Gitiles
Code Review Sign In
gerrit.osmocom.org / osmo-msc / e24636c6bbe573bed5a5a602160cd5ec928ba875 / . / src / libmsc / msc_vgcs.c
blob: 1af9aaec1669ddb406a71fc1592c448535053ef1 [file] [log] [blame]
Andreas Eversberge24636c2023-04-23 12:20:55 +0200[diff] [blame^]1/* Handle VGCS/VBCS calls. (Voice Group/Broadcast Call Service). */
2/*
3 * (C) 2023 by sysmocom - s.f.m.c. GmbH <info@sysmocom.de>
4 * All Rights Reserved
5 *
6 * SPDX-License-Identifier: AGPL-3.0+
7 *
8 * Author: Andreas Eversberg
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU Affero General Public License as published by
12 * the Free Software Foundation; either version 3 of the License, or
13 * (at your option) any later version.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU Affero General Public License for more details.
19 *
20 * You should have received a copy of the GNU Affero General Public License
21 * along with this program. If not, see <http://www.gnu.org/licenses/>.
22 */
23
24/* The process consists of four state machines:
25 *
26 * The call control state machine "GCC" handles the voice group/broadcast call.
27 * There is one instance for every call. It is mainly controlled by the calling
28 * subscriber. The state machine is described in 3GPP TS 44.068 / 44.069.
29 * One SCCP connection to the calling subscriber is associated with the state
30 * machine. Once the calling subscriber leaves or is assigned to the VGCS/VBS
31 * channel, the association to the MSC-A role is removed and the SCCP connection
32 * is closed. The state machine with the transaction still exists until the end
33 * of the call.
34 *
35 * The BSS control state machine "vgcs_bss_fsm" handles the call in each BSC.
36 * There are as many instances as there are BSCs where the call is placed to.
37 * The instances are linked to the call control in a 1:n relation.
38 * One SCCP connection for every BSC is associated with the state machine.
39 * It sets up the call in the BSC and handles the uplink control and signaling
40 * with the talking phone.
41 *
42 * The resource controling state machine "vgcs_cell_fsm" handles the channel for
43 * each BTS that has a VGCS for the call. The instances are linked to the BSS
44 * control in a 1:n relation.
45 * One SCCP connection for every cell is associated with each list entry.
46 * It assigns the VGCS/VBS channel and the conference bridge in the MGW.
47 *
48 * The MGW endpoint state machine "vgcs_mgw_ep_fsm" handles the endpoint
49 * connection for each call. It controls the clearing of the MGW connections
50 * in case of endpoint failure. All instances of the resource controlling state
51 * machine are linked to this state machine in a 1:n relation.
52 *
53 * Setup of a call:
54 *
55 * When the calling subscriber dials a group/broadcast call, the GCR is checked
56 * for an existing Group ID. If it exists, the call is setup towards the a given
57 * list of MSCs for this Group ID. Also the channels are assigned for a given
58 * list of cells for this Group ID.
59 * The call can also be initiated via VTY.
60 *
61 * Then the calling subscriber is assigned to the VGCS channel of the same cell
62 * where the call was initialized. Afterwards the call is connected. The calling
63 * subscriber may then stay on the uplink or release it.
64 *
65 * Uplink control:
66 *
67 * Any BSC may indicate a talking subscriber. If there is no talking subscriber
68 * yet, the uplink is granted, otherwise it is rejected. If the uplink is in
69 * use on one BSC, all other BSCs will be blocked. If the uplink becomes free,
70 * all other BSCs will be unblocked.
71 *
72 * Termination of the call:
73 *
74 * The calling subscriber accesses the uplink. The it sends a termination
75 * request. This request is acknowledged by a termination command towards
76 * the calling subscriber. The call is cleared.
77 * The call can also be terminated via VTY and/or a timeout.
78 *
79 */
80
81#include <osmocom/core/utils.h>
82#include <osmocom/core/fsm.h>
83#include <osmocom/gsm/protocol/gsm_44_068.h>
84#include <osmocom/sigtran/sccp_helpers.h>
85#include <osmocom/mgcp_client/mgcp_client_endpoint_fsm.h>
86
87#include <osmocom/msc/gsm_data.h>
88#include <osmocom/msc/sccp_ran.h>
89#include <osmocom/msc/ran_infra.h>
90#include <osmocom/msc/ran_peer.h>
91#include <osmocom/msc/ran_msg_a.h>
92#include <osmocom/msc/msub.h>
93#include <osmocom/msc/debug.h>
94#include <osmocom/msc/msc_a.h>
95#include <osmocom/msc/vlr.h>
96#include <osmocom/msc/rtp_stream.h>
97#include <osmocom/msc/codec_mapping.h>
98#include <osmocom/msc/msc_vgcs.h>
99#include <osmocom/msc/asci_gcr.h>
100
101#define S(x) (1 << (x))
102
103#define LOG_GCC(trans, level, fmt, args...) \
104 LOGP((trans) ? ((trans->type == TRANS_GCC) ? DGCC : DBCC) : DASCI, level, \
105 (trans) ? ((trans->type == TRANS_GCC) ? ("GCC callref %s: " fmt) : ("BCC callref %s: " fmt)) : "%s" fmt, \
106 (trans) ? gsm44068_group_id_string(trans->callref) : "", ##args)
107#define LOG_BSS(bss, level, fmt, args...) \
108 LOGP(DASCI, level, \
109 (bss->trans_type == TRANS_GCC) ? ("GCC callref %s, BSS #%s: " fmt) : ("BCC callref %s, BSS #%s: " fmt), \
110 gsm44068_group_id_string(bss->callref), osmo_ss7_pointcode_print(NULL, bss->pc), ##args)
111#define LOG_CELL(cell, level, fmt, args...) \
112 LOGP(DASCI, level, \
113 (cell->trans_type == TRANS_GCC) ? ("GCC callref %s, BSS #%s, CID %d: " fmt) \
114 : ("BCC callref %s, BSS #%s, CID %d: " fmt), \
115 gsm44068_group_id_string(cell->callref), osmo_ss7_pointcode_print(NULL, cell->pc), cell->cell_id, ##args)
116
117static struct osmo_fsm vgcs_bcc_fsm;
118static struct osmo_fsm vgcs_gcc_fsm;
119static struct osmo_fsm vgcs_bss_fsm;
120static struct osmo_fsm vgcs_cell_fsm;
121static struct osmo_fsm vgcs_mgw_ep_fsm;
122
123static __attribute__((constructor)) void vgcs_fsm_init(void)
124{
125 OSMO_ASSERT(osmo_fsm_register(&vgcs_bcc_fsm) == 0);
126 OSMO_ASSERT(osmo_fsm_register(&vgcs_gcc_fsm) == 0);
127 OSMO_ASSERT(osmo_fsm_register(&vgcs_bss_fsm) == 0);
128 OSMO_ASSERT(osmo_fsm_register(&vgcs_cell_fsm) == 0);
129 OSMO_ASSERT(osmo_fsm_register(&vgcs_mgw_ep_fsm) == 0);
130}
131
132const char *gsm44068_group_id_string(uint32_t callref)
133{
134 static char string[9];
135
136 snprintf(string, sizeof(string), "%08u", callref);
137 string[sizeof(string) - 1] = '\0';
138
139 return string;
140}
141
142/* Resolve ran peer from point-code */
143static struct ran_peer *ran_peer_for_pc(struct gsm_network *msc_network, int pc)
144{
145 struct sccp_ran_inst *sri;
146 struct osmo_sccp_addr addr = {};
147 struct ran_peer *rp;
148
149 sri = msc_network->a.sri;
150 if (!osmo_sccp_get_ss7(sri->sccp)) {
151 LOGP(DASCI, LOGL_ERROR, "No SS7???\n");
152 return NULL;
153 }
154 osmo_sccp_make_addr_pc_ssn(&addr, pc, sri->ran->ssn);
155 rp = ran_peer_find_by_addr(sri, &addr);
156
157 return rp;
158}
159
160/* Encode message and send towards BSC. */
161int ran_encode_and_send(struct osmo_fsm_inst *fi, struct ran_msg *ran_msg, struct ran_conn *conn, bool initial)
162{
163 struct msgb *l3_msg;
164 int rc;
165
166 l3_msg = ran_a_encode(fi, ran_msg);
167 if (!l3_msg) {
168 LOGP(DASCI, LOGL_ERROR, "ran_a_encode() failed.\n");
169 return -EINVAL;
170 }
171 rc = ran_conn_down_l2_co(conn, l3_msg, initial);
172 msgb_free(l3_msg);
173
174 return rc;
175}
176
177/* Transmit DTAP message to talker
178 * This is used for sending group/broadcast call control messages. */
179int tx_dtap_to_talker(struct vgcs_bss *bss, struct msgb *l3_msg)
180{
181 struct ran_msg ran_msg;
182 struct gsm48_hdr *gh = msgb_l3(l3_msg) ? : l3_msg->data;
183 uint8_t pdisc = gsm48_hdr_pdisc(gh);
184 int rc;
185
186
187 LOG_BSS(bss, LOGL_DEBUG, "Sending DTAP: %s %s\n",
188 gsm48_pdisc_name(pdisc), gsm48_pdisc_msgtype_name(pdisc, gsm48_hdr_msg_type(gh)));
189
190 ran_msg = (struct ran_msg){
191 .msg_type = RAN_MSG_DTAP,
192 .dtap = l3_msg,
193 };
194
195 rc = ran_encode_and_send(bss->fi, &ran_msg, bss->conn, false);
196
197 return rc;
198}
199
200/*
201 * GCC/BCC Message transcoding
202 */
203
204static void _add_cause_ie(struct msgb *msg, uint8_t cause, uint8_t *diag, uint8_t diag_len)
205{
206 uint8_t *ie = msgb_put(msg, 2 + diag_len);
207
208 ie[0] = 1 + diag_len;
209 ie[1] = cause;
210 if (diag && diag_len) {
211 ie[1] |= 0x80;
212 memcpy(ie + 2, diag, diag_len);
213 }
214}
215
216static void _add_callref_ie(struct msgb *msg, uint32_t callref, bool with_prio, uint8_t prio)
217{
218 uint32_t ie;
219
220 ie = callref << 5;
221 if (with_prio)
222 ie |= 0x10 | (prio << 1);
223 msgb_put_u32(msg, ie);
224}
225
226static int _msg_too_short(void)
227{
228 LOGP(DASCI, LOGL_ERROR, "MSG too short.\n");
229 return -EINVAL;
230}
231
232static int _ie_invalid(void)
233{
234 LOGP(DASCI, LOGL_ERROR, "IE invalid.\n");
235 return -EINVAL;
236}
237
238static int _rx_callref(uint8_t *ie, unsigned int remaining_len, uint32_t *callref, bool *with_prio, uint8_t *prio)
239{
240 uint8_t ie_len;
241
242 ie_len = sizeof(uint32_t);
243 if (remaining_len < ie_len)
244 return _msg_too_short();
245 *callref = osmo_load32be(ie) >> 5;
246 if (ie[3] & 0x10) {
247 *with_prio = true;
248 *prio = (ie[3] >> 1) & 0x7;
249 } else
250 *with_prio = false;
251
252 return ie_len;
253}
254
255/* 3GPP TS 44.068 Clause 8.1 */
256static int gsm44068_tx_connect(struct gsm_trans *trans, uint8_t pdisc, uint32_t callref, bool with_prio, uint8_t prio,
257 uint8_t oi, uint8_t talker_prio, bool with_sms, uint8_t sms_dc, uint8_t sms_gp)
258{
259 struct msgb *msg = gsm44068_msgb_alloc_name("GSM 44.068 TX CONNECT");
260 struct gsm48_hdr *gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh));
261 uint8_t ie;
262
263 gh->proto_discr = pdisc;
264 gh->msg_type = OSMO_GSM44068_MSGT_CONNECT;
265 _add_callref_ie(msg, callref, with_prio, prio);
266 ie = (talker_prio << 4) | oi;
267 msgb_put_u8(msg, ie);
268 if (with_sms) {
269 ie = OSMO_GSM44068_IEI_SMS_INDICATIONS | (sms_dc << 1) | sms_gp;
270 msgb_put_u8(msg, ie);
271 }
272
273 /* Send to calling subscriber, depending on the link he is. */
274 if (trans->msc_a)
275 return msc_a_tx_dtap_to_i(trans->msc_a, msg);
276 if (trans->gcc.uplink_bss)
277 return tx_dtap_to_talker(trans->gcc.uplink_bss, msg);
278 msgb_free(msg);
279 return -EIO;
280}
281
282/* The Get Status procedure is not used by the current implementation.
283 * It is commented out, so it can be used in the future.
284 * The idea is to have a complete set of GCC/BCC message transcoding.
285 */
286#if 0
287/* 3GPP TS 44.068 Clause 8.2 */
288static int gsm44068_tx_get_status(struct gsm_trans *trans, uint8_t pdisc, struct osmo_mobile_identity *mi)
289{
290 struct msgb *msg = gsm44068_msgb_alloc_name("GSM 44.068 TX GET STATUS");
291 struct gsm48_hdr *gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh));
292
293 gh->proto_discr = pdisc;
294 gh->msg_type = OSMO_GSM44068_MSGT_GET_STATUS;
295 if (mi) {
296 uint8_t *l;
297 int rc;
298
299 l = msgb_tl_put(msg, OSMO_GSM44068_IEI_MOBILE_IDENTITY);
300 rc = osmo_mobile_identity_encode_msgb(msg, mi, false);
301 if (rc < 0) {
302 msgb_free(msg);
303 return -EINVAL;
304 }
305 *l = rc;
306 }
307
308 /* Send to calling subscriber, depending on the link he is. */
309 if (trans->msc_a)
310 return msc_a_tx_dtap_to_i(trans->msc_a, msg);
311 if (trans->gcc.uplink_bss)
312 return tx_dtap_to_talker(trans->gcc.uplink_bss, msg);
313 msgb_free(msg);
314 return -EIO;
315}
316#endif
317
318/* 3GPP TS 44.068 Clause 8.3 and 8.3a */
319static int gsm44068_rx_immediate_setup(struct msgb *msg, uint8_t *talker_prio, uint8_t *key_seq,
320 struct gsm48_classmark2 *cm2, struct osmo_mobile_identity *mi,
321 uint32_t *callref, bool *with_prio, uint8_t *prio, char *user_user)
322{
323 struct gsm48_hdr *gh = msgb_l3(msg);
324 unsigned int remaining_len = msgb_l3len(msg) - sizeof(*gh);
325 uint8_t *ie = gh->data;
326 uint8_t ie_len;
327 uint64_t otdi;
328 int i;
329 int rc;
330
331 /* Talker priority / Cyphering key sequence */
332 if (remaining_len < 1)
333 return _msg_too_short();
334 *talker_prio = ie[0] & 0x07;
335 *key_seq = (ie[0] >> 4) & 0x07;
336 remaining_len -= 1;
337 ie += 1;
338
339 /* Mobile station classmark 2 */
340 if (remaining_len < 4)
341 return _msg_too_short();
342 ie_len = ie[0];
343 if (remaining_len < ie_len + 1)
344 return _msg_too_short();
345 if (ie_len != 3)
346 return _ie_invalid();
347 memcpy(cm2, ie + 1, ie_len);
348 remaining_len -= ie_len + 1;
349 ie += ie_len + 1;
350
351 /* Mobile indentity */
352 if (gh->msg_type == OSMO_GSM44068_MSGT_IMMEDIATE_SETUP) {
353 /* IMMEDIATE SETUP uses IMSI/TMSI */
354 if (remaining_len < 2)
355 return _msg_too_short();
356 ie_len = ie[0];
357 if (remaining_len < ie_len + 1)
358 return _msg_too_short();
359 rc = osmo_mobile_identity_decode(mi, ie + 1, ie_len, false);
360 if (rc) {
361 LOGP(DMM, LOGL_ERROR, "Failure to decode Mobile Identity in GCC/BCC IMMEDDIATE SETUP"
362 " (rc=%d)\n", rc);
363 return -EINVAL;
364 }
365 remaining_len -= ie_len + 1;
366 ie += ie_len + 1;
367 } else {
368 /* IMMEDIATE SETUP 2 uses TMSI only */
369 if (remaining_len < 4)
370 return _msg_too_short();
371 mi->type = GSM_MI_TYPE_TMSI;
372 mi->tmsi = osmo_load32be(ie);
373 remaining_len -= 4;
374 ie += 4;
375 }
376
377 /* Call reference */
378 rc = _rx_callref(ie, remaining_len, callref, with_prio, prio);
379 if (rc < 0)
380 return rc;
381 remaining_len -= rc;
382 ie += rc;
383
384 /* OTID */
385 if (gh->msg_type == OSMO_GSM44068_MSGT_IMMEDIATE_SETUP_2 && user_user) {
386 ie_len = 5;
387 if (remaining_len < ie_len)
388 return _msg_too_short();
389 otdi = osmo_load32be(ie + 1) | ((uint64_t)ie[0] << 32);
390
391 for (i = 0; i < 12; i++) {
392 user_user[i] = (otdi % 10) + '0';
393 otdi /= 10;
394 }
395 user_user[i] = '\0';
396 remaining_len -= ie_len;
397 ie += ie_len;
398 } else if (user_user)
399 user_user[0] = '\0';
400
401 return 0;
402}
403
404/* 3GPP TS 44.068 Clause 8.4 */
405static int gsm44068_tx_set_parameter(struct gsm_trans *trans, uint8_t pdisc, uint8_t da, uint8_t ua, uint8_t comm,
406 uint8_t oi)
407{
408 struct msgb *msg = gsm44068_msgb_alloc_name("GSM 44.068 TX SET PARAMETER");
409 struct gsm48_hdr *gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh));
410 uint8_t ie;
411
412 gh->proto_discr = pdisc;
413 gh->msg_type = OSMO_GSM44068_MSGT_SET_PARAMETER;
414 ie = (da << 3) | (ua << 2) | (comm << 1) | oi;
415 msgb_put_u8(msg, ie);
416
417 /* Send to calling subscriber, depending on the link he is. */
418 if (trans->msc_a)
419 return msc_a_tx_dtap_to_i(trans->msc_a, msg);
420 if (trans->gcc.uplink_bss)
421 return tx_dtap_to_talker(trans->gcc.uplink_bss, msg);
422 msgb_free(msg);
423 return -EIO;
424}
425
426/* 3GPP TS 44.068 Clause 8.5 */
427static int gsm44068_rx_setup(struct msgb *msg, bool *with_talker_prio, uint8_t *talker_prio,
428 uint32_t *callref, bool *with_prio, uint8_t *prio, char *user_user)
429{
430 struct gsm48_hdr *gh = msgb_l3(msg);
431 unsigned int remaining_len = msgb_l3len(msg) - sizeof(*gh);
432 uint8_t *ie = gh->data;
433 struct tlv_parsed tp;
434 struct tlv_p_entry *tlv;
435 int rc;
436
437 /* Call reference */
438 rc = _rx_callref(ie, remaining_len, callref, with_prio, prio);
439 if (rc < 0)
440 return rc;
441 remaining_len -= rc;
442 ie += rc;
443
444 rc = tlv_parse(&tp, &osmo_gsm44068_att_tlvdef, ie, remaining_len, 0, 0);
445 if (rc < 0)
446 return _ie_invalid();
447
448 /* User-user */
449 tlv = TLVP_GET(&tp, OSMO_GSM44068_IEI_USER_USER);
450 if (tlv && tlv->len && tlv->len <= 1 + 12 && user_user) {
451 memcpy(user_user, tlv->val, tlv->len - 1);
452 user_user[tlv->len - 1] = '\0';
453 }
454
455 /* Talker priority */
456 tlv = TLVP_GET(&tp, OSMO_GSM44068_IEI_TALKER_PRIORITY);
457 if (tlv && tlv->len) {
458 *with_talker_prio = true;
459 *talker_prio = tlv->val[0] & 0x07;
460 } else
461 *with_talker_prio = false;
462
463 return 0;
464}
465
466/* 3GPP TS 44.068 Clause 8.6 */
467static int gsm44068_rx_status(struct msgb *msg, uint8_t *cause, uint8_t *diag, uint8_t *diag_len,
468 bool *with_call_state, enum osmo_gsm44068_call_state *call_state,
469 bool *with_state_attrs, uint8_t *da, uint8_t *ua, uint8_t *comm, uint8_t *oi)
470{
471 struct gsm48_hdr *gh = msgb_l3(msg);
472 unsigned int remaining_len = msgb_l3len(msg) - sizeof(*gh);
473 uint8_t *ie = gh->data;
474 uint8_t ie_len;
475 struct tlv_parsed tp;
476 struct tlv_p_entry *tlv;
477 int rc;
478
479 /* Cause */
480 if (remaining_len < 2 || ie[0] < remaining_len - 2)
481 return _msg_too_short();
482 ie_len = ie[0];
483 if (remaining_len < ie_len + 1)
484 return _msg_too_short();
485 if (ie_len < 1)
486 return _ie_invalid();
487 *cause = ie[1] & 0x7f;
488 *diag_len = ie_len - 1;
489 if (*diag_len)
490 memcpy(diag, ie + 2, ie_len - 1);
491 remaining_len -= ie_len + 1;
492 ie += ie_len + 1;
493
494 rc = tlv_parse(&tp, &osmo_gsm44068_att_tlvdef, ie, remaining_len, 0, 0);
495 if (rc < 0)
496 return _ie_invalid();
497
498 /* Call state */
499 tlv = TLVP_GET(&tp, OSMO_GSM44068_IEI_CALL_STATE);
500 if (tlv) {
501 *with_call_state = true;
502 *call_state = tlv->val[0] & 0x7;
503 } else
504 *with_call_state = false;
505
506 /* State attributes */
507 tlv = TLVP_GET(&tp, OSMO_GSM44068_IEI_STATE_ATTRIBUTES);
508 if (tlv) {
509 *with_state_attrs = true;
510 *da = (tlv->val[0] >> 3) & 0x1;
511 *ua = (tlv->val[0] >> 2) & 0x1;
512 *comm = (tlv->val[0] >> 1) & 0x1;
513 *oi = tlv->val[0] & 0x1;
514 } else
515 *with_state_attrs = false;
516
517 return 0;
518}
519
520/* 3GPP TS 44.068 Clause 8.7 and 8.8 */
521static int gsm44068_tx_termination(struct msc_a *msc_a, struct vgcs_bss *bss, uint8_t pdisc, uint8_t msg_type,
522 uint8_t cause, uint8_t *diag, uint8_t diag_len)
523{
524 struct msgb *msg = gsm44068_msgb_alloc_name("GSM 44.068 TX TERMINATION");
525 struct gsm48_hdr *gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh));
526
527 gh->proto_discr = pdisc;
528 gh->msg_type = msg_type;
529 _add_cause_ie(msg, cause, diag, diag_len);
530
531 /* Send to calling subscriber, depending on the link he is. */
532 if (msc_a)
533 return msc_a_tx_dtap_to_i(msc_a, msg);
534 if (bss)
535 return tx_dtap_to_talker(bss, msg);
536 msgb_free(msg);
537 return -EIO;
538}
539
540/* 3GPP TS 44.068 Clause 8.9 */
541static int gsm44068_rx_termination_req(struct msgb *msg, uint32_t *callref, bool *with_prio, uint8_t *prio,
542 bool *with_talker_prio, uint8_t *talker_prio)
543{
544 struct gsm48_hdr *gh = msgb_l3(msg);
545 unsigned int remaining_len = msgb_l3len(msg) - sizeof(*gh);
546 uint8_t *ie = gh->data;
547 struct tlv_parsed tp;
548 struct tlv_p_entry *tlv;
549 int rc;
550
551 /* Call reference */
552 rc = _rx_callref(ie, remaining_len, callref, with_prio, prio);
553 if (rc < 0)
554 return rc;
555 remaining_len -= rc;
556 ie += rc;
557
558 rc = tlv_parse(&tp, &osmo_gsm44068_att_tlvdef, ie, remaining_len, 0, 0);
559 if (rc < 0)
560 return _ie_invalid();
561
562 /* Talker priority */
563 tlv = TLVP_GET(&tp, OSMO_GSM44068_IEI_TALKER_PRIORITY);
564 if (tlv && tlv->len) {
565 *with_talker_prio = true;
566 *talker_prio = tlv->val[0] & 0x07;
567 } else
568 *with_talker_prio = false;
569
570 return 0;
571}
572
573/*
574 * GCC/BCC state machine - handles calling subscriber process
575 */
576
577static const struct value_string vgcs_gcc_fsm_event_names[] = {
578 OSMO_VALUE_STRING(VGCS_GCC_EV_NET_SETUP),
579 OSMO_VALUE_STRING(VGCS_GCC_EV_NET_TERM),
580 OSMO_VALUE_STRING(VGCS_GCC_EV_USER_SETUP),
581 OSMO_VALUE_STRING(VGCS_GCC_EV_USER_TERM),
582 OSMO_VALUE_STRING(VGCS_GCC_EV_BSS_ESTABLISHED),
583 OSMO_VALUE_STRING(VGCS_GCC_EV_BSS_ASSIGN_CPL),
584 OSMO_VALUE_STRING(VGCS_GCC_EV_BSS_ASSIGN_FAIL),
585 OSMO_VALUE_STRING(VGCS_GCC_EV_BSS_RELEASED),
586 OSMO_VALUE_STRING(VGCS_GCC_EV_TIMEOUT),
587 { }
588};
589
590static int gcc_establish_bss(struct gsm_trans *trans)
591{
592 struct gsm_network *net = trans->net;
593 struct vgcs_mgw_ep *mgw = NULL;
594 struct mgcp_client *mgcp_client;
595 struct gcr *gcr;
596 struct gcr_bss *b;
597 struct gcr_cell *c;
598 struct vgcs_bss *bss;
599 struct vgcs_bss_cell *cell;
600 struct osmo_fsm_inst *fi;
601 struct ran_peer *rp;
602
603 /* Failure should not happen, because it has been checked before. */
604 gcr = gcr_by_callref(trans->net, trans->type, trans->callref);
605 if (!gcr)
606 return -EINVAL;
607
608 /* Allocate MGW endpoint. */
609 mgcp_client = mgcp_client_pool_get(trans->net->mgw.mgw_pool);
610 if (!mgcp_client) {
611 LOG_GCC(trans, LOGL_ERROR, "No MGW client, please check config.\n");
612 goto err_mgw;
613 }
614 fi = osmo_fsm_inst_alloc(&vgcs_mgw_ep_fsm, net, NULL, LOGL_DEBUG, NULL);
615 if (!fi) {
616 LOG_GCC(trans, LOGL_ERROR, "No memory for VGCS MSG state machine.\n");
617 goto err_mgw;
618 }
619 osmo_fsm_inst_update_id(fi, "vgcs-mgw-ep");
620 osmo_fsm_inst_state_chg(fi, VGCS_MGW_EP_ST_ACTIVE, 0, 0);
621 mgw = talloc_zero(fi, struct vgcs_mgw_ep);
622 if (!mgw) {
623 LOG_GCC(trans, LOGL_ERROR, "No memory for MGW ep structure.\n");
624 osmo_fsm_inst_free(fi);
625 goto err_mgw;
626 }
627 mgw->fi = fi;
628 fi->priv = mgw;
629 INIT_LLIST_HEAD(&mgw->cell_list);
630 mgw->mgw_ep = osmo_mgcpc_ep_alloc(mgw->fi, VGCS_MGW_EP_EV_FREE,
631 mgcp_client, trans->net->mgw.tdefs, mgw->fi->id,
632 "%s", mgcp_client_rtpbridge_wildcard(mgcp_client));
633 if (!mgw->mgw_ep) {
634 LOG_GCC(trans, LOGL_ERROR, "No memory for MGW endpoint state machine.\n");
635 goto err_mgw;
636 }
637
638 /* Create BSS list structures. */
639 llist_for_each_entry(b, &gcr->bss_list, list) {
640 LOG_GCC(trans, LOGL_DEBUG, " -> BSS with PC %s.\n", osmo_ss7_pointcode_print(NULL, b->pc));
641 /* Resolve ran_peer. */
642 rp = ran_peer_for_pc(trans->net, b->pc);
643 if (!rp) {
644 LOG_GCC(trans, LOGL_ERROR, "Failed to resolve point code %s, skipping BSS!\n",
645 osmo_ss7_pointcode_print(NULL, b->pc));
646 continue;
647 }
648 /* Create state machine. */
649 fi = osmo_fsm_inst_alloc(&vgcs_bss_fsm, net, NULL, LOGL_DEBUG, NULL);
650 if (!fi) {
651 LOG_GCC(trans, LOGL_ERROR, "No memory for state machine.\n");
652 break;
653 }
654 /* Create call structure. */
655 bss = talloc_zero(fi, struct vgcs_bss);
656 if (!bss) {
657 LOG_GCC(trans, LOGL_ERROR, "No memory for BSS call structure.\n");
658 osmo_fsm_inst_free(fi);
659 break;
660 }
661 bss->fi = fi;
662 fi->priv = bss;
663 INIT_LLIST_HEAD(&bss->cell_list);
664 bss->trans = trans;
665 bss->trans_type = trans->type;
666 bss->callref = trans->callref;
667 bss->pc = b->pc;
668 /* Create ran connection. */
669 bss->conn = ran_conn_create_outgoing(rp);
670 if (!bss->conn) {
671 osmo_fsm_inst_free(bss->fi);
672 continue;
673 }
674 bss->conn->vgcs.bss = bss;
675 /* Create cell list structures. */
676 llist_for_each_entry(c, &b->cell_list, list) {
677 /* Create state machine. */
678 fi = osmo_fsm_inst_alloc(&vgcs_cell_fsm, net, NULL, LOGL_DEBUG, NULL);
679 if (!fi) {
680 LOG_GCC(trans, LOGL_ERROR, "No memory for state machine.\n");
681 break;
682 }
683 /* Create cell structure. */
684 cell = talloc_zero(fi, struct vgcs_bss_cell);
685 if (!cell) {
686 LOG_GCC(trans, LOGL_ERROR, "No memory for BSS cell structure.\n");
687 osmo_fsm_inst_free(fi);
688 break;
689 }
690 cell->fi = fi;
691 fi->priv = cell;
692 osmo_fsm_inst_update_id_f(cell->fi, "vgcs-cell-%d", c->cell_id);
693 cell->trans_type = trans->type;
694 cell->callref = trans->callref;
695 cell->pc = b->pc;
696 cell->cell_id = c->cell_id;
697 cell->call_id = trans->call_id;
698 /* Create ran connection. */
699 cell->conn = ran_conn_create_outgoing(rp);
700 if (!cell->conn) {
701 osmo_fsm_inst_free(cell->fi);
702 continue;
703 }
704 cell->conn->vgcs.cell = cell;
705 /* Attach to cell list of BSS and MGW endpoint */
706 llist_add_tail(&cell->list_bss, &bss->cell_list);
707 cell->bss = bss;
708 llist_add_tail(&cell->list_mgw, &mgw->cell_list);
709 cell->mgw = mgw;
710 }
711 /* No cell? */
712 if (llist_empty(&bss->cell_list)) {
713 osmo_fsm_inst_free(bss->fi);
714 break;
715 }
716 /* Attach to transaction list */
717 llist_add_tail(&bss->list, &trans->gcc.bss_list);
718 /* Trigger VGCS/VBS SETUP */
719 osmo_fsm_inst_dispatch(bss->fi, VGCS_BSS_EV_SETUP, NULL);
720 }
721 /* No BSS? */
722 if (llist_empty(&trans->gcc.bss_list)) {
723 /* Also destroy MGW, because this list is empty too! */
724 goto err_mgw;
725 }
726 return 0;
727
728err_mgw:
729 if (mgw) {
730 if (mgw->mgw_ep) {
731 /* This will also free FSM instance and vgcs_mgw_ep structure. */
732 osmo_fsm_inst_dispatch(mgw->fi, VGCS_MGW_EP_EV_CLEAR, NULL);
733 return -EINVAL;
734 }
735 osmo_fsm_inst_free(mgw->fi);
736 }
737 return -EINVAL;
738}
739
740/* Send Assignment Request to the calling subscriber.
741 * This is used to assign the subscriber from early assigned channel to the VGCS/VBS channel. */
742static int gcc_assign(struct gsm_trans *trans)
743{
744 struct ran_msg tx_ran_msg;
745 struct gsm0808_channel_type channel_type;
746 struct vgcs_bss *bss = NULL, *b;
747
748 /* No assignment, because the calling subscriber is already assigned or there is no calling subscriber. */
749 if (!trans->msc_a)
750 return 0;
751
752 /* Check calling subscriber's MSC */
753 struct ran_conn *conn = msub_ran_conn(trans->msc_a->c.msub);
754 if (!conn) {
755 LOG_GCC(trans, LOGL_ERROR, "Calling subscriber has no ran_conn????\n");
756 return -EINVAL;
757 }
758 llist_for_each_entry(b, &trans->gcc.bss_list, list) {
759 if (osmo_sccp_addr_ri_cmp(&conn->ran_peer->peer_addr, &b->conn->ran_peer->peer_addr))
760 continue;
761 bss = b;
762 break;
763 }
764 if (!bss) {
765 LOG_GCC(trans, LOGL_ERROR, "Calling subscriber comes from BSC that has no VGCS call.\n");
766 return -EINVAL;
767 }
768
769 /* For now we support GSM/FR V1 only. This shall be supported by all MS. */
770 channel_type = (struct gsm0808_channel_type) {
771 .ch_indctr = GSM0808_CHAN_SPEECH,
772 .ch_rate_type = GSM0808_SPEECH_FULL_BM,
773 .perm_spch_len = 1,
774 .perm_spch[0] = GSM0808_PERM_FR1,
775 };
776
777 /* Send assignment to VGCS channel */
778 tx_ran_msg = (struct ran_msg) {
779 .msg_type = RAN_MSG_ASSIGNMENT_COMMAND,
780 .assignment_command = {
781 .channel_type = &channel_type,
782 .callref_present = true,
783 .callref = {
784 .sf = (trans->type == TRANS_GCC),
785 },
786 },
787 };
788 osmo_store32be_ext(trans->callref >> 3, &tx_ran_msg.assignment_command.callref.call_ref_hi, 3);
789 tx_ran_msg.assignment_command.callref.call_ref_lo = trans->callref & 0x7;
790 if (msc_a_ran_down(trans->msc_a, MSC_ROLE_I, &tx_ran_msg)) {
791 LOG_GCC(trans, LOGL_ERROR, "Cannot send Assignment\n");
792 return -EIO;
793 }
794
795 /* Assign Talker to BSS of the calling subscriber. */
796 trans->gcc.uplink_bss = bss;
797
798 return 0;
799}
800
801/* Send CONNECT to the calling subscriber. */
802static void gcc_connect(struct gsm_trans *trans)
803{
804 uint8_t pdisc = (trans->type == TRANS_GCC) ? GSM48_PDISC_GROUP_CC : GSM48_PDISC_BCAST_CC;
805 int rc;
806
807 /* Send CONNECT towards MS. */
808 rc = gsm44068_tx_connect(trans,
809 pdisc | (trans->transaction_id << 4),
810 trans->callref, 0, 0, 1, 0, 0, 0, 0);
811 if (rc < 0)
812 LOG_GCC(trans, LOGL_ERROR, "Failed to send CONNECT towards MS. Continue anyway.\n");
813}
814
815/* Release dedicated (SDCCH) channel of calling subscriber after assigning to VGCS */
816static void release_msc_a(struct gsm_trans *trans)
817{
818 struct msc_a *msc_a = trans->msc_a;
819
820 if (!msc_a)
821 return;
822
823 trans->msc_a = NULL;
824 switch (trans->type) {
825 case TRANS_GCC:
826 msc_a_put(msc_a, MSC_A_USE_GCC);
827 break;
828 case TRANS_BCC:
829 msc_a_put(msc_a, MSC_A_USE_BCC);
830 break;
831 default:
832 break;
833 }
834}
835
836/* Send TERMINATE to the calling/talking subscriber, then destroy transaction. */
837static void gcc_terminate_and_destroy(struct gsm_trans *trans, enum osmo_gsm44068_cause cause)
838{
839 uint8_t pdisc = (trans->type == TRANS_GCC) ? GSM48_PDISC_GROUP_CC : GSM48_PDISC_BCAST_CC;
840 int rc;
841
842 /* Send TERMINATION towards MS. */
843 rc = gsm44068_tx_termination(trans->msc_a, trans->gcc.uplink_bss,
844 pdisc | (trans->transaction_id << 4),
845 OSMO_GSM44068_MSGT_TERMINATION,
846 cause, NULL, 0);
847 if (rc < 0)
848 LOG_GCC(trans, LOGL_ERROR, "Failed to send TERMINATION towards MS. Continue anyway.\n");
849
850 /* Destroy transaction, note that also _gsm44068_gcc_trans_free() will be called by trans_free().
851 * There the complete state machine is destroyed. */
852 trans->callref = 0;
853 trans_free(trans);
854}
855
856/* Start inactivity timer.
857 * This timer is used to terminate the call, if the radio connection to the caller gets lost. */
858static void start_inactivity_timer(struct gsm_trans *trans)
859{
860 if (trans->gcc.inactivity_to) {
861 LOG_GCC(trans, LOGL_DEBUG, "Set inactivity timer to %d seconds.\n", trans->gcc.inactivity_to);
862 osmo_timer_schedule(&trans->gcc.timer_inactivity, trans->gcc.inactivity_to, 0);
863 }
864}
865
866static void stop_inactivity_timer(struct gsm_trans *trans)
867{
868 if (osmo_timer_pending(&trans->gcc.timer_inactivity)) {
869 LOG_GCC(trans, LOGL_DEBUG, "Stop pending inactivity timer.\n");
870 osmo_timer_del(&trans->gcc.timer_inactivity);
871 }
872}
873
874static void inactivity_timer_cb(void *data)
875{
876 struct gsm_trans *trans = data;
877
878 osmo_fsm_inst_dispatch(trans->gcc.fi, VGCS_GCC_EV_TIMEOUT, NULL);
879}
880
881/* Set the parameters of the talker. (downlink mute/unmute, uplink unmute, COMM=T, originator) */
882static int set_parameter(struct gsm_trans *trans)
883{
884 uint8_t pdisc = (trans->type == TRANS_GCC) ? GSM48_PDISC_GROUP_CC : GSM48_PDISC_BCAST_CC;
885 int rc;
886
887 rc = gsm44068_tx_set_parameter(trans, pdisc, !trans->gcc.mute_talker, 1, 1, trans->gcc.uplink_originator);
888 if (rc < 0)
889 LOG_GCC(trans, LOGL_ERROR, "Failed to send SET PARAMETER towards MS.\n");
890 return rc;
891}
892
893/* Check in which cell the uplink is used and set "uplink_cell". */
894static int set_uplink_cell(struct vgcs_bss *bss, struct gsm0808_cell_id *cell_id_ie, uint16_t cell_id)
895{
896 struct vgcs_bss_cell *cell;
897
898 if (cell_id_ie) {
899 /* Get cell ID to determine talker channel. */
900 switch (cell_id_ie->id_discr) {
901 case CELL_IDENT_CI:
902 cell_id = cell_id_ie->id.ci;
903 break;
904 case CELL_IDENT_LAC_AND_CI:
905 cell_id = cell_id_ie->id.lac_and_ci.ci;
906 break;
907 default:
908 LOG_BSS(bss, LOGL_DEBUG, "Cannot idenitfy cell, please fix!\n");
909 return -EINVAL;
910 }
911 }
912
913 /* Search for cell ID. */
914 bss->trans->gcc.uplink_cell = NULL;
915 llist_for_each_entry(cell, &bss->cell_list, list_bss) {
916 if (cell->cell_id == cell_id) {
917 LOG_BSS(bss, LOGL_DEBUG, "Talker is talking on cell %d.\n", cell->cell_id);
918 bss->trans->gcc.uplink_cell = cell;
919 return 0;
920 }
921 }
922
923 LOG_BSS(bss, LOGL_DEBUG, "Cell ID %d is not in list of current BSS, please fix!\n", cell_id);
924 return -EINVAL;
925}
926
927/* Set the MGW conference mode.
928 * All cells are listening to the conference. If there is a talker, this cell is also transmitting to the conference. */
929static int set_mgw_conference(struct gsm_trans *trans)
930{
931 struct vgcs_bss *bss;
932 struct vgcs_bss_cell *cell;
933 struct rtp_stream *rtps;
934 int rc;
935
936 /* All cells without talker are listening */
937 llist_for_each_entry(bss, &trans->gcc.bss_list, list) {
938 llist_for_each_entry(cell, &bss->cell_list, list_bss) {
939 if (!(rtps = cell->rtps))
940 continue;
941 if (rtps->crcx_conn_mode != MGCP_CONN_SEND_ONLY) {
942 LOG_CELL(cell, LOGL_DEBUG, "Setting cell %d into listening mode.\n", cell->cell_id);
943 rtp_stream_set_mode(rtps, MGCP_CONN_SEND_ONLY);
944 rc = rtp_stream_commit(rtps);
945 if (rc < 0)
946 LOG_CELL(cell, LOGL_ERROR, "Failed to commit parameters to RTP stream "
947 "for cell %d.\n", cell->cell_id);
948 }
949 }
950 }
951
952 if (trans->gcc.uplink_cell && trans->gcc.uplink_cell->rtps) {
953 cell = trans->gcc.uplink_cell;
954 rtps = cell->rtps;
955 LOG_CELL(cell, LOGL_DEBUG, "Setting cell %d into listening mode.\n", cell->cell_id);
956 rtp_stream_set_mode(rtps, MGCP_CONN_CONFECHO);
957 rc = rtp_stream_commit(rtps);
958 if (rc < 0)
959 LOG_CELL(cell, LOGL_ERROR, "Failed to commit parameters to RTP stream "
960 "for cell %d.\n", cell->cell_id);
961 }
962
963 return 0;
964}
965
966static void _assign_complete(struct gsm_trans *trans, bool send_connect)
967{
968 uint16_t cell_id;
969
970 /* Change state. */
971 osmo_fsm_inst_state_chg(trans->gcc.fi, VGCS_GCC_ST_N2_CALL_ACTIVE, 0, 0);
972 /* Get cell ID. */
973 if (trans->msc_a)
974 cell_id = trans->msc_a->via_cell.cell_identity;
975 else
976 LOG_GCC(trans, LOGL_ERROR, "Missing msc_a, please fix!\n");
977 /* Releasing dedicated channel. */
978 release_msc_a(trans);
979 /* Send CONNECT to the calling subscriber. */
980 if (send_connect)
981 gcc_connect(trans);
982 /* Set parameter. */
983 set_parameter(trans);
984 /* Start inactivity timer, if uplink is free. */
985 if (!trans->gcc.uplink_busy)
986 start_inactivity_timer(trans);
987 /* Set cell of current talker. */
988 set_uplink_cell(trans->gcc.uplink_bss, NULL, cell_id);
989 /* Set MGW conference. */
990 set_mgw_conference(trans);
991}
992
993#define CONNECT_OPTION false
994
995static void vgcs_gcc_fsm_n0_null(struct osmo_fsm_inst *fi, uint32_t event, void *data)
996{
997 struct gsm_trans *trans = fi->priv;
998 int rc;
999
1000 switch (event) {
1001 case VGCS_GCC_EV_NET_SETUP:
1002 /* Establish call towards all BSSs. */
1003 LOG_GCC(trans, LOGL_DEBUG, "Setup by network, trying to establish cells.\n");
1004 rc = gcc_establish_bss(trans);
1005 if (rc < 0) {
1006 LOG_GCC(trans, LOGL_NOTICE, "Failed to setup call to any cell.\n");
1007 gcc_terminate_and_destroy(trans, OSMO_GSM44068_CAUSE_NETWORK_FAILURE);
1008 break;
1009 }
1010 /* Keep state until established or released. */
1011 break;
1012 case VGCS_GCC_EV_NET_TERM:
1013 LOG_GCC(trans, LOGL_DEBUG, "Termination by network, destroying call.\n");
1014 /* Destroy group call in all cells. */
1015 gcc_terminate_and_destroy(trans, OSMO_GSM44068_CAUSE_NORMAL_CALL_CLEARING);
1016 break;
1017 case VGCS_GCC_EV_USER_SETUP:
1018 LOG_GCC(trans, LOGL_DEBUG, "Setup by MS, trying to establish cells.\n");
1019 /* Change state. */
1020 osmo_fsm_inst_state_chg(fi, VGCS_GCC_ST_N1_CALL_INITIATED, 0, 0);
1021 /* Establish call towards all BSSs. */
1022 rc = gcc_establish_bss(trans);
1023 if (rc < 0) {
1024 LOG_GCC(trans, LOGL_NOTICE, "Failed to setup call to any cell.\n");
1025 gcc_terminate_and_destroy(trans, OSMO_GSM44068_CAUSE_NETWORK_FAILURE);
1026 break;
1027 }
1028 if (CONNECT_OPTION) {
1029 /* Send CONNECT to the calling subscriber. */
1030 gcc_connect(trans);
1031 /* Change state. */
1032 osmo_fsm_inst_state_chg(fi, VGCS_GCC_ST_N3_CALL_EST_PROC, 0, 0);
1033 }
1034 break;
1035 case VGCS_GCC_EV_BSS_ESTABLISHED:
1036 LOG_GCC(trans, LOGL_DEBUG, "All cells establised, for a group call, sending CONNECT to caller.\n");
1037 /* Change state. */
1038 osmo_fsm_inst_state_chg(fi, VGCS_GCC_ST_N2_CALL_ACTIVE, 0, 0);
1039 /* Start inactivity timer, if uplink is free. */
1040 if (!trans->gcc.uplink_busy)
1041 start_inactivity_timer(trans);
1042 break;
1043 case VGCS_GCC_EV_BSS_RELEASED:
1044 LOG_GCC(trans, LOGL_DEBUG, "All group call in all cells failed, destroying call.\n");
1045 /* Send TERMINATE to the calling subscriber. */
1046 gcc_terminate_and_destroy(trans, OSMO_GSM44068_CAUSE_NETWORK_FAILURE);
1047 break;
1048 default:
1049 OSMO_ASSERT(false);
1050 }
1051}
1052
1053static void vgcs_gcc_fsm_n1_call_initiated(struct osmo_fsm_inst *fi, uint32_t event, void *data)
1054{
1055 struct gsm_trans *trans = fi->priv;
1056 int rc;
1057
1058 switch (event) {
1059 case VGCS_GCC_EV_NET_TERM:
1060 LOG_GCC(trans, LOGL_DEBUG, "Termination by network, destroying call.\n");
1061 /* Destroy group call in all cells. */
1062 gcc_terminate_and_destroy(trans, OSMO_GSM44068_CAUSE_NORMAL_CALL_CLEARING);
1063 break;
1064 case VGCS_GCC_EV_USER_TERM:
1065 LOG_GCC(trans, LOGL_DEBUG, "Termination by user, destroying call.\n");
1066 /* Send TERMINATE to the calling subscriber and destroy group call in all cells. */
1067 gcc_terminate_and_destroy(trans, OSMO_GSM44068_CAUSE_NORMAL_CALL_CLEARING);
1068 break;
1069 case VGCS_GCC_EV_BSS_ESTABLISHED:
1070 LOG_GCC(trans, LOGL_DEBUG, "All cells establised, for a group call, assign caller to VGCS.\n");
1071 /* Send assignment to the calling subscriber. */
1072 rc = gcc_assign(trans);
1073 if (rc < 0) {
1074 gcc_terminate_and_destroy(trans, OSMO_GSM44068_CAUSE_NETWORK_FAILURE);
1075 break;
1076 }
1077 break;
1078 case VGCS_GCC_EV_BSS_ASSIGN_CPL:
1079 LOG_GCC(trans, LOGL_DEBUG, "Assignment complete, sending CONNECT to caller, releasing channel.\n");
1080 /* Handle assignment complete */
1081 _assign_complete(trans, true);
1082 break;
1083 case VGCS_GCC_EV_BSS_ASSIGN_FAIL:
1084 LOG_GCC(trans, LOGL_DEBUG, "Assignment failed, releasing call.\n");
1085 /* Send TERMINATE to the calling subscriber. */
1086 gcc_terminate_and_destroy(trans, OSMO_GSM44068_CAUSE_NETWORK_FAILURE);
1087 break;
1088 case VGCS_GCC_EV_BSS_RELEASED:
1089 LOG_GCC(trans, LOGL_DEBUG, "All group call in all cells failed, destroying call.\n");
1090 /* Send TERMINATE to the calling subscriber. */
1091 gcc_terminate_and_destroy(trans, OSMO_GSM44068_CAUSE_NETWORK_FAILURE);
1092 break;
1093 default:
1094 OSMO_ASSERT(false);
1095 }
1096}
1097
1098static void vgcs_gcc_fsm_n2_call_active(struct osmo_fsm_inst *fi, uint32_t event, void *data)
1099{
1100 struct gsm_trans *trans = fi->priv;
1101
1102 switch (event) {
1103 case VGCS_GCC_EV_NET_TERM:
1104 LOG_GCC(trans, LOGL_DEBUG, "Termination by network, destroying call.\n");
1105 /* Destroy group call in all cells. */
1106 gcc_terminate_and_destroy(trans, OSMO_GSM44068_CAUSE_NORMAL_CALL_CLEARING);
1107 break;
1108 case VGCS_GCC_EV_USER_TERM:
1109 LOG_GCC(trans, LOGL_DEBUG, "Termination by user, destroying call.\n");
1110 /* Send TERMINATE to the calling subscriber and destroy group call in all cells. */
1111 gcc_terminate_and_destroy(trans, OSMO_GSM44068_CAUSE_NORMAL_CALL_CLEARING);
1112 break;
1113 case VGCS_GCC_EV_BSS_RELEASED:
1114 LOG_GCC(trans, LOGL_DEBUG, "All group call in all cells failed, destroying call.\n");
1115 /* Send TERMINATE to the calling subscriber. */
1116 gcc_terminate_and_destroy(trans, OSMO_GSM44068_CAUSE_NETWORK_FAILURE);
1117 break;
1118 case VGCS_GCC_EV_TIMEOUT:
1119 LOG_GCC(trans, LOGL_DEBUG, "Termination by inactivity timer, destroying call.\n");
1120 /* Destroy group call in all cells. */
1121 gcc_terminate_and_destroy(trans, OSMO_GSM44068_CAUSE_NORMAL_CALL_CLEARING);
1122 break;
1123 default:
1124 OSMO_ASSERT(false);
1125 }
1126}
1127
1128static void vgcs_gcc_fsm_n3_call_est_proc(struct osmo_fsm_inst *fi, uint32_t event, void *data)
1129{
1130 struct gsm_trans *trans = fi->priv;
1131 int rc;
1132
1133 switch (event) {
1134 case VGCS_GCC_EV_NET_TERM:
1135 LOG_GCC(trans, LOGL_DEBUG, "Termination by network, destroying call.\n");
1136 /* Destroy group call in all cells. */
1137 gcc_terminate_and_destroy(trans, OSMO_GSM44068_CAUSE_NORMAL_CALL_CLEARING);
1138 break;
1139 case VGCS_GCC_EV_USER_TERM:
1140 LOG_GCC(trans, LOGL_DEBUG, "Termination by user, destroying call.\n");
1141 /* Send TERMINATE to the calling subscriber and destroy group call in all cells. */
1142 gcc_terminate_and_destroy(trans, OSMO_GSM44068_CAUSE_NORMAL_CALL_CLEARING);
1143 break;
1144 case VGCS_GCC_EV_BSS_ESTABLISHED:
1145 LOG_GCC(trans, LOGL_DEBUG, "All cells establised, for a group call, assign caller to VGCS.\n");
1146 /* Send assignment to the calling subscriber. */
1147 rc = gcc_assign(trans);
1148 if (rc < 0) {
1149 gcc_terminate_and_destroy(trans, OSMO_GSM44068_CAUSE_NETWORK_FAILURE);
1150 break;
1151 }
1152 break;
1153 case VGCS_GCC_EV_BSS_ASSIGN_CPL:
1154 LOG_GCC(trans, LOGL_DEBUG, "Assignment complete, sending CONNECT to caller, releasing channel.\n");
1155 /* Handle assignment complete */
1156 _assign_complete(trans, false);
1157 break;
1158 case VGCS_GCC_EV_BSS_ASSIGN_FAIL:
1159 LOG_GCC(trans, LOGL_DEBUG, "Assignment failed, releasing call.\n");
1160 /* Send TERMINATE to the calling subscriber. */
1161 gcc_terminate_and_destroy(trans, OSMO_GSM44068_CAUSE_NETWORK_FAILURE);
1162 break;
1163 case VGCS_GCC_EV_BSS_RELEASED:
1164 LOG_GCC(trans, LOGL_DEBUG, "All group call in all cells failed, destroying call.\n");
1165 /* Send TERMINATE to the calling subscriber. */
1166 gcc_terminate_and_destroy(trans, OSMO_GSM44068_CAUSE_NETWORK_FAILURE);
1167 break;
1168 default:
1169 OSMO_ASSERT(false);
1170 }
1171}
1172
1173static const struct osmo_fsm_state vgcs_gcc_fsm_states[] = {
1174 [VGCS_GCC_ST_N0_NULL] = {
1175 .name = "NULL (N0)",
1176 .in_event_mask = S(VGCS_GCC_EV_NET_SETUP) |
1177 S(VGCS_GCC_EV_NET_TERM) |
1178 S(VGCS_GCC_EV_USER_SETUP) |
1179 S(VGCS_GCC_EV_BSS_ESTABLISHED) |
1180 S(VGCS_GCC_EV_BSS_RELEASED),
1181 .out_state_mask = S(VGCS_GCC_ST_N1_CALL_INITIATED) |
1182 S(VGCS_GCC_ST_N2_CALL_ACTIVE),
1183 .action = vgcs_gcc_fsm_n0_null,
1184 },
1185 [VGCS_GCC_ST_N1_CALL_INITIATED] = {
1186 .name = "CALL INITATED (N1)",
1187 .in_event_mask = S(VGCS_GCC_EV_NET_TERM) |
1188 S(VGCS_GCC_EV_USER_TERM) |
1189 S(VGCS_GCC_EV_BSS_ESTABLISHED) |
1190 S(VGCS_GCC_EV_BSS_ASSIGN_CPL) |
1191 S(VGCS_GCC_EV_BSS_ASSIGN_FAIL) |
1192 S(VGCS_GCC_EV_BSS_RELEASED),
1193 .out_state_mask = S(VGCS_GCC_ST_N0_NULL) |
1194 S(VGCS_GCC_ST_N2_CALL_ACTIVE) |
1195 S(VGCS_GCC_ST_N3_CALL_EST_PROC),
1196 .action = vgcs_gcc_fsm_n1_call_initiated,
1197 },
1198 [VGCS_GCC_ST_N2_CALL_ACTIVE] = {
1199 .name = "CALL ACTIVE (N2)",
1200 .in_event_mask = S(VGCS_GCC_EV_NET_TERM) |
1201 S(VGCS_GCC_EV_USER_TERM) |
1202 S(VGCS_GCC_EV_BSS_RELEASED) |
1203 S(VGCS_GCC_EV_TIMEOUT),
1204 .out_state_mask = S(VGCS_GCC_ST_N0_NULL),
1205 .action = vgcs_gcc_fsm_n2_call_active,
1206 },
1207 [VGCS_GCC_ST_N3_CALL_EST_PROC] = {
1208 .name = "CALL EST PROCEEDING (N3)",
1209 .in_event_mask = S(VGCS_GCC_EV_NET_TERM) |
1210 S(VGCS_GCC_EV_USER_TERM) |
1211 S(VGCS_GCC_EV_BSS_ESTABLISHED) |
1212 S(VGCS_GCC_EV_BSS_ASSIGN_CPL) |
1213 S(VGCS_GCC_EV_BSS_ASSIGN_FAIL) |
1214 S(VGCS_GCC_EV_BSS_RELEASED),
1215 .out_state_mask = S(VGCS_GCC_ST_N2_CALL_ACTIVE) |
1216 S(VGCS_GCC_ST_N0_NULL),
1217 .action = vgcs_gcc_fsm_n3_call_est_proc,
1218 },
1219 // We don't need a state to wait for the group call to be terminated in all cells
1220};
1221
1222static struct osmo_fsm vgcs_bcc_fsm = {
1223 .name = "bcc",
1224 .states = vgcs_gcc_fsm_states,
1225 .num_states = ARRAY_SIZE(vgcs_gcc_fsm_states),
1226 .log_subsys = DBCC,
1227 .event_names = vgcs_gcc_fsm_event_names,
1228};
1229
1230static struct osmo_fsm vgcs_gcc_fsm = {
1231 .name = "gcc",
1232 .states = vgcs_gcc_fsm_states,
1233 .num_states = ARRAY_SIZE(vgcs_gcc_fsm_states),
1234 .log_subsys = DGCC,
1235 .event_names = vgcs_gcc_fsm_event_names,
1236};
1237
1238const char *vgcs_bcc_gcc_state_name(struct osmo_fsm_inst *fi)
1239{
1240 return vgcs_gcc_fsm_states[fi->state].name;
1241}
1242
1243static int update_uplink_state(struct vgcs_bss *bss, bool uplink_busy);
1244
1245/* Receive RR messages from calling subscriber, prior assignment to VGCS/VBS. */
1246int gsm44068_rcv_rr(struct msc_a *msc_a, struct msgb *msg)
1247{
1248 struct gsm_trans *trans = NULL;
1249 struct gsm48_hdr *gh;
1250 uint8_t msg_type;
1251
1252 gh = msgb_l3(msg);
1253 msg_type = gsm48_hdr_msg_type(gh);
1254
1255 /* Find transaction. */
1256 trans = trans_find_by_type(msc_a, TRANS_GCC);
1257 if (!trans)
1258 trans = trans_find_by_type(msc_a, TRANS_BCC);
1259
1260 if (!trans) {
1261 LOG_GCC(trans, LOGL_ERROR, "No VGCS/VBS transaction.\n");
1262 return -EINVAL;
1263 }
1264
1265 /* In case the phone releases uplink prior being assigned to a VGCS */
1266 if (msg_type == GSM48_MT_RR_UPLINK_RELEASE) {
1267 struct vgcs_bss *bss;
1268
1269 LOG_GCC(trans, LOGL_INFO, "Received UPLINK RELEASE on initial channel.\n");
1270 /* Clear the busy flag and unblock all cells. */
1271 trans->gcc.uplink_bss = NULL;
1272 trans->gcc.uplink_cell = NULL;
1273 trans->gcc.uplink_busy = false;
1274 llist_for_each_entry(bss, &trans->gcc.bss_list, list) {
1275 /* Update uplink state. */
1276 update_uplink_state(bss, trans->gcc.uplink_busy);
1277 }
1278 /* Start inactivity timer. */
1279 start_inactivity_timer(bss->trans);
1280 /* Next, the MS will switch to the VGCS as listener. Nothing else to do here. */
1281 }
1282
1283 return 0;
1284}
1285
1286/* Allocation of transaction for group call */
1287static struct gsm_trans *trans_alloc_vgcs(struct gsm_network *net,
1288 struct vlr_subscr *vsub,
1289 enum trans_type trans_type, uint8_t transaction_id,
1290 uint32_t callref,
1291 struct gcr *gcr,
1292 bool uplink_busy)
1293{
1294 struct gsm_trans *trans;
1295
1296 trans = trans_alloc(net, vsub, trans_type, transaction_id, callref);
1297 if (!trans) {
1298 LOG_GCC(trans, LOGL_ERROR, "No memory for trans.\n");
1299 return NULL;
1300 }
1301 /* The uplink is busy when the call is started until the calling subscriber releases. */
1302 trans->gcc.uplink_busy = uplink_busy;
1303 trans->gcc.uplink_originator = true;
1304 INIT_LLIST_HEAD(&trans->gcc.bss_list);
1305 trans->gcc.inactivity_to = gcr->timeout;
1306 trans->gcc.mute_talker = gcr->mute_talker;
1307 trans->gcc.timer_inactivity.data = trans;
1308 trans->gcc.timer_inactivity.cb = inactivity_timer_cb;
1309 trans->gcc.fi = osmo_fsm_inst_alloc((trans_type == TRANS_GCC) ? &vgcs_gcc_fsm : &vgcs_bcc_fsm,
1310 trans, trans, LOGL_DEBUG, NULL);
1311 if (!trans->gcc.fi) {
1312 LOG_GCC(trans, LOGL_ERROR, "No memory for state machine.\n");
1313 trans_free(trans);
1314 return NULL;
1315 }
1316
1317 return trans;
1318}
1319
1320/* Create transaction from incoming voice group/broadcast call. */
1321static struct gsm_trans *trans_create_bcc_gcc(struct msc_a *msc_a, enum trans_type trans_type, uint8_t transaction_id,
1322 uint8_t pdisc, uint8_t msg_type, uint32_t callref)
1323{
1324 struct gsm_network *net = msc_a_net(msc_a);
1325 struct vlr_subscr *vsub = msc_a_vsub(msc_a);
1326 struct gsm_trans *trans = NULL;
1327 struct gcr *gcr;
1328 int rc;
1329
1330 if (!msc_a) {
1331 LOG_GCC(trans, LOGL_ERROR, "Invalid conn: no msc_a\n");
1332 return NULL;
1333 }
1334 if (!vsub) {
1335 LOG_GCC(trans, LOGL_ERROR, "Invalid conn: no subscriber\n");
1336 return NULL;
1337 }
1338
1339 /* An earlier CM Service Request for this CC message now has concluded */
1340 if (!osmo_use_count_by(&msc_a->use_count,
1341 (trans_type == TRANS_GCC) ? MSC_A_USE_CM_SERVICE_GCC : MSC_A_USE_CM_SERVICE_BCC))
1342 LOG_MSC_A(msc_a, LOGL_ERROR,
1343 "Creating new %s transaction without prior CM Service Request.\n",
1344 get_value_string(trans_type_names, trans_type));
1345 else
1346 msc_a_put(msc_a,
1347 (trans_type == TRANS_GCC) ? MSC_A_USE_CM_SERVICE_GCC : MSC_A_USE_CM_SERVICE_BCC);
1348
1349 /* A transaction must be created with a SETUP message. */
1350 if (msg_type != OSMO_GSM44068_MSGT_IMMEDIATE_SETUP
1351 && msg_type != OSMO_GSM44068_MSGT_SETUP
1352 && msg_type != OSMO_GSM44068_MSGT_IMMEDIATE_SETUP_2) {
1353 LOG_GCC(trans, LOGL_ERROR, "No transaction and message is not a SETUP.\n");
1354 return NULL;
1355 }
1356
1357 /* Check if callref already exists. */
1358 trans = trans_find_by_callref(net, trans_type, callref);
1359 if (trans) {
1360 LOG_GCC(trans, LOGL_INFO, "Call to existing %s with callref %s, rejecting!\n",
1361 trans_type_name(trans_type), gsm44068_group_id_string(callref));
1362 rc = gsm44068_tx_termination(msc_a, NULL,
1363 pdisc | (transaction_id << 4),
1364 OSMO_GSM44068_MSGT_TERMINATION,
1365 OSMO_GSM44068_CAUSE_BUSY, NULL, 0);
1366 if (rc < 0)
1367 LOG_GCC(trans, LOGL_ERROR, "Failed to send TERMINATION towards MS.\n");
1368 return 0;
1369 }
1370
1371 /* Check GCR for Group ID. */
1372 gcr = gcr_by_callref(net, trans_type, callref);
1373 if (!gcr) {
1374 LOG_GCC(trans, LOGL_INFO, "No Group configured for %s callref %s, rejecting!\n",
1375 trans_type_name(trans_type), gsm44068_group_id_string(callref));
1376 // FIXME: Better cause value for a group that does not exist ?
1377 rc = gsm44068_tx_termination(msc_a, NULL,
1378 pdisc | (transaction_id << 4),
1379 OSMO_GSM44068_MSGT_TERMINATION,
1380 OSMO_GSM44068_CAUSE_REQUESTED_SERVICE_NOT_SUB, NULL, 0);
1381 if (rc < 0)
1382 LOG_GCC(trans, LOGL_ERROR, "Failed to send TERMINATION towards MS.\n");
1383 return 0;
1384 }
1385
1386 /* Create transaction, uplink is busy. */
1387 trans = trans_alloc_vgcs(net, vsub, trans_type, transaction_id, callref, gcr, true);
1388 if (!trans) {
1389 rc = gsm44068_tx_termination(msc_a, NULL,
1390 pdisc | (transaction_id << 4),
1391 OSMO_GSM44068_MSGT_TERMINATION,
1392 OSMO_GSM44068_CAUSE_NETWORK_FAILURE, NULL, 0);
1393 if (rc < 0)
1394 LOG_GCC(trans, LOGL_ERROR, "Failed to send TERMINATION towards MS.\n");
1395 return NULL;
1396 }
1397
1398 if (osmo_fsm_inst_dispatch(msc_a->c.fi, MSC_A_EV_TRANSACTION_ACCEPTED, trans)) {
1399 LOG_MSC_A(msc_a, LOGL_ERROR, "Not allowed to accept %s transaction.\n",
1400 get_value_string(trans_type_names, trans_type));
1401 gcc_terminate_and_destroy(trans, OSMO_GSM44068_CAUSE_NETWORK_FAILURE);
1402 return NULL;
1403 }
1404
1405 /* Assign transaction */
1406 msc_a_get(msc_a, (trans_type == TRANS_GCC) ? MSC_A_USE_GCC : MSC_A_USE_BCC);
1407 trans->msc_a = msc_a;
1408 trans->dlci = 0; /* main DCCH */
1409
1410 return trans;
1411}
1412
1413/* Receive GCC/BCC messages from calling subscriber, depending on the PDISC used. */
1414int gsm44068_rcv_bcc_gcc(struct msc_a *msc_a, struct gsm_trans *trans, struct msgb *msg)
1415{
1416 struct gsm48_hdr *gh = msgb_l3(msg);
1417 uint8_t msg_type = gsm48_hdr_msg_type(gh);
1418 uint8_t pdisc = gsm48_hdr_pdisc(gh);
1419 uint8_t transaction_id = gsm48_hdr_trans_id_flip_ti(gh);
1420 enum trans_type trans_type = (pdisc == GSM48_PDISC_GROUP_CC) ? TRANS_GCC : TRANS_BCC;
1421
1422 uint8_t key_seq;
1423 bool talker_prio_requested;
1424 bool with_talker_prio;
1425 uint8_t talker_prio;
1426 struct gsm48_classmark2 cm2;
1427 struct osmo_mobile_identity mi;
1428 uint32_t callref;
1429 bool with_prio;
1430 uint8_t prio;
1431 char user_user[64] = "";
1432 uint8_t cause;
1433 uint8_t diag[256];
1434 uint8_t diag_len;
1435 bool with_call_state;
1436 enum osmo_gsm44068_call_state call_state;
1437 bool with_state_attrs;
1438 uint8_t da, ua, comm, oi;
1439 int rc = 0;
1440
1441 /* Remove sequence number (bit 7) from message type. */
1442 msg_type &= 0xbf;
1443
1444 /* Parse messages. */
1445 switch (msg_type) {
1446 case OSMO_GSM44068_MSGT_SETUP:
1447 rc = gsm44068_rx_setup(msg, &talker_prio_requested, &talker_prio, &callref, &with_prio, &prio,
1448 user_user);
1449 break;
1450 case OSMO_GSM44068_MSGT_IMMEDIATE_SETUP:
1451 case OSMO_GSM44068_MSGT_IMMEDIATE_SETUP_2:
1452 rc = gsm44068_rx_immediate_setup(msg, &talker_prio, &key_seq, &cm2, &mi, &callref, &with_prio, &prio,
1453 user_user);
1454 break;
1455 case OSMO_GSM44068_MSGT_STATUS:
1456 rc = gsm44068_rx_status(msg, &cause, diag, &diag_len, &with_call_state, &call_state,
1457 &with_state_attrs, &da, &ua, &comm, &oi);
1458 break;
1459 case OSMO_GSM44068_MSGT_TERMINATION_REQUEST:
1460 rc = gsm44068_rx_termination_req(msg, &callref, &with_prio, &prio, &with_talker_prio, &talker_prio);
1461 break;
1462 default:
1463 LOG_GCC(trans, LOGL_ERROR, "Invalid message type: 0x%02x\n", msg_type);
1464 return -EINVAL;
1465 }
1466 if (rc < 0)
1467 return rc;
1468
1469 /* Find transaction, if called from msc_a. */
1470 if (!trans)
1471 trans = trans_find_by_id(msc_a, trans_type, transaction_id);
1472
1473 /* Create transaction for SETUP message. */
1474 if (!trans) {
1475 trans = trans_create_bcc_gcc(msc_a, trans_type, transaction_id, pdisc, msg_type, callref);
1476 if (!trans)
1477 return -EINVAL;
1478 } else {
1479 /* A phone may not call while a VGCS is already active */
1480 if (msg_type == OSMO_GSM44068_MSGT_IMMEDIATE_SETUP
1481 || msg_type == OSMO_GSM44068_MSGT_SETUP
1482 || msg_type == OSMO_GSM44068_MSGT_IMMEDIATE_SETUP_2) {
1483 LOG_GCC(trans, LOGL_ERROR, "Received SETUP while call is already set up, rejecting.\n");
1484 rc = gsm44068_tx_termination(msc_a, NULL,
1485 pdisc | (transaction_id << 4),
1486 OSMO_GSM44068_MSGT_TERMINATION,
1487 OSMO_GSM44068_CAUSE_NETWORK_FAILURE, NULL, 0);
1488 if (rc < 0)
1489 LOG_GCC(trans, LOGL_ERROR, "Failed to send TERMINATION towards MS.\n");
1490 return -EINVAL;
1491 }
1492 }
1493
1494 /* Handle received GCC messages (trigger state machine). */
1495 switch (msg_type) {
1496 case OSMO_GSM44068_MSGT_IMMEDIATE_SETUP:
1497 case OSMO_GSM44068_MSGT_SETUP:
1498 case OSMO_GSM44068_MSGT_IMMEDIATE_SETUP_2:
1499 LOG_GCC(trans, LOGL_INFO, "Received SETUP.\n");
1500 osmo_fsm_inst_dispatch(trans->gcc.fi, VGCS_GCC_EV_USER_SETUP, NULL);
1501 break;
1502 case OSMO_GSM44068_MSGT_STATUS:
1503 LOG_GCC(trans, LOGL_NOTICE, "Received STATUS with cause %d (%s).\n", cause,
1504 get_value_string(osmo_gsm44068_cause_names, cause));
1505 if (diag_len)
1506 LOG_GCC(trans, LOGL_NOTICE, " -> diagnostics: %s\n", osmo_hexdump(diag, diag_len));
1507 if (with_call_state)
1508 LOG_GCC(trans, LOGL_NOTICE, " -> call state %s\n",
1509 get_value_string(osmo_gsm44068_call_state_names, call_state));
1510 break;
1511 case OSMO_GSM44068_MSGT_TERMINATION_REQUEST:
1512 LOG_GCC(trans, LOGL_INFO, "Received TERMINATRION REQUEST.\n");
1513 if (callref != trans->callref) {
1514 LOG_GCC(trans, LOGL_NOTICE, "Received callref 0x%x does not match!\n", callref);
1515 break;
1516 }
1517 osmo_fsm_inst_dispatch(trans->gcc.fi, VGCS_GCC_EV_USER_TERM, NULL);
1518 break;
1519 }
1520
1521 return 0;
1522}
1523
1524static void bss_clear(struct vgcs_bss *bss, uint8_t cause, bool notify_trans);
1525
1526/* Call Control Specific transaction release.
1527 * gets called by trans_free, DO NOT CALL YOURSELF! */
1528void gsm44068_bcc_gcc_trans_free(struct gsm_trans *trans)
1529{
1530 struct vgcs_bss *bss, *bss2;
1531
1532 /* Change state. */
1533 osmo_fsm_inst_state_chg(trans->gcc.fi, VGCS_GCC_ST_N0_NULL, 0, 0);
1534
1535 /* Free FSM. */
1536 if (trans->gcc.fi)
1537 osmo_fsm_inst_term(trans->gcc.fi, OSMO_FSM_TERM_REGULAR, NULL);
1538
1539 /* Remove relations to cells.
1540 * We must loop safe, because bss_clear() will detach every call control instance from list. */
1541 llist_for_each_entry_safe(bss, bss2, &trans->gcc.bss_list, list)
1542 osmo_fsm_inst_dispatch(bss->fi, VGCS_BSS_EV_CLEAR, NULL);
1543
1544 /* Stop inactivity timer. */
1545 stop_inactivity_timer(trans);
1546}
1547
1548/* Create a new call from VTY command. */
1549const char *vgcs_vty_initiate(struct gsm_network *gsmnet, struct gcr *gcr)
1550{
1551 enum trans_type trans_type;
1552 uint32_t callref;
1553 struct gsm_trans *trans;
1554
1555 /* Get callref from stored suffix. Caller cannot choose a prefix. */
1556 trans_type = gcr->trans_type;
1557 callref = atoi(gcr->group_id);
1558
1559 /* Check if callref already exists. */
1560 trans = trans_find_by_callref(gsmnet, trans_type, callref);
1561 if (trans) {
1562 LOG_GCC(trans, LOGL_INFO, "Call to existing %s with callref %s, rejecting!\n",
1563 trans_type_name(trans_type), gsm44068_group_id_string(callref));
1564 return "Call already exists.";
1565 }
1566
1567 /* Create transaction, uplink is free. */
1568 trans = trans_alloc_vgcs(gsmnet, NULL, trans_type, 0, callref, gcr, false);
1569 if (!trans) {
1570 LOG_GCC(trans, LOGL_ERROR, "No memory for trans.\n");
1571 return "Failed to create call.";
1572 }
1573
1574 LOG_GCC(trans, LOGL_INFO, "VTY initiates call.\n");
1575 osmo_fsm_inst_dispatch(trans->gcc.fi, VGCS_GCC_EV_NET_SETUP, NULL);
1576
1577 return NULL;
1578}
1579
1580/* Destroy a call from VTY command. */
1581const char *vgcs_vty_terminate(struct gsm_network *gsmnet, struct gcr *gcr)
1582{
1583 enum trans_type trans_type;
1584 uint32_t callref;
1585 struct gsm_trans *trans;
1586
1587 /* Get callref from stored suffix. Caller cannot choose a prefix. */
1588 trans_type = gcr->trans_type;
1589 callref = atoi(gcr->group_id);
1590
1591 /* Check if callref exists. */
1592 trans = trans_find_by_callref(gsmnet, trans_type, callref);
1593 if (!trans)
1594 return "Call does not exist.";
1595
1596 LOG_GCC(trans, LOGL_INFO, "VTY terminates call.\n");
1597 osmo_fsm_inst_dispatch(trans->gcc.fi, VGCS_GCC_EV_NET_TERM, NULL);
1598
1599 return NULL;
1600}
1601
1602/*
1603 * BSS state machine - handles all BSS "call control" instances
1604 */
1605
1606static const struct value_string vgcs_bss_fsm_event_names[] = {
1607 OSMO_VALUE_STRING(VGCS_BSS_EV_SETUP),
1608 OSMO_VALUE_STRING(VGCS_BSS_EV_SETUP_ACK),
1609 OSMO_VALUE_STRING(VGCS_BSS_EV_SETUP_REFUSE),
1610 OSMO_VALUE_STRING(VGCS_BSS_EV_ACTIVE_OR_FAIL),
1611 OSMO_VALUE_STRING(VGCS_BSS_EV_UL_REQUEST),
1612 OSMO_VALUE_STRING(VGCS_BSS_EV_UL_REQUEST_CNF),
1613 OSMO_VALUE_STRING(VGCS_BSS_EV_UL_APP_DATA),
1614 OSMO_VALUE_STRING(VGCS_BSS_EV_BSS_DTAP),
1615 OSMO_VALUE_STRING(VGCS_BSS_EV_UL_RELEASE),
1616 OSMO_VALUE_STRING(VGCS_BSS_EV_CLEAR),
1617 OSMO_VALUE_STRING(VGCS_BSS_EV_CLOSE),
1618 OSMO_VALUE_STRING(VGCS_BSS_EV_RELEASED),
1619 { }
1620};
1621
1622/* Blocks or unblocks uplinks of a BSS. */
1623static int update_uplink_state(struct vgcs_bss *bss, bool uplink_busy)
1624{
1625 struct ran_msg ran_msg;
1626 int rc;
1627
1628 if (uplink_busy) {
1629 /* Send UPLINK SEIZED COMMAND to BSS. */
1630 LOG_BSS(bss, LOGL_DEBUG, "Sending (VGCS) UPLINK SEIZED COMMAND towards BSS.\n");
1631 ran_msg = (struct ran_msg){
1632 .msg_type = RAN_MSG_UPLINK_SEIZED_CMD,
1633 .uplink_seized_cmd = {
1634 .cause = GSM0808_CAUSE_CALL_CONTROL,
1635 },
1636 };
1637 } else {
1638 /* Send UPLINK RELEASE COMMAND to BSS. */
1639 LOG_BSS(bss, LOGL_DEBUG, "Sending (VGCS) UPLINK RELEASE COMMAND towards BSS.\n");
1640 ran_msg = (struct ran_msg){
1641 .msg_type = RAN_MSG_UPLINK_RELEASE_CMD,
1642 .uplink_release_cmd = {
1643 .cause = GSM0808_CAUSE_CALL_CONTROL,
1644 },
1645 };
1646 }
1647
1648 rc = ran_encode_and_send(bss->fi, &ran_msg, bss->conn, false);
1649
1650 return rc;
1651}
1652
1653/* Clear the connection towards BSS.
1654 * The instance is removed soon, so it is detached from transaction and cells. */
1655static void bss_clear(struct vgcs_bss *bss, uint8_t cause, bool notify_trans)
1656{
1657 struct ran_msg ran_msg;
1658 struct gsm_trans *trans = bss->trans;
1659 struct vgcs_bss_cell *cell, *cell2;
1660
1661 /* Must detach us from transaction. */
1662 if (bss->trans) {
1663 /* Remove pointer to talking BSS and cell. */
1664 if (bss == bss->trans->gcc.uplink_bss) {
1665 bss->trans->gcc.uplink_bss = NULL;
1666 bss->trans->gcc.uplink_cell = NULL;
1667 }
1668 llist_del(&bss->list);
1669 bss->trans = NULL;
1670 }
1671
1672 /* Change state. */
1673 osmo_fsm_inst_state_chg(bss->fi, VGCS_BSS_ST_RELEASE, 0, 0);
1674
1675 /* Send Clear Command to BSS. */
1676 ran_msg = (struct ran_msg){
1677 .msg_type = RAN_MSG_CLEAR_COMMAND,
1678 .clear_command = {
1679 .gsm0808_cause = cause,
1680 },
1681 };
1682 if (bss->conn) {
1683 LOG_BSS(bss, LOGL_DEBUG, "Sending CLEAR COMMAND for call controling channel.\n");
1684 ran_encode_and_send(bss->fi, &ran_msg, bss->conn, false);
1685 }
1686
1687 /* Trigger clear of all cells. Be safe, because the process will remove cells from list. */
1688 llist_for_each_entry_safe(cell, cell2, &bss->cell_list, list_bss)
1689 osmo_fsm_inst_dispatch(cell->fi, VGCS_CELL_EV_CLEAR, NULL);
1690
1691 /* Detach us from all BSS, if still linked */
1692 llist_for_each_entry_safe(cell, cell2, &bss->cell_list, list_bss) {
1693 llist_del(&cell->list_bss);
1694 cell->bss = NULL;
1695 }
1696
1697 /* If all BS are gone, notify calling subscriber process. */
1698 if (notify_trans && trans && llist_empty(&trans->gcc.bss_list)) {
1699 LOG_BSS(bss, LOGL_DEBUG, "Notify calling user process, that all BSSs are cleared.\n");
1700 osmo_fsm_inst_dispatch(trans->gcc.fi, VGCS_GCC_EV_BSS_RELEASED, NULL);
1701 }
1702}
1703
1704/* When finally the BSS connection is released. (CLEAR COMPLETE response)
1705 * The instance is removed, so it is detached from transaction and cells, if not already. */
1706static void bss_destroy(struct vgcs_bss *bss)
1707{
1708 struct vgcs_bss_cell *cell, *cell2;
1709
1710 LOG_BSS(bss, LOGL_DEBUG, "Removing BSS call controling instance.\n");
1711
1712 /* Must detach us from transaction, if not already. */
1713 if (bss->trans) {
1714 /* Remove pointer to talking BSS and cell. */
1715 if (bss == bss->trans->gcc.uplink_bss) {
1716 bss->trans->gcc.uplink_bss = NULL;
1717 bss->trans->gcc.uplink_cell = NULL;
1718 }
1719 llist_del(&bss->list);
1720 bss->trans = NULL;
1721 }
1722
1723 /* Detach us from RAN connection. */
1724 if (bss->conn) {
1725 if (bss->conn->vgcs.bss == bss)
1726 bss->conn->vgcs.bss = NULL;
1727 if (bss->conn->vgcs.cell == bss)
1728 bss->conn->vgcs.cell = NULL;
1729 ran_conn_close(bss->conn);
1730 bss->conn = NULL;
1731 }
1732
1733 /* Detach us from all BSS, if still linked */
1734 llist_for_each_entry_safe(cell, cell2, &bss->cell_list, list_bss) {
1735 llist_del(&cell->list_bss);
1736 cell->bss = NULL;
1737 }
1738
1739 /* Free FSM. (should be allocated) */
1740 osmo_fsm_inst_state_chg(bss->fi, VGCS_BSS_ST_NULL, 0, 0);
1741 osmo_fsm_inst_term(bss->fi, OSMO_FSM_TERM_REGULAR, NULL);
1742}
1743
1744/* Get identity of talker.
1745 * This is required to detect if the talker is the calling subscriber. */
1746static int talker_identity(struct vgcs_bss *bss, uint8_t *l3, int l3_len)
1747{
1748 struct osmo_mobile_identity mi;
1749 int rc;
1750
1751 puts(osmo_hexdump(l3, l3_len));
1752 rc = osmo_mobile_identity_decode_from_l3_buf(&mi, l3, l3_len, false);
1753 if (rc < 0) {
1754 LOG_BSS(bss, LOGL_DEBUG, "Talker's Identity cannot be decoded.\n");
1755 return rc;
1756 }
1757
1758 switch (mi.type) {
1759 case GSM_MI_TYPE_IMSI:
1760 if (!bss->trans->vsub)
1761 break;
1762 LOG_BSS(bss, LOGL_DEBUG, "Talker's sends IMSI %s, originator has IMSI %s.\n",
1763 mi.imsi, bss->trans->vsub->imsi);
1764 if (!strcmp(mi.imsi, bss->trans->vsub->imsi))
1765 return 1;
1766 break;
1767 case GSM_MI_TYPE_TMSI:
1768 if (!bss->trans->vsub)
1769 break;
1770 LOG_BSS(bss, LOGL_DEBUG, "Talker's sends TMSI 0x%08x, originator has TMSI 0x%08x.\n",
1771 mi.tmsi, bss->trans->vsub->tmsi);
1772 if (mi.tmsi == bss->trans->vsub->tmsi)
1773 return 1;
1774 break;
1775 default:
1776 LOG_BSS(bss, LOGL_DEBUG, "Talker's Identity is not IMSI nor TMSI.\n");
1777 return -EINVAL;
1778 }
1779
1780 return 0;
1781}
1782
1783static void vgcs_bss_fsm_null(struct osmo_fsm_inst *fi, uint32_t event, void *data)
1784{
1785 struct vgcs_bss *bss = fi->priv;
1786 struct ran_msg ran_msg;
1787
1788 switch (event) {
1789 case VGCS_BSS_EV_SETUP:
1790 /* Change state. */
1791 osmo_fsm_inst_state_chg(fi, VGCS_BSS_ST_SETUP, 0, 0);
1792 /* Send VGCS/VBS SETUP to BSS. */
1793 LOG_BSS(bss, LOGL_DEBUG, "Sending VGCS/VBS SETUP towards BSS.\n");
1794 ran_msg = (struct ran_msg){
1795 .msg_type = RAN_MSG_VGCS_VBS_SETUP,
1796 .vgcs_vbs_setup = {
1797 .callref = {
1798 .sf = (bss->trans->type == TRANS_GCC),
1799 },
1800 .vgcs_feature_flags_present = true,
1801 },
1802 };
1803 osmo_store32be_ext(bss->callref >> 3, &ran_msg.vgcs_vbs_setup.callref.call_ref_hi, 3);
1804 ran_msg.vgcs_vbs_setup.callref.call_ref_lo = bss->callref & 0x7;
1805 /* First message, so we must set "initial" to "true". */
1806 ran_encode_and_send(fi, &ran_msg, bss->conn, true);
1807 break;
1808 case VGCS_BSS_EV_CLEAR:
1809 /* The calling user process requested clearing of VGCS/VBS call. */
1810 LOG_BSS(bss, LOGL_DEBUG, "Received clearing from calling user process.\n");
1811 bss_clear(bss, GSM0808_CAUSE_CALL_CONTROL, false);
1812 break;
1813 default:
1814 OSMO_ASSERT(false);
1815 }
1816}
1817
1818static void vgcs_bss_fsm_setup(struct osmo_fsm_inst *fi, uint32_t event, void *data)
1819{
1820 struct vgcs_bss *bss = fi->priv;
1821 struct vgcs_bss_cell *cell, *cell2;
1822
1823 switch (event) {
1824 case VGCS_BSS_EV_SETUP_ACK:
1825 /* Receive VGCS/VBS SETUP ACK from BSS. */
1826 LOG_BSS(bss, LOGL_DEBUG, "Received VGCS/VBS SETUP ACK from BSS.\n");
1827 /* Send current uplink state to this BSS. */
1828 if (bss->trans)
1829 update_uplink_state(bss, bss->trans->gcc.uplink_busy);
1830 /* Change state. */
1831 osmo_fsm_inst_state_chg(fi, VGCS_BSS_ST_ASSIGNMENT, 0, 0);
1832 /* Trigger VGCS/VBS ASSIGNMENT */
1833 llist_for_each_entry_safe(cell, cell2, &bss->cell_list, list_bss)
1834 osmo_fsm_inst_dispatch(cell->fi, VGCS_CELL_EV_ASSIGN, NULL);
1835 /* If all failed, clear call. */
1836 if (llist_empty(&bss->cell_list)) {
1837 LOG_BSS(bss, LOGL_NOTICE, "All VGCS/VBS assignments failed.\n");
1838 bss_clear(bss, GSM0808_CAUSE_PROTOCOL_ERROR_BETWEEN_BSS_AND_MSC, true);
1839 break;
1840 }
1841 break;
1842 case VGCS_BSS_EV_SETUP_REFUSE:
1843 /* Received VGCS/VBS SETUP REFUSE from BSS. */
1844 LOG_BSS(bss, LOGL_NOTICE, "Received VGCS/VBS SETUP REFUSE from BSS.\n");
1845 bss_clear(bss, GSM0808_CAUSE_PROTOCOL_ERROR_BETWEEN_BSS_AND_MSC, true);
1846 break;
1847 case VGCS_BSS_EV_CLEAR:
1848 /* The calling user process requested clearing of VGCS/VBS call. */
1849 LOG_BSS(bss, LOGL_DEBUG, "Received clearing from calling user process.\n");
1850 bss_clear(bss, GSM0808_CAUSE_CALL_CONTROL, false);
1851 break;
1852 case VGCS_BSS_EV_CLOSE:
1853 /* The SCCP connection from the MSC has been closed. */
1854 LOG_BSS(bss, LOGL_NOTICE, "Received SCCP connecting closing from MSC.\n");
1855 if (bss->conn) {
1856 bss->conn->vgcs.bss = NULL;
1857 bss->conn = NULL;
1858 }
1859 bss_clear(bss, GSM0808_CAUSE_PROTOCOL_ERROR_BETWEEN_BSS_AND_MSC, true);
1860 break;
1861 default:
1862 OSMO_ASSERT(false);
1863 }
1864}
1865
1866static void vgcs_bss_fsm_assignment(struct osmo_fsm_inst *fi, uint32_t event, void *data)
1867{
1868 struct vgcs_bss *bss = fi->priv;
1869 struct vgcs_bss_cell *c;
1870 bool assigned;
1871
1872 switch (event) {
1873 case VGCS_BSS_EV_ACTIVE_OR_FAIL:
1874 /* If all gone, clear call. */
1875 if (llist_empty(&bss->cell_list)) {
1876 LOG_BSS(bss, LOGL_NOTICE, "All VGCS/VBS assignments failed.\n");
1877 bss_clear(bss, GSM0808_CAUSE_PROTOCOL_ERROR_BETWEEN_BSS_AND_MSC, true);
1878 break;
1879 }
1880 /* Is there a response for all cells?
1881 * This means that all the channels have a positive response
1882 * There is no channel with negative response, because a
1883 * negative response will remove the channel. */
1884 assigned = true;
1885 llist_for_each_entry(c, &bss->cell_list, list_bss) {
1886 if (!c->assigned)
1887 assigned = false;
1888 }
1889 if (!assigned)
1890 break;
1891 LOG_BSS(bss, LOGL_DEBUG, "All VGCS/VBS assignments have responded.\n");
1892 /* Change state. */
1893 osmo_fsm_inst_state_chg(fi, VGCS_BSS_ST_ACTIVE, 0, 0);
1894 /* Notify calling subscriber process. */
1895 LOG_BSS(bss, LOGL_DEBUG, "Notify calling user process, that all BSSs are connected.\n");
1896 if (bss->trans)
1897 osmo_fsm_inst_dispatch(bss->trans->gcc.fi, VGCS_GCC_EV_BSS_ESTABLISHED, NULL);
1898 break;
1899 case VGCS_BSS_EV_CLEAR:
1900 /* The calling user process requested clearing of VGCS/VBS call. */
1901 LOG_BSS(bss, LOGL_DEBUG, "Received clearing from calling user process.\n");
1902 bss_clear(bss, GSM0808_CAUSE_CALL_CONTROL, false);
1903 break;
1904 case VGCS_BSS_EV_CLOSE:
1905 /* The SCCP connection from the MSC has been closed. */
1906 LOG_BSS(bss, LOGL_NOTICE, "Received SCCP connecting closing from MSC.\n");
1907 if (bss->conn) {
1908 bss->conn->vgcs.bss = NULL;
1909 bss->conn = NULL;
1910 }
1911 bss_clear(bss, GSM0808_CAUSE_PROTOCOL_ERROR_BETWEEN_BSS_AND_MSC, true);
1912 break;
1913 default:
1914 OSMO_ASSERT(false);
1915 }
1916}
1917
1918static void vgcs_bss_fsm_active(struct osmo_fsm_inst *fi, uint32_t event, void *data)
1919{
1920 struct vgcs_bss *bss = fi->priv, *other;
1921 struct ran_msg *rx_ran_msg = data;
1922 struct ran_msg tx_ran_msg;
1923 int rc;
1924
1925 switch (event) {
1926 case VGCS_BSS_EV_UL_REQUEST:
1927 LOG_BSS(bss, LOGL_DEBUG, "Listener changed to talker.\n");
1928 if (!bss->trans)
1929 break;
1930 /* Someone is talking. Check if there is no other uplink already busy.
1931 * This should not happen, since all other cells are blocked (SEIZED) as soon as the uplink was
1932 * requested. This may happen due to a race condition, where the uplink was requested before the
1933 * UPLINK SEIZED COMMAND has been received by BSS. */
1934 if (bss->trans->gcc.uplink_busy) {
1935 /* Send UPLINK REJECT COMMAND to BSS. */
1936 LOG_BSS(bss, LOGL_DEBUG, "Sending (VGCS) UPLINK REJECT COMMAND towards BSS.\n");
1937 tx_ran_msg = (struct ran_msg){
1938 .msg_type = RAN_MSG_UPLINK_REJECT_CMD,
1939 .uplink_reject_cmd = {
1940 .cause = GSM0808_CAUSE_CALL_CONTROL,
1941 },
1942 };
1943 ran_encode_and_send(fi, &tx_ran_msg, bss->conn, false);
1944 break;
1945 }
1946 /* Send UPLINK REQUEST ACKNOWLEDGE to BSS. */
1947 LOG_BSS(bss, LOGL_DEBUG, "Sending (VGCS) UPLINK REQUEST ACKNOWLEDGE towards BSS.\n");
1948 tx_ran_msg = (struct ran_msg){
1949 .msg_type = RAN_MSG_UPLINK_REQUEST_ACK,
1950 };
1951 ran_encode_and_send(fi, &tx_ran_msg, bss->conn, false);
1952 /* Set the busy flag and block all other cells. */
1953 bss->trans->gcc.uplink_bss = bss;
1954 bss->trans->gcc.uplink_busy = true;
1955 bss->trans->gcc.uplink_originator = false;
1956 llist_for_each_entry(other, &bss->trans->gcc.bss_list, list) {
1957 if (other == bss)
1958 continue;
1959 /* Update uplink state. */
1960 update_uplink_state(bss, bss->trans->gcc.uplink_busy);
1961 }
1962 /* Stop inactivity timer. */
1963 stop_inactivity_timer(bss->trans);
1964 break;
1965 case VGCS_BSS_EV_UL_REQUEST_CNF:
1966 LOG_BSS(bss, LOGL_DEBUG, "Talker established uplink.\n");
1967 if (!bss->trans)
1968 break;
1969 if (!bss->trans->gcc.uplink_busy || bss->trans->gcc.uplink_bss != bss) {
1970 LOG_BSS(bss, LOGL_ERROR, "Got UL REQUEST CNF, but we did not granted uplink.\n");
1971 break;
1972 }
1973 /* Determine if talker is the originator of the call. */
1974 rc = talker_identity(bss, rx_ran_msg->uplink_request_cnf.l3.l3,
1975 rx_ran_msg->uplink_request_cnf.l3.l3_len);
1976 if (rc > 0) {
1977 bss->trans->gcc.uplink_originator = true;
1978 LOG_BSS(bss, LOGL_DEBUG, "Talker is the originator of the call.\n");
1979 }
1980 /* Set parameter. */
1981 set_parameter(bss->trans);
1982 /* Set cell of current talker. */
1983 set_uplink_cell(bss, &rx_ran_msg->uplink_request_cnf.cell_identifier, 0);
1984 /* Set MGW conference. */
1985 set_mgw_conference(bss->trans);
1986 break;
1987 case VGCS_BSS_EV_UL_APP_DATA:
1988 LOG_BSS(bss, LOGL_DEBUG, "Talker sends application data on uplink.\n");
1989 if (!bss->trans)
1990 break;
1991 if (!bss->trans->gcc.uplink_busy || bss->trans->gcc.uplink_bss != bss) {
1992 LOG_BSS(bss, LOGL_ERROR, "Got UP APP DATA, but we did not granted uplink.\n");
1993 break;
1994 }
1995 // FIXME: Use L3 info and feed to app.
1996 break;
1997 case VGCS_BSS_EV_BSS_DTAP:
1998 LOG_BSS(bss, LOGL_DEBUG, "Talker sends DTAP message.\n");
1999 if (!bss->trans)
2000 break;
2001 if (!bss->trans->gcc.uplink_busy || bss->trans->gcc.uplink_bss != bss) {
2002 LOG_BSS(bss, LOGL_ERROR, "Got DTAP from BSS, but we did not granted uplink.\n");
2003 break;
2004 }
2005 gsm44068_rcv_bcc_gcc(NULL, bss->trans, rx_ran_msg->dtap);
2006 break;
2007 case VGCS_BSS_EV_UL_RELEASE:
2008 LOG_BSS(bss, LOGL_DEBUG, "Talker released uplink.\n");
2009 if (!bss->trans)
2010 break;
2011 if (bss->trans->type == TRANS_BCC) {
2012 LOG_BSS(bss, LOGL_DEBUG, "This is a broadcast call, terminating call.\n");
2013 gcc_terminate_and_destroy(bss->trans, OSMO_GSM44068_CAUSE_NORMAL_CALL_CLEARING);
2014 break;
2015 }
2016 if (!bss->trans->gcc.uplink_busy) {
2017 LOG_BSS(bss, LOGL_NOTICE, "Got uplink release, but no uplink busy.\n");
2018 break;
2019 }
2020 /* Talker release the uplink. Ignore, if not from the current talking cell. */
2021 if (bss->trans->gcc.uplink_bss != bss) {
2022 LOG_BSS(bss, LOGL_NOTICE, "Got uplink release, but uplink busy in other cell.\n");
2023 break;
2024 }
2025 /* Clear the busy flag and unblock all other cells. */
2026 bss->trans->gcc.uplink_bss = NULL;
2027 bss->trans->gcc.uplink_cell = NULL;
2028 bss->trans->gcc.uplink_busy = false;
2029 llist_for_each_entry(other, &bss->trans->gcc.bss_list, list) {
2030 if (other == bss)
2031 continue;
2032 /* Update uplink state. */
2033 if (bss->trans)
2034 update_uplink_state(bss, bss->trans->gcc.uplink_busy);
2035 }
2036 /* Set MGW conference. */
2037 set_mgw_conference(bss->trans);
2038 /* Start inactivity timer. */
2039 start_inactivity_timer(bss->trans);
2040 break;
2041 case VGCS_BSS_EV_CLEAR:
2042 /* The calling user process requested clearing of VGCS/VBS call. */
2043 LOG_BSS(bss, LOGL_DEBUG, "Received clearing from calling user process.\n");
2044 bss_clear(bss, GSM0808_CAUSE_CALL_CONTROL, false);
2045 break;
2046 case VGCS_BSS_EV_CLOSE:
2047 /* The SCCP connection from the MSC has been closed. */
2048 LOG_BSS(bss, LOGL_NOTICE, "Received SCCP connecting closing from MSC.\n");
2049 if (bss->conn) {
2050 bss->conn->vgcs.bss = NULL;
2051 bss->conn = NULL;
2052 }
2053 bss_clear(bss, GSM0808_CAUSE_PROTOCOL_ERROR_BETWEEN_BSS_AND_MSC, true);
2054 break;
2055 default:
2056 OSMO_ASSERT(false);
2057 }
2058}
2059
2060static void vgcs_bss_fsm_release(struct osmo_fsm_inst *fi, uint32_t event, void *data)
2061{
2062 struct vgcs_bss *bss = fi->priv;
2063
2064 switch (event) {
2065 case VGCS_BSS_EV_CLOSE:
2066 /* The SCCP connection from the MSC has been closed while waitring fro CLEAR COMPLETE. */
2067 LOG_BSS(bss, LOGL_NOTICE, "Received SCCP closing collision.\n");
2068 bss_destroy(bss);
2069 break;
2070 case VGCS_BSS_EV_RELEASED:
2071 LOG_BSS(bss, LOGL_DEBUG, "Received CLEAR COMPLETE from BSS, we are done!\n");
2072 bss_destroy(bss);
2073 break;
2074 default:
2075 OSMO_ASSERT(false);
2076 }
2077}
2078
2079static const struct osmo_fsm_state vgcs_bss_fsm_states[] = {
2080 [VGCS_BSS_ST_NULL] = {
2081 .name = "NULL",
2082 .in_event_mask = S(VGCS_BSS_EV_SETUP) |
2083 S(VGCS_BSS_EV_CLEAR),
2084 .out_state_mask = S(VGCS_BSS_ST_SETUP),
2085 .action = vgcs_bss_fsm_null,
2086 },
2087 [VGCS_BSS_ST_SETUP] = {
2088 .name = "SETUP sent",
2089 .in_event_mask = S(VGCS_BSS_EV_SETUP_ACK) |
2090 S(VGCS_BSS_EV_SETUP_REFUSE) |
2091 S(VGCS_BSS_EV_CLEAR) |
2092 S(VGCS_BSS_EV_CLOSE),
2093 .out_state_mask = S(VGCS_BSS_ST_ASSIGNMENT) |
2094 S(VGCS_BSS_ST_RELEASE),
2095 .action = vgcs_bss_fsm_setup,
2096 },
2097 [VGCS_BSS_ST_ASSIGNMENT] = {
2098 .name = "ASSIGNMENT Sent",
2099 .in_event_mask = S(VGCS_BSS_EV_ACTIVE_OR_FAIL) |
2100 S(VGCS_BSS_EV_CLEAR) |
2101 S(VGCS_BSS_EV_CLOSE),
2102 .out_state_mask = S(VGCS_BSS_ST_ACTIVE) |
2103 S(VGCS_BSS_ST_RELEASE),
2104 .action = vgcs_bss_fsm_assignment,
2105 },
2106 [VGCS_BSS_ST_ACTIVE] = {
2107 .name = "VGCS/VBS Active",
2108 .in_event_mask = S(VGCS_BSS_EV_UL_REQUEST) |
2109 S(VGCS_BSS_EV_UL_REQUEST_CNF) |
2110 S(VGCS_BSS_EV_UL_APP_DATA) |
2111 S(VGCS_BSS_EV_BSS_DTAP) |
2112 S(VGCS_BSS_EV_UL_RELEASE) |
2113 S(VGCS_BSS_EV_CLEAR) |
2114 S(VGCS_BSS_EV_CLOSE),
2115 .out_state_mask = S(VGCS_BSS_ST_RELEASE),
2116 .action = vgcs_bss_fsm_active,
2117 },
2118 [VGCS_BSS_ST_RELEASE] = {
2119 .name = "Releasing VGCS/VBS control",
2120 .in_event_mask = S(VGCS_BSS_EV_CLEAR) |
2121 S(VGCS_BSS_EV_RELEASED),
2122 .out_state_mask = S(VGCS_BSS_ST_NULL),
2123 .action = vgcs_bss_fsm_release,
2124 },
2125};
2126
2127static struct osmo_fsm vgcs_bss_fsm = {
2128 .name = "vgcs_bss",
2129 .states = vgcs_bss_fsm_states,
2130 .num_states = ARRAY_SIZE(vgcs_bss_fsm_states),
2131 .log_subsys = DASCI,
2132 .event_names = vgcs_bss_fsm_event_names,
2133};
2134
2135/* The BSS accepts VGCS/VBS and sends us supported features. */
2136void vgcs_vbs_setup_ack(struct vgcs_bss *bss, const struct ran_msg *ran_msg)
2137{
2138 if (!bss->trans)
2139 return;
2140 osmo_fsm_inst_dispatch(bss->fi, VGCS_BSS_EV_SETUP_ACK, (void *)ran_msg);
2141}
2142
2143/* The BSS refuses VGCS/VBS. */
2144void vgcs_vbs_setup_refuse(struct vgcs_bss *bss, const struct ran_msg *ran_msg)
2145{
2146 if (!bss->trans)
2147 return;
2148 osmo_fsm_inst_dispatch(bss->fi, VGCS_BSS_EV_SETUP_REFUSE, (void *)ran_msg);
2149}
2150
2151/* The BSS needs more time for VGCS/VBS channel assignment. */
2152void vgcs_vbs_queuing_ind(struct vgcs_bss_cell *cell)
2153{
2154 if (!cell->bss)
2155 return;
2156}
2157
2158/* A mobile station requests the uplink on a VGCS channel. */
2159void vgcs_uplink_request(struct vgcs_bss *bss, const struct ran_msg *ran_msg)
2160{
2161 if (!bss->trans)
2162 return;
2163 osmo_fsm_inst_dispatch(bss->fi, VGCS_BSS_EV_UL_REQUEST, (void *)ran_msg);
2164}
2165
2166/* The uplink on a VGCS channel has been established. */
2167void vgcs_uplink_request_cnf(struct vgcs_bss *bss, const struct ran_msg *ran_msg)
2168{
2169 if (!bss->trans)
2170 return;
2171 osmo_fsm_inst_dispatch(bss->fi, VGCS_BSS_EV_UL_REQUEST_CNF, (void *)ran_msg);
2172}
2173
2174/* Application data received on the uplink of a VGCS channel. */
2175void vgcs_app_data(struct vgcs_bss *bss, const struct ran_msg *ran_msg)
2176{
2177 if (!bss->trans)
2178 return;
2179 osmo_fsm_inst_dispatch(bss->fi, VGCS_BSS_EV_UL_APP_DATA, (void *)ran_msg);
2180}
2181
2182/* Application data received on the uplink of a VGCS channel. */
2183void vgcs_bss_dtap(struct vgcs_bss *bss, const struct ran_msg *ran_msg)
2184{
2185 if (!bss->trans)
2186 return;
2187 osmo_fsm_inst_dispatch(bss->fi, VGCS_BSS_EV_BSS_DTAP, (void *)ran_msg);
2188}
2189
2190/* A mobile station releases the uplink on a VGCS channel. */
2191void vgcs_uplink_release_ind(struct vgcs_bss *bss, const struct ran_msg *ran_msg)
2192{
2193 if (!bss->trans)
2194 return;
2195 osmo_fsm_inst_dispatch(bss->fi, VGCS_BSS_EV_UL_RELEASE, (void *)ran_msg);
2196}
2197
2198/* The BSS gives cell status about VGCS/VBS channel. */
2199void vgcs_vbs_assign_status(struct vgcs_bss_cell *cell, const struct ran_msg *ran_msg)
2200{
2201 if (!cell->bss)
2202 return;
2203}
2204
2205void vgcs_vbs_caller_assign_cpl(struct gsm_trans *trans)
2206{
2207 osmo_fsm_inst_dispatch(trans->gcc.fi, VGCS_GCC_EV_BSS_ASSIGN_CPL, NULL);
2208}
2209
2210void vgcs_vbs_caller_assign_fail(struct gsm_trans *trans)
2211{
2212 osmo_fsm_inst_dispatch(trans->gcc.fi, VGCS_GCC_EV_BSS_ASSIGN_FAIL, NULL);
2213}
2214
2215/* BSS indicated that the channel has been released. */
2216void vgcs_vbs_clear_req(struct vgcs_bss *bss, const struct ran_msg *ran_msg)
2217{
2218 osmo_fsm_inst_dispatch(bss->fi, VGCS_BSS_EV_CLOSE, (void *)ran_msg);
2219}
2220
2221/* BSS indicated that the channel has been released. */
2222void vgcs_vbs_clear_cpl(struct vgcs_bss *bss, const struct ran_msg *ran_msg)
2223{
2224 osmo_fsm_inst_dispatch(bss->fi, VGCS_BSS_EV_RELEASED, (void *)ran_msg);
2225}
2226
2227/*
2228 * Cell resource state machine - handles all "resource control" instances
2229 */
2230
2231static const struct value_string vgcs_cell_fsm_event_names[] = {
2232 OSMO_VALUE_STRING(VGCS_CELL_EV_RTP_STREAM_GONE),
2233 OSMO_VALUE_STRING(VGCS_CELL_EV_RTP_STREAM_ADDR_AVAILABLE),
2234 OSMO_VALUE_STRING(VGCS_CELL_EV_RTP_STREAM_ESTABLISHED),
2235 OSMO_VALUE_STRING(VGCS_CELL_EV_ASSIGN),
2236 OSMO_VALUE_STRING(VGCS_CELL_EV_ASSIGN_RES),
2237 OSMO_VALUE_STRING(VGCS_CELL_EV_ASSIGN_FAIL),
2238 OSMO_VALUE_STRING(VGCS_CELL_EV_CLEAR),
2239 OSMO_VALUE_STRING(VGCS_CELL_EV_CLOSE),
2240 OSMO_VALUE_STRING(VGCS_CELL_EV_RELEASED),
2241 { }
2242};
2243
2244static void cell_destroy(struct vgcs_bss_cell *cell);
2245
2246/* Clear the connection towards BSS.
2247 * Relations to the BSS and transaction is removed. */
2248static void cell_clear(struct vgcs_bss_cell *cell, uint8_t cause)
2249{
2250 struct ran_msg ran_msg;
2251
2252 /* Must detach us from BSS. */
2253 if (cell->bss) {
2254 /* Remove pointer to talking channel. */
2255 if (cell->bss->trans && cell->bss->trans->gcc.uplink_cell == cell)
2256 cell->bss->trans->gcc.uplink_cell = NULL;
2257 llist_del(&cell->list_bss);
2258 cell->bss = NULL;
2259 }
2260
2261 /* Change state. */
2262 if (cell->fi->state != VGCS_CELL_ST_RELEASE)
2263 osmo_fsm_inst_state_chg(cell->fi, VGCS_CELL_ST_RELEASE, 0, 0);
2264
2265 /* If there is no event to wait for, we can just destroy. */
2266 if (!cell->conn && !cell->rtps) {
2267 cell_destroy(cell);
2268 return;
2269 }
2270
2271 /* Send Clear Command to BSS. */
2272 if (cell->conn) {
2273 ran_msg = (struct ran_msg){
2274 .msg_type = RAN_MSG_CLEAR_COMMAND,
2275 .clear_command = {
2276 .gsm0808_cause = cause,
2277 },
2278 };
2279 LOG_CELL(cell, LOGL_DEBUG, "Sending CLEAR COMMAND for call controling channel.\n");
2280 ran_encode_and_send(cell->fi, &ran_msg, cell->conn, false);
2281 }
2282
2283 /* Clear RTP stream. This may trigger VGCS_CELL_EV_RTP_STREAM_GONE within this release function. */
2284 if (cell->rtps)
2285 rtp_stream_release(cell->rtps);
2286}
2287
2288/* When finally the BSS connection is released. (CLEAR COMPLETE response)
2289 * Relations to the BSS and transaction is removed, if not already. */
2290static void cell_destroy(struct vgcs_bss_cell *cell)
2291{
2292 struct vgcs_mgw_ep *mgw;
2293
2294 /* close RAN conn */
2295 if (cell->conn) {
2296 cell->conn->vgcs.cell = NULL;
2297 ran_conn_close(cell->conn);
2298 cell->conn = NULL;
2299 }
2300
2301 /* Detach from BSS now. Check, to prevent race condition. */
2302 if (cell->bss) {
2303 /* Remove pointer to talking channel. */
2304 if (cell->bss->trans && cell->bss->trans->gcc.uplink_cell == cell)
2305 cell->bss->trans->gcc.uplink_cell = NULL;
2306 llist_del(&cell->list_bss);
2307 cell->bss = NULL;
2308 }
2309
2310 /* Detach from MGW now. Check, to prevent race condition. */
2311 if (cell->mgw) {
2312 mgw = cell->mgw;
2313 llist_del(&cell->list_mgw);
2314 cell->mgw = NULL;
2315 /* Destroy MGW endpoint, if list is empty. */
2316 if (llist_empty(&mgw->cell_list))
2317 osmo_fsm_inst_dispatch(mgw->fi, VGCS_MGW_EP_EV_CLEAR, NULL);
2318 }
2319
2320 LOG_CELL(cell, LOGL_DEBUG, "Detroy connection to cell.\n");
2321
2322 /* Free FSM. (should be allocated) */
2323 osmo_fsm_inst_state_chg(cell->fi, VGCS_CELL_ST_NULL, 0, 0);
2324 osmo_fsm_inst_term(cell->fi, OSMO_FSM_TERM_REGULAR, NULL);
2325}
2326
2327static void vgcs_cell_fsm_null(struct osmo_fsm_inst *fi, uint32_t event, void *data)
2328{
2329 struct vgcs_bss_cell *cell = fi->priv;
2330 const struct codec_mapping *cm;
2331 int rc;
2332
2333 switch (event) {
2334 case VGCS_CELL_EV_ASSIGN:
2335 LOG_CELL(cell, LOGL_DEBUG, "Received assignment from BSS controling process.\n");
2336 /* Allocate rtps stream. */
2337 cell->rtps = rtp_stream_alloc(cell->fi, VGCS_CELL_EV_RTP_STREAM_GONE,
2338 VGCS_CELL_EV_RTP_STREAM_ADDR_AVAILABLE,
2339 VGCS_CELL_EV_RTP_STREAM_ESTABLISHED, RTP_TO_RAN, cell->call_id,
2340 NULL);
2341 if (!cell->rtps) {
2342 LOG_CELL(cell, LOGL_DEBUG, "Failed to allocate RTP stream, cannot continue.\n");
2343 cell_destroy(cell);
2344 break;
2345 }
2346 /* Hard coded codec: GSM V1 */
2347 cm = codec_mapping_by_gsm0808_speech_codec_type(GSM0808_SCT_FR1);
2348 rtp_stream_set_one_codec(cell->rtps, &cm->sdp);
2349 /* Set initial mode. */
2350 rtp_stream_set_mode(cell->rtps, MGCP_CONN_RECV_ONLY);
2351 /* Commit RTP stream. */
2352 if (!cell->bss && !cell->bss->trans) {
2353 LOG_CELL(cell, LOGL_DEBUG, "No transaction, cannot continue.\n");
2354 cell_clear(cell, GSM0808_CAUSE_PROTOCOL_ERROR_BETWEEN_BSS_AND_MSC);
2355 break;
2356 }
2357 if (!cell->mgw && !cell->mgw->mgw_ep) {
2358 LOG_CELL(cell, LOGL_DEBUG, "No MGW endpoint, cannot continue.\n");
2359 cell_clear(cell, GSM0808_CAUSE_PROTOCOL_ERROR_BETWEEN_BSS_AND_MSC);
2360 break;
2361 }
2362 rc = rtp_stream_ensure_ci(cell->rtps, cell->mgw->mgw_ep);
2363 if (rc < 0) {
2364 LOG_CELL(cell, LOGL_DEBUG, "Failed to trigger RTP stream CI.\n");
2365 cell_clear(cell, GSM0808_CAUSE_PROTOCOL_ERROR_BETWEEN_BSS_AND_MSC);
2366 break;
2367 }
2368 /* Change state. */
2369 osmo_fsm_inst_state_chg(fi, VGCS_CELL_ST_ASSIGNMENT, 0, 0);
2370 break;
2371 case VGCS_CELL_EV_CLEAR:
2372 /* The calling user process requested clearing of VGCS/VBS call. */
2373 LOG_CELL(cell, LOGL_DEBUG, "Received clearing from BSS controling process.\n");
2374 cell_clear(cell, GSM0808_CAUSE_CALL_CONTROL);
2375 break;
2376 default:
2377 OSMO_ASSERT(false);
2378 }
2379}
2380
2381static void vgcs_cell_fsm_assignment(struct osmo_fsm_inst *fi, uint32_t event, void *data)
2382{
2383 struct vgcs_bss_cell *cell = fi->priv;
2384 struct ran_msg *rx_ran_msg = data;
2385 struct ran_msg tx_ran_msg;
2386 struct osmo_sockaddr_str ss;
2387 const struct codec_mapping *cm;
2388 struct vgcs_bss *bss;
2389 int rc;
2390
2391 switch (event) {
2392 case VGCS_CELL_EV_RTP_STREAM_GONE:
2393 /* The RTP stream failed. */
2394 LOG_CELL(cell, LOGL_ERROR, "RTP stream of MGW failed.\n");
2395 cell->rtps = NULL;
2396 goto channel_fail;
2397 break;
2398 case VGCS_CELL_EV_RTP_STREAM_ADDR_AVAILABLE:
2399 /* The RTP stream sends its peer. */
2400 if (!osmo_sockaddr_str_is_nonzero(&cell->rtps->local)) {
2401 LOG_CELL(cell, LOGL_ERROR, "Invalid RTP address received from MGW: " OSMO_SOCKADDR_STR_FMT "\n",
2402 OSMO_SOCKADDR_STR_FMT_ARGS(&cell->rtps->local));
2403 goto channel_fail;
2404 }
2405 LOG_CELL(cell, LOGL_DEBUG,
2406 "MGW endpoint's RTP address available for the CI %s: " OSMO_SOCKADDR_STR_FMT " (osmux=%s:%d)\n",
2407 rtp_direction_name(cell->rtps->dir), OSMO_SOCKADDR_STR_FMT_ARGS(&cell->rtps->local),
2408 cell->rtps->use_osmux ? "yes" : "no", cell->rtps->local_osmux_cid);
2409 /* Send VGCS/VBS ASSIGNMENT REQUEST to BSS */
2410 LOG_CELL(cell, LOGL_DEBUG, "Sending VGCS/VBS ASSIGNMENT REQUEST towards BSS.\n");
2411 tx_ran_msg = (struct ran_msg) {
2412 .msg_type = RAN_MSG_VGCS_VBS_ASSIGN_REQ,
2413 .vgcs_vbs_assign_req = {
2414 /* For now we support GSM/FR V1 only. This shall be supported by all MS. */
2415 .channel_type = {
2416 .ch_indctr = GSM0808_CHAN_SPEECH,
2417 .ch_rate_type = GSM0808_SPEECH_FULL_BM,
2418 .perm_spch_len = 1,
2419 .perm_spch[0] = GSM0808_PERM_FR1,
2420 },
2421 /* For now we want a channel without any delay. */
2422 .ass_req = GSM0808_ASRQ_IMMEDIATE,
2423 .callref = {
2424 .sf = (cell->trans_type == TRANS_GCC),
2425 },
2426 /* We need to identify the cell only. */
2427 .cell_identifier = {
2428 .id_discr = CELL_IDENT_CI,
2429 .id.ci = cell->cell_id,
2430 },
2431 .aoip_transport_layer_present = true,
2432 .call_id_present = true,
2433 .call_id = cell->call_id,
2434 .codec_list_present = true,
2435 .codec_list_msc_preferred = {
2436 .len = 1,
2437 .codec[0] = {
2438 .fi = 1,
2439 .type = GSM0808_SCT_FR1,
2440 .cfg = 0,
2441 },
2442 },
2443 },
2444 };
2445 osmo_store32be_ext(cell->callref >> 3, &tx_ran_msg.vgcs_vbs_assign_req.callref.call_ref_hi, 3);
2446 tx_ran_msg.vgcs_vbs_assign_req.callref.call_ref_lo = cell->callref & 0x7;
2447 osmo_sockaddr_str_to_sockaddr(&cell->rtps->local, &tx_ran_msg.vgcs_vbs_assign_req.aoip_transport_layer);
2448 /* First message, so we must set "initial" to "true". */
2449 ran_encode_and_send(fi, &tx_ran_msg, cell->conn, true);
2450 break;
2451 case VGCS_CELL_EV_RTP_STREAM_ESTABLISHED:
2452 /* The RTP stream established. */
2453 LOG_CELL(cell, LOGL_DEBUG, "RTP stream is established.\n");
2454 break;
2455 case VGCS_CELL_EV_ASSIGN_RES:
2456 /* Receive VGCS/VBS ASSIGNMENT RESULT from BSS. */
2457 LOG_CELL(cell, LOGL_DEBUG, "Received VGCS/VBS ASSIGNMENT RESULT from BSS.\n");
2458 cell->assigned = true;
2459 if (!rx_ran_msg->vgcs_vbs_assign_res.aoip_transport_layer_present
2460 && !rx_ran_msg->vgcs_vbs_assign_res.codec_present
2461 && !rx_ran_msg->vgcs_vbs_assign_res.call_id_present) {
2462 LOG_CELL(cell, LOGL_ERROR, "Mandatory IEs missing.\n");
2463 goto channel_fail;
2464 }
2465 /* Send remote peer to RTP stream. */
2466 if (osmo_sockaddr_str_from_sockaddr(&ss, &rx_ran_msg->vgcs_vbs_assign_res.aoip_transport_layer)) {
2467 LOG_CELL(cell, LOGL_ERROR, "Cannot RTP-CONNECT, invalid RTP IP:port in incoming MNCC "
2468 "message\n");
2469 goto channel_fail;
2470 }
2471 rtp_stream_set_remote_addr(cell->rtps, &ss);
2472 /* Send remote codec to RTP stream. */
2473 cm = codec_mapping_by_gsm0808_speech_codec_type(rx_ran_msg->vgcs_vbs_assign_res.codec_msc_chosen.type);
2474 if (!cm) {
2475 LOG_CELL(cell, LOGL_ERROR, "Chosen codec by BSC is not supported by MSC.\n");
2476 goto channel_fail;
2477 }
2478 rtp_stream_set_one_codec(cell->rtps, &cm->sdp);
2479 /* Set listening mode. */
2480 rtp_stream_set_mode(cell->rtps, MGCP_CONN_SEND_ONLY);
2481 /* Commit RTP stream. */
2482 rc = rtp_stream_commit(cell->rtps);
2483 if (rc < 0) {
2484 LOG_CELL(cell, LOGL_ERROR, "Failed to commit parameters to RTP stream.\n");
2485 goto channel_fail;
2486 }
2487 /* Change state. */
2488 osmo_fsm_inst_state_chg(fi, VGCS_CELL_ST_ACTIVE, 0, 0);
2489 /* Notify BSS FSM about channel activation. */
2490 if (cell->bss)
2491 osmo_fsm_inst_dispatch(cell->bss->fi, VGCS_BSS_EV_ACTIVE_OR_FAIL, NULL);
2492 break;
2493 case VGCS_CELL_EV_ASSIGN_FAIL:
2494 /* Received VGCS/VBS ASSIGNMENT FAILURE from BSS. */
2495 LOG_CELL(cell, LOGL_NOTICE, "Received VGCS/VBS ASSIGNMENT FAILURE from BSS.\n");
2496channel_fail:
2497 bss = cell->bss;
2498 /* Remove cell. */
2499 tx_ran_msg = (struct ran_msg){
2500 .msg_type = RAN_MSG_CLEAR_COMMAND,
2501 .clear_command = {
2502 .gsm0808_cause = GSM0808_CAUSE_PROTOCOL_ERROR_BETWEEN_BSS_AND_MSC,
2503 },
2504 };
2505 ran_encode_and_send(bss->fi, &tx_ran_msg, cell->conn, false);
2506 cell_clear(cell, GSM0808_CAUSE_PROTOCOL_ERROR_BETWEEN_BSS_AND_MSC);
2507 /* Notify BSS FSM about channel failure. */
2508 if (bss)
2509 osmo_fsm_inst_dispatch(bss->fi, VGCS_BSS_EV_ACTIVE_OR_FAIL, NULL);
2510 break;
2511 case VGCS_CELL_EV_CLEAR:
2512 /* The calling user process requested clearing of VGCS/VBS call. */
2513 LOG_CELL(cell, LOGL_DEBUG, "Received clearing from BSS controling process.\n");
2514 cell_clear(cell, GSM0808_CAUSE_CALL_CONTROL);
2515 break;
2516 case VGCS_CELL_EV_CLOSE:
2517 /* The SCCP connection from the MSC has been closed. */
2518 LOG_CELL(cell, LOGL_NOTICE, "Received SCCP connecting closing from MSC.\n");
2519 if (cell->conn) {
2520 cell->conn->vgcs.bss = NULL;
2521 cell->conn = NULL;
2522 }
2523 cell_clear(cell, GSM0808_CAUSE_PROTOCOL_ERROR_BETWEEN_BSS_AND_MSC);
2524 break;
2525 default:
2526 OSMO_ASSERT(false);
2527 }
2528}
2529
2530static void vgcs_cell_fsm_active(struct osmo_fsm_inst *fi, uint32_t event, void *data)
2531{
2532 struct vgcs_bss_cell *cell = fi->priv;
2533
2534 switch (event) {
2535 case VGCS_CELL_EV_RTP_STREAM_GONE:
2536 /* The RTP stream failed. */
2537 LOG_CELL(cell, LOGL_ERROR, "RTP stream of MGW failed.\n");
2538 cell->rtps = NULL;
2539 cell_clear(cell, GSM0808_CAUSE_PROTOCOL_ERROR_BETWEEN_BSS_AND_MSC);
2540 break;
2541 case VGCS_CELL_EV_RTP_STREAM_ESTABLISHED:
2542 /* The RTP stream established. */
2543 LOG_CELL(cell, LOGL_DEBUG, "RTP stream is established.\n");
2544 break;
2545 case VGCS_CELL_EV_CLEAR:
2546 /* The calling user process requested clearing of VGCS/VBS call. */
2547 LOG_CELL(cell, LOGL_DEBUG, "Received clearing from BSS controling process.\n");
2548 cell_clear(cell, GSM0808_CAUSE_CALL_CONTROL);
2549 break;
2550 case VGCS_CELL_EV_CLOSE:
2551 /* The SCCP connection from the MSC has been closed. */
2552 LOG_CELL(cell, LOGL_NOTICE, "Received SCCP connecting closing from MSC.\n");
2553 if (cell->conn) {
2554 cell->conn->vgcs.bss = NULL;
2555 cell->conn = NULL;
2556 }
2557 cell_clear(cell, GSM0808_CAUSE_PROTOCOL_ERROR_BETWEEN_BSS_AND_MSC);
2558 break;
2559 default:
2560 OSMO_ASSERT(false);
2561 }
2562}
2563
2564static void vgcs_cell_fsm_release(struct osmo_fsm_inst *fi, uint32_t event, void *data)
2565{
2566 struct vgcs_bss_cell *cell = fi->priv;
2567
2568 switch (event) {
2569 case VGCS_CELL_EV_RTP_STREAM_GONE:
2570 /* The RTP stream gone. */
2571 LOG_CELL(cell, LOGL_ERROR, "RTP stream gone.\n");
2572 cell->rtps = NULL;
2573 /* Wait for RAN conn. */
2574 if (cell->conn)
2575 break;
2576 cell_destroy(cell);
2577 break;
2578 case VGCS_CELL_EV_CLEAR:
2579 case VGCS_CELL_EV_RELEASED:
2580 if (event == VGCS_CELL_EV_CLEAR) {
2581 /* The SCCP connection from the MSC has been closed while waiting for CLEAR COMPLETE. */
2582 LOG_CELL(cell, LOGL_NOTICE, "Received SCCP closing collision.\n");
2583 } else
2584 LOG_CELL(cell, LOGL_DEBUG, "Received CLEAR COMPLETE from BSS, we are done!\n");
2585 /* Wait for RTP stream. */
2586 if (cell->rtps) {
2587 /* close RAN conn */
2588 if (cell->conn) {
2589 cell->conn->vgcs.cell = NULL;
2590 ran_conn_close(cell->conn);
2591 cell->conn = NULL;
2592 }
2593 break;
2594 }
2595 cell_destroy(cell);
2596 break;
2597 default:
2598 OSMO_ASSERT(false);
2599 }
2600}
2601
2602static const struct osmo_fsm_state vgcs_cell_fsm_states[] = {
2603 [VGCS_CELL_ST_NULL] = {
2604 .name = "NULL",
2605 .in_event_mask = S(VGCS_CELL_EV_ASSIGN) |
2606 S(VGCS_CELL_EV_CLEAR),
2607 .out_state_mask = S(VGCS_CELL_ST_ASSIGNMENT),
2608 .action = vgcs_cell_fsm_null,
2609 },
2610 [VGCS_CELL_ST_ASSIGNMENT] = {
2611 .name = "ASSIGNMENT Sent",
2612 .in_event_mask = S(VGCS_CELL_EV_RTP_STREAM_GONE) |
2613 S(VGCS_CELL_EV_RTP_STREAM_ADDR_AVAILABLE) |
2614 S(VGCS_CELL_EV_RTP_STREAM_ESTABLISHED) |
2615 S(VGCS_CELL_EV_ASSIGN_RES) |
2616 S(VGCS_CELL_EV_ASSIGN_FAIL) |
2617 S(VGCS_CELL_EV_CLEAR) |
2618 S(VGCS_CELL_EV_CLOSE),
2619 .out_state_mask = S(VGCS_CELL_ST_ACTIVE) |
2620 S(VGCS_CELL_ST_RELEASE),
2621 .action = vgcs_cell_fsm_assignment,
2622 },
2623 [VGCS_CELL_ST_ACTIVE] = {
2624 .name = "VGCS/VBS channel active",
2625 .in_event_mask = S(VGCS_CELL_EV_RTP_STREAM_GONE) |
2626 S(VGCS_CELL_EV_RTP_STREAM_ESTABLISHED) |
2627 S(VGCS_CELL_EV_CLEAR) |
2628 S(VGCS_CELL_EV_CLOSE),
2629 .out_state_mask = S(VGCS_CELL_ST_RELEASE),
2630 .action = vgcs_cell_fsm_active,
2631 },
2632 [VGCS_CELL_ST_RELEASE] = {
2633 .name = "Releasing VGCS/VBS channel",
2634 .in_event_mask = S(VGCS_CELL_EV_RTP_STREAM_GONE) |
2635 S(VGCS_CELL_EV_CLEAR) |
2636 S(VGCS_CELL_EV_RELEASED),
2637 .out_state_mask = S(VGCS_CELL_ST_NULL),
2638 .action = vgcs_cell_fsm_release,
2639 },
2640};
2641
2642static struct osmo_fsm vgcs_cell_fsm = {
2643 .name = "vgcs_cell",
2644 .states = vgcs_cell_fsm_states,
2645 .num_states = ARRAY_SIZE(vgcs_cell_fsm_states),
2646 .log_subsys = DASCI,
2647 .event_names = vgcs_cell_fsm_event_names,
2648};
2649
2650/* The BSS accepts VGCS/VBS channel assignment. */
2651void vgcs_vbs_assign_result(struct vgcs_bss_cell *cell, const struct ran_msg *ran_msg)
2652{
2653 osmo_fsm_inst_dispatch(cell->fi, VGCS_CELL_EV_ASSIGN_RES, (void *)ran_msg);
2654}
2655
2656/* The BSS refuses VGCS/VBS channel assignment. */
2657void vgcs_vbs_assign_fail(struct vgcs_bss_cell *cell, const struct ran_msg *ran_msg)
2658{
2659 osmo_fsm_inst_dispatch(cell->fi, VGCS_CELL_EV_ASSIGN_FAIL, (void *)ran_msg);
2660}
2661
2662/* BSS indicated that the channel has been released. */
2663void vgcs_vbs_clear_req_channel(struct vgcs_bss_cell *cell, const struct ran_msg *ran_msg)
2664{
2665 LOG_CELL(cell, LOGL_DEBUG, "Received CLEAR REQUEST for resource controling channel from BSS.\n");
2666 osmo_fsm_inst_dispatch(cell->fi, VGCS_CELL_EV_CLOSE, (void *)ran_msg);
2667}
2668
2669/* BSS confirms the release of channel. */
2670void vgcs_vbs_clear_cpl_channel(struct vgcs_bss_cell *cell, const struct ran_msg *ran_msg)
2671{
2672 LOG_CELL(cell, LOGL_DEBUG, "Received CLEAR COMPLETE for resource controling channel from BSS.\n");
2673 osmo_fsm_inst_dispatch(cell->fi, VGCS_CELL_EV_RELEASED, (void *)ran_msg);
2674}
2675
2676/*
2677 * MGW endpoint FSM
2678 */
2679
2680static const struct value_string vgcs_mgw_ep_fsm_event_names[] = {
2681 OSMO_VALUE_STRING(VGCS_MGW_EP_EV_FREE),
2682 OSMO_VALUE_STRING(VGCS_MGW_EP_EV_CLEAR),
2683 { }
2684};
2685
2686static void vgcs_mgw_ep_fsm_active(struct osmo_fsm_inst *fi, uint32_t event, void *data)
2687{
2688 struct vgcs_mgw_ep *mgw = fi->priv;
2689 struct vgcs_bss_cell *cell, *cell2;
2690 struct mgcp_client *mgcp_client;
2691
2692 switch (event) {
2693 case VGCS_MGW_EP_EV_FREE:
2694 LOGP(DASCI, LOGL_DEBUG, "MGW connection closed, removing all cell instances.\n");
2695 llist_for_each_entry_safe(cell, cell2, &mgw->cell_list, list_mgw) {
2696 if (cell->rtps)
2697 cell->rtps->ci = NULL;
2698 llist_del(&cell->list_mgw);
2699 cell->mgw = NULL;
2700 }
2701 /* Put MGCP client back into MGW pool. */
2702 mgcp_client = osmo_mgcpc_ep_client(mgw->mgw_ep);
2703 mgcp_client_pool_put(mgcp_client);
2704 /* Destroy this instance. */
2705 osmo_fsm_inst_term_children(fi, OSMO_FSM_TERM_PARENT, NULL);
2706 osmo_fsm_inst_term(fi, OSMO_FSM_TERM_REGULAR, NULL);
2707 break;
2708 case VGCS_MGW_EP_EV_CLEAR:
2709 if (!llist_empty(&mgw->cell_list))
2710 break;
2711 LOGP(DASCI, LOGL_DEBUG, "Cell list of MGW instance is now empty, dropping.\n");
2712 /* Destroy this instance. */
2713 osmo_fsm_inst_term_children(fi, OSMO_FSM_TERM_PARENT, NULL);
2714 osmo_fsm_inst_term(fi, OSMO_FSM_TERM_REGULAR, NULL);
2715 break;
2716 default:
2717 OSMO_ASSERT(false);
2718 }
2719}
2720
2721static const struct osmo_fsm_state vgcs_mgw_ep_fsm_states[] = {
2722 [VGCS_MGW_EP_ST_NULL] = {
2723 .name = "NULL",
2724 .out_state_mask = S(VGCS_MGW_EP_ST_ACTIVE),
2725 },
2726 [VGCS_MGW_EP_ST_ACTIVE] = {
2727 .name = "MGW endpoint allocated",
2728 .in_event_mask = S(VGCS_MGW_EP_EV_FREE) |
2729 S(VGCS_MGW_EP_EV_CLEAR),
2730 .out_state_mask = S(VGCS_MGW_EP_ST_NULL),
2731 .action = vgcs_mgw_ep_fsm_active,
2732 },
2733};
2734
2735static struct osmo_fsm vgcs_mgw_ep_fsm = {
2736 .name = "vgcs_mgw_ep",
2737 .states = vgcs_mgw_ep_fsm_states,
2738 .num_states = ARRAY_SIZE(vgcs_mgw_ep_fsm_states),
2739 .log_subsys = DASCI,
2740 .event_names = vgcs_mgw_ep_fsm_event_names,
2741};