgs_connection *sgc) |
| 226 | { |
| 227 | if (!sgc) |
| 228 | return NULL; |
| 229 | if (!sgc->mme) |
| 230 | return NULL; |
| 231 | if (sgc->mme->fqdn[0] == '\0') |
| 232 | return NULL; |
| 233 | return sgc->mme->fqdn; |
| 234 | } |
| 235 | |
| 236 | /* Find an sgs_mme_ctx for a given vlr subscriber, also check result */ |
| 237 | struct sgs_mme_ctx *sgs_mme_ctx_by_vsub(struct vlr_subscr *vsub, uint8_t msg_type) |
| 238 | { |
| 239 | struct sgs_mme_ctx *mme; |
| 240 | |
| 241 | /* Find SGS connection by MME name */ |
| 242 | mme = sgs_mme_by_fqdn(g_sgs, vsub->sgs.mme_name); |
| 243 | if (!mme) { |
| 244 | LOGP(DSGS, LOGL_ERROR, "(sub %s) Tx %s cannot find suitable MME!\n", |
| 245 | vlr_subscr_name(vsub), sgsap_msg_type_name(msg_type)); |
| 246 | return NULL; |
| 247 | } |
| 248 | if (!mme->conn) { |
| 249 | LOGP(DSGS, LOGL_ERROR, |
| 250 | "(sub %s) Tx %s suitable MME found, but no SGS connection present!\n", |
| 251 | vlr_subscr_name(vsub), sgsap_msg_type_name(msg_type)); |
| 252 | return NULL; |
| 253 | } |
| 254 | if (!mme->sgs) { |
| 255 | LOGP(DSGS, LOGL_ERROR, |
| 256 | "(sub %s) Tx %s suitable MME found, but no SGS state present!\n", |
| 257 | vlr_subscr_name(vsub), sgsap_msg_type_name(msg_type)); |
| 258 | return NULL; |
| 259 | } |
| 260 | |
| 261 | return mme; |
| 262 | } |
| 263 | |
| 264 | /* Make sure that the subscriber is known and that the subscriber is in the |
| 265 | * SGs associated state. In case of failure the function returns false and |
| 266 | * automatically sends a release message to the MME */ |
| 267 | static bool check_sgs_association(struct sgs_connection *sgc, struct msgb *msg, char *imsi) |
| 268 | { |
| 269 | struct vlr_subscr *vsub; |
| 270 | struct msgb *resp; |
| 271 | uint8_t msg_type = msg->data[0]; |
| 272 | |
| 273 | /* Subscriber must be known by the VLR */ |
Neels Hofmeyr | 7c5346c | 2019-02-19 02:36:35 +0100 | [diff] [blame] | 274 | vsub = vlr_subscr_find_by_imsi(gsm_network->vlr, imsi, __func__); |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 275 | if (!vsub) { |
| 276 | LOGSGC(sgc, LOGL_NOTICE, "SGsAP Message %s with unknown IMSI (%s), releasing\n", |
| 277 | sgsap_msg_type_name(msg_type), imsi); |
| 278 | resp = gsm29118_create_release_req(imsi, SGSAP_SGS_CAUSE_IMSI_UNKNOWN); |
| 279 | sgs_tx(sgc, resp); |
| 280 | return false; |
| 281 | } |
| 282 | |
| 283 | /* The SGs FSM must also be in SGs associated state */ |
| 284 | if (vsub->sgs_fsm->state != SGS_UE_ST_ASSOCIATED) { |
| 285 | LOGSGC(sgc, LOGL_NOTICE, "(sub %s) SGsAP Message %s subscriber not SGs-associated, releasing\n", |
| 286 | vlr_subscr_name(vsub), sgsap_msg_type_name(msg_type)); |
| 287 | resp = gsm29118_create_release_req(vsub->imsi, SGSAP_SGS_CAUSE_IMSI_DET_EPS_NONEPS); |
| 288 | sgs_tx(sgc, resp); |
Neels Hofmeyr | 7c5346c | 2019-02-19 02:36:35 +0100 | [diff] [blame] | 289 | vlr_subscr_put(vsub, __func__); |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 290 | return false; |
| 291 | } |
| 292 | |
Neels Hofmeyr | 7c5346c | 2019-02-19 02:36:35 +0100 | [diff] [blame] | 293 | vlr_subscr_put(vsub, __func__); |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 294 | return true; |
| 295 | } |
| 296 | |
| 297 | /*********************************************************************** |
| 298 | * SGsAP transmit functions |
| 299 | ***********************************************************************/ |
| 300 | |
| 301 | /* Send message out to remote end (final step) */ |
| 302 | static void sgs_tx(struct sgs_connection *sgc, struct msgb *msg) |
| 303 | { |
| 304 | if (!msg) { |
| 305 | LOGSGC(sgc, LOGL_NOTICE, "Null message, cannot transmit!\n"); |
| 306 | return; |
| 307 | } |
| 308 | |
| 309 | msgb_sctp_ppid(msg) = 0; |
| 310 | if (!sgc) { |
Philipp Maier | 7231edb | 2019-04-04 10:30:28 +0200 | [diff] [blame] | 311 | LOGP(LOGL_NOTICE, DSGS, "Cannot transmit %s: connection dead. Discarding\n", |
| 312 | sgsap_msg_type_name(msg->data[0])); |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 313 | msgb_free(msg); |
| 314 | return; |
| 315 | } |
| 316 | osmo_stream_srv_send(sgc->srv, msg); |
| 317 | } |
| 318 | |
| 319 | /* Get some subscriber info from ISMI (for the log text) */ |
| 320 | const char *subscr_info(const char *imsi) |
| 321 | { |
| 322 | const char *subscr_string = "<unknown>"; |
| 323 | struct vlr_subscr *vsub; |
| 324 | |
| 325 | if (imsi) { |
Neels Hofmeyr | 7c5346c | 2019-02-19 02:36:35 +0100 | [diff] [blame] | 326 | vsub = vlr_subscr_find_by_imsi(gsm_network->vlr, imsi, __func__); |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 327 | if (!vsub) |
| 328 | subscr_string = imsi; |
| 329 | else { |
| 330 | subscr_string = vlr_subscr_name(vsub); |
Neels Hofmeyr | 7c5346c | 2019-02-19 02:36:35 +0100 | [diff] [blame] | 331 | vlr_subscr_put(vsub, __func__); |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 332 | } |
| 333 | } |
| 334 | |
| 335 | return subscr_string; |
| 336 | } |
| 337 | |
| 338 | /* Comfortable status message generator that also generates some basic |
| 339 | * context-dependent dependand log output */ |
| 340 | static int sgs_tx_status(struct sgs_connection *sgc, const char *imsi, enum sgsap_sgs_cause cause, struct msgb *msg, |
| 341 | int sgsap_iei) |
| 342 | { |
| 343 | struct msgb *resp; |
| 344 | |
| 345 | if (sgsap_iei < 0) { |
| 346 | LOGSGC_VSUB(sgc, subscr_info(imsi), LOGL_ERROR, "Rx %s failed with cause %s!\n", |
| 347 | sgsap_msg_type_name(msg->data[0]), sgsap_sgs_cause_name(cause)); |
| 348 | } else if (cause == SGSAP_SGS_CAUSE_MISSING_MAND_IE) { |
| 349 | LOGSGC_VSUB(sgc, subscr_info(imsi), LOGL_ERROR, "Rx %s with missing mandatory %s IEI!\n", |
| 350 | sgsap_msg_type_name(msg->data[0]), sgsap_iei_name(sgsap_iei)); |
| 351 | } else if (cause == SGSAP_SGS_CAUSE_INVALID_MAND_IE) { |
| 352 | LOGSGC_VSUB(sgc, subscr_info(imsi), LOGL_ERROR, "Rx %s with invalid mandatory %s IEI!\n", |
| 353 | sgsap_msg_type_name(msg->data[0]), sgsap_iei_name(sgsap_iei)); |
| 354 | } else if (cause == SGSAP_SGS_CAUSE_COND_IE_ERROR) { |
| 355 | LOGSGC_VSUB(sgc, subscr_info(imsi), LOGL_ERROR, "Rx %s with errornous conditional %s IEI!\n", |
| 356 | sgsap_msg_type_name(msg->data[0]), sgsap_iei_name(sgsap_iei)); |
| 357 | } else { |
| 358 | LOGSGC_VSUB(sgc, subscr_info(imsi), LOGL_ERROR, "Rx %s failed with cause %s at %s IEI!\n", |
| 359 | sgsap_msg_type_name(msg->data[0]), sgsap_sgs_cause_name(cause), sgsap_iei_name(sgsap_iei)); |
| 360 | } |
| 361 | |
| 362 | resp = gsm29118_create_status(imsi, cause, msg); |
| 363 | sgs_tx(sgc, resp); |
| 364 | return 0; |
| 365 | } |
| 366 | |
| 367 | /* Called by VLR via callback, transmits the the location update response or |
| 368 | * reject, depending on the outcome of the location update. */ |
| 369 | static void sgs_tx_loc_upd_resp_cb(struct sgs_lu_response *response) |
| 370 | { |
| 371 | struct msgb *resp; |
| 372 | struct vlr_subscr *vsub = response->vsub; |
| 373 | struct sgs_mme_ctx *mme; |
| 374 | uint8_t new_id[2 + GSM48_TMSI_LEN]; |
| 375 | uint8_t *new_id_ptr = new_id; |
| 376 | unsigned int new_id_len = 0; |
| 377 | uint8_t resp_msg_type; |
| 378 | |
Philipp Maier | 483cea8 | 2019-04-03 16:23:29 +0200 | [diff] [blame] | 379 | /* Determine message type that is sent next (needed for logging) */ |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 380 | if (response->accepted) |
| 381 | resp_msg_type = SGSAP_MSGT_LOC_UPD_ACK; |
Philipp Maier | 483cea8 | 2019-04-03 16:23:29 +0200 | [diff] [blame] | 382 | else if (response->error) |
| 383 | resp_msg_type = SGSAP_MSGT_RESET_IND; |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 384 | else |
| 385 | resp_msg_type = SGSAP_MSGT_LOC_UPD_REJ; |
| 386 | |
Philipp Maier | 483cea8 | 2019-04-03 16:23:29 +0200 | [diff] [blame] | 387 | /* Determine MME */ |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 388 | mme = sgs_mme_ctx_by_vsub(vsub, resp_msg_type); |
| 389 | if (!mme) |
| 390 | return; |
| 391 | |
Philipp Maier | 483cea8 | 2019-04-03 16:23:29 +0200 | [diff] [blame] | 392 | /* Handle error (HLR failure) */ |
| 393 | if (response->error) { |
| 394 | osmo_fsm_inst_dispatch(mme->fi, SGS_VLRR_E_START_RESET, NULL); |
| 395 | return; |
| 396 | } |
| 397 | |
| 398 | /* Handle LU accept/reject */ |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 399 | if (response->accepted) { |
| 400 | if (vsub->tmsi_new != GSM_RESERVED_TMSI) { |
| 401 | new_id_len = gsm48_generate_mid_from_tmsi(new_id, vsub->tmsi_new); |
| 402 | new_id_ptr = new_id + 2; |
| 403 | new_id_len -= 2; |
| 404 | } |
| 405 | resp = gsm29118_create_lu_ack(vsub->imsi, &vsub->sgs.lai, new_id_ptr, new_id_len); |
| 406 | sgs_tx(mme->conn, resp); |
| 407 | vlr_sgs_loc_update_acc_sent(vsub); |
| 408 | } else { |
| 409 | resp = gsm29118_create_lu_rej(vsub->imsi, SGSAP_SGS_CAUSE_IMSI_UNKNOWN, &vsub->sgs.lai); |
| 410 | sgs_tx(mme->conn, resp); |
| 411 | vlr_sgs_loc_update_rej_sent(vsub); |
| 412 | } |
| 413 | } |
| 414 | |
| 415 | /* Called by VLR via callback, transmits MM information to the UE */ |
| 416 | static void sgs_tx_mm_info_cb(struct vlr_subscr *vsub) |
| 417 | { |
| 418 | struct msgb *msg; |
| 419 | struct msgb *msg_mm_info; |
| 420 | struct sgs_mme_ctx *mme; |
| 421 | |
| 422 | /* The sending of MM information requests is an optional feature and |
| 423 | * depends on the network configuration (VTY) */ |
| 424 | if (!gsm_network->send_mm_info) |
| 425 | return; |
| 426 | |
| 427 | mme = sgs_mme_ctx_by_vsub(vsub, SGSAP_MSGT_MM_INFO_REQ); |
| 428 | if (!mme) |
| 429 | return; |
| 430 | |
| 431 | /* Create and send MM information request message, see also: |
| 432 | * 3GPP TS 29.118, chapter 8.12 SGsAP-MM-INFORMATION-REQUEST and |
| 433 | * 3GPP TS 29.018, chapter 18.4.16 MM information. */ |
| 434 | msg_mm_info = gsm48_create_mm_info(gsm_network); |
| 435 | msg = gsm29118_create_mm_info_req(vsub->imsi, msg_mm_info->data + 2, msg_mm_info->len - 2); |
| 436 | sgs_tx(mme->conn, msg); |
| 437 | msgb_free(msg_mm_info); |
| 438 | } |
| 439 | |
Neels Hofmeyr | c4628a3 | 2018-12-07 14:47:34 +0100 | [diff] [blame] | 440 | enum sgsap_service_ind sgs_serv_ind_from_paging_cause(enum paging_cause cause) |
| 441 | { |
| 442 | switch (cause) { |
| 443 | case PAGING_CAUSE_CALL_CONVERSATIONAL: |
| 444 | case PAGING_CAUSE_CALL_STREAMING: |
| 445 | case PAGING_CAUSE_CALL_INTERACTIVE: |
| 446 | case PAGING_CAUSE_CALL_BACKGROUND: |
| 447 | return SGSAP_SERV_IND_CS_CALL; |
| 448 | |
| 449 | case PAGING_CAUSE_UNSPECIFIED: |
| 450 | case PAGING_CAUSE_SIGNALLING_LOW_PRIO: |
| 451 | case PAGING_CAUSE_SIGNALLING_HIGH_PRIO: |
| 452 | return SGSAP_SERV_IND_SMS; |
| 453 | |
| 454 | default: |
| 455 | OSMO_ASSERT(false); |
| 456 | } |
| 457 | } |
| 458 | |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 459 | /*! Page UE through SGs interface |
| 460 | * \param[in] vsub subscriber context |
| 461 | * \param[in] serv_ind service indicator (sms or voide) |
| 462 | * \returns 0 in case of success, -EINVAL in case of error. */ |
| 463 | int sgs_iface_tx_paging(struct vlr_subscr *vsub, enum sgsap_service_ind serv_ind) |
| 464 | { |
| 465 | struct msgb *resp; |
| 466 | struct gsm29118_paging_req paging_params; |
| 467 | struct sgs_mme_ctx *mme; |
| 468 | |
Neels Hofmeyr | c4628a3 | 2018-12-07 14:47:34 +0100 | [diff] [blame] | 469 | LOGP(DMSC, LOGL_NOTICE, "XXXXXXXXXX state == %d conf_by_radio_contact_ind == %d\n", |
| 470 | vsub->sgs_fsm->state, vsub->conf_by_radio_contact_ind); |
| 471 | |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 472 | /* See also: 3GPP TS 29.118, chapter 5.1.2.2 Paging Initiation */ |
Neels Hofmeyr | c4628a3 | 2018-12-07 14:47:34 +0100 | [diff] [blame] | 473 | if (vsub->sgs_fsm->state == SGS_UE_ST_NULL && vsub->conf_by_radio_contact_ind == true) { |
| 474 | LOGPFSMSL(vsub->sgs_fsm, DPAG, LOGL_ERROR, "Will not Page (conf_by_radio_contact_ind == true)\n"); |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 475 | return -EINVAL; |
Neels Hofmeyr | c4628a3 | 2018-12-07 14:47:34 +0100 | [diff] [blame] | 476 | } |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 477 | |
| 478 | mme = sgs_mme_ctx_by_vsub(vsub, SGSAP_MSGT_PAGING_REQ); |
Neels Hofmeyr | c4628a3 | 2018-12-07 14:47:34 +0100 | [diff] [blame] | 479 | if (!mme) { |
| 480 | LOGPFSMSL(vsub->sgs_fsm, DPAG, LOGL_ERROR, "Will not Page (no MME)\n"); |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 481 | return -EINVAL; |
Neels Hofmeyr | c4628a3 | 2018-12-07 14:47:34 +0100 | [diff] [blame] | 482 | } |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 483 | |
| 484 | /* Check if there is still a paging in progress for this subscriber, |
| 485 | * if yes, don't initiate another paging request. */ |
| 486 | if (vlr_sgs_pag_pend(vsub)) |
| 487 | return 0; |
| 488 | |
| 489 | memset(&paging_params, 0, sizeof(paging_params)); |
| 490 | osmo_strlcpy(paging_params.imsi, vsub->imsi, sizeof(paging_params.imsi)); |
| 491 | osmo_strlcpy(paging_params.vlr_name, mme->sgs->cfg.vlr_name, sizeof(paging_params.vlr_name)); |
| 492 | paging_params.serv_ind = serv_ind; |
| 493 | if (vsub->conf_by_radio_contact_ind == true) { |
| 494 | memcpy(&paging_params.lai, &vsub->sgs.lai, sizeof(paging_params.lai)); |
| 495 | paging_params.lai_present = true; |
| 496 | } |
| 497 | resp = gsm29118_create_paging_req(&paging_params); |
| 498 | sgs_tx(mme->conn, resp); |
| 499 | |
| 500 | /* FIXME: If we are in SGS_UE_ST_NULL while sub->conf_by_radio_contact_ind == false, |
| 501 | * we are supposed to start a search procedure as defined in 3GPP TS 23.018 */ |
| 502 | |
| 503 | /* Inform the VLR that a paging via SGs is in progress */ |
| 504 | vlr_sgs_pag(vsub, serv_ind); |
| 505 | |
| 506 | /* Return a page count of 1 (success) */ |
| 507 | return 1; |
| 508 | } |
| 509 | |
| 510 | /*********************************************************************** |
| 511 | * SGs incoming messages from the MME |
| 512 | ***********************************************************************/ |
| 513 | |
| 514 | /* Safely read out the SGs cause code from a given message/tlv set, send status |
| 515 | * message in case the cause code is invalid or missing. */ |
| 516 | static int sgs_cause_from_msg(struct sgs_connection *sgc, struct msgb *msg, const struct tlv_parsed *tp, |
| 517 | const char *imsi) |
| 518 | { |
| 519 | enum sgsap_sgs_cause cause; |
| 520 | const uint8_t *cause_ptr; |
| 521 | cause_ptr = TLVP_VAL_MINLEN(tp, SGSAP_IE_SGS_CAUSE, 1); |
| 522 | if (!cause_ptr) { |
| 523 | sgs_tx_status(sgc, imsi, SGSAP_SGS_CAUSE_MISSING_MAND_IE, msg, SGSAP_IE_SGS_CAUSE); |
| 524 | return -1; |
| 525 | } else |
| 526 | cause = *cause_ptr; |
| 527 | return cause; |
| 528 | } |
| 529 | |
| 530 | /* SGsAP-STATUS 3GPP TS 29.118, chapter 8.18 */ |
| 531 | static int sgs_rx_status(struct sgs_connection *sgc, struct msgb *msg, const struct tlv_parsed *tp, const char *imsi) |
| 532 | { |
| 533 | int cause; |
| 534 | const uint8_t *err_msg; |
| 535 | const char *imsi_ptr; |
| 536 | char *err_msg_hex = "(none)"; |
| 537 | |
| 538 | cause = sgs_cause_from_msg(sgc, msg, tp, NULL); |
| 539 | if (cause < 0) |
| 540 | return 0; |
| 541 | |
| 542 | if (imsi[0] != '\0') |
| 543 | imsi_ptr = imsi; |
| 544 | else |
| 545 | imsi_ptr = "<none>"; |
| 546 | |
| 547 | if (TLVP_PRESENT(tp, SGSAP_IE_ERR_MSG)) |
| 548 | err_msg = TLVP_VAL(tp, SGSAP_IE_ERR_MSG); |
| 549 | else |
| 550 | err_msg = NULL; |
| 551 | |
| 552 | if (err_msg) |
| 553 | err_msg_hex = osmo_hexdump(err_msg, TLVP_LEN(tp, SGSAP_IE_ERR_MSG)); |
| 554 | |
| 555 | LOGSGC(sgc, LOGL_NOTICE, "Rx STATUS cause=%s, IMSI=%s, err_msg=%s\n", |
| 556 | sgsap_sgs_cause_name(cause), imsi_ptr, err_msg_hex); |
| 557 | |
| 558 | return 0; |
| 559 | } |
| 560 | |
| 561 | /* SGsAP-RESET-INDICATION 3GPP TS 29.118, chapter 8.16 */ |
| 562 | static int sgs_rx_reset_ind(struct sgs_connection *sgc, struct msgb *msg, const struct tlv_parsed *tp) |
| 563 | { |
| 564 | struct gsm29118_reset_msg reset_params; |
| 565 | struct msgb *resp; |
| 566 | |
| 567 | memset(&reset_params, 0, sizeof(reset_params)); |
| 568 | osmo_strlcpy(reset_params.vlr_name, sgc->sgs->cfg.vlr_name, sizeof(reset_params.vlr_name)); |
| 569 | reset_params.vlr_name_present = true; |
| 570 | |
| 571 | resp = gsm29118_create_reset_ack(&reset_params); |
| 572 | |
| 573 | /* Perform a reset of the SGS FSM of all subscribers that are present in the VLR */ |
| 574 | vlr_sgs_reset(gsm_network->vlr); |
| 575 | |
| 576 | sgs_tx(sgc, resp); |
| 577 | return 0; |
| 578 | } |
| 579 | |
| 580 | /* SGsAP-RESET-ACK 3GPP TS 29.118, chapter 8.15 */ |
| 581 | static int sgs_rx_reset_ack(struct sgs_connection *sgc, struct msgb *msg, const struct tlv_parsed *tp) |
| 582 | { |
| 583 | /* dispatch event to VLR reset FSM for this MME */ |
| 584 | if (sgc->mme && sgc->mme->fi) |
| 585 | osmo_fsm_inst_dispatch(sgc->mme->fi, SGS_VLRR_E_RX_RESET_ACK, msg); |
| 586 | return 0; |
| 587 | } |
| 588 | |
| 589 | /* SGsAP-LOCATION-UPDATE-REQUEST 3GPP TS 29.118, chapter 8.11 */ |
| 590 | static int sgs_rx_loc_upd_req(struct sgs_connection *sgc, struct msgb *msg, const struct tlv_parsed *tp, char *imsi) |
| 591 | { |
| 592 | struct msgb *resp; |
| 593 | const uint8_t *lu_type_ie; |
| 594 | enum vlr_lu_type type; |
| 595 | struct osmo_location_area_id new_lai; |
| 596 | const struct gsm48_loc_area_id *gsm48_lai; |
| 597 | int rc; |
| 598 | char *mme_name; |
| 599 | struct vlr_sgs_cfg vlr_sgs_cfg; |
| 600 | struct vlr_subscr *vsub; |
| 601 | |
| 602 | /* Check for lingering connections */ |
Neels Hofmeyr | 7c5346c | 2019-02-19 02:36:35 +0100 | [diff] [blame] | 603 | vsub = vlr_subscr_find_by_imsi(gsm_network->vlr, imsi, __func__); |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 604 | if (vsub) { |
| 605 | subscr_conn_toss(vsub); |
Neels Hofmeyr | 7c5346c | 2019-02-19 02:36:35 +0100 | [diff] [blame] | 606 | vlr_subscr_put(vsub, __func__); |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 607 | } |
| 608 | |
| 609 | /* Determine MME-Name */ |
| 610 | mme_name = sgs_mme_fqdn_get(sgc); |
| 611 | if (!mme_name) { |
| 612 | resp = gsm29118_create_lu_rej(imsi, SGSAP_SGS_CAUSE_IMSI_UNKNOWN, NULL); |
| 613 | sgs_tx(sgc, resp); |
| 614 | return 0; |
| 615 | } |
| 616 | |
| 617 | /* Parse LU-Type */ |
| 618 | lu_type_ie = TLVP_VAL_MINLEN(tp, SGSAP_IE_EPS_LU_TYPE, 1); |
| 619 | if (!lu_type_ie) |
| 620 | return sgs_tx_status(sgc, imsi, SGSAP_SGS_CAUSE_MISSING_MAND_IE, msg, SGSAP_IE_EPS_LU_TYPE); |
| 621 | if (lu_type_ie[0] == 0x01) |
| 622 | type = VLR_LU_TYPE_IMSI_ATTACH; |
| 623 | else |
| 624 | type = VLR_LU_TYPE_REGULAR; |
| 625 | |
| 626 | /* Parse LAI of the new location */ |
| 627 | gsm48_lai = (struct gsm48_loc_area_id *)TLVP_VAL_MINLEN(tp, SGSAP_IE_LAI, 5); |
| 628 | if (!gsm48_lai) |
| 629 | return sgs_tx_status(sgc, imsi, SGSAP_SGS_CAUSE_MISSING_MAND_IE, msg, SGSAP_IE_LAI); |
| 630 | gsm48_decode_lai2(gsm48_lai, &new_lai); |
| 631 | |
| 632 | /* Perform actual location update */ |
| 633 | memcpy(vlr_sgs_cfg.timer, sgc->sgs->cfg.timer, sizeof(vlr_sgs_cfg.timer)); |
| 634 | memcpy(vlr_sgs_cfg.counter, sgc->sgs->cfg.counter, sizeof(vlr_sgs_cfg.counter)); |
| 635 | rc = vlr_sgs_loc_update(gsm_network->vlr, &vlr_sgs_cfg, sgs_tx_loc_upd_resp_cb, sgs_iface_tx_paging, |
| 636 | sgs_tx_mm_info_cb, mme_name, type, imsi, &new_lai); |
| 637 | if (rc != 0) { |
| 638 | resp = gsm29118_create_lu_rej(imsi, SGSAP_SGS_CAUSE_IMSI_UNKNOWN, NULL); |
| 639 | sgs_tx(sgc, resp); |
| 640 | } |
| 641 | |
| 642 | return 0; |
| 643 | } |
| 644 | |
| 645 | /* SGsAP-IMSI-DETACH-INDICATION 3GPP TS 29.118, chapter 8.8 */ |
| 646 | static int sgs_rx_imsi_det_ind(struct sgs_connection *sgc, struct msgb *msg, const struct tlv_parsed *tp, char *imsi) |
| 647 | { |
| 648 | struct msgb *resp; |
| 649 | enum sgsap_imsi_det_noneps_type type; |
| 650 | const uint8_t *type_ie; |
| 651 | |
| 652 | type_ie = TLVP_VAL_MINLEN(tp, SGSAP_IE_IMSI_DET_NONEPS_TYPE, 1); |
| 653 | if (!type_ie) |
| 654 | return sgs_tx_status(sgc, imsi, SGSAP_SGS_CAUSE_MISSING_MAND_IE, msg, SGSAP_IE_IMSI_DET_NONEPS_TYPE); |
| 655 | |
| 656 | switch (type_ie[0]) { |
| 657 | case SGSAP_ID_NONEPS_T_EXPLICIT_UE_NONEPS: |
| 658 | type = SGSAP_ID_NONEPS_T_EXPLICIT_UE_NONEPS; |
| 659 | break; |
| 660 | case SGSAP_ID_NONEPS_T_COMBINED_UE_EPS_NONEPS: |
| 661 | type = SGSAP_ID_NONEPS_T_COMBINED_UE_EPS_NONEPS; |
| 662 | break; |
| 663 | case SGSAP_ID_NONEPS_T_IMPLICIT_UE_EPS_NONEPS: |
| 664 | type = SGSAP_ID_NONEPS_T_IMPLICIT_UE_EPS_NONEPS; |
| 665 | break; |
| 666 | default: |
| 667 | return sgs_tx_status(sgc, imsi, SGSAP_SGS_CAUSE_INVALID_MAND_IE, msg, SGSAP_IE_IMSI_DET_NONEPS_TYPE); |
| 668 | break; |
| 669 | } |
| 670 | |
| 671 | vlr_sgs_imsi_detach(gsm_network->vlr, imsi, type); |
| 672 | resp = gsm29118_create_imsi_det_ack(imsi); |
| 673 | sgs_tx(sgc, resp); |
| 674 | |
| 675 | return 0; |
| 676 | } |
| 677 | |
| 678 | /* SGsAP-EPS-DETACH-INDICATION 3GPP TS 29.118, chapter 8.6 */ |
| 679 | static int sgs_rx_eps_det_ind(struct sgs_connection *sgc, struct msgb *msg, const struct tlv_parsed *tp, char *imsi) |
| 680 | { |
| 681 | struct msgb *resp; |
| 682 | enum sgsap_imsi_det_eps_type type; |
| 683 | const uint8_t *type_ie; |
| 684 | |
| 685 | type_ie = TLVP_VAL_MINLEN(tp, SGSAP_IE_IMSI_DET_EPS_TYPE, 1); |
| 686 | if (!type_ie) |
| 687 | return sgs_tx_status(sgc, imsi, SGSAP_SGS_CAUSE_MISSING_MAND_IE, msg, SGSAP_IE_IMSI_DET_EPS_TYPE); |
| 688 | |
| 689 | switch (type_ie[0]) { |
| 690 | case SGSAP_ID_EPS_T_NETWORK_INITIATED: |
| 691 | type = SGSAP_ID_EPS_T_NETWORK_INITIATED; |
| 692 | break; |
| 693 | case SGSAP_ID_EPS_T_UE_INITIATED: |
| 694 | type = SGSAP_ID_EPS_T_UE_INITIATED; |
| 695 | break; |
| 696 | case SGSAP_ID_EPS_T_EPS_NOT_ALLOWED: |
| 697 | type = SGSAP_ID_EPS_T_EPS_NOT_ALLOWED; |
| 698 | break; |
| 699 | default: |
| 700 | return sgs_tx_status(sgc, imsi, SGSAP_SGS_CAUSE_INVALID_MAND_IE, msg, SGSAP_IE_IMSI_DET_EPS_TYPE); |
| 701 | break; |
| 702 | } |
| 703 | |
| 704 | vlr_sgs_eps_detach(gsm_network->vlr, imsi, type); |
| 705 | resp = gsm29118_create_eps_det_ack(imsi); |
| 706 | sgs_tx(sgc, resp); |
| 707 | |
| 708 | return 0; |
| 709 | } |
| 710 | |
| 711 | /* SGsAP-PAGING-REJECT 3GPP TS 29.118, chapter 8.13 */ |
| 712 | static int sgs_rx_pag_rej(struct sgs_connection *sgc, struct msgb *msg, const struct tlv_parsed *tp, char *imsi) |
| 713 | { |
| 714 | int cause; |
| 715 | struct vlr_subscr *vsub; |
| 716 | |
| 717 | cause = sgs_cause_from_msg(sgc, msg, tp, NULL); |
| 718 | if (cause < 0) |
| 719 | return 0; |
| 720 | |
| 721 | /* Subscriber must be known by the VLR */ |
Neels Hofmeyr | 7c5346c | 2019-02-19 02:36:35 +0100 | [diff] [blame] | 722 | vsub = vlr_subscr_find_by_imsi(gsm_network->vlr, imsi, __func__); |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 723 | if (!vsub) |
| 724 | return sgs_tx_status(sgc, imsi, SGSAP_SGS_CAUSE_IMSI_UNKNOWN, msg, SGSAP_IE_IMSI); |
| 725 | |
| 726 | /* Inform the VLR */ |
| 727 | vlr_sgs_pag_rej(gsm_network->vlr, imsi, cause); |
| 728 | |
| 729 | /* Stop all paging activity */ |
Neels Hofmeyr | c4628a3 | 2018-12-07 14:47:34 +0100 | [diff] [blame] | 730 | paging_expired(vsub); |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 731 | |
| 732 | /* Depending on the cause code some action is required */ |
| 733 | if (cause == SGSAP_SGS_CAUSE_MT_CSFB_REJ_USER) { |
| 734 | /* FIXME: We are supposed to trigger a User Determined User Busy (UDUB) |
| 735 | * as specified in 3GPP TS 24.082 here, SGs association state shall not |
| 736 | * be changed */ |
| 737 | LOGSGC(sgc, LOGL_ERROR, |
| 738 | "Rx %s with SGSAP_SGS_CAUSE_MT_CSFB_REJ_USER, but sending UDUP is not implemented yet!\n", |
| 739 | sgsap_msg_type_name(msg->data[0])); |
| 740 | } else if (cause == SGSAP_SGS_CAUSE_IMSI_DET_EPS) { |
| 741 | /* FIXME: In this case we should send the paging via A/Iu interface */ |
| 742 | OSMO_ASSERT(false); |
| 743 | } |
| 744 | |
Neels Hofmeyr | 7c5346c | 2019-02-19 02:36:35 +0100 | [diff] [blame] | 745 | vlr_subscr_put(vsub, __func__); |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 746 | return 0; |
| 747 | } |
| 748 | |
| 749 | /* SGsAP-UE-UNREACHABLE 3GPP TS 29.118, chapter 8.21 */ |
| 750 | static int sgs_rx_ue_unr(struct sgs_connection *sgc, struct msgb *msg, const struct tlv_parsed *tp, char *imsi) |
| 751 | { |
| 752 | int cause; |
| 753 | |
| 754 | cause = sgs_cause_from_msg(sgc, msg, tp, NULL); |
| 755 | if (cause < 0) |
| 756 | return 0; |
| 757 | |
| 758 | vlr_sgs_ue_unr(gsm_network->vlr, imsi, cause); |
| 759 | |
| 760 | return 0; |
| 761 | } |
| 762 | |
| 763 | /* SGsAP-TMSI-REALLOCATION-COMPLETE 3GPP TS 29.118, chapter 8.19 */ |
| 764 | static int sgs_rx_tmsi_reall_cmpl(struct sgs_connection *sgc, struct msgb *msg, const struct tlv_parsed *tp, char *imsi) |
| 765 | { |
| 766 | vlr_sgs_tmsi_reall_compl(gsm_network->vlr, imsi); |
| 767 | return 0; |
| 768 | } |
| 769 | |
| 770 | /* SGsAP-SERVICE-REQUEST 3GPP TS 29.118, chapter 8.17 */ |
| 771 | static int sgs_rx_service_req(struct sgs_connection *sgc, struct msgb *msg, const struct tlv_parsed *tp, char *imsi) |
| 772 | { |
| 773 | enum sgsap_service_ind serv_ind; |
| 774 | const uint8_t *serv_ind_ie; |
Neels Hofmeyr | c4628a3 | 2018-12-07 14:47:34 +0100 | [diff] [blame] | 775 | struct msc_a *msc_a; |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 776 | struct vlr_subscr *vsub; |
| 777 | |
| 778 | /* Note: While in other RAN concepts a service request is used to |
| 779 | * initiate mobile originated operation, the service request in SGsAP |
| 780 | * is comparable to a paging response. The SGsAP SERVICE REQUEST must |
| 781 | * not be confused or compared with a CM SERVICE REQUEST! */ |
| 782 | |
| 783 | if (!check_sgs_association(sgc, msg, imsi)) |
| 784 | return 0; |
| 785 | |
Neels Hofmeyr | 7c5346c | 2019-02-19 02:36:35 +0100 | [diff] [blame] | 786 | vsub = vlr_subscr_find_by_imsi(gsm_network->vlr, imsi, __func__); |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 787 | /* Note: vsub is already sufficiently verified by check_sgs_association(), |
| 788 | * we must have a vsub at this point! */ |
| 789 | OSMO_ASSERT(vsub); |
| 790 | |
| 791 | /* The Service request is intended as a paging response, if one is |
| 792 | * received while nothing is paging something is very wrong! */ |
| 793 | if (!vlr_sgs_pag_pend(vsub)) { |
Neels Hofmeyr | 7c5346c | 2019-02-19 02:36:35 +0100 | [diff] [blame] | 794 | vlr_subscr_put(vsub, __func__); |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 795 | return sgs_tx_status(sgc, imsi, SGSAP_SGS_CAUSE_MSG_INCOMP_STATE, msg, -1); |
| 796 | } |
| 797 | serv_ind_ie = TLVP_VAL_MINLEN(tp, SGSAP_IE_SERVICE_INDICATOR, 1); |
| 798 | |
| 799 | if (!serv_ind_ie) { |
Neels Hofmeyr | 7c5346c | 2019-02-19 02:36:35 +0100 | [diff] [blame] | 800 | vlr_subscr_put(vsub, __func__); |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 801 | return sgs_tx_status(sgc, imsi, SGSAP_SGS_CAUSE_MISSING_MAND_IE, msg, SGSAP_IE_SERVICE_INDICATOR); |
| 802 | } |
| 803 | if (serv_ind_ie[0] == SGSAP_SERV_IND_CS_CALL) |
| 804 | serv_ind = serv_ind_ie[0]; |
| 805 | else if (serv_ind_ie[0] == SGSAP_SERV_IND_SMS) |
| 806 | serv_ind = serv_ind_ie[0]; |
| 807 | else { |
Neels Hofmeyr | 7c5346c | 2019-02-19 02:36:35 +0100 | [diff] [blame] | 808 | vlr_subscr_put(vsub, __func__); |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 809 | return sgs_tx_status(sgc, imsi, SGSAP_SGS_CAUSE_INVALID_MAND_IE, msg, SGSAP_IE_SERVICE_INDICATOR); |
| 810 | } |
| 811 | |
| 812 | /* FIXME: The MME shall include an UE EMM Mode IE, but the field is |
| 813 | * marked optional. (Why do we need this info at all?) */ |
| 814 | |
| 815 | /* Report to the VLR that the paging has successfully completed */ |
| 816 | vlr_sgs_pag_ack(gsm_network->vlr, imsi); |
| 817 | |
| 818 | /* Exit early when the service indicator indicates that a call is being |
| 819 | * established. In those cases we do not allocate a connection, instead |
| 820 | * the connection will be allocated when the MS is appearing on the |
| 821 | * A-Interface. */ |
| 822 | if (serv_ind == SGSAP_SERV_IND_CS_CALL) { |
Neels Hofmeyr | 7c5346c | 2019-02-19 02:36:35 +0100 | [diff] [blame] | 823 | vlr_subscr_put(vsub, __func__); |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 824 | return 0; |
| 825 | } |
| 826 | |
| 827 | /* Allocate subscriber connection */ |
Neels Hofmeyr | c4628a3 | 2018-12-07 14:47:34 +0100 | [diff] [blame] | 828 | msc_a = subscr_conn_allocate_sgs(sgc, vsub, true); |
| 829 | if (!msc_a) { |
Neels Hofmeyr | 7c5346c | 2019-02-19 02:36:35 +0100 | [diff] [blame] | 830 | vlr_subscr_put(vsub, __func__); |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 831 | return sgs_tx_status(sgc, imsi, SGSAP_SGS_CAUSE_MSG_INCOMP_STATE, msg, -1); |
| 832 | } |
| 833 | |
Neels Hofmeyr | c4628a3 | 2018-12-07 14:47:34 +0100 | [diff] [blame] | 834 | /* The msub has added a get() for the vsub, balance above vlr_subscr_find_by_imsi() */ |
Neels Hofmeyr | 7c5346c | 2019-02-19 02:36:35 +0100 | [diff] [blame] | 835 | vlr_subscr_put(vsub, __func__); |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 836 | return 0; |
| 837 | } |
| 838 | |
| 839 | /* SGsAP-UPLINK-UNITDATA 3GPP TS 29.118, chapter 8.22 */ |
| 840 | static int sgs_rx_ul_ud(struct sgs_connection *sgc, struct msgb *msg, const struct tlv_parsed *tp, char *imsi) |
| 841 | { |
Neels Hofmeyr | c4628a3 | 2018-12-07 14:47:34 +0100 | [diff] [blame] | 842 | struct msc_a *msc_a; |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 843 | const uint8_t *nas_msg_container_ie; |
| 844 | struct vlr_subscr *vsub; |
| 845 | |
| 846 | if (!check_sgs_association(sgc, msg, imsi)) |
| 847 | return 0; |
| 848 | |
Neels Hofmeyr | 7c5346c | 2019-02-19 02:36:35 +0100 | [diff] [blame] | 849 | vsub = vlr_subscr_find_by_imsi(gsm_network->vlr, imsi, __func__); |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 850 | /* Note: vsub is already sufficiently verified by check_sgs_association(), |
| 851 | * we must have a vsub at this point! */ |
| 852 | OSMO_ASSERT(vsub); |
| 853 | |
| 854 | /* Try to find existing connection (MT) or allocate a new one (MO) */ |
Neels Hofmeyr | c4628a3 | 2018-12-07 14:47:34 +0100 | [diff] [blame] | 855 | msc_a = msc_a_for_vsub(vsub, true); |
| 856 | if (!msc_a) |
| 857 | msc_a = subscr_conn_allocate_sgs(sgc, vsub, false); |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 858 | |
Neels Hofmeyr | 7c5346c | 2019-02-19 02:36:35 +0100 | [diff] [blame] | 859 | /* Balance above vlr_subscr_find_by_imsi() */ |
| 860 | vlr_subscr_put(vsub, __func__); |
| 861 | |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 862 | /* If we do not find an existing connection and allocating a new one |
| 863 | * faild, give up and return status. */ |
Neels Hofmeyr | c4628a3 | 2018-12-07 14:47:34 +0100 | [diff] [blame] | 864 | if (!msc_a) |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 865 | return sgs_tx_status(sgc, imsi, SGSAP_SGS_CAUSE_MSG_INCOMP_STATE, msg, 0); |
Neels Hofmeyr | c4628a3 | 2018-12-07 14:47:34 +0100 | [diff] [blame] | 866 | |
| 867 | if (msc_a->c.ran->type != OSMO_RAT_EUTRAN_SGS) { |
| 868 | LOGSGC(sgc, LOGL_ERROR, |
| 869 | "Receiving uplink unit-data for non-sgs connection -- discarding message!\n"); |
| 870 | return -EINVAL; |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 871 | } |
| 872 | |
| 873 | nas_msg_container_ie = TLVP_VAL_MINLEN(tp, SGSAP_IE_NAS_MSG_CONTAINER, 1); |
Neels Hofmeyr | c4628a3 | 2018-12-07 14:47:34 +0100 | [diff] [blame] | 874 | if (!nas_msg_container_ie) |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 875 | return sgs_tx_status(sgc, imsi, SGSAP_SGS_CAUSE_MISSING_MAND_IE, msg, SGSAP_IE_NAS_MSG_CONTAINER); |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 876 | |
| 877 | /* ran_conn_dtap expects the dtap payload in l3h */ |
Neels Hofmeyr | c4628a3 | 2018-12-07 14:47:34 +0100 | [diff] [blame] | 878 | msg->l3h = (uint8_t *)nas_msg_container_ie; |
| 879 | msc_a_up_l3(msc_a, msg); |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 880 | |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 881 | return 0; |
| 882 | } |
| 883 | |
| 884 | /* SGsAP-MO-CSFB-INDICATION, chapter 8.25 */ |
| 885 | static int sgs_rx_csfb_ind(struct sgs_connection *sgc, struct msgb *msg, const struct tlv_parsed *tp, char *imsi) |
| 886 | { |
| 887 | struct vlr_subscr *vsub; |
| 888 | |
| 889 | /* The MME informs us with this message that the UE has returned back |
| 890 | * to the 4G network, so we use the SGs interface again for further |
| 891 | * communication with the UE. */ |
| 892 | |
Neels Hofmeyr | 7c5346c | 2019-02-19 02:36:35 +0100 | [diff] [blame] | 893 | vsub = vlr_subscr_find_by_imsi(gsm_network->vlr, imsi, __func__); |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 894 | if (!vsub) |
| 895 | return sgs_tx_status(sgc, imsi, SGSAP_SGS_CAUSE_IMSI_UNKNOWN, msg, SGSAP_IE_IMSI); |
| 896 | |
| 897 | /* Check for lingering connections */ |
| 898 | subscr_conn_toss(vsub); |
| 899 | |
| 900 | vsub->cs.attached_via_ran = OSMO_RAT_EUTRAN_SGS; |
Neels Hofmeyr | 7c5346c | 2019-02-19 02:36:35 +0100 | [diff] [blame] | 901 | vlr_subscr_put(vsub, __func__); |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 902 | return 0; |
| 903 | } |
| 904 | |
| 905 | /* SGsAP-UE-ACTIVITY-INDICATION, chapter 8.20 */ |
| 906 | static int sgs_rx_ue_act_ind(struct sgs_connection *sgc, struct msgb *msg, const struct tlv_parsed *tp, char *imsi) |
| 907 | { |
| 908 | /* In this MSC/VLR implementation we do not support the alerting |
| 909 | * procedure yet and therefore we will never request any alerting |
| 910 | * at the MME. Given that it is unlikely that we ever get activity |
| 911 | * indications from the MME, but if we do we should not act all too |
| 912 | * hostile and ignore the indication silently. */ |
| 913 | |
| 914 | LOGSGC(sgc, LOGL_ERROR, "Rx %s unexpected, we do not implement alerting yet, ignoring!\n", |
| 915 | sgsap_msg_type_name(msg->data[0])); |
| 916 | |
| 917 | return 0; |
| 918 | } |
| 919 | |
| 920 | #define TX_STATUS_AND_LOG(sgc, msg_type, cause, fmt) \ |
| 921 | LOGSGC(sgc, LOGL_ERROR, fmt, sgsap_msg_type_name(msg_type)); \ |
| 922 | resp = gsm29118_create_status(NULL, cause, msg); \ |
| 923 | sgs_tx(sgc, resp); \ |
| 924 | |
| 925 | /*! Process incoming SGs message (see sgs_server.c) |
| 926 | * \param[in] sgc related sgs connection |
| 927 | * \param[in] msg received message |
| 928 | * \returns 0 in case of success, -EINVAL in case of error. */ |
| 929 | int sgs_iface_rx(struct sgs_connection *sgc, struct msgb *msg) |
| 930 | { |
| 931 | struct msgb *resp; |
| 932 | uint8_t msg_type = msg->l2h[0]; |
| 933 | struct tlv_parsed tp; |
| 934 | int rc; |
| 935 | char imsi[GSM48_MI_SIZE]; |
| 936 | char mme_name[SGS_MME_NAME_LEN + 1]; |
| 937 | |
| 938 | memset(imsi, 0, sizeof(imsi)); |
| 939 | memset(mme_name, 0, sizeof(mme_name)); |
| 940 | |
| 941 | /* When the receiving entity receives a message that is too short to contain a complete |
| 942 | * message type information element, the receiving entity shall ignore that message. */ |
| 943 | if (msgb_l2len(msg) < 1) |
| 944 | goto error; |
| 945 | |
| 946 | /* Parse TLV elements */ |
| 947 | rc = tlv_parse(&tp, &sgsap_ie_tlvdef, msgb_l2(msg) + 1, msgb_l2len(msg) - 1, 0, 0); |
| 948 | if (rc < 0) { |
| 949 | TX_STATUS_AND_LOG(sgc, msg_type, SGSAP_SGS_CAUSE_SEMANT_INCORR_MSG, "SGsAP Message %s parsing error\n"); |
| 950 | goto error; |
| 951 | } |
| 952 | |
| 953 | /* Most of the messages contain an IMSI as mandatory IE, parse it right here */ |
| 954 | if (!TLVP_PRESENT(&tp, SGSAP_IE_IMSI) && |
| 955 | msg_type != SGSAP_MSGT_STATUS && msg_type != SGSAP_MSGT_RESET_IND && msg_type != SGSAP_MSGT_RESET_ACK) { |
| 956 | /* reject the message; all but the three above have mandatory IMSI */ |
| 957 | TX_STATUS_AND_LOG(sgc, msg_type, SGSAP_SGS_CAUSE_MISSING_MAND_IE, |
| 958 | "SGsAP Message %s without IMSI, dropping\n"); |
| 959 | goto error; |
| 960 | } |
| 961 | |
| 962 | if (TLVP_PRESENT(&tp, SGSAP_IE_IMSI)) { |
| 963 | gsm48_mi_to_string(imsi, sizeof(imsi), TLVP_VAL(&tp, SGSAP_IE_IMSI), TLVP_LEN(&tp, SGSAP_IE_IMSI)); |
| 964 | if (strlen(imsi) < GSM23003_IMSI_MIN_DIGITS) { |
| 965 | TX_STATUS_AND_LOG(sgc, msg_type, SGSAP_SGS_CAUSE_INVALID_MAND_IE, |
| 966 | "SGsAP Message %s with short IMSI, dropping\n"); |
| 967 | goto error; |
| 968 | } |
| 969 | } |
| 970 | |
| 971 | /* Some messages contain an MME-NAME as mandatore IE, parse it right here. The |
| 972 | * MME-NAME is als immediately registered with the sgc, so it will be implicitly |
| 973 | * known to all functions that have access to the sgc context. */ |
| 974 | if (!TLVP_PRESENT(&tp, SGSAP_IE_MME_NAME) |
| 975 | && (msg_type == SGSAP_MSGT_RESET_IND || msg_type == SGSAP_MSGT_RESET_ACK |
| 976 | || msg_type == SGSAP_MSGT_LOC_UPD_REQ || msg_type == SGSAP_MSGT_IMSI_DET_IND |
| 977 | || msg_type == SGSAP_MSGT_EPS_DET_IND)) { |
| 978 | TX_STATUS_AND_LOG(sgc, msg_type, SGSAP_SGS_CAUSE_MISSING_MAND_IE, |
| 979 | "SGsAP Message %s without MME-Name, dropping\n"); |
| 980 | goto error; |
| 981 | } |
| 982 | |
| 983 | if (TLVP_PRESENT(&tp, SGSAP_IE_MME_NAME)) { |
| 984 | if (decode_mme_name(mme_name, &tp) != 0) { |
| 985 | TX_STATUS_AND_LOG(sgc, msg_type, SGSAP_SGS_CAUSE_INVALID_MAND_IE, |
| 986 | "SGsAP Message %s with invalid MME-Name, dropping\n"); |
| 987 | goto error; |
| 988 | } |
| 989 | /* Regsister/check mme_name with sgc */ |
| 990 | if (sgs_mme_fqdn_received(sgc, mme_name) < 0) { |
| 991 | TX_STATUS_AND_LOG(sgc, msg_type, SGSAP_SGS_CAUSE_MSG_INCOMP_STATE, |
| 992 | "SGsAP Message %s with invalid MME-Name, dropping\n"); |
| 993 | goto error; |
| 994 | } |
| 995 | } |
| 996 | |
| 997 | /* dispatch msg to various handler functions. msgb ownership remains here! */ |
| 998 | rc = -EINVAL; |
| 999 | switch (msg_type) { |
| 1000 | case SGSAP_MSGT_STATUS: |
| 1001 | rc = sgs_rx_status(sgc, msg, &tp, imsi); |
| 1002 | break; |
| 1003 | case SGSAP_MSGT_RESET_IND: |
| 1004 | rc = sgs_rx_reset_ind(sgc, msg, &tp); |
| 1005 | break; |
| 1006 | case SGSAP_MSGT_RESET_ACK: |
| 1007 | rc = sgs_rx_reset_ack(sgc, msg, &tp); |
| 1008 | break; |
| 1009 | case SGSAP_MSGT_LOC_UPD_REQ: |
| 1010 | rc = sgs_rx_loc_upd_req(sgc, msg, &tp, imsi); |
| 1011 | break; |
| 1012 | case SGSAP_MSGT_IMSI_DET_IND: |
| 1013 | rc = sgs_rx_imsi_det_ind(sgc, msg, &tp, imsi); |
| 1014 | break; |
| 1015 | case SGSAP_MSGT_EPS_DET_IND: |
| 1016 | rc = sgs_rx_eps_det_ind(sgc, msg, &tp, imsi); |
| 1017 | break; |
| 1018 | case SGSAP_MSGT_PAGING_REJ: |
| 1019 | rc = sgs_rx_pag_rej(sgc, msg, &tp, imsi); |
| 1020 | break; |
| 1021 | case SGSAP_MSGT_UE_UNREACHABLE: |
| 1022 | rc = sgs_rx_ue_unr(sgc, msg, &tp, imsi); |
| 1023 | break; |
| 1024 | case SGSAP_MSGT_TMSI_REALL_CMPL: |
| 1025 | rc = sgs_rx_tmsi_reall_cmpl(sgc, msg, &tp, imsi); |
| 1026 | break; |
| 1027 | case SGSAP_MSGT_SERVICE_REQ: |
| 1028 | rc = sgs_rx_service_req(sgc, msg, &tp, imsi); |
| 1029 | break; |
| 1030 | case SGSAP_MSGT_UL_UD: |
| 1031 | rc = sgs_rx_ul_ud(sgc, msg, &tp, imsi); |
| 1032 | break; |
| 1033 | case SGSAP_MSGT_MO_CSFB_IND: |
| 1034 | rc = sgs_rx_csfb_ind(sgc, msg, &tp, imsi); |
| 1035 | break; |
| 1036 | case SGSAP_MSGT_UE_ACT_IND: |
| 1037 | rc = sgs_rx_ue_act_ind(sgc, msg, &tp, imsi); |
| 1038 | break; |
| 1039 | case SGSAP_MSGT_ALERT_ACK: |
| 1040 | case SGSAP_MSGT_ALERT_REJ: |
| 1041 | LOGSGC(sgc, LOGL_ERROR, "Rx unmplemented SGsAP %s: %s\n", |
| 1042 | sgsap_msg_type_name(msg_type), msgb_hexdump(msg)); |
| 1043 | resp = gsm29118_create_status(imsi, SGSAP_SGS_CAUSE_MSG_UNKNOWN, msg); |
| 1044 | sgs_tx(sgc, resp); |
| 1045 | rc = 0; |
| 1046 | break; |
| 1047 | default: |
| 1048 | LOGSGC(sgc, LOGL_ERROR, "Rx unknown SGsAP message type 0x%02x: %s\n", msg_type, msgb_hexdump(msg)); |
| 1049 | resp = gsm29118_create_status(imsi, SGSAP_SGS_CAUSE_MSG_UNKNOWN, msg); |
| 1050 | sgs_tx(sgc, resp); |
| 1051 | rc = 0; |
| 1052 | break; |
| 1053 | } |
| 1054 | |
| 1055 | /* Catch unhandled errors */ |
| 1056 | if (rc < 0) { |
| 1057 | /* Note: Usually the sgs_rx_ should catch errors locally and |
| 1058 | * eimit a status message with proper cause code, including |
| 1059 | * a suitable log message. If we end up here, something is |
| 1060 | * not right and should be fixed */ |
| 1061 | LOGSGC(sgc, LOGL_ERROR, "Rx unable to decode SGsAP %s: %s\n", |
| 1062 | sgsap_msg_type_name(msg_type), msgb_hexdump(msg)); |
| 1063 | resp = gsm29118_create_status(imsi, SGSAP_SGS_CAUSE_MSG_UNKNOWN, msg); |
| 1064 | sgs_tx(sgc, resp); |
| 1065 | } |
| 1066 | |
| 1067 | error: |
| 1068 | msgb_free(msg); |
| 1069 | return 0; |
| 1070 | } |
| 1071 | |
| 1072 | /*********************************************************************** |
| 1073 | * SGs connection "VLR Reset Procedure" FSM |
| 1074 | ***********************************************************************/ |
| 1075 | |
| 1076 | static const struct value_string sgs_vlr_reset_fsm_event_names[] = { |
| 1077 | {SGS_VLRR_E_START_RESET, "START-RESET"}, |
| 1078 | {SGS_VLRR_E_RX_RESET_ACK, "RX-RESET-ACK"}, |
| 1079 | {0, NULL} |
| 1080 | }; |
| 1081 | |
| 1082 | static void sgs_vlr_reset_fsm_null(struct osmo_fsm_inst *fi, uint32_t event, void *data) |
| 1083 | { |
| 1084 | switch (event) { |
| 1085 | case SGS_VLRR_E_RX_RESET_ACK: |
| 1086 | break; |
| 1087 | default: |
| 1088 | OSMO_ASSERT(0); |
| 1089 | break; |
| 1090 | } |
| 1091 | } |
| 1092 | |
| 1093 | static void sgs_vlr_reset_fsm_wait_ack(struct osmo_fsm_inst *fi, uint32_t event, void *data) |
| 1094 | { |
| 1095 | switch (event) { |
| 1096 | case SGS_VLRR_E_RX_RESET_ACK: |
| 1097 | osmo_fsm_inst_state_chg(fi, SGS_VLRR_ST_COMPLETE, 0, 0); |
| 1098 | break; |
| 1099 | default: |
| 1100 | OSMO_ASSERT(0); |
| 1101 | break; |
| 1102 | } |
| 1103 | } |
| 1104 | |
| 1105 | static void sgs_vlr_reset_fsm_complete(struct osmo_fsm_inst *fi, uint32_t event, void *data) |
| 1106 | { |
| 1107 | switch (event) { |
| 1108 | case SGS_VLRR_E_RX_RESET_ACK: |
| 1109 | break; |
| 1110 | default: |
| 1111 | OSMO_ASSERT(0); |
| 1112 | break; |
| 1113 | } |
| 1114 | } |
| 1115 | |
| 1116 | static void sgs_vlr_reset_fsm_allstate(struct osmo_fsm_inst *fi, uint32_t event, void *data) |
| 1117 | { |
| 1118 | struct msgb *reset_ind; |
| 1119 | struct gsm29118_reset_msg reset_params; |
| 1120 | struct sgs_mme_ctx *mme = (struct sgs_mme_ctx *)fi->priv; |
| 1121 | struct sgs_connection *sgc = mme->conn; |
| 1122 | struct sgs_state *sgs = mme->sgs; |
| 1123 | |
| 1124 | switch (event) { |
| 1125 | case SGS_VLRR_E_START_RESET: |
| 1126 | osmo_fsm_inst_state_chg(fi, SGS_VLRR_ST_NULL, 0, 0); |
| 1127 | mme->ns11_remaining = sgs->cfg.counter[SGS_STATE_NS11]; |
| 1128 | /* send a reset message and enter WAIT_ACK state */ |
| 1129 | memset(&reset_params, 0, sizeof(reset_params)); |
| 1130 | osmo_strlcpy(reset_params.vlr_name, sgs->cfg.vlr_name, sizeof(reset_params.vlr_name)); |
| 1131 | reset_params.vlr_name_present = true; |
| 1132 | reset_ind = gsm29118_create_reset_ind(&reset_params); |
| 1133 | sgs_tx(sgc, reset_ind); |
Philipp Maier | 483cea8 | 2019-04-03 16:23:29 +0200 | [diff] [blame] | 1134 | |
| 1135 | /* Perform a reset of the SGS FSM of all subscribers that are present in the VLR */ |
| 1136 | vlr_sgs_reset(gsm_network->vlr); |
| 1137 | |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 1138 | osmo_fsm_inst_state_chg(fi, SGS_VLRR_ST_WAIT_ACK, sgs->cfg.timer[SGS_STATE_TS11], 11); |
| 1139 | break; |
| 1140 | default: |
| 1141 | OSMO_ASSERT(0); |
| 1142 | break; |
| 1143 | } |
| 1144 | } |
| 1145 | |
| 1146 | static int sgs_vlr_reset_fsm_timer_cb(struct osmo_fsm_inst *fi) |
| 1147 | { |
| 1148 | struct msgb *reset_ind; |
| 1149 | struct gsm29118_reset_msg reset_params; |
| 1150 | struct sgs_mme_ctx *mme = (struct sgs_mme_ctx *)fi->priv; |
| 1151 | struct sgs_connection *sgc = mme->conn; |
| 1152 | struct sgs_state *sgs = mme->sgs; |
| 1153 | |
| 1154 | switch (fi->T) { |
| 1155 | case 11: |
| 1156 | if (mme->ns11_remaining >= 1) { |
| 1157 | memset(&reset_params, 0, sizeof(reset_params)); |
| 1158 | osmo_strlcpy(reset_params.vlr_name, sgs->cfg.vlr_name, sizeof(reset_params.vlr_name)); |
| 1159 | reset_params.vlr_name_present = true; |
| 1160 | reset_ind = gsm29118_create_reset_ind(&reset_params); |
| 1161 | sgs_tx(sgc, reset_ind); |
| 1162 | osmo_fsm_inst_state_chg(fi, SGS_VLRR_ST_WAIT_ACK, sgs->cfg.timer[SGS_STATE_TS11], 11); |
| 1163 | mme->ns11_remaining--; |
| 1164 | } else { |
| 1165 | LOGMME(mme, LOGL_ERROR, "Ts11 expired more than %u (Ns11) times, giving up\n", |
Vadim Yanitskiy | e9ef7c6 | 2019-02-23 16:04:17 +0700 | [diff] [blame] | 1166 | sgs->cfg.counter[SGS_STATE_NS11]); |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 1167 | osmo_fsm_inst_state_chg(fi, SGS_VLRR_ST_NULL, 0, 0); |
| 1168 | } |
| 1169 | break; |
| 1170 | default: |
| 1171 | OSMO_ASSERT(0); |
| 1172 | break; |
| 1173 | } |
| 1174 | return 0; |
| 1175 | } |
| 1176 | |
| 1177 | static const struct osmo_fsm_state sgs_vlr_reset_fsm_states[] = { |
| 1178 | [SGS_VLRR_ST_NULL] = { |
| 1179 | /* We haven't even tried yet to send a RESET */ |
| 1180 | .name = "NULL", |
| 1181 | .action = sgs_vlr_reset_fsm_null, |
| 1182 | .in_event_mask = S(SGS_VLRR_E_RX_RESET_ACK), |
| 1183 | .out_state_mask = S(SGS_VLRR_ST_NULL) | S(SGS_VLRR_ST_WAIT_ACK), |
| 1184 | }, |
| 1185 | [SGS_VLRR_ST_WAIT_ACK] = { |
| 1186 | /* We're waiting for a SGsAP_RESET_ACK */ |
| 1187 | .name = "WAIT-ACK", |
| 1188 | .action = sgs_vlr_reset_fsm_wait_ack, |
| 1189 | .in_event_mask = S(SGS_VLRR_E_RX_RESET_ACK), |
| 1190 | .out_state_mask = S(SGS_VLRR_ST_NULL) | |
| 1191 | S(SGS_VLRR_ST_COMPLETE) | S(SGS_VLRR_ST_WAIT_ACK), |
| 1192 | }, |
| 1193 | [SGS_VLRR_ST_COMPLETE] = { |
| 1194 | /* Reset procedure to this MME has been completed */ |
| 1195 | .name = "COMPLETE", |
| 1196 | .action = sgs_vlr_reset_fsm_complete, |
| 1197 | .in_event_mask = S(SGS_VLRR_E_RX_RESET_ACK), |
| 1198 | .out_state_mask = S(SGS_VLRR_ST_NULL) | S(SGS_VLRR_ST_COMPLETE), |
| 1199 | }, |
| 1200 | }; |
| 1201 | |
| 1202 | static struct osmo_fsm sgs_vlr_reset_fsm = { |
| 1203 | .name = "SGs-VLR-RESET", |
| 1204 | .states = sgs_vlr_reset_fsm_states, |
Philipp Maier | 483cea8 | 2019-04-03 16:23:29 +0200 | [diff] [blame] | 1205 | .num_states = ARRAY_SIZE(sgs_vlr_reset_fsm_states), |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 1206 | .allstate_event_mask = S(SGS_VLRR_E_START_RESET), |
| 1207 | .allstate_action = sgs_vlr_reset_fsm_allstate, |
| 1208 | .timer_cb = sgs_vlr_reset_fsm_timer_cb, |
| 1209 | .log_subsys = DSGS, |
| 1210 | .event_names = sgs_vlr_reset_fsm_event_names, |
| 1211 | }; |
| 1212 | |
| 1213 | /*! Send unit-data through SGs interface (see msc_ifaces.c) |
| 1214 | * \param[in] msg layer 3 message to send. |
| 1215 | * \returns 0 in case of success, -EINVAL in case of error. */ |
Neels Hofmeyr | c4628a3 | 2018-12-07 14:47:34 +0100 | [diff] [blame] | 1216 | int sgs_iface_tx_dtap_ud(struct msc_a *msc_a, struct msgb *msg) |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 1217 | { |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 1218 | struct msgb *msg_sgs; |
| 1219 | struct sgs_mme_ctx *mme; |
| 1220 | int rc = -EINVAL; |
Neels Hofmeyr | c4628a3 | 2018-12-07 14:47:34 +0100 | [diff] [blame] | 1221 | struct vlr_subscr *vsub = msc_a_vsub(msc_a); |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 1222 | |
Neels Hofmeyr | c4628a3 | 2018-12-07 14:47:34 +0100 | [diff] [blame] | 1223 | OSMO_ASSERT(vsub); |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 1224 | |
| 1225 | mme = sgs_mme_ctx_by_vsub(vsub, SGSAP_MSGT_DL_UD); |
| 1226 | if (!mme) |
| 1227 | goto error; |
| 1228 | |
| 1229 | /* Make sure the subscriber has a valid SGs association, otherwise |
| 1230 | * don't let unit-data through. */ |
| 1231 | if (vsub->sgs_fsm->state != SGS_UE_ST_ASSOCIATED) { |
Neels Hofmeyr | c4628a3 | 2018-12-07 14:47:34 +0100 | [diff] [blame] | 1232 | LOG_MSC_A(msc_a, LOGL_NOTICE, "Cannot Tx %s: subscriber not SGs-associated\n", |
| 1233 | sgsap_msg_type_name(SGSAP_MSGT_DL_UD)); |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 1234 | goto error; |
| 1235 | } |
| 1236 | |
| 1237 | msg_sgs = gsm29118_create_dl_ud(vsub->imsi, msg); |
| 1238 | sgs_tx(mme->conn, msg_sgs); |
| 1239 | rc = 0; |
| 1240 | |
| 1241 | error: |
| 1242 | msgb_free(msg); |
| 1243 | return rc; |
| 1244 | } |
| 1245 | |
Neels Hofmeyr | c4628a3 | 2018-12-07 14:47:34 +0100 | [diff] [blame] | 1246 | void sgs_iface_tx_release(struct vlr_subscr *vsub) |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 1247 | { |
| 1248 | struct msgb *msg_sgs; |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 1249 | struct sgs_mme_ctx *mme; |
| 1250 | |
Neels Hofmeyr | c4628a3 | 2018-12-07 14:47:34 +0100 | [diff] [blame] | 1251 | OSMO_ASSERT(vsub); |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 1252 | |
| 1253 | mme = sgs_mme_ctx_by_vsub(vsub, SGSAP_MSGT_DL_UD); |
| 1254 | if (!mme) |
| 1255 | return; |
| 1256 | |
| 1257 | msg_sgs = gsm29118_create_release_req(vsub->imsi, 0); |
| 1258 | sgs_tx(mme->conn, msg_sgs); |
| 1259 | } |
| 1260 | |
| 1261 | /*! initalize SGs new interface |
| 1262 | * \param[in] ctx talloc context |
| 1263 | * \param[in] network associated gsm network |
| 1264 | * \returns returns allocated sgs_stae, NULL in case of error. */ |
| 1265 | struct sgs_state *sgs_iface_init(void *ctx, struct gsm_network *network) |
| 1266 | { |
| 1267 | struct sgs_state *sgs; |
| 1268 | |
| 1269 | gsm_network = network; |
| 1270 | |
| 1271 | sgs = sgs_server_alloc(ctx); |
| 1272 | OSMO_ASSERT(sgs); |
| 1273 | |
| 1274 | /* We currently only support one SGs instance */ |
| 1275 | if (g_sgs) |
| 1276 | return NULL; |
| 1277 | g_sgs = sgs; |
| 1278 | |
Harald Welte | 0df904d | 2018-12-03 11:00:04 +0100 | [diff] [blame] | 1279 | return sgs; |
| 1280 | } |
Vadim Yanitskiy | 4eaefc2 | 2019-03-21 20:55:19 +0700 | [diff] [blame] | 1281 | |
| 1282 | static __attribute__((constructor)) void on_dso_load(void) |
| 1283 | { |
| 1284 | OSMO_ASSERT(osmo_fsm_register(&sgs_vlr_reset_fsm) == 0); |
| 1285 | } |