Philipp Maier | fbf6610 | 2017-04-09 12:32:51 +0200 | [diff] [blame] | 1 | /* (C) 2017 by Sysmocom s.f.m.c. GmbH |
| 2 | * All Rights Reserved |
| 3 | * |
| 4 | * Author: Philipp Maier |
| 5 | * |
| 6 | * This program is free software; you can redistribute it and/or modify |
| 7 | * it under the terms of the GNU Affero General Public License as published by |
| 8 | * the Free Software Foundation; either version 3 of the License, or |
| 9 | * (at your option) any later version. |
| 10 | * |
| 11 | * This program is distributed in the hope that it will be useful, |
| 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 14 | * GNU Affero General Public License for more details. |
| 15 | * |
| 16 | * You should have received a copy of the GNU Affero General Public License |
| 17 | * along with this program. If not, see <http://www.gnu.org/licenses/>. |
| 18 | * |
| 19 | */ |
| 20 | |
| 21 | #include <osmocom/core/utils.h> |
| 22 | #include <osmocom/core/msgb.h> |
| 23 | #include <osmocom/core/logging.h> |
| 24 | #include <osmocom/sigtran/sccp_helpers.h> |
| 25 | #include <osmocom/sccp/sccp_types.h> |
| 26 | #include <osmocom/gsm/gsm0808.h> |
Max | 43b01b0 | 2017-09-15 11:22:30 +0200 | [diff] [blame] | 27 | #include <osmocom/gsm/gsm48.h> |
Philipp Maier | fbf6610 | 2017-04-09 12:32:51 +0200 | [diff] [blame] | 28 | #include <osmocom/gsm/gsm0808_utils.h> |
Neels Hofmeyr | 9084396 | 2017-09-04 15:04:35 +0200 | [diff] [blame] | 29 | #include <osmocom/msc/debug.h> |
| 30 | #include <osmocom/msc/gsm_data.h> |
| 31 | #include <osmocom/msc/a_iface_bssap.h> |
| 32 | #include <osmocom/msc/a_iface.h> |
| 33 | #include <osmocom/msc/osmo_msc.h> |
Philipp Maier | fbf6610 | 2017-04-09 12:32:51 +0200 | [diff] [blame] | 34 | #include <osmocom/core/byteswap.h> |
Neels Hofmeyr | 9084396 | 2017-09-04 15:04:35 +0200 | [diff] [blame] | 35 | #include <osmocom/msc/a_reset.h> |
Max | 43b01b0 | 2017-09-15 11:22:30 +0200 | [diff] [blame] | 36 | #include <osmocom/msc/transaction.h> |
| 37 | |
| 38 | #include <errno.h> |
Philipp Maier | fbf6610 | 2017-04-09 12:32:51 +0200 | [diff] [blame] | 39 | |
| 40 | #define IP_V4_ADDR_LEN 4 |
| 41 | |
| 42 | /* |
| 43 | * Helper functions to lookup and allocate subscribers |
| 44 | */ |
| 45 | |
| 46 | /* Allocate a new subscriber connection */ |
| 47 | static struct gsm_subscriber_connection *subscr_conn_allocate_a(const struct a_conn_info *a_conn_info, |
| 48 | struct gsm_network *network, |
| 49 | uint16_t lac, struct osmo_sccp_user *scu, int conn_id) |
| 50 | { |
| 51 | struct gsm_subscriber_connection *conn; |
| 52 | |
| 53 | LOGP(DMSC, LOGL_NOTICE, "Allocating A-Interface subscriber conn: lac %i, conn_id %i\n", lac, conn_id); |
| 54 | |
| 55 | conn = talloc_zero(network, struct gsm_subscriber_connection); |
| 56 | if (!conn) |
| 57 | return NULL; |
| 58 | |
| 59 | conn->network = network; |
| 60 | conn->via_ran = RAN_GERAN_A; |
| 61 | conn->lac = lac; |
| 62 | |
| 63 | conn->a.conn_id = conn_id; |
| 64 | conn->a.scu = scu; |
| 65 | |
| 66 | /* Also backup the calling address of the BSC, this allows us to |
| 67 | * identify later which BSC is responsible for this subscriber connection */ |
| 68 | memcpy(&conn->a.bsc_addr, a_conn_info->bsc_addr, sizeof(conn->a.bsc_addr)); |
| 69 | |
| 70 | llist_add_tail(&conn->entry, &network->subscr_conns); |
| 71 | LOGP(DMSC, LOGL_NOTICE, "A-Interface subscriber connection successfully allocated!\n"); |
| 72 | return conn; |
| 73 | } |
| 74 | |
| 75 | /* Return an existing A subscriber connection record for the given |
| 76 | * connection IDs, or return NULL if not found. */ |
| 77 | static struct gsm_subscriber_connection *subscr_conn_lookup_a(const struct gsm_network *network, int conn_id) |
| 78 | { |
| 79 | struct gsm_subscriber_connection *conn; |
| 80 | |
| 81 | OSMO_ASSERT(network); |
| 82 | |
| 83 | DEBUGP(DMSC, "Looking for A subscriber: conn_id %i\n", conn_id); |
| 84 | |
| 85 | /* FIXME: log_subscribers() is defined in iucs.c as static inline, if |
| 86 | * maybe this function should be public to reach it from here? */ |
| 87 | /* log_subscribers(network); */ |
| 88 | |
| 89 | llist_for_each_entry(conn, &network->subscr_conns, entry) { |
| 90 | if (conn->via_ran == RAN_GERAN_A && conn->a.conn_id == conn_id) { |
| 91 | DEBUGP(DIUCS, "Found A subscriber for conn_id %i\n", conn_id); |
| 92 | return conn; |
| 93 | } |
| 94 | } |
| 95 | DEBUGP(DMSC, "No A subscriber found for conn_id %i\n", conn_id); |
| 96 | return NULL; |
| 97 | } |
| 98 | |
| 99 | /* |
| 100 | * BSSMAP handling for UNITDATA |
| 101 | */ |
| 102 | |
| 103 | /* Endpoint to handle BSSMAP reset */ |
| 104 | static void bssmap_rx_reset(struct osmo_sccp_user *scu, const struct a_conn_info *a_conn_info, struct msgb *msg) |
| 105 | { |
| 106 | struct gsm_network *network = a_conn_info->network; |
| 107 | struct osmo_ss7_instance *ss7; |
| 108 | |
| 109 | ss7 = osmo_ss7_instance_find(network->a.cs7_instance); |
| 110 | OSMO_ASSERT(ss7); |
| 111 | |
| 112 | LOGP(DMSC, LOGL_NOTICE, "Rx RESET from BSC %s, sending RESET ACK\n", |
| 113 | osmo_sccp_addr_name(ss7, a_conn_info->bsc_addr)); |
| 114 | osmo_sccp_tx_unitdata_msg(scu, a_conn_info->msc_addr, a_conn_info->bsc_addr, gsm0808_create_reset_ack()); |
| 115 | |
| 116 | /* Make sure all orphand subscriber connections will be cleard */ |
| 117 | a_clear_all(scu, a_conn_info->bsc_addr); |
| 118 | |
| 119 | msgb_free(msg); |
| 120 | } |
| 121 | |
| 122 | /* Endpoint to handle BSSMAP reset acknowlegement */ |
| 123 | static void bssmap_rx_reset_ack(const struct osmo_sccp_user *scu, const struct a_conn_info *a_conn_info, |
| 124 | struct msgb *msg) |
| 125 | { |
| 126 | |
| 127 | struct gsm_network *network = a_conn_info->network; |
| 128 | struct osmo_ss7_instance *ss7; |
| 129 | |
| 130 | ss7 = osmo_ss7_instance_find(network->a.cs7_instance); |
| 131 | OSMO_ASSERT(ss7); |
| 132 | |
| 133 | if (a_conn_info->reset == NULL) { |
| 134 | LOGP(DMSC, LOGL_ERROR, "Received RESET ACK from an unknown BSC %s, ignoring...\n", |
| 135 | osmo_sccp_addr_name(ss7, a_conn_info->bsc_addr)); |
| 136 | goto fail; |
| 137 | } |
| 138 | |
| 139 | LOGP(DMSC, LOGL_NOTICE, "Received RESET ACK from BSC %s\n", osmo_sccp_addr_name(ss7, a_conn_info->bsc_addr)); |
| 140 | |
| 141 | /* Confirm that we managed to get the reset ack message |
| 142 | * towards the connection reset logic */ |
| 143 | a_reset_ack_confirm(a_conn_info->reset); |
| 144 | |
| 145 | fail: |
| 146 | msgb_free(msg); |
| 147 | } |
| 148 | |
| 149 | /* Handle UNITDATA BSSMAP messages */ |
| 150 | static void bssmap_rcvmsg_udt(struct osmo_sccp_user *scu, const struct a_conn_info *a_conn_info, struct msgb *msg) |
| 151 | { |
| 152 | /* Note: When in the MSC role, RESET ACK is the only valid message that |
| 153 | * can be received via UNITDATA */ |
| 154 | |
| 155 | if (msgb_l3len(msg) < 1) { |
| 156 | LOGP(DMSC, LOGL_NOTICE, "Error: No data received -- discarding message!\n"); |
Philipp Maier | 4502f5f | 2017-09-07 11:39:58 +0200 | [diff] [blame] | 157 | msgb_free(msg); |
Philipp Maier | fbf6610 | 2017-04-09 12:32:51 +0200 | [diff] [blame] | 158 | return; |
| 159 | } |
| 160 | |
| 161 | LOGP(DMSC, LOGL_NOTICE, "Rx BSC UDT BSSMAP %s\n", gsm0808_bssmap_name(msg->l3h[0])); |
| 162 | |
| 163 | switch (msg->l3h[0]) { |
| 164 | case BSS_MAP_MSG_RESET: |
| 165 | bssmap_rx_reset(scu, a_conn_info, msg); |
| 166 | break; |
| 167 | case BSS_MAP_MSG_RESET_ACKNOWLEDGE: |
| 168 | bssmap_rx_reset_ack(scu, a_conn_info, msg); |
| 169 | break; |
| 170 | default: |
| 171 | LOGP(DMSC, LOGL_NOTICE, "Unimplemented message format: %s -- message discarded!\n", |
| 172 | gsm0808_bssmap_name(msg->l3h[0])); |
| 173 | msgb_free(msg); |
| 174 | } |
| 175 | } |
| 176 | |
| 177 | /* Receive incoming connection less data messages via sccp */ |
Neels Hofmeyr | c1d6925 | 2017-12-18 04:06:04 +0100 | [diff] [blame] | 178 | void a_sccp_rx_udt(struct osmo_sccp_user *scu, const struct a_conn_info *a_conn_info, struct msgb *msg) |
Philipp Maier | fbf6610 | 2017-04-09 12:32:51 +0200 | [diff] [blame] | 179 | { |
| 180 | /* Note: The only valid message type that can be received |
| 181 | * via UNITDATA are BSS Management messages */ |
| 182 | struct bssmap_header *bs; |
| 183 | |
| 184 | OSMO_ASSERT(scu); |
| 185 | OSMO_ASSERT(a_conn_info); |
| 186 | OSMO_ASSERT(msg); |
| 187 | |
| 188 | LOGP(DMSC, LOGL_NOTICE, "Rx BSC UDT: %s\n", osmo_hexdump(msgb_l2(msg), msgb_l2len(msg))); |
| 189 | |
| 190 | if (msgb_l2len(msg) < sizeof(*bs)) { |
| 191 | LOGP(DMSC, LOGL_ERROR, "Error: Header is too short -- discarding message!\n"); |
| 192 | msgb_free(msg); |
| 193 | return; |
| 194 | } |
| 195 | |
| 196 | bs = (struct bssmap_header *)msgb_l2(msg); |
| 197 | if (bs->length < msgb_l2len(msg) - sizeof(*bs)) { |
| 198 | LOGP(DMSC, LOGL_ERROR, "Error: Message is too short -- discarding message!\n"); |
| 199 | msgb_free(msg); |
| 200 | return; |
| 201 | } |
| 202 | |
| 203 | switch (bs->type) { |
| 204 | case BSSAP_MSG_BSS_MANAGEMENT: |
| 205 | msg->l3h = &msg->l2h[sizeof(struct bssmap_header)]; |
| 206 | bssmap_rcvmsg_udt(scu, a_conn_info, msg); |
| 207 | break; |
| 208 | default: |
| 209 | LOGP(DMSC, LOGL_ERROR, |
| 210 | "Error: Unimplemented message type: %s -- message discarded!\n", gsm0808_bssmap_name(bs->type)); |
| 211 | msgb_free(msg); |
| 212 | } |
| 213 | } |
| 214 | |
| 215 | /* |
| 216 | * BSSMAP handling for connection oriented data |
| 217 | */ |
| 218 | |
| 219 | /* Endpoint to handle BSSMAP clear request */ |
| 220 | static int bssmap_rx_clear_rqst(struct osmo_sccp_user *scu, const struct a_conn_info *a_conn_info, struct msgb *msg) |
| 221 | { |
| 222 | struct gsm_network *network = a_conn_info->network; |
| 223 | struct tlv_parsed tp; |
| 224 | int rc; |
| 225 | struct msgb *msg_resp; |
| 226 | uint8_t cause; |
| 227 | struct gsm_subscriber_connection *conn; |
| 228 | |
| 229 | LOGP(DMSC, LOGL_NOTICE, "BSC requested to clear connection (conn_id=%i)\n", a_conn_info->conn_id); |
| 230 | |
| 231 | tlv_parse(&tp, gsm0808_att_tlvdef(), msg->l3h + 1, msgb_l3len(msg) - 1, 0, 0); |
| 232 | if (!TLVP_PRESENT(&tp, GSM0808_IE_CAUSE)) { |
| 233 | LOGP(DMSC, LOGL_ERROR, "Cause code is missing -- discarding message!\n"); |
| 234 | goto fail; |
| 235 | } |
| 236 | cause = TLVP_VAL(&tp, GSM0808_IE_CAUSE)[0]; |
| 237 | |
| 238 | /* Respond with clear command */ |
| 239 | msg_resp = gsm0808_create_clear_command(GSM0808_CAUSE_CALL_CONTROL); |
| 240 | rc = osmo_sccp_tx_data_msg(scu, a_conn_info->conn_id, msg_resp); |
| 241 | |
| 242 | /* If possible, inform the MSC about the clear request */ |
| 243 | conn = subscr_conn_lookup_a(network, a_conn_info->conn_id); |
| 244 | if (!conn) |
| 245 | goto fail; |
| 246 | msc_clear_request(conn, cause); |
| 247 | |
| 248 | msgb_free(msg); |
| 249 | return rc; |
| 250 | |
| 251 | fail: |
| 252 | msgb_free(msg); |
| 253 | return -EINVAL; |
| 254 | } |
| 255 | |
| 256 | /* Endpoint to handle BSSMAP clear complete */ |
| 257 | static int bssmap_rx_clear_complete(struct osmo_sccp_user *scu, const struct a_conn_info *a_conn_info, struct msgb *msg) |
| 258 | { |
| 259 | int rc; |
| 260 | |
| 261 | LOGP(DMSC, LOGL_NOTICE, "Releasing connection (conn_id=%i)\n", a_conn_info->conn_id); |
| 262 | rc = osmo_sccp_tx_disconn(scu, a_conn_info->conn_id, |
| 263 | a_conn_info->msc_addr, SCCP_RELEASE_CAUSE_END_USER_ORIGINATED); |
| 264 | |
| 265 | /* Remove the record from the list with active connections. */ |
| 266 | a_delete_bsc_con(a_conn_info->conn_id); |
| 267 | |
| 268 | msgb_free(msg); |
| 269 | return rc; |
| 270 | } |
| 271 | |
| 272 | /* Endpoint to handle layer 3 complete messages */ |
| 273 | static int bssmap_rx_l3_compl(struct osmo_sccp_user *scu, const struct a_conn_info *a_conn_info, struct msgb *msg) |
| 274 | { |
| 275 | struct tlv_parsed tp; |
| 276 | struct { |
| 277 | uint8_t ident; |
| 278 | struct gsm48_loc_area_id lai; |
| 279 | uint16_t ci; |
| 280 | } __attribute__ ((packed)) lai_ci; |
| 281 | uint16_t mcc; |
| 282 | uint16_t mnc; |
| 283 | uint16_t lac; |
| 284 | uint8_t data_length; |
| 285 | const uint8_t *data; |
| 286 | int rc; |
| 287 | |
| 288 | struct gsm_network *network = a_conn_info->network; |
| 289 | struct gsm_subscriber_connection *conn; |
| 290 | |
| 291 | LOGP(DMSC, LOGL_NOTICE, "BSC has completed layer 3 connection (conn_id=%i)\n", a_conn_info->conn_id); |
| 292 | |
| 293 | tlv_parse(&tp, gsm0808_att_tlvdef(), msg->l3h + 1, msgb_l3len(msg) - 1, 0, 0); |
| 294 | if (!TLVP_PRESENT(&tp, GSM0808_IE_CELL_IDENTIFIER)) { |
| 295 | LOGP(DMSC, LOGL_ERROR, "Mandatory CELL IDENTIFIER not present -- discarding message!\n"); |
| 296 | goto fail; |
| 297 | } |
| 298 | if (!TLVP_PRESENT(&tp, GSM0808_IE_LAYER_3_INFORMATION)) { |
| 299 | LOGP(DMSC, LOGL_ERROR, "Mandatory LAYER 3 INFORMATION not present -- discarding message!\n"); |
| 300 | goto fail; |
| 301 | } |
| 302 | |
| 303 | /* Parse Cell ID element */ |
| 304 | /* FIXME: Encapsulate this in a parser/generator function inside |
| 305 | * libosmocore, add support for all specified cell identification |
| 306 | * discriminators (see 3GPP ts 3.2.2.17 Cell Identifier) */ |
| 307 | data_length = TLVP_LEN(&tp, GSM0808_IE_CELL_IDENTIFIER); |
| 308 | data = TLVP_VAL(&tp, GSM0808_IE_CELL_IDENTIFIER); |
| 309 | if (sizeof(lai_ci) != data_length) { |
| 310 | LOGP(DMSC, LOGL_ERROR, |
| 311 | "Unable to parse element CELL IDENTIFIER (wrong field length) -- discarding message!\n"); |
| 312 | goto fail; |
| 313 | } |
| 314 | memcpy(&lai_ci, data, sizeof(lai_ci)); |
| 315 | if (lai_ci.ident != CELL_IDENT_WHOLE_GLOBAL) { |
| 316 | LOGP(DMSC, LOGL_ERROR, |
| 317 | "Unable to parse element CELL IDENTIFIER (wrong cell identification discriminator) -- discarding message!\n"); |
| 318 | goto fail; |
| 319 | } |
| 320 | if (gsm48_decode_lai(&lai_ci.lai, &mcc, &mnc, &lac) != 0) { |
| 321 | LOGP(DMSC, LOGL_ERROR, |
| 322 | "Unable to parse element CELL IDENTIFIER (lai decoding failed) -- discarding message!\n"); |
| 323 | goto fail; |
| 324 | } |
| 325 | |
| 326 | /* Parse Layer 3 Information element */ |
| 327 | /* FIXME: This is probably to hackish, compiler also complains "assignment discards ‘const’ qualifier..." */ |
Neels Hofmeyr | 9baedaf | 2017-12-18 04:07:01 +0100 | [diff] [blame] | 328 | msg->l3h = (uint8_t*)TLVP_VAL(&tp, GSM0808_IE_LAYER_3_INFORMATION); |
Philipp Maier | fbf6610 | 2017-04-09 12:32:51 +0200 | [diff] [blame] | 329 | msg->tail = msg->l3h + TLVP_LEN(&tp, GSM0808_IE_LAYER_3_INFORMATION); |
| 330 | |
| 331 | /* Create new subscriber context */ |
| 332 | conn = subscr_conn_allocate_a(a_conn_info, network, lac, scu, a_conn_info->conn_id); |
| 333 | |
| 334 | /* Handover location update to the MSC code */ |
Philipp Maier | fbf6610 | 2017-04-09 12:32:51 +0200 | [diff] [blame] | 335 | rc = msc_compl_l3(conn, msg, 0); |
Philipp Maier | 4502f5f | 2017-09-07 11:39:58 +0200 | [diff] [blame] | 336 | msgb_free(msg); |
| 337 | |
Philipp Maier | fbf6610 | 2017-04-09 12:32:51 +0200 | [diff] [blame] | 338 | if (rc == MSC_CONN_ACCEPT) { |
| 339 | LOGP(DMSC, LOGL_NOTICE, "User has been accepted by MSC.\n"); |
| 340 | return 0; |
| 341 | } else if (rc == MSC_CONN_REJECT) |
| 342 | LOGP(DMSC, LOGL_NOTICE, "User has been rejected by MSC.\n"); |
| 343 | else |
| 344 | LOGP(DMSC, LOGL_NOTICE, "User has been rejected by MSC (unknown error)\n"); |
| 345 | |
| 346 | return -EINVAL; |
| 347 | |
| 348 | fail: |
| 349 | msgb_free(msg); |
| 350 | return -EINVAL; |
| 351 | } |
| 352 | |
| 353 | /* Endpoint to handle BSSMAP classmark update */ |
| 354 | static int bssmap_rx_classmark_upd(struct osmo_sccp_user *scu, const struct a_conn_info *a_conn_info, struct msgb *msg) |
| 355 | { |
| 356 | struct gsm_network *network = a_conn_info->network; |
| 357 | struct gsm_subscriber_connection *conn; |
| 358 | struct tlv_parsed tp; |
| 359 | const uint8_t *cm2 = NULL; |
| 360 | const uint8_t *cm3 = NULL; |
| 361 | uint8_t cm2_len = 0; |
| 362 | uint8_t cm3_len = 0; |
| 363 | |
| 364 | conn = subscr_conn_lookup_a(network, a_conn_info->conn_id); |
| 365 | if (!conn) |
| 366 | goto fail; |
| 367 | |
| 368 | LOGP(DMSC, LOGL_NOTICE, "BSC sends clasmark update (conn_id=%i)\n", conn->a.conn_id); |
| 369 | |
| 370 | tlv_parse(&tp, gsm0808_att_tlvdef(), msg->l3h + 1, msgb_l3len(msg) - 1, 0, 0); |
| 371 | if (!TLVP_PRESENT(&tp, GSM0808_IE_CLASSMARK_INFORMATION_T2)) { |
| 372 | LOGP(DMSC, LOGL_ERROR, "Mandatory Classmark Information Type 2 not present -- discarding message!\n"); |
| 373 | goto fail; |
| 374 | } |
| 375 | |
| 376 | cm2 = TLVP_VAL(&tp, GSM0808_IE_CLASSMARK_INFORMATION_T2); |
| 377 | cm2_len = TLVP_LEN(&tp, GSM0808_IE_CLASSMARK_INFORMATION_T2); |
| 378 | |
| 379 | if (TLVP_PRESENT(&tp, GSM0808_IE_CLASSMARK_INFORMATION_T3)) { |
| 380 | cm3 = TLVP_VAL(&tp, GSM0808_IE_CLASSMARK_INFORMATION_T3); |
| 381 | cm3_len = TLVP_LEN(&tp, GSM0808_IE_CLASSMARK_INFORMATION_T3); |
| 382 | } |
| 383 | |
| 384 | /* Inform MSC about the classmark change */ |
| 385 | msc_classmark_chg(conn, cm2, cm2_len, cm3, cm3_len); |
| 386 | |
| 387 | msgb_free(msg); |
| 388 | return 0; |
| 389 | |
| 390 | fail: |
| 391 | msgb_free(msg); |
| 392 | return -EINVAL; |
| 393 | } |
| 394 | |
| 395 | /* Endpoint to handle BSSMAP cipher mode complete */ |
| 396 | static int bssmap_rx_ciph_compl(const struct osmo_sccp_user *scu, const struct a_conn_info *a_conn_info, |
| 397 | struct msgb *msg) |
| 398 | { |
| 399 | /* FIXME: The field GSM0808_IE_LAYER_3_MESSAGE_CONTENTS is optional by |
| 400 | * means of the specification. So there can be messages without L3 info. |
| 401 | * In this case, the code will crash becrause msc_cipher_mode_compl() |
| 402 | * is not able to deal with msg = NULL and apperently |
| 403 | * msc_cipher_mode_compl() was never meant to be used without L3 data. |
| 404 | * This needs to be discussed further! */ |
| 405 | |
| 406 | struct gsm_network *network = a_conn_info->network; |
| 407 | struct gsm_subscriber_connection *conn; |
| 408 | struct tlv_parsed tp; |
| 409 | uint8_t alg_id = 1; |
| 410 | |
| 411 | conn = subscr_conn_lookup_a(network, a_conn_info->conn_id); |
| 412 | if (!conn) |
| 413 | goto fail; |
| 414 | |
| 415 | LOGP(DMSC, LOGL_NOTICE, "BSC sends cipher mode complete (conn_id=%i)\n", conn->a.conn_id); |
| 416 | |
| 417 | tlv_parse(&tp, gsm0808_att_tlvdef(), msg->l3h + 1, msgb_l3len(msg) - 1, 0, 0); |
| 418 | |
| 419 | if (TLVP_PRESENT(&tp, GSM0808_IE_CHOSEN_ENCR_ALG)) { |
| 420 | alg_id = TLVP_VAL(&tp, GSM0808_IE_CHOSEN_ENCR_ALG)[0] - 1; |
| 421 | } |
| 422 | |
| 423 | if (TLVP_PRESENT(&tp, GSM0808_IE_LAYER_3_MESSAGE_CONTENTS)) { |
Neels Hofmeyr | 9baedaf | 2017-12-18 04:07:01 +0100 | [diff] [blame] | 424 | msg->l3h = (uint8_t*)TLVP_VAL(&tp, GSM0808_IE_LAYER_3_MESSAGE_CONTENTS); |
Philipp Maier | fbf6610 | 2017-04-09 12:32:51 +0200 | [diff] [blame] | 425 | msg->tail = msg->l3h + TLVP_LEN(&tp, GSM0808_IE_LAYER_3_MESSAGE_CONTENTS); |
| 426 | } else { |
| 427 | msgb_free(msg); |
| 428 | msg = NULL; |
| 429 | } |
| 430 | |
Philipp Maier | 4502f5f | 2017-09-07 11:39:58 +0200 | [diff] [blame] | 431 | /* Hand over cipher mode complete message to the MSC */ |
Philipp Maier | fbf6610 | 2017-04-09 12:32:51 +0200 | [diff] [blame] | 432 | msc_cipher_mode_compl(conn, msg, alg_id); |
Philipp Maier | 4502f5f | 2017-09-07 11:39:58 +0200 | [diff] [blame] | 433 | msgb_free(msg); |
Philipp Maier | fbf6610 | 2017-04-09 12:32:51 +0200 | [diff] [blame] | 434 | |
| 435 | return 0; |
| 436 | fail: |
| 437 | msgb_free(msg); |
| 438 | return -EINVAL; |
| 439 | } |
| 440 | |
| 441 | /* Endpoint to handle BSSMAP cipher mode reject */ |
| 442 | static int bssmap_rx_ciph_rej(const struct osmo_sccp_user *scu, const struct a_conn_info *a_conn_info, struct msgb *msg) |
| 443 | { |
| 444 | struct gsm_network *network = a_conn_info->network; |
| 445 | struct gsm_subscriber_connection *conn; |
| 446 | struct tlv_parsed tp; |
| 447 | uint8_t cause; |
| 448 | |
| 449 | conn = subscr_conn_lookup_a(network, a_conn_info->conn_id); |
| 450 | if (!conn) |
| 451 | goto fail; |
| 452 | |
| 453 | LOGP(DMSC, LOGL_NOTICE, "BSC sends cipher mode reject (conn_id=%i)\n", conn->a.conn_id); |
| 454 | |
| 455 | tlv_parse(&tp, gsm0808_att_tlvdef(), msg->l3h + 1, msgb_l3len(msg) - 1, 0, 0); |
| 456 | if (!TLVP_PRESENT(&tp, BSS_MAP_MSG_CIPHER_MODE_REJECT)) { |
| 457 | LOGP(DMSC, LOGL_ERROR, "Cause code is missing -- discarding message!\n"); |
| 458 | goto fail; |
| 459 | } |
| 460 | |
| 461 | cause = TLVP_VAL(&tp, BSS_MAP_MSG_CIPHER_MODE_REJECT)[0]; |
| 462 | LOGP(DMSC, LOGL_NOTICE, "Cipher mode rejection cause: %i\n", cause); |
| 463 | |
| 464 | /* FIXME: Can we do something meaningful here? e.g. report to the |
| 465 | * msc code somehow that the cipher mode command has failed. */ |
| 466 | |
| 467 | msgb_free(msg); |
| 468 | return 0; |
| 469 | fail: |
| 470 | msgb_free(msg); |
| 471 | return -EINVAL; |
| 472 | } |
| 473 | |
| 474 | /* Endpoint to handle BSSMAP assignment failure */ |
| 475 | static int bssmap_rx_ass_fail(const struct osmo_sccp_user *scu, const struct a_conn_info *a_conn_info, struct msgb *msg) |
| 476 | { |
| 477 | struct gsm_network *network = a_conn_info->network; |
| 478 | struct gsm_subscriber_connection *conn; |
| 479 | struct tlv_parsed tp; |
| 480 | uint8_t cause; |
| 481 | uint8_t *rr_cause_ptr = NULL; |
| 482 | uint8_t rr_cause; |
| 483 | |
| 484 | conn = subscr_conn_lookup_a(network, a_conn_info->conn_id); |
| 485 | if (!conn) |
| 486 | goto fail; |
| 487 | |
| 488 | LOGP(DMSC, LOGL_NOTICE, "BSC sends assignment failure message (conn_id=%i)\n", conn->a.conn_id); |
| 489 | |
| 490 | tlv_parse(&tp, gsm0808_att_tlvdef(), msg->l3h + 1, msgb_l3len(msg) - 1, 0, 0); |
| 491 | if (!TLVP_PRESENT(&tp, GSM0808_IE_CAUSE)) { |
| 492 | LOGP(DMSC, LOGL_ERROR, "Cause code is missing -- discarding message!\n"); |
| 493 | goto fail; |
| 494 | } |
| 495 | cause = TLVP_VAL(&tp, GSM0808_IE_CAUSE)[0]; |
| 496 | |
| 497 | if (TLVP_PRESENT(&tp, GSM0808_IE_RR_CAUSE)) { |
| 498 | rr_cause = TLVP_VAL(&tp, GSM0808_IE_RR_CAUSE)[0]; |
| 499 | rr_cause_ptr = &rr_cause; |
| 500 | } |
| 501 | |
| 502 | /* FIXME: In AoIP, the Assignment failure will carry also an optional |
| 503 | * Codec List (BSS Supported) element. It has to be discussed if we |
| 504 | * can ignore this element. If not, The msc_assign_fail() function |
| 505 | * call has to change. However msc_assign_fail() does nothing in the |
| 506 | * end. So probably we can just leave it as it is. Even for AoIP */ |
| 507 | |
| 508 | /* Inform the MSC about the assignment failure event */ |
| 509 | msc_assign_fail(conn, cause, rr_cause_ptr); |
| 510 | |
| 511 | msgb_free(msg); |
| 512 | return 0; |
| 513 | fail: |
| 514 | msgb_free(msg); |
| 515 | return -EINVAL; |
| 516 | } |
| 517 | |
| 518 | /* Endpoint to handle sapi "n" reject */ |
| 519 | static int bssmap_rx_sapi_n_rej(const struct osmo_sccp_user *scu, const struct a_conn_info *a_conn_info, |
| 520 | struct msgb *msg) |
| 521 | { |
| 522 | struct gsm_network *network = a_conn_info->network; |
| 523 | struct gsm_subscriber_connection *conn; |
| 524 | struct tlv_parsed tp; |
| 525 | uint8_t dlci; |
| 526 | |
| 527 | conn = subscr_conn_lookup_a(network, a_conn_info->conn_id); |
| 528 | if (!conn) |
| 529 | goto fail; |
| 530 | |
| 531 | LOGP(DMSC, LOGL_NOTICE, "BSC sends sapi \"n\" reject message (conn_id=%i)\n", conn->a.conn_id); |
| 532 | |
| 533 | /* Note: The MSC code seems not to care about the cause code, but by |
| 534 | * the specification it is mandatory, so we check its presence. See |
| 535 | * also 3GPP TS 48.008 3.2.1.34 SAPI "n" REJECT */ |
| 536 | tlv_parse(&tp, gsm0808_att_tlvdef(), msg->l3h + 1, msgb_l3len(msg) - 1, 0, 0); |
| 537 | if (!TLVP_PRESENT(&tp, GSM0808_IE_CAUSE)) { |
| 538 | LOGP(DMSC, LOGL_ERROR, "Cause code is missing -- discarding message!\n"); |
| 539 | goto fail; |
| 540 | } |
| 541 | |
| 542 | tlv_parse(&tp, gsm0808_att_tlvdef(), msg->l3h + 1, msgb_l3len(msg) - 1, 0, 0); |
| 543 | if (!TLVP_PRESENT(&tp, GSM0808_IE_DLCI)) { |
| 544 | LOGP(DMSC, LOGL_ERROR, "DLCI is missing -- discarding message!\n"); |
| 545 | goto fail; |
| 546 | } |
| 547 | dlci = TLVP_VAL(&tp, GSM0808_IE_DLCI)[0]; |
| 548 | |
| 549 | /* Inform the MSC about the sapi "n" reject event */ |
| 550 | msc_sapi_n_reject(conn, dlci); |
| 551 | |
| 552 | msgb_free(msg); |
| 553 | return 0; |
| 554 | fail: |
| 555 | msgb_free(msg); |
| 556 | return -EINVAL; |
| 557 | } |
| 558 | |
| 559 | /* Endpoint to handle assignment complete */ |
| 560 | static int bssmap_rx_ass_compl(const struct osmo_sccp_user *scu, const struct a_conn_info *a_conn_info, |
| 561 | struct msgb *msg) |
| 562 | { |
| 563 | struct gsm_network *network = a_conn_info->network; |
| 564 | struct gsm_subscriber_connection *conn; |
Neels Hofmeyr | 6c8afe1 | 2017-09-04 01:03:58 +0200 | [diff] [blame] | 565 | struct mgcp_client *mgcp; |
Philipp Maier | fbf6610 | 2017-04-09 12:32:51 +0200 | [diff] [blame] | 566 | struct tlv_parsed tp; |
| 567 | struct sockaddr_storage rtp_addr; |
| 568 | struct sockaddr_in *rtp_addr_in; |
| 569 | int rc; |
| 570 | |
| 571 | conn = subscr_conn_lookup_a(network, a_conn_info->conn_id); |
| 572 | if (!conn) |
| 573 | goto fail; |
| 574 | |
Neels Hofmeyr | 6c8afe1 | 2017-09-04 01:03:58 +0200 | [diff] [blame] | 575 | mgcp = conn->network->mgw.client; |
Philipp Maier | fbf6610 | 2017-04-09 12:32:51 +0200 | [diff] [blame] | 576 | OSMO_ASSERT(mgcp); |
| 577 | |
| 578 | LOGP(DMSC, LOGL_NOTICE, "BSC sends assignment complete message (conn_id=%i)\n", conn->a.conn_id); |
| 579 | |
| 580 | tlv_parse(&tp, gsm0808_att_tlvdef(), msg->l3h + 1, msgb_l3len(msg) - 1, 0, 0); |
| 581 | |
| 582 | if (!TLVP_PRESENT(&tp, GSM0808_IE_AOIP_TRASP_ADDR)) { |
| 583 | LOGP(DMSC, LOGL_ERROR, "AoIP transport identifier missing -- discarding message!\n"); |
| 584 | goto fail; |
| 585 | } |
| 586 | |
| 587 | /* Decode AoIP transport address element */ |
| 588 | rc = gsm0808_dec_aoip_trasp_addr(&rtp_addr, TLVP_VAL(&tp, GSM0808_IE_AOIP_TRASP_ADDR), |
| 589 | TLVP_LEN(&tp, GSM0808_IE_AOIP_TRASP_ADDR)); |
| 590 | if (rc < 0) { |
| 591 | LOGP(DMSC, LOGL_ERROR, "Unable to decode aoip transport address.\n"); |
| 592 | goto fail; |
| 593 | } |
| 594 | |
| 595 | /* use address / port supplied with the AoIP |
| 596 | * transport address element */ |
| 597 | if (rtp_addr.ss_family == AF_INET) { |
| 598 | rtp_addr_in = (struct sockaddr_in *)&rtp_addr; |
| 599 | conn->rtp.port_subscr = osmo_ntohs(rtp_addr_in->sin_port); |
| 600 | /* FIXME: We also get the IP-Address of the remote (e.g. BTS) |
| 601 | * end with the response. Currently we just ignore that address. |
| 602 | * Instead we expect that our local MGCP gateway and the code |
| 603 | * controlling it, magically knows the IP of the remote end. */ |
| 604 | } else { |
| 605 | LOGP(DMSC, LOGL_ERROR, "Unsopported addressing scheme. (supports only IPV4)\n"); |
| 606 | goto fail; |
| 607 | } |
| 608 | |
| 609 | /* FIXME: Seems to be related to authentication or, |
| 610 | encryption. Is this really in the right place? */ |
| 611 | msc_rx_sec_mode_compl(conn); |
| 612 | |
| 613 | msgb_free(msg); |
| 614 | return 0; |
| 615 | fail: |
| 616 | msgb_free(msg); |
| 617 | return -EINVAL; |
| 618 | } |
| 619 | |
| 620 | /* Handle incoming connection oriented BSSMAP messages */ |
| 621 | static int rx_bssmap(struct osmo_sccp_user *scu, const struct a_conn_info *a_conn_info, struct msgb *msg) |
| 622 | { |
| 623 | if (msgb_l3len(msg) < 1) { |
| 624 | LOGP(DMSC, LOGL_NOTICE, "Error: No data received -- discarding message!\n"); |
| 625 | msgb_free(msg); |
| 626 | return -1; |
| 627 | } |
| 628 | |
| 629 | LOGP(DMSC, LOGL_NOTICE, "Rx MSC DT1 BSSMAP %s\n", gsm0808_bssmap_name(msg->l3h[0])); |
| 630 | |
| 631 | switch (msg->l3h[0]) { |
| 632 | case BSS_MAP_MSG_CLEAR_RQST: |
| 633 | return bssmap_rx_clear_rqst(scu, a_conn_info, msg); |
| 634 | break; |
| 635 | case BSS_MAP_MSG_CLEAR_COMPLETE: |
| 636 | return bssmap_rx_clear_complete(scu, a_conn_info, msg); |
| 637 | break; |
| 638 | case BSS_MAP_MSG_COMPLETE_LAYER_3: |
| 639 | return bssmap_rx_l3_compl(scu, a_conn_info, msg); |
| 640 | break; |
| 641 | case BSS_MAP_MSG_CLASSMARK_UPDATE: |
| 642 | return bssmap_rx_classmark_upd(scu, a_conn_info, msg); |
| 643 | break; |
| 644 | case BSS_MAP_MSG_CIPHER_MODE_COMPLETE: |
| 645 | return bssmap_rx_ciph_compl(scu, a_conn_info, msg); |
| 646 | break; |
| 647 | case BSS_MAP_MSG_CIPHER_MODE_REJECT: |
| 648 | return bssmap_rx_ciph_rej(scu, a_conn_info, msg); |
| 649 | break; |
| 650 | case BSS_MAP_MSG_ASSIGMENT_FAILURE: |
| 651 | return bssmap_rx_ass_fail(scu, a_conn_info, msg); |
| 652 | break; |
| 653 | case BSS_MAP_MSG_SAPI_N_REJECT: |
| 654 | return bssmap_rx_sapi_n_rej(scu, a_conn_info, msg); |
| 655 | break; |
| 656 | case BSS_MAP_MSG_ASSIGMENT_COMPLETE: |
| 657 | return bssmap_rx_ass_compl(scu, a_conn_info, msg); |
| 658 | break; |
| 659 | default: |
| 660 | LOGP(DMSC, LOGL_ERROR, "Unimplemented msg type: %s\n", gsm0808_bssmap_name(msg->l3h[0])); |
| 661 | msgb_free(msg); |
| 662 | return -EINVAL; |
| 663 | } |
| 664 | |
| 665 | return -EINVAL; |
| 666 | } |
| 667 | |
| 668 | /* Endpoint to handle regular BSSAP DTAP messages */ |
| 669 | static int rx_dtap(const struct osmo_sccp_user *scu, const struct a_conn_info *a_conn_info, struct msgb *msg) |
| 670 | { |
| 671 | struct gsm_network *network = a_conn_info->network; |
| 672 | struct gsm_subscriber_connection *conn; |
| 673 | |
| 674 | conn = subscr_conn_lookup_a(network, a_conn_info->conn_id); |
| 675 | if (!conn) { |
| 676 | msgb_free(msg); |
| 677 | return -EINVAL; |
| 678 | } |
| 679 | |
| 680 | LOGP(DMSC, LOGL_NOTICE, "BSC sends layer 3 dtap (conn_id=%i)\n", conn->a.conn_id); |
| 681 | |
| 682 | /* msc_dtap expects the dtap payload in l3h */ |
| 683 | msg->l3h = msg->l2h + 3; |
| 684 | |
Philipp Maier | 4502f5f | 2017-09-07 11:39:58 +0200 | [diff] [blame] | 685 | /* Forward dtap payload into the msc */ |
Philipp Maier | fbf6610 | 2017-04-09 12:32:51 +0200 | [diff] [blame] | 686 | msc_dtap(conn, conn->a.conn_id, msg); |
Philipp Maier | 4502f5f | 2017-09-07 11:39:58 +0200 | [diff] [blame] | 687 | msgb_free(msg); |
Philipp Maier | fbf6610 | 2017-04-09 12:32:51 +0200 | [diff] [blame] | 688 | |
| 689 | return 0; |
| 690 | } |
| 691 | |
| 692 | /* Handle incoming connection oriented messages */ |
Neels Hofmeyr | c1d6925 | 2017-12-18 04:06:04 +0100 | [diff] [blame] | 693 | int a_sccp_rx_dt(struct osmo_sccp_user *scu, const struct a_conn_info *a_conn_info, struct msgb *msg) |
Philipp Maier | fbf6610 | 2017-04-09 12:32:51 +0200 | [diff] [blame] | 694 | { |
| 695 | OSMO_ASSERT(scu); |
| 696 | OSMO_ASSERT(a_conn_info); |
| 697 | OSMO_ASSERT(msg); |
| 698 | |
| 699 | LOGP(DMSC, LOGL_NOTICE, "Rx BSC DT: %s\n", osmo_hexdump(msgb_l2(msg), msgb_l2len(msg))); |
| 700 | |
| 701 | if (msgb_l2len(msg) < sizeof(struct bssmap_header)) { |
| 702 | LOGP(DMSC, LOGL_NOTICE, "The header is too short -- discarding message!\n"); |
| 703 | msgb_free(msg); |
Philipp Maier | 4502f5f | 2017-09-07 11:39:58 +0200 | [diff] [blame] | 704 | return -EINVAL; |
Philipp Maier | fbf6610 | 2017-04-09 12:32:51 +0200 | [diff] [blame] | 705 | } |
| 706 | |
| 707 | switch (msg->l2h[0]) { |
| 708 | case BSSAP_MSG_BSS_MANAGEMENT: |
| 709 | msg->l3h = &msg->l2h[sizeof(struct bssmap_header)]; |
| 710 | return rx_bssmap(scu, a_conn_info, msg); |
| 711 | break; |
| 712 | case BSSAP_MSG_DTAP: |
| 713 | return rx_dtap(scu, a_conn_info, msg); |
| 714 | break; |
| 715 | default: |
| 716 | LOGP(DMSC, LOGL_ERROR, "Unimplemented BSSAP msg type: %s\n", gsm0808_bssap_name(msg->l2h[0])); |
| 717 | msgb_free(msg); |
| 718 | return -EINVAL; |
| 719 | } |
| 720 | |
| 721 | return -EINVAL; |
| 722 | } |