Gitiles
Code Review Sign In
gerrit.osmocom.org / osmo-msc / 6710670cb14a6bafb8c708e0ec673428a36a92bd / . / src / libmsc / msc_a.c
blob: daa5bc7f1225b2e43e98f2639676d981d132f1be [file] [log] [blame]
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1/* Code to manage a subscriber's MSC-A role */
2/*
3 * (C) 2019 by sysmocom - s.m.f.c. GmbH <info@sysmocom.de>
4 * All Rights Reserved
5 *
6 * SPDX-License-Identifier: AGPL-3.0+
7 *
8 * Author: Neels Hofmeyr
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU Affero General Public License as published by
12 * the Free Software Foundation; either version 3 of the License, or
13 * (at your option) any later version.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU Affero General Public License for more details.
19 *
20 * You should have received a copy of the GNU Affero General Public License
21 * along with this program. If not, see <http://www.gnu.org/licenses/>.
22 */
23
24#include <osmocom/core/utils.h>
25#include <osmocom/core/tdef.h>
26#include <osmocom/core/rate_ctr.h>
27#include <osmocom/core/signal.h>
28
29#include <osmocom/msc/gsm_data.h>
30#include <osmocom/msc/msc_roles.h>
31#include <osmocom/msc/msub.h>
32#include <osmocom/msc/msc_a.h>
33#include <osmocom/msc/msc_t.h>
34#include <osmocom/msc/msc_i.h>
35#include <osmocom/msc/paging.h>
36#include <osmocom/msc/signal.h>
37#include <osmocom/msc/vlr.h>
38#include <osmocom/msc/transaction.h>
39#include <osmocom/msc/ran_peer.h>
40#include <osmocom/msc/ran_msg_a.h>
41#include <osmocom/msc/ran_msg_iu.h>
42#include <osmocom/msc/sgs_iface.h>
43#include <osmocom/msc/gsm_04_08.h>
44#include <osmocom/msc/gsm_09_11.h>
45#include <osmocom/msc/gsm_04_14.h>
46#include <osmocom/msc/call_leg.h>
47#include <osmocom/msc/rtp_stream.h>
48#include <osmocom/msc/msc_ho.h>
49
50#define MSC_A_USE_WAIT_CLEAR_COMPLETE "wait-Clear-Complete"
51
52static struct osmo_fsm msc_a_fsm;
53
54static const struct osmo_tdef_state_timeout msc_a_fsm_timeouts[32] = {
55 [MSC_A_ST_VALIDATE_L3] = { .T = -1 },
56 [MSC_A_ST_AUTH_CIPH] = { .keep_timer = true },
57 [MSC_A_ST_WAIT_CLASSMARK_UPDATE] = { .keep_timer = true },
58 [MSC_A_ST_AUTHENTICATED] = { .keep_timer = true },
59 [MSC_A_ST_RELEASING] = { .T = -2 },
60 [MSC_A_ST_RELEASED] = { .T = -2 },
61};
62
63/* Transition to a state, using the T timer defined in msc_a_fsm_timeouts.
64 * The actual timeout value is in turn obtained from network->T_defs.
65 * Assumes local variable fi exists. */
Neels Hofmeyr01653252019-09-03 02:06:22 +0200[diff] [blame]66#define msc_a_state_chg_always(msc_a, state) \
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]67 osmo_tdef_fsm_inst_state_chg((msc_a)->c.fi, state, msc_a_fsm_timeouts, (msc_a)->c.ran->tdefs, 5)
68
Neels Hofmeyr01653252019-09-03 02:06:22 +0200[diff] [blame]69/* Same as msc_a_state_chg_always() but ignore if the msc_a already is in the target state. */
70#define msc_a_state_chg(msc_a, STATE) do { \
71 if ((msc_a)->c.fi->state != STATE) \
72 msc_a_state_chg_always(msc_a, STATE); \
73 } while(0)
74
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]75struct gsm_network *msc_a_net(const struct msc_a *msc_a)
76{
77 return msub_net(msc_a->c.msub);
78}
79
80struct vlr_subscr *msc_a_vsub(const struct msc_a *msc_a)
81{
Neels Hofmeyr911e5972019-05-09 13:28:26 +0200[diff] [blame]82 if (!msc_a)
83 return NULL;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]84 return msub_vsub(msc_a->c.msub);
85}
86
87struct msc_i *msc_a_msc_i(const struct msc_a *msc_a)
88{
Neels Hofmeyr911e5972019-05-09 13:28:26 +0200[diff] [blame]89 if (!msc_a)
90 return NULL;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]91 return msub_msc_i(msc_a->c.msub);
92}
93
94struct msc_t *msc_a_msc_t(const struct msc_a *msc_a)
95{
Neels Hofmeyr911e5972019-05-09 13:28:26 +0200[diff] [blame]96 if (!msc_a)
97 return NULL;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]98 return msub_msc_t(msc_a->c.msub);
99}
100
101struct msc_a *msc_a_fi_priv(struct osmo_fsm_inst *fi)
102{
103 OSMO_ASSERT(fi);
104 OSMO_ASSERT(fi->fsm == &msc_a_fsm);
105 OSMO_ASSERT(fi->priv);
106 return fi->priv;
107}
108
109static void update_counters(struct osmo_fsm_inst *fi, bool conn_accepted)
110{
111 struct msc_a *msc_a = fi->priv;
112 struct gsm_network *net = msc_a_net(msc_a);
113 switch (msc_a->complete_layer3_type) {
114 case COMPLETE_LAYER3_LU:
115 rate_ctr_inc(&net->msc_ctrs->ctr[
116 conn_accepted ? MSC_CTR_LOC_UPDATE_COMPLETED
117 : MSC_CTR_LOC_UPDATE_FAILED]);
118 break;
119 case COMPLETE_LAYER3_CM_SERVICE_REQ:
120 rate_ctr_inc(&net->msc_ctrs->ctr[
121 conn_accepted ? MSC_CTR_CM_SERVICE_REQUEST_ACCEPTED
122 : MSC_CTR_CM_SERVICE_REQUEST_REJECTED]);
123 break;
124 case COMPLETE_LAYER3_PAGING_RESP:
125 rate_ctr_inc(&net->msc_ctrs->ctr[
126 conn_accepted ? MSC_CTR_PAGING_RESP_ACCEPTED
127 : MSC_CTR_PAGING_RESP_REJECTED]);
128 break;
129 default:
130 break;
131 }
132}
133
134static void evaluate_acceptance_outcome(struct osmo_fsm_inst *fi, bool conn_accepted)
135{
136 struct msc_a *msc_a = fi->priv;
137 struct vlr_subscr *vsub = msc_a_vsub(msc_a);
138
139 update_counters(fi, conn_accepted);
140
Neels Hofmeyr83cf10c2020-06-24 14:23:26 +0200[diff] [blame]141 if (conn_accepted) {
142 /* Record the Cell ID seen in Complete Layer 3 Information in the VLR, so that it also shows in vty
143 * 'show' output. */
144 vsub->cgi = msc_a->via_cell;
145 }
146
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]147 /* Trigger transactions that we paged for */
148 if (msc_a->complete_layer3_type == COMPLETE_LAYER3_PAGING_RESP) {
149 if (conn_accepted)
150 paging_response(msc_a);
151 else
152 paging_expired(vsub);
153 }
154
155 if (conn_accepted)
156 osmo_signal_dispatch(SS_SUBSCR, S_SUBSCR_ATTACHED, msc_a_vsub(msc_a));
157
158 if (msc_a->complete_layer3_type == COMPLETE_LAYER3_LU)
159 msc_a_put(msc_a, MSC_A_USE_LOCATION_UPDATING);
160}
161
162bool msc_a_is_accepted(const struct msc_a *msc_a)
163{
164 if (!msc_a || !msc_a->c.fi)
165 return false;
166 return msc_a->c.fi->state == MSC_A_ST_AUTHENTICATED
167 || msc_a->c.fi->state == MSC_A_ST_COMMUNICATING;
168}
169
170bool msc_a_in_release(struct msc_a *msc_a)
171{
172 if (!msc_a)
173 return true;
174 if (msc_a->c.fi->state == MSC_A_ST_RELEASING)
175 return true;
176 if (msc_a->c.fi->state == MSC_A_ST_RELEASED)
177 return true;
178 return false;
179}
180
181static int msc_a_ran_dec(struct msc_a *msc_a, const struct an_apdu *an_apdu, enum msc_role from_role)
182{
183 int rc;
184 struct msc_a_ran_dec_data d = {
185 .from_role = from_role,
186 .an_apdu = an_apdu,
187 };
188 msc_a_get(msc_a, __func__);
189 rc = msc_role_ran_decode(msc_a->c.fi, an_apdu, msc_a_ran_decode_cb, &d);
190 msc_a_put(msc_a, __func__);
191 return rc;
192};
193
194static void msc_a_fsm_validate_l3(struct osmo_fsm_inst *fi, uint32_t event, void *data)
195{
196 struct msc_a *msc_a = fi->priv;
197 const struct an_apdu *an_apdu;
198
199 switch (event) {
200 case MSC_A_EV_FROM_I_COMPLETE_LAYER_3:
201 case MSC_A_EV_FROM_I_PROCESS_ACCESS_SIGNALLING_REQUEST:
202 case MSC_A_EV_FROM_I_SEND_END_SIGNAL_REQUEST:
203 an_apdu = data;
204 msc_a_ran_dec(msc_a, an_apdu, MSC_ROLE_I);
205 return;
206
207 case MSC_A_EV_COMPLETE_LAYER_3_OK:
208 msc_a_state_chg(msc_a, MSC_A_ST_AUTH_CIPH);
209 return;
210
211 case MSC_A_EV_MO_CLOSE:
212 case MSC_A_EV_CN_CLOSE:
213 evaluate_acceptance_outcome(fi, false);
214 /* fall through */
215 case MSC_A_EV_UNUSED:
216 msc_a_state_chg(msc_a, MSC_A_ST_RELEASING);
217 return;
218
219 default:
220 OSMO_ASSERT(false);
221 }
222}
223
224/* Figure out whether to first send a Classmark Request to the MS to figure out algorithm support. */
225static bool msc_a_need_classmark_for_ciphering(struct msc_a *msc_a)
226{
227 struct gsm_network *net = msc_a_net(msc_a);
228 struct vlr_subscr *vsub = msc_a_vsub(msc_a);
229 int i = 0;
230 bool request_classmark = false;
231
232 /* Only on GERAN-A do we ever need Classmark Information for Ciphering. */
233 if (msc_a->c.ran->type != OSMO_RAT_GERAN_A)
234 return false;
235
236 for (i = 0; i < 8; i++) {
237 int supported;
238
239 /* A5/n permitted by osmo-msc.cfg? */
240 if (!(net->a5_encryption_mask & (1 << i)))
241 continue;
242
243 /* A5/n supported by MS? */
244 supported = osmo_gsm48_classmark_supports_a5(&vsub->classmark, i);
245 if (supported < 0) {
246 LOG_MSC_A(msc_a, LOGL_DEBUG, "For A5/%d, we still need Classmark %d\n", i, -supported);
247 request_classmark = true;
248 }
249 }
250
251 return request_classmark;
252}
253
254static int msc_a_ran_enc_ciphering(struct msc_a *msc_a, bool umts_aka, bool retrieve_imeisv);
255
256/* VLR callback for ops.set_ciph_mode() */
257int msc_a_vlr_set_cipher_mode(void *_msc_a, bool umts_aka, bool retrieve_imeisv)
258{
259 struct msc_a *msc_a = _msc_a;
Vadim Yanitskiy4dd477f2019-05-11 03:00:30 +0700[diff] [blame]260 struct vlr_subscr *vsub;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]261
Vadim Yanitskiy4dd477f2019-05-11 03:00:30 +0700[diff] [blame]262 if (!msc_a) {
263 LOGP(DMSC, LOGL_ERROR, "Insufficient info to start ciphering: "
264 "MSC-A role is NULL?!?\n");
265 return -EINVAL;
266 }
267
268 vsub = msc_a_vsub(msc_a);
269 if (!vsub || !vsub->last_tuple) {
270 LOG_MSC_A(msc_a, LOGL_ERROR, "Insufficient info to start ciphering: "
271 "vlr_subscr is NULL?!?\n");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]272 return -EINVAL;
273 }
274
275 if (msc_a_need_classmark_for_ciphering(msc_a)) {
276 int rc;
277 struct ran_msg msg = {
278 .msg_type = RAN_MSG_CLASSMARK_REQUEST,
279 };
280 rc = msc_a_ran_down(msc_a, MSC_ROLE_I, &msg);
281 if (rc) {
282 LOG_MSC_A(msc_a, LOGL_ERROR, "Cannot send Classmark Request\n");
283 return -EIO;
284 }
285
286 msc_a->state_before_classmark_update = msc_a->c.fi->state;
287 msc_a->action_on_classmark_update = (struct msc_a_action_on_classmark_update){
288 .type = MSC_A_CLASSMARK_UPDATE_THEN_CIPHERING,
289 .ciphering = {
290 .umts_aka = umts_aka,
291 .retrieve_imeisv = retrieve_imeisv,
292 },
293 };
294 msc_a_state_chg(msc_a, MSC_A_ST_WAIT_CLASSMARK_UPDATE);
295 return 0;
296 }
297
298 return msc_a_ran_enc_ciphering(msc_a, umts_aka, retrieve_imeisv);
299}
300
301static int msc_a_ran_enc_ciphering(struct msc_a *msc_a, bool umts_aka, bool retrieve_imeisv)
302{
Vadim Yanitskiy4dd477f2019-05-11 03:00:30 +0700[diff] [blame]303 struct gsm_network *net;
304 struct vlr_subscr *vsub;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]305 struct ran_msg msg;
306
Vadim Yanitskiy4dd477f2019-05-11 03:00:30 +0700[diff] [blame]307 if (!msc_a) {
308 LOGP(DMSC, LOGL_ERROR, "Insufficient info to start ciphering: "
309 "MSC-A role is NULL?!?\n");
310 return -EINVAL;
311 }
312
313 net = msc_a_net(msc_a);
314 vsub = msc_a_vsub(msc_a);
315
316 if (!net || !vsub || !vsub->last_tuple) {
317 LOG_MSC_A(msc_a, LOGL_ERROR, "Insufficient info to start ciphering: "
318 "gsm_network and/or vlr_subscr is NULL?!?\n");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]319 return -EINVAL;
320 }
321
322 msg = (struct ran_msg){
323 .msg_type = RAN_MSG_CIPHER_MODE_COMMAND,
324 .cipher_mode_command = {
325 .vec = vsub->last_tuple ? &vsub->last_tuple->vec : NULL,
326 .classmark = &vsub->classmark,
327 .geran = {
328 .umts_aka = umts_aka,
329 .retrieve_imeisv = retrieve_imeisv,
330 .a5_encryption_mask = net->a5_encryption_mask,
331
332 /* for ran_a.c to store the GERAN key that is actually used */
333 .chosen_key = &msc_a->geran_encr,
334 },
335 },
336 };
337
338 if (msc_a_ran_down(msc_a, MSC_ROLE_I, &msg)) {
339 LOG_MSC_A(msc_a, LOGL_ERROR, "Sending Cipher Mode Command failed\n");
340 /* Returning error to the VLR ops.set_ciph_mode() will cancel the attach. Other callers need to take
341 * care of the return value. */
342 return -EINVAL;
343 }
344
345 if (msc_a->geran_encr.key_len)
346 LOG_MSC_A(msc_a, LOGL_DEBUG, "RAN encoding chose ciphering key %s\n",
347 osmo_hexdump_nospc(msc_a->geran_encr.key, msc_a->geran_encr.key_len));
348 return 0;
349}
350
351static void msc_a_fsm_auth_ciph(struct osmo_fsm_inst *fi, uint32_t event, void *data)
352{
353 struct msc_a *msc_a = fi->priv;
354
355 /* If accepted, transition the state, all other cases mean failure. */
356 switch (event) {
357 case MSC_A_EV_FROM_I_PROCESS_ACCESS_SIGNALLING_REQUEST:
358 case MSC_A_EV_FROM_I_SEND_END_SIGNAL_REQUEST:
359 msc_a_ran_dec(msc_a, data, MSC_ROLE_I);
360 return;
361
362 case MSC_A_EV_AUTHENTICATED:
363 msc_a_state_chg(msc_a, MSC_A_ST_AUTHENTICATED);
364 return;
365
366 case MSC_A_EV_UNUSED:
367 msc_a_state_chg(msc_a, MSC_A_ST_RELEASING);
368 return;
369
370 case MSC_A_EV_MO_CLOSE:
371 case MSC_A_EV_CN_CLOSE:
372 evaluate_acceptance_outcome(fi, false);
373 msc_a_state_chg(msc_a, MSC_A_ST_RELEASING);
374 return;
375
376
377 default:
378 OSMO_ASSERT(false);
379 }
380}
381
382static void msc_a_fsm_wait_classmark_update(struct osmo_fsm_inst *fi, uint32_t event, void *data)
383{
384 struct msc_a *msc_a = fi->priv;
385
386 switch (event) {
387 case MSC_A_EV_FROM_I_PROCESS_ACCESS_SIGNALLING_REQUEST:
388 case MSC_A_EV_FROM_I_SEND_END_SIGNAL_REQUEST:
389 msc_a_ran_dec(msc_a, data, MSC_ROLE_I);
390 return;
391
392 case MSC_A_EV_CLASSMARK_UPDATE:
393 switch (msc_a->action_on_classmark_update.type) {
394 case MSC_A_CLASSMARK_UPDATE_THEN_CIPHERING:
395 msc_a_state_chg(msc_a, MSC_A_ST_AUTH_CIPH);
396 if (msc_a_ran_enc_ciphering(msc_a,
397 msc_a->action_on_classmark_update.ciphering.umts_aka,
398 msc_a->action_on_classmark_update.ciphering.retrieve_imeisv)) {
399 LOG_MSC_A(msc_a, LOGL_ERROR,
400 "After Classmark Update, still failed to send Cipher Mode Command\n");
401 msc_a_state_chg(msc_a, MSC_A_ST_RELEASING);
402 }
403 return;
404
405 default:
406 LOG_MSC_A(msc_a, LOGL_ERROR, "Internal error: After Classmark Update, don't know what to do\n");
407 msc_a_state_chg(msc_a, msc_a->state_before_classmark_update);
408 return;
409 }
410
411 case MSC_A_EV_UNUSED:
412 /* Seems something detached / aborted in the middle of auth+ciph. */
413 evaluate_acceptance_outcome(fi, false);
414 msc_a_state_chg(msc_a, MSC_A_ST_RELEASING);
415 return;
416
417 case MSC_A_EV_MO_CLOSE:
418 case MSC_A_EV_CN_CLOSE:
419 evaluate_acceptance_outcome(fi, false);
420 msc_a_state_chg(msc_a, MSC_A_ST_RELEASING);
421 return;
422
423 default:
424 OSMO_ASSERT(false);
425 }
426}
427
428static bool msc_a_fsm_has_active_transactions(struct osmo_fsm_inst *fi)
429{
430 struct msc_a *msc_a = fi->priv;
431 struct vlr_subscr *vsub = msc_a_vsub(msc_a);
432 struct gsm_trans *trans;
433
434 if (osmo_use_count_by(&msc_a->use_count, MSC_A_USE_SILENT_CALL)) {
435 LOG_MSC_A(msc_a, LOGL_DEBUG, "%s: silent call still active\n", __func__);
436 return true;
437 }
438
439 if (osmo_use_count_by(&msc_a->use_count, MSC_A_USE_CM_SERVICE_CC)) {
440 LOG_MSC_A(msc_a, LOGL_DEBUG, "%s: still awaiting MO CC request after a CM Service Request\n",
441 __func__);
442 return true;
443 }
444 if (osmo_use_count_by(&msc_a->use_count, MSC_A_USE_CM_SERVICE_SMS)) {
445 LOG_MSC_A(msc_a, LOGL_DEBUG, "%s: still awaiting MO SMS after a CM Service Request\n",
446 __func__);
447 return true;
448 }
449 if (osmo_use_count_by(&msc_a->use_count, MSC_A_USE_CM_SERVICE_SS)) {
450 LOG_MSC_A(msc_a, LOGL_DEBUG, "%s: still awaiting MO SS after a CM Service Request\n",
451 __func__);
452 return true;
453 }
454
455 if (vsub && !llist_empty(&vsub->cs.requests)) {
456 struct paging_request *pr;
457 llist_for_each_entry(pr, &vsub->cs.requests, entry) {
458 LOG_MSC_A(msc_a, LOGL_DEBUG, "%s: still active: %s\n", __func__, pr->label);
459 }
460 return true;
461 }
462
463 if ((trans = trans_has_conn(msc_a))) {
464 LOG_MSC_A(msc_a, LOGL_DEBUG, "connection still has active transaction: %s\n",
465 trans_type_name(trans->type));
466 return true;
467 }
468
469 return false;
470}
471
472static void msc_a_fsm_authenticated_enter(struct osmo_fsm_inst *fi, uint32_t prev_state)
473{
474 struct msc_a *msc_a = fi->priv;
475 struct vlr_subscr *vsub = msc_a_vsub(msc_a);
476
477 /* Stop Location Update expiry for this subscriber. While the subscriber
478 * has an open connection the LU expiry timer must remain disabled.
479 * Otherwise we would kick the subscriber off the network when the timer
480 * expires e.g. during a long phone call.
481 * The LU expiry timer will restart once the connection is closed. */
482 if (vsub)
483 vsub->expire_lu = VLR_SUBSCRIBER_NO_EXPIRATION;
484
485 evaluate_acceptance_outcome(fi, true);
486}
487
488static void msc_a_fsm_authenticated(struct osmo_fsm_inst *fi, uint32_t event, void *data)
489{
490 struct msc_a *msc_a = fi->priv;
491
492 switch (event) {
493 case MSC_A_EV_FROM_I_PROCESS_ACCESS_SIGNALLING_REQUEST:
494 case MSC_A_EV_FROM_I_PREPARE_SUBSEQUENT_HANDOVER_REQUEST:
495 case MSC_A_EV_FROM_I_SEND_END_SIGNAL_REQUEST:
496 msc_a_ran_dec(msc_a, data, MSC_ROLE_I);
497 return;
498
499 case MSC_A_EV_COMPLETE_LAYER_3_OK:
500 /* When Authentication is off, we may already be in the Accepted state when the code
501 * evaluates the Compl L3. Simply ignore. This just cosmetically mutes the error log
502 * about the useless event. */
503 return;
504
505 case MSC_A_EV_TRANSACTION_ACCEPTED:
506 msc_a_state_chg(msc_a, MSC_A_ST_COMMUNICATING);
507 return;
508
509 case MSC_A_EV_MO_CLOSE:
510 case MSC_A_EV_CN_CLOSE:
511 case MSC_A_EV_UNUSED:
512 msc_a_state_chg(msc_a, MSC_A_ST_RELEASING);
513 return;
514
515 default:
516 OSMO_ASSERT(false);
517 }
518}
519
520/* The MGW has given us a local IP address for the RAN side. Ready to start the Assignment of a voice channel. */
521static void msc_a_call_leg_ran_local_addr_available(struct msc_a *msc_a)
522{
523 struct ran_msg msg;
524 struct gsm_trans *cc_trans = msc_a->cc.active_trans;
525 struct gsm0808_channel_type channel_type;
526
Neels Hofmeyr00a476b2019-11-28 02:46:05 +0100[diff] [blame]527 if (!cc_trans) {
528 LOG_MSC_A(msc_a, LOGL_ERROR, "No CC transaction active\n");
529 call_leg_release(msc_a->cc.call_leg);
530 return;
531 }
532
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]533 /* Once a CI is known, we could also CRCX the CN side of the MGW endpoint, but it makes sense to wait for the
534 * codec to be determined by the Assignment Complete message, first. */
535
536 if (mncc_bearer_cap_to_channel_type(&channel_type, &cc_trans->bearer_cap)) {
537 LOG_MSC_A(msc_a, LOGL_ERROR, "Cannot compose Channel Type from bearer capabilities\n");
Neels Hofmeyrf439ff12019-10-05 04:19:36 +0200[diff] [blame]538 trans_free(cc_trans);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]539 return;
540 }
541
542 /* The RAN side RTP address is known, so the voice Assignment can commence. */
543 msg = (struct ran_msg){
544 .msg_type = RAN_MSG_ASSIGNMENT_COMMAND,
545 .assignment_command = {
546 .cn_rtp = &msc_a->cc.call_leg->rtp[RTP_TO_RAN]->local,
547 .channel_type = &channel_type,
Pau Espin Pedrola3cdab42019-05-09 17:54:08 +0200[diff] [blame]548 .osmux_present = msc_a->cc.call_leg->rtp[RTP_TO_RAN]->use_osmux,
549 .osmux_cid = msc_a->cc.call_leg->rtp[RTP_TO_RAN]->local_osmux_cid,
Philipp Maierf34d9452020-06-05 15:49:35 +0200[diff] [blame]550 .call_id_present = true,
551 .call_id = cc_trans->callref,
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]552 },
553 };
554 if (msc_a_ran_down(msc_a, MSC_ROLE_I, &msg)) {
555 LOG_MSC_A(msc_a, LOGL_ERROR, "Cannot send Assignment\n");
Neels Hofmeyrf439ff12019-10-05 04:19:36 +0200[diff] [blame]556 trans_free(cc_trans);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]557 return;
558 }
559}
560
561static void msc_a_call_leg_cn_local_addr_available(struct msc_a *msc_a, struct gsm_trans *cc_trans)
562{
563 if (gsm48_tch_rtp_create(cc_trans)) {
564 LOG_MSC_A(msc_a, LOGL_ERROR, "Cannot inform MNCC of RTP address\n");
Neels Hofmeyrf439ff12019-10-05 04:19:36 +0200[diff] [blame]565 trans_free(cc_trans);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]566 return;
567 }
568}
569
570static struct gsm_trans *find_waiting_call(struct msc_a *msc_a)
571{
572 struct gsm_trans *trans;
573 struct gsm_network *net = msc_a_net(msc_a);
574
575 llist_for_each_entry(trans, &net->trans_list, entry) {
576 if (trans->msc_a != msc_a)
577 continue;
578 if (trans->type != TRANS_CC)
579 continue;
580 if (trans->msc_a->cc.active_trans == trans)
581 continue;
582 return trans;
583 }
584 return NULL;
585}
586
587static void msc_a_cleanup_rtp_streams(struct msc_a *msc_a, uint32_t event, void *data)
588{
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]589 switch (event) {
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]590
591 case MSC_EV_CALL_LEG_TERM:
592 msc_a->cc.call_leg = NULL;
593 if (msc_a->cc.mncc_forwarding_to_remote_ran)
594 msc_a->cc.mncc_forwarding_to_remote_ran->rtps = NULL;
595
Neels Hofmeyr265a4c72019-05-09 16:20:51 +0200[diff] [blame]596 if (msc_a->ho.new_cell.mncc_forwarding_to_remote_ran)
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]597 msc_a->ho.new_cell.mncc_forwarding_to_remote_ran->rtps = NULL;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]598 return;
599
600 case MSC_MNCC_EV_CALL_ENDED:
601 msc_a->cc.mncc_forwarding_to_remote_ran = NULL;
602 return;
603
604 default:
605 return;
606 }
607}
608
609static void msc_a_fsm_communicating(struct osmo_fsm_inst *fi, uint32_t event, void *data)
610{
611 struct msc_a *msc_a = fi->priv;
612 struct rtp_stream *rtps;
613 struct gsm_trans *waiting_trans;
614 struct an_apdu *an_apdu;
615
616 msc_a_cleanup_rtp_streams(msc_a, event, data);
617
618 switch (event) {
619 case MSC_A_EV_FROM_I_PROCESS_ACCESS_SIGNALLING_REQUEST:
620 case MSC_A_EV_FROM_I_PREPARE_SUBSEQUENT_HANDOVER_REQUEST:
621 case MSC_A_EV_FROM_I_SEND_END_SIGNAL_REQUEST:
622 an_apdu = data;
623 msc_a_ran_dec(msc_a, an_apdu, MSC_ROLE_I);
624 return;
625
626 case MSC_A_EV_FROM_T_PREPARE_HANDOVER_RESPONSE:
627 case MSC_A_EV_FROM_T_PREPARE_HANDOVER_FAILURE:
628 case MSC_A_EV_FROM_T_PROCESS_ACCESS_SIGNALLING_REQUEST:
629 case MSC_A_EV_FROM_T_SEND_END_SIGNAL_REQUEST:
630 an_apdu = data;
631 msc_a_ran_dec(msc_a, an_apdu, MSC_ROLE_T);
632 return;
633
634 case MSC_A_EV_TRANSACTION_ACCEPTED:
635 /* no-op */
636 return;
637
638 case MSC_EV_CALL_LEG_RTP_LOCAL_ADDR_AVAILABLE:
639 rtps = data;
640 if (!rtps) {
641 LOG_MSC_A(msc_a, LOGL_ERROR, "Invalid data for %s\n", osmo_fsm_event_name(fi->fsm, event));
642 return;
643 }
Neels Hofmeyr00a476b2019-11-28 02:46:05 +0100[diff] [blame]644 if (!msc_a->cc.call_leg) {
645 LOG_MSC_A(msc_a, LOGL_ERROR, "No call leg active\n");
646 return;
647 }
Neels Hofmeyrcc918cb2019-11-28 02:16:34 +0100[diff] [blame]648 if (!osmo_sockaddr_str_is_nonzero(&rtps->local)) {
649 LOG_MSC_A(msc_a, LOGL_ERROR, "Invalid RTP address received from MGW: " OSMO_SOCKADDR_STR_FMT "\n",
650 OSMO_SOCKADDR_STR_FMT_ARGS(&rtps->local));
651 call_leg_release(msc_a->cc.call_leg);
652 return;
653 }
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]654 LOG_MSC_A(msc_a, LOGL_DEBUG,
Pau Espin Pedrola3cdab42019-05-09 17:54:08 +0200[diff] [blame]655 "MGW endpoint's RTP address available for the CI %s: " OSMO_SOCKADDR_STR_FMT " (osmux=%s:%d)\n",
656 rtp_direction_name(rtps->dir), OSMO_SOCKADDR_STR_FMT_ARGS(&rtps->local),
657 rtps->use_osmux ? "yes" : "no", rtps->local_osmux_cid);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]658 switch (rtps->dir) {
659 case RTP_TO_RAN:
660 msc_a_call_leg_ran_local_addr_available(msc_a);
661 return;
662 case RTP_TO_CN:
663 msc_a_call_leg_cn_local_addr_available(msc_a, rtps->for_trans);
664 return;
665 default:
666 LOG_MSC_A(msc_a, LOGL_ERROR, "Invalid data for %s\n", osmo_fsm_event_name(fi->fsm, event));
667 return;
668 }
669
670 case MSC_EV_CALL_LEG_RTP_COMPLETE:
671 /* Nothing to do. */
672 return;
673
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]674 case MSC_MNCC_EV_CALL_ENDED:
675 /* Cleaned up above */
676 return;
677
678 case MSC_EV_CALL_LEG_TERM:
679 /* RTP streams cleaned up above */
680
681 msc_a_get(msc_a, __func__);
682 if (msc_a->cc.active_trans)
683 trans_free(msc_a->cc.active_trans);
684
685 /* If there is another call still waiting to be activated, this is the time when the mgcp_ctx is
686 * available again and the other call can start assigning. */
687 waiting_trans = find_waiting_call(msc_a);
688 if (waiting_trans) {
689 LOG_MSC_A(msc_a, LOGL_DEBUG, "(ti %02x) Call waiting: starting Assignment\n",
690 waiting_trans->transaction_id);
691 msc_a_try_call_assignment(waiting_trans);
692 }
693 msc_a_put(msc_a, __func__);
694 return;
695
696 case MSC_A_EV_HANDOVER_REQUIRED:
697 msc_ho_start(msc_a, (struct ran_handover_required*)data);
698 return;
699
Neels Hofmeyr0a437be2019-05-10 15:55:52 +0200[diff] [blame]700 case MSC_A_EV_HANDOVER_END:
701 /* Termination event of the msc_ho_fsm. No action needed, it's all done in the msc_ho_fsm cleanup. This
702 * event only exists because osmo_fsm_inst_alloc_child() requires a parent term event; and maybe
703 * interesting for logging. */
704 return;
705
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]706 case MSC_A_EV_MO_CLOSE:
707 case MSC_A_EV_CN_CLOSE:
708 case MSC_A_EV_UNUSED:
709 msc_a_state_chg(msc_a, MSC_A_ST_RELEASING);
710 return;
711
712 default:
713 OSMO_ASSERT(false);
714 }
715}
716
717static int msc_a_fsm_timer_cb(struct osmo_fsm_inst *fi)
718{
719 struct msc_a *msc_a = fi->priv;
720 if (msc_a_in_release(msc_a)) {
721 LOG_MSC_A(msc_a, LOGL_ERROR, "Timeout while releasing, discarding right now\n");
722 msc_a_put_all(msc_a, MSC_A_USE_WAIT_CLEAR_COMPLETE);
723 msc_a_state_chg(msc_a, MSC_A_ST_RELEASED);
724 } else {
725 enum gsm48_reject_value cause = GSM48_REJECT_CONGESTION;
726 osmo_fsm_inst_dispatch(fi, MSC_A_EV_CN_CLOSE, &cause);
727 }
728 return 0;
729}
730
731static void msc_a_fsm_releasing_onenter(struct osmo_fsm_inst *fi, uint32_t prev_state)
732{
733 struct msc_a *msc_a = fi->priv;
734 struct vlr_subscr *vsub = msc_a_vsub(msc_a);
735 int i;
736 char buf[128];
737 const char * const use_counts_to_cancel[] = {
738 MSC_A_USE_LOCATION_UPDATING,
739 MSC_A_USE_CM_SERVICE_CC,
740 MSC_A_USE_CM_SERVICE_SMS,
741 MSC_A_USE_CM_SERVICE_SS,
742 MSC_A_USE_PAGING_RESPONSE,
743 };
744
745 LOG_MSC_A(msc_a, LOGL_DEBUG, "Releasing: msc_a use is %s\n",
746 osmo_use_count_name_buf(buf, sizeof(buf), &msc_a->use_count));
747
748 if (vsub) {
749 vlr_subscr_get(vsub, __func__);
750
751 /* Cancel all VLR FSMs, if any */
752 vlr_subscr_cancel_attach_fsm(vsub, OSMO_FSM_TERM_ERROR, GSM48_REJECT_CONGESTION);
753
754 /* The subscriber has no active connection anymore.
755 * Restart the periodic Location Update expiry timer for this subscriber. */
756 vlr_subscr_enable_expire_lu(vsub);
757 }
758
759 /* If we're closing in a middle of a trans, we need to clean up */
760 trans_conn_closed(msc_a);
761
762 call_leg_release(msc_a->cc.call_leg);
763
764 /* Cancel use counts for pending CM Service / Paging */
765 for (i = 0; i < ARRAY_SIZE(use_counts_to_cancel); i++) {
766 const char *use = use_counts_to_cancel[i];
767 int32_t count = osmo_use_count_by(&msc_a->use_count, use);
768 if (!count)
769 continue;
770 LOG_MSC_A(msc_a, LOGL_DEBUG, "Releasing: canceling still pending use: %s (%d)\n", use, count);
771 osmo_use_count_get_put(&msc_a->use_count, use, -count);
772 }
773
774 if (msc_a->c.ran->type == OSMO_RAT_EUTRAN_SGS) {
775 sgs_iface_tx_release(vsub);
776 /* In SGsAP there is no confirmation of a release. */
777 msc_a_state_chg(msc_a, MSC_A_ST_RELEASED);
778 } else {
779 struct ran_msg msg = {
780 .msg_type = RAN_MSG_CLEAR_COMMAND,
781 .clear_command = {
Neels Hofmeyrd9fe7112020-07-11 00:20:20 +0200[diff] [blame]782 /* "Call Control" is the only cause code listed in 3GPP TS 48.008 3.2.1.21 CLEAR COMMAND
783 * that qualifies for a normal release situation. (OS#4664) */
784 .gsm0808_cause = GSM0808_CAUSE_CALL_CONTROL,
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]785 .csfb_ind = (vsub && vsub->sgs_fsm->state == SGS_UE_ST_ASSOCIATED),
786 },
787 };
788 msc_a_get(msc_a, MSC_A_USE_WAIT_CLEAR_COMPLETE);
789 msc_a_ran_down(msc_a, MSC_ROLE_I, &msg);
Philipp Maier47cf84d2019-08-15 14:56:54 +0200[diff] [blame]790
791 /* The connection is cleared. The MS will now go back to 4G,
792 Switch the RAN type back to SGS. */
793 if (vsub && vsub->sgs_fsm->state == SGS_UE_ST_ASSOCIATED)
794 vsub->cs.attached_via_ran = OSMO_RAT_EUTRAN_SGS;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]795 }
796
797 if (vsub)
798 vlr_subscr_put(vsub, __func__);
799}
800
801static void msc_a_fsm_releasing(struct osmo_fsm_inst *fi, uint32_t event, void *data)
802{
803 struct msc_a *msc_a = fi->priv;
804
805 msc_a_cleanup_rtp_streams(msc_a, event, data);
806
807 switch (event) {
808 case MSC_A_EV_FROM_I_PROCESS_ACCESS_SIGNALLING_REQUEST:
809 case MSC_A_EV_FROM_I_SEND_END_SIGNAL_REQUEST:
810 msc_a_ran_dec(msc_a, data, MSC_ROLE_I);
811 return;
812
813 case MSC_A_EV_MO_CLOSE:
814 case MSC_A_EV_CN_CLOSE:
815 case MSC_A_EV_UNUSED:
816 /* Already releasing */
817 return;
818
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]819 case MSC_EV_CALL_LEG_TERM:
820 case MSC_MNCC_EV_CALL_ENDED:
821 /* RTP streams cleaned up above */
822 return;
823
Neels Hofmeyr0a437be2019-05-10 15:55:52 +0200[diff] [blame]824 case MSC_A_EV_HANDOVER_END:
825 /* msc_ho_fsm does cleanup. */
826 return;
827
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]828 default:
829 OSMO_ASSERT(false);
830 }
831}
832
833
834static void msc_a_fsm_released_onenter(struct osmo_fsm_inst *fi, uint32_t prev_state)
835{
836 struct msc_a *msc_a = msc_a_fi_priv(fi);
837 char buf[128];
838 LOG_MSC_A(msc_a, LOGL_DEBUG, "Released: msc_a use is %s\n",
839 osmo_use_count_name_buf(buf, sizeof(buf), &msc_a->use_count));
840 if (osmo_use_count_total(&msc_a->use_count) == 0)
841 osmo_fsm_inst_term(fi, OSMO_FSM_TERM_REGULAR, fi);
842}
843
844static void msc_a_fsm_released(struct osmo_fsm_inst *fi, uint32_t event, void *data)
845{
846 if (event == MSC_A_EV_UNUSED)
847 osmo_fsm_inst_term(fi, OSMO_FSM_TERM_REGULAR, fi);
848}
849
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]850void msc_a_fsm_cleanup(struct osmo_fsm_inst *fi, enum osmo_fsm_term_cause cause)
851{
852 struct msc_a *msc_a = msc_a_fi_priv(fi);
853
854 trans_conn_closed(msc_a);
855
856 if (msc_a_fsm_has_active_transactions(fi))
857 LOG_MSC_A(msc_a, LOGL_ERROR, "Deallocating active transactions failed\n");
858
859 LOG_MSC_A_CAT(msc_a, DREF, LOGL_DEBUG, "max total use count was %d\n", msc_a->max_total_use_count);
860}
861
862const struct value_string msc_a_fsm_event_names[] = {
863 OSMO_VALUE_STRING(MSC_REMOTE_EV_RX_GSUP),
864 OSMO_VALUE_STRING(MSC_EV_CALL_LEG_RTP_LOCAL_ADDR_AVAILABLE),
865 OSMO_VALUE_STRING(MSC_EV_CALL_LEG_RTP_COMPLETE),
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]866 OSMO_VALUE_STRING(MSC_EV_CALL_LEG_TERM),
867 OSMO_VALUE_STRING(MSC_MNCC_EV_NEED_LOCAL_RTP),
868 OSMO_VALUE_STRING(MSC_MNCC_EV_CALL_PROCEEDING),
869 OSMO_VALUE_STRING(MSC_MNCC_EV_CALL_COMPLETE),
870 OSMO_VALUE_STRING(MSC_MNCC_EV_CALL_ENDED),
871 OSMO_VALUE_STRING(MSC_A_EV_FROM_I_COMPLETE_LAYER_3),
872 OSMO_VALUE_STRING(MSC_A_EV_FROM_I_PROCESS_ACCESS_SIGNALLING_REQUEST),
873 OSMO_VALUE_STRING(MSC_A_EV_FROM_I_PREPARE_SUBSEQUENT_HANDOVER_REQUEST),
874 OSMO_VALUE_STRING(MSC_A_EV_FROM_I_SEND_END_SIGNAL_REQUEST),
875 OSMO_VALUE_STRING(MSC_A_EV_FROM_T_PROCESS_ACCESS_SIGNALLING_REQUEST),
876 OSMO_VALUE_STRING(MSC_A_EV_FROM_T_PREPARE_HANDOVER_RESPONSE),
877 OSMO_VALUE_STRING(MSC_A_EV_FROM_T_PREPARE_HANDOVER_FAILURE),
878 OSMO_VALUE_STRING(MSC_A_EV_FROM_T_SEND_END_SIGNAL_REQUEST),
879 OSMO_VALUE_STRING(MSC_A_EV_COMPLETE_LAYER_3_OK),
880 OSMO_VALUE_STRING(MSC_A_EV_CLASSMARK_UPDATE),
881 OSMO_VALUE_STRING(MSC_A_EV_AUTHENTICATED),
882 OSMO_VALUE_STRING(MSC_A_EV_TRANSACTION_ACCEPTED),
883 OSMO_VALUE_STRING(MSC_A_EV_CN_CLOSE),
884 OSMO_VALUE_STRING(MSC_A_EV_MO_CLOSE),
885 OSMO_VALUE_STRING(MSC_A_EV_UNUSED),
886 OSMO_VALUE_STRING(MSC_A_EV_HANDOVER_REQUIRED),
887 OSMO_VALUE_STRING(MSC_A_EV_HANDOVER_END),
888 {}
889};
890
891#define S(x) (1 << (x))
892
893static const struct osmo_fsm_state msc_a_fsm_states[] = {
894 [MSC_A_ST_VALIDATE_L3] = {
895 .name = OSMO_STRINGIFY(MSC_A_ST_VALIDATE_L3),
896 .in_event_mask = 0
897 | S(MSC_A_EV_FROM_I_COMPLETE_LAYER_3)
898 | S(MSC_A_EV_FROM_I_PROCESS_ACCESS_SIGNALLING_REQUEST)
899 | S(MSC_A_EV_FROM_I_SEND_END_SIGNAL_REQUEST)
900 | S(MSC_A_EV_COMPLETE_LAYER_3_OK)
901 | S(MSC_A_EV_MO_CLOSE)
902 | S(MSC_A_EV_CN_CLOSE)
903 | S(MSC_A_EV_UNUSED)
904 ,
905 .out_state_mask = 0
906 | S(MSC_A_ST_VALIDATE_L3)
907 | S(MSC_A_ST_AUTH_CIPH)
908 | S(MSC_A_ST_RELEASING)
909 ,
910 .action = msc_a_fsm_validate_l3,
911 },
912 [MSC_A_ST_AUTH_CIPH] = {
913 .name = OSMO_STRINGIFY(MSC_A_ST_AUTH_CIPH),
914 .in_event_mask = 0
915 | S(MSC_A_EV_FROM_I_PROCESS_ACCESS_SIGNALLING_REQUEST)
916 | S(MSC_A_EV_FROM_I_SEND_END_SIGNAL_REQUEST)
917 | S(MSC_A_EV_AUTHENTICATED)
918 | S(MSC_A_EV_MO_CLOSE)
919 | S(MSC_A_EV_CN_CLOSE)
920 | S(MSC_A_EV_UNUSED)
921 ,
922 .out_state_mask = 0
923 | S(MSC_A_ST_WAIT_CLASSMARK_UPDATE)
924 | S(MSC_A_ST_AUTHENTICATED)
925 | S(MSC_A_ST_RELEASING)
926 ,
927 .action = msc_a_fsm_auth_ciph,
928 },
929 [MSC_A_ST_WAIT_CLASSMARK_UPDATE] = {
930 .name = OSMO_STRINGIFY(MSC_A_ST_WAIT_CLASSMARK_UPDATE),
931 .in_event_mask = 0
932 | S(MSC_A_EV_FROM_I_PROCESS_ACCESS_SIGNALLING_REQUEST)
933 | S(MSC_A_EV_FROM_I_SEND_END_SIGNAL_REQUEST)
934 | S(MSC_A_EV_CLASSMARK_UPDATE)
935 | S(MSC_A_EV_MO_CLOSE)
936 | S(MSC_A_EV_CN_CLOSE)
937 ,
938 .out_state_mask = 0
939 | S(MSC_A_ST_AUTH_CIPH)
940 | S(MSC_A_ST_RELEASING)
941 ,
942 .action = msc_a_fsm_wait_classmark_update,
943 },
944 [MSC_A_ST_AUTHENTICATED] = {
945 .name = OSMO_STRINGIFY(MSC_A_ST_AUTHENTICATED),
946 /* allow everything to release for any odd behavior */
947 .in_event_mask = 0
948 | S(MSC_A_EV_FROM_I_PROCESS_ACCESS_SIGNALLING_REQUEST)
949 | S(MSC_A_EV_FROM_I_PREPARE_SUBSEQUENT_HANDOVER_REQUEST)
950 | S(MSC_A_EV_FROM_I_SEND_END_SIGNAL_REQUEST)
951 | S(MSC_A_EV_TRANSACTION_ACCEPTED)
952 | S(MSC_A_EV_MO_CLOSE)
953 | S(MSC_A_EV_CN_CLOSE)
954 | S(MSC_A_EV_UNUSED)
955 ,
956 .out_state_mask = 0
957 | S(MSC_A_ST_RELEASING)
958 | S(MSC_A_ST_COMMUNICATING)
959 ,
960 .onenter = msc_a_fsm_authenticated_enter,
961 .action = msc_a_fsm_authenticated,
962 },
963 [MSC_A_ST_COMMUNICATING] = {
964 .name = OSMO_STRINGIFY(MSC_A_ST_COMMUNICATING),
965 /* allow everything to release for any odd behavior */
966 .in_event_mask = 0
967 | S(MSC_A_EV_FROM_I_PROCESS_ACCESS_SIGNALLING_REQUEST)
968 | S(MSC_A_EV_FROM_I_PREPARE_SUBSEQUENT_HANDOVER_REQUEST)
969 | S(MSC_A_EV_FROM_I_SEND_END_SIGNAL_REQUEST)
970 | S(MSC_A_EV_FROM_T_PREPARE_HANDOVER_RESPONSE)
971 | S(MSC_A_EV_FROM_T_PREPARE_HANDOVER_FAILURE)
972 | S(MSC_A_EV_FROM_T_PROCESS_ACCESS_SIGNALLING_REQUEST)
973 | S(MSC_A_EV_FROM_T_SEND_END_SIGNAL_REQUEST)
974 | S(MSC_A_EV_TRANSACTION_ACCEPTED)
975 | S(MSC_A_EV_MO_CLOSE)
976 | S(MSC_A_EV_CN_CLOSE)
977 | S(MSC_A_EV_UNUSED)
978 | S(MSC_EV_CALL_LEG_RTP_LOCAL_ADDR_AVAILABLE)
979 | S(MSC_EV_CALL_LEG_RTP_COMPLETE)
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]980 | S(MSC_EV_CALL_LEG_TERM)
981 | S(MSC_MNCC_EV_CALL_ENDED)
982 | S(MSC_A_EV_HANDOVER_REQUIRED)
Neels Hofmeyr0a437be2019-05-10 15:55:52 +0200[diff] [blame]983 | S(MSC_A_EV_HANDOVER_END)
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]984 ,
985 .out_state_mask = 0
986 | S(MSC_A_ST_RELEASING)
987 ,
988 .action = msc_a_fsm_communicating,
989 },
990 [MSC_A_ST_RELEASING] = {
991 .name = OSMO_STRINGIFY(MSC_A_ST_RELEASING),
992 .in_event_mask = 0
993 | S(MSC_A_EV_FROM_I_PROCESS_ACCESS_SIGNALLING_REQUEST)
994 | S(MSC_A_EV_FROM_I_SEND_END_SIGNAL_REQUEST)
995 | S(MSC_A_EV_UNUSED)
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]996 | S(MSC_EV_CALL_LEG_TERM)
997 | S(MSC_MNCC_EV_CALL_ENDED)
Neels Hofmeyr0a437be2019-05-10 15:55:52 +0200[diff] [blame]998 | S(MSC_A_EV_HANDOVER_END)
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]999 ,
1000 .out_state_mask = 0
1001 | S(MSC_A_ST_RELEASED)
1002 ,
1003 .onenter = msc_a_fsm_releasing_onenter,
1004 .action = msc_a_fsm_releasing,
1005 },
1006 [MSC_A_ST_RELEASED] = {
1007 .name = OSMO_STRINGIFY(MSC_A_ST_RELEASED),
1008 .in_event_mask = 0
1009 | S(MSC_A_EV_UNUSED)
1010 ,
1011 .onenter = msc_a_fsm_released_onenter,
1012 .action = msc_a_fsm_released,
1013 },
1014};
1015
1016static struct osmo_fsm msc_a_fsm = {
1017 .name = "msc_a",
1018 .states = msc_a_fsm_states,
1019 .num_states = ARRAY_SIZE(msc_a_fsm_states),
1020 .log_subsys = DMSC,
1021 .event_names = msc_a_fsm_event_names,
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1022 .timer_cb = msc_a_fsm_timer_cb,
1023 .cleanup = msc_a_fsm_cleanup,
1024};
1025
1026static __attribute__((constructor)) void msc_a_fsm_init()
1027{
1028 OSMO_ASSERT(osmo_fsm_register(&msc_a_fsm) == 0);
1029}
1030
1031static int msc_a_use_cb(struct osmo_use_count_entry *e, int32_t old_use_count, const char *file, int line)
1032{
1033 struct msc_a *msc_a = e->use_count->talloc_object;
1034 char buf[128];
1035 int32_t total;
1036 int level;
1037
1038 if (!e->use)
1039 return -EINVAL;
1040
1041 total = osmo_use_count_total(&msc_a->use_count);
1042
1043 if (total == 0
1044 || (total == 1 && old_use_count == 0 && e->count == 1))
1045 level = LOGL_INFO;
1046 else
1047 level = LOGL_DEBUG;
1048
1049 LOG_MSC_A_CAT_SRC(msc_a, DREF, level, file, line, "%s %s: now used by %s\n",
1050 (e->count - old_use_count) > 0? "+" : "-", e->use,
1051 osmo_use_count_name_buf(buf, sizeof(buf), &msc_a->use_count));
1052
1053 if (e->count < 0)
1054 return -ERANGE;
1055
1056 msc_a->max_total_use_count = OSMO_MAX(msc_a->max_total_use_count, total);
1057
1058 if (total == 0)
1059 osmo_fsm_inst_dispatch(msc_a->c.fi, MSC_A_EV_UNUSED, NULL);
1060 return 0;
1061}
1062
1063struct msc_a *msc_a_alloc(struct msub *msub, struct ran_infra *ran)
1064{
1065 struct msc_a *msc_a = msub_role_alloc(msub, MSC_ROLE_A, &msc_a_fsm, struct msc_a, ran);
1066 msc_a->use_count = (struct osmo_use_count){
1067 .talloc_object = msc_a,
1068 .use_cb = msc_a_use_cb,
1069 };
1070 osmo_use_count_make_static_entries(&msc_a->use_count, msc_a->use_count_buf, ARRAY_SIZE(msc_a->use_count_buf));
1071 /* Start timeout for first state */
Neels Hofmeyr01653252019-09-03 02:06:22 +0200[diff] [blame]1072 msc_a_state_chg_always(msc_a, MSC_A_ST_VALIDATE_L3);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1073 return msc_a;
1074}
1075
1076bool msc_a_is_establishing_auth_ciph(const struct msc_a *msc_a)
1077{
1078 if (!msc_a || !msc_a->c.fi)
1079 return false;
1080 return msc_a->c.fi->state == MSC_A_ST_AUTH_CIPH;
1081}
1082
1083const struct value_string complete_layer3_type_names[] = {
1084 { COMPLETE_LAYER3_NONE, "NONE" },
1085 { COMPLETE_LAYER3_LU, "LU" },
1086 { COMPLETE_LAYER3_CM_SERVICE_REQ, "CM_SERVICE_REQ" },
1087 { COMPLETE_LAYER3_PAGING_RESP, "PAGING_RESP" },
1088 { 0, NULL }
1089};
1090
1091#define _msc_a_update_id(MSC_A, FMT, ARGS ...) \
1092 do { \
1093 if (osmo_fsm_inst_update_id_f(msc_a->c.fi, FMT ":%s:%s", \
1094 ## ARGS, \
1095 msub_ran_conn_name(msc_a->c.msub), \
1096 complete_layer3_type_name(msc_a->complete_layer3_type)) \
1097 == 0) { \
1098 struct vlr_subscr *_vsub = msc_a_vsub(MSC_A); \
1099 if (_vsub) { \
1100 if (_vsub->lu_fsm) \
1101 osmo_fsm_inst_update_id(_vsub->lu_fsm, (MSC_A)->c.fi->id); \
1102 if (_vsub->auth_fsm) \
1103 osmo_fsm_inst_update_id(_vsub->auth_fsm, (MSC_A)->c.fi->id); \
1104 if (_vsub->proc_arq_fsm) \
1105 osmo_fsm_inst_update_id(_vsub->proc_arq_fsm, (MSC_A)->c.fi->id); \
1106 } \
1107 LOG_MSC_A(MSC_A, LOGL_DEBUG, "Updated ID\n"); \
1108 } \
1109 /* otherwise osmo_fsm_inst_update_id_f() will log an error. */ \
1110 } while (0)
1111
1112
1113/* Compose an ID almost like gsm48_mi_to_string(), but print the MI type along, and print a TMSI as hex. */
Neels Hofmeyr46d526a2020-05-29 03:27:50 +0200[diff] [blame]1114void msc_a_update_id_from_mi(struct msc_a *msc_a, const struct osmo_mobile_identity *mi)
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1115{
Neels Hofmeyr46d526a2020-05-29 03:27:50 +0200[diff] [blame]1116 _msc_a_update_id(msc_a, "%s", osmo_mobile_identity_to_str_c(OTC_SELECT, mi));
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1117}
1118
1119/* Update msc_a->fi id string from current msc_a->vsub and msc_a->complete_layer3_type. */
1120void msc_a_update_id(struct msc_a *msc_a)
1121{
1122 _msc_a_update_id(msc_a, "%s", vlr_subscr_name(msc_a_vsub(msc_a)));
1123}
1124
1125/* Iterate all msc_a instances that are relevant for this subscriber, and update FSM ID strings for all of the FSM
1126 * instances. */
1127void msc_a_update_id_for_vsub(struct vlr_subscr *for_vsub)
1128{
1129 struct msub *msub;
1130 llist_for_each_entry(msub, &msub_list, entry) {
1131 struct vlr_subscr *vsub = msub_vsub(msub);
1132 if (vsub != for_vsub)
1133 continue;
1134 msc_a_update_id(msub_msc_a(msub));
1135 }
1136}
1137
1138static bool msg_is_initially_permitted(const struct gsm48_hdr *hdr)
1139{
1140 uint8_t pdisc = gsm48_hdr_pdisc(hdr);
1141 uint8_t msg_type = gsm48_hdr_msg_type(hdr);
1142
1143 switch (pdisc) {
1144 case GSM48_PDISC_MM:
1145 switch (msg_type) {
1146 case GSM48_MT_MM_LOC_UPD_REQUEST:
1147 case GSM48_MT_MM_CM_SERV_REQ:
1148 case GSM48_MT_MM_CM_REEST_REQ:
1149 case GSM48_MT_MM_AUTH_RESP:
1150 case GSM48_MT_MM_AUTH_FAIL:
1151 case GSM48_MT_MM_ID_RESP:
1152 case GSM48_MT_MM_TMSI_REALL_COMPL:
1153 case GSM48_MT_MM_IMSI_DETACH_IND:
1154 return true;
1155 default:
1156 break;
1157 }
1158 break;
1159 case GSM48_PDISC_RR:
1160 switch (msg_type) {
1161 /* GSM48_MT_RR_CIPH_M_COMPL is actually handled in bssmap_rx_ciph_compl() and gets redirected in the
1162 * BSSAP layer to ran_conn_cipher_mode_compl() (before this here is reached) */
1163 case GSM48_MT_RR_PAG_RESP:
1164 case GSM48_MT_RR_CIPH_M_COMPL:
1165 return true;
1166 default:
1167 break;
1168 }
1169 break;
1170 default:
1171 break;
1172 }
1173
1174 return false;
1175}
1176
1177/* Main entry point for GSM 04.08/44.008 Layer 3 data (e.g. from the BSC). */
1178int msc_a_up_l3(struct msc_a *msc_a, struct msgb *msg)
1179{
1180 struct gsm48_hdr *gh;
1181 uint8_t pdisc;
1182 int rc;
1183 struct vlr_subscr *vsub = msc_a_vsub(msc_a);
1184 int is_r99;
1185
1186 OSMO_ASSERT(msg->l3h);
1187 OSMO_ASSERT(msg);
1188
1189 gh = msgb_l3(msg);
1190 pdisc = gsm48_hdr_pdisc(gh);
1191
1192 LOG_MSC_A_CAT(msc_a, DRLL, LOGL_DEBUG, "Dispatching 04.08 message: %s %s\n",
1193 gsm48_pdisc_name(pdisc), gsm48_pdisc_msgtype_name(pdisc, gsm48_hdr_msg_type(gh)));
1194
1195 /* To evaluate the 3GPP TS 24.007 Duplicate Detection, we need Classmark information on whether the MS is R99
1196 * capable. If the subscriber is already actively connected, the Classmark information is stored with the
1197 * vlr_subscr. Otherwise, this *must* be a Complete Layer 3 with Classmark info. */
1198 if (vsub)
1199 is_r99 = osmo_gsm48_classmark_is_r99(&vsub->classmark) ? 1 : 0;
1200 else
1201 is_r99 = compl_l3_msg_is_r99(msg);
1202
1203 if (is_r99 < 0) {
1204 LOG_MSC_A(msc_a, LOGL_ERROR,
1205 "No Classmark Information, dropping non-Complete-Layer3 message: %s\n",
1206 gsm48_pdisc_msgtype_name(pdisc, gsm48_hdr_msg_type(gh)));
1207 return -EACCES;
1208 }
1209
1210 if (is_r99 >= 0
1211 && ran_dec_dtap_undup_is_duplicate(msc_a->c.fi, msc_a->n_sd_next, is_r99 ? true : false, msg)) {
1212 LOG_MSC_A(msc_a, LOGL_DEBUG, "Dropping duplicate message"
1213 " (3GPP TS 24.007 11.2.3.2 Message Type Octet / Duplicate Detection)\n");
1214 return 0;
1215 }
1216
1217 if (!msc_a_is_accepted(msc_a)
1218 && !msg_is_initially_permitted(gh)) {
1219 LOG_MSC_A(msc_a, LOGL_ERROR,
1220 "Message not permitted for initial conn: %s\n",
1221 gsm48_pdisc_msgtype_name(pdisc, gsm48_hdr_msg_type(gh)));
1222 return -EACCES;
1223 }
1224
1225 if (vsub && vsub->cs.attached_via_ran != msc_a->c.ran->type) {
1226 LOG_MSC_A(msc_a, LOGL_ERROR,
1227 "Illegal situation: RAN type mismatch:"
1228 " attached via %s, received message via %s\n",
1229 osmo_rat_type_name(vsub->cs.attached_via_ran),
1230 osmo_rat_type_name(msc_a->c.ran->type));
1231 return -EACCES;
1232 }
1233
1234#if 0
1235 if (silent_call_reroute(conn, msg))
1236 return silent_call_rx(conn, msg);
1237#endif
1238
1239 switch (pdisc) {
1240 case GSM48_PDISC_CC:
1241 rc = gsm0408_rcv_cc(msc_a, msg);
1242 break;
1243 case GSM48_PDISC_MM:
1244 rc = gsm0408_rcv_mm(msc_a, msg);
1245 break;
1246 case GSM48_PDISC_RR:
1247 rc = gsm0408_rcv_rr(msc_a, msg);
1248 break;
1249 case GSM48_PDISC_SMS:
1250 rc = gsm0411_rcv_sms(msc_a, msg);
1251 break;
1252 case GSM48_PDISC_MM_GPRS:
1253 case GSM48_PDISC_SM_GPRS:
1254 LOG_MSC_A_CAT(msc_a, DRLL, LOGL_NOTICE, "Unimplemented "
1255 "GSM 04.08 discriminator 0x%02x\n", pdisc);
1256 rc = -ENOTSUP;
1257 break;
1258 case GSM48_PDISC_NC_SS:
1259 rc = gsm0911_rcv_nc_ss(msc_a, msg);
1260 break;
1261 case GSM48_PDISC_TEST:
1262 rc = gsm0414_rcv_test(msc_a, msg);
1263 break;
1264 default:
1265 LOG_MSC_A_CAT(msc_a, DRLL, LOGL_NOTICE, "Unknown "
1266 "GSM 04.08 discriminator 0x%02x\n", pdisc);
1267 rc = -EINVAL;
1268 break;
1269 }
1270
1271 return rc;
1272}
1273
1274static void msc_a_up_call_assignment_complete(struct msc_a *msc_a, const struct ran_msg *ac)
1275{
1276 struct gsm_trans *cc_trans = msc_a->cc.active_trans;
1277 struct rtp_stream *rtps_to_ran = msc_a->cc.call_leg ? msc_a->cc.call_leg->rtp[RTP_TO_RAN] : NULL;
1278
1279 if (!rtps_to_ran) {
1280 LOG_MSC_A(msc_a, LOGL_ERROR, "Rx Assignment Complete, but no RTP stream is set up\n");
1281 return;
1282 }
1283 if (!cc_trans) {
1284 LOG_MSC_A(msc_a, LOGL_ERROR, "Rx Assignment Complete, but CC transaction is active\n");
1285 return;
1286 }
1287
Pau Espin Pedrola3cdab42019-05-09 17:54:08 +0200[diff] [blame]1288 if (rtps_to_ran->use_osmux != ac->assignment_complete.osmux_present) {
1289 LOG_MSC_A_CAT(msc_a, DCC, LOGL_ERROR, "Osmux usage ass request and complete don't match: %d vs %d\n",
1290 rtps_to_ran->use_osmux, ac->assignment_complete.osmux_present);
1291 call_leg_release(msc_a->cc.call_leg);
1292 return;
1293 }
1294
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1295 /* Update RAN-side endpoint CI: */
1296 rtp_stream_set_codec(rtps_to_ran, ac->assignment_complete.codec);
1297 rtp_stream_set_remote_addr(rtps_to_ran, &ac->assignment_complete.remote_rtp);
Pau Espin Pedrola3cdab42019-05-09 17:54:08 +0200[diff] [blame]1298 if (rtps_to_ran->use_osmux)
1299 rtp_stream_set_remote_osmux_cid(rtps_to_ran,
1300 ac->assignment_complete.osmux_cid);
1301
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1302 rtp_stream_commit(rtps_to_ran);
1303
1304 /* Setup CN side endpoint CI:
1305 * Now that
1306 * - the first CI has been created and a definitive endpoint name is assigned to the call_leg's MGW
1307 * endpoint,
1308 * - the Assignment has chosen a speech codec
1309 * go on to create the CN side RTP stream's CI. */
1310 if (call_leg_ensure_ci(msc_a->cc.call_leg, RTP_TO_CN, cc_trans->callref, cc_trans,
1311 &ac->assignment_complete.codec, NULL)) {
1312 LOG_MSC_A_CAT(msc_a, DCC, LOGL_ERROR, "Error creating MGW CI towards CN\n");
1313 call_leg_release(msc_a->cc.call_leg);
1314 return;
1315 }
1316}
1317
1318static void msc_a_up_call_assignment_failure(struct msc_a *msc_a, const struct ran_msg *af)
1319{
1320 struct gsm_trans *trans;
1321
1322 /* For a normal voice call, there will be an rtp_stream FSM. */
1323 if (msc_a->cc.call_leg && msc_a->cc.call_leg->rtp[RTP_TO_RAN]) {
1324 LOG_MSC_A(msc_a, LOGL_ERROR, "Assignment Failure, releasing call\n");
1325 rtp_stream_release(msc_a->cc.call_leg->rtp[RTP_TO_RAN]);
1326 return;
1327 }
1328
1329 /* Otherwise, a silent call might be active */
1330 trans = trans_find_by_type(msc_a, TRANS_SILENT_CALL);
1331 if (trans) {
1332 LOG_MSC_A(msc_a, LOGL_ERROR, "Assignment Failure, releasing silent call\n");
1333 trans_free(trans);
1334 return;
1335 }
1336
1337 /* Neither a voice call nor silent call assignment. Assume the worst and detach. */
1338 msc_a_release_cn(msc_a);
1339}
1340
1341static void msc_a_up_classmark_update(struct msc_a *msc_a, const struct osmo_gsm48_classmark *classmark,
1342 struct osmo_gsm48_classmark *dst)
1343{
1344 if (!dst) {
1345 struct vlr_subscr *vsub = msc_a_vsub(msc_a);
1346
1347 if (!vsub)
1348 dst = &msc_a->temporary_classmark;
1349 else
1350 dst = &vsub->classmark;
1351 }
1352
Martin Hauke3f07dac2019-11-14 17:49:08 +0100[diff] [blame]1353 LOG_MSC_A(msc_a, LOGL_DEBUG, "A5 capabilities received from Classmark Update: %s\n",
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1354 osmo_gsm48_classmark_a5_name(classmark));
1355 osmo_gsm48_classmark_update(dst, classmark);
1356
1357 /* bump subscr conn FSM in case it is waiting for a Classmark Update */
1358 if (msc_a->c.fi->state == MSC_A_ST_WAIT_CLASSMARK_UPDATE)
1359 osmo_fsm_inst_dispatch(msc_a->c.fi, MSC_A_EV_CLASSMARK_UPDATE, NULL);
1360}
1361
1362static void msc_a_up_sapi_n_reject(struct msc_a *msc_a, const struct ran_msg *msg)
1363{
1364 int sapi = msg->sapi_n_reject.dlci & 0x7;
1365 if (sapi == UM_SAPI_SMS)
1366 gsm411_sapi_n_reject(msc_a);
1367}
1368
1369static int msc_a_up_ho(struct msc_a *msc_a, const struct msc_a_ran_dec_data *d, uint32_t ho_fi_event)
1370{
1371 if (!msc_a->ho.fi) {
1372 LOG_MSC_A(msc_a, LOGL_ERROR, "Rx Handover message, but no Handover ongoing: %s\n", d->ran_dec->msg_name);
1373 return -EINVAL;
1374 }
1375 return osmo_fsm_inst_dispatch(msc_a->ho.fi, ho_fi_event, (void*)d);
1376}
1377
1378int msc_a_ran_dec_from_msc_i(struct msc_a *msc_a, struct msc_a_ran_dec_data *d)
1379{
1380 struct vlr_subscr *vsub = msc_a_vsub(msc_a);
1381 const struct ran_msg *msg = d->ran_dec;
1382 int rc = -99;
1383
1384 switch (msg->msg_type) {
1385
1386 case RAN_MSG_COMPL_L3:
Neels Hofmeyr68f50da2020-06-24 14:22:52 +0200[diff] [blame]1387 /* In case the cell_id from Complete Layer 3 Information lacks a PLMN, write the configured PLMN code
1388 * into msc_a->via_cell. Then overwrite with those bits obtained from Complete Layer 3 Information. */
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1389 msc_a->via_cell = (struct osmo_cell_global_id){
1390 .lai.plmn = msc_a_net(msc_a)->plmn,
1391 };
1392 gsm0808_cell_id_to_cgi(&msc_a->via_cell, msg->compl_l3.cell_id);
1393 rc = msc_a_up_l3(msc_a, msg->compl_l3.msg);
1394 if (!rc) {
1395 struct ran_conn *conn = msub_ran_conn(msc_a->c.msub);
1396 if (conn)
1397 ran_peer_cells_seen_add(conn->ran_peer, msg->compl_l3.cell_id);
1398 }
1399 break;
1400
1401 case RAN_MSG_DTAP:
1402 rc = msc_a_up_l3(msc_a, msg->dtap);
1403 break;
1404
1405 case RAN_MSG_CLEAR_REQUEST:
1406 rc = osmo_fsm_inst_dispatch(msc_a->c.fi, MSC_A_EV_MO_CLOSE, NULL);
1407 break;
1408
1409 case RAN_MSG_CLEAR_COMPLETE:
1410 switch (msc_a->c.fi->state) {
1411 case MSC_A_ST_RELEASING:
1412 msc_a_put_all(msc_a, MSC_A_USE_WAIT_CLEAR_COMPLETE);
1413 msc_a_state_chg(msc_a, MSC_A_ST_RELEASED);
1414 break;
1415 case MSC_A_ST_RELEASED:
1416 break;
1417 default:
1418 LOG_MSC_A(msc_a, LOGL_ERROR, "Received Clear Complete event, but did not send Clear Command\n");
1419 msc_a_state_chg(msc_a, MSC_A_ST_RELEASING);
1420 break;
1421 }
1422 rc = 0;
1423 break;
1424
1425 case RAN_MSG_CLASSMARK_UPDATE:
1426 msc_a_up_classmark_update(msc_a, msg->classmark_update.classmark, NULL);
1427 rc = 0;
1428 break;
1429
1430 case RAN_MSG_CIPHER_MODE_COMPLETE:
1431 /* Remember what Ciphering was negotiated (e.g. for Handover) */
1432 if (msg->cipher_mode_complete.alg_id) {
1433 msc_a->geran_encr.alg_id = msg->cipher_mode_complete.alg_id;
1434 LOG_MSC_A(msc_a, LOGL_DEBUG, "Cipher Mode Complete: chosen encryption algorithm: A5/%u\n",
1435 msc_a->geran_encr.alg_id - 1);
1436 };
1437 vlr_subscr_rx_ciph_res(vsub, VLR_CIPH_COMPL);
1438 rc = 0;
Neels Hofmeyre9a39112019-08-29 00:10:49 +0200[diff] [blame]1439
1440 /* Evaluate enclosed L3 message, typically Identity Response (IMEISV) */
1441 if (msg->cipher_mode_complete.l3_msg) {
1442 unsigned char *data = (unsigned char*)(msg->cipher_mode_complete.l3_msg->val);
1443 uint16_t len = msg->cipher_mode_complete.l3_msg->len;
1444 struct msgb *dtap = msgb_alloc(len, "DTAP from Cipher Mode Complete");
1445 unsigned char *pos = msgb_put(dtap, len);
1446 memcpy(pos, data, len);
1447 dtap->l3h = pos;
1448 rc = msc_a_up_l3(msc_a, dtap);
1449 msgb_free(dtap);
1450 }
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1451 break;
1452
1453 case RAN_MSG_CIPHER_MODE_REJECT:
1454 vlr_subscr_rx_ciph_res(vsub, VLR_CIPH_REJECT);
1455 rc = 0;
1456 break;
1457
1458 case RAN_MSG_ASSIGNMENT_COMPLETE:
1459 msc_a_up_call_assignment_complete(msc_a, msg);
1460 rc = 0;
1461 break;
1462
1463 case RAN_MSG_ASSIGNMENT_FAILURE:
1464 msc_a_up_call_assignment_failure(msc_a, msg);
1465 rc = 0;
1466 break;
1467
1468 case RAN_MSG_SAPI_N_REJECT:
1469 msc_a_up_sapi_n_reject(msc_a, msg);
1470 rc = 0;
1471 break;
1472
1473 case RAN_MSG_HANDOVER_PERFORMED:
1474 /* The BSS lets us know that a handover happened within the BSS, which doesn't concern us. */
1475 LOG_MSC_A(msc_a, LOGL_ERROR, "'Handover Performed' handling not implemented\n");
1476 break;
1477
1478 case RAN_MSG_HANDOVER_REQUIRED:
1479 /* The BSS lets us know that it wants to handover to a different cell */
1480 rc = osmo_fsm_inst_dispatch(msc_a->c.fi, MSC_A_EV_HANDOVER_REQUIRED, (void*)&msg->handover_required);
1481 break;
1482
1483 case RAN_MSG_HANDOVER_FAILURE:
1484 rc = msc_a_up_ho(msc_a, d, MSC_HO_EV_RX_FAILURE);
1485 break;
1486
1487 default:
1488 LOG_MSC_A(msc_a, LOGL_ERROR, "Message from MSC-I not implemented: %s\n", ran_msg_type_name(msg->msg_type));
1489 rc = -ENOTSUP;
1490 break;
1491 }
1492 return rc;
1493}
1494
1495static int msc_a_ran_dec_from_msc_t(struct msc_a *msc_a, struct msc_a_ran_dec_data *d)
1496{
1497 struct msc_t *msc_t = msc_a_msc_t(msc_a);
1498 int rc = -99;
1499
1500 if (!msc_t) {
1501 LOG_MSC_A(msc_a, LOGL_ERROR, "Rx message from MSC-T role, but I have no active MSC-T role.\n");
1502 return -EINVAL;
1503 }
1504
1505 OSMO_ASSERT(d->ran_dec);
1506
1507 switch (d->ran_dec->msg_type) {
1508
1509 case RAN_MSG_CLEAR_REQUEST:
1510 rc = osmo_fsm_inst_dispatch(msc_t->c.fi, MSC_T_EV_MO_CLOSE, NULL);
1511 break;
1512
1513 case RAN_MSG_CLEAR_COMPLETE:
1514 rc = osmo_fsm_inst_dispatch(msc_t->c.fi, MSC_T_EV_CLEAR_COMPLETE, NULL);
1515 break;
1516
1517 case RAN_MSG_CLASSMARK_UPDATE:
1518 msc_a_up_classmark_update(msc_a, d->ran_dec->classmark_update.classmark, &msc_t->classmark);
1519 rc = 0;
1520 break;
1521
1522 case RAN_MSG_HANDOVER_REQUEST_ACK:
1523 /* new BSS accepts Handover */
1524 rc = msc_a_up_ho(msc_a, d, MSC_HO_EV_RX_REQUEST_ACK);
1525 break;
1526
1527 case RAN_MSG_HANDOVER_DETECT:
1528 /* new BSS signals the MS is DETECTed on the new lchan */
1529 rc = msc_a_up_ho(msc_a, d, MSC_HO_EV_RX_DETECT);
1530 break;
1531
1532 case RAN_MSG_HANDOVER_COMPLETE:
1533 /* new BSS signals the MS has fully moved to the new lchan */
1534 rc = msc_a_up_ho(msc_a, d, MSC_HO_EV_RX_COMPLETE);
1535 break;
1536
1537 case RAN_MSG_HANDOVER_FAILURE:
1538 rc = msc_a_up_ho(msc_a, d, MSC_HO_EV_RX_FAILURE);
1539 break;
1540
1541 default:
1542 LOG_MSC_A(msc_a, LOGL_ERROR, "Message from MSC-T not implemented: %s\n",
1543 ran_msg_type_name(d->ran_dec->msg_type));
1544 rc = -ENOTSUP;
1545 break;
1546 }
1547 return rc;
1548}
1549
1550int msc_a_ran_decode_cb(struct osmo_fsm_inst *msc_a_fi, void *data, const struct ran_msg *msg)
1551{
1552 struct msc_a *msc_a = msc_a_fi_priv(msc_a_fi);
1553 struct msc_a_ran_dec_data *d = data;
1554 int rc = -99;
1555
1556 d->ran_dec = msg;
1557
1558 switch (d->from_role) {
1559 case MSC_ROLE_I:
1560 LOG_MSC_A(msc_a, LOGL_DEBUG, "RAN decode: %s\n", msg->msg_name ? : ran_msg_type_name(msg->msg_type));
1561 rc = msc_a_ran_dec_from_msc_i(msc_a, d);
1562 break;
1563
1564 case MSC_ROLE_T:
1565 LOG_MSC_A(msc_a, LOGL_DEBUG, "RAN decode from MSC-T: %s\n",
1566 msg->msg_name ? : ran_msg_type_name(msg->msg_type));
1567 rc = msc_a_ran_dec_from_msc_t(msc_a, d);
1568 break;
1569
1570 default:
1571 LOG_MSC_A(msc_a, LOGL_ERROR, "Message from invalid role %s: %s\n", msc_role_name(d->from_role),
1572 ran_msg_type_name(msg->msg_type));
1573 return -ENOTSUP;
1574 }
1575
1576 if (rc)
1577 LOG_MSC_A(msc_a, LOGL_ERROR, "RAN decode error (rc=%d) for %s from %s\n", rc, ran_msg_type_name(msg->msg_type),
1578 msc_role_name(d->from_role));
1579 return rc;
1580}
1581
1582/* Your typical DTAP via FORWARD_ACCESS_SIGNALLING_REQUEST */
1583int _msc_a_ran_down(struct msc_a *msc_a, enum msc_role to_role, const struct ran_msg *ran_msg,
1584 const char *file, int line)
1585{
1586 return _msc_a_msg_down(msc_a, to_role, msub_role_to_role_event(msc_a->c.msub, MSC_ROLE_A, to_role),
1587 ran_msg, file, line);
1588}
1589
1590/* To transmit more complex events than just FORWARD_ACCESS_SIGNALLING_REQUEST, e.g. an
1591 * MSC_T_EV_FROM_A_PREPARE_HANDOVER_REQUEST */
1592int _msc_a_msg_down(struct msc_a *msc_a, enum msc_role to_role, uint32_t to_role_event,
1593 const struct ran_msg *ran_msg,
1594 const char *file, int line)
1595{
1596 struct an_apdu an_apdu = {
1597 .an_proto = msc_a->c.ran->an_proto,
1598 .msg = msc_role_ran_encode(msc_a->c.fi, ran_msg),
1599 };
1600 int rc;
1601 if (!an_apdu.msg)
1602 return -EIO;
1603 rc = _msub_role_dispatch(msc_a->c.msub, to_role, to_role_event, &an_apdu, file, line);
1604 msgb_free(an_apdu.msg);
1605 return rc;
1606}
1607
1608int msc_a_tx_dtap_to_i(struct msc_a *msc_a, struct msgb *dtap)
1609{
1610 struct ran_msg ran_msg;
Neels Hofmeyrc192c0b2019-10-07 21:41:18 +0200[diff] [blame]1611 struct gsm48_hdr *gh = msgb_l3(dtap) ? : dtap->data;
1612 uint8_t pdisc = gsm48_hdr_pdisc(gh);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1613
Neels Hofmeyr2e8f8812019-08-21 16:56:41 +0200[diff] [blame]1614 if (!msc_a) {
Neels Hofmeyr2e8f8812019-08-21 16:56:41 +0200[diff] [blame]1615 LOGP(DMSC, LOGL_ERROR, "Attempt to send DTAP to NULL MSC-A, dropping message: %s %s\n",
1616 gsm48_pdisc_name(pdisc), gsm48_pdisc_msgtype_name(pdisc, gsm48_hdr_msg_type(gh)));
1617 msgb_free(dtap);
1618 return -EIO;
1619 }
1620
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1621 if (msc_a->c.ran->type == OSMO_RAT_EUTRAN_SGS) {
1622 /* The SGs connection to the MME always is at the MSC-A. */
1623 return sgs_iface_tx_dtap_ud(msc_a, dtap);
1624 }
1625
Neels Hofmeyrc192c0b2019-10-07 21:41:18 +0200[diff] [blame]1626 LOG_MSC_A(msc_a, LOGL_DEBUG, "Sending DTAP: %s %s\n",
1627 gsm48_pdisc_name(pdisc), gsm48_pdisc_msgtype_name(pdisc, gsm48_hdr_msg_type(gh)));
1628
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1629 ran_msg = (struct ran_msg){
1630 .msg_type = RAN_MSG_DTAP,
1631 .dtap = dtap,
1632 };
1633 return msc_a_ran_down(msc_a, MSC_ROLE_I, &ran_msg);
1634}
1635
1636struct msc_a *msc_a_for_vsub(const struct vlr_subscr *vsub, bool valid_conn_only)
1637{
1638 struct msc_a *msc_a = msub_msc_a(msub_for_vsub(vsub));
1639 if (valid_conn_only && !msc_a_is_accepted(msc_a))
1640 return NULL;
1641 return msc_a;
1642}
1643
1644int msc_tx_common_id(struct msc_a *msc_a, enum msc_role to_role)
1645{
1646 struct vlr_subscr *vsub = msc_a_vsub(msc_a);
1647 struct ran_msg msg = {
1648 .msg_type = RAN_MSG_COMMON_ID,
1649 .common_id = {
1650 .imsi = vsub->imsi,
Pau Espin Pedrol67106702021-04-27 18:20:15 +0200[diff] [blame^]1651 .last_eutran_plmn_present = vsub->sgs.last_eutran_plmn_present,
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1652 },
1653 };
Pau Espin Pedrol67106702021-04-27 18:20:15 +0200[diff] [blame^]1654 if (vsub->sgs.last_eutran_plmn_present) {
1655 memcpy(&msg.common_id.last_eutran_plmn, &vsub->sgs.last_eutran_plmn,
1656 sizeof(vsub->sgs.last_eutran_plmn));
1657 }
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1658
1659 return msc_a_ran_down(msc_a, to_role, &msg);
1660}
1661
1662static int msc_a_start_assignment(struct msc_a *msc_a, struct gsm_trans *cc_trans)
1663{
1664 struct call_leg *cl = msc_a->cc.call_leg;
Pau Espin Pedrola3cdab42019-05-09 17:54:08 +0200[diff] [blame]1665 struct msc_i *msc_i = msc_a_msc_i(msc_a);
1666 struct gsm_network *net = msc_a_net(msc_a);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1667
1668 OSMO_ASSERT(!msc_a->cc.active_trans);
1669 msc_a->cc.active_trans = cc_trans;
1670
1671 OSMO_ASSERT(cc_trans && cc_trans->type == TRANS_CC);
1672
1673 if (!cl) {
1674 cl = msc_a->cc.call_leg = call_leg_alloc(msc_a->c.fi,
1675 MSC_EV_CALL_LEG_TERM,
1676 MSC_EV_CALL_LEG_RTP_LOCAL_ADDR_AVAILABLE,
Neels Hofmeyr265a4c72019-05-09 16:20:51 +0200[diff] [blame]1677 MSC_EV_CALL_LEG_RTP_COMPLETE);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1678 OSMO_ASSERT(cl);
1679
Martin Hauke3f07dac2019-11-14 17:49:08 +0100[diff] [blame]1680 /* HACK: We put the connection in loopback mode at the beginning to
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1681 * trick the hNodeB into doing the IuUP negotiation with itself.
1682 * This is a hack we need because osmo-mgw does not support IuUP yet, see OS#2459. */
1683 if (msc_a->c.ran->type == OSMO_RAT_UTRAN_IU)
1684 cl->crcx_conn_mode[RTP_TO_RAN] = MGCP_CONN_LOOPBACK;
1685 }
1686
Pau Espin Pedrola3cdab42019-05-09 17:54:08 +0200[diff] [blame]1687 if (net->use_osmux != OSMUX_USAGE_OFF) {
1688 msc_i = msc_a_msc_i(msc_a);
1689 if (msc_i->c.remote_to) {
1690 /* TODO: investigate what to do in this case */
1691 LOG_MSC_A(msc_a, LOGL_ERROR, "Osmux not yet supported for inter-MSC");
1692 } else {
1693 cl->ran_peer_supports_osmux = msc_i->ran_conn->ran_peer->remote_supports_osmux;
1694 }
1695 }
1696
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1697 /* This will lead to either MSC_EV_CALL_LEG_LOCAL_ADDR_AVAILABLE or MSC_EV_CALL_LEG_TERM.
1698 * If the local address is already known, then immediately trigger. */
1699 if (call_leg_local_ip(cl, RTP_TO_RAN))
1700 return osmo_fsm_inst_dispatch(msc_a->c.fi, MSC_EV_CALL_LEG_RTP_LOCAL_ADDR_AVAILABLE, cl->rtp[RTP_TO_RAN]);
1701 else
1702 return call_leg_ensure_ci(msc_a->cc.call_leg, RTP_TO_RAN, cc_trans->callref, cc_trans, NULL, NULL);
1703}
1704
1705int msc_a_try_call_assignment(struct gsm_trans *cc_trans)
1706{
1707 struct msc_a *msc_a = cc_trans->msc_a;
1708 OSMO_ASSERT(cc_trans->type == TRANS_CC);
1709
1710 if (msc_a->cc.active_trans == cc_trans) {
Neels Hofmeyrb4ef5e72019-08-30 01:11:12 +0200[diff] [blame]1711 LOG_MSC_A(msc_a, LOGL_DEBUG, "Assignment for this trans already started earlier\n");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1712 return 0;
1713 }
1714
1715 if (msc_a->cc.active_trans) {
1716 LOG_MSC_A(msc_a, LOGL_INFO, "Another call is already ongoing, not assigning yet\n");
1717 return 0;
1718 }
1719
1720 LOG_MSC_A(msc_a, LOGL_DEBUG, "Starting call assignment\n");
1721 return msc_a_start_assignment(msc_a, cc_trans);
1722}
1723
1724const char *msc_a_cm_service_type_to_use(enum osmo_cm_service_type cm_service_type)
1725{
1726 switch (cm_service_type) {
1727 case GSM48_CMSERV_MO_CALL_PACKET:
1728 case GSM48_CMSERV_EMERGENCY:
1729 return MSC_A_USE_CM_SERVICE_CC;
1730
1731 case GSM48_CMSERV_SMS:
1732 return MSC_A_USE_CM_SERVICE_SMS;
1733
1734 case GSM48_CMSERV_SUP_SERV:
1735 return MSC_A_USE_CM_SERVICE_SS;
1736
1737 default:
1738 return NULL;
1739 }
1740}
1741
1742void msc_a_release_cn(struct msc_a *msc_a)
1743{
1744 osmo_fsm_inst_dispatch(msc_a->c.fi, MSC_A_EV_CN_CLOSE, NULL);
1745}
1746
1747void msc_a_release_mo(struct msc_a *msc_a, enum gsm48_gsm_cause gsm_cause)
1748{
1749 osmo_fsm_inst_dispatch(msc_a->c.fi, MSC_A_EV_MO_CLOSE, NULL);
1750}