Gitiles
Code Review Sign In
gerrit.osmocom.org / osmo-msc / 7c5346cd7005ad469702a2f74572b79de738fbbb / . / src / libmsc / sgs_iface.c
blob: eed107ab568964296ef06b100dad168f2db17552 [file] [log] [blame]
Harald Welte0df904d2018-12-03 11:00:04 +0100[diff] [blame]1/* SGs Interface according to 3GPP TS 23.272 + TS 29.118 */
2
3/* (C) 2018-2019 by sysmocom s.f.m.c. GmbH
4 * All Rights Reserved
5 *
6 * Author: Harald Welte, Philipp Maier
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU Affero General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU Affero General Public License for more details.
17 *
18 * You should have received a copy of the GNU Affero General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>.
20 *
21 */
22
23#include <osmocom/core/utils.h>
24#include <osmocom/core/msgb.h>
25#include <osmocom/core/fsm.h>
26#include <osmocom/core/socket.h>
27#include <osmocom/core/select.h>
28
29#include <osmocom/gsm/tlv.h>
30#include <osmocom/gsm/gsm48.h>
31#include <osmocom/gsm/gsm23003.h>
32#include <osmocom/gsm/gsm29118.h>
33
34#include <osmocom/netif/stream.h>
35
36#include <osmocom/msc/vlr.h>
37#include <osmocom/msc/vlr_sgs.h>
38#include <osmocom/msc/gsm_data.h>
39#include <osmocom/msc/a_iface.h>
40#include <osmocom/msc/gsm_04_08.h>
41
42#include <osmocom/msc/debug.h>
43#include <osmocom/msc/sgs_iface.h>
44#include <osmocom/msc/sgs_server.h>
45#include <osmocom/msc/msc_ifaces.h>
46#include <osmocom/gsm/protocol/gsm_29_118.h>
47
48#include <osmocom/gsm/apn.h>
49
50#define S(x) (1 << (x))
51
52/* A pointer to the GSM network we work with. By the current paradigm,
53 * there can only be one gsm_network per MSC. The pointer is set once
Vadim Yanitskiy118a0b82019-03-21 20:51:55 +0700[diff] [blame]54 * when calling sgs_iface_init() */
Harald Welte0df904d2018-12-03 11:00:04 +0100[diff] [blame]55static struct gsm_network *gsm_network = NULL;
56
57static struct osmo_fsm sgs_vlr_reset_fsm;
58static void sgs_tx(struct sgs_connection *sgc, struct msgb *msg);
59
60struct sgs_state *g_sgs;
61
62/***********************************************************************
63 * SGs state per MME connection
64 ***********************************************************************/
65
66#define LOGSGC(sgc, lvl, fmt, args...) \
67 LOGP(DSGS, lvl, "%s: " fmt, sgc->sockname, ## args)
68
69#define LOGSGC_VSUB(sgc, sub_info, lvl, fmt, args...) \
70 LOGP(DSGS, lvl, "(sub %s) %s: " fmt, sub_info, sgc->sockname, ## args)
71
72#define LOGMME(mme, lvl, fmt, args...) \
73 LOGP(DSGS, lvl, "%s: " fmt, mme->fqdn ? mme->fqdn : mme->conn->sockname, ## args)
74
75enum sgs_vlr_reset_fsm_state {
76 SGS_VLRR_ST_NULL,
77 SGS_VLRR_ST_WAIT_ACK,
78 SGS_VLRR_ST_COMPLETE,
79};
80
81enum sgs_vlr_reset_fsm_event {
82 SGS_VLRR_E_START_RESET,
83 SGS_VLRR_E_RX_RESET_ACK,
84};
85
86/***********************************************************************
87 * SGs utility functions
88 ***********************************************************************/
89
90/* Allocate a new subscriber connection */
91static struct ran_conn *subscr_conn_allocate_sgs(struct sgs_connection *sgc, struct vlr_subscr *vsub, bool mt)
92{
93 struct ran_conn *conn;
94
95 conn = ran_conn_alloc(gsm_network, OSMO_RAT_EUTRAN_SGS, vsub->sgs.lai.lac);
96 if (!conn) {
97 LOGSGC_VSUB(sgc, vlr_subscr_name(vsub), LOGL_ERROR, "Connection allocation failed\n");
98 return NULL;
99 }
100
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame^]101 vlr_subscr_get(vsub, VSUB_USE_CONN);
Harald Welte0df904d2018-12-03 11:00:04 +0100[diff] [blame]102 conn->vsub = vsub;
103 conn->vsub->cs.attached_via_ran = conn->via_ran;
104
105 /* Accept the connection immediately, since the UE is already
106 * authenticated by the MME no authentication is required. */
107 conn->complete_layer3_type = mt ? COMPLETE_LAYER3_PAGING_RESP : COMPLETE_LAYER3_CM_SERVICE_REQ;
108 ran_conn_update_id(conn);
109 osmo_fsm_inst_dispatch(conn->fi, RAN_CONN_E_COMPLETE_LAYER_3, NULL);
110 osmo_fsm_inst_dispatch(conn->fi, RAN_CONN_E_ACCEPTED, NULL);
111
112 LOG_RAN_CONN(conn, LOGL_DEBUG, "RAN connection successfully allocated!\n");
113 return conn;
114}
115
116/* Check if there are connections associated with a given subscriber. If yes,
117 * make sure that those connections are tossed. */
118static void subscr_conn_toss(struct vlr_subscr *vsub)
119{
120 struct ran_conn *conn;
121
122 conn = connection_for_subscr(vsub);
123 if (!conn)
124 return;
125
126 LOG_RAN_CONN(conn, LOGL_DEBUG, "RAN connection tossed because of unexpected RAN change!\n");
127
128 ran_conn_mo_close(conn, GSM48_REJECT_CONGESTION);
129}
130
131struct sgs_mme_ctx *sgs_mme_by_fqdn(struct sgs_state *sgs, const char *mme_fqdn)
132{
133 struct sgs_mme_ctx *mme;
134
135 llist_for_each_entry(mme, &sgs->mme_list, entry) {
136 if (!strcasecmp(mme_fqdn, mme->fqdn))
137 return mme;
138 }
139 return NULL;
140}
141
142static struct sgs_mme_ctx *sgs_mme_alloc(struct sgs_state *sgs, const char *mme_fqdn, const struct osmo_gummei *gummei)
143{
144 struct sgs_mme_ctx *mme;
145
146 OSMO_ASSERT(sgs_mme_by_fqdn(sgs, mme_fqdn) == NULL);
147
148 mme = talloc_zero(sgs, struct sgs_mme_ctx);
149 if (!mme)
150 return NULL;
151 mme->sgs = sgs;
152 OSMO_STRLCPY_ARRAY(mme->fqdn, mme_fqdn);
153 mme->fi = osmo_fsm_inst_alloc(&sgs_vlr_reset_fsm, mme, mme, LOGL_INFO, osmo_gummei_name(gummei));
154 if (!mme->fi) {
155 talloc_free(mme);
156 return NULL;
157 }
158 llist_add_tail(&mme->entry, &sgs->mme_list);
159 return mme;
160}
161
162/* Decode and verify MME name */
163static int decode_mme_name(char *mme_name, const struct tlv_parsed *tp)
164{
165 const uint8_t *mme_name_enc = TLVP_VAL_MINLEN(tp, SGSAP_IE_MME_NAME, SGS_MME_NAME_LEN);
166 struct osmo_gummei gummei;
167
168 if (!mme_name_enc)
169 return -EINVAL;
170
171 /* decode the MME name from DNS labels to string */
172 osmo_apn_to_str(mme_name, TLVP_VAL(tp, SGSAP_IE_MME_NAME), TLVP_LEN(tp, SGSAP_IE_MME_NAME));
173
174 /* try to parse the MME name into a GUMMEI as a test for the format */
175 if (osmo_parse_mme_domain(&gummei, mme_name) < 0)
176 return -EINVAL;
177
178 return 0;
179}
180
181/* A MME FQDN was received (e.g. RESET-IND/RESET-ACK/LU-REQ) */
182static int sgs_mme_fqdn_received(struct sgs_connection *sgc, const char *mme_fqdn)
183{
184 struct sgs_mme_ctx *mme;
185 struct osmo_gummei gummei;
186
187 /* caller must pass in a valid FQDN string syntax */
188 OSMO_ASSERT(osmo_parse_mme_domain(&gummei, mme_fqdn) == 0);
189
190 if (!sgc->mme) {
191 /* attempt to find MME with given name */
192 mme = sgs_mme_by_fqdn(sgc->sgs, mme_fqdn);
193 if (!mme)
194 mme = sgs_mme_alloc(sgc->sgs, mme_fqdn, &gummei);
195 OSMO_ASSERT(mme);
196
197 if (mme->conn) {
198 /* The MME context has another connection !?! */
199 LOGSGC(sgc, LOGL_ERROR, "Rx MME name %s, but that MME already has other "
200 "SCTP connection?!?\n", mme_fqdn);
201 return -1;
202 } else {
203 /* associate the two */
204 mme->conn = sgc;
205 sgc->mme = mme;
206 }
207 } else {
208 mme = sgc->mme;
209 if (strcasecmp(mme->fqdn, mme_fqdn) != 0) {
210 LOGMME(mme, LOGL_ERROR, "Rx MME name \"%s\" in packet from MME \"%s\" ?!?\n", mme_fqdn,
211 mme->fqdn);
212 return -2;
213 }
214 }
215 return 0;
216}
217
218/* Safely get the mme-name for an sgs-connection */
219static char *sgs_mme_fqdn_get(struct sgs_connection *sgc)
220{
221 if (!sgc)
222 return NULL;
223 if (!sgc->mme)
224 return NULL;
225 if (sgc->mme->fqdn[0] == '\0')
226 return NULL;
227 return sgc->mme->fqdn;
228}
229
230/* Find an sgs_mme_ctx for a given vlr subscriber, also check result */
231struct sgs_mme_ctx *sgs_mme_ctx_by_vsub(struct vlr_subscr *vsub, uint8_t msg_type)
232{
233 struct sgs_mme_ctx *mme;
234
235 /* Find SGS connection by MME name */
236 mme = sgs_mme_by_fqdn(g_sgs, vsub->sgs.mme_name);
237 if (!mme) {
238 LOGP(DSGS, LOGL_ERROR, "(sub %s) Tx %s cannot find suitable MME!\n",
239 vlr_subscr_name(vsub), sgsap_msg_type_name(msg_type));
240 return NULL;
241 }
242 if (!mme->conn) {
243 LOGP(DSGS, LOGL_ERROR,
244 "(sub %s) Tx %s suitable MME found, but no SGS connection present!\n",
245 vlr_subscr_name(vsub), sgsap_msg_type_name(msg_type));
246 return NULL;
247 }
248 if (!mme->sgs) {
249 LOGP(DSGS, LOGL_ERROR,
250 "(sub %s) Tx %s suitable MME found, but no SGS state present!\n",
251 vlr_subscr_name(vsub), sgsap_msg_type_name(msg_type));
252 return NULL;
253 }
254
255 return mme;
256}
257
258/* Make sure that the subscriber is known and that the subscriber is in the
259 * SGs associated state. In case of failure the function returns false and
260 * automatically sends a release message to the MME */
261static bool check_sgs_association(struct sgs_connection *sgc, struct msgb *msg, char *imsi)
262{
263 struct vlr_subscr *vsub;
264 struct msgb *resp;
265 uint8_t msg_type = msg->data[0];
266
267 /* Subscriber must be known by the VLR */
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame^]268 vsub = vlr_subscr_find_by_imsi(gsm_network->vlr, imsi, __func__);
Harald Welte0df904d2018-12-03 11:00:04 +0100[diff] [blame]269 if (!vsub) {
270 LOGSGC(sgc, LOGL_NOTICE, "SGsAP Message %s with unknown IMSI (%s), releasing\n",
271 sgsap_msg_type_name(msg_type), imsi);
272 resp = gsm29118_create_release_req(imsi, SGSAP_SGS_CAUSE_IMSI_UNKNOWN);
273 sgs_tx(sgc, resp);
274 return false;
275 }
276
277 /* The SGs FSM must also be in SGs associated state */
278 if (vsub->sgs_fsm->state != SGS_UE_ST_ASSOCIATED) {
279 LOGSGC(sgc, LOGL_NOTICE, "(sub %s) SGsAP Message %s subscriber not SGs-associated, releasing\n",
280 vlr_subscr_name(vsub), sgsap_msg_type_name(msg_type));
281 resp = gsm29118_create_release_req(vsub->imsi, SGSAP_SGS_CAUSE_IMSI_DET_EPS_NONEPS);
282 sgs_tx(sgc, resp);
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame^]283 vlr_subscr_put(vsub, __func__);
Harald Welte0df904d2018-12-03 11:00:04 +0100[diff] [blame]284 return false;
285 }
286
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame^]287 vlr_subscr_put(vsub, __func__);
Harald Welte0df904d2018-12-03 11:00:04 +0100[diff] [blame]288 return true;
289}
290
291/***********************************************************************
292 * SGsAP transmit functions
293 ***********************************************************************/
294
295/* Send message out to remote end (final step) */
296static void sgs_tx(struct sgs_connection *sgc, struct msgb *msg)
297{
298 if (!msg) {
299 LOGSGC(sgc, LOGL_NOTICE, "Null message, cannot transmit!\n");
300 return;
301 }
302
303 msgb_sctp_ppid(msg) = 0;
304 if (!sgc) {
Philipp Maier7231edb2019-04-04 10:30:28 +0200[diff] [blame]305 LOGP(LOGL_NOTICE, DSGS, "Cannot transmit %s: connection dead. Discarding\n",
306 sgsap_msg_type_name(msg->data[0]));
Harald Welte0df904d2018-12-03 11:00:04 +0100[diff] [blame]307 msgb_free(msg);
308 return;
309 }
310 osmo_stream_srv_send(sgc->srv, msg);
311}
312
313/* Get some subscriber info from ISMI (for the log text) */
314const char *subscr_info(const char *imsi)
315{
316 const char *subscr_string = "<unknown>";
317 struct vlr_subscr *vsub;
318
319 if (imsi) {
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame^]320 vsub = vlr_subscr_find_by_imsi(gsm_network->vlr, imsi, __func__);
Harald Welte0df904d2018-12-03 11:00:04 +0100[diff] [blame]321 if (!vsub)
322 subscr_string = imsi;
323 else {
324 subscr_string = vlr_subscr_name(vsub);
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame^]325 vlr_subscr_put(vsub, __func__);
Harald Welte0df904d2018-12-03 11:00:04 +0100[diff] [blame]326 }
327 }
328
329 return subscr_string;
330}
331
332/* Comfortable status message generator that also generates some basic
333 * context-dependent dependand log output */
334static int sgs_tx_status(struct sgs_connection *sgc, const char *imsi, enum sgsap_sgs_cause cause, struct msgb *msg,
335 int sgsap_iei)
336{
337 struct msgb *resp;
338
339 if (sgsap_iei < 0) {
340 LOGSGC_VSUB(sgc, subscr_info(imsi), LOGL_ERROR, "Rx %s failed with cause %s!\n",
341 sgsap_msg_type_name(msg->data[0]), sgsap_sgs_cause_name(cause));
342 } else if (cause == SGSAP_SGS_CAUSE_MISSING_MAND_IE) {
343 LOGSGC_VSUB(sgc, subscr_info(imsi), LOGL_ERROR, "Rx %s with missing mandatory %s IEI!\n",
344 sgsap_msg_type_name(msg->data[0]), sgsap_iei_name(sgsap_iei));
345 } else if (cause == SGSAP_SGS_CAUSE_INVALID_MAND_IE) {
346 LOGSGC_VSUB(sgc, subscr_info(imsi), LOGL_ERROR, "Rx %s with invalid mandatory %s IEI!\n",
347 sgsap_msg_type_name(msg->data[0]), sgsap_iei_name(sgsap_iei));
348 } else if (cause == SGSAP_SGS_CAUSE_COND_IE_ERROR) {
349 LOGSGC_VSUB(sgc, subscr_info(imsi), LOGL_ERROR, "Rx %s with errornous conditional %s IEI!\n",
350 sgsap_msg_type_name(msg->data[0]), sgsap_iei_name(sgsap_iei));
351 } else {
352 LOGSGC_VSUB(sgc, subscr_info(imsi), LOGL_ERROR, "Rx %s failed with cause %s at %s IEI!\n",
353 sgsap_msg_type_name(msg->data[0]), sgsap_sgs_cause_name(cause), sgsap_iei_name(sgsap_iei));
354 }
355
356 resp = gsm29118_create_status(imsi, cause, msg);
357 sgs_tx(sgc, resp);
358 return 0;
359}
360
361/* Called by VLR via callback, transmits the the location update response or
362 * reject, depending on the outcome of the location update. */
363static void sgs_tx_loc_upd_resp_cb(struct sgs_lu_response *response)
364{
365 struct msgb *resp;
366 struct vlr_subscr *vsub = response->vsub;
367 struct sgs_mme_ctx *mme;
368 uint8_t new_id[2 + GSM48_TMSI_LEN];
369 uint8_t *new_id_ptr = new_id;
370 unsigned int new_id_len = 0;
371 uint8_t resp_msg_type;
372
373 if (response->accepted)
374 resp_msg_type = SGSAP_MSGT_LOC_UPD_ACK;
375 else
376 resp_msg_type = SGSAP_MSGT_LOC_UPD_REJ;
377
378 mme = sgs_mme_ctx_by_vsub(vsub, resp_msg_type);
379 if (!mme)
380 return;
381
382 if (response->accepted) {
383 if (vsub->tmsi_new != GSM_RESERVED_TMSI) {
384 new_id_len = gsm48_generate_mid_from_tmsi(new_id, vsub->tmsi_new);
385 new_id_ptr = new_id + 2;
386 new_id_len -= 2;
387 }
388 resp = gsm29118_create_lu_ack(vsub->imsi, &vsub->sgs.lai, new_id_ptr, new_id_len);
389 sgs_tx(mme->conn, resp);
390 vlr_sgs_loc_update_acc_sent(vsub);
391 } else {
392 resp = gsm29118_create_lu_rej(vsub->imsi, SGSAP_SGS_CAUSE_IMSI_UNKNOWN, &vsub->sgs.lai);
393 sgs_tx(mme->conn, resp);
394 vlr_sgs_loc_update_rej_sent(vsub);
395 }
396}
397
398/* Called by VLR via callback, transmits MM information to the UE */
399static void sgs_tx_mm_info_cb(struct vlr_subscr *vsub)
400{
401 struct msgb *msg;
402 struct msgb *msg_mm_info;
403 struct sgs_mme_ctx *mme;
404
405 /* The sending of MM information requests is an optional feature and
406 * depends on the network configuration (VTY) */
407 if (!gsm_network->send_mm_info)
408 return;
409
410 mme = sgs_mme_ctx_by_vsub(vsub, SGSAP_MSGT_MM_INFO_REQ);
411 if (!mme)
412 return;
413
414 /* Create and send MM information request message, see also:
415 * 3GPP TS 29.118, chapter 8.12 SGsAP-MM-INFORMATION-REQUEST and
416 * 3GPP TS 29.018, chapter 18.4.16 MM information. */
417 msg_mm_info = gsm48_create_mm_info(gsm_network);
418 msg = gsm29118_create_mm_info_req(vsub->imsi, msg_mm_info->data + 2, msg_mm_info->len - 2);
419 sgs_tx(mme->conn, msg);
420 msgb_free(msg_mm_info);
421}
422
423/*! Page UE through SGs interface
424 * \param[in] vsub subscriber context
425 * \param[in] serv_ind service indicator (sms or voide)
426 * \returns 0 in case of success, -EINVAL in case of error. */
427int sgs_iface_tx_paging(struct vlr_subscr *vsub, enum sgsap_service_ind serv_ind)
428{
429 struct msgb *resp;
430 struct gsm29118_paging_req paging_params;
431 struct sgs_mme_ctx *mme;
432
433 /* See also: 3GPP TS 29.118, chapter 5.1.2.2 Paging Initiation */
434 if (vsub->sgs_fsm->state == SGS_UE_ST_NULL && vsub->conf_by_radio_contact_ind == true)
435 return -EINVAL;
436
437 mme = sgs_mme_ctx_by_vsub(vsub, SGSAP_MSGT_PAGING_REQ);
438 if (!mme)
439 return -EINVAL;
440
441 /* Check if there is still a paging in progress for this subscriber,
442 * if yes, don't initiate another paging request. */
443 if (vlr_sgs_pag_pend(vsub))
444 return 0;
445
446 memset(&paging_params, 0, sizeof(paging_params));
447 osmo_strlcpy(paging_params.imsi, vsub->imsi, sizeof(paging_params.imsi));
448 osmo_strlcpy(paging_params.vlr_name, mme->sgs->cfg.vlr_name, sizeof(paging_params.vlr_name));
449 paging_params.serv_ind = serv_ind;
450 if (vsub->conf_by_radio_contact_ind == true) {
451 memcpy(&paging_params.lai, &vsub->sgs.lai, sizeof(paging_params.lai));
452 paging_params.lai_present = true;
453 }
454 resp = gsm29118_create_paging_req(&paging_params);
455 sgs_tx(mme->conn, resp);
456
457 /* FIXME: If we are in SGS_UE_ST_NULL while sub->conf_by_radio_contact_ind == false,
458 * we are supposed to start a search procedure as defined in 3GPP TS 23.018 */
459
460 /* Inform the VLR that a paging via SGs is in progress */
461 vlr_sgs_pag(vsub, serv_ind);
462
463 /* Return a page count of 1 (success) */
464 return 1;
465}
466
467/***********************************************************************
468 * SGs incoming messages from the MME
469 ***********************************************************************/
470
471/* Safely read out the SGs cause code from a given message/tlv set, send status
472 * message in case the cause code is invalid or missing. */
473static int sgs_cause_from_msg(struct sgs_connection *sgc, struct msgb *msg, const struct tlv_parsed *tp,
474 const char *imsi)
475{
476 enum sgsap_sgs_cause cause;
477 const uint8_t *cause_ptr;
478 cause_ptr = TLVP_VAL_MINLEN(tp, SGSAP_IE_SGS_CAUSE, 1);
479 if (!cause_ptr) {
480 sgs_tx_status(sgc, imsi, SGSAP_SGS_CAUSE_MISSING_MAND_IE, msg, SGSAP_IE_SGS_CAUSE);
481 return -1;
482 } else
483 cause = *cause_ptr;
484 return cause;
485}
486
487/* SGsAP-STATUS 3GPP TS 29.118, chapter 8.18 */
488static int sgs_rx_status(struct sgs_connection *sgc, struct msgb *msg, const struct tlv_parsed *tp, const char *imsi)
489{
490 int cause;
491 const uint8_t *err_msg;
492 const char *imsi_ptr;
493 char *err_msg_hex = "(none)";
494
495 cause = sgs_cause_from_msg(sgc, msg, tp, NULL);
496 if (cause < 0)
497 return 0;
498
499 if (imsi[0] != '\0')
500 imsi_ptr = imsi;
501 else
502 imsi_ptr = "<none>";
503
504 if (TLVP_PRESENT(tp, SGSAP_IE_ERR_MSG))
505 err_msg = TLVP_VAL(tp, SGSAP_IE_ERR_MSG);
506 else
507 err_msg = NULL;
508
509 if (err_msg)
510 err_msg_hex = osmo_hexdump(err_msg, TLVP_LEN(tp, SGSAP_IE_ERR_MSG));
511
512 LOGSGC(sgc, LOGL_NOTICE, "Rx STATUS cause=%s, IMSI=%s, err_msg=%s\n",
513 sgsap_sgs_cause_name(cause), imsi_ptr, err_msg_hex);
514
515 return 0;
516}
517
518/* SGsAP-RESET-INDICATION 3GPP TS 29.118, chapter 8.16 */
519static int sgs_rx_reset_ind(struct sgs_connection *sgc, struct msgb *msg, const struct tlv_parsed *tp)
520{
521 struct gsm29118_reset_msg reset_params;
522 struct msgb *resp;
523
524 memset(&reset_params, 0, sizeof(reset_params));
525 osmo_strlcpy(reset_params.vlr_name, sgc->sgs->cfg.vlr_name, sizeof(reset_params.vlr_name));
526 reset_params.vlr_name_present = true;
527
528 resp = gsm29118_create_reset_ack(&reset_params);
529
530 /* Perform a reset of the SGS FSM of all subscribers that are present in the VLR */
531 vlr_sgs_reset(gsm_network->vlr);
532
533 sgs_tx(sgc, resp);
534 return 0;
535}
536
537/* SGsAP-RESET-ACK 3GPP TS 29.118, chapter 8.15 */
538static int sgs_rx_reset_ack(struct sgs_connection *sgc, struct msgb *msg, const struct tlv_parsed *tp)
539{
540 /* dispatch event to VLR reset FSM for this MME */
541 if (sgc->mme && sgc->mme->fi)
542 osmo_fsm_inst_dispatch(sgc->mme->fi, SGS_VLRR_E_RX_RESET_ACK, msg);
543 return 0;
544}
545
546/* SGsAP-LOCATION-UPDATE-REQUEST 3GPP TS 29.118, chapter 8.11 */
547static int sgs_rx_loc_upd_req(struct sgs_connection *sgc, struct msgb *msg, const struct tlv_parsed *tp, char *imsi)
548{
549 struct msgb *resp;
550 const uint8_t *lu_type_ie;
551 enum vlr_lu_type type;
552 struct osmo_location_area_id new_lai;
553 const struct gsm48_loc_area_id *gsm48_lai;
554 int rc;
555 char *mme_name;
556 struct vlr_sgs_cfg vlr_sgs_cfg;
557 struct vlr_subscr *vsub;
558
559 /* Check for lingering connections */
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame^]560 vsub = vlr_subscr_find_by_imsi(gsm_network->vlr, imsi, __func__);
Harald Welte0df904d2018-12-03 11:00:04 +0100[diff] [blame]561 if (vsub) {
562 subscr_conn_toss(vsub);
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame^]563 vlr_subscr_put(vsub, __func__);
Harald Welte0df904d2018-12-03 11:00:04 +0100[diff] [blame]564 }
565
566 /* Determine MME-Name */
567 mme_name = sgs_mme_fqdn_get(sgc);
568 if (!mme_name) {
569 resp = gsm29118_create_lu_rej(imsi, SGSAP_SGS_CAUSE_IMSI_UNKNOWN, NULL);
570 sgs_tx(sgc, resp);
571 return 0;
572 }
573
574 /* Parse LU-Type */
575 lu_type_ie = TLVP_VAL_MINLEN(tp, SGSAP_IE_EPS_LU_TYPE, 1);
576 if (!lu_type_ie)
577 return sgs_tx_status(sgc, imsi, SGSAP_SGS_CAUSE_MISSING_MAND_IE, msg, SGSAP_IE_EPS_LU_TYPE);
578 if (lu_type_ie[0] == 0x01)
579 type = VLR_LU_TYPE_IMSI_ATTACH;
580 else
581 type = VLR_LU_TYPE_REGULAR;
582
583 /* Parse LAI of the new location */
584 gsm48_lai = (struct gsm48_loc_area_id *)TLVP_VAL_MINLEN(tp, SGSAP_IE_LAI, 5);
585 if (!gsm48_lai)
586 return sgs_tx_status(sgc, imsi, SGSAP_SGS_CAUSE_MISSING_MAND_IE, msg, SGSAP_IE_LAI);
587 gsm48_decode_lai2(gsm48_lai, &new_lai);
588
589 /* Perform actual location update */
590 memcpy(vlr_sgs_cfg.timer, sgc->sgs->cfg.timer, sizeof(vlr_sgs_cfg.timer));
591 memcpy(vlr_sgs_cfg.counter, sgc->sgs->cfg.counter, sizeof(vlr_sgs_cfg.counter));
592 rc = vlr_sgs_loc_update(gsm_network->vlr, &vlr_sgs_cfg, sgs_tx_loc_upd_resp_cb, sgs_iface_tx_paging,
593 sgs_tx_mm_info_cb, mme_name, type, imsi, &new_lai);
594 if (rc != 0) {
595 resp = gsm29118_create_lu_rej(imsi, SGSAP_SGS_CAUSE_IMSI_UNKNOWN, NULL);
596 sgs_tx(sgc, resp);
597 }
598
599 return 0;
600}
601
602/* SGsAP-IMSI-DETACH-INDICATION 3GPP TS 29.118, chapter 8.8 */
603static int sgs_rx_imsi_det_ind(struct sgs_connection *sgc, struct msgb *msg, const struct tlv_parsed *tp, char *imsi)
604{
605 struct msgb *resp;
606 enum sgsap_imsi_det_noneps_type type;
607 const uint8_t *type_ie;
608
609 type_ie = TLVP_VAL_MINLEN(tp, SGSAP_IE_IMSI_DET_NONEPS_TYPE, 1);
610 if (!type_ie)
611 return sgs_tx_status(sgc, imsi, SGSAP_SGS_CAUSE_MISSING_MAND_IE, msg, SGSAP_IE_IMSI_DET_NONEPS_TYPE);
612
613 switch (type_ie[0]) {
614 case SGSAP_ID_NONEPS_T_EXPLICIT_UE_NONEPS:
615 type = SGSAP_ID_NONEPS_T_EXPLICIT_UE_NONEPS;
616 break;
617 case SGSAP_ID_NONEPS_T_COMBINED_UE_EPS_NONEPS:
618 type = SGSAP_ID_NONEPS_T_COMBINED_UE_EPS_NONEPS;
619 break;
620 case SGSAP_ID_NONEPS_T_IMPLICIT_UE_EPS_NONEPS:
621 type = SGSAP_ID_NONEPS_T_IMPLICIT_UE_EPS_NONEPS;
622 break;
623 default:
624 return sgs_tx_status(sgc, imsi, SGSAP_SGS_CAUSE_INVALID_MAND_IE, msg, SGSAP_IE_IMSI_DET_NONEPS_TYPE);
625 break;
626 }
627
628 vlr_sgs_imsi_detach(gsm_network->vlr, imsi, type);
629 resp = gsm29118_create_imsi_det_ack(imsi);
630 sgs_tx(sgc, resp);
631
632 return 0;
633}
634
635/* SGsAP-EPS-DETACH-INDICATION 3GPP TS 29.118, chapter 8.6 */
636static int sgs_rx_eps_det_ind(struct sgs_connection *sgc, struct msgb *msg, const struct tlv_parsed *tp, char *imsi)
637{
638 struct msgb *resp;
639 enum sgsap_imsi_det_eps_type type;
640 const uint8_t *type_ie;
641
642 type_ie = TLVP_VAL_MINLEN(tp, SGSAP_IE_IMSI_DET_EPS_TYPE, 1);
643 if (!type_ie)
644 return sgs_tx_status(sgc, imsi, SGSAP_SGS_CAUSE_MISSING_MAND_IE, msg, SGSAP_IE_IMSI_DET_EPS_TYPE);
645
646 switch (type_ie[0]) {
647 case SGSAP_ID_EPS_T_NETWORK_INITIATED:
648 type = SGSAP_ID_EPS_T_NETWORK_INITIATED;
649 break;
650 case SGSAP_ID_EPS_T_UE_INITIATED:
651 type = SGSAP_ID_EPS_T_UE_INITIATED;
652 break;
653 case SGSAP_ID_EPS_T_EPS_NOT_ALLOWED:
654 type = SGSAP_ID_EPS_T_EPS_NOT_ALLOWED;
655 break;
656 default:
657 return sgs_tx_status(sgc, imsi, SGSAP_SGS_CAUSE_INVALID_MAND_IE, msg, SGSAP_IE_IMSI_DET_EPS_TYPE);
658 break;
659 }
660
661 vlr_sgs_eps_detach(gsm_network->vlr, imsi, type);
662 resp = gsm29118_create_eps_det_ack(imsi);
663 sgs_tx(sgc, resp);
664
665 return 0;
666}
667
668/* SGsAP-PAGING-REJECT 3GPP TS 29.118, chapter 8.13 */
669static int sgs_rx_pag_rej(struct sgs_connection *sgc, struct msgb *msg, const struct tlv_parsed *tp, char *imsi)
670{
671 int cause;
672 struct vlr_subscr *vsub;
673
674 cause = sgs_cause_from_msg(sgc, msg, tp, NULL);
675 if (cause < 0)
676 return 0;
677
678 /* Subscriber must be known by the VLR */
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame^]679 vsub = vlr_subscr_find_by_imsi(gsm_network->vlr, imsi, __func__);
Harald Welte0df904d2018-12-03 11:00:04 +0100[diff] [blame]680 if (!vsub)
681 return sgs_tx_status(sgc, imsi, SGSAP_SGS_CAUSE_IMSI_UNKNOWN, msg, SGSAP_IE_IMSI);
682
683 /* Inform the VLR */
684 vlr_sgs_pag_rej(gsm_network->vlr, imsi, cause);
685
686 /* Stop all paging activity */
687 subscr_paging_cancel(vsub, GSM_PAGING_EXPIRED);
688
689 /* Depending on the cause code some action is required */
690 if (cause == SGSAP_SGS_CAUSE_MT_CSFB_REJ_USER) {
691 /* FIXME: We are supposed to trigger a User Determined User Busy (UDUB)
692 * as specified in 3GPP TS 24.082 here, SGs association state shall not
693 * be changed */
694 LOGSGC(sgc, LOGL_ERROR,
695 "Rx %s with SGSAP_SGS_CAUSE_MT_CSFB_REJ_USER, but sending UDUP is not implemented yet!\n",
696 sgsap_msg_type_name(msg->data[0]));
697 } else if (cause == SGSAP_SGS_CAUSE_IMSI_DET_EPS) {
698 /* FIXME: In this case we should send the paging via A/Iu interface */
699 OSMO_ASSERT(false);
700 }
701
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame^]702 vlr_subscr_put(vsub, __func__);
Harald Welte0df904d2018-12-03 11:00:04 +0100[diff] [blame]703 return 0;
704}
705
706/* SGsAP-UE-UNREACHABLE 3GPP TS 29.118, chapter 8.21 */
707static int sgs_rx_ue_unr(struct sgs_connection *sgc, struct msgb *msg, const struct tlv_parsed *tp, char *imsi)
708{
709 int cause;
710
711 cause = sgs_cause_from_msg(sgc, msg, tp, NULL);
712 if (cause < 0)
713 return 0;
714
715 vlr_sgs_ue_unr(gsm_network->vlr, imsi, cause);
716
717 return 0;
718}
719
720/* SGsAP-TMSI-REALLOCATION-COMPLETE 3GPP TS 29.118, chapter 8.19 */
721static int sgs_rx_tmsi_reall_cmpl(struct sgs_connection *sgc, struct msgb *msg, const struct tlv_parsed *tp, char *imsi)
722{
723 vlr_sgs_tmsi_reall_compl(gsm_network->vlr, imsi);
724 return 0;
725}
726
727/* SGsAP-SERVICE-REQUEST 3GPP TS 29.118, chapter 8.17 */
728static int sgs_rx_service_req(struct sgs_connection *sgc, struct msgb *msg, const struct tlv_parsed *tp, char *imsi)
729{
730 enum sgsap_service_ind serv_ind;
731 const uint8_t *serv_ind_ie;
732 struct ran_conn *conn;
733 struct vlr_subscr *vsub;
734
735 /* Note: While in other RAN concepts a service request is used to
736 * initiate mobile originated operation, the service request in SGsAP
737 * is comparable to a paging response. The SGsAP SERVICE REQUEST must
738 * not be confused or compared with a CM SERVICE REQUEST! */
739
740 if (!check_sgs_association(sgc, msg, imsi))
741 return 0;
742
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame^]743 vsub = vlr_subscr_find_by_imsi(gsm_network->vlr, imsi, __func__);
Harald Welte0df904d2018-12-03 11:00:04 +0100[diff] [blame]744 /* Note: vsub is already sufficiently verified by check_sgs_association(),
745 * we must have a vsub at this point! */
746 OSMO_ASSERT(vsub);
747
748 /* The Service request is intended as a paging response, if one is
749 * received while nothing is paging something is very wrong! */
750 if (!vlr_sgs_pag_pend(vsub)) {
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame^]751 vlr_subscr_put(vsub, __func__);
Harald Welte0df904d2018-12-03 11:00:04 +0100[diff] [blame]752 return sgs_tx_status(sgc, imsi, SGSAP_SGS_CAUSE_MSG_INCOMP_STATE, msg, -1);
753 }
754 serv_ind_ie = TLVP_VAL_MINLEN(tp, SGSAP_IE_SERVICE_INDICATOR, 1);
755
756 if (!serv_ind_ie) {
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame^]757 vlr_subscr_put(vsub, __func__);
Harald Welte0df904d2018-12-03 11:00:04 +0100[diff] [blame]758 return sgs_tx_status(sgc, imsi, SGSAP_SGS_CAUSE_MISSING_MAND_IE, msg, SGSAP_IE_SERVICE_INDICATOR);
759 }
760 if (serv_ind_ie[0] == SGSAP_SERV_IND_CS_CALL)
761 serv_ind = serv_ind_ie[0];
762 else if (serv_ind_ie[0] == SGSAP_SERV_IND_SMS)
763 serv_ind = serv_ind_ie[0];
764 else {
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame^]765 vlr_subscr_put(vsub, __func__);
Harald Welte0df904d2018-12-03 11:00:04 +0100[diff] [blame]766 return sgs_tx_status(sgc, imsi, SGSAP_SGS_CAUSE_INVALID_MAND_IE, msg, SGSAP_IE_SERVICE_INDICATOR);
767 }
768
769 /* FIXME: The MME shall include an UE EMM Mode IE, but the field is
770 * marked optional. (Why do we need this info at all?) */
771
772 /* Report to the VLR that the paging has successfully completed */
773 vlr_sgs_pag_ack(gsm_network->vlr, imsi);
774
775 /* Exit early when the service indicator indicates that a call is being
776 * established. In those cases we do not allocate a connection, instead
777 * the connection will be allocated when the MS is appearing on the
778 * A-Interface. */
779 if (serv_ind == SGSAP_SERV_IND_CS_CALL) {
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame^]780 vlr_subscr_put(vsub, __func__);
Harald Welte0df904d2018-12-03 11:00:04 +0100[diff] [blame]781 return 0;
782 }
783
784 /* Allocate subscriber connection */
785 conn = subscr_conn_allocate_sgs(sgc, vsub, true);
786 if (!conn) {
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame^]787 vlr_subscr_put(vsub, __func__);
Harald Welte0df904d2018-12-03 11:00:04 +0100[diff] [blame]788 return sgs_tx_status(sgc, imsi, SGSAP_SGS_CAUSE_MSG_INCOMP_STATE, msg, -1);
789 }
790
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame^]791 /* The conn has added a get() for the vsub, balance above vlr_subscr_find_by_imsi() */
792 vlr_subscr_put(vsub, __func__);
Harald Welte0df904d2018-12-03 11:00:04 +0100[diff] [blame]793 return 0;
794}
795
796/* SGsAP-UPLINK-UNITDATA 3GPP TS 29.118, chapter 8.22 */
797static int sgs_rx_ul_ud(struct sgs_connection *sgc, struct msgb *msg, const struct tlv_parsed *tp, char *imsi)
798{
799 struct dtap_header *dtap;
800 struct ran_conn *conn;
Harald Welte0df904d2018-12-03 11:00:04 +0100[diff] [blame]801 const uint8_t *nas_msg_container_ie;
802 struct vlr_subscr *vsub;
803
804 if (!check_sgs_association(sgc, msg, imsi))
805 return 0;
806
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame^]807 vsub = vlr_subscr_find_by_imsi(gsm_network->vlr, imsi, __func__);
Harald Welte0df904d2018-12-03 11:00:04 +0100[diff] [blame]808 /* Note: vsub is already sufficiently verified by check_sgs_association(),
809 * we must have a vsub at this point! */
810 OSMO_ASSERT(vsub);
811
812 /* Try to find existing connection (MT) or allocate a new one (MO) */
813 conn = connection_for_subscr(vsub);
814 if (!conn) {
815 conn = subscr_conn_allocate_sgs(sgc, vsub, false);
Harald Welte0df904d2018-12-03 11:00:04 +0100[diff] [blame]816 } else {
817 if (conn->via_ran != OSMO_RAT_EUTRAN_SGS) {
818 LOGSGC(sgc, LOGL_ERROR,
819 "Receiving uplink unit-data for non-sgs connection -- discarding message!\n");
820 msgb_free(msg);
821 return 0;
822 }
823 }
824
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame^]825 /* Balance above vlr_subscr_find_by_imsi() */
826 vlr_subscr_put(vsub, __func__);
827
Harald Welte0df904d2018-12-03 11:00:04 +0100[diff] [blame]828 /* If we do not find an existing connection and allocating a new one
829 * faild, give up and return status. */
830 if (!conn) {
Harald Welte0df904d2018-12-03 11:00:04 +0100[diff] [blame]831 return sgs_tx_status(sgc, imsi, SGSAP_SGS_CAUSE_MSG_INCOMP_STATE, msg, 0);
832 }
833
834 nas_msg_container_ie = TLVP_VAL_MINLEN(tp, SGSAP_IE_NAS_MSG_CONTAINER, 1);
835 if (!nas_msg_container_ie) {
Harald Welte0df904d2018-12-03 11:00:04 +0100[diff] [blame]836 return sgs_tx_status(sgc, imsi, SGSAP_SGS_CAUSE_MISSING_MAND_IE, msg, SGSAP_IE_NAS_MSG_CONTAINER);
837 }
838
839 /* ran_conn_dtap expects the dtap payload in l3h */
840 dtap = (struct dtap_header *)nas_msg_container_ie;
841 msg->l3h = (uint8_t *) nas_msg_container_ie;
842 OMSC_LINKID_CB(msg) = dtap->link_id;
843
844 /* Forward dtap payload into the msc */
845 ran_conn_dtap(conn, msg);
846
Harald Welte0df904d2018-12-03 11:00:04 +0100[diff] [blame]847 return 0;
848}
849
850/* SGsAP-MO-CSFB-INDICATION, chapter 8.25 */
851static int sgs_rx_csfb_ind(struct sgs_connection *sgc, struct msgb *msg, const struct tlv_parsed *tp, char *imsi)
852{
853 struct vlr_subscr *vsub;
854
855 /* The MME informs us with this message that the UE has returned back
856 * to the 4G network, so we use the SGs interface again for further
857 * communication with the UE. */
858
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame^]859 vsub = vlr_subscr_find_by_imsi(gsm_network->vlr, imsi, __func__);
Harald Welte0df904d2018-12-03 11:00:04 +0100[diff] [blame]860 if (!vsub)
861 return sgs_tx_status(sgc, imsi, SGSAP_SGS_CAUSE_IMSI_UNKNOWN, msg, SGSAP_IE_IMSI);
862
863 /* Check for lingering connections */
864 subscr_conn_toss(vsub);
865
866 vsub->cs.attached_via_ran = OSMO_RAT_EUTRAN_SGS;
Neels Hofmeyr7c5346c2019-02-19 02:36:35 +0100[diff] [blame^]867 vlr_subscr_put(vsub, __func__);
Harald Welte0df904d2018-12-03 11:00:04 +0100[diff] [blame]868 return 0;
869}
870
871/* SGsAP-UE-ACTIVITY-INDICATION, chapter 8.20 */
872static int sgs_rx_ue_act_ind(struct sgs_connection *sgc, struct msgb *msg, const struct tlv_parsed *tp, char *imsi)
873{
874 /* In this MSC/VLR implementation we do not support the alerting
875 * procedure yet and therefore we will never request any alerting
876 * at the MME. Given that it is unlikely that we ever get activity
877 * indications from the MME, but if we do we should not act all too
878 * hostile and ignore the indication silently. */
879
880 LOGSGC(sgc, LOGL_ERROR, "Rx %s unexpected, we do not implement alerting yet, ignoring!\n",
881 sgsap_msg_type_name(msg->data[0]));
882
883 return 0;
884}
885
886#define TX_STATUS_AND_LOG(sgc, msg_type, cause, fmt) \
887 LOGSGC(sgc, LOGL_ERROR, fmt, sgsap_msg_type_name(msg_type)); \
888 resp = gsm29118_create_status(NULL, cause, msg); \
889 sgs_tx(sgc, resp); \
890
891/*! Process incoming SGs message (see sgs_server.c)
892 * \param[in] sgc related sgs connection
893 * \param[in] msg received message
894 * \returns 0 in case of success, -EINVAL in case of error. */
895int sgs_iface_rx(struct sgs_connection *sgc, struct msgb *msg)
896{
897 struct msgb *resp;
898 uint8_t msg_type = msg->l2h[0];
899 struct tlv_parsed tp;
900 int rc;
901 char imsi[GSM48_MI_SIZE];
902 char mme_name[SGS_MME_NAME_LEN + 1];
903
904 memset(imsi, 0, sizeof(imsi));
905 memset(mme_name, 0, sizeof(mme_name));
906
907 /* When the receiving entity receives a message that is too short to contain a complete
908 * message type information element, the receiving entity shall ignore that message. */
909 if (msgb_l2len(msg) < 1)
910 goto error;
911
912 /* Parse TLV elements */
913 rc = tlv_parse(&tp, &sgsap_ie_tlvdef, msgb_l2(msg) + 1, msgb_l2len(msg) - 1, 0, 0);
914 if (rc < 0) {
915 TX_STATUS_AND_LOG(sgc, msg_type, SGSAP_SGS_CAUSE_SEMANT_INCORR_MSG, "SGsAP Message %s parsing error\n");
916 goto error;
917 }
918
919 /* Most of the messages contain an IMSI as mandatory IE, parse it right here */
920 if (!TLVP_PRESENT(&tp, SGSAP_IE_IMSI) &&
921 msg_type != SGSAP_MSGT_STATUS && msg_type != SGSAP_MSGT_RESET_IND && msg_type != SGSAP_MSGT_RESET_ACK) {
922 /* reject the message; all but the three above have mandatory IMSI */
923 TX_STATUS_AND_LOG(sgc, msg_type, SGSAP_SGS_CAUSE_MISSING_MAND_IE,
924 "SGsAP Message %s without IMSI, dropping\n");
925 goto error;
926 }
927
928 if (TLVP_PRESENT(&tp, SGSAP_IE_IMSI)) {
929 gsm48_mi_to_string(imsi, sizeof(imsi), TLVP_VAL(&tp, SGSAP_IE_IMSI), TLVP_LEN(&tp, SGSAP_IE_IMSI));
930 if (strlen(imsi) < GSM23003_IMSI_MIN_DIGITS) {
931 TX_STATUS_AND_LOG(sgc, msg_type, SGSAP_SGS_CAUSE_INVALID_MAND_IE,
932 "SGsAP Message %s with short IMSI, dropping\n");
933 goto error;
934 }
935 }
936
937 /* Some messages contain an MME-NAME as mandatore IE, parse it right here. The
938 * MME-NAME is als immediately registered with the sgc, so it will be implicitly
939 * known to all functions that have access to the sgc context. */
940 if (!TLVP_PRESENT(&tp, SGSAP_IE_MME_NAME)
941 && (msg_type == SGSAP_MSGT_RESET_IND || msg_type == SGSAP_MSGT_RESET_ACK
942 || msg_type == SGSAP_MSGT_LOC_UPD_REQ || msg_type == SGSAP_MSGT_IMSI_DET_IND
943 || msg_type == SGSAP_MSGT_EPS_DET_IND)) {
944 TX_STATUS_AND_LOG(sgc, msg_type, SGSAP_SGS_CAUSE_MISSING_MAND_IE,
945 "SGsAP Message %s without MME-Name, dropping\n");
946 goto error;
947 }
948
949 if (TLVP_PRESENT(&tp, SGSAP_IE_MME_NAME)) {
950 if (decode_mme_name(mme_name, &tp) != 0) {
951 TX_STATUS_AND_LOG(sgc, msg_type, SGSAP_SGS_CAUSE_INVALID_MAND_IE,
952 "SGsAP Message %s with invalid MME-Name, dropping\n");
953 goto error;
954 }
955 /* Regsister/check mme_name with sgc */
956 if (sgs_mme_fqdn_received(sgc, mme_name) < 0) {
957 TX_STATUS_AND_LOG(sgc, msg_type, SGSAP_SGS_CAUSE_MSG_INCOMP_STATE,
958 "SGsAP Message %s with invalid MME-Name, dropping\n");
959 goto error;
960 }
961 }
962
963 /* dispatch msg to various handler functions. msgb ownership remains here! */
964 rc = -EINVAL;
965 switch (msg_type) {
966 case SGSAP_MSGT_STATUS:
967 rc = sgs_rx_status(sgc, msg, &tp, imsi);
968 break;
969 case SGSAP_MSGT_RESET_IND:
970 rc = sgs_rx_reset_ind(sgc, msg, &tp);
971 break;
972 case SGSAP_MSGT_RESET_ACK:
973 rc = sgs_rx_reset_ack(sgc, msg, &tp);
974 break;
975 case SGSAP_MSGT_LOC_UPD_REQ:
976 rc = sgs_rx_loc_upd_req(sgc, msg, &tp, imsi);
977 break;
978 case SGSAP_MSGT_IMSI_DET_IND:
979 rc = sgs_rx_imsi_det_ind(sgc, msg, &tp, imsi);
980 break;
981 case SGSAP_MSGT_EPS_DET_IND:
982 rc = sgs_rx_eps_det_ind(sgc, msg, &tp, imsi);
983 break;
984 case SGSAP_MSGT_PAGING_REJ:
985 rc = sgs_rx_pag_rej(sgc, msg, &tp, imsi);
986 break;
987 case SGSAP_MSGT_UE_UNREACHABLE:
988 rc = sgs_rx_ue_unr(sgc, msg, &tp, imsi);
989 break;
990 case SGSAP_MSGT_TMSI_REALL_CMPL:
991 rc = sgs_rx_tmsi_reall_cmpl(sgc, msg, &tp, imsi);
992 break;
993 case SGSAP_MSGT_SERVICE_REQ:
994 rc = sgs_rx_service_req(sgc, msg, &tp, imsi);
995 break;
996 case SGSAP_MSGT_UL_UD:
997 rc = sgs_rx_ul_ud(sgc, msg, &tp, imsi);
998 break;
999 case SGSAP_MSGT_MO_CSFB_IND:
1000 rc = sgs_rx_csfb_ind(sgc, msg, &tp, imsi);
1001 break;
1002 case SGSAP_MSGT_UE_ACT_IND:
1003 rc = sgs_rx_ue_act_ind(sgc, msg, &tp, imsi);
1004 break;
1005 case SGSAP_MSGT_ALERT_ACK:
1006 case SGSAP_MSGT_ALERT_REJ:
1007 LOGSGC(sgc, LOGL_ERROR, "Rx unmplemented SGsAP %s: %s\n",
1008 sgsap_msg_type_name(msg_type), msgb_hexdump(msg));
1009 resp = gsm29118_create_status(imsi, SGSAP_SGS_CAUSE_MSG_UNKNOWN, msg);
1010 sgs_tx(sgc, resp);
1011 rc = 0;
1012 break;
1013 default:
1014 LOGSGC(sgc, LOGL_ERROR, "Rx unknown SGsAP message type 0x%02x: %s\n", msg_type, msgb_hexdump(msg));
1015 resp = gsm29118_create_status(imsi, SGSAP_SGS_CAUSE_MSG_UNKNOWN, msg);
1016 sgs_tx(sgc, resp);
1017 rc = 0;
1018 break;
1019 }
1020
1021 /* Catch unhandled errors */
1022 if (rc < 0) {
1023 /* Note: Usually the sgs_rx_ should catch errors locally and
1024 * eimit a status message with proper cause code, including
1025 * a suitable log message. If we end up here, something is
1026 * not right and should be fixed */
1027 LOGSGC(sgc, LOGL_ERROR, "Rx unable to decode SGsAP %s: %s\n",
1028 sgsap_msg_type_name(msg_type), msgb_hexdump(msg));
1029 resp = gsm29118_create_status(imsi, SGSAP_SGS_CAUSE_MSG_UNKNOWN, msg);
1030 sgs_tx(sgc, resp);
1031 }
1032
1033error:
1034 msgb_free(msg);
1035 return 0;
1036}
1037
1038/***********************************************************************
1039 * SGs connection "VLR Reset Procedure" FSM
1040 ***********************************************************************/
1041
1042static const struct value_string sgs_vlr_reset_fsm_event_names[] = {
1043 {SGS_VLRR_E_START_RESET, "START-RESET"},
1044 {SGS_VLRR_E_RX_RESET_ACK, "RX-RESET-ACK"},
1045 {0, NULL}
1046};
1047
1048static void sgs_vlr_reset_fsm_null(struct osmo_fsm_inst *fi, uint32_t event, void *data)
1049{
1050 switch (event) {
1051 case SGS_VLRR_E_RX_RESET_ACK:
1052 break;
1053 default:
1054 OSMO_ASSERT(0);
1055 break;
1056 }
1057}
1058
1059static void sgs_vlr_reset_fsm_wait_ack(struct osmo_fsm_inst *fi, uint32_t event, void *data)
1060{
1061 switch (event) {
1062 case SGS_VLRR_E_RX_RESET_ACK:
1063 osmo_fsm_inst_state_chg(fi, SGS_VLRR_ST_COMPLETE, 0, 0);
1064 break;
1065 default:
1066 OSMO_ASSERT(0);
1067 break;
1068 }
1069}
1070
1071static void sgs_vlr_reset_fsm_complete(struct osmo_fsm_inst *fi, uint32_t event, void *data)
1072{
1073 switch (event) {
1074 case SGS_VLRR_E_RX_RESET_ACK:
1075 break;
1076 default:
1077 OSMO_ASSERT(0);
1078 break;
1079 }
1080}
1081
1082static void sgs_vlr_reset_fsm_allstate(struct osmo_fsm_inst *fi, uint32_t event, void *data)
1083{
1084 struct msgb *reset_ind;
1085 struct gsm29118_reset_msg reset_params;
1086 struct sgs_mme_ctx *mme = (struct sgs_mme_ctx *)fi->priv;
1087 struct sgs_connection *sgc = mme->conn;
1088 struct sgs_state *sgs = mme->sgs;
1089
1090 switch (event) {
1091 case SGS_VLRR_E_START_RESET:
1092 osmo_fsm_inst_state_chg(fi, SGS_VLRR_ST_NULL, 0, 0);
1093 mme->ns11_remaining = sgs->cfg.counter[SGS_STATE_NS11];
1094 /* send a reset message and enter WAIT_ACK state */
1095 memset(&reset_params, 0, sizeof(reset_params));
1096 osmo_strlcpy(reset_params.vlr_name, sgs->cfg.vlr_name, sizeof(reset_params.vlr_name));
1097 reset_params.vlr_name_present = true;
1098 reset_ind = gsm29118_create_reset_ind(&reset_params);
1099 sgs_tx(sgc, reset_ind);
1100 osmo_fsm_inst_state_chg(fi, SGS_VLRR_ST_WAIT_ACK, sgs->cfg.timer[SGS_STATE_TS11], 11);
1101 break;
1102 default:
1103 OSMO_ASSERT(0);
1104 break;
1105 }
1106}
1107
1108static int sgs_vlr_reset_fsm_timer_cb(struct osmo_fsm_inst *fi)
1109{
1110 struct msgb *reset_ind;
1111 struct gsm29118_reset_msg reset_params;
1112 struct sgs_mme_ctx *mme = (struct sgs_mme_ctx *)fi->priv;
1113 struct sgs_connection *sgc = mme->conn;
1114 struct sgs_state *sgs = mme->sgs;
1115
1116 switch (fi->T) {
1117 case 11:
1118 if (mme->ns11_remaining >= 1) {
1119 memset(&reset_params, 0, sizeof(reset_params));
1120 osmo_strlcpy(reset_params.vlr_name, sgs->cfg.vlr_name, sizeof(reset_params.vlr_name));
1121 reset_params.vlr_name_present = true;
1122 reset_ind = gsm29118_create_reset_ind(&reset_params);
1123 sgs_tx(sgc, reset_ind);
1124 osmo_fsm_inst_state_chg(fi, SGS_VLRR_ST_WAIT_ACK, sgs->cfg.timer[SGS_STATE_TS11], 11);
1125 mme->ns11_remaining--;
1126 } else {
1127 LOGMME(mme, LOGL_ERROR, "Ts11 expired more than %u (Ns11) times, giving up\n",
Vadim Yanitskiye9ef7c62019-02-23 16:04:17 +0700[diff] [blame]1128 sgs->cfg.counter[SGS_STATE_NS11]);
Harald Welte0df904d2018-12-03 11:00:04 +0100[diff] [blame]1129 osmo_fsm_inst_state_chg(fi, SGS_VLRR_ST_NULL, 0, 0);
1130 }
1131 break;
1132 default:
1133 OSMO_ASSERT(0);
1134 break;
1135 }
1136 return 0;
1137}
1138
1139static const struct osmo_fsm_state sgs_vlr_reset_fsm_states[] = {
1140 [SGS_VLRR_ST_NULL] = {
1141 /* We haven't even tried yet to send a RESET */
1142 .name = "NULL",
1143 .action = sgs_vlr_reset_fsm_null,
1144 .in_event_mask = S(SGS_VLRR_E_RX_RESET_ACK),
1145 .out_state_mask = S(SGS_VLRR_ST_NULL) | S(SGS_VLRR_ST_WAIT_ACK),
1146 },
1147 [SGS_VLRR_ST_WAIT_ACK] = {
1148 /* We're waiting for a SGsAP_RESET_ACK */
1149 .name = "WAIT-ACK",
1150 .action = sgs_vlr_reset_fsm_wait_ack,
1151 .in_event_mask = S(SGS_VLRR_E_RX_RESET_ACK),
1152 .out_state_mask = S(SGS_VLRR_ST_NULL) |
1153 S(SGS_VLRR_ST_COMPLETE) | S(SGS_VLRR_ST_WAIT_ACK),
1154 },
1155 [SGS_VLRR_ST_COMPLETE] = {
1156 /* Reset procedure to this MME has been completed */
1157 .name = "COMPLETE",
1158 .action = sgs_vlr_reset_fsm_complete,
1159 .in_event_mask = S(SGS_VLRR_E_RX_RESET_ACK),
1160 .out_state_mask = S(SGS_VLRR_ST_NULL) | S(SGS_VLRR_ST_COMPLETE),
1161 },
1162};
1163
1164static struct osmo_fsm sgs_vlr_reset_fsm = {
1165 .name = "SGs-VLR-RESET",
1166 .states = sgs_vlr_reset_fsm_states,
1167 .allstate_event_mask = S(SGS_VLRR_E_START_RESET),
1168 .allstate_action = sgs_vlr_reset_fsm_allstate,
1169 .timer_cb = sgs_vlr_reset_fsm_timer_cb,
1170 .log_subsys = DSGS,
1171 .event_names = sgs_vlr_reset_fsm_event_names,
1172};
1173
1174/*! Send unit-data through SGs interface (see msc_ifaces.c)
1175 * \param[in] msg layer 3 message to send.
1176 * \returns 0 in case of success, -EINVAL in case of error. */
1177int sgs_iface_tx_dtap_ud(struct msgb *msg)
1178{
1179 struct ran_conn *conn;
1180 struct vlr_subscr *vsub;
1181 struct msgb *msg_sgs;
1182 struct sgs_mme_ctx *mme;
1183 int rc = -EINVAL;
1184
1185 /* This function expects a pointer to the related gsm subscriber
1186 * connection (conn) in msg->dst. Also conn->vsub must point to
1187 * the related subscriber */
1188
1189 OSMO_ASSERT(msg->dst);
1190 conn = msg->dst;
1191 OSMO_ASSERT(conn->vsub);
1192 vsub = conn->vsub;
1193
1194 mme = sgs_mme_ctx_by_vsub(vsub, SGSAP_MSGT_DL_UD);
1195 if (!mme)
1196 goto error;
1197
1198 /* Make sure the subscriber has a valid SGs association, otherwise
1199 * don't let unit-data through. */
1200 if (vsub->sgs_fsm->state != SGS_UE_ST_ASSOCIATED) {
1201 LOG_RAN_CONN(conn, LOGL_NOTICE, "Tx %s subscriber not SGs-associated, dropping\n",
1202 sgsap_msg_type_name(SGSAP_MSGT_DL_UD));
1203 goto error;
1204 }
1205
1206 msg_sgs = gsm29118_create_dl_ud(vsub->imsi, msg);
1207 sgs_tx(mme->conn, msg_sgs);
1208 rc = 0;
1209
1210error:
1211 msgb_free(msg);
1212 return rc;
1213}
1214
1215/*! Send a relase message through SGs interface (see msc_ifaces.c)
1216 * \param[in] msg layer 3 message to send.
1217 * \returns 0 in case of success, -EINVAL in case of error. */
1218void sgs_iface_tx_release(struct ran_conn *conn)
1219{
1220 struct msgb *msg_sgs;
1221 struct vlr_subscr *vsub;
1222 struct sgs_mme_ctx *mme;
1223
1224 /*! Use this function to release an SGs connection normally
1225 * (cause code is 0). This function also automatically causes
1226 * the VLR subscriber usage to be balanced. */
1227
1228 OSMO_ASSERT(conn->vsub);
1229 vsub = conn->vsub;
1230
1231 mme = sgs_mme_ctx_by_vsub(vsub, SGSAP_MSGT_DL_UD);
1232 if (!mme)
1233 return;
1234
1235 msg_sgs = gsm29118_create_release_req(vsub->imsi, 0);
1236 sgs_tx(mme->conn, msg_sgs);
1237}
1238
1239/*! initalize SGs new interface
1240 * \param[in] ctx talloc context
1241 * \param[in] network associated gsm network
1242 * \returns returns allocated sgs_stae, NULL in case of error. */
1243struct sgs_state *sgs_iface_init(void *ctx, struct gsm_network *network)
1244{
1245 struct sgs_state *sgs;
1246
1247 gsm_network = network;
1248
1249 sgs = sgs_server_alloc(ctx);
1250 OSMO_ASSERT(sgs);
1251
1252 /* We currently only support one SGs instance */
1253 if (g_sgs)
1254 return NULL;
1255 g_sgs = sgs;
1256
Harald Welte0df904d2018-12-03 11:00:04 +0100[diff] [blame]1257 return sgs;
1258}
Vadim Yanitskiy4eaefc22019-03-21 20:55:19 +0700[diff] [blame]1259
1260static __attribute__((constructor)) void on_dso_load(void)
1261{
1262 OSMO_ASSERT(osmo_fsm_register(&sgs_vlr_reset_fsm) == 0);
1263}