Gitiles
Code Review Sign In
gerrit.osmocom.org / osmo-msc / 27989d41dc3ec1503422c9ef802419d1a3a11748 / . / src / libmsc / gsm_04_08_cc.c
blob: 8becd0553c051b0d5a35a56e8c402842717fa3b5 [file] [log] [blame]
Harald Welte27989d42018-06-21 20:39:20 +0200[diff] [blame^]1/* GSM Mobile Radio Interface Layer 3 Call Control */
2
3/* (C) 2008-2016 by Harald Welte <laforge@gnumonks.org>
4 * (C) 2008-2012 by Holger Hans Peter Freyther <zecke@selfish.org>
5 *
6 * All Rights Reserved
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU Affero General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU Affero General Public License for more details.
17 *
18 * You should have received a copy of the GNU Affero General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>.
20 *
21 */
22
23#include <stdio.h>
24#include <stdlib.h>
25#include <string.h>
26#include <stdbool.h>
27#include <errno.h>
28#include <time.h>
29#include <netinet/in.h>
30#include <regex.h>
31#include <sys/types.h>
32
33#include "bscconfig.h"
34
35#include <osmocom/msc/db.h>
36#include <osmocom/msc/debug.h>
37#include <osmocom/msc/gsm_data.h>
38#include <osmocom/msc/gsm_subscriber.h>
39#include <osmocom/msc/gsm_04_11.h>
40#include <osmocom/msc/gsm_04_08.h>
41#include <osmocom/msc/gsm_04_80.h>
42#include <osmocom/msc/gsm_04_14.h>
43#include <osmocom/msc/gsm_09_11.h>
44#include <osmocom/msc/signal.h>
45#include <osmocom/msc/transaction.h>
46#include <osmocom/msc/silent_call.h>
47#include <osmocom/msc/osmo_msc.h>
48#include <osmocom/msc/mncc_int.h>
49#include <osmocom/abis/e1_input.h>
50#include <osmocom/core/bitvec.h>
51#include <osmocom/msc/vlr.h>
52#include <osmocom/msc/msc_ifaces.h>
53
54#include <osmocom/gsm/gsm48.h>
55#include <osmocom/gsm/gsm0480.h>
56#include <osmocom/gsm/gsm_utils.h>
57#include <osmocom/gsm/protocol/gsm_04_08.h>
58#include <osmocom/core/msgb.h>
59#include <osmocom/core/talloc.h>
60#include <osmocom/core/utils.h>
61#include <osmocom/core/byteswap.h>
62#include <osmocom/gsm/tlv.h>
63#include <osmocom/crypt/auth.h>
64#ifdef BUILD_IU
65#include <osmocom/ranap/iu_client.h>
66#endif
67
68#include <osmocom/msc/msc_ifaces.h>
69#include <osmocom/msc/a_iface.h>
70#include <osmocom/msc/msc_mgcp.h>
71
72#include <assert.h>
73
74static uint32_t new_callref = 0x80000001;
75
76
77/* Call Control */
78
79void cc_tx_to_mncc(struct gsm_network *net, struct msgb *msg)
80{
81 net->mncc_recv(net, msg);
82}
83
84int gsm48_cc_tx_notify_ss(struct gsm_trans *trans, const char *message)
85{
86 struct gsm48_hdr *gh;
87 struct msgb *ss_notify;
88
89 ss_notify = gsm0480_create_notifySS(message);
90 if (!ss_notify)
91 return -1;
92
93 gsm0480_wrap_invoke(ss_notify, GSM0480_OP_CODE_NOTIFY_SS, 0);
94 uint8_t *data = msgb_push(ss_notify, 1);
95 data[0] = ss_notify->len - 1;
96 gh = (struct gsm48_hdr *) msgb_push(ss_notify, sizeof(*gh));
97 gh->msg_type = GSM48_MT_CC_FACILITY;
98 return gsm48_conn_sendmsg(ss_notify, trans->conn, trans);
99}
100
101/* FIXME: this count_statistics is a state machine behaviour. we should convert
102 * the complete call control into a state machine. Afterwards we can move this
103 * code into state transitions.
104 */
105static void count_statistics(struct gsm_trans *trans, int new_state)
106{
107 int old_state = trans->cc.state;
108 struct rate_ctr_group *msc = trans->net->msc_ctrs;
109
110 if (old_state == new_state)
111 return;
112
113 /* state incoming */
114 switch (new_state) {
115 case GSM_CSTATE_ACTIVE:
116 osmo_counter_inc(trans->net->active_calls);
117 rate_ctr_inc(&msc->ctr[MSC_CTR_CALL_ACTIVE]);
118 break;
119 }
120
121 /* state outgoing */
122 switch (old_state) {
123 case GSM_CSTATE_ACTIVE:
124 osmo_counter_dec(trans->net->active_calls);
125 if (new_state == GSM_CSTATE_DISCONNECT_REQ ||
126 new_state == GSM_CSTATE_DISCONNECT_IND)
127 rate_ctr_inc(&msc->ctr[MSC_CTR_CALL_COMPLETE]);
128 else
129 rate_ctr_inc(&msc->ctr[MSC_CTR_CALL_INCOMPLETE]);
130 break;
131 }
132}
133
134/* The entire call control code is written in accordance with Figure 7.10c
135 * for 'very early assignment', i.e. we allocate a TCH/F during IMMEDIATE
136 * ASSIGN, then first use that TCH/F for signalling and later MODE MODIFY
137 * it for voice */
138
139static void new_cc_state(struct gsm_trans *trans, int state)
140{
141 if (state > 31 || state < 0)
142 return;
143
144 DEBUGP(DCC, "(ti %02x sub %s) new state %s -> %s\n",
145 trans->transaction_id,
146 vlr_subscr_name(trans->vsub),
147 gsm48_cc_state_name(trans->cc.state),
148 gsm48_cc_state_name(state));
149
150 count_statistics(trans, state);
151 trans->cc.state = state;
152}
153
154static int gsm48_cc_tx_status(struct gsm_trans *trans, void *arg)
155{
156 struct msgb *msg = gsm48_msgb_alloc_name("GSM 04.08 CC STATUS");
157 struct gsm48_hdr *gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh));
158 uint8_t *cause, *call_state;
159
160 gh->msg_type = GSM48_MT_CC_STATUS;
161
162 cause = msgb_put(msg, 3);
163 cause[0] = 2;
164 cause[1] = GSM48_CAUSE_CS_GSM | GSM48_CAUSE_LOC_USER;
165 cause[2] = 0x80 | 30; /* response to status inquiry */
166
167 call_state = msgb_put(msg, 1);
168 call_state[0] = 0xc0 | 0x00;
169
170 return gsm48_conn_sendmsg(msg, trans->conn, trans);
171}
172
173static void gsm48_stop_cc_timer(struct gsm_trans *trans)
174{
175 if (osmo_timer_pending(&trans->cc.timer)) {
176 DEBUGP(DCC, "stopping pending timer T%x\n", trans->cc.Tcurrent);
177 osmo_timer_del(&trans->cc.timer);
178 trans->cc.Tcurrent = 0;
179 }
180}
181
182static int mncc_recvmsg(struct gsm_network *net, struct gsm_trans *trans,
183 int msg_type, struct gsm_mncc *mncc)
184{
185 struct msgb *msg;
186 unsigned char *data;
187
188 DEBUGP(DMNCC, "transmit message %s\n", get_mncc_name(msg_type));
189
190#if BEFORE_MSCSPLIT
191 /* Re-enable this log output once we can obtain this information via
192 * A-interface, see OS#2391. */
193 if (trans)
194 if (trans->conn && trans->conn->lchan)
195 DEBUGP(DCC, "(bts %d trx %d ts %d ti %x sub %s) "
196 "Sending '%s' to MNCC.\n",
197 trans->conn->lchan->ts->trx->bts->nr,
198 trans->conn->lchan->ts->trx->nr,
199 trans->conn->lchan->ts->nr, trans->transaction_id,
200 vlr_subscr_msisdn_or_name(trans->vsub),
201 get_mncc_name(msg_type));
202 else
203 DEBUGP(DCC, "(bts - trx - ts - ti -- sub %s) "
204 "Sending '%s' to MNCC.\n",
205 vlr_subscr_msisdn_or_name(trans->vsub),
206 get_mncc_name(msg_type));
207 else
208 DEBUGP(DCC, "(bts - trx - ts - ti -- sub -) "
209 "Sending '%s' to MNCC.\n", get_mncc_name(msg_type));
210#else
211 DEBUGP(DCC, "Sending '%s' to MNCC.\n", get_mncc_name(msg_type));
212#endif
213
214 mncc->msg_type = msg_type;
215
216 msg = msgb_alloc(sizeof(struct gsm_mncc), "MNCC");
217 if (!msg)
218 return -ENOMEM;
219
220 data = msgb_put(msg, sizeof(struct gsm_mncc));
221 memcpy(data, mncc, sizeof(struct gsm_mncc));
222
223 cc_tx_to_mncc(net, msg);
224
225 return 0;
226}
227
228int mncc_release_ind(struct gsm_network *net, struct gsm_trans *trans,
229 uint32_t callref, int location, int value)
230{
231 struct gsm_mncc rel;
232
233 memset(&rel, 0, sizeof(rel));
234 rel.callref = callref;
235 mncc_set_cause(&rel, location, value);
236 if (trans && trans->cc.state == GSM_CSTATE_RELEASE_REQ)
237 return mncc_recvmsg(net, trans, MNCC_REL_CNF, &rel);
238 return mncc_recvmsg(net, trans, MNCC_REL_IND, &rel);
239}
240
241/* Call Control Specific transaction release.
242 * gets called by trans_free, DO NOT CALL YOURSELF! */
243void _gsm48_cc_trans_free(struct gsm_trans *trans)
244{
245 gsm48_stop_cc_timer(trans);
246
247 /* Initiate the teardown of the related connections on the MGW */
248 msc_mgcp_call_release(trans);
249
250 /* send release to L4, if callref still exists */
251 if (trans->callref) {
252 /* Ressource unavailable */
253 mncc_release_ind(trans->net, trans, trans->callref,
254 GSM48_CAUSE_LOC_PRN_S_LU,
255 GSM48_CC_CAUSE_RESOURCE_UNAVAIL);
256 /* This is a final freeing of the transaction. The MNCC release may have triggered the
257 * T308 release timer, but we don't have the luxury of graceful CC Release here. */
258 gsm48_stop_cc_timer(trans);
259 }
260 if (trans->cc.state != GSM_CSTATE_NULL)
261 new_cc_state(trans, GSM_CSTATE_NULL);
262}
263
264static int gsm48_cc_tx_setup(struct gsm_trans *trans, void *arg);
265
266/* call-back from paging the B-end of the connection */
267static int setup_trig_pag_evt(unsigned int hooknum, unsigned int event,
268 struct msgb *msg, void *_conn, void *_transt)
269{
270 struct gsm_subscriber_connection *conn = _conn;
271 struct gsm_trans *transt = _transt;
272 enum gsm_paging_event paging_event = event;
273
274 OSMO_ASSERT(!transt->conn);
275
276 switch (paging_event) {
277 case GSM_PAGING_SUCCEEDED:
278 DEBUGP(DCC, "Paging subscr %s succeeded!\n",
279 vlr_subscr_msisdn_or_name(transt->vsub));
280 OSMO_ASSERT(conn);
281 /* Assign conn */
282 transt->conn = msc_subscr_conn_get(conn, MSC_CONN_USE_TRANS_CC);
283 transt->paging_request = NULL;
284 /* send SETUP request to called party */
285 gsm48_cc_tx_setup(transt, &transt->cc.msg);
286 break;
287 case GSM_PAGING_EXPIRED:
288 case GSM_PAGING_BUSY:
289 DEBUGP(DCC, "Paging subscr %s %s!\n",
290 vlr_subscr_msisdn_or_name(transt->vsub),
291 paging_event == GSM_PAGING_EXPIRED ? "expired" : "busy");
292 /* Temporarily out of order */
293 mncc_release_ind(transt->net, transt,
294 transt->callref,
295 GSM48_CAUSE_LOC_PRN_S_LU,
296 GSM48_CC_CAUSE_DEST_OOO);
297 transt->callref = 0;
298 transt->paging_request = NULL;
299 trans_free(transt);
300 break;
301 }
302
303 return 0;
304}
305
306/* bridge channels of two transactions */
307static int tch_bridge(struct gsm_network *net, struct gsm_mncc_bridge *bridge)
308{
309 struct gsm_trans *trans1 = trans_find_by_callref(net, bridge->callref[0]);
310 struct gsm_trans *trans2 = trans_find_by_callref(net, bridge->callref[1]);
311 int rc;
312
313 if (!trans1 || !trans2)
314 return -EIO;
315
316 if (!trans1->conn || !trans2->conn)
317 return -EIO;
318
319 /* Which subscriber do we want to track trans1 or trans2? */
320 log_set_context(LOG_CTX_VLR_SUBSCR, trans1->vsub);
321
322 /* Bridge RTP streams */
323 rc = msc_mgcp_call_complete(trans1, trans2->conn->rtp.local_port_cn,
324 trans2->conn->rtp.local_addr_cn);
325 if (rc)
326 return -EINVAL;
327
328 rc = msc_mgcp_call_complete(trans2, trans1->conn->rtp.local_port_cn,
329 trans1->conn->rtp.local_addr_cn);
330 if (rc)
331 return -EINVAL;
332
333 return 0;
334}
335
336static int gsm48_cc_rx_status_enq(struct gsm_trans *trans, struct msgb *msg)
337{
338 DEBUGP(DCC, "-> STATUS ENQ\n");
339 return gsm48_cc_tx_status(trans, msg);
340}
341
342static int gsm48_cc_tx_release(struct gsm_trans *trans, void *arg);
343static int gsm48_cc_tx_disconnect(struct gsm_trans *trans, void *arg);
344
345static void gsm48_cc_timeout(void *arg)
346{
347 struct gsm_trans *trans = arg;
348 int disconnect = 0, release = 0;
349 int mo_cause = GSM48_CC_CAUSE_RECOVERY_TIMER;
350 int mo_location = GSM48_CAUSE_LOC_USER;
351 int l4_cause = GSM48_CC_CAUSE_NORMAL_UNSPEC;
352 int l4_location = GSM48_CAUSE_LOC_PRN_S_LU;
353 struct gsm_mncc mo_rel, l4_rel;
354
355 memset(&mo_rel, 0, sizeof(struct gsm_mncc));
356 mo_rel.callref = trans->callref;
357 memset(&l4_rel, 0, sizeof(struct gsm_mncc));
358 l4_rel.callref = trans->callref;
359
360 switch(trans->cc.Tcurrent) {
361 case 0x303:
362 release = 1;
363 l4_cause = GSM48_CC_CAUSE_USER_NOTRESPOND;
364 break;
365 case 0x310:
366 disconnect = 1;
367 l4_cause = GSM48_CC_CAUSE_USER_NOTRESPOND;
368 break;
369 case 0x313:
370 disconnect = 1;
371 /* unknown, did not find it in the specs */
372 break;
373 case 0x301:
374 disconnect = 1;
375 l4_cause = GSM48_CC_CAUSE_USER_NOTRESPOND;
376 break;
377 case 0x308:
378 if (!trans->cc.T308_second) {
379 /* restart T308 a second time */
380 gsm48_cc_tx_release(trans, &trans->cc.msg);
381 trans->cc.T308_second = 1;
382 break; /* stay in release state */
383 }
384 trans_free(trans);
385 return;
386 case 0x306:
387 release = 1;
388 mo_cause = trans->cc.msg.cause.value;
389 mo_location = trans->cc.msg.cause.location;
390 break;
391 case 0x323:
392 disconnect = 1;
393 break;
394 default:
395 release = 1;
396 }
397
398 if (release && trans->callref) {
399 /* process release towards layer 4 */
400 mncc_release_ind(trans->net, trans, trans->callref,
401 l4_location, l4_cause);
402 trans->callref = 0;
403 }
404
405 if (disconnect && trans->callref) {
406 /* process disconnect towards layer 4 */
407 mncc_set_cause(&l4_rel, l4_location, l4_cause);
408 mncc_recvmsg(trans->net, trans, MNCC_DISC_IND, &l4_rel);
409 }
410
411 /* process disconnect towards mobile station */
412 if (disconnect || release) {
413 mncc_set_cause(&mo_rel, mo_location, mo_cause);
414 mo_rel.cause.diag[0] = ((trans->cc.Tcurrent & 0xf00) >> 8) + '0';
415 mo_rel.cause.diag[1] = ((trans->cc.Tcurrent & 0x0f0) >> 4) + '0';
416 mo_rel.cause.diag[2] = (trans->cc.Tcurrent & 0x00f) + '0';
417 mo_rel.cause.diag_len = 3;
418
419 if (disconnect)
420 gsm48_cc_tx_disconnect(trans, &mo_rel);
421 if (release)
422 gsm48_cc_tx_release(trans, &mo_rel);
423 }
424
425}
426
427/* disconnect both calls from the bridge */
428static inline void disconnect_bridge(struct gsm_network *net,
429 struct gsm_mncc_bridge *bridge, int err)
430{
431 struct gsm_trans *trans0 = trans_find_by_callref(net, bridge->callref[0]);
432 struct gsm_trans *trans1 = trans_find_by_callref(net, bridge->callref[1]);
433 struct gsm_mncc mx_rel;
434 if (!trans0 || !trans1)
435 return;
436
437 DEBUGP(DCC, "Failed to bridge TCH for calls %x <-> %x :: %s \n",
438 trans0->callref, trans1->callref, strerror(err));
439
440 memset(&mx_rel, 0, sizeof(struct gsm_mncc));
441 mncc_set_cause(&mx_rel, GSM48_CAUSE_LOC_INN_NET,
442 GSM48_CC_CAUSE_CHAN_UNACCEPT);
443
444 mx_rel.callref = trans0->callref;
445 gsm48_cc_tx_disconnect(trans0, &mx_rel);
446
447 mx_rel.callref = trans1->callref;
448 gsm48_cc_tx_disconnect(trans1, &mx_rel);
449}
450
451static void gsm48_start_cc_timer(struct gsm_trans *trans, int current,
452 int sec, int micro)
453{
454 DEBUGP(DCC, "starting timer T%x with %d seconds\n", current, sec);
455 osmo_timer_setup(&trans->cc.timer, gsm48_cc_timeout, trans);
456 osmo_timer_schedule(&trans->cc.timer, sec, micro);
457 trans->cc.Tcurrent = current;
458}
459
460static int gsm48_cc_rx_setup(struct gsm_trans *trans, struct msgb *msg)
461{
462 struct gsm48_hdr *gh = msgb_l3(msg);
463 uint8_t msg_type = gsm48_hdr_msg_type(gh);
464 unsigned int payload_len = msgb_l3len(msg) - sizeof(*gh);
465 struct tlv_parsed tp;
466 struct gsm_mncc setup;
467
468 memset(&setup, 0, sizeof(struct gsm_mncc));
469 setup.callref = trans->callref;
470
471 tlv_parse(&tp, &gsm48_att_tlvdef, gh->data, payload_len, 0, 0);
472 /* emergency setup is identified by msg_type */
473 if (msg_type == GSM48_MT_CC_EMERG_SETUP) {
474 setup.fields |= MNCC_F_EMERGENCY;
475 setup.emergency = 1;
476 /* use destination number as configured by user (if any) */
477 if (trans->net->emergency.route_to_msisdn) {
478 setup.fields |= MNCC_F_CALLED;
479 setup.called.type = 0; /* unknown */
480 setup.called.plan = 0; /* unknown */
481 OSMO_STRLCPY_ARRAY(setup.called.number,
482 trans->net->emergency.route_to_msisdn);
483 }
484 }
485
486 /* use subscriber as calling party number */
487 setup.fields |= MNCC_F_CALLING;
488 OSMO_STRLCPY_ARRAY(setup.calling.number, trans->vsub->msisdn);
489 OSMO_STRLCPY_ARRAY(setup.imsi, trans->vsub->imsi);
490
491 /* bearer capability */
492 if (TLVP_PRESENT(&tp, GSM48_IE_BEARER_CAP)) {
493 setup.fields |= MNCC_F_BEARER_CAP;
494 gsm48_decode_bearer_cap(&setup.bearer_cap,
495 TLVP_VAL(&tp, GSM48_IE_BEARER_CAP)-1);
496
497 /* Create a copy of the bearer capability
498 * in the transaction struct, so we can use
499 * this information later */
500 memcpy(&trans->bearer_cap,&setup.bearer_cap,
501 sizeof(trans->bearer_cap));
502 }
503 /* facility */
504 if (TLVP_PRESENT(&tp, GSM48_IE_FACILITY)) {
505 setup.fields |= MNCC_F_FACILITY;
506 gsm48_decode_facility(&setup.facility,
507 TLVP_VAL(&tp, GSM48_IE_FACILITY)-1);
508 }
509 /* called party bcd number */
510 if (TLVP_PRESENT(&tp, GSM48_IE_CALLED_BCD)) {
511 setup.fields |= MNCC_F_CALLED;
512 gsm48_decode_called(&setup.called,
513 TLVP_VAL(&tp, GSM48_IE_CALLED_BCD)-1);
514 }
515 /* user-user */
516 if (TLVP_PRESENT(&tp, GSM48_IE_USER_USER)) {
517 setup.fields |= MNCC_F_USERUSER;
518 gsm48_decode_useruser(&setup.useruser,
519 TLVP_VAL(&tp, GSM48_IE_USER_USER)-1);
520 }
521 /* ss-version */
522 if (TLVP_PRESENT(&tp, GSM48_IE_SS_VERS)) {
523 setup.fields |= MNCC_F_SSVERSION;
524 gsm48_decode_ssversion(&setup.ssversion,
525 TLVP_VAL(&tp, GSM48_IE_SS_VERS)-1);
526 }
527 /* CLIR suppression */
528 if (TLVP_PRESENT(&tp, GSM48_IE_CLIR_SUPP))
529 setup.clir.sup = 1;
530 /* CLIR invocation */
531 if (TLVP_PRESENT(&tp, GSM48_IE_CLIR_INVOC))
532 setup.clir.inv = 1;
533 /* cc cap */
534 if (TLVP_PRESENT(&tp, GSM48_IE_CC_CAP)) {
535 setup.fields |= MNCC_F_CCCAP;
536 gsm48_decode_cccap(&setup.cccap,
537 TLVP_VAL(&tp, GSM48_IE_CC_CAP)-1);
538 }
539
540 new_cc_state(trans, GSM_CSTATE_INITIATED);
541
542 LOGP(DCC, setup.emergency ? LOGL_NOTICE : LOGL_INFO, "Subscriber %s (%s) sends %sSETUP to %s\n",
543 vlr_subscr_name(trans->vsub), trans->vsub->msisdn, setup.emergency ? "EMERGENCY_" : "",
544 setup.called.number);
545
546 rate_ctr_inc(&trans->net->msc_ctrs->ctr[MSC_CTR_CALL_MO_SETUP]);
547
548 /* indicate setup to MNCC */
549 mncc_recvmsg(trans->net, trans, MNCC_SETUP_IND, &setup);
550
551 /* MNCC code will modify the channel asynchronously, we should
552 * ipaccess-bind only after the modification has been made to the
553 * lchan->tch_mode */
554 return 0;
555}
556
557static int gsm48_cc_tx_setup(struct gsm_trans *trans, void *arg)
558{
559 struct msgb *msg = gsm48_msgb_alloc_name("GSM 04.08 CC STUP");
560 struct gsm48_hdr *gh;
561 struct gsm_mncc *setup = arg;
562 int rc, trans_id;
563
564 gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh));
565
566 /* transaction id must not be assigned */
567 if (trans->transaction_id != 0xff) { /* unasssigned */
568 DEBUGP(DCC, "TX Setup with assigned transaction. "
569 "This is not allowed!\n");
570 /* Temporarily out of order */
571 rc = mncc_release_ind(trans->net, trans, trans->callref,
572 GSM48_CAUSE_LOC_PRN_S_LU,
573 GSM48_CC_CAUSE_RESOURCE_UNAVAIL);
574 trans->callref = 0;
575 trans_free(trans);
576 return rc;
577 }
578
579 /* Get free transaction_id */
580 trans_id = trans_assign_trans_id(trans->net, trans->vsub,
581 GSM48_PDISC_CC, 0);
582 if (trans_id < 0) {
583 /* no free transaction ID */
584 rc = mncc_release_ind(trans->net, trans, trans->callref,
585 GSM48_CAUSE_LOC_PRN_S_LU,
586 GSM48_CC_CAUSE_RESOURCE_UNAVAIL);
587 trans->callref = 0;
588 trans_free(trans);
589 return rc;
590 }
591 trans->transaction_id = trans_id;
592
593 gh->msg_type = GSM48_MT_CC_SETUP;
594
595 gsm48_start_cc_timer(trans, 0x303, GSM48_T303);
596
597 /* bearer capability */
598 if (setup->fields & MNCC_F_BEARER_CAP) {
599 /* Create a copy of the bearer capability in the transaction struct, so we
600 * can use this information later */
601 memcpy(&trans->bearer_cap, &setup->bearer_cap, sizeof(trans->bearer_cap));
602 gsm48_encode_bearer_cap(msg, 0, &setup->bearer_cap);
603 }
604 /* facility */
605 if (setup->fields & MNCC_F_FACILITY)
606 gsm48_encode_facility(msg, 0, &setup->facility);
607 /* progress */
608 if (setup->fields & MNCC_F_PROGRESS)
609 gsm48_encode_progress(msg, 0, &setup->progress);
610 /* calling party BCD number */
611 if (setup->fields & MNCC_F_CALLING)
612 gsm48_encode_calling(msg, &setup->calling);
613 /* called party BCD number */
614 if (setup->fields & MNCC_F_CALLED)
615 gsm48_encode_called(msg, &setup->called);
616 /* user-user */
617 if (setup->fields & MNCC_F_USERUSER)
618 gsm48_encode_useruser(msg, 0, &setup->useruser);
619 /* redirecting party BCD number */
620 if (setup->fields & MNCC_F_REDIRECTING)
621 gsm48_encode_redirecting(msg, &setup->redirecting);
622 /* signal */
623 if (setup->fields & MNCC_F_SIGNAL)
624 gsm48_encode_signal(msg, setup->signal);
625
626 new_cc_state(trans, GSM_CSTATE_CALL_PRESENT);
627
628 rate_ctr_inc(&trans->net->msc_ctrs->ctr[MSC_CTR_CALL_MT_SETUP]);
629
630 return gsm48_conn_sendmsg(msg, trans->conn, trans);
631}
632
633static int gsm48_cc_rx_call_conf(struct gsm_trans *trans, struct msgb *msg)
634{
635 struct gsm48_hdr *gh = msgb_l3(msg);
636 unsigned int payload_len = msgb_l3len(msg) - sizeof(*gh);
637 struct tlv_parsed tp;
638 struct gsm_mncc call_conf;
639 int rc;
640
641 gsm48_stop_cc_timer(trans);
642 gsm48_start_cc_timer(trans, 0x310, GSM48_T310);
643
644 memset(&call_conf, 0, sizeof(struct gsm_mncc));
645 call_conf.callref = trans->callref;
646
647 tlv_parse(&tp, &gsm48_att_tlvdef, gh->data, payload_len, 0, 0);
648#if 0
649 /* repeat */
650 if (TLVP_PRESENT(&tp, GSM48_IE_REPEAT_CIR))
651 call_conf.repeat = 1;
652 if (TLVP_PRESENT(&tp, GSM48_IE_REPEAT_SEQ))
653 call_conf.repeat = 2;
654#endif
655 /* bearer capability */
656 if (TLVP_PRESENT(&tp, GSM48_IE_BEARER_CAP)) {
657 call_conf.fields |= MNCC_F_BEARER_CAP;
658 gsm48_decode_bearer_cap(&call_conf.bearer_cap,
659 TLVP_VAL(&tp, GSM48_IE_BEARER_CAP)-1);
660
661 /* Create a copy of the bearer capability
662 * in the transaction struct, so we can use
663 * this information later */
664 memcpy(&trans->bearer_cap,&call_conf.bearer_cap,
665 sizeof(trans->bearer_cap));
666 }
667 /* cause */
668 if (TLVP_PRESENT(&tp, GSM48_IE_CAUSE)) {
669 call_conf.fields |= MNCC_F_CAUSE;
670 gsm48_decode_cause(&call_conf.cause,
671 TLVP_VAL(&tp, GSM48_IE_CAUSE)-1);
672 }
673 /* cc cap */
674 if (TLVP_PRESENT(&tp, GSM48_IE_CC_CAP)) {
675 call_conf.fields |= MNCC_F_CCCAP;
676 gsm48_decode_cccap(&call_conf.cccap,
677 TLVP_VAL(&tp, GSM48_IE_CC_CAP)-1);
678 }
679
680 /* IMSI of called subscriber */
681 OSMO_STRLCPY_ARRAY(call_conf.imsi, trans->vsub->imsi);
682
683 new_cc_state(trans, GSM_CSTATE_MO_TERM_CALL_CONF);
684
685 /* Assign call (if not done yet) */
686 if (trans->assignment_done == false) {
687 rc = msc_mgcp_call_assignment(trans);
688 trans->assignment_done = true;
689 }
690 else
691 rc = 0;
692
693 /* don't continue, if there were problems with
694 * the call assignment. */
695 if (rc)
696 return rc;
697
698 return mncc_recvmsg(trans->net, trans, MNCC_CALL_CONF_IND,
699 &call_conf);
700}
701
702static int gsm48_cc_tx_call_proc_and_assign(struct gsm_trans *trans, void *arg)
703{
704 struct gsm_mncc *proceeding = arg;
705 struct msgb *msg = gsm48_msgb_alloc_name("GSM 04.08 CC PROC");
706 struct gsm48_hdr *gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh));
707 int rc;
708
709 gh->msg_type = GSM48_MT_CC_CALL_PROC;
710
711 new_cc_state(trans, GSM_CSTATE_MO_CALL_PROC);
712
713 /* bearer capability */
714 if (proceeding->fields & MNCC_F_BEARER_CAP) {
715 gsm48_encode_bearer_cap(msg, 0, &proceeding->bearer_cap);
716 memcpy(&trans->bearer_cap, &proceeding->bearer_cap, sizeof(trans->bearer_cap));
717 }
718 /* facility */
719 if (proceeding->fields & MNCC_F_FACILITY)
720 gsm48_encode_facility(msg, 0, &proceeding->facility);
721 /* progress */
722 if (proceeding->fields & MNCC_F_PROGRESS)
723 gsm48_encode_progress(msg, 0, &proceeding->progress);
724
725 rc = gsm48_conn_sendmsg(msg, trans->conn, trans);
726 if (rc)
727 return rc;
728
729 /* Assign call (if not done yet) */
730 if (trans->assignment_done == false) {
731 rc = msc_mgcp_call_assignment(trans);
732 trans->assignment_done = true;
733 }
734 else
735 rc = 0;
736
737 return rc;
738}
739
740static int gsm48_cc_rx_alerting(struct gsm_trans *trans, struct msgb *msg)
741{
742 struct gsm48_hdr *gh = msgb_l3(msg);
743 unsigned int payload_len = msgb_l3len(msg) - sizeof(*gh);
744 struct tlv_parsed tp;
745 struct gsm_mncc alerting;
746
747 gsm48_stop_cc_timer(trans);
748 gsm48_start_cc_timer(trans, 0x301, GSM48_T301);
749
750 memset(&alerting, 0, sizeof(struct gsm_mncc));
751 alerting.callref = trans->callref;
752 tlv_parse(&tp, &gsm48_att_tlvdef, gh->data, payload_len, 0, 0);
753 /* facility */
754 if (TLVP_PRESENT(&tp, GSM48_IE_FACILITY)) {
755 alerting.fields |= MNCC_F_FACILITY;
756 gsm48_decode_facility(&alerting.facility,
757 TLVP_VAL(&tp, GSM48_IE_FACILITY)-1);
758 }
759
760 /* progress */
761 if (TLVP_PRESENT(&tp, GSM48_IE_PROGR_IND)) {
762 alerting.fields |= MNCC_F_PROGRESS;
763 gsm48_decode_progress(&alerting.progress,
764 TLVP_VAL(&tp, GSM48_IE_PROGR_IND)-1);
765 }
766 /* ss-version */
767 if (TLVP_PRESENT(&tp, GSM48_IE_SS_VERS)) {
768 alerting.fields |= MNCC_F_SSVERSION;
769 gsm48_decode_ssversion(&alerting.ssversion,
770 TLVP_VAL(&tp, GSM48_IE_SS_VERS)-1);
771 }
772
773 new_cc_state(trans, GSM_CSTATE_CALL_RECEIVED);
774
775 return mncc_recvmsg(trans->net, trans, MNCC_ALERT_IND,
776 &alerting);
777}
778
779static int gsm48_cc_tx_alerting(struct gsm_trans *trans, void *arg)
780{
781 struct gsm_mncc *alerting = arg;
782 struct msgb *msg = gsm48_msgb_alloc_name("GSM 04.08 CC ALERT");
783 struct gsm48_hdr *gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh));
784
785 gh->msg_type = GSM48_MT_CC_ALERTING;
786
787 /* facility */
788 if (alerting->fields & MNCC_F_FACILITY)
789 gsm48_encode_facility(msg, 0, &alerting->facility);
790 /* progress */
791 if (alerting->fields & MNCC_F_PROGRESS)
792 gsm48_encode_progress(msg, 0, &alerting->progress);
793 /* user-user */
794 if (alerting->fields & MNCC_F_USERUSER)
795 gsm48_encode_useruser(msg, 0, &alerting->useruser);
796
797 new_cc_state(trans, GSM_CSTATE_CALL_DELIVERED);
798
799 return gsm48_conn_sendmsg(msg, trans->conn, trans);
800}
801
802static int gsm48_cc_tx_progress(struct gsm_trans *trans, void *arg)
803{
804 struct gsm_mncc *progress = arg;
805 struct msgb *msg = gsm48_msgb_alloc_name("GSM 04.08 CC PROGRESS");
806 struct gsm48_hdr *gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh));
807
808 gh->msg_type = GSM48_MT_CC_PROGRESS;
809
810 /* progress */
811 gsm48_encode_progress(msg, 1, &progress->progress);
812 /* user-user */
813 if (progress->fields & MNCC_F_USERUSER)
814 gsm48_encode_useruser(msg, 0, &progress->useruser);
815
816 return gsm48_conn_sendmsg(msg, trans->conn, trans);
817}
818
819static int gsm48_cc_tx_connect(struct gsm_trans *trans, void *arg)
820{
821 struct gsm_mncc *connect = arg;
822 struct msgb *msg = gsm48_msgb_alloc_name("GSN 04.08 CC CON");
823 struct gsm48_hdr *gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh));
824
825 gh->msg_type = GSM48_MT_CC_CONNECT;
826
827 gsm48_stop_cc_timer(trans);
828 gsm48_start_cc_timer(trans, 0x313, GSM48_T313);
829
830 /* facility */
831 if (connect->fields & MNCC_F_FACILITY)
832 gsm48_encode_facility(msg, 0, &connect->facility);
833 /* progress */
834 if (connect->fields & MNCC_F_PROGRESS)
835 gsm48_encode_progress(msg, 0, &connect->progress);
836 /* connected number */
837 if (connect->fields & MNCC_F_CONNECTED)
838 gsm48_encode_connected(msg, &connect->connected);
839 /* user-user */
840 if (connect->fields & MNCC_F_USERUSER)
841 gsm48_encode_useruser(msg, 0, &connect->useruser);
842
843 new_cc_state(trans, GSM_CSTATE_CONNECT_IND);
844
845 return gsm48_conn_sendmsg(msg, trans->conn, trans);
846}
847
848static int gsm48_cc_rx_connect(struct gsm_trans *trans, struct msgb *msg)
849{
850 struct gsm48_hdr *gh = msgb_l3(msg);
851 unsigned int payload_len = msgb_l3len(msg) - sizeof(*gh);
852 struct tlv_parsed tp;
853 struct gsm_mncc connect;
854
855 gsm48_stop_cc_timer(trans);
856
857 memset(&connect, 0, sizeof(struct gsm_mncc));
858 connect.callref = trans->callref;
859 tlv_parse(&tp, &gsm48_att_tlvdef, gh->data, payload_len, 0, 0);
860 /* use subscriber as connected party number */
861 connect.fields |= MNCC_F_CONNECTED;
862 OSMO_STRLCPY_ARRAY(connect.connected.number, trans->vsub->msisdn);
863 OSMO_STRLCPY_ARRAY(connect.imsi, trans->vsub->imsi);
864
865 /* facility */
866 if (TLVP_PRESENT(&tp, GSM48_IE_FACILITY)) {
867 connect.fields |= MNCC_F_FACILITY;
868 gsm48_decode_facility(&connect.facility,
869 TLVP_VAL(&tp, GSM48_IE_FACILITY)-1);
870 }
871 /* user-user */
872 if (TLVP_PRESENT(&tp, GSM48_IE_USER_USER)) {
873 connect.fields |= MNCC_F_USERUSER;
874 gsm48_decode_useruser(&connect.useruser,
875 TLVP_VAL(&tp, GSM48_IE_USER_USER)-1);
876 }
877 /* ss-version */
878 if (TLVP_PRESENT(&tp, GSM48_IE_SS_VERS)) {
879 connect.fields |= MNCC_F_SSVERSION;
880 gsm48_decode_ssversion(&connect.ssversion,
881 TLVP_VAL(&tp, GSM48_IE_SS_VERS)-1);
882 }
883
884 new_cc_state(trans, GSM_CSTATE_CONNECT_REQUEST);
885 rate_ctr_inc(&trans->net->msc_ctrs->ctr[MSC_CTR_CALL_MT_CONNECT]);
886
887 return mncc_recvmsg(trans->net, trans, MNCC_SETUP_CNF, &connect);
888}
889
890
891static int gsm48_cc_rx_connect_ack(struct gsm_trans *trans, struct msgb *msg)
892{
893 struct gsm_mncc connect_ack;
894
895 gsm48_stop_cc_timer(trans);
896
897 new_cc_state(trans, GSM_CSTATE_ACTIVE);
898 rate_ctr_inc(&trans->net->msc_ctrs->ctr[MSC_CTR_CALL_MO_CONNECT_ACK]);
899
900 memset(&connect_ack, 0, sizeof(struct gsm_mncc));
901 connect_ack.callref = trans->callref;
902
903 return mncc_recvmsg(trans->net, trans, MNCC_SETUP_COMPL_IND,
904 &connect_ack);
905}
906
907static int gsm48_cc_tx_connect_ack(struct gsm_trans *trans, void *arg)
908{
909 struct msgb *msg = gsm48_msgb_alloc_name("GSM 04.08 CC CON ACK");
910 struct gsm48_hdr *gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh));
911
912 gh->msg_type = GSM48_MT_CC_CONNECT_ACK;
913
914 new_cc_state(trans, GSM_CSTATE_ACTIVE);
915
916 return gsm48_conn_sendmsg(msg, trans->conn, trans);
917}
918
919static int gsm48_cc_rx_disconnect(struct gsm_trans *trans, struct msgb *msg)
920{
921 struct gsm48_hdr *gh = msgb_l3(msg);
922 unsigned int payload_len = msgb_l3len(msg) - sizeof(*gh);
923 struct tlv_parsed tp;
924 struct gsm_mncc disc;
925
926 gsm48_stop_cc_timer(trans);
927
928 new_cc_state(trans, GSM_CSTATE_DISCONNECT_REQ);
929
930 memset(&disc, 0, sizeof(struct gsm_mncc));
931 disc.callref = trans->callref;
932 tlv_parse(&tp, &gsm48_att_tlvdef, gh->data, payload_len, GSM48_IE_CAUSE, 0);
933 /* cause */
934 if (TLVP_PRESENT(&tp, GSM48_IE_CAUSE)) {
935 disc.fields |= MNCC_F_CAUSE;
936 gsm48_decode_cause(&disc.cause,
937 TLVP_VAL(&tp, GSM48_IE_CAUSE)-1);
938 }
939 /* facility */
940 if (TLVP_PRESENT(&tp, GSM48_IE_FACILITY)) {
941 disc.fields |= MNCC_F_FACILITY;
942 gsm48_decode_facility(&disc.facility,
943 TLVP_VAL(&tp, GSM48_IE_FACILITY)-1);
944 }
945 /* user-user */
946 if (TLVP_PRESENT(&tp, GSM48_IE_USER_USER)) {
947 disc.fields |= MNCC_F_USERUSER;
948 gsm48_decode_useruser(&disc.useruser,
949 TLVP_VAL(&tp, GSM48_IE_USER_USER)-1);
950 }
951 /* ss-version */
952 if (TLVP_PRESENT(&tp, GSM48_IE_SS_VERS)) {
953 disc.fields |= MNCC_F_SSVERSION;
954 gsm48_decode_ssversion(&disc.ssversion,
955 TLVP_VAL(&tp, GSM48_IE_SS_VERS)-1);
956 }
957
958 return mncc_recvmsg(trans->net, trans, MNCC_DISC_IND, &disc);
959
960}
961
962static struct gsm_mncc_cause default_cause = {
963 .location = GSM48_CAUSE_LOC_PRN_S_LU,
964 .coding = 0,
965 .rec = 0,
966 .rec_val = 0,
967 .value = GSM48_CC_CAUSE_NORMAL_UNSPEC,
968 .diag_len = 0,
969 .diag = { 0 },
970};
971
972static int gsm48_cc_tx_disconnect(struct gsm_trans *trans, void *arg)
973{
974 struct gsm_mncc *disc = arg;
975 struct msgb *msg = gsm48_msgb_alloc_name("GSM 04.08 CC DISC");
976 struct gsm48_hdr *gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh));
977
978 gh->msg_type = GSM48_MT_CC_DISCONNECT;
979
980 gsm48_stop_cc_timer(trans);
981 gsm48_start_cc_timer(trans, 0x306, GSM48_T306);
982
983 /* cause */
984 if (disc->fields & MNCC_F_CAUSE)
985 gsm48_encode_cause(msg, 1, &disc->cause);
986 else
987 gsm48_encode_cause(msg, 1, &default_cause);
988
989 /* facility */
990 if (disc->fields & MNCC_F_FACILITY)
991 gsm48_encode_facility(msg, 0, &disc->facility);
992 /* progress */
993 if (disc->fields & MNCC_F_PROGRESS)
994 gsm48_encode_progress(msg, 0, &disc->progress);
995 /* user-user */
996 if (disc->fields & MNCC_F_USERUSER)
997 gsm48_encode_useruser(msg, 0, &disc->useruser);
998
999 /* store disconnect cause for T306 expiry */
1000 memcpy(&trans->cc.msg, disc, sizeof(struct gsm_mncc));
1001
1002 new_cc_state(trans, GSM_CSTATE_DISCONNECT_IND);
1003
1004 return gsm48_conn_sendmsg(msg, trans->conn, trans);
1005}
1006
1007static int gsm48_cc_rx_release(struct gsm_trans *trans, struct msgb *msg)
1008{
1009 struct gsm48_hdr *gh = msgb_l3(msg);
1010 unsigned int payload_len = msgb_l3len(msg) - sizeof(*gh);
1011 struct tlv_parsed tp;
1012 struct gsm_mncc rel;
1013 int rc;
1014
1015 gsm48_stop_cc_timer(trans);
1016
1017 memset(&rel, 0, sizeof(struct gsm_mncc));
1018 rel.callref = trans->callref;
1019 tlv_parse(&tp, &gsm48_att_tlvdef, gh->data, payload_len, 0, 0);
1020 /* cause */
1021 if (TLVP_PRESENT(&tp, GSM48_IE_CAUSE)) {
1022 rel.fields |= MNCC_F_CAUSE;
1023 gsm48_decode_cause(&rel.cause,
1024 TLVP_VAL(&tp, GSM48_IE_CAUSE)-1);
1025 }
1026 /* facility */
1027 if (TLVP_PRESENT(&tp, GSM48_IE_FACILITY)) {
1028 rel.fields |= MNCC_F_FACILITY;
1029 gsm48_decode_facility(&rel.facility,
1030 TLVP_VAL(&tp, GSM48_IE_FACILITY)-1);
1031 }
1032 /* user-user */
1033 if (TLVP_PRESENT(&tp, GSM48_IE_USER_USER)) {
1034 rel.fields |= MNCC_F_USERUSER;
1035 gsm48_decode_useruser(&rel.useruser,
1036 TLVP_VAL(&tp, GSM48_IE_USER_USER)-1);
1037 }
1038 /* ss-version */
1039 if (TLVP_PRESENT(&tp, GSM48_IE_SS_VERS)) {
1040 rel.fields |= MNCC_F_SSVERSION;
1041 gsm48_decode_ssversion(&rel.ssversion,
1042 TLVP_VAL(&tp, GSM48_IE_SS_VERS)-1);
1043 }
1044
1045 if (trans->cc.state == GSM_CSTATE_RELEASE_REQ) {
1046 /* release collision 5.4.5 */
1047 rc = mncc_recvmsg(trans->net, trans, MNCC_REL_CNF, &rel);
1048 } else {
1049 rc = gsm48_tx_simple(trans->conn,
1050 GSM48_PDISC_CC | (trans->transaction_id << 4),
1051 GSM48_MT_CC_RELEASE_COMPL);
1052 rc = mncc_recvmsg(trans->net, trans, MNCC_REL_IND, &rel);
1053 }
1054
1055 new_cc_state(trans, GSM_CSTATE_NULL);
1056
1057 trans->callref = 0;
1058 trans_free(trans);
1059
1060 return rc;
1061}
1062
1063static int gsm48_cc_tx_release(struct gsm_trans *trans, void *arg)
1064{
1065 struct gsm_mncc *rel = arg;
1066 struct msgb *msg = gsm48_msgb_alloc_name("GSM 04.08 CC REL");
1067 struct gsm48_hdr *gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh));
1068
1069 gh->msg_type = GSM48_MT_CC_RELEASE;
1070
1071 gsm48_stop_cc_timer(trans);
1072 gsm48_start_cc_timer(trans, 0x308, GSM48_T308);
1073
1074 /* cause */
1075 if (rel->fields & MNCC_F_CAUSE)
1076 gsm48_encode_cause(msg, 0, &rel->cause);
1077 /* facility */
1078 if (rel->fields & MNCC_F_FACILITY)
1079 gsm48_encode_facility(msg, 0, &rel->facility);
1080 /* user-user */
1081 if (rel->fields & MNCC_F_USERUSER)
1082 gsm48_encode_useruser(msg, 0, &rel->useruser);
1083
1084 trans->cc.T308_second = 0;
1085 memcpy(&trans->cc.msg, rel, sizeof(struct gsm_mncc));
1086
1087 if (trans->cc.state != GSM_CSTATE_RELEASE_REQ)
1088 new_cc_state(trans, GSM_CSTATE_RELEASE_REQ);
1089
1090 return gsm48_conn_sendmsg(msg, trans->conn, trans);
1091}
1092
1093static int gsm48_cc_rx_release_compl(struct gsm_trans *trans, struct msgb *msg)
1094{
1095 struct gsm48_hdr *gh = msgb_l3(msg);
1096 unsigned int payload_len = msgb_l3len(msg) - sizeof(*gh);
1097 struct tlv_parsed tp;
1098 struct gsm_mncc rel;
1099 int rc = 0;
1100
1101 gsm48_stop_cc_timer(trans);
1102
1103 memset(&rel, 0, sizeof(struct gsm_mncc));
1104 rel.callref = trans->callref;
1105 tlv_parse(&tp, &gsm48_att_tlvdef, gh->data, payload_len, 0, 0);
1106 /* cause */
1107 if (TLVP_PRESENT(&tp, GSM48_IE_CAUSE)) {
1108 rel.fields |= MNCC_F_CAUSE;
1109 gsm48_decode_cause(&rel.cause,
1110 TLVP_VAL(&tp, GSM48_IE_CAUSE)-1);
1111 }
1112 /* facility */
1113 if (TLVP_PRESENT(&tp, GSM48_IE_FACILITY)) {
1114 rel.fields |= MNCC_F_FACILITY;
1115 gsm48_decode_facility(&rel.facility,
1116 TLVP_VAL(&tp, GSM48_IE_FACILITY)-1);
1117 }
1118 /* user-user */
1119 if (TLVP_PRESENT(&tp, GSM48_IE_USER_USER)) {
1120 rel.fields |= MNCC_F_USERUSER;
1121 gsm48_decode_useruser(&rel.useruser,
1122 TLVP_VAL(&tp, GSM48_IE_USER_USER)-1);
1123 }
1124 /* ss-version */
1125 if (TLVP_PRESENT(&tp, GSM48_IE_SS_VERS)) {
1126 rel.fields |= MNCC_F_SSVERSION;
1127 gsm48_decode_ssversion(&rel.ssversion,
1128 TLVP_VAL(&tp, GSM48_IE_SS_VERS)-1);
1129 }
1130
1131 if (trans->callref) {
1132 switch (trans->cc.state) {
1133 case GSM_CSTATE_CALL_PRESENT:
1134 rc = mncc_recvmsg(trans->net, trans,
1135 MNCC_REJ_IND, &rel);
1136 break;
1137 case GSM_CSTATE_RELEASE_REQ:
1138 rc = mncc_recvmsg(trans->net, trans,
1139 MNCC_REL_CNF, &rel);
1140 break;
1141 default:
1142 rc = mncc_recvmsg(trans->net, trans,
1143 MNCC_REL_IND, &rel);
1144 }
1145 }
1146
1147 trans->callref = 0;
1148 trans_free(trans);
1149
1150 return rc;
1151}
1152
1153static int gsm48_cc_tx_release_compl(struct gsm_trans *trans, void *arg)
1154{
1155 struct gsm_mncc *rel = arg;
1156 struct msgb *msg = gsm48_msgb_alloc_name("GSM 04.08 CC REL COMPL");
1157 struct gsm48_hdr *gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh));
1158 int ret;
1159
1160 gh->msg_type = GSM48_MT_CC_RELEASE_COMPL;
1161
1162 trans->callref = 0;
1163
1164 gsm48_stop_cc_timer(trans);
1165
1166 /* cause */
1167 if (rel->fields & MNCC_F_CAUSE)
1168 gsm48_encode_cause(msg, 0, &rel->cause);
1169 /* facility */
1170 if (rel->fields & MNCC_F_FACILITY)
1171 gsm48_encode_facility(msg, 0, &rel->facility);
1172 /* user-user */
1173 if (rel->fields & MNCC_F_USERUSER)
1174 gsm48_encode_useruser(msg, 0, &rel->useruser);
1175
1176 ret = gsm48_conn_sendmsg(msg, trans->conn, trans);
1177
1178 trans_free(trans);
1179
1180 return ret;
1181}
1182
1183static int gsm48_cc_rx_facility(struct gsm_trans *trans, struct msgb *msg)
1184{
1185 struct gsm48_hdr *gh = msgb_l3(msg);
1186 unsigned int payload_len = msgb_l3len(msg) - sizeof(*gh);
1187 struct tlv_parsed tp;
1188 struct gsm_mncc fac;
1189
1190 memset(&fac, 0, sizeof(struct gsm_mncc));
1191 fac.callref = trans->callref;
1192 tlv_parse(&tp, &gsm48_att_tlvdef, gh->data, payload_len, GSM48_IE_FACILITY, 0);
1193 /* facility */
1194 if (TLVP_PRESENT(&tp, GSM48_IE_FACILITY)) {
1195 fac.fields |= MNCC_F_FACILITY;
1196 gsm48_decode_facility(&fac.facility,
1197 TLVP_VAL(&tp, GSM48_IE_FACILITY)-1);
1198 }
1199 /* ss-version */
1200 if (TLVP_PRESENT(&tp, GSM48_IE_SS_VERS)) {
1201 fac.fields |= MNCC_F_SSVERSION;
1202 gsm48_decode_ssversion(&fac.ssversion,
1203 TLVP_VAL(&tp, GSM48_IE_SS_VERS)-1);
1204 }
1205
1206 return mncc_recvmsg(trans->net, trans, MNCC_FACILITY_IND, &fac);
1207}
1208
1209static int gsm48_cc_tx_facility(struct gsm_trans *trans, void *arg)
1210{
1211 struct gsm_mncc *fac = arg;
1212 struct msgb *msg = gsm48_msgb_alloc_name("GSM 04.08 CC FAC");
1213 struct gsm48_hdr *gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh));
1214
1215 gh->msg_type = GSM48_MT_CC_FACILITY;
1216
1217 /* facility */
1218 gsm48_encode_facility(msg, 1, &fac->facility);
1219
1220 return gsm48_conn_sendmsg(msg, trans->conn, trans);
1221}
1222
1223static int gsm48_cc_rx_hold(struct gsm_trans *trans, struct msgb *msg)
1224{
1225 struct gsm_mncc hold;
1226
1227 memset(&hold, 0, sizeof(struct gsm_mncc));
1228 hold.callref = trans->callref;
1229 return mncc_recvmsg(trans->net, trans, MNCC_HOLD_IND, &hold);
1230}
1231
1232static int gsm48_cc_tx_hold_ack(struct gsm_trans *trans, void *arg)
1233{
1234 struct msgb *msg = gsm48_msgb_alloc_name("GSM 04.08 CC HLD ACK");
1235 struct gsm48_hdr *gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh));
1236
1237 gh->msg_type = GSM48_MT_CC_HOLD_ACK;
1238
1239 return gsm48_conn_sendmsg(msg, trans->conn, trans);
1240}
1241
1242static int gsm48_cc_tx_hold_rej(struct gsm_trans *trans, void *arg)
1243{
1244 struct gsm_mncc *hold_rej = arg;
1245 struct msgb *msg = gsm48_msgb_alloc_name("GSM 04.08 CC HLD REJ");
1246 struct gsm48_hdr *gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh));
1247
1248 gh->msg_type = GSM48_MT_CC_HOLD_REJ;
1249
1250 /* cause */
1251 if (hold_rej->fields & MNCC_F_CAUSE)
1252 gsm48_encode_cause(msg, 1, &hold_rej->cause);
1253 else
1254 gsm48_encode_cause(msg, 1, &default_cause);
1255
1256 return gsm48_conn_sendmsg(msg, trans->conn, trans);
1257}
1258
1259static int gsm48_cc_rx_retrieve(struct gsm_trans *trans, struct msgb *msg)
1260{
1261 struct gsm_mncc retrieve;
1262
1263 memset(&retrieve, 0, sizeof(struct gsm_mncc));
1264 retrieve.callref = trans->callref;
1265 return mncc_recvmsg(trans->net, trans, MNCC_RETRIEVE_IND,
1266 &retrieve);
1267}
1268
1269static int gsm48_cc_tx_retrieve_ack(struct gsm_trans *trans, void *arg)
1270{
1271 struct msgb *msg = gsm48_msgb_alloc_name("GSM 04.08 CC RETR ACK");
1272 struct gsm48_hdr *gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh));
1273
1274 gh->msg_type = GSM48_MT_CC_RETR_ACK;
1275
1276 return gsm48_conn_sendmsg(msg, trans->conn, trans);
1277}
1278
1279static int gsm48_cc_tx_retrieve_rej(struct gsm_trans *trans, void *arg)
1280{
1281 struct gsm_mncc *retrieve_rej = arg;
1282 struct msgb *msg = gsm48_msgb_alloc_name("GSM 04.08 CC RETR REJ");
1283 struct gsm48_hdr *gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh));
1284
1285 gh->msg_type = GSM48_MT_CC_RETR_REJ;
1286
1287 /* cause */
1288 if (retrieve_rej->fields & MNCC_F_CAUSE)
1289 gsm48_encode_cause(msg, 1, &retrieve_rej->cause);
1290 else
1291 gsm48_encode_cause(msg, 1, &default_cause);
1292
1293 return gsm48_conn_sendmsg(msg, trans->conn, trans);
1294}
1295
1296static int gsm48_cc_rx_start_dtmf(struct gsm_trans *trans, struct msgb *msg)
1297{
1298 struct gsm48_hdr *gh = msgb_l3(msg);
1299 unsigned int payload_len = msgb_l3len(msg) - sizeof(*gh);
1300 struct tlv_parsed tp;
1301 struct gsm_mncc dtmf;
1302
1303 memset(&dtmf, 0, sizeof(struct gsm_mncc));
1304 dtmf.callref = trans->callref;
1305 tlv_parse(&tp, &gsm48_att_tlvdef, gh->data, payload_len, 0, 0);
1306 /* keypad facility */
1307 if (TLVP_PRESENT(&tp, GSM48_IE_KPD_FACILITY)) {
1308 dtmf.fields |= MNCC_F_KEYPAD;
1309 gsm48_decode_keypad(&dtmf.keypad,
1310 TLVP_VAL(&tp, GSM48_IE_KPD_FACILITY)-1);
1311 }
1312
1313 return mncc_recvmsg(trans->net, trans, MNCC_START_DTMF_IND, &dtmf);
1314}
1315
1316static int gsm48_cc_tx_start_dtmf_ack(struct gsm_trans *trans, void *arg)
1317{
1318 struct gsm_mncc *dtmf = arg;
1319 struct msgb *msg = gsm48_msgb_alloc_name("GSM 04.08 DTMF ACK");
1320 struct gsm48_hdr *gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh));
1321
1322 gh->msg_type = GSM48_MT_CC_START_DTMF_ACK;
1323
1324 /* keypad */
1325 if (dtmf->fields & MNCC_F_KEYPAD)
1326 gsm48_encode_keypad(msg, dtmf->keypad);
1327
1328 return gsm48_conn_sendmsg(msg, trans->conn, trans);
1329}
1330
1331static int gsm48_cc_tx_start_dtmf_rej(struct gsm_trans *trans, void *arg)
1332{
1333 struct gsm_mncc *dtmf = arg;
1334 struct msgb *msg = gsm48_msgb_alloc_name("GSM 04.08 DTMF REJ");
1335 struct gsm48_hdr *gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh));
1336
1337 gh->msg_type = GSM48_MT_CC_START_DTMF_REJ;
1338
1339 /* cause */
1340 if (dtmf->fields & MNCC_F_CAUSE)
1341 gsm48_encode_cause(msg, 1, &dtmf->cause);
1342 else
1343 gsm48_encode_cause(msg, 1, &default_cause);
1344
1345 return gsm48_conn_sendmsg(msg, trans->conn, trans);
1346}
1347
1348static int gsm48_cc_tx_stop_dtmf_ack(struct gsm_trans *trans, void *arg)
1349{
1350 struct msgb *msg = gsm48_msgb_alloc_name("GSM 04.08 DTMF STP ACK");
1351 struct gsm48_hdr *gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh));
1352
1353 gh->msg_type = GSM48_MT_CC_STOP_DTMF_ACK;
1354
1355 return gsm48_conn_sendmsg(msg, trans->conn, trans);
1356}
1357
1358static int gsm48_cc_rx_stop_dtmf(struct gsm_trans *trans, struct msgb *msg)
1359{
1360 struct gsm_mncc dtmf;
1361
1362 memset(&dtmf, 0, sizeof(struct gsm_mncc));
1363 dtmf.callref = trans->callref;
1364
1365 return mncc_recvmsg(trans->net, trans, MNCC_STOP_DTMF_IND, &dtmf);
1366}
1367
1368static int gsm48_cc_rx_modify(struct gsm_trans *trans, struct msgb *msg)
1369{
1370 struct gsm48_hdr *gh = msgb_l3(msg);
1371 unsigned int payload_len = msgb_l3len(msg) - sizeof(*gh);
1372 struct tlv_parsed tp;
1373 struct gsm_mncc modify;
1374
1375 memset(&modify, 0, sizeof(struct gsm_mncc));
1376 modify.callref = trans->callref;
1377 tlv_parse(&tp, &gsm48_att_tlvdef, gh->data, payload_len, GSM48_IE_BEARER_CAP, 0);
1378 /* bearer capability */
1379 if (TLVP_PRESENT(&tp, GSM48_IE_BEARER_CAP)) {
1380 modify.fields |= MNCC_F_BEARER_CAP;
1381 gsm48_decode_bearer_cap(&modify.bearer_cap,
1382 TLVP_VAL(&tp, GSM48_IE_BEARER_CAP)-1);
1383
1384 /* Create a copy of the bearer capability
1385 * in the transaction struct, so we can use
1386 * this information later */
1387 memcpy(&trans->bearer_cap,&modify.bearer_cap,
1388 sizeof(trans->bearer_cap));
1389 }
1390
1391 new_cc_state(trans, GSM_CSTATE_MO_ORIG_MODIFY);
1392
1393 return mncc_recvmsg(trans->net, trans, MNCC_MODIFY_IND, &modify);
1394}
1395
1396static int gsm48_cc_tx_modify(struct gsm_trans *trans, void *arg)
1397{
1398 struct gsm_mncc *modify = arg;
1399 struct msgb *msg = gsm48_msgb_alloc_name("GSM 04.08 CC MOD");
1400 struct gsm48_hdr *gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh));
1401
1402 gh->msg_type = GSM48_MT_CC_MODIFY;
1403
1404 gsm48_start_cc_timer(trans, 0x323, GSM48_T323);
1405
1406 /* bearer capability */
1407 gsm48_encode_bearer_cap(msg, 1, &modify->bearer_cap);
1408 memcpy(&trans->bearer_cap, &modify->bearer_cap, sizeof(trans->bearer_cap));
1409
1410 new_cc_state(trans, GSM_CSTATE_MO_TERM_MODIFY);
1411
1412 return gsm48_conn_sendmsg(msg, trans->conn, trans);
1413}
1414
1415static int gsm48_cc_rx_modify_complete(struct gsm_trans *trans, struct msgb *msg)
1416{
1417 struct gsm48_hdr *gh = msgb_l3(msg);
1418 unsigned int payload_len = msgb_l3len(msg) - sizeof(*gh);
1419 struct tlv_parsed tp;
1420 struct gsm_mncc modify;
1421
1422 gsm48_stop_cc_timer(trans);
1423
1424 memset(&modify, 0, sizeof(struct gsm_mncc));
1425 modify.callref = trans->callref;
1426 tlv_parse(&tp, &gsm48_att_tlvdef, gh->data, payload_len, GSM48_IE_BEARER_CAP, 0);
1427 /* bearer capability */
1428 if (TLVP_PRESENT(&tp, GSM48_IE_BEARER_CAP)) {
1429 modify.fields |= MNCC_F_BEARER_CAP;
1430 gsm48_decode_bearer_cap(&modify.bearer_cap,
1431 TLVP_VAL(&tp, GSM48_IE_BEARER_CAP)-1);
1432
1433 /* Create a copy of the bearer capability
1434 * in the transaction struct, so we can use
1435 * this information later */
1436 memcpy(&trans->bearer_cap,&modify.bearer_cap,
1437 sizeof(trans->bearer_cap));
1438 }
1439
1440 new_cc_state(trans, GSM_CSTATE_ACTIVE);
1441
1442 return mncc_recvmsg(trans->net, trans, MNCC_MODIFY_CNF, &modify);
1443}
1444
1445static int gsm48_cc_tx_modify_complete(struct gsm_trans *trans, void *arg)
1446{
1447 struct gsm_mncc *modify = arg;
1448 struct msgb *msg = gsm48_msgb_alloc_name("GSM 04.08 CC MOD COMPL");
1449 struct gsm48_hdr *gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh));
1450
1451 gh->msg_type = GSM48_MT_CC_MODIFY_COMPL;
1452
1453 /* bearer capability */
1454 gsm48_encode_bearer_cap(msg, 1, &modify->bearer_cap);
1455 memcpy(&trans->bearer_cap, &modify->bearer_cap, sizeof(trans->bearer_cap));
1456
1457 new_cc_state(trans, GSM_CSTATE_ACTIVE);
1458
1459 return gsm48_conn_sendmsg(msg, trans->conn, trans);
1460}
1461
1462static int gsm48_cc_rx_modify_reject(struct gsm_trans *trans, struct msgb *msg)
1463{
1464 struct gsm48_hdr *gh = msgb_l3(msg);
1465 unsigned int payload_len = msgb_l3len(msg) - sizeof(*gh);
1466 struct tlv_parsed tp;
1467 struct gsm_mncc modify;
1468
1469 gsm48_stop_cc_timer(trans);
1470
1471 memset(&modify, 0, sizeof(struct gsm_mncc));
1472 modify.callref = trans->callref;
1473 tlv_parse(&tp, &gsm48_att_tlvdef, gh->data, payload_len, GSM48_IE_BEARER_CAP, GSM48_IE_CAUSE);
1474 /* bearer capability */
1475 if (TLVP_PRESENT(&tp, GSM48_IE_BEARER_CAP)) {
1476 modify.fields |= GSM48_IE_BEARER_CAP;
1477 gsm48_decode_bearer_cap(&modify.bearer_cap,
1478 TLVP_VAL(&tp, GSM48_IE_BEARER_CAP)-1);
1479
1480 /* Create a copy of the bearer capability
1481 * in the transaction struct, so we can use
1482 * this information later */
1483 memcpy(&trans->bearer_cap,&modify.bearer_cap,
1484 sizeof(trans->bearer_cap));
1485 }
1486 /* cause */
1487 if (TLVP_PRESENT(&tp, GSM48_IE_CAUSE)) {
1488 modify.fields |= MNCC_F_CAUSE;
1489 gsm48_decode_cause(&modify.cause,
1490 TLVP_VAL(&tp, GSM48_IE_CAUSE)-1);
1491 }
1492
1493 new_cc_state(trans, GSM_CSTATE_ACTIVE);
1494
1495 return mncc_recvmsg(trans->net, trans, MNCC_MODIFY_REJ, &modify);
1496}
1497
1498static int gsm48_cc_tx_modify_reject(struct gsm_trans *trans, void *arg)
1499{
1500 struct gsm_mncc *modify = arg;
1501 struct msgb *msg = gsm48_msgb_alloc_name("GSM 04.08 CC MOD REJ");
1502 struct gsm48_hdr *gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh));
1503
1504 gh->msg_type = GSM48_MT_CC_MODIFY_REJECT;
1505
1506 /* bearer capability */
1507 gsm48_encode_bearer_cap(msg, 1, &modify->bearer_cap);
1508 memcpy(&trans->bearer_cap, &modify->bearer_cap, sizeof(trans->bearer_cap));
1509 /* cause */
1510 gsm48_encode_cause(msg, 1, &modify->cause);
1511
1512 new_cc_state(trans, GSM_CSTATE_ACTIVE);
1513
1514 return gsm48_conn_sendmsg(msg, trans->conn, trans);
1515}
1516
1517static int gsm48_cc_tx_notify(struct gsm_trans *trans, void *arg)
1518{
1519 struct gsm_mncc *notify = arg;
1520 struct msgb *msg = gsm48_msgb_alloc_name("GSM 04.08 CC NOT");
1521 struct gsm48_hdr *gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh));
1522
1523 gh->msg_type = GSM48_MT_CC_NOTIFY;
1524
1525 /* notify */
1526 gsm48_encode_notify(msg, notify->notify);
1527
1528 return gsm48_conn_sendmsg(msg, trans->conn, trans);
1529}
1530
1531static int gsm48_cc_rx_notify(struct gsm_trans *trans, struct msgb *msg)
1532{
1533 struct gsm48_hdr *gh = msgb_l3(msg);
1534 unsigned int payload_len = msgb_l3len(msg) - sizeof(*gh);
1535// struct tlv_parsed tp;
1536 struct gsm_mncc notify;
1537
1538 memset(&notify, 0, sizeof(struct gsm_mncc));
1539 notify.callref = trans->callref;
1540// tlv_parse(&tp, &gsm48_att_tlvdef, gh->data, payload_len);
1541 if (payload_len >= 1)
1542 gsm48_decode_notify(&notify.notify, gh->data);
1543
1544 return mncc_recvmsg(trans->net, trans, MNCC_NOTIFY_IND, &notify);
1545}
1546
1547static int gsm48_cc_tx_userinfo(struct gsm_trans *trans, void *arg)
1548{
1549 struct gsm_mncc *user = arg;
1550 struct msgb *msg = gsm48_msgb_alloc_name("GSM 04.08 USR INFO");
1551 struct gsm48_hdr *gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh));
1552
1553 gh->msg_type = GSM48_MT_CC_USER_INFO;
1554
1555 /* user-user */
1556 if (user->fields & MNCC_F_USERUSER)
1557 gsm48_encode_useruser(msg, 1, &user->useruser);
1558 /* more data */
1559 if (user->more)
1560 gsm48_encode_more(msg);
1561
1562 return gsm48_conn_sendmsg(msg, trans->conn, trans);
1563}
1564
1565static int gsm48_cc_rx_userinfo(struct gsm_trans *trans, struct msgb *msg)
1566{
1567 struct gsm48_hdr *gh = msgb_l3(msg);
1568 unsigned int payload_len = msgb_l3len(msg) - sizeof(*gh);
1569 struct tlv_parsed tp;
1570 struct gsm_mncc user;
1571
1572 memset(&user, 0, sizeof(struct gsm_mncc));
1573 user.callref = trans->callref;
1574 tlv_parse(&tp, &gsm48_att_tlvdef, gh->data, payload_len, GSM48_IE_USER_USER, 0);
1575 /* user-user */
1576 if (TLVP_PRESENT(&tp, GSM48_IE_USER_USER)) {
1577 user.fields |= MNCC_F_USERUSER;
1578 gsm48_decode_useruser(&user.useruser,
1579 TLVP_VAL(&tp, GSM48_IE_USER_USER)-1);
1580 }
1581 /* more data */
1582 if (TLVP_PRESENT(&tp, GSM48_IE_MORE_DATA))
1583 user.more = 1;
1584
1585 return mncc_recvmsg(trans->net, trans, MNCC_USERINFO_IND, &user);
1586}
1587
1588static void mncc_recv_rtp(struct gsm_network *net, uint32_t callref,
1589 int cmd, uint32_t addr, uint16_t port, uint32_t payload_type,
1590 uint32_t payload_msg_type)
1591{
1592 uint8_t data[sizeof(struct gsm_mncc)];
1593 struct gsm_mncc_rtp *rtp;
1594
1595 memset(&data, 0, sizeof(data));
1596 rtp = (struct gsm_mncc_rtp *) &data[0];
1597
1598 rtp->callref = callref;
1599 rtp->msg_type = cmd;
1600 rtp->ip = addr;
1601 rtp->port = port;
1602 rtp->payload_type = payload_type;
1603 rtp->payload_msg_type = payload_msg_type;
1604 mncc_recvmsg(net, NULL, cmd, (struct gsm_mncc *)data);
1605}
1606
1607static void mncc_recv_rtp_sock(struct gsm_network *net, struct gsm_trans *trans, int cmd)
1608{
1609 int msg_type;
1610
1611 /* FIXME This has to be set to some meaningful value.
1612 * Possible options are:
1613 * GSM_TCHF_FRAME, GSM_TCHF_FRAME_EFR,
1614 * GSM_TCHH_FRAME, GSM_TCH_FRAME_AMR
1615 * (0 if unknown) */
1616 msg_type = GSM_TCHF_FRAME;
1617
1618 uint32_t addr = inet_addr(trans->conn->rtp.local_addr_cn);
1619 uint16_t port = trans->conn->rtp.local_port_cn;
1620
1621 LOGP(DMNCC, LOGL_ERROR, "RTP create for non-existing trans\n");
1622
1623 if (addr == INADDR_NONE) {
1624 LOGP(DMNCC, LOGL_ERROR,
1625 "(subscriber:%s) external MNCC is signalling invalid IP-Address\n",
1626 vlr_subscr_name(trans->vsub));
1627 return;
1628 }
1629 if (port == 0) {
1630 LOGP(DMNCC, LOGL_ERROR,
1631 "(subscriber:%s) external MNCC is signalling invalid Port\n",
1632 vlr_subscr_name(trans->vsub));
1633 return;
1634 }
1635
1636 /* FIXME: This has to be set to some meaningful value,
1637 * before the MSC-Split, this value was pulled from
1638 * lchan->abis_ip.rtp_payload */
1639 uint32_t payload_type = 0;
1640
1641 return mncc_recv_rtp(net, trans->callref, cmd,
1642 addr,
1643 port,
1644 payload_type,
1645 msg_type);
1646}
1647
1648static void mncc_recv_rtp_err(struct gsm_network *net, uint32_t callref, int cmd)
1649{
1650 return mncc_recv_rtp(net, callref, cmd, 0, 0, 0, 0);
1651}
1652
1653static int tch_rtp_create(struct gsm_network *net, uint32_t callref)
1654{
1655 struct gsm_trans *trans;
1656 int rc;
1657
1658 /* Find callref */
1659 trans = trans_find_by_callref(net, callref);
1660 if (!trans) {
1661 LOGP(DMNCC, LOGL_ERROR, "RTP create for non-existing trans\n");
1662 mncc_recv_rtp_err(net, callref, MNCC_RTP_CREATE);
1663 return -EIO;
1664 }
1665 log_set_context(LOG_CTX_VLR_SUBSCR, trans->vsub);
1666 if (!trans->conn) {
1667 LOGP(DMNCC, LOGL_NOTICE, "RTP create for trans without conn\n");
1668 mncc_recv_rtp_err(net, callref, MNCC_RTP_CREATE);
1669 return 0;
1670 }
1671
1672 trans->conn->mncc_rtp_bridge = 1;
1673
1674 /* When we call msc_mgcp_call_assignment() we will trigger, depending
1675 * on the RAN type the call assignment on the A or Iu interface.
1676 * msc_mgcp_call_assignment() also takes care about sending the CRCX
1677 * command to the MGCP-GW. The CRCX will return the port number,
1678 * where the PBX (e.g. Asterisk) will send its RTP stream to. We
1679 * have to return this port number back to the MNCC by sending
1680 * it back with the TCH_RTP_CREATE message. To make sure that
1681 * this message is sent AFTER the response to CRCX from the
1682 * MGCP-GW has arrived, we need will instruct msc_mgcp_call_assignment()
1683 * to take care of this by setting trans->tch_rtp_create to true.
1684 * This will make sure that gsm48_tch_rtp_create() (below) is
1685 * called as soon as the local port number has become known. */
1686 trans->tch_rtp_create = true;
1687
1688 /* Assign call (if not done yet) */
1689 if (trans->assignment_done == false) {
1690 rc = msc_mgcp_call_assignment(trans);
1691 trans->assignment_done = true;
1692 }
1693 else
1694 rc = 0;
1695
1696 return rc;
1697}
1698
1699/* Trigger TCH_RTP_CREATE acknowledgement */
1700int gsm48_tch_rtp_create(struct gsm_trans *trans)
1701{
1702 /* This function is called as soon as the port, on which the
1703 * mgcp-gw expects the incoming RTP stream from the remote
1704 * end (e.g. Asterisk) is known. */
1705
1706 struct gsm_subscriber_connection *conn = trans->conn;
1707 struct gsm_network *network = conn->network;
1708
1709 mncc_recv_rtp_sock(network, trans, MNCC_RTP_CREATE);
1710 return 0;
1711}
1712
1713static int tch_rtp_connect(struct gsm_network *net, void *arg)
1714{
1715 struct gsm_trans *trans;
1716 struct gsm_mncc_rtp *rtp = arg;
1717 struct in_addr addr;
1718
1719 /* Find callref */
1720 trans = trans_find_by_callref(net, rtp->callref);
1721 if (!trans) {
1722 LOGP(DMNCC, LOGL_ERROR, "RTP connect for non-existing trans\n");
1723 mncc_recv_rtp_err(net, rtp->callref, MNCC_RTP_CONNECT);
1724 return -EIO;
1725 }
1726 log_set_context(LOG_CTX_VLR_SUBSCR, trans->vsub);
1727 if (!trans->conn) {
1728 LOGP(DMNCC, LOGL_ERROR, "RTP connect for trans without conn\n");
1729 mncc_recv_rtp_err(net, rtp->callref, MNCC_RTP_CONNECT);
1730 return 0;
1731 }
1732
1733 addr.s_addr = osmo_htonl(rtp->ip);
1734 return msc_mgcp_call_complete(trans, rtp->port, inet_ntoa(addr));
1735}
1736
1737static struct downstate {
1738 uint32_t states;
1739 int type;
1740 int (*rout) (struct gsm_trans *trans, void *arg);
1741} downstatelist[] = {
1742 /* mobile originating call establishment */
1743 {SBIT(GSM_CSTATE_INITIATED), /* 5.2.1.2 */
1744 MNCC_CALL_PROC_REQ, gsm48_cc_tx_call_proc_and_assign},
1745 {SBIT(GSM_CSTATE_INITIATED) | SBIT(GSM_CSTATE_MO_CALL_PROC), /* 5.2.1.2 | 5.2.1.5 */
1746 MNCC_ALERT_REQ, gsm48_cc_tx_alerting},
1747 {SBIT(GSM_CSTATE_INITIATED) | SBIT(GSM_CSTATE_MO_CALL_PROC) | SBIT(GSM_CSTATE_CALL_DELIVERED), /* 5.2.1.2 | 5.2.1.6 | 5.2.1.6 */
1748 MNCC_SETUP_RSP, gsm48_cc_tx_connect},
1749 {SBIT(GSM_CSTATE_MO_CALL_PROC), /* 5.2.1.4.2 */
1750 MNCC_PROGRESS_REQ, gsm48_cc_tx_progress},
1751 /* mobile terminating call establishment */
1752 {SBIT(GSM_CSTATE_NULL), /* 5.2.2.1 */
1753 MNCC_SETUP_REQ, gsm48_cc_tx_setup},
1754 {SBIT(GSM_CSTATE_CONNECT_REQUEST),
1755 MNCC_SETUP_COMPL_REQ, gsm48_cc_tx_connect_ack},
1756 /* signalling during call */
1757 {SBIT(GSM_CSTATE_ACTIVE),
1758 MNCC_NOTIFY_REQ, gsm48_cc_tx_notify},
1759 {ALL_STATES - SBIT(GSM_CSTATE_NULL) - SBIT(GSM_CSTATE_RELEASE_REQ),
1760 MNCC_FACILITY_REQ, gsm48_cc_tx_facility},
1761 {ALL_STATES,
1762 MNCC_START_DTMF_RSP, gsm48_cc_tx_start_dtmf_ack},
1763 {ALL_STATES,
1764 MNCC_START_DTMF_REJ, gsm48_cc_tx_start_dtmf_rej},
1765 {ALL_STATES,
1766 MNCC_STOP_DTMF_RSP, gsm48_cc_tx_stop_dtmf_ack},
1767 {SBIT(GSM_CSTATE_ACTIVE),
1768 MNCC_HOLD_CNF, gsm48_cc_tx_hold_ack},
1769 {SBIT(GSM_CSTATE_ACTIVE),
1770 MNCC_HOLD_REJ, gsm48_cc_tx_hold_rej},
1771 {SBIT(GSM_CSTATE_ACTIVE),
1772 MNCC_RETRIEVE_CNF, gsm48_cc_tx_retrieve_ack},
1773 {SBIT(GSM_CSTATE_ACTIVE),
1774 MNCC_RETRIEVE_REJ, gsm48_cc_tx_retrieve_rej},
1775 {SBIT(GSM_CSTATE_ACTIVE),
1776 MNCC_MODIFY_REQ, gsm48_cc_tx_modify},
1777 {SBIT(GSM_CSTATE_MO_ORIG_MODIFY),
1778 MNCC_MODIFY_RSP, gsm48_cc_tx_modify_complete},
1779 {SBIT(GSM_CSTATE_MO_ORIG_MODIFY),
1780 MNCC_MODIFY_REJ, gsm48_cc_tx_modify_reject},
1781 {SBIT(GSM_CSTATE_ACTIVE),
1782 MNCC_USERINFO_REQ, gsm48_cc_tx_userinfo},
1783 /* clearing */
1784 {SBIT(GSM_CSTATE_INITIATED),
1785 MNCC_REJ_REQ, gsm48_cc_tx_release_compl},
1786 {ALL_STATES - SBIT(GSM_CSTATE_NULL) - SBIT(GSM_CSTATE_DISCONNECT_IND) - SBIT(GSM_CSTATE_RELEASE_REQ) - SBIT(GSM_CSTATE_DISCONNECT_REQ), /* 5.4.4 */
1787 MNCC_DISC_REQ, gsm48_cc_tx_disconnect},
1788 {ALL_STATES - SBIT(GSM_CSTATE_NULL) - SBIT(GSM_CSTATE_RELEASE_REQ), /* 5.4.3.2 */
1789 MNCC_REL_REQ, gsm48_cc_tx_release},
1790};
1791
1792#define DOWNSLLEN \
1793 (sizeof(downstatelist) / sizeof(struct downstate))
1794
1795
1796int mncc_tx_to_cc(struct gsm_network *net, int msg_type, void *arg)
1797{
1798 int i, rc = 0;
1799 struct gsm_trans *trans = NULL, *transt;
1800 struct gsm_subscriber_connection *conn = NULL;
1801 struct gsm_mncc *data = arg, rel;
1802
1803 DEBUGP(DMNCC, "receive message %s\n", get_mncc_name(msg_type));
1804
1805 /* handle special messages */
1806 switch(msg_type) {
1807 case MNCC_BRIDGE:
1808 rc = tch_bridge(net, arg);
1809 if (rc < 0)
1810 disconnect_bridge(net, arg, -rc);
1811 return rc;
1812 case MNCC_RTP_CREATE:
1813 return tch_rtp_create(net, data->callref);
1814 case MNCC_RTP_CONNECT:
1815 return tch_rtp_connect(net, arg);
1816 case MNCC_RTP_FREE:
1817 /* unused right now */
1818 return -EIO;
1819
1820 case MNCC_FRAME_DROP:
1821 case MNCC_FRAME_RECV:
1822 case GSM_TCHF_FRAME:
1823 case GSM_TCHF_FRAME_EFR:
1824 case GSM_TCHH_FRAME:
1825 case GSM_TCH_FRAME_AMR:
1826 LOGP(DMNCC, LOGL_ERROR, "RTP streams must be handled externally; %s not supported.\n",
1827 get_mncc_name(msg_type));
1828 return -ENOTSUP;
1829 }
1830
1831 memset(&rel, 0, sizeof(struct gsm_mncc));
1832 rel.callref = data->callref;
1833
1834 /* Find callref */
1835 trans = trans_find_by_callref(net, data->callref);
1836
1837 /* Callref unknown */
1838 if (!trans) {
1839 struct vlr_subscr *vsub;
1840
1841 if (msg_type != MNCC_SETUP_REQ) {
1842 DEBUGP(DCC, "(bts - trx - ts - ti -- sub %s) "
1843 "Received '%s' from MNCC with "
1844 "unknown callref %d\n", data->called.number,
1845 get_mncc_name(msg_type), data->callref);
1846 /* Invalid call reference */
1847 return mncc_release_ind(net, NULL, data->callref,
1848 GSM48_CAUSE_LOC_PRN_S_LU,
1849 GSM48_CC_CAUSE_INVAL_TRANS_ID);
1850 }
1851 if (!data->called.number[0] && !data->imsi[0]) {
1852 DEBUGP(DCC, "(bts - trx - ts - ti) "
1853 "Received '%s' from MNCC with "
1854 "no number or IMSI\n", get_mncc_name(msg_type));
1855 /* Invalid number */
1856 return mncc_release_ind(net, NULL, data->callref,
1857 GSM48_CAUSE_LOC_PRN_S_LU,
1858 GSM48_CC_CAUSE_INV_NR_FORMAT);
1859 }
1860 /* New transaction due to setup, find subscriber */
1861 if (data->called.number[0])
1862 vsub = vlr_subscr_find_by_msisdn(net->vlr,
1863 data->called.number);
1864 else
1865 vsub = vlr_subscr_find_by_imsi(net->vlr, data->imsi);
1866
1867 /* update the subscriber we deal with */
1868 log_set_context(LOG_CTX_VLR_SUBSCR, vsub);
1869
1870 /* If subscriber is not found */
1871 if (!vsub) {
1872 DEBUGP(DCC, "(bts - trx - ts - ti -- sub %s) "
1873 "Received '%s' from MNCC with "
1874 "unknown subscriber %s\n", data->called.number,
1875 get_mncc_name(msg_type), data->called.number);
1876 /* Unknown subscriber */
1877 return mncc_release_ind(net, NULL, data->callref,
1878 GSM48_CAUSE_LOC_PRN_S_LU,
1879 GSM48_CC_CAUSE_UNASSIGNED_NR);
1880 }
1881 /* If subscriber is not "attached" */
1882 if (!vsub->lac) {
1883 DEBUGP(DCC, "(bts - trx - ts - ti -- sub %s) "
1884 "Received '%s' from MNCC with "
1885 "detached subscriber %s\n", data->called.number,
1886 get_mncc_name(msg_type), vlr_subscr_name(vsub));
1887 vlr_subscr_put(vsub);
1888 /* Temporarily out of order */
1889 return mncc_release_ind(net, NULL, data->callref,
1890 GSM48_CAUSE_LOC_PRN_S_LU,
1891 GSM48_CC_CAUSE_DEST_OOO);
1892 }
1893 /* Create transaction */
1894 trans = trans_alloc(net, vsub, GSM48_PDISC_CC, 0xff, data->callref);
1895 if (!trans) {
1896 DEBUGP(DCC, "No memory for trans.\n");
1897 vlr_subscr_put(vsub);
1898 /* Ressource unavailable */
1899 mncc_release_ind(net, NULL, data->callref,
1900 GSM48_CAUSE_LOC_PRN_S_LU,
1901 GSM48_CC_CAUSE_RESOURCE_UNAVAIL);
1902 return -ENOMEM;
1903 }
1904
1905 /* Find conn */
1906 conn = connection_for_subscr(vsub);
1907
1908 /* If subscriber has no conn */
1909 if (!conn) {
1910 /* find transaction with this subscriber already paging */
1911 llist_for_each_entry(transt, &net->trans_list, entry) {
1912 /* Transaction of our conn? */
1913 if (transt == trans ||
1914 transt->vsub != vsub)
1915 continue;
1916 DEBUGP(DCC, "(bts - trx - ts - ti -- sub %s) "
1917 "Received '%s' from MNCC with "
1918 "unallocated channel, paging already "
1919 "started for lac %d.\n",
1920 data->called.number,
1921 get_mncc_name(msg_type), vsub->lac);
1922 vlr_subscr_put(vsub);
1923 trans_free(trans);
1924 return 0;
1925 }
1926 /* store setup information until paging succeeds */
1927 memcpy(&trans->cc.msg, data, sizeof(struct gsm_mncc));
1928
1929 /* Request a channel */
1930 trans->paging_request = subscr_request_conn(
1931 vsub,
1932 setup_trig_pag_evt,
1933 trans,
1934 "MNCC: establish call");
1935 if (!trans->paging_request) {
1936 LOGP(DCC, LOGL_ERROR, "Failed to allocate paging token.\n");
1937 vlr_subscr_put(vsub);
1938 trans_free(trans);
1939 return 0;
1940 }
1941 vlr_subscr_put(vsub);
1942 return 0;
1943 }
1944
1945 /* Assign conn */
1946 trans->conn = msc_subscr_conn_get(conn, MSC_CONN_USE_TRANS_CC);
1947 trans->dlci = 0x00; /* SAPI=0, not SACCH */
1948 vlr_subscr_put(vsub);
1949 } else {
1950 /* update the subscriber we deal with */
1951 log_set_context(LOG_CTX_VLR_SUBSCR, trans->vsub);
1952 }
1953
1954 if (trans->conn)
1955 conn = trans->conn;
1956
1957 /* if paging did not respond yet */
1958 if (!conn) {
1959 DEBUGP(DCC, "(sub %s) "
1960 "Received '%s' from MNCC in paging state\n",
1961 vlr_subscr_msisdn_or_name(trans->vsub),
1962 get_mncc_name(msg_type));
1963 mncc_set_cause(&rel, GSM48_CAUSE_LOC_PRN_S_LU,
1964 GSM48_CC_CAUSE_NORM_CALL_CLEAR);
1965 if (msg_type == MNCC_REL_REQ)
1966 rc = mncc_recvmsg(net, trans, MNCC_REL_CNF, &rel);
1967 else
1968 rc = mncc_recvmsg(net, trans, MNCC_REL_IND, &rel);
1969 trans->callref = 0;
1970 trans_free(trans);
1971 return rc;
1972 } else {
1973 DEBUGP(DCC, "(ti %02x sub %s) "
1974 "Received '%s' from MNCC in state %d (%s)\n",
1975 trans->transaction_id,
1976 vlr_subscr_msisdn_or_name(trans->conn->vsub),
1977 get_mncc_name(msg_type), trans->cc.state,
1978 gsm48_cc_state_name(trans->cc.state));
1979 }
1980
1981 /* Find function for current state and message */
1982 for (i = 0; i < DOWNSLLEN; i++)
1983 if ((msg_type == downstatelist[i].type)
1984 && ((1 << trans->cc.state) & downstatelist[i].states))
1985 break;
1986 if (i == DOWNSLLEN) {
1987 DEBUGP(DCC, "Message unhandled at this state.\n");
1988 return 0;
1989 }
1990
1991 rc = downstatelist[i].rout(trans, arg);
1992
1993 return rc;
1994}
1995
1996
1997static struct datastate {
1998 uint32_t states;
1999 int type;
2000 int (*rout) (struct gsm_trans *trans, struct msgb *msg);
2001} datastatelist[] = {
2002 /* mobile originating call establishment */
2003 {SBIT(GSM_CSTATE_NULL), /* 5.2.1.2 */
2004 GSM48_MT_CC_SETUP, gsm48_cc_rx_setup},
2005 {SBIT(GSM_CSTATE_NULL), /* 5.2.1.2 */
2006 GSM48_MT_CC_EMERG_SETUP, gsm48_cc_rx_setup},
2007 {SBIT(GSM_CSTATE_CONNECT_IND), /* 5.2.1.2 */
2008 GSM48_MT_CC_CONNECT_ACK, gsm48_cc_rx_connect_ack},
2009 /* mobile terminating call establishment */
2010 {SBIT(GSM_CSTATE_CALL_PRESENT), /* 5.2.2.3.2 */
2011 GSM48_MT_CC_CALL_CONF, gsm48_cc_rx_call_conf},
2012 {SBIT(GSM_CSTATE_CALL_PRESENT) | SBIT(GSM_CSTATE_MO_TERM_CALL_CONF), /* ???? | 5.2.2.3.2 */
2013 GSM48_MT_CC_ALERTING, gsm48_cc_rx_alerting},
2014 {SBIT(GSM_CSTATE_CALL_PRESENT) | SBIT(GSM_CSTATE_MO_TERM_CALL_CONF) | SBIT(GSM_CSTATE_CALL_RECEIVED), /* (5.2.2.6) | 5.2.2.6 | 5.2.2.6 */
2015 GSM48_MT_CC_CONNECT, gsm48_cc_rx_connect},
2016 /* signalling during call */
2017 {ALL_STATES - SBIT(GSM_CSTATE_NULL),
2018 GSM48_MT_CC_FACILITY, gsm48_cc_rx_facility},
2019 {SBIT(GSM_CSTATE_ACTIVE),
2020 GSM48_MT_CC_NOTIFY, gsm48_cc_rx_notify},
2021 {ALL_STATES,
2022 GSM48_MT_CC_START_DTMF, gsm48_cc_rx_start_dtmf},
2023 {ALL_STATES,
2024 GSM48_MT_CC_STOP_DTMF, gsm48_cc_rx_stop_dtmf},
2025 {ALL_STATES,
2026 GSM48_MT_CC_STATUS_ENQ, gsm48_cc_rx_status_enq},
2027 {SBIT(GSM_CSTATE_ACTIVE),
2028 GSM48_MT_CC_HOLD, gsm48_cc_rx_hold},
2029 {SBIT(GSM_CSTATE_ACTIVE),
2030 GSM48_MT_CC_RETR, gsm48_cc_rx_retrieve},
2031 {SBIT(GSM_CSTATE_ACTIVE),
2032 GSM48_MT_CC_MODIFY, gsm48_cc_rx_modify},
2033 {SBIT(GSM_CSTATE_MO_TERM_MODIFY),
2034 GSM48_MT_CC_MODIFY_COMPL, gsm48_cc_rx_modify_complete},
2035 {SBIT(GSM_CSTATE_MO_TERM_MODIFY),
2036 GSM48_MT_CC_MODIFY_REJECT, gsm48_cc_rx_modify_reject},
2037 {SBIT(GSM_CSTATE_ACTIVE),
2038 GSM48_MT_CC_USER_INFO, gsm48_cc_rx_userinfo},
2039 /* clearing */
2040 {ALL_STATES - SBIT(GSM_CSTATE_NULL) - SBIT(GSM_CSTATE_RELEASE_REQ), /* 5.4.3.2 */
2041 GSM48_MT_CC_DISCONNECT, gsm48_cc_rx_disconnect},
2042 {ALL_STATES - SBIT(GSM_CSTATE_NULL), /* 5.4.4.1.2.2 */
2043 GSM48_MT_CC_RELEASE, gsm48_cc_rx_release},
2044 {ALL_STATES, /* 5.4.3.4 */
2045 GSM48_MT_CC_RELEASE_COMPL, gsm48_cc_rx_release_compl},
2046};
2047
2048#define DATASLLEN \
2049 (sizeof(datastatelist) / sizeof(struct datastate))
2050
2051int gsm0408_rcv_cc(struct gsm_subscriber_connection *conn, struct msgb *msg)
2052{
2053 struct gsm48_hdr *gh = msgb_l3(msg);
2054 uint8_t msg_type = gsm48_hdr_msg_type(gh);
2055 uint8_t transaction_id = gsm48_hdr_trans_id_flip_ti(gh);
2056 struct gsm_trans *trans = NULL;
2057 int i, rc = 0;
2058
2059 if (msg_type & 0x80) {
2060 DEBUGP(DCC, "MSG 0x%2x not defined for PD error\n", msg_type);
2061 return -EINVAL;
2062 }
2063
2064 if (!conn->vsub) {
2065 LOGP(DCC, LOGL_ERROR, "Invalid conn: no subscriber\n");
2066 return -EINVAL;
2067 }
2068
2069 /* Find transaction */
2070 trans = trans_find_by_id(conn, GSM48_PDISC_CC, transaction_id);
2071
2072#if BEFORE_MSCSPLIT
2073 /* Re-enable this log output once we can obtain this information via
2074 * A-interface, see OS#2391. */
2075 DEBUGP(DCC, "(bts %d trx %d ts %d ti %x sub %s) "
2076 "Received '%s' from MS in state %d (%s)\n",
2077 conn->bts->nr, conn->lchan->ts->trx->nr, conn->lchan->ts->nr,
2078 transaction_id, vlr_subscr_msisdn_or_name(conn->vsub),
2079 gsm48_cc_msg_name(msg_type), trans?(trans->cc.state):0,
2080 gsm48_cc_state_name(trans?(trans->cc.state):0));
2081#endif
2082
2083 /* Create transaction */
2084 if (!trans) {
2085 DEBUGP(DCC, "Unknown transaction ID %x, "
2086 "creating new trans.\n", transaction_id);
2087 /* Create transaction */
2088 trans = trans_alloc(conn->network, conn->vsub,
2089 GSM48_PDISC_CC,
2090 transaction_id, new_callref++);
2091 if (!trans) {
2092 DEBUGP(DCC, "No memory for trans.\n");
2093 rc = gsm48_tx_simple(conn,
2094 GSM48_PDISC_CC | (transaction_id << 4),
2095 GSM48_MT_CC_RELEASE_COMPL);
2096 return -ENOMEM;
2097 }
2098 /* Assign transaction */
2099 trans->conn = msc_subscr_conn_get(conn, MSC_CONN_USE_TRANS_CC);
2100 trans->dlci = OMSC_LINKID_CB(msg); /* DLCI as received from BSC */
2101 cm_service_request_concludes(conn, msg);
2102 }
2103
2104 /* find function for current state and message */
2105 for (i = 0; i < DATASLLEN; i++)
2106 if ((msg_type == datastatelist[i].type)
2107 && ((1 << trans->cc.state) & datastatelist[i].states))
2108 break;
2109 if (i == DATASLLEN) {
2110 DEBUGP(DCC, "Message unhandled at this state.\n");
2111 return 0;
2112 }
2113
2114 assert(trans->vsub);
2115
2116 rc = datastatelist[i].rout(trans, msg);
2117
2118 msc_subscr_conn_communicating(conn);
2119 return rc;
2120}