Gitiles
Code Review Sign In
gerrit.osmocom.org / osmo-msc / 274b70f1a8d477908f88c262dc67b065b6b6e4dc / . / src / libmsc / msc_a.c
blob: fe3af14e468171915ac6d05ab369e84f736797f2 [file] [log] [blame]
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1/* Code to manage a subscriber's MSC-A role */
2/*
3 * (C) 2019 by sysmocom - s.m.f.c. GmbH <info@sysmocom.de>
4 * All Rights Reserved
5 *
6 * SPDX-License-Identifier: AGPL-3.0+
7 *
8 * Author: Neels Hofmeyr
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU Affero General Public License as published by
12 * the Free Software Foundation; either version 3 of the License, or
13 * (at your option) any later version.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU Affero General Public License for more details.
19 *
20 * You should have received a copy of the GNU Affero General Public License
21 * along with this program. If not, see <http://www.gnu.org/licenses/>.
22 */
23
24#include <osmocom/core/utils.h>
25#include <osmocom/core/tdef.h>
26#include <osmocom/core/rate_ctr.h>
27#include <osmocom/core/signal.h>
28
29#include <osmocom/msc/gsm_data.h>
30#include <osmocom/msc/msc_roles.h>
31#include <osmocom/msc/msub.h>
32#include <osmocom/msc/msc_a.h>
33#include <osmocom/msc/msc_t.h>
34#include <osmocom/msc/msc_i.h>
35#include <osmocom/msc/paging.h>
36#include <osmocom/msc/signal.h>
37#include <osmocom/msc/vlr.h>
38#include <osmocom/msc/transaction.h>
39#include <osmocom/msc/ran_peer.h>
40#include <osmocom/msc/ran_msg_a.h>
41#include <osmocom/msc/ran_msg_iu.h>
42#include <osmocom/msc/sgs_iface.h>
43#include <osmocom/msc/gsm_04_08.h>
44#include <osmocom/msc/gsm_09_11.h>
45#include <osmocom/msc/gsm_04_14.h>
46#include <osmocom/msc/call_leg.h>
47#include <osmocom/msc/rtp_stream.h>
48#include <osmocom/msc/msc_ho.h>
49
50#define MSC_A_USE_WAIT_CLEAR_COMPLETE "wait-Clear-Complete"
51
52static struct osmo_fsm msc_a_fsm;
53
54static const struct osmo_tdef_state_timeout msc_a_fsm_timeouts[32] = {
55 [MSC_A_ST_VALIDATE_L3] = { .T = -1 },
56 [MSC_A_ST_AUTH_CIPH] = { .keep_timer = true },
57 [MSC_A_ST_WAIT_CLASSMARK_UPDATE] = { .keep_timer = true },
58 [MSC_A_ST_AUTHENTICATED] = { .keep_timer = true },
59 [MSC_A_ST_RELEASING] = { .T = -2 },
60 [MSC_A_ST_RELEASED] = { .T = -2 },
61};
62
63/* Transition to a state, using the T timer defined in msc_a_fsm_timeouts.
64 * The actual timeout value is in turn obtained from network->T_defs.
65 * Assumes local variable fi exists. */
Neels Hofmeyr01653252019-09-03 02:06:22 +0200[diff] [blame]66#define msc_a_state_chg_always(msc_a, state) \
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]67 osmo_tdef_fsm_inst_state_chg((msc_a)->c.fi, state, msc_a_fsm_timeouts, (msc_a)->c.ran->tdefs, 5)
68
Neels Hofmeyr01653252019-09-03 02:06:22 +0200[diff] [blame]69/* Same as msc_a_state_chg_always() but ignore if the msc_a already is in the target state. */
70#define msc_a_state_chg(msc_a, STATE) do { \
71 if ((msc_a)->c.fi->state != STATE) \
72 msc_a_state_chg_always(msc_a, STATE); \
73 } while(0)
74
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]75struct gsm_network *msc_a_net(const struct msc_a *msc_a)
76{
77 return msub_net(msc_a->c.msub);
78}
79
80struct vlr_subscr *msc_a_vsub(const struct msc_a *msc_a)
81{
Neels Hofmeyr911e5972019-05-09 13:28:26 +0200[diff] [blame]82 if (!msc_a)
83 return NULL;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]84 return msub_vsub(msc_a->c.msub);
85}
86
87struct msc_i *msc_a_msc_i(const struct msc_a *msc_a)
88{
Neels Hofmeyr911e5972019-05-09 13:28:26 +0200[diff] [blame]89 if (!msc_a)
90 return NULL;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]91 return msub_msc_i(msc_a->c.msub);
92}
93
94struct msc_t *msc_a_msc_t(const struct msc_a *msc_a)
95{
Neels Hofmeyr911e5972019-05-09 13:28:26 +0200[diff] [blame]96 if (!msc_a)
97 return NULL;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]98 return msub_msc_t(msc_a->c.msub);
99}
100
101struct msc_a *msc_a_fi_priv(struct osmo_fsm_inst *fi)
102{
103 OSMO_ASSERT(fi);
104 OSMO_ASSERT(fi->fsm == &msc_a_fsm);
105 OSMO_ASSERT(fi->priv);
106 return fi->priv;
107}
108
109static void update_counters(struct osmo_fsm_inst *fi, bool conn_accepted)
110{
111 struct msc_a *msc_a = fi->priv;
112 struct gsm_network *net = msc_a_net(msc_a);
113 switch (msc_a->complete_layer3_type) {
114 case COMPLETE_LAYER3_LU:
Pau Espin Pedrol2e21a682021-06-04 16:45:44 +0200[diff] [blame]115 rate_ctr_inc(rate_ctr_group_get_ctr(net->msc_ctrs, conn_accepted ? MSC_CTR_LOC_UPDATE_COMPLETED : MSC_CTR_LOC_UPDATE_FAILED));
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]116 break;
117 case COMPLETE_LAYER3_CM_SERVICE_REQ:
Pau Espin Pedrol2e21a682021-06-04 16:45:44 +0200[diff] [blame]118 rate_ctr_inc(rate_ctr_group_get_ctr(net->msc_ctrs, conn_accepted ? MSC_CTR_CM_SERVICE_REQUEST_ACCEPTED : MSC_CTR_CM_SERVICE_REQUEST_REJECTED));
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]119 break;
120 case COMPLETE_LAYER3_PAGING_RESP:
Pau Espin Pedrol2e21a682021-06-04 16:45:44 +0200[diff] [blame]121 rate_ctr_inc(rate_ctr_group_get_ctr(net->msc_ctrs, conn_accepted ? MSC_CTR_PAGING_RESP_ACCEPTED : MSC_CTR_PAGING_RESP_REJECTED));
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]122 break;
Neels Hofmeyrae98b972021-07-27 03:46:49 +0200[diff] [blame]123 case COMPLETE_LAYER3_CM_RE_ESTABLISH_REQ:
124 rate_ctr_inc(rate_ctr_group_get_ctr(net->msc_ctrs,
125 conn_accepted ? MSC_CTR_CM_RE_ESTABLISH_REQ_ACCEPTED
126 : MSC_CTR_CM_RE_ESTABLISH_REQ_REJECTED));
127 break;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]128 default:
129 break;
130 }
131}
132
133static void evaluate_acceptance_outcome(struct osmo_fsm_inst *fi, bool conn_accepted)
134{
135 struct msc_a *msc_a = fi->priv;
136 struct vlr_subscr *vsub = msc_a_vsub(msc_a);
137
138 update_counters(fi, conn_accepted);
139
Neels Hofmeyr83cf10c2020-06-24 14:23:26 +0200[diff] [blame]140 if (conn_accepted) {
141 /* Record the Cell ID seen in Complete Layer 3 Information in the VLR, so that it also shows in vty
142 * 'show' output. */
143 vsub->cgi = msc_a->via_cell;
144 }
145
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]146 /* Trigger transactions that we paged for */
147 if (msc_a->complete_layer3_type == COMPLETE_LAYER3_PAGING_RESP) {
148 if (conn_accepted)
149 paging_response(msc_a);
150 else
151 paging_expired(vsub);
152 }
153
154 if (conn_accepted)
155 osmo_signal_dispatch(SS_SUBSCR, S_SUBSCR_ATTACHED, msc_a_vsub(msc_a));
156
157 if (msc_a->complete_layer3_type == COMPLETE_LAYER3_LU)
158 msc_a_put(msc_a, MSC_A_USE_LOCATION_UPDATING);
Neels Hofmeyrae98b972021-07-27 03:46:49 +0200[diff] [blame]159
160 if (msc_a->complete_layer3_type == COMPLETE_LAYER3_CM_RE_ESTABLISH_REQ) {
161 /* Trigger new Assignment to recommence the voice call. A little dance here because normally we verify
162 * that no CC trans is already active. */
163 struct gsm_trans *cc_trans = msc_a->cc.active_trans;
164 msc_a->cc.active_trans = NULL;
165 osmo_fsm_inst_dispatch(msc_a->c.fi, MSC_A_EV_TRANSACTION_ACCEPTED, cc_trans);
166 msc_a_try_call_assignment(cc_trans);
167 }
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]168}
169
170bool msc_a_is_accepted(const struct msc_a *msc_a)
171{
172 if (!msc_a || !msc_a->c.fi)
173 return false;
174 return msc_a->c.fi->state == MSC_A_ST_AUTHENTICATED
175 || msc_a->c.fi->state == MSC_A_ST_COMMUNICATING;
176}
177
178bool msc_a_in_release(struct msc_a *msc_a)
179{
180 if (!msc_a)
181 return true;
182 if (msc_a->c.fi->state == MSC_A_ST_RELEASING)
183 return true;
184 if (msc_a->c.fi->state == MSC_A_ST_RELEASED)
185 return true;
186 return false;
187}
188
189static int msc_a_ran_dec(struct msc_a *msc_a, const struct an_apdu *an_apdu, enum msc_role from_role)
190{
191 int rc;
192 struct msc_a_ran_dec_data d = {
193 .from_role = from_role,
194 .an_apdu = an_apdu,
195 };
196 msc_a_get(msc_a, __func__);
197 rc = msc_role_ran_decode(msc_a->c.fi, an_apdu, msc_a_ran_decode_cb, &d);
198 msc_a_put(msc_a, __func__);
199 return rc;
200};
201
202static void msc_a_fsm_validate_l3(struct osmo_fsm_inst *fi, uint32_t event, void *data)
203{
204 struct msc_a *msc_a = fi->priv;
205 const struct an_apdu *an_apdu;
206
207 switch (event) {
208 case MSC_A_EV_FROM_I_COMPLETE_LAYER_3:
209 case MSC_A_EV_FROM_I_PROCESS_ACCESS_SIGNALLING_REQUEST:
210 case MSC_A_EV_FROM_I_SEND_END_SIGNAL_REQUEST:
211 an_apdu = data;
212 msc_a_ran_dec(msc_a, an_apdu, MSC_ROLE_I);
213 return;
214
215 case MSC_A_EV_COMPLETE_LAYER_3_OK:
216 msc_a_state_chg(msc_a, MSC_A_ST_AUTH_CIPH);
217 return;
218
219 case MSC_A_EV_MO_CLOSE:
220 case MSC_A_EV_CN_CLOSE:
221 evaluate_acceptance_outcome(fi, false);
222 /* fall through */
223 case MSC_A_EV_UNUSED:
224 msc_a_state_chg(msc_a, MSC_A_ST_RELEASING);
225 return;
226
227 default:
228 OSMO_ASSERT(false);
229 }
230}
231
232/* Figure out whether to first send a Classmark Request to the MS to figure out algorithm support. */
233static bool msc_a_need_classmark_for_ciphering(struct msc_a *msc_a)
234{
235 struct gsm_network *net = msc_a_net(msc_a);
236 struct vlr_subscr *vsub = msc_a_vsub(msc_a);
237 int i = 0;
238 bool request_classmark = false;
239
240 /* Only on GERAN-A do we ever need Classmark Information for Ciphering. */
241 if (msc_a->c.ran->type != OSMO_RAT_GERAN_A)
242 return false;
243
244 for (i = 0; i < 8; i++) {
245 int supported;
246
247 /* A5/n permitted by osmo-msc.cfg? */
248 if (!(net->a5_encryption_mask & (1 << i)))
249 continue;
250
251 /* A5/n supported by MS? */
252 supported = osmo_gsm48_classmark_supports_a5(&vsub->classmark, i);
253 if (supported < 0) {
254 LOG_MSC_A(msc_a, LOGL_DEBUG, "For A5/%d, we still need Classmark %d\n", i, -supported);
255 request_classmark = true;
256 }
257 }
258
259 return request_classmark;
260}
261
262static int msc_a_ran_enc_ciphering(struct msc_a *msc_a, bool umts_aka, bool retrieve_imeisv);
263
264/* VLR callback for ops.set_ciph_mode() */
265int msc_a_vlr_set_cipher_mode(void *_msc_a, bool umts_aka, bool retrieve_imeisv)
266{
267 struct msc_a *msc_a = _msc_a;
Vadim Yanitskiy4dd477f2019-05-11 03:00:30 +0700[diff] [blame]268 struct vlr_subscr *vsub;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]269
Vadim Yanitskiy4dd477f2019-05-11 03:00:30 +0700[diff] [blame]270 if (!msc_a) {
271 LOGP(DMSC, LOGL_ERROR, "Insufficient info to start ciphering: "
272 "MSC-A role is NULL?!?\n");
273 return -EINVAL;
274 }
275
276 vsub = msc_a_vsub(msc_a);
277 if (!vsub || !vsub->last_tuple) {
278 LOG_MSC_A(msc_a, LOGL_ERROR, "Insufficient info to start ciphering: "
279 "vlr_subscr is NULL?!?\n");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]280 return -EINVAL;
281 }
282
283 if (msc_a_need_classmark_for_ciphering(msc_a)) {
284 int rc;
285 struct ran_msg msg = {
286 .msg_type = RAN_MSG_CLASSMARK_REQUEST,
287 };
288 rc = msc_a_ran_down(msc_a, MSC_ROLE_I, &msg);
289 if (rc) {
290 LOG_MSC_A(msc_a, LOGL_ERROR, "Cannot send Classmark Request\n");
291 return -EIO;
292 }
293
294 msc_a->state_before_classmark_update = msc_a->c.fi->state;
295 msc_a->action_on_classmark_update = (struct msc_a_action_on_classmark_update){
296 .type = MSC_A_CLASSMARK_UPDATE_THEN_CIPHERING,
297 .ciphering = {
298 .umts_aka = umts_aka,
299 .retrieve_imeisv = retrieve_imeisv,
300 },
301 };
302 msc_a_state_chg(msc_a, MSC_A_ST_WAIT_CLASSMARK_UPDATE);
303 return 0;
304 }
305
306 return msc_a_ran_enc_ciphering(msc_a, umts_aka, retrieve_imeisv);
307}
308
Neels Hofmeyr6ce2edc2021-06-09 22:26:11 +0200[diff] [blame]309static uint8_t filter_a5(uint8_t a5_mask, bool umts_aka)
310{
311 /* With GSM AKA: allow A5/0, 1, 3 = 0b00001011 = 0xb.
312 * UMTS aka: allow A5/0, 1, 3, 4 = 0b00011011 = 0x1b.
313 */
314 return a5_mask & (umts_aka ? 0x1b : 0x0b);
315}
316
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]317static int msc_a_ran_enc_ciphering(struct msc_a *msc_a, bool umts_aka, bool retrieve_imeisv)
318{
Vadim Yanitskiy4dd477f2019-05-11 03:00:30 +0700[diff] [blame]319 struct gsm_network *net;
320 struct vlr_subscr *vsub;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]321 struct ran_msg msg;
322
Vadim Yanitskiy4dd477f2019-05-11 03:00:30 +0700[diff] [blame]323 if (!msc_a) {
324 LOGP(DMSC, LOGL_ERROR, "Insufficient info to start ciphering: "
325 "MSC-A role is NULL?!?\n");
326 return -EINVAL;
327 }
328
329 net = msc_a_net(msc_a);
330 vsub = msc_a_vsub(msc_a);
331
332 if (!net || !vsub || !vsub->last_tuple) {
333 LOG_MSC_A(msc_a, LOGL_ERROR, "Insufficient info to start ciphering: "
334 "gsm_network and/or vlr_subscr is NULL?!?\n");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]335 return -EINVAL;
336 }
337
338 msg = (struct ran_msg){
339 .msg_type = RAN_MSG_CIPHER_MODE_COMMAND,
340 .cipher_mode_command = {
341 .vec = vsub->last_tuple ? &vsub->last_tuple->vec : NULL,
342 .classmark = &vsub->classmark,
343 .geran = {
344 .umts_aka = umts_aka,
345 .retrieve_imeisv = retrieve_imeisv,
Neels Hofmeyr6ce2edc2021-06-09 22:26:11 +0200[diff] [blame]346 .a5_encryption_mask = filter_a5(net->a5_encryption_mask, umts_aka),
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]347
348 /* for ran_a.c to store the GERAN key that is actually used */
349 .chosen_key = &msc_a->geran_encr,
350 },
Harald Welte274b70f2021-02-06 16:47:39 +0100[diff] [blame^]351 .utran = {
352 .uea_encryption = net->uea_encryption
353 }
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]354 },
355 };
356
357 if (msc_a_ran_down(msc_a, MSC_ROLE_I, &msg)) {
358 LOG_MSC_A(msc_a, LOGL_ERROR, "Sending Cipher Mode Command failed\n");
359 /* Returning error to the VLR ops.set_ciph_mode() will cancel the attach. Other callers need to take
360 * care of the return value. */
361 return -EINVAL;
362 }
363
364 if (msc_a->geran_encr.key_len)
Neels Hofmeyr73d093a2021-06-23 23:54:43 +0200[diff] [blame]365 LOG_MSC_A(msc_a, LOGL_DEBUG, "RAN encoding chose ciphering: A5/%d kc %s kc128 %s\n",
366 msc_a->geran_encr.alg_id - 1,
367 osmo_hexdump_nospc_c(OTC_SELECT, msc_a->geran_encr.key, msc_a->geran_encr.key_len),
368 msc_a->geran_encr.kc128_present ?
369 osmo_hexdump_nospc_c(OTC_SELECT, msc_a->geran_encr.kc128, sizeof(msc_a->geran_encr.kc128))
370 : "-");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]371 return 0;
372}
373
374static void msc_a_fsm_auth_ciph(struct osmo_fsm_inst *fi, uint32_t event, void *data)
375{
376 struct msc_a *msc_a = fi->priv;
377
378 /* If accepted, transition the state, all other cases mean failure. */
379 switch (event) {
380 case MSC_A_EV_FROM_I_PROCESS_ACCESS_SIGNALLING_REQUEST:
381 case MSC_A_EV_FROM_I_SEND_END_SIGNAL_REQUEST:
382 msc_a_ran_dec(msc_a, data, MSC_ROLE_I);
383 return;
384
385 case MSC_A_EV_AUTHENTICATED:
386 msc_a_state_chg(msc_a, MSC_A_ST_AUTHENTICATED);
387 return;
388
389 case MSC_A_EV_UNUSED:
390 msc_a_state_chg(msc_a, MSC_A_ST_RELEASING);
391 return;
392
393 case MSC_A_EV_MO_CLOSE:
394 case MSC_A_EV_CN_CLOSE:
395 evaluate_acceptance_outcome(fi, false);
396 msc_a_state_chg(msc_a, MSC_A_ST_RELEASING);
397 return;
398
399
400 default:
401 OSMO_ASSERT(false);
402 }
403}
404
405static void msc_a_fsm_wait_classmark_update(struct osmo_fsm_inst *fi, uint32_t event, void *data)
406{
407 struct msc_a *msc_a = fi->priv;
408
409 switch (event) {
410 case MSC_A_EV_FROM_I_PROCESS_ACCESS_SIGNALLING_REQUEST:
411 case MSC_A_EV_FROM_I_SEND_END_SIGNAL_REQUEST:
412 msc_a_ran_dec(msc_a, data, MSC_ROLE_I);
413 return;
414
415 case MSC_A_EV_CLASSMARK_UPDATE:
416 switch (msc_a->action_on_classmark_update.type) {
417 case MSC_A_CLASSMARK_UPDATE_THEN_CIPHERING:
418 msc_a_state_chg(msc_a, MSC_A_ST_AUTH_CIPH);
419 if (msc_a_ran_enc_ciphering(msc_a,
420 msc_a->action_on_classmark_update.ciphering.umts_aka,
421 msc_a->action_on_classmark_update.ciphering.retrieve_imeisv)) {
422 LOG_MSC_A(msc_a, LOGL_ERROR,
423 "After Classmark Update, still failed to send Cipher Mode Command\n");
424 msc_a_state_chg(msc_a, MSC_A_ST_RELEASING);
425 }
426 return;
427
428 default:
429 LOG_MSC_A(msc_a, LOGL_ERROR, "Internal error: After Classmark Update, don't know what to do\n");
430 msc_a_state_chg(msc_a, msc_a->state_before_classmark_update);
431 return;
432 }
433
434 case MSC_A_EV_UNUSED:
435 /* Seems something detached / aborted in the middle of auth+ciph. */
436 evaluate_acceptance_outcome(fi, false);
437 msc_a_state_chg(msc_a, MSC_A_ST_RELEASING);
438 return;
439
440 case MSC_A_EV_MO_CLOSE:
441 case MSC_A_EV_CN_CLOSE:
442 evaluate_acceptance_outcome(fi, false);
443 msc_a_state_chg(msc_a, MSC_A_ST_RELEASING);
444 return;
445
446 default:
447 OSMO_ASSERT(false);
448 }
449}
450
451static bool msc_a_fsm_has_active_transactions(struct osmo_fsm_inst *fi)
452{
453 struct msc_a *msc_a = fi->priv;
454 struct vlr_subscr *vsub = msc_a_vsub(msc_a);
455 struct gsm_trans *trans;
456
457 if (osmo_use_count_by(&msc_a->use_count, MSC_A_USE_SILENT_CALL)) {
458 LOG_MSC_A(msc_a, LOGL_DEBUG, "%s: silent call still active\n", __func__);
459 return true;
460 }
461
462 if (osmo_use_count_by(&msc_a->use_count, MSC_A_USE_CM_SERVICE_CC)) {
463 LOG_MSC_A(msc_a, LOGL_DEBUG, "%s: still awaiting MO CC request after a CM Service Request\n",
464 __func__);
465 return true;
466 }
467 if (osmo_use_count_by(&msc_a->use_count, MSC_A_USE_CM_SERVICE_SMS)) {
468 LOG_MSC_A(msc_a, LOGL_DEBUG, "%s: still awaiting MO SMS after a CM Service Request\n",
469 __func__);
470 return true;
471 }
472 if (osmo_use_count_by(&msc_a->use_count, MSC_A_USE_CM_SERVICE_SS)) {
473 LOG_MSC_A(msc_a, LOGL_DEBUG, "%s: still awaiting MO SS after a CM Service Request\n",
474 __func__);
475 return true;
476 }
477
478 if (vsub && !llist_empty(&vsub->cs.requests)) {
479 struct paging_request *pr;
480 llist_for_each_entry(pr, &vsub->cs.requests, entry) {
481 LOG_MSC_A(msc_a, LOGL_DEBUG, "%s: still active: %s\n", __func__, pr->label);
482 }
483 return true;
484 }
485
486 if ((trans = trans_has_conn(msc_a))) {
487 LOG_MSC_A(msc_a, LOGL_DEBUG, "connection still has active transaction: %s\n",
488 trans_type_name(trans->type));
489 return true;
490 }
491
492 return false;
493}
494
495static void msc_a_fsm_authenticated_enter(struct osmo_fsm_inst *fi, uint32_t prev_state)
496{
497 struct msc_a *msc_a = fi->priv;
498 struct vlr_subscr *vsub = msc_a_vsub(msc_a);
499
500 /* Stop Location Update expiry for this subscriber. While the subscriber
501 * has an open connection the LU expiry timer must remain disabled.
502 * Otherwise we would kick the subscriber off the network when the timer
503 * expires e.g. during a long phone call.
504 * The LU expiry timer will restart once the connection is closed. */
505 if (vsub)
506 vsub->expire_lu = VLR_SUBSCRIBER_NO_EXPIRATION;
507
508 evaluate_acceptance_outcome(fi, true);
509}
510
511static void msc_a_fsm_authenticated(struct osmo_fsm_inst *fi, uint32_t event, void *data)
512{
513 struct msc_a *msc_a = fi->priv;
514
515 switch (event) {
516 case MSC_A_EV_FROM_I_PROCESS_ACCESS_SIGNALLING_REQUEST:
517 case MSC_A_EV_FROM_I_PREPARE_SUBSEQUENT_HANDOVER_REQUEST:
518 case MSC_A_EV_FROM_I_SEND_END_SIGNAL_REQUEST:
519 msc_a_ran_dec(msc_a, data, MSC_ROLE_I);
520 return;
521
522 case MSC_A_EV_COMPLETE_LAYER_3_OK:
523 /* When Authentication is off, we may already be in the Accepted state when the code
524 * evaluates the Compl L3. Simply ignore. This just cosmetically mutes the error log
525 * about the useless event. */
526 return;
527
528 case MSC_A_EV_TRANSACTION_ACCEPTED:
529 msc_a_state_chg(msc_a, MSC_A_ST_COMMUNICATING);
530 return;
531
532 case MSC_A_EV_MO_CLOSE:
533 case MSC_A_EV_CN_CLOSE:
534 case MSC_A_EV_UNUSED:
535 msc_a_state_chg(msc_a, MSC_A_ST_RELEASING);
536 return;
537
538 default:
539 OSMO_ASSERT(false);
540 }
541}
542
543/* The MGW has given us a local IP address for the RAN side. Ready to start the Assignment of a voice channel. */
544static void msc_a_call_leg_ran_local_addr_available(struct msc_a *msc_a)
545{
546 struct ran_msg msg;
547 struct gsm_trans *cc_trans = msc_a->cc.active_trans;
548 struct gsm0808_channel_type channel_type;
549
Neels Hofmeyr00a476b2019-11-28 02:46:05 +0100[diff] [blame]550 if (!cc_trans) {
551 LOG_MSC_A(msc_a, LOGL_ERROR, "No CC transaction active\n");
552 call_leg_release(msc_a->cc.call_leg);
553 return;
554 }
555
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]556 /* Once a CI is known, we could also CRCX the CN side of the MGW endpoint, but it makes sense to wait for the
557 * codec to be determined by the Assignment Complete message, first. */
558
559 if (mncc_bearer_cap_to_channel_type(&channel_type, &cc_trans->bearer_cap)) {
560 LOG_MSC_A(msc_a, LOGL_ERROR, "Cannot compose Channel Type from bearer capabilities\n");
Neels Hofmeyrf439ff12019-10-05 04:19:36 +0200[diff] [blame]561 trans_free(cc_trans);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]562 return;
563 }
564
565 /* The RAN side RTP address is known, so the voice Assignment can commence. */
566 msg = (struct ran_msg){
567 .msg_type = RAN_MSG_ASSIGNMENT_COMMAND,
568 .assignment_command = {
569 .cn_rtp = &msc_a->cc.call_leg->rtp[RTP_TO_RAN]->local,
570 .channel_type = &channel_type,
Pau Espin Pedrola3cdab42019-05-09 17:54:08 +0200[diff] [blame]571 .osmux_present = msc_a->cc.call_leg->rtp[RTP_TO_RAN]->use_osmux,
572 .osmux_cid = msc_a->cc.call_leg->rtp[RTP_TO_RAN]->local_osmux_cid,
Philipp Maierf34d9452020-06-05 15:49:35 +0200[diff] [blame]573 .call_id_present = true,
574 .call_id = cc_trans->callref,
Keith Whytea1a70be2021-05-16 02:59:52 +0200[diff] [blame]575 .lcls = cc_trans->cc.lcls,
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]576 },
577 };
578 if (msc_a_ran_down(msc_a, MSC_ROLE_I, &msg)) {
579 LOG_MSC_A(msc_a, LOGL_ERROR, "Cannot send Assignment\n");
Neels Hofmeyrf439ff12019-10-05 04:19:36 +0200[diff] [blame]580 trans_free(cc_trans);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]581 return;
582 }
583}
584
585static void msc_a_call_leg_cn_local_addr_available(struct msc_a *msc_a, struct gsm_trans *cc_trans)
586{
587 if (gsm48_tch_rtp_create(cc_trans)) {
588 LOG_MSC_A(msc_a, LOGL_ERROR, "Cannot inform MNCC of RTP address\n");
Neels Hofmeyrf439ff12019-10-05 04:19:36 +0200[diff] [blame]589 trans_free(cc_trans);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]590 return;
591 }
592}
593
594static struct gsm_trans *find_waiting_call(struct msc_a *msc_a)
595{
596 struct gsm_trans *trans;
597 struct gsm_network *net = msc_a_net(msc_a);
598
599 llist_for_each_entry(trans, &net->trans_list, entry) {
600 if (trans->msc_a != msc_a)
601 continue;
602 if (trans->type != TRANS_CC)
603 continue;
604 if (trans->msc_a->cc.active_trans == trans)
605 continue;
606 return trans;
607 }
608 return NULL;
609}
610
611static void msc_a_cleanup_rtp_streams(struct msc_a *msc_a, uint32_t event, void *data)
612{
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]613 switch (event) {
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]614
615 case MSC_EV_CALL_LEG_TERM:
616 msc_a->cc.call_leg = NULL;
617 if (msc_a->cc.mncc_forwarding_to_remote_ran)
618 msc_a->cc.mncc_forwarding_to_remote_ran->rtps = NULL;
619
Neels Hofmeyr265a4c72019-05-09 16:20:51 +0200[diff] [blame]620 if (msc_a->ho.new_cell.mncc_forwarding_to_remote_ran)
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]621 msc_a->ho.new_cell.mncc_forwarding_to_remote_ran->rtps = NULL;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]622 return;
623
624 case MSC_MNCC_EV_CALL_ENDED:
625 msc_a->cc.mncc_forwarding_to_remote_ran = NULL;
626 return;
627
628 default:
629 return;
630 }
631}
632
633static void msc_a_fsm_communicating(struct osmo_fsm_inst *fi, uint32_t event, void *data)
634{
635 struct msc_a *msc_a = fi->priv;
636 struct rtp_stream *rtps;
637 struct gsm_trans *waiting_trans;
638 struct an_apdu *an_apdu;
639
640 msc_a_cleanup_rtp_streams(msc_a, event, data);
641
642 switch (event) {
643 case MSC_A_EV_FROM_I_PROCESS_ACCESS_SIGNALLING_REQUEST:
644 case MSC_A_EV_FROM_I_PREPARE_SUBSEQUENT_HANDOVER_REQUEST:
645 case MSC_A_EV_FROM_I_SEND_END_SIGNAL_REQUEST:
646 an_apdu = data;
647 msc_a_ran_dec(msc_a, an_apdu, MSC_ROLE_I);
648 return;
649
650 case MSC_A_EV_FROM_T_PREPARE_HANDOVER_RESPONSE:
651 case MSC_A_EV_FROM_T_PREPARE_HANDOVER_FAILURE:
652 case MSC_A_EV_FROM_T_PROCESS_ACCESS_SIGNALLING_REQUEST:
653 case MSC_A_EV_FROM_T_SEND_END_SIGNAL_REQUEST:
654 an_apdu = data;
655 msc_a_ran_dec(msc_a, an_apdu, MSC_ROLE_T);
656 return;
657
658 case MSC_A_EV_TRANSACTION_ACCEPTED:
659 /* no-op */
660 return;
661
662 case MSC_EV_CALL_LEG_RTP_LOCAL_ADDR_AVAILABLE:
663 rtps = data;
664 if (!rtps) {
665 LOG_MSC_A(msc_a, LOGL_ERROR, "Invalid data for %s\n", osmo_fsm_event_name(fi->fsm, event));
666 return;
667 }
Neels Hofmeyr00a476b2019-11-28 02:46:05 +0100[diff] [blame]668 if (!msc_a->cc.call_leg) {
669 LOG_MSC_A(msc_a, LOGL_ERROR, "No call leg active\n");
670 return;
671 }
Neels Hofmeyrcc918cb2019-11-28 02:16:34 +0100[diff] [blame]672 if (!osmo_sockaddr_str_is_nonzero(&rtps->local)) {
673 LOG_MSC_A(msc_a, LOGL_ERROR, "Invalid RTP address received from MGW: " OSMO_SOCKADDR_STR_FMT "\n",
674 OSMO_SOCKADDR_STR_FMT_ARGS(&rtps->local));
675 call_leg_release(msc_a->cc.call_leg);
676 return;
677 }
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]678 LOG_MSC_A(msc_a, LOGL_DEBUG,
Pau Espin Pedrola3cdab42019-05-09 17:54:08 +0200[diff] [blame]679 "MGW endpoint's RTP address available for the CI %s: " OSMO_SOCKADDR_STR_FMT " (osmux=%s:%d)\n",
680 rtp_direction_name(rtps->dir), OSMO_SOCKADDR_STR_FMT_ARGS(&rtps->local),
681 rtps->use_osmux ? "yes" : "no", rtps->local_osmux_cid);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]682 switch (rtps->dir) {
683 case RTP_TO_RAN:
684 msc_a_call_leg_ran_local_addr_available(msc_a);
685 return;
686 case RTP_TO_CN:
687 msc_a_call_leg_cn_local_addr_available(msc_a, rtps->for_trans);
688 return;
689 default:
690 LOG_MSC_A(msc_a, LOGL_ERROR, "Invalid data for %s\n", osmo_fsm_event_name(fi->fsm, event));
691 return;
692 }
693
694 case MSC_EV_CALL_LEG_RTP_COMPLETE:
695 /* Nothing to do. */
696 return;
697
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]698 case MSC_MNCC_EV_CALL_ENDED:
699 /* Cleaned up above */
700 return;
701
702 case MSC_EV_CALL_LEG_TERM:
703 /* RTP streams cleaned up above */
704
705 msc_a_get(msc_a, __func__);
706 if (msc_a->cc.active_trans)
707 trans_free(msc_a->cc.active_trans);
708
709 /* If there is another call still waiting to be activated, this is the time when the mgcp_ctx is
710 * available again and the other call can start assigning. */
711 waiting_trans = find_waiting_call(msc_a);
712 if (waiting_trans) {
713 LOG_MSC_A(msc_a, LOGL_DEBUG, "(ti %02x) Call waiting: starting Assignment\n",
714 waiting_trans->transaction_id);
715 msc_a_try_call_assignment(waiting_trans);
716 }
717 msc_a_put(msc_a, __func__);
718 return;
719
720 case MSC_A_EV_HANDOVER_REQUIRED:
721 msc_ho_start(msc_a, (struct ran_handover_required*)data);
722 return;
723
Neels Hofmeyr0a437be2019-05-10 15:55:52 +0200[diff] [blame]724 case MSC_A_EV_HANDOVER_END:
725 /* Termination event of the msc_ho_fsm. No action needed, it's all done in the msc_ho_fsm cleanup. This
726 * event only exists because osmo_fsm_inst_alloc_child() requires a parent term event; and maybe
727 * interesting for logging. */
728 return;
729
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]730 case MSC_A_EV_MO_CLOSE:
731 case MSC_A_EV_CN_CLOSE:
732 case MSC_A_EV_UNUSED:
733 msc_a_state_chg(msc_a, MSC_A_ST_RELEASING);
734 return;
735
736 default:
737 OSMO_ASSERT(false);
738 }
739}
740
741static int msc_a_fsm_timer_cb(struct osmo_fsm_inst *fi)
742{
743 struct msc_a *msc_a = fi->priv;
744 if (msc_a_in_release(msc_a)) {
745 LOG_MSC_A(msc_a, LOGL_ERROR, "Timeout while releasing, discarding right now\n");
746 msc_a_put_all(msc_a, MSC_A_USE_WAIT_CLEAR_COMPLETE);
747 msc_a_state_chg(msc_a, MSC_A_ST_RELEASED);
748 } else {
749 enum gsm48_reject_value cause = GSM48_REJECT_CONGESTION;
750 osmo_fsm_inst_dispatch(fi, MSC_A_EV_CN_CLOSE, &cause);
751 }
752 return 0;
753}
754
755static void msc_a_fsm_releasing_onenter(struct osmo_fsm_inst *fi, uint32_t prev_state)
756{
757 struct msc_a *msc_a = fi->priv;
758 struct vlr_subscr *vsub = msc_a_vsub(msc_a);
759 int i;
760 char buf[128];
761 const char * const use_counts_to_cancel[] = {
762 MSC_A_USE_LOCATION_UPDATING,
763 MSC_A_USE_CM_SERVICE_CC,
764 MSC_A_USE_CM_SERVICE_SMS,
765 MSC_A_USE_CM_SERVICE_SS,
766 MSC_A_USE_PAGING_RESPONSE,
767 };
768
769 LOG_MSC_A(msc_a, LOGL_DEBUG, "Releasing: msc_a use is %s\n",
770 osmo_use_count_name_buf(buf, sizeof(buf), &msc_a->use_count));
771
772 if (vsub) {
773 vlr_subscr_get(vsub, __func__);
774
775 /* Cancel all VLR FSMs, if any */
776 vlr_subscr_cancel_attach_fsm(vsub, OSMO_FSM_TERM_ERROR, GSM48_REJECT_CONGESTION);
777
778 /* The subscriber has no active connection anymore.
779 * Restart the periodic Location Update expiry timer for this subscriber. */
780 vlr_subscr_enable_expire_lu(vsub);
781 }
782
783 /* If we're closing in a middle of a trans, we need to clean up */
784 trans_conn_closed(msc_a);
785
786 call_leg_release(msc_a->cc.call_leg);
787
788 /* Cancel use counts for pending CM Service / Paging */
789 for (i = 0; i < ARRAY_SIZE(use_counts_to_cancel); i++) {
790 const char *use = use_counts_to_cancel[i];
791 int32_t count = osmo_use_count_by(&msc_a->use_count, use);
792 if (!count)
793 continue;
794 LOG_MSC_A(msc_a, LOGL_DEBUG, "Releasing: canceling still pending use: %s (%d)\n", use, count);
795 osmo_use_count_get_put(&msc_a->use_count, use, -count);
796 }
797
798 if (msc_a->c.ran->type == OSMO_RAT_EUTRAN_SGS) {
799 sgs_iface_tx_release(vsub);
800 /* In SGsAP there is no confirmation of a release. */
801 msc_a_state_chg(msc_a, MSC_A_ST_RELEASED);
802 } else {
803 struct ran_msg msg = {
804 .msg_type = RAN_MSG_CLEAR_COMMAND,
805 .clear_command = {
Neels Hofmeyrd9fe7112020-07-11 00:20:20 +0200[diff] [blame]806 /* "Call Control" is the only cause code listed in 3GPP TS 48.008 3.2.1.21 CLEAR COMMAND
807 * that qualifies for a normal release situation. (OS#4664) */
808 .gsm0808_cause = GSM0808_CAUSE_CALL_CONTROL,
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]809 .csfb_ind = (vsub && vsub->sgs_fsm->state == SGS_UE_ST_ASSOCIATED),
810 },
811 };
812 msc_a_get(msc_a, MSC_A_USE_WAIT_CLEAR_COMPLETE);
813 msc_a_ran_down(msc_a, MSC_ROLE_I, &msg);
Philipp Maier47cf84d2019-08-15 14:56:54 +0200[diff] [blame]814
815 /* The connection is cleared. The MS will now go back to 4G,
816 Switch the RAN type back to SGS. */
817 if (vsub && vsub->sgs_fsm->state == SGS_UE_ST_ASSOCIATED)
818 vsub->cs.attached_via_ran = OSMO_RAT_EUTRAN_SGS;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]819 }
820
821 if (vsub)
822 vlr_subscr_put(vsub, __func__);
823}
824
825static void msc_a_fsm_releasing(struct osmo_fsm_inst *fi, uint32_t event, void *data)
826{
827 struct msc_a *msc_a = fi->priv;
828
829 msc_a_cleanup_rtp_streams(msc_a, event, data);
830
831 switch (event) {
832 case MSC_A_EV_FROM_I_PROCESS_ACCESS_SIGNALLING_REQUEST:
833 case MSC_A_EV_FROM_I_SEND_END_SIGNAL_REQUEST:
834 msc_a_ran_dec(msc_a, data, MSC_ROLE_I);
835 return;
836
837 case MSC_A_EV_MO_CLOSE:
838 case MSC_A_EV_CN_CLOSE:
839 case MSC_A_EV_UNUSED:
840 /* Already releasing */
841 return;
842
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]843 case MSC_EV_CALL_LEG_TERM:
844 case MSC_MNCC_EV_CALL_ENDED:
845 /* RTP streams cleaned up above */
846 return;
847
Neels Hofmeyr0a437be2019-05-10 15:55:52 +0200[diff] [blame]848 case MSC_A_EV_HANDOVER_END:
849 /* msc_ho_fsm does cleanup. */
850 return;
851
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]852 default:
853 OSMO_ASSERT(false);
854 }
855}
856
857
858static void msc_a_fsm_released_onenter(struct osmo_fsm_inst *fi, uint32_t prev_state)
859{
860 struct msc_a *msc_a = msc_a_fi_priv(fi);
861 char buf[128];
862 LOG_MSC_A(msc_a, LOGL_DEBUG, "Released: msc_a use is %s\n",
863 osmo_use_count_name_buf(buf, sizeof(buf), &msc_a->use_count));
864 if (osmo_use_count_total(&msc_a->use_count) == 0)
865 osmo_fsm_inst_term(fi, OSMO_FSM_TERM_REGULAR, fi);
866}
867
868static void msc_a_fsm_released(struct osmo_fsm_inst *fi, uint32_t event, void *data)
869{
870 if (event == MSC_A_EV_UNUSED)
871 osmo_fsm_inst_term(fi, OSMO_FSM_TERM_REGULAR, fi);
872}
873
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]874void msc_a_fsm_cleanup(struct osmo_fsm_inst *fi, enum osmo_fsm_term_cause cause)
875{
876 struct msc_a *msc_a = msc_a_fi_priv(fi);
877
878 trans_conn_closed(msc_a);
879
880 if (msc_a_fsm_has_active_transactions(fi))
881 LOG_MSC_A(msc_a, LOGL_ERROR, "Deallocating active transactions failed\n");
882
883 LOG_MSC_A_CAT(msc_a, DREF, LOGL_DEBUG, "max total use count was %d\n", msc_a->max_total_use_count);
884}
885
886const struct value_string msc_a_fsm_event_names[] = {
887 OSMO_VALUE_STRING(MSC_REMOTE_EV_RX_GSUP),
888 OSMO_VALUE_STRING(MSC_EV_CALL_LEG_RTP_LOCAL_ADDR_AVAILABLE),
889 OSMO_VALUE_STRING(MSC_EV_CALL_LEG_RTP_COMPLETE),
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]890 OSMO_VALUE_STRING(MSC_EV_CALL_LEG_TERM),
891 OSMO_VALUE_STRING(MSC_MNCC_EV_NEED_LOCAL_RTP),
892 OSMO_VALUE_STRING(MSC_MNCC_EV_CALL_PROCEEDING),
893 OSMO_VALUE_STRING(MSC_MNCC_EV_CALL_COMPLETE),
894 OSMO_VALUE_STRING(MSC_MNCC_EV_CALL_ENDED),
895 OSMO_VALUE_STRING(MSC_A_EV_FROM_I_COMPLETE_LAYER_3),
896 OSMO_VALUE_STRING(MSC_A_EV_FROM_I_PROCESS_ACCESS_SIGNALLING_REQUEST),
897 OSMO_VALUE_STRING(MSC_A_EV_FROM_I_PREPARE_SUBSEQUENT_HANDOVER_REQUEST),
898 OSMO_VALUE_STRING(MSC_A_EV_FROM_I_SEND_END_SIGNAL_REQUEST),
899 OSMO_VALUE_STRING(MSC_A_EV_FROM_T_PROCESS_ACCESS_SIGNALLING_REQUEST),
900 OSMO_VALUE_STRING(MSC_A_EV_FROM_T_PREPARE_HANDOVER_RESPONSE),
901 OSMO_VALUE_STRING(MSC_A_EV_FROM_T_PREPARE_HANDOVER_FAILURE),
902 OSMO_VALUE_STRING(MSC_A_EV_FROM_T_SEND_END_SIGNAL_REQUEST),
903 OSMO_VALUE_STRING(MSC_A_EV_COMPLETE_LAYER_3_OK),
904 OSMO_VALUE_STRING(MSC_A_EV_CLASSMARK_UPDATE),
905 OSMO_VALUE_STRING(MSC_A_EV_AUTHENTICATED),
906 OSMO_VALUE_STRING(MSC_A_EV_TRANSACTION_ACCEPTED),
907 OSMO_VALUE_STRING(MSC_A_EV_CN_CLOSE),
908 OSMO_VALUE_STRING(MSC_A_EV_MO_CLOSE),
909 OSMO_VALUE_STRING(MSC_A_EV_UNUSED),
910 OSMO_VALUE_STRING(MSC_A_EV_HANDOVER_REQUIRED),
911 OSMO_VALUE_STRING(MSC_A_EV_HANDOVER_END),
912 {}
913};
914
915#define S(x) (1 << (x))
916
917static const struct osmo_fsm_state msc_a_fsm_states[] = {
918 [MSC_A_ST_VALIDATE_L3] = {
919 .name = OSMO_STRINGIFY(MSC_A_ST_VALIDATE_L3),
920 .in_event_mask = 0
921 | S(MSC_A_EV_FROM_I_COMPLETE_LAYER_3)
922 | S(MSC_A_EV_FROM_I_PROCESS_ACCESS_SIGNALLING_REQUEST)
923 | S(MSC_A_EV_FROM_I_SEND_END_SIGNAL_REQUEST)
924 | S(MSC_A_EV_COMPLETE_LAYER_3_OK)
925 | S(MSC_A_EV_MO_CLOSE)
926 | S(MSC_A_EV_CN_CLOSE)
927 | S(MSC_A_EV_UNUSED)
928 ,
929 .out_state_mask = 0
930 | S(MSC_A_ST_VALIDATE_L3)
931 | S(MSC_A_ST_AUTH_CIPH)
932 | S(MSC_A_ST_RELEASING)
933 ,
934 .action = msc_a_fsm_validate_l3,
935 },
936 [MSC_A_ST_AUTH_CIPH] = {
937 .name = OSMO_STRINGIFY(MSC_A_ST_AUTH_CIPH),
938 .in_event_mask = 0
939 | S(MSC_A_EV_FROM_I_PROCESS_ACCESS_SIGNALLING_REQUEST)
940 | S(MSC_A_EV_FROM_I_SEND_END_SIGNAL_REQUEST)
941 | S(MSC_A_EV_AUTHENTICATED)
942 | S(MSC_A_EV_MO_CLOSE)
943 | S(MSC_A_EV_CN_CLOSE)
944 | S(MSC_A_EV_UNUSED)
945 ,
946 .out_state_mask = 0
947 | S(MSC_A_ST_WAIT_CLASSMARK_UPDATE)
948 | S(MSC_A_ST_AUTHENTICATED)
949 | S(MSC_A_ST_RELEASING)
950 ,
951 .action = msc_a_fsm_auth_ciph,
952 },
953 [MSC_A_ST_WAIT_CLASSMARK_UPDATE] = {
954 .name = OSMO_STRINGIFY(MSC_A_ST_WAIT_CLASSMARK_UPDATE),
955 .in_event_mask = 0
956 | S(MSC_A_EV_FROM_I_PROCESS_ACCESS_SIGNALLING_REQUEST)
957 | S(MSC_A_EV_FROM_I_SEND_END_SIGNAL_REQUEST)
958 | S(MSC_A_EV_CLASSMARK_UPDATE)
959 | S(MSC_A_EV_MO_CLOSE)
960 | S(MSC_A_EV_CN_CLOSE)
961 ,
962 .out_state_mask = 0
963 | S(MSC_A_ST_AUTH_CIPH)
964 | S(MSC_A_ST_RELEASING)
965 ,
966 .action = msc_a_fsm_wait_classmark_update,
967 },
968 [MSC_A_ST_AUTHENTICATED] = {
969 .name = OSMO_STRINGIFY(MSC_A_ST_AUTHENTICATED),
970 /* allow everything to release for any odd behavior */
971 .in_event_mask = 0
972 | S(MSC_A_EV_FROM_I_PROCESS_ACCESS_SIGNALLING_REQUEST)
973 | S(MSC_A_EV_FROM_I_PREPARE_SUBSEQUENT_HANDOVER_REQUEST)
974 | S(MSC_A_EV_FROM_I_SEND_END_SIGNAL_REQUEST)
975 | S(MSC_A_EV_TRANSACTION_ACCEPTED)
976 | S(MSC_A_EV_MO_CLOSE)
977 | S(MSC_A_EV_CN_CLOSE)
978 | S(MSC_A_EV_UNUSED)
979 ,
980 .out_state_mask = 0
981 | S(MSC_A_ST_RELEASING)
982 | S(MSC_A_ST_COMMUNICATING)
983 ,
984 .onenter = msc_a_fsm_authenticated_enter,
985 .action = msc_a_fsm_authenticated,
986 },
987 [MSC_A_ST_COMMUNICATING] = {
988 .name = OSMO_STRINGIFY(MSC_A_ST_COMMUNICATING),
989 /* allow everything to release for any odd behavior */
990 .in_event_mask = 0
991 | S(MSC_A_EV_FROM_I_PROCESS_ACCESS_SIGNALLING_REQUEST)
992 | S(MSC_A_EV_FROM_I_PREPARE_SUBSEQUENT_HANDOVER_REQUEST)
993 | S(MSC_A_EV_FROM_I_SEND_END_SIGNAL_REQUEST)
994 | S(MSC_A_EV_FROM_T_PREPARE_HANDOVER_RESPONSE)
995 | S(MSC_A_EV_FROM_T_PREPARE_HANDOVER_FAILURE)
996 | S(MSC_A_EV_FROM_T_PROCESS_ACCESS_SIGNALLING_REQUEST)
997 | S(MSC_A_EV_FROM_T_SEND_END_SIGNAL_REQUEST)
998 | S(MSC_A_EV_TRANSACTION_ACCEPTED)
999 | S(MSC_A_EV_MO_CLOSE)
1000 | S(MSC_A_EV_CN_CLOSE)
1001 | S(MSC_A_EV_UNUSED)
1002 | S(MSC_EV_CALL_LEG_RTP_LOCAL_ADDR_AVAILABLE)
1003 | S(MSC_EV_CALL_LEG_RTP_COMPLETE)
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1004 | S(MSC_EV_CALL_LEG_TERM)
1005 | S(MSC_MNCC_EV_CALL_ENDED)
1006 | S(MSC_A_EV_HANDOVER_REQUIRED)
Neels Hofmeyr0a437be2019-05-10 15:55:52 +0200[diff] [blame]1007 | S(MSC_A_EV_HANDOVER_END)
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1008 ,
1009 .out_state_mask = 0
1010 | S(MSC_A_ST_RELEASING)
1011 ,
1012 .action = msc_a_fsm_communicating,
1013 },
1014 [MSC_A_ST_RELEASING] = {
1015 .name = OSMO_STRINGIFY(MSC_A_ST_RELEASING),
1016 .in_event_mask = 0
1017 | S(MSC_A_EV_FROM_I_PROCESS_ACCESS_SIGNALLING_REQUEST)
1018 | S(MSC_A_EV_FROM_I_SEND_END_SIGNAL_REQUEST)
1019 | S(MSC_A_EV_UNUSED)
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1020 | S(MSC_EV_CALL_LEG_TERM)
1021 | S(MSC_MNCC_EV_CALL_ENDED)
Neels Hofmeyr0a437be2019-05-10 15:55:52 +0200[diff] [blame]1022 | S(MSC_A_EV_HANDOVER_END)
Pau Espin Pedrole53ecde2021-07-12 13:37:24 +0200[diff] [blame]1023 | S(MSC_A_EV_CN_CLOSE)
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1024 ,
1025 .out_state_mask = 0
1026 | S(MSC_A_ST_RELEASED)
1027 ,
1028 .onenter = msc_a_fsm_releasing_onenter,
1029 .action = msc_a_fsm_releasing,
1030 },
1031 [MSC_A_ST_RELEASED] = {
1032 .name = OSMO_STRINGIFY(MSC_A_ST_RELEASED),
1033 .in_event_mask = 0
1034 | S(MSC_A_EV_UNUSED)
1035 ,
1036 .onenter = msc_a_fsm_released_onenter,
1037 .action = msc_a_fsm_released,
1038 },
1039};
1040
1041static struct osmo_fsm msc_a_fsm = {
1042 .name = "msc_a",
1043 .states = msc_a_fsm_states,
1044 .num_states = ARRAY_SIZE(msc_a_fsm_states),
1045 .log_subsys = DMSC,
1046 .event_names = msc_a_fsm_event_names,
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1047 .timer_cb = msc_a_fsm_timer_cb,
1048 .cleanup = msc_a_fsm_cleanup,
1049};
1050
1051static __attribute__((constructor)) void msc_a_fsm_init()
1052{
1053 OSMO_ASSERT(osmo_fsm_register(&msc_a_fsm) == 0);
1054}
1055
1056static int msc_a_use_cb(struct osmo_use_count_entry *e, int32_t old_use_count, const char *file, int line)
1057{
1058 struct msc_a *msc_a = e->use_count->talloc_object;
1059 char buf[128];
1060 int32_t total;
1061 int level;
1062
1063 if (!e->use)
1064 return -EINVAL;
1065
1066 total = osmo_use_count_total(&msc_a->use_count);
1067
1068 if (total == 0
1069 || (total == 1 && old_use_count == 0 && e->count == 1))
1070 level = LOGL_INFO;
1071 else
1072 level = LOGL_DEBUG;
1073
1074 LOG_MSC_A_CAT_SRC(msc_a, DREF, level, file, line, "%s %s: now used by %s\n",
1075 (e->count - old_use_count) > 0? "+" : "-", e->use,
1076 osmo_use_count_name_buf(buf, sizeof(buf), &msc_a->use_count));
1077
1078 if (e->count < 0)
1079 return -ERANGE;
1080
1081 msc_a->max_total_use_count = OSMO_MAX(msc_a->max_total_use_count, total);
1082
1083 if (total == 0)
1084 osmo_fsm_inst_dispatch(msc_a->c.fi, MSC_A_EV_UNUSED, NULL);
1085 return 0;
1086}
1087
1088struct msc_a *msc_a_alloc(struct msub *msub, struct ran_infra *ran)
1089{
1090 struct msc_a *msc_a = msub_role_alloc(msub, MSC_ROLE_A, &msc_a_fsm, struct msc_a, ran);
1091 msc_a->use_count = (struct osmo_use_count){
1092 .talloc_object = msc_a,
1093 .use_cb = msc_a_use_cb,
1094 };
1095 osmo_use_count_make_static_entries(&msc_a->use_count, msc_a->use_count_buf, ARRAY_SIZE(msc_a->use_count_buf));
1096 /* Start timeout for first state */
Neels Hofmeyr01653252019-09-03 02:06:22 +0200[diff] [blame]1097 msc_a_state_chg_always(msc_a, MSC_A_ST_VALIDATE_L3);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1098 return msc_a;
1099}
1100
1101bool msc_a_is_establishing_auth_ciph(const struct msc_a *msc_a)
1102{
1103 if (!msc_a || !msc_a->c.fi)
1104 return false;
1105 return msc_a->c.fi->state == MSC_A_ST_AUTH_CIPH;
1106}
1107
1108const struct value_string complete_layer3_type_names[] = {
1109 { COMPLETE_LAYER3_NONE, "NONE" },
1110 { COMPLETE_LAYER3_LU, "LU" },
1111 { COMPLETE_LAYER3_CM_SERVICE_REQ, "CM_SERVICE_REQ" },
1112 { COMPLETE_LAYER3_PAGING_RESP, "PAGING_RESP" },
Neels Hofmeyrae98b972021-07-27 03:46:49 +0200[diff] [blame]1113 { COMPLETE_LAYER3_CM_RE_ESTABLISH_REQ, "CM_RE_ESTABLISH_REQ" },
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1114 { 0, NULL }
1115};
1116
1117#define _msc_a_update_id(MSC_A, FMT, ARGS ...) \
1118 do { \
1119 if (osmo_fsm_inst_update_id_f(msc_a->c.fi, FMT ":%s:%s", \
1120 ## ARGS, \
1121 msub_ran_conn_name(msc_a->c.msub), \
1122 complete_layer3_type_name(msc_a->complete_layer3_type)) \
1123 == 0) { \
1124 struct vlr_subscr *_vsub = msc_a_vsub(MSC_A); \
1125 if (_vsub) { \
1126 if (_vsub->lu_fsm) \
1127 osmo_fsm_inst_update_id(_vsub->lu_fsm, (MSC_A)->c.fi->id); \
1128 if (_vsub->auth_fsm) \
1129 osmo_fsm_inst_update_id(_vsub->auth_fsm, (MSC_A)->c.fi->id); \
1130 if (_vsub->proc_arq_fsm) \
1131 osmo_fsm_inst_update_id(_vsub->proc_arq_fsm, (MSC_A)->c.fi->id); \
1132 } \
1133 LOG_MSC_A(MSC_A, LOGL_DEBUG, "Updated ID\n"); \
1134 } \
1135 /* otherwise osmo_fsm_inst_update_id_f() will log an error. */ \
1136 } while (0)
1137
1138
1139/* Compose an ID almost like gsm48_mi_to_string(), but print the MI type along, and print a TMSI as hex. */
Neels Hofmeyr46d526a2020-05-29 03:27:50 +0200[diff] [blame]1140void msc_a_update_id_from_mi(struct msc_a *msc_a, const struct osmo_mobile_identity *mi)
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1141{
Neels Hofmeyr46d526a2020-05-29 03:27:50 +0200[diff] [blame]1142 _msc_a_update_id(msc_a, "%s", osmo_mobile_identity_to_str_c(OTC_SELECT, mi));
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1143}
1144
1145/* Update msc_a->fi id string from current msc_a->vsub and msc_a->complete_layer3_type. */
1146void msc_a_update_id(struct msc_a *msc_a)
1147{
1148 _msc_a_update_id(msc_a, "%s", vlr_subscr_name(msc_a_vsub(msc_a)));
1149}
1150
1151/* Iterate all msc_a instances that are relevant for this subscriber, and update FSM ID strings for all of the FSM
1152 * instances. */
1153void msc_a_update_id_for_vsub(struct vlr_subscr *for_vsub)
1154{
1155 struct msub *msub;
1156 llist_for_each_entry(msub, &msub_list, entry) {
1157 struct vlr_subscr *vsub = msub_vsub(msub);
1158 if (vsub != for_vsub)
1159 continue;
1160 msc_a_update_id(msub_msc_a(msub));
1161 }
1162}
1163
1164static bool msg_is_initially_permitted(const struct gsm48_hdr *hdr)
1165{
1166 uint8_t pdisc = gsm48_hdr_pdisc(hdr);
1167 uint8_t msg_type = gsm48_hdr_msg_type(hdr);
1168
1169 switch (pdisc) {
1170 case GSM48_PDISC_MM:
1171 switch (msg_type) {
1172 case GSM48_MT_MM_LOC_UPD_REQUEST:
1173 case GSM48_MT_MM_CM_SERV_REQ:
1174 case GSM48_MT_MM_CM_REEST_REQ:
1175 case GSM48_MT_MM_AUTH_RESP:
1176 case GSM48_MT_MM_AUTH_FAIL:
1177 case GSM48_MT_MM_ID_RESP:
1178 case GSM48_MT_MM_TMSI_REALL_COMPL:
1179 case GSM48_MT_MM_IMSI_DETACH_IND:
1180 return true;
1181 default:
1182 break;
1183 }
1184 break;
1185 case GSM48_PDISC_RR:
1186 switch (msg_type) {
1187 /* GSM48_MT_RR_CIPH_M_COMPL is actually handled in bssmap_rx_ciph_compl() and gets redirected in the
1188 * BSSAP layer to ran_conn_cipher_mode_compl() (before this here is reached) */
1189 case GSM48_MT_RR_PAG_RESP:
1190 case GSM48_MT_RR_CIPH_M_COMPL:
1191 return true;
1192 default:
1193 break;
1194 }
1195 break;
1196 default:
1197 break;
1198 }
1199
1200 return false;
1201}
1202
1203/* Main entry point for GSM 04.08/44.008 Layer 3 data (e.g. from the BSC). */
1204int msc_a_up_l3(struct msc_a *msc_a, struct msgb *msg)
1205{
1206 struct gsm48_hdr *gh;
1207 uint8_t pdisc;
1208 int rc;
1209 struct vlr_subscr *vsub = msc_a_vsub(msc_a);
1210 int is_r99;
1211
1212 OSMO_ASSERT(msg->l3h);
1213 OSMO_ASSERT(msg);
1214
1215 gh = msgb_l3(msg);
1216 pdisc = gsm48_hdr_pdisc(gh);
1217
1218 LOG_MSC_A_CAT(msc_a, DRLL, LOGL_DEBUG, "Dispatching 04.08 message: %s %s\n",
1219 gsm48_pdisc_name(pdisc), gsm48_pdisc_msgtype_name(pdisc, gsm48_hdr_msg_type(gh)));
1220
1221 /* To evaluate the 3GPP TS 24.007 Duplicate Detection, we need Classmark information on whether the MS is R99
1222 * capable. If the subscriber is already actively connected, the Classmark information is stored with the
1223 * vlr_subscr. Otherwise, this *must* be a Complete Layer 3 with Classmark info. */
1224 if (vsub)
1225 is_r99 = osmo_gsm48_classmark_is_r99(&vsub->classmark) ? 1 : 0;
1226 else
1227 is_r99 = compl_l3_msg_is_r99(msg);
1228
1229 if (is_r99 < 0) {
1230 LOG_MSC_A(msc_a, LOGL_ERROR,
1231 "No Classmark Information, dropping non-Complete-Layer3 message: %s\n",
1232 gsm48_pdisc_msgtype_name(pdisc, gsm48_hdr_msg_type(gh)));
1233 return -EACCES;
1234 }
1235
1236 if (is_r99 >= 0
1237 && ran_dec_dtap_undup_is_duplicate(msc_a->c.fi, msc_a->n_sd_next, is_r99 ? true : false, msg)) {
1238 LOG_MSC_A(msc_a, LOGL_DEBUG, "Dropping duplicate message"
1239 " (3GPP TS 24.007 11.2.3.2 Message Type Octet / Duplicate Detection)\n");
1240 return 0;
1241 }
1242
1243 if (!msc_a_is_accepted(msc_a)
1244 && !msg_is_initially_permitted(gh)) {
1245 LOG_MSC_A(msc_a, LOGL_ERROR,
1246 "Message not permitted for initial conn: %s\n",
1247 gsm48_pdisc_msgtype_name(pdisc, gsm48_hdr_msg_type(gh)));
1248 return -EACCES;
1249 }
1250
1251 if (vsub && vsub->cs.attached_via_ran != msc_a->c.ran->type) {
1252 LOG_MSC_A(msc_a, LOGL_ERROR,
1253 "Illegal situation: RAN type mismatch:"
1254 " attached via %s, received message via %s\n",
1255 osmo_rat_type_name(vsub->cs.attached_via_ran),
1256 osmo_rat_type_name(msc_a->c.ran->type));
1257 return -EACCES;
1258 }
1259
1260#if 0
1261 if (silent_call_reroute(conn, msg))
1262 return silent_call_rx(conn, msg);
1263#endif
1264
1265 switch (pdisc) {
1266 case GSM48_PDISC_CC:
1267 rc = gsm0408_rcv_cc(msc_a, msg);
1268 break;
1269 case GSM48_PDISC_MM:
1270 rc = gsm0408_rcv_mm(msc_a, msg);
1271 break;
1272 case GSM48_PDISC_RR:
1273 rc = gsm0408_rcv_rr(msc_a, msg);
1274 break;
1275 case GSM48_PDISC_SMS:
1276 rc = gsm0411_rcv_sms(msc_a, msg);
1277 break;
1278 case GSM48_PDISC_MM_GPRS:
1279 case GSM48_PDISC_SM_GPRS:
1280 LOG_MSC_A_CAT(msc_a, DRLL, LOGL_NOTICE, "Unimplemented "
1281 "GSM 04.08 discriminator 0x%02x\n", pdisc);
1282 rc = -ENOTSUP;
1283 break;
1284 case GSM48_PDISC_NC_SS:
1285 rc = gsm0911_rcv_nc_ss(msc_a, msg);
1286 break;
1287 case GSM48_PDISC_TEST:
1288 rc = gsm0414_rcv_test(msc_a, msg);
1289 break;
1290 default:
1291 LOG_MSC_A_CAT(msc_a, DRLL, LOGL_NOTICE, "Unknown "
1292 "GSM 04.08 discriminator 0x%02x\n", pdisc);
1293 rc = -EINVAL;
1294 break;
1295 }
1296
1297 return rc;
1298}
1299
1300static void msc_a_up_call_assignment_complete(struct msc_a *msc_a, const struct ran_msg *ac)
1301{
1302 struct gsm_trans *cc_trans = msc_a->cc.active_trans;
1303 struct rtp_stream *rtps_to_ran = msc_a->cc.call_leg ? msc_a->cc.call_leg->rtp[RTP_TO_RAN] : NULL;
1304
1305 if (!rtps_to_ran) {
1306 LOG_MSC_A(msc_a, LOGL_ERROR, "Rx Assignment Complete, but no RTP stream is set up\n");
1307 return;
1308 }
1309 if (!cc_trans) {
1310 LOG_MSC_A(msc_a, LOGL_ERROR, "Rx Assignment Complete, but CC transaction is active\n");
1311 return;
1312 }
1313
Pau Espin Pedrola3cdab42019-05-09 17:54:08 +0200[diff] [blame]1314 if (rtps_to_ran->use_osmux != ac->assignment_complete.osmux_present) {
1315 LOG_MSC_A_CAT(msc_a, DCC, LOGL_ERROR, "Osmux usage ass request and complete don't match: %d vs %d\n",
1316 rtps_to_ran->use_osmux, ac->assignment_complete.osmux_present);
1317 call_leg_release(msc_a->cc.call_leg);
1318 return;
1319 }
1320
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1321 /* Update RAN-side endpoint CI: */
1322 rtp_stream_set_codec(rtps_to_ran, ac->assignment_complete.codec);
1323 rtp_stream_set_remote_addr(rtps_to_ran, &ac->assignment_complete.remote_rtp);
Pau Espin Pedrola3cdab42019-05-09 17:54:08 +0200[diff] [blame]1324 if (rtps_to_ran->use_osmux)
1325 rtp_stream_set_remote_osmux_cid(rtps_to_ran,
1326 ac->assignment_complete.osmux_cid);
1327
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1328 rtp_stream_commit(rtps_to_ran);
1329
1330 /* Setup CN side endpoint CI:
1331 * Now that
1332 * - the first CI has been created and a definitive endpoint name is assigned to the call_leg's MGW
1333 * endpoint,
1334 * - the Assignment has chosen a speech codec
1335 * go on to create the CN side RTP stream's CI. */
1336 if (call_leg_ensure_ci(msc_a->cc.call_leg, RTP_TO_CN, cc_trans->callref, cc_trans,
1337 &ac->assignment_complete.codec, NULL)) {
1338 LOG_MSC_A_CAT(msc_a, DCC, LOGL_ERROR, "Error creating MGW CI towards CN\n");
1339 call_leg_release(msc_a->cc.call_leg);
1340 return;
1341 }
1342}
1343
1344static void msc_a_up_call_assignment_failure(struct msc_a *msc_a, const struct ran_msg *af)
1345{
1346 struct gsm_trans *trans;
1347
1348 /* For a normal voice call, there will be an rtp_stream FSM. */
1349 if (msc_a->cc.call_leg && msc_a->cc.call_leg->rtp[RTP_TO_RAN]) {
1350 LOG_MSC_A(msc_a, LOGL_ERROR, "Assignment Failure, releasing call\n");
1351 rtp_stream_release(msc_a->cc.call_leg->rtp[RTP_TO_RAN]);
1352 return;
1353 }
1354
1355 /* Otherwise, a silent call might be active */
1356 trans = trans_find_by_type(msc_a, TRANS_SILENT_CALL);
1357 if (trans) {
1358 LOG_MSC_A(msc_a, LOGL_ERROR, "Assignment Failure, releasing silent call\n");
1359 trans_free(trans);
1360 return;
1361 }
1362
1363 /* Neither a voice call nor silent call assignment. Assume the worst and detach. */
1364 msc_a_release_cn(msc_a);
1365}
1366
1367static void msc_a_up_classmark_update(struct msc_a *msc_a, const struct osmo_gsm48_classmark *classmark,
1368 struct osmo_gsm48_classmark *dst)
1369{
1370 if (!dst) {
1371 struct vlr_subscr *vsub = msc_a_vsub(msc_a);
1372
1373 if (!vsub)
1374 dst = &msc_a->temporary_classmark;
1375 else
1376 dst = &vsub->classmark;
1377 }
1378
Martin Hauke3f07dac2019-11-14 17:49:08 +0100[diff] [blame]1379 LOG_MSC_A(msc_a, LOGL_DEBUG, "A5 capabilities received from Classmark Update: %s\n",
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1380 osmo_gsm48_classmark_a5_name(classmark));
1381 osmo_gsm48_classmark_update(dst, classmark);
1382
1383 /* bump subscr conn FSM in case it is waiting for a Classmark Update */
1384 if (msc_a->c.fi->state == MSC_A_ST_WAIT_CLASSMARK_UPDATE)
1385 osmo_fsm_inst_dispatch(msc_a->c.fi, MSC_A_EV_CLASSMARK_UPDATE, NULL);
1386}
1387
1388static void msc_a_up_sapi_n_reject(struct msc_a *msc_a, const struct ran_msg *msg)
1389{
1390 int sapi = msg->sapi_n_reject.dlci & 0x7;
1391 if (sapi == UM_SAPI_SMS)
1392 gsm411_sapi_n_reject(msc_a);
1393}
1394
1395static int msc_a_up_ho(struct msc_a *msc_a, const struct msc_a_ran_dec_data *d, uint32_t ho_fi_event)
1396{
1397 if (!msc_a->ho.fi) {
1398 LOG_MSC_A(msc_a, LOGL_ERROR, "Rx Handover message, but no Handover ongoing: %s\n", d->ran_dec->msg_name);
1399 return -EINVAL;
1400 }
1401 return osmo_fsm_inst_dispatch(msc_a->ho.fi, ho_fi_event, (void*)d);
1402}
1403
1404int msc_a_ran_dec_from_msc_i(struct msc_a *msc_a, struct msc_a_ran_dec_data *d)
1405{
1406 struct vlr_subscr *vsub = msc_a_vsub(msc_a);
1407 const struct ran_msg *msg = d->ran_dec;
1408 int rc = -99;
1409
1410 switch (msg->msg_type) {
1411
1412 case RAN_MSG_COMPL_L3:
Neels Hofmeyr68f50da2020-06-24 14:22:52 +0200[diff] [blame]1413 /* In case the cell_id from Complete Layer 3 Information lacks a PLMN, write the configured PLMN code
1414 * into msc_a->via_cell. Then overwrite with those bits obtained from Complete Layer 3 Information. */
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1415 msc_a->via_cell = (struct osmo_cell_global_id){
1416 .lai.plmn = msc_a_net(msc_a)->plmn,
1417 };
1418 gsm0808_cell_id_to_cgi(&msc_a->via_cell, msg->compl_l3.cell_id);
1419 rc = msc_a_up_l3(msc_a, msg->compl_l3.msg);
1420 if (!rc) {
1421 struct ran_conn *conn = msub_ran_conn(msc_a->c.msub);
1422 if (conn)
1423 ran_peer_cells_seen_add(conn->ran_peer, msg->compl_l3.cell_id);
1424 }
1425 break;
1426
1427 case RAN_MSG_DTAP:
1428 rc = msc_a_up_l3(msc_a, msg->dtap);
1429 break;
1430
1431 case RAN_MSG_CLEAR_REQUEST:
1432 rc = osmo_fsm_inst_dispatch(msc_a->c.fi, MSC_A_EV_MO_CLOSE, NULL);
1433 break;
1434
1435 case RAN_MSG_CLEAR_COMPLETE:
1436 switch (msc_a->c.fi->state) {
1437 case MSC_A_ST_RELEASING:
1438 msc_a_put_all(msc_a, MSC_A_USE_WAIT_CLEAR_COMPLETE);
1439 msc_a_state_chg(msc_a, MSC_A_ST_RELEASED);
1440 break;
1441 case MSC_A_ST_RELEASED:
1442 break;
1443 default:
1444 LOG_MSC_A(msc_a, LOGL_ERROR, "Received Clear Complete event, but did not send Clear Command\n");
1445 msc_a_state_chg(msc_a, MSC_A_ST_RELEASING);
1446 break;
1447 }
1448 rc = 0;
1449 break;
1450
1451 case RAN_MSG_CLASSMARK_UPDATE:
1452 msc_a_up_classmark_update(msc_a, msg->classmark_update.classmark, NULL);
1453 rc = 0;
1454 break;
1455
1456 case RAN_MSG_CIPHER_MODE_COMPLETE:
1457 /* Remember what Ciphering was negotiated (e.g. for Handover) */
1458 if (msg->cipher_mode_complete.alg_id) {
1459 msc_a->geran_encr.alg_id = msg->cipher_mode_complete.alg_id;
1460 LOG_MSC_A(msc_a, LOGL_DEBUG, "Cipher Mode Complete: chosen encryption algorithm: A5/%u\n",
1461 msc_a->geran_encr.alg_id - 1);
1462 };
1463 vlr_subscr_rx_ciph_res(vsub, VLR_CIPH_COMPL);
1464 rc = 0;
Neels Hofmeyre9a39112019-08-29 00:10:49 +0200[diff] [blame]1465
1466 /* Evaluate enclosed L3 message, typically Identity Response (IMEISV) */
1467 if (msg->cipher_mode_complete.l3_msg) {
1468 unsigned char *data = (unsigned char*)(msg->cipher_mode_complete.l3_msg->val);
1469 uint16_t len = msg->cipher_mode_complete.l3_msg->len;
1470 struct msgb *dtap = msgb_alloc(len, "DTAP from Cipher Mode Complete");
1471 unsigned char *pos = msgb_put(dtap, len);
1472 memcpy(pos, data, len);
1473 dtap->l3h = pos;
1474 rc = msc_a_up_l3(msc_a, dtap);
1475 msgb_free(dtap);
1476 }
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1477 break;
1478
1479 case RAN_MSG_CIPHER_MODE_REJECT:
1480 vlr_subscr_rx_ciph_res(vsub, VLR_CIPH_REJECT);
1481 rc = 0;
1482 break;
1483
1484 case RAN_MSG_ASSIGNMENT_COMPLETE:
1485 msc_a_up_call_assignment_complete(msc_a, msg);
1486 rc = 0;
1487 break;
1488
1489 case RAN_MSG_ASSIGNMENT_FAILURE:
1490 msc_a_up_call_assignment_failure(msc_a, msg);
1491 rc = 0;
1492 break;
1493
1494 case RAN_MSG_SAPI_N_REJECT:
1495 msc_a_up_sapi_n_reject(msc_a, msg);
1496 rc = 0;
1497 break;
1498
1499 case RAN_MSG_HANDOVER_PERFORMED:
1500 /* The BSS lets us know that a handover happened within the BSS, which doesn't concern us. */
1501 LOG_MSC_A(msc_a, LOGL_ERROR, "'Handover Performed' handling not implemented\n");
1502 break;
1503
1504 case RAN_MSG_HANDOVER_REQUIRED:
1505 /* The BSS lets us know that it wants to handover to a different cell */
1506 rc = osmo_fsm_inst_dispatch(msc_a->c.fi, MSC_A_EV_HANDOVER_REQUIRED, (void*)&msg->handover_required);
1507 break;
1508
1509 case RAN_MSG_HANDOVER_FAILURE:
1510 rc = msc_a_up_ho(msc_a, d, MSC_HO_EV_RX_FAILURE);
1511 break;
1512
Keith Whytea1a70be2021-05-16 02:59:52 +0200[diff] [blame]1513 case RAN_MSG_LCLS_STATUS:
1514 /* The BSS sends us LCLS_STATUS. We do nothing for now, but it is not an error. */
1515 LOG_MSC_A(msc_a, LOGL_DEBUG, "LCLS_STATUS (%s) received from MSC-I\n",
1516 gsm0808_lcls_status_name(msg->lcls_status.status));
1517 rc = 0;
1518 break;
1519
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1520 default:
1521 LOG_MSC_A(msc_a, LOGL_ERROR, "Message from MSC-I not implemented: %s\n", ran_msg_type_name(msg->msg_type));
1522 rc = -ENOTSUP;
1523 break;
1524 }
1525 return rc;
1526}
1527
1528static int msc_a_ran_dec_from_msc_t(struct msc_a *msc_a, struct msc_a_ran_dec_data *d)
1529{
1530 struct msc_t *msc_t = msc_a_msc_t(msc_a);
1531 int rc = -99;
1532
1533 if (!msc_t) {
1534 LOG_MSC_A(msc_a, LOGL_ERROR, "Rx message from MSC-T role, but I have no active MSC-T role.\n");
1535 return -EINVAL;
1536 }
1537
1538 OSMO_ASSERT(d->ran_dec);
1539
1540 switch (d->ran_dec->msg_type) {
1541
1542 case RAN_MSG_CLEAR_REQUEST:
1543 rc = osmo_fsm_inst_dispatch(msc_t->c.fi, MSC_T_EV_MO_CLOSE, NULL);
1544 break;
1545
1546 case RAN_MSG_CLEAR_COMPLETE:
1547 rc = osmo_fsm_inst_dispatch(msc_t->c.fi, MSC_T_EV_CLEAR_COMPLETE, NULL);
1548 break;
1549
1550 case RAN_MSG_CLASSMARK_UPDATE:
1551 msc_a_up_classmark_update(msc_a, d->ran_dec->classmark_update.classmark, &msc_t->classmark);
1552 rc = 0;
1553 break;
1554
1555 case RAN_MSG_HANDOVER_REQUEST_ACK:
1556 /* new BSS accepts Handover */
1557 rc = msc_a_up_ho(msc_a, d, MSC_HO_EV_RX_REQUEST_ACK);
1558 break;
1559
1560 case RAN_MSG_HANDOVER_DETECT:
1561 /* new BSS signals the MS is DETECTed on the new lchan */
1562 rc = msc_a_up_ho(msc_a, d, MSC_HO_EV_RX_DETECT);
1563 break;
1564
1565 case RAN_MSG_HANDOVER_COMPLETE:
1566 /* new BSS signals the MS has fully moved to the new lchan */
1567 rc = msc_a_up_ho(msc_a, d, MSC_HO_EV_RX_COMPLETE);
1568 break;
1569
1570 case RAN_MSG_HANDOVER_FAILURE:
1571 rc = msc_a_up_ho(msc_a, d, MSC_HO_EV_RX_FAILURE);
1572 break;
1573
1574 default:
1575 LOG_MSC_A(msc_a, LOGL_ERROR, "Message from MSC-T not implemented: %s\n",
1576 ran_msg_type_name(d->ran_dec->msg_type));
1577 rc = -ENOTSUP;
1578 break;
1579 }
1580 return rc;
1581}
1582
1583int msc_a_ran_decode_cb(struct osmo_fsm_inst *msc_a_fi, void *data, const struct ran_msg *msg)
1584{
1585 struct msc_a *msc_a = msc_a_fi_priv(msc_a_fi);
1586 struct msc_a_ran_dec_data *d = data;
1587 int rc = -99;
1588
1589 d->ran_dec = msg;
1590
1591 switch (d->from_role) {
1592 case MSC_ROLE_I:
1593 LOG_MSC_A(msc_a, LOGL_DEBUG, "RAN decode: %s\n", msg->msg_name ? : ran_msg_type_name(msg->msg_type));
1594 rc = msc_a_ran_dec_from_msc_i(msc_a, d);
1595 break;
1596
1597 case MSC_ROLE_T:
1598 LOG_MSC_A(msc_a, LOGL_DEBUG, "RAN decode from MSC-T: %s\n",
1599 msg->msg_name ? : ran_msg_type_name(msg->msg_type));
1600 rc = msc_a_ran_dec_from_msc_t(msc_a, d);
1601 break;
1602
1603 default:
1604 LOG_MSC_A(msc_a, LOGL_ERROR, "Message from invalid role %s: %s\n", msc_role_name(d->from_role),
1605 ran_msg_type_name(msg->msg_type));
1606 return -ENOTSUP;
1607 }
1608
1609 if (rc)
1610 LOG_MSC_A(msc_a, LOGL_ERROR, "RAN decode error (rc=%d) for %s from %s\n", rc, ran_msg_type_name(msg->msg_type),
1611 msc_role_name(d->from_role));
1612 return rc;
1613}
1614
1615/* Your typical DTAP via FORWARD_ACCESS_SIGNALLING_REQUEST */
1616int _msc_a_ran_down(struct msc_a *msc_a, enum msc_role to_role, const struct ran_msg *ran_msg,
1617 const char *file, int line)
1618{
1619 return _msc_a_msg_down(msc_a, to_role, msub_role_to_role_event(msc_a->c.msub, MSC_ROLE_A, to_role),
1620 ran_msg, file, line);
1621}
1622
1623/* To transmit more complex events than just FORWARD_ACCESS_SIGNALLING_REQUEST, e.g. an
1624 * MSC_T_EV_FROM_A_PREPARE_HANDOVER_REQUEST */
1625int _msc_a_msg_down(struct msc_a *msc_a, enum msc_role to_role, uint32_t to_role_event,
1626 const struct ran_msg *ran_msg,
1627 const char *file, int line)
1628{
1629 struct an_apdu an_apdu = {
1630 .an_proto = msc_a->c.ran->an_proto,
1631 .msg = msc_role_ran_encode(msc_a->c.fi, ran_msg),
1632 };
1633 int rc;
1634 if (!an_apdu.msg)
1635 return -EIO;
1636 rc = _msub_role_dispatch(msc_a->c.msub, to_role, to_role_event, &an_apdu, file, line);
1637 msgb_free(an_apdu.msg);
1638 return rc;
1639}
1640
1641int msc_a_tx_dtap_to_i(struct msc_a *msc_a, struct msgb *dtap)
1642{
1643 struct ran_msg ran_msg;
Neels Hofmeyrc192c0b2019-10-07 21:41:18 +0200[diff] [blame]1644 struct gsm48_hdr *gh = msgb_l3(dtap) ? : dtap->data;
1645 uint8_t pdisc = gsm48_hdr_pdisc(gh);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1646
Neels Hofmeyr2e8f8812019-08-21 16:56:41 +0200[diff] [blame]1647 if (!msc_a) {
Neels Hofmeyr2e8f8812019-08-21 16:56:41 +0200[diff] [blame]1648 LOGP(DMSC, LOGL_ERROR, "Attempt to send DTAP to NULL MSC-A, dropping message: %s %s\n",
1649 gsm48_pdisc_name(pdisc), gsm48_pdisc_msgtype_name(pdisc, gsm48_hdr_msg_type(gh)));
1650 msgb_free(dtap);
1651 return -EIO;
1652 }
1653
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1654 if (msc_a->c.ran->type == OSMO_RAT_EUTRAN_SGS) {
1655 /* The SGs connection to the MME always is at the MSC-A. */
1656 return sgs_iface_tx_dtap_ud(msc_a, dtap);
1657 }
1658
Neels Hofmeyrc192c0b2019-10-07 21:41:18 +0200[diff] [blame]1659 LOG_MSC_A(msc_a, LOGL_DEBUG, "Sending DTAP: %s %s\n",
1660 gsm48_pdisc_name(pdisc), gsm48_pdisc_msgtype_name(pdisc, gsm48_hdr_msg_type(gh)));
1661
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1662 ran_msg = (struct ran_msg){
1663 .msg_type = RAN_MSG_DTAP,
1664 .dtap = dtap,
1665 };
1666 return msc_a_ran_down(msc_a, MSC_ROLE_I, &ran_msg);
1667}
1668
1669struct msc_a *msc_a_for_vsub(const struct vlr_subscr *vsub, bool valid_conn_only)
1670{
1671 struct msc_a *msc_a = msub_msc_a(msub_for_vsub(vsub));
1672 if (valid_conn_only && !msc_a_is_accepted(msc_a))
1673 return NULL;
1674 return msc_a;
1675}
1676
1677int msc_tx_common_id(struct msc_a *msc_a, enum msc_role to_role)
1678{
1679 struct vlr_subscr *vsub = msc_a_vsub(msc_a);
Vadim Yanitskiy435f67f2021-06-06 15:47:49 +0200[diff] [blame]1680 if (vsub == NULL)
1681 return -ENODEV;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1682 struct ran_msg msg = {
1683 .msg_type = RAN_MSG_COMMON_ID,
1684 .common_id = {
1685 .imsi = vsub->imsi,
Pau Espin Pedrol67106702021-04-27 18:20:15 +0200[diff] [blame]1686 .last_eutran_plmn_present = vsub->sgs.last_eutran_plmn_present,
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1687 },
1688 };
Pau Espin Pedrol67106702021-04-27 18:20:15 +0200[diff] [blame]1689 if (vsub->sgs.last_eutran_plmn_present) {
1690 memcpy(&msg.common_id.last_eutran_plmn, &vsub->sgs.last_eutran_plmn,
1691 sizeof(vsub->sgs.last_eutran_plmn));
1692 }
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1693
1694 return msc_a_ran_down(msc_a, to_role, &msg);
1695}
1696
1697static int msc_a_start_assignment(struct msc_a *msc_a, struct gsm_trans *cc_trans)
1698{
1699 struct call_leg *cl = msc_a->cc.call_leg;
Pau Espin Pedrola3cdab42019-05-09 17:54:08 +0200[diff] [blame]1700 struct msc_i *msc_i = msc_a_msc_i(msc_a);
1701 struct gsm_network *net = msc_a_net(msc_a);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1702
1703 OSMO_ASSERT(!msc_a->cc.active_trans);
1704 msc_a->cc.active_trans = cc_trans;
1705
1706 OSMO_ASSERT(cc_trans && cc_trans->type == TRANS_CC);
1707
1708 if (!cl) {
1709 cl = msc_a->cc.call_leg = call_leg_alloc(msc_a->c.fi,
1710 MSC_EV_CALL_LEG_TERM,
1711 MSC_EV_CALL_LEG_RTP_LOCAL_ADDR_AVAILABLE,
Neels Hofmeyr265a4c72019-05-09 16:20:51 +0200[diff] [blame]1712 MSC_EV_CALL_LEG_RTP_COMPLETE);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1713 OSMO_ASSERT(cl);
1714
Martin Hauke3f07dac2019-11-14 17:49:08 +0100[diff] [blame]1715 /* HACK: We put the connection in loopback mode at the beginning to
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1716 * trick the hNodeB into doing the IuUP negotiation with itself.
1717 * This is a hack we need because osmo-mgw does not support IuUP yet, see OS#2459. */
1718 if (msc_a->c.ran->type == OSMO_RAT_UTRAN_IU)
1719 cl->crcx_conn_mode[RTP_TO_RAN] = MGCP_CONN_LOOPBACK;
1720 }
1721
Pau Espin Pedrola3cdab42019-05-09 17:54:08 +0200[diff] [blame]1722 if (net->use_osmux != OSMUX_USAGE_OFF) {
1723 msc_i = msc_a_msc_i(msc_a);
1724 if (msc_i->c.remote_to) {
1725 /* TODO: investigate what to do in this case */
1726 LOG_MSC_A(msc_a, LOGL_ERROR, "Osmux not yet supported for inter-MSC");
1727 } else {
1728 cl->ran_peer_supports_osmux = msc_i->ran_conn->ran_peer->remote_supports_osmux;
1729 }
1730 }
1731
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1732 /* This will lead to either MSC_EV_CALL_LEG_LOCAL_ADDR_AVAILABLE or MSC_EV_CALL_LEG_TERM.
1733 * If the local address is already known, then immediately trigger. */
1734 if (call_leg_local_ip(cl, RTP_TO_RAN))
1735 return osmo_fsm_inst_dispatch(msc_a->c.fi, MSC_EV_CALL_LEG_RTP_LOCAL_ADDR_AVAILABLE, cl->rtp[RTP_TO_RAN]);
1736 else
1737 return call_leg_ensure_ci(msc_a->cc.call_leg, RTP_TO_RAN, cc_trans->callref, cc_trans, NULL, NULL);
1738}
1739
1740int msc_a_try_call_assignment(struct gsm_trans *cc_trans)
1741{
1742 struct msc_a *msc_a = cc_trans->msc_a;
1743 OSMO_ASSERT(cc_trans->type == TRANS_CC);
1744
1745 if (msc_a->cc.active_trans == cc_trans) {
Neels Hofmeyrb4ef5e72019-08-30 01:11:12 +0200[diff] [blame]1746 LOG_MSC_A(msc_a, LOGL_DEBUG, "Assignment for this trans already started earlier\n");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1747 return 0;
1748 }
1749
1750 if (msc_a->cc.active_trans) {
1751 LOG_MSC_A(msc_a, LOGL_INFO, "Another call is already ongoing, not assigning yet\n");
1752 return 0;
1753 }
1754
1755 LOG_MSC_A(msc_a, LOGL_DEBUG, "Starting call assignment\n");
1756 return msc_a_start_assignment(msc_a, cc_trans);
1757}
1758
1759const char *msc_a_cm_service_type_to_use(enum osmo_cm_service_type cm_service_type)
1760{
1761 switch (cm_service_type) {
1762 case GSM48_CMSERV_MO_CALL_PACKET:
1763 case GSM48_CMSERV_EMERGENCY:
1764 return MSC_A_USE_CM_SERVICE_CC;
1765
1766 case GSM48_CMSERV_SMS:
1767 return MSC_A_USE_CM_SERVICE_SMS;
1768
1769 case GSM48_CMSERV_SUP_SERV:
1770 return MSC_A_USE_CM_SERVICE_SS;
1771
1772 default:
1773 return NULL;
1774 }
1775}
1776
1777void msc_a_release_cn(struct msc_a *msc_a)
1778{
1779 osmo_fsm_inst_dispatch(msc_a->c.fi, MSC_A_EV_CN_CLOSE, NULL);
1780}
1781
1782void msc_a_release_mo(struct msc_a *msc_a, enum gsm48_gsm_cause gsm_cause)
1783{
1784 osmo_fsm_inst_dispatch(msc_a->c.fi, MSC_A_EV_MO_CLOSE, NULL);
1785}