Gitiles
Code Review Sign In
gerrit.osmocom.org / osmo-msc / e2a408861904b555d4e66eb03d91ec745f1e7587 / . / src / libmsc / msc_vgcs.c
blob: 52cc25dca553f8161b488090fc1a24f5b0ec1b09 [file] [log] [blame]
Andreas Eversberge24636c2023-04-23 12:20:55 +0200[diff] [blame]1/* Handle VGCS/VBCS calls. (Voice Group/Broadcast Call Service). */
2/*
3 * (C) 2023 by sysmocom - s.f.m.c. GmbH <info@sysmocom.de>
4 * All Rights Reserved
5 *
6 * SPDX-License-Identifier: AGPL-3.0+
7 *
8 * Author: Andreas Eversberg
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU Affero General Public License as published by
12 * the Free Software Foundation; either version 3 of the License, or
13 * (at your option) any later version.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU Affero General Public License for more details.
19 *
20 * You should have received a copy of the GNU Affero General Public License
21 * along with this program. If not, see <http://www.gnu.org/licenses/>.
22 */
23
24/* The process consists of four state machines:
25 *
26 * The call control state machine "GCC" handles the voice group/broadcast call.
27 * There is one instance for every call. It is mainly controlled by the calling
28 * subscriber. The state machine is described in 3GPP TS 44.068 / 44.069.
29 * One SCCP connection to the calling subscriber is associated with the state
30 * machine. Once the calling subscriber leaves or is assigned to the VGCS/VBS
31 * channel, the association to the MSC-A role is removed and the SCCP connection
32 * is closed. The state machine with the transaction still exists until the end
33 * of the call.
34 *
35 * The BSS control state machine "vgcs_bss_fsm" handles the call in each BSC.
36 * There are as many instances as there are BSCs where the call is placed to.
37 * The instances are linked to the call control in a 1:n relation.
38 * One SCCP connection for every BSC is associated with the state machine.
39 * It sets up the call in the BSC and handles the uplink control and signaling
40 * with the talking phone.
41 *
42 * The resource controling state machine "vgcs_cell_fsm" handles the channel for
43 * each BTS that has a VGCS for the call. The instances are linked to the BSS
44 * control in a 1:n relation.
45 * One SCCP connection for every cell is associated with each list entry.
46 * It assigns the VGCS/VBS channel and the conference bridge in the MGW.
47 *
48 * The MGW endpoint state machine "vgcs_mgw_ep_fsm" handles the endpoint
49 * connection for each call. It controls the clearing of the MGW connections
50 * in case of endpoint failure. All instances of the resource controlling state
51 * machine are linked to this state machine in a 1:n relation.
52 *
53 * Setup of a call:
54 *
55 * When the calling subscriber dials a group/broadcast call, the GCR is checked
56 * for an existing Group ID. If it exists, the call is setup towards the a given
57 * list of MSCs for this Group ID. Also the channels are assigned for a given
58 * list of cells for this Group ID.
59 * The call can also be initiated via VTY.
60 *
61 * Then the calling subscriber is assigned to the VGCS channel of the same cell
62 * where the call was initialized. Afterwards the call is connected. The calling
63 * subscriber may then stay on the uplink or release it.
64 *
65 * Uplink control:
66 *
67 * Any BSC may indicate a talking subscriber. If there is no talking subscriber
68 * yet, the uplink is granted, otherwise it is rejected. If the uplink is in
69 * use on one BSC, all other BSCs will be blocked. If the uplink becomes free,
70 * all other BSCs will be unblocked.
71 *
72 * Termination of the call:
73 *
74 * The calling subscriber accesses the uplink. The it sends a termination
75 * request. This request is acknowledged by a termination command towards
76 * the calling subscriber. The call is cleared.
77 * The call can also be terminated via VTY and/or a timeout.
78 *
79 */
80
81#include <osmocom/core/utils.h>
82#include <osmocom/core/fsm.h>
83#include <osmocom/gsm/protocol/gsm_44_068.h>
84#include <osmocom/sigtran/sccp_helpers.h>
85#include <osmocom/mgcp_client/mgcp_client_endpoint_fsm.h>
86
87#include <osmocom/msc/gsm_data.h>
88#include <osmocom/msc/sccp_ran.h>
89#include <osmocom/msc/ran_infra.h>
90#include <osmocom/msc/ran_peer.h>
91#include <osmocom/msc/ran_msg_a.h>
92#include <osmocom/msc/msub.h>
93#include <osmocom/msc/debug.h>
94#include <osmocom/msc/msc_a.h>
95#include <osmocom/msc/vlr.h>
96#include <osmocom/msc/rtp_stream.h>
97#include <osmocom/msc/codec_mapping.h>
98#include <osmocom/msc/msc_vgcs.h>
99#include <osmocom/msc/asci_gcr.h>
100
101#define S(x) (1 << (x))
102
103#define LOG_GCC(trans, level, fmt, args...) \
104 LOGP((trans) ? ((trans->type == TRANS_GCC) ? DGCC : DBCC) : DASCI, level, \
105 (trans) ? ((trans->type == TRANS_GCC) ? ("GCC callref %s: " fmt) : ("BCC callref %s: " fmt)) : "%s" fmt, \
106 (trans) ? gsm44068_group_id_string(trans->callref) : "", ##args)
107#define LOG_BSS(bss, level, fmt, args...) \
108 LOGP(DASCI, level, \
109 (bss->trans_type == TRANS_GCC) ? ("GCC callref %s, BSS #%s: " fmt) : ("BCC callref %s, BSS #%s: " fmt), \
110 gsm44068_group_id_string(bss->callref), osmo_ss7_pointcode_print(NULL, bss->pc), ##args)
111#define LOG_CELL(cell, level, fmt, args...) \
112 LOGP(DASCI, level, \
113 (cell->trans_type == TRANS_GCC) ? ("GCC callref %s, BSS #%s, CID %d: " fmt) \
114 : ("BCC callref %s, BSS #%s, CID %d: " fmt), \
115 gsm44068_group_id_string(cell->callref), osmo_ss7_pointcode_print(NULL, cell->pc), cell->cell_id, ##args)
116
117static struct osmo_fsm vgcs_bcc_fsm;
118static struct osmo_fsm vgcs_gcc_fsm;
119static struct osmo_fsm vgcs_bss_fsm;
120static struct osmo_fsm vgcs_cell_fsm;
121static struct osmo_fsm vgcs_mgw_ep_fsm;
122
123static __attribute__((constructor)) void vgcs_fsm_init(void)
124{
125 OSMO_ASSERT(osmo_fsm_register(&vgcs_bcc_fsm) == 0);
126 OSMO_ASSERT(osmo_fsm_register(&vgcs_gcc_fsm) == 0);
127 OSMO_ASSERT(osmo_fsm_register(&vgcs_bss_fsm) == 0);
128 OSMO_ASSERT(osmo_fsm_register(&vgcs_cell_fsm) == 0);
129 OSMO_ASSERT(osmo_fsm_register(&vgcs_mgw_ep_fsm) == 0);
130}
131
132const char *gsm44068_group_id_string(uint32_t callref)
133{
134 static char string[9];
135
136 snprintf(string, sizeof(string), "%08u", callref);
137 string[sizeof(string) - 1] = '\0';
138
139 return string;
140}
141
142/* Resolve ran peer from point-code */
143static struct ran_peer *ran_peer_for_pc(struct gsm_network *msc_network, int pc)
144{
145 struct sccp_ran_inst *sri;
146 struct osmo_sccp_addr addr = {};
147 struct ran_peer *rp;
148
149 sri = msc_network->a.sri;
150 if (!osmo_sccp_get_ss7(sri->sccp)) {
151 LOGP(DASCI, LOGL_ERROR, "No SS7???\n");
152 return NULL;
153 }
154 osmo_sccp_make_addr_pc_ssn(&addr, pc, sri->ran->ssn);
155 rp = ran_peer_find_by_addr(sri, &addr);
156
157 return rp;
158}
159
160/* Encode message and send towards BSC. */
161int ran_encode_and_send(struct osmo_fsm_inst *fi, struct ran_msg *ran_msg, struct ran_conn *conn, bool initial)
162{
163 struct msgb *l3_msg;
164 int rc;
165
166 l3_msg = ran_a_encode(fi, ran_msg);
167 if (!l3_msg) {
168 LOGP(DASCI, LOGL_ERROR, "ran_a_encode() failed.\n");
169 return -EINVAL;
170 }
171 rc = ran_conn_down_l2_co(conn, l3_msg, initial);
172 msgb_free(l3_msg);
173
174 return rc;
175}
176
177/* Transmit DTAP message to talker
178 * This is used for sending group/broadcast call control messages. */
179int tx_dtap_to_talker(struct vgcs_bss *bss, struct msgb *l3_msg)
180{
181 struct ran_msg ran_msg;
182 struct gsm48_hdr *gh = msgb_l3(l3_msg) ? : l3_msg->data;
183 uint8_t pdisc = gsm48_hdr_pdisc(gh);
184 int rc;
185
186
187 LOG_BSS(bss, LOGL_DEBUG, "Sending DTAP: %s %s\n",
188 gsm48_pdisc_name(pdisc), gsm48_pdisc_msgtype_name(pdisc, gsm48_hdr_msg_type(gh)));
189
190 ran_msg = (struct ran_msg){
191 .msg_type = RAN_MSG_DTAP,
192 .dtap = l3_msg,
193 };
194
195 rc = ran_encode_and_send(bss->fi, &ran_msg, bss->conn, false);
196
197 return rc;
198}
199
200/*
201 * GCC/BCC Message transcoding
202 */
203
204static void _add_cause_ie(struct msgb *msg, uint8_t cause, uint8_t *diag, uint8_t diag_len)
205{
206 uint8_t *ie = msgb_put(msg, 2 + diag_len);
207
208 ie[0] = 1 + diag_len;
209 ie[1] = cause;
210 if (diag && diag_len) {
211 ie[1] |= 0x80;
212 memcpy(ie + 2, diag, diag_len);
213 }
214}
215
216static void _add_callref_ie(struct msgb *msg, uint32_t callref, bool with_prio, uint8_t prio)
217{
218 uint32_t ie;
219
220 ie = callref << 5;
221 if (with_prio)
222 ie |= 0x10 | (prio << 1);
223 msgb_put_u32(msg, ie);
224}
225
226static int _msg_too_short(void)
227{
228 LOGP(DASCI, LOGL_ERROR, "MSG too short.\n");
229 return -EINVAL;
230}
231
232static int _ie_invalid(void)
233{
234 LOGP(DASCI, LOGL_ERROR, "IE invalid.\n");
235 return -EINVAL;
236}
237
238static int _rx_callref(uint8_t *ie, unsigned int remaining_len, uint32_t *callref, bool *with_prio, uint8_t *prio)
239{
240 uint8_t ie_len;
241
242 ie_len = sizeof(uint32_t);
243 if (remaining_len < ie_len)
244 return _msg_too_short();
245 *callref = osmo_load32be(ie) >> 5;
246 if (ie[3] & 0x10) {
247 *with_prio = true;
248 *prio = (ie[3] >> 1) & 0x7;
249 } else
250 *with_prio = false;
251
252 return ie_len;
253}
254
255/* 3GPP TS 44.068 Clause 8.1 */
256static int gsm44068_tx_connect(struct gsm_trans *trans, uint8_t pdisc, uint32_t callref, bool with_prio, uint8_t prio,
257 uint8_t oi, uint8_t talker_prio, bool with_sms, uint8_t sms_dc, uint8_t sms_gp)
258{
259 struct msgb *msg = gsm44068_msgb_alloc_name("GSM 44.068 TX CONNECT");
260 struct gsm48_hdr *gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh));
261 uint8_t ie;
262
263 gh->proto_discr = pdisc;
264 gh->msg_type = OSMO_GSM44068_MSGT_CONNECT;
265 _add_callref_ie(msg, callref, with_prio, prio);
266 ie = (talker_prio << 4) | oi;
267 msgb_put_u8(msg, ie);
268 if (with_sms) {
269 ie = OSMO_GSM44068_IEI_SMS_INDICATIONS | (sms_dc << 1) | sms_gp;
270 msgb_put_u8(msg, ie);
271 }
272
273 /* Send to calling subscriber, depending on the link he is. */
274 if (trans->msc_a)
275 return msc_a_tx_dtap_to_i(trans->msc_a, msg);
276 if (trans->gcc.uplink_bss)
277 return tx_dtap_to_talker(trans->gcc.uplink_bss, msg);
278 msgb_free(msg);
279 return -EIO;
280}
281
282/* The Get Status procedure is not used by the current implementation.
283 * It is commented out, so it can be used in the future.
284 * The idea is to have a complete set of GCC/BCC message transcoding.
285 */
286#if 0
287/* 3GPP TS 44.068 Clause 8.2 */
288static int gsm44068_tx_get_status(struct gsm_trans *trans, uint8_t pdisc, struct osmo_mobile_identity *mi)
289{
290 struct msgb *msg = gsm44068_msgb_alloc_name("GSM 44.068 TX GET STATUS");
291 struct gsm48_hdr *gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh));
292
293 gh->proto_discr = pdisc;
294 gh->msg_type = OSMO_GSM44068_MSGT_GET_STATUS;
295 if (mi) {
296 uint8_t *l;
297 int rc;
298
299 l = msgb_tl_put(msg, OSMO_GSM44068_IEI_MOBILE_IDENTITY);
300 rc = osmo_mobile_identity_encode_msgb(msg, mi, false);
301 if (rc < 0) {
302 msgb_free(msg);
303 return -EINVAL;
304 }
305 *l = rc;
306 }
307
308 /* Send to calling subscriber, depending on the link he is. */
309 if (trans->msc_a)
310 return msc_a_tx_dtap_to_i(trans->msc_a, msg);
311 if (trans->gcc.uplink_bss)
312 return tx_dtap_to_talker(trans->gcc.uplink_bss, msg);
313 msgb_free(msg);
314 return -EIO;
315}
316#endif
317
318/* 3GPP TS 44.068 Clause 8.3 and 8.3a */
319static int gsm44068_rx_immediate_setup(struct msgb *msg, uint8_t *talker_prio, uint8_t *key_seq,
320 struct gsm48_classmark2 *cm2, struct osmo_mobile_identity *mi,
321 uint32_t *callref, bool *with_prio, uint8_t *prio, char *user_user)
322{
323 struct gsm48_hdr *gh = msgb_l3(msg);
324 unsigned int remaining_len = msgb_l3len(msg) - sizeof(*gh);
325 uint8_t *ie = gh->data;
326 uint8_t ie_len;
327 uint64_t otdi;
328 int i;
329 int rc;
330
331 /* Talker priority / Cyphering key sequence */
332 if (remaining_len < 1)
333 return _msg_too_short();
334 *talker_prio = ie[0] & 0x07;
335 *key_seq = (ie[0] >> 4) & 0x07;
336 remaining_len -= 1;
337 ie += 1;
338
339 /* Mobile station classmark 2 */
340 if (remaining_len < 4)
341 return _msg_too_short();
342 ie_len = ie[0];
343 if (remaining_len < ie_len + 1)
344 return _msg_too_short();
345 if (ie_len != 3)
346 return _ie_invalid();
347 memcpy(cm2, ie + 1, ie_len);
348 remaining_len -= ie_len + 1;
349 ie += ie_len + 1;
350
351 /* Mobile indentity */
352 if (gh->msg_type == OSMO_GSM44068_MSGT_IMMEDIATE_SETUP) {
353 /* IMMEDIATE SETUP uses IMSI/TMSI */
354 if (remaining_len < 2)
355 return _msg_too_short();
356 ie_len = ie[0];
357 if (remaining_len < ie_len + 1)
358 return _msg_too_short();
359 rc = osmo_mobile_identity_decode(mi, ie + 1, ie_len, false);
360 if (rc) {
361 LOGP(DMM, LOGL_ERROR, "Failure to decode Mobile Identity in GCC/BCC IMMEDDIATE SETUP"
362 " (rc=%d)\n", rc);
363 return -EINVAL;
364 }
365 remaining_len -= ie_len + 1;
366 ie += ie_len + 1;
367 } else {
368 /* IMMEDIATE SETUP 2 uses TMSI only */
369 if (remaining_len < 4)
370 return _msg_too_short();
371 mi->type = GSM_MI_TYPE_TMSI;
372 mi->tmsi = osmo_load32be(ie);
373 remaining_len -= 4;
374 ie += 4;
375 }
376
377 /* Call reference */
378 rc = _rx_callref(ie, remaining_len, callref, with_prio, prio);
379 if (rc < 0)
380 return rc;
381 remaining_len -= rc;
382 ie += rc;
383
384 /* OTID */
385 if (gh->msg_type == OSMO_GSM44068_MSGT_IMMEDIATE_SETUP_2 && user_user) {
386 ie_len = 5;
387 if (remaining_len < ie_len)
388 return _msg_too_short();
389 otdi = osmo_load32be(ie + 1) | ((uint64_t)ie[0] << 32);
390
391 for (i = 0; i < 12; i++) {
392 user_user[i] = (otdi % 10) + '0';
393 otdi /= 10;
394 }
395 user_user[i] = '\0';
396 remaining_len -= ie_len;
397 ie += ie_len;
398 } else if (user_user)
399 user_user[0] = '\0';
400
401 return 0;
402}
403
404/* 3GPP TS 44.068 Clause 8.4 */
405static int gsm44068_tx_set_parameter(struct gsm_trans *trans, uint8_t pdisc, uint8_t da, uint8_t ua, uint8_t comm,
406 uint8_t oi)
407{
408 struct msgb *msg = gsm44068_msgb_alloc_name("GSM 44.068 TX SET PARAMETER");
409 struct gsm48_hdr *gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh));
410 uint8_t ie;
411
412 gh->proto_discr = pdisc;
413 gh->msg_type = OSMO_GSM44068_MSGT_SET_PARAMETER;
414 ie = (da << 3) | (ua << 2) | (comm << 1) | oi;
415 msgb_put_u8(msg, ie);
416
417 /* Send to calling subscriber, depending on the link he is. */
418 if (trans->msc_a)
419 return msc_a_tx_dtap_to_i(trans->msc_a, msg);
420 if (trans->gcc.uplink_bss)
421 return tx_dtap_to_talker(trans->gcc.uplink_bss, msg);
422 msgb_free(msg);
423 return -EIO;
424}
425
426/* 3GPP TS 44.068 Clause 8.5 */
427static int gsm44068_rx_setup(struct msgb *msg, bool *with_talker_prio, uint8_t *talker_prio,
428 uint32_t *callref, bool *with_prio, uint8_t *prio, char *user_user)
429{
430 struct gsm48_hdr *gh = msgb_l3(msg);
431 unsigned int remaining_len = msgb_l3len(msg) - sizeof(*gh);
432 uint8_t *ie = gh->data;
433 struct tlv_parsed tp;
434 struct tlv_p_entry *tlv;
435 int rc;
436
437 /* Call reference */
438 rc = _rx_callref(ie, remaining_len, callref, with_prio, prio);
439 if (rc < 0)
440 return rc;
441 remaining_len -= rc;
442 ie += rc;
443
444 rc = tlv_parse(&tp, &osmo_gsm44068_att_tlvdef, ie, remaining_len, 0, 0);
445 if (rc < 0)
446 return _ie_invalid();
447
448 /* User-user */
449 tlv = TLVP_GET(&tp, OSMO_GSM44068_IEI_USER_USER);
450 if (tlv && tlv->len && tlv->len <= 1 + 12 && user_user) {
451 memcpy(user_user, tlv->val, tlv->len - 1);
452 user_user[tlv->len - 1] = '\0';
453 }
454
455 /* Talker priority */
456 tlv = TLVP_GET(&tp, OSMO_GSM44068_IEI_TALKER_PRIORITY);
457 if (tlv && tlv->len) {
458 *with_talker_prio = true;
459 *talker_prio = tlv->val[0] & 0x07;
460 } else
461 *with_talker_prio = false;
462
463 return 0;
464}
465
466/* 3GPP TS 44.068 Clause 8.6 */
467static int gsm44068_rx_status(struct msgb *msg, uint8_t *cause, uint8_t *diag, uint8_t *diag_len,
468 bool *with_call_state, enum osmo_gsm44068_call_state *call_state,
469 bool *with_state_attrs, uint8_t *da, uint8_t *ua, uint8_t *comm, uint8_t *oi)
470{
471 struct gsm48_hdr *gh = msgb_l3(msg);
472 unsigned int remaining_len = msgb_l3len(msg) - sizeof(*gh);
473 uint8_t *ie = gh->data;
474 uint8_t ie_len;
475 struct tlv_parsed tp;
476 struct tlv_p_entry *tlv;
477 int rc;
478
479 /* Cause */
480 if (remaining_len < 2 || ie[0] < remaining_len - 2)
481 return _msg_too_short();
482 ie_len = ie[0];
483 if (remaining_len < ie_len + 1)
484 return _msg_too_short();
485 if (ie_len < 1)
486 return _ie_invalid();
487 *cause = ie[1] & 0x7f;
488 *diag_len = ie_len - 1;
489 if (*diag_len)
490 memcpy(diag, ie + 2, ie_len - 1);
491 remaining_len -= ie_len + 1;
492 ie += ie_len + 1;
493
494 rc = tlv_parse(&tp, &osmo_gsm44068_att_tlvdef, ie, remaining_len, 0, 0);
495 if (rc < 0)
496 return _ie_invalid();
497
498 /* Call state */
499 tlv = TLVP_GET(&tp, OSMO_GSM44068_IEI_CALL_STATE);
500 if (tlv) {
501 *with_call_state = true;
502 *call_state = tlv->val[0] & 0x7;
503 } else
504 *with_call_state = false;
505
506 /* State attributes */
507 tlv = TLVP_GET(&tp, OSMO_GSM44068_IEI_STATE_ATTRIBUTES);
508 if (tlv) {
509 *with_state_attrs = true;
510 *da = (tlv->val[0] >> 3) & 0x1;
511 *ua = (tlv->val[0] >> 2) & 0x1;
512 *comm = (tlv->val[0] >> 1) & 0x1;
513 *oi = tlv->val[0] & 0x1;
514 } else
515 *with_state_attrs = false;
516
517 return 0;
518}
519
520/* 3GPP TS 44.068 Clause 8.7 and 8.8 */
521static int gsm44068_tx_termination(struct msc_a *msc_a, struct vgcs_bss *bss, uint8_t pdisc, uint8_t msg_type,
522 uint8_t cause, uint8_t *diag, uint8_t diag_len)
523{
524 struct msgb *msg = gsm44068_msgb_alloc_name("GSM 44.068 TX TERMINATION");
525 struct gsm48_hdr *gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh));
526
527 gh->proto_discr = pdisc;
528 gh->msg_type = msg_type;
529 _add_cause_ie(msg, cause, diag, diag_len);
530
531 /* Send to calling subscriber, depending on the link he is. */
532 if (msc_a)
533 return msc_a_tx_dtap_to_i(msc_a, msg);
534 if (bss)
535 return tx_dtap_to_talker(bss, msg);
536 msgb_free(msg);
537 return -EIO;
538}
539
540/* 3GPP TS 44.068 Clause 8.9 */
541static int gsm44068_rx_termination_req(struct msgb *msg, uint32_t *callref, bool *with_prio, uint8_t *prio,
542 bool *with_talker_prio, uint8_t *talker_prio)
543{
544 struct gsm48_hdr *gh = msgb_l3(msg);
545 unsigned int remaining_len = msgb_l3len(msg) - sizeof(*gh);
546 uint8_t *ie = gh->data;
547 struct tlv_parsed tp;
548 struct tlv_p_entry *tlv;
549 int rc;
550
551 /* Call reference */
552 rc = _rx_callref(ie, remaining_len, callref, with_prio, prio);
553 if (rc < 0)
554 return rc;
555 remaining_len -= rc;
556 ie += rc;
557
558 rc = tlv_parse(&tp, &osmo_gsm44068_att_tlvdef, ie, remaining_len, 0, 0);
559 if (rc < 0)
560 return _ie_invalid();
561
562 /* Talker priority */
563 tlv = TLVP_GET(&tp, OSMO_GSM44068_IEI_TALKER_PRIORITY);
564 if (tlv && tlv->len) {
565 *with_talker_prio = true;
566 *talker_prio = tlv->val[0] & 0x07;
567 } else
568 *with_talker_prio = false;
569
570 return 0;
571}
572
573/*
574 * GCC/BCC state machine - handles calling subscriber process
575 */
576
577static const struct value_string vgcs_gcc_fsm_event_names[] = {
578 OSMO_VALUE_STRING(VGCS_GCC_EV_NET_SETUP),
579 OSMO_VALUE_STRING(VGCS_GCC_EV_NET_TERM),
580 OSMO_VALUE_STRING(VGCS_GCC_EV_USER_SETUP),
581 OSMO_VALUE_STRING(VGCS_GCC_EV_USER_TERM),
582 OSMO_VALUE_STRING(VGCS_GCC_EV_BSS_ESTABLISHED),
583 OSMO_VALUE_STRING(VGCS_GCC_EV_BSS_ASSIGN_CPL),
584 OSMO_VALUE_STRING(VGCS_GCC_EV_BSS_ASSIGN_FAIL),
585 OSMO_VALUE_STRING(VGCS_GCC_EV_BSS_RELEASED),
586 OSMO_VALUE_STRING(VGCS_GCC_EV_TIMEOUT),
587 { }
588};
589
590static int gcc_establish_bss(struct gsm_trans *trans)
591{
592 struct gsm_network *net = trans->net;
593 struct vgcs_mgw_ep *mgw = NULL;
594 struct mgcp_client *mgcp_client;
595 struct gcr *gcr;
596 struct gcr_bss *b;
597 struct gcr_cell *c;
598 struct vgcs_bss *bss;
599 struct vgcs_bss_cell *cell;
600 struct osmo_fsm_inst *fi;
601 struct ran_peer *rp;
602
603 /* Failure should not happen, because it has been checked before. */
604 gcr = gcr_by_callref(trans->net, trans->type, trans->callref);
605 if (!gcr)
606 return -EINVAL;
607
608 /* Allocate MGW endpoint. */
609 mgcp_client = mgcp_client_pool_get(trans->net->mgw.mgw_pool);
610 if (!mgcp_client) {
611 LOG_GCC(trans, LOGL_ERROR, "No MGW client, please check config.\n");
612 goto err_mgw;
613 }
614 fi = osmo_fsm_inst_alloc(&vgcs_mgw_ep_fsm, net, NULL, LOGL_DEBUG, NULL);
615 if (!fi) {
616 LOG_GCC(trans, LOGL_ERROR, "No memory for VGCS MSG state machine.\n");
617 goto err_mgw;
618 }
619 osmo_fsm_inst_update_id(fi, "vgcs-mgw-ep");
620 osmo_fsm_inst_state_chg(fi, VGCS_MGW_EP_ST_ACTIVE, 0, 0);
621 mgw = talloc_zero(fi, struct vgcs_mgw_ep);
622 if (!mgw) {
623 LOG_GCC(trans, LOGL_ERROR, "No memory for MGW ep structure.\n");
624 osmo_fsm_inst_free(fi);
625 goto err_mgw;
626 }
627 mgw->fi = fi;
628 fi->priv = mgw;
629 INIT_LLIST_HEAD(&mgw->cell_list);
630 mgw->mgw_ep = osmo_mgcpc_ep_alloc(mgw->fi, VGCS_MGW_EP_EV_FREE,
631 mgcp_client, trans->net->mgw.tdefs, mgw->fi->id,
632 "%s", mgcp_client_rtpbridge_wildcard(mgcp_client));
633 if (!mgw->mgw_ep) {
634 LOG_GCC(trans, LOGL_ERROR, "No memory for MGW endpoint state machine.\n");
635 goto err_mgw;
636 }
637
638 /* Create BSS list structures. */
639 llist_for_each_entry(b, &gcr->bss_list, list) {
640 LOG_GCC(trans, LOGL_DEBUG, " -> BSS with PC %s.\n", osmo_ss7_pointcode_print(NULL, b->pc));
641 /* Resolve ran_peer. */
642 rp = ran_peer_for_pc(trans->net, b->pc);
643 if (!rp) {
644 LOG_GCC(trans, LOGL_ERROR, "Failed to resolve point code %s, skipping BSS!\n",
645 osmo_ss7_pointcode_print(NULL, b->pc));
646 continue;
647 }
648 /* Create state machine. */
649 fi = osmo_fsm_inst_alloc(&vgcs_bss_fsm, net, NULL, LOGL_DEBUG, NULL);
650 if (!fi) {
651 LOG_GCC(trans, LOGL_ERROR, "No memory for state machine.\n");
652 break;
653 }
654 /* Create call structure. */
655 bss = talloc_zero(fi, struct vgcs_bss);
656 if (!bss) {
657 LOG_GCC(trans, LOGL_ERROR, "No memory for BSS call structure.\n");
658 osmo_fsm_inst_free(fi);
659 break;
660 }
661 bss->fi = fi;
662 fi->priv = bss;
663 INIT_LLIST_HEAD(&bss->cell_list);
664 bss->trans = trans;
665 bss->trans_type = trans->type;
666 bss->callref = trans->callref;
667 bss->pc = b->pc;
668 /* Create ran connection. */
669 bss->conn = ran_conn_create_outgoing(rp);
670 if (!bss->conn) {
671 osmo_fsm_inst_free(bss->fi);
672 continue;
673 }
674 bss->conn->vgcs.bss = bss;
675 /* Create cell list structures. */
676 llist_for_each_entry(c, &b->cell_list, list) {
677 /* Create state machine. */
678 fi = osmo_fsm_inst_alloc(&vgcs_cell_fsm, net, NULL, LOGL_DEBUG, NULL);
679 if (!fi) {
680 LOG_GCC(trans, LOGL_ERROR, "No memory for state machine.\n");
681 break;
682 }
683 /* Create cell structure. */
684 cell = talloc_zero(fi, struct vgcs_bss_cell);
685 if (!cell) {
686 LOG_GCC(trans, LOGL_ERROR, "No memory for BSS cell structure.\n");
687 osmo_fsm_inst_free(fi);
688 break;
689 }
690 cell->fi = fi;
691 fi->priv = cell;
692 osmo_fsm_inst_update_id_f(cell->fi, "vgcs-cell-%d", c->cell_id);
693 cell->trans_type = trans->type;
694 cell->callref = trans->callref;
695 cell->pc = b->pc;
696 cell->cell_id = c->cell_id;
697 cell->call_id = trans->call_id;
698 /* Create ran connection. */
699 cell->conn = ran_conn_create_outgoing(rp);
700 if (!cell->conn) {
701 osmo_fsm_inst_free(cell->fi);
702 continue;
703 }
704 cell->conn->vgcs.cell = cell;
705 /* Attach to cell list of BSS and MGW endpoint */
706 llist_add_tail(&cell->list_bss, &bss->cell_list);
707 cell->bss = bss;
708 llist_add_tail(&cell->list_mgw, &mgw->cell_list);
709 cell->mgw = mgw;
710 }
711 /* No cell? */
712 if (llist_empty(&bss->cell_list)) {
713 osmo_fsm_inst_free(bss->fi);
714 break;
715 }
716 /* Attach to transaction list */
717 llist_add_tail(&bss->list, &trans->gcc.bss_list);
718 /* Trigger VGCS/VBS SETUP */
719 osmo_fsm_inst_dispatch(bss->fi, VGCS_BSS_EV_SETUP, NULL);
720 }
721 /* No BSS? */
722 if (llist_empty(&trans->gcc.bss_list)) {
723 /* Also destroy MGW, because this list is empty too! */
724 goto err_mgw;
725 }
726 return 0;
727
728err_mgw:
729 if (mgw) {
730 if (mgw->mgw_ep) {
731 /* This will also free FSM instance and vgcs_mgw_ep structure. */
732 osmo_fsm_inst_dispatch(mgw->fi, VGCS_MGW_EP_EV_CLEAR, NULL);
733 return -EINVAL;
734 }
735 osmo_fsm_inst_free(mgw->fi);
736 }
737 return -EINVAL;
738}
739
740/* Send Assignment Request to the calling subscriber.
741 * This is used to assign the subscriber from early assigned channel to the VGCS/VBS channel. */
742static int gcc_assign(struct gsm_trans *trans)
743{
744 struct ran_msg tx_ran_msg;
745 struct gsm0808_channel_type channel_type;
746 struct vgcs_bss *bss = NULL, *b;
747
748 /* No assignment, because the calling subscriber is already assigned or there is no calling subscriber. */
749 if (!trans->msc_a)
750 return 0;
751
752 /* Check calling subscriber's MSC */
753 struct ran_conn *conn = msub_ran_conn(trans->msc_a->c.msub);
754 if (!conn) {
755 LOG_GCC(trans, LOGL_ERROR, "Calling subscriber has no ran_conn????\n");
756 return -EINVAL;
757 }
758 llist_for_each_entry(b, &trans->gcc.bss_list, list) {
759 if (osmo_sccp_addr_ri_cmp(&conn->ran_peer->peer_addr, &b->conn->ran_peer->peer_addr))
760 continue;
761 bss = b;
762 break;
763 }
764 if (!bss) {
765 LOG_GCC(trans, LOGL_ERROR, "Calling subscriber comes from BSC that has no VGCS call.\n");
766 return -EINVAL;
767 }
768
769 /* For now we support GSM/FR V1 only. This shall be supported by all MS. */
770 channel_type = (struct gsm0808_channel_type) {
771 .ch_indctr = GSM0808_CHAN_SPEECH,
772 .ch_rate_type = GSM0808_SPEECH_FULL_BM,
773 .perm_spch_len = 1,
774 .perm_spch[0] = GSM0808_PERM_FR1,
775 };
776
777 /* Send assignment to VGCS channel */
778 tx_ran_msg = (struct ran_msg) {
779 .msg_type = RAN_MSG_ASSIGNMENT_COMMAND,
780 .assignment_command = {
781 .channel_type = &channel_type,
782 .callref_present = true,
783 .callref = {
784 .sf = (trans->type == TRANS_GCC),
785 },
786 },
787 };
788 osmo_store32be_ext(trans->callref >> 3, &tx_ran_msg.assignment_command.callref.call_ref_hi, 3);
789 tx_ran_msg.assignment_command.callref.call_ref_lo = trans->callref & 0x7;
790 if (msc_a_ran_down(trans->msc_a, MSC_ROLE_I, &tx_ran_msg)) {
791 LOG_GCC(trans, LOGL_ERROR, "Cannot send Assignment\n");
792 return -EIO;
793 }
794
795 /* Assign Talker to BSS of the calling subscriber. */
796 trans->gcc.uplink_bss = bss;
797
798 return 0;
799}
800
801/* Send CONNECT to the calling subscriber. */
802static void gcc_connect(struct gsm_trans *trans)
803{
804 uint8_t pdisc = (trans->type == TRANS_GCC) ? GSM48_PDISC_GROUP_CC : GSM48_PDISC_BCAST_CC;
805 int rc;
806
807 /* Send CONNECT towards MS. */
808 rc = gsm44068_tx_connect(trans,
809 pdisc | (trans->transaction_id << 4),
810 trans->callref, 0, 0, 1, 0, 0, 0, 0);
811 if (rc < 0)
812 LOG_GCC(trans, LOGL_ERROR, "Failed to send CONNECT towards MS. Continue anyway.\n");
813}
814
815/* Release dedicated (SDCCH) channel of calling subscriber after assigning to VGCS */
816static void release_msc_a(struct gsm_trans *trans)
817{
818 struct msc_a *msc_a = trans->msc_a;
819
820 if (!msc_a)
821 return;
822
823 trans->msc_a = NULL;
824 switch (trans->type) {
825 case TRANS_GCC:
826 msc_a_put(msc_a, MSC_A_USE_GCC);
827 break;
828 case TRANS_BCC:
829 msc_a_put(msc_a, MSC_A_USE_BCC);
830 break;
831 default:
832 break;
833 }
834}
835
836/* Send TERMINATE to the calling/talking subscriber, then destroy transaction. */
837static void gcc_terminate_and_destroy(struct gsm_trans *trans, enum osmo_gsm44068_cause cause)
838{
839 uint8_t pdisc = (trans->type == TRANS_GCC) ? GSM48_PDISC_GROUP_CC : GSM48_PDISC_BCAST_CC;
840 int rc;
841
842 /* Send TERMINATION towards MS. */
843 rc = gsm44068_tx_termination(trans->msc_a, trans->gcc.uplink_bss,
844 pdisc | (trans->transaction_id << 4),
845 OSMO_GSM44068_MSGT_TERMINATION,
846 cause, NULL, 0);
847 if (rc < 0)
848 LOG_GCC(trans, LOGL_ERROR, "Failed to send TERMINATION towards MS. Continue anyway.\n");
849
850 /* Destroy transaction, note that also _gsm44068_gcc_trans_free() will be called by trans_free().
851 * There the complete state machine is destroyed. */
852 trans->callref = 0;
853 trans_free(trans);
854}
855
856/* Start inactivity timer.
857 * This timer is used to terminate the call, if the radio connection to the caller gets lost. */
858static void start_inactivity_timer(struct gsm_trans *trans)
859{
860 if (trans->gcc.inactivity_to) {
861 LOG_GCC(trans, LOGL_DEBUG, "Set inactivity timer to %d seconds.\n", trans->gcc.inactivity_to);
862 osmo_timer_schedule(&trans->gcc.timer_inactivity, trans->gcc.inactivity_to, 0);
863 }
864}
865
866static void stop_inactivity_timer(struct gsm_trans *trans)
867{
868 if (osmo_timer_pending(&trans->gcc.timer_inactivity)) {
869 LOG_GCC(trans, LOGL_DEBUG, "Stop pending inactivity timer.\n");
870 osmo_timer_del(&trans->gcc.timer_inactivity);
871 }
872}
873
874static void inactivity_timer_cb(void *data)
875{
876 struct gsm_trans *trans = data;
877
878 osmo_fsm_inst_dispatch(trans->gcc.fi, VGCS_GCC_EV_TIMEOUT, NULL);
879}
880
881/* Set the parameters of the talker. (downlink mute/unmute, uplink unmute, COMM=T, originator) */
882static int set_parameter(struct gsm_trans *trans)
883{
884 uint8_t pdisc = (trans->type == TRANS_GCC) ? GSM48_PDISC_GROUP_CC : GSM48_PDISC_BCAST_CC;
885 int rc;
886
887 rc = gsm44068_tx_set_parameter(trans, pdisc, !trans->gcc.mute_talker, 1, 1, trans->gcc.uplink_originator);
888 if (rc < 0)
889 LOG_GCC(trans, LOGL_ERROR, "Failed to send SET PARAMETER towards MS.\n");
890 return rc;
891}
892
893/* Check in which cell the uplink is used and set "uplink_cell". */
894static int set_uplink_cell(struct vgcs_bss *bss, struct gsm0808_cell_id *cell_id_ie, uint16_t cell_id)
895{
896 struct vgcs_bss_cell *cell;
897
898 if (cell_id_ie) {
899 /* Get cell ID to determine talker channel. */
900 switch (cell_id_ie->id_discr) {
901 case CELL_IDENT_CI:
902 cell_id = cell_id_ie->id.ci;
903 break;
904 case CELL_IDENT_LAC_AND_CI:
905 cell_id = cell_id_ie->id.lac_and_ci.ci;
906 break;
907 default:
908 LOG_BSS(bss, LOGL_DEBUG, "Cannot idenitfy cell, please fix!\n");
909 return -EINVAL;
910 }
911 }
912
913 /* Search for cell ID. */
914 bss->trans->gcc.uplink_cell = NULL;
915 llist_for_each_entry(cell, &bss->cell_list, list_bss) {
916 if (cell->cell_id == cell_id) {
917 LOG_BSS(bss, LOGL_DEBUG, "Talker is talking on cell %d.\n", cell->cell_id);
918 bss->trans->gcc.uplink_cell = cell;
919 return 0;
920 }
921 }
922
923 LOG_BSS(bss, LOGL_DEBUG, "Cell ID %d is not in list of current BSS, please fix!\n", cell_id);
924 return -EINVAL;
925}
926
927/* Set the MGW conference mode.
928 * All cells are listening to the conference. If there is a talker, this cell is also transmitting to the conference. */
929static int set_mgw_conference(struct gsm_trans *trans)
930{
931 struct vgcs_bss *bss;
932 struct vgcs_bss_cell *cell;
933 struct rtp_stream *rtps;
934 int rc;
935
936 /* All cells without talker are listening */
937 llist_for_each_entry(bss, &trans->gcc.bss_list, list) {
938 llist_for_each_entry(cell, &bss->cell_list, list_bss) {
939 if (!(rtps = cell->rtps))
940 continue;
941 if (rtps->crcx_conn_mode != MGCP_CONN_SEND_ONLY) {
942 LOG_CELL(cell, LOGL_DEBUG, "Setting cell %d into listening mode.\n", cell->cell_id);
943 rtp_stream_set_mode(rtps, MGCP_CONN_SEND_ONLY);
944 rc = rtp_stream_commit(rtps);
945 if (rc < 0)
946 LOG_CELL(cell, LOGL_ERROR, "Failed to commit parameters to RTP stream "
947 "for cell %d.\n", cell->cell_id);
948 }
949 }
950 }
951
952 if (trans->gcc.uplink_cell && trans->gcc.uplink_cell->rtps) {
953 cell = trans->gcc.uplink_cell;
954 rtps = cell->rtps;
955 LOG_CELL(cell, LOGL_DEBUG, "Setting cell %d into listening mode.\n", cell->cell_id);
956 rtp_stream_set_mode(rtps, MGCP_CONN_CONFECHO);
957 rc = rtp_stream_commit(rtps);
958 if (rc < 0)
959 LOG_CELL(cell, LOGL_ERROR, "Failed to commit parameters to RTP stream "
960 "for cell %d.\n", cell->cell_id);
961 }
962
963 return 0;
964}
965
966static void _assign_complete(struct gsm_trans *trans, bool send_connect)
967{
968 uint16_t cell_id;
969
Andreas Eversberge2a40882023-07-19 09:56:53 +0200[diff] [blame^]970 OSMO_ASSERT(trans->msc_a);
971
Andreas Eversberge24636c2023-04-23 12:20:55 +0200[diff] [blame]972 /* Change state. */
973 osmo_fsm_inst_state_chg(trans->gcc.fi, VGCS_GCC_ST_N2_CALL_ACTIVE, 0, 0);
974 /* Get cell ID. */
Andreas Eversberge2a40882023-07-19 09:56:53 +0200[diff] [blame^]975 cell_id = trans->msc_a->via_cell.cell_identity;
Andreas Eversberge24636c2023-04-23 12:20:55 +0200[diff] [blame]976 /* Releasing dedicated channel. */
977 release_msc_a(trans);
978 /* Send CONNECT to the calling subscriber. */
979 if (send_connect)
980 gcc_connect(trans);
981 /* Set parameter. */
982 set_parameter(trans);
983 /* Start inactivity timer, if uplink is free. */
984 if (!trans->gcc.uplink_busy)
985 start_inactivity_timer(trans);
986 /* Set cell of current talker. */
987 set_uplink_cell(trans->gcc.uplink_bss, NULL, cell_id);
988 /* Set MGW conference. */
989 set_mgw_conference(trans);
990}
991
992#define CONNECT_OPTION false
993
994static void vgcs_gcc_fsm_n0_null(struct osmo_fsm_inst *fi, uint32_t event, void *data)
995{
996 struct gsm_trans *trans = fi->priv;
997 int rc;
998
999 switch (event) {
1000 case VGCS_GCC_EV_NET_SETUP:
1001 /* Establish call towards all BSSs. */
1002 LOG_GCC(trans, LOGL_DEBUG, "Setup by network, trying to establish cells.\n");
1003 rc = gcc_establish_bss(trans);
1004 if (rc < 0) {
1005 LOG_GCC(trans, LOGL_NOTICE, "Failed to setup call to any cell.\n");
1006 gcc_terminate_and_destroy(trans, OSMO_GSM44068_CAUSE_NETWORK_FAILURE);
1007 break;
1008 }
1009 /* Keep state until established or released. */
1010 break;
1011 case VGCS_GCC_EV_NET_TERM:
1012 LOG_GCC(trans, LOGL_DEBUG, "Termination by network, destroying call.\n");
1013 /* Destroy group call in all cells. */
1014 gcc_terminate_and_destroy(trans, OSMO_GSM44068_CAUSE_NORMAL_CALL_CLEARING);
1015 break;
1016 case VGCS_GCC_EV_USER_SETUP:
1017 LOG_GCC(trans, LOGL_DEBUG, "Setup by MS, trying to establish cells.\n");
1018 /* Change state. */
1019 osmo_fsm_inst_state_chg(fi, VGCS_GCC_ST_N1_CALL_INITIATED, 0, 0);
1020 /* Establish call towards all BSSs. */
1021 rc = gcc_establish_bss(trans);
1022 if (rc < 0) {
1023 LOG_GCC(trans, LOGL_NOTICE, "Failed to setup call to any cell.\n");
1024 gcc_terminate_and_destroy(trans, OSMO_GSM44068_CAUSE_NETWORK_FAILURE);
1025 break;
1026 }
1027 if (CONNECT_OPTION) {
1028 /* Send CONNECT to the calling subscriber. */
1029 gcc_connect(trans);
1030 /* Change state. */
1031 osmo_fsm_inst_state_chg(fi, VGCS_GCC_ST_N3_CALL_EST_PROC, 0, 0);
1032 }
1033 break;
1034 case VGCS_GCC_EV_BSS_ESTABLISHED:
1035 LOG_GCC(trans, LOGL_DEBUG, "All cells establised, for a group call, sending CONNECT to caller.\n");
1036 /* Change state. */
1037 osmo_fsm_inst_state_chg(fi, VGCS_GCC_ST_N2_CALL_ACTIVE, 0, 0);
1038 /* Start inactivity timer, if uplink is free. */
1039 if (!trans->gcc.uplink_busy)
1040 start_inactivity_timer(trans);
1041 break;
1042 case VGCS_GCC_EV_BSS_RELEASED:
1043 LOG_GCC(trans, LOGL_DEBUG, "All group call in all cells failed, destroying call.\n");
1044 /* Send TERMINATE to the calling subscriber. */
1045 gcc_terminate_and_destroy(trans, OSMO_GSM44068_CAUSE_NETWORK_FAILURE);
1046 break;
1047 default:
1048 OSMO_ASSERT(false);
1049 }
1050}
1051
1052static void vgcs_gcc_fsm_n1_call_initiated(struct osmo_fsm_inst *fi, uint32_t event, void *data)
1053{
1054 struct gsm_trans *trans = fi->priv;
1055 int rc;
1056
1057 switch (event) {
1058 case VGCS_GCC_EV_NET_TERM:
1059 LOG_GCC(trans, LOGL_DEBUG, "Termination by network, destroying call.\n");
1060 /* Destroy group call in all cells. */
1061 gcc_terminate_and_destroy(trans, OSMO_GSM44068_CAUSE_NORMAL_CALL_CLEARING);
1062 break;
1063 case VGCS_GCC_EV_USER_TERM:
1064 LOG_GCC(trans, LOGL_DEBUG, "Termination by user, destroying call.\n");
1065 /* Send TERMINATE to the calling subscriber and destroy group call in all cells. */
1066 gcc_terminate_and_destroy(trans, OSMO_GSM44068_CAUSE_NORMAL_CALL_CLEARING);
1067 break;
1068 case VGCS_GCC_EV_BSS_ESTABLISHED:
1069 LOG_GCC(trans, LOGL_DEBUG, "All cells establised, for a group call, assign caller to VGCS.\n");
1070 /* Send assignment to the calling subscriber. */
1071 rc = gcc_assign(trans);
1072 if (rc < 0) {
1073 gcc_terminate_and_destroy(trans, OSMO_GSM44068_CAUSE_NETWORK_FAILURE);
1074 break;
1075 }
1076 break;
1077 case VGCS_GCC_EV_BSS_ASSIGN_CPL:
1078 LOG_GCC(trans, LOGL_DEBUG, "Assignment complete, sending CONNECT to caller, releasing channel.\n");
1079 /* Handle assignment complete */
1080 _assign_complete(trans, true);
1081 break;
1082 case VGCS_GCC_EV_BSS_ASSIGN_FAIL:
1083 LOG_GCC(trans, LOGL_DEBUG, "Assignment failed, releasing call.\n");
1084 /* Send TERMINATE to the calling subscriber. */
1085 gcc_terminate_and_destroy(trans, OSMO_GSM44068_CAUSE_NETWORK_FAILURE);
1086 break;
1087 case VGCS_GCC_EV_BSS_RELEASED:
1088 LOG_GCC(trans, LOGL_DEBUG, "All group call in all cells failed, destroying call.\n");
1089 /* Send TERMINATE to the calling subscriber. */
1090 gcc_terminate_and_destroy(trans, OSMO_GSM44068_CAUSE_NETWORK_FAILURE);
1091 break;
1092 default:
1093 OSMO_ASSERT(false);
1094 }
1095}
1096
1097static void vgcs_gcc_fsm_n2_call_active(struct osmo_fsm_inst *fi, uint32_t event, void *data)
1098{
1099 struct gsm_trans *trans = fi->priv;
1100
1101 switch (event) {
1102 case VGCS_GCC_EV_NET_TERM:
1103 LOG_GCC(trans, LOGL_DEBUG, "Termination by network, destroying call.\n");
1104 /* Destroy group call in all cells. */
1105 gcc_terminate_and_destroy(trans, OSMO_GSM44068_CAUSE_NORMAL_CALL_CLEARING);
1106 break;
1107 case VGCS_GCC_EV_USER_TERM:
1108 LOG_GCC(trans, LOGL_DEBUG, "Termination by user, destroying call.\n");
1109 /* Send TERMINATE to the calling subscriber and destroy group call in all cells. */
1110 gcc_terminate_and_destroy(trans, OSMO_GSM44068_CAUSE_NORMAL_CALL_CLEARING);
1111 break;
1112 case VGCS_GCC_EV_BSS_RELEASED:
1113 LOG_GCC(trans, LOGL_DEBUG, "All group call in all cells failed, destroying call.\n");
1114 /* Send TERMINATE to the calling subscriber. */
1115 gcc_terminate_and_destroy(trans, OSMO_GSM44068_CAUSE_NETWORK_FAILURE);
1116 break;
1117 case VGCS_GCC_EV_TIMEOUT:
1118 LOG_GCC(trans, LOGL_DEBUG, "Termination by inactivity timer, destroying call.\n");
1119 /* Destroy group call in all cells. */
1120 gcc_terminate_and_destroy(trans, OSMO_GSM44068_CAUSE_NORMAL_CALL_CLEARING);
1121 break;
1122 default:
1123 OSMO_ASSERT(false);
1124 }
1125}
1126
1127static void vgcs_gcc_fsm_n3_call_est_proc(struct osmo_fsm_inst *fi, uint32_t event, void *data)
1128{
1129 struct gsm_trans *trans = fi->priv;
1130 int rc;
1131
1132 switch (event) {
1133 case VGCS_GCC_EV_NET_TERM:
1134 LOG_GCC(trans, LOGL_DEBUG, "Termination by network, destroying call.\n");
1135 /* Destroy group call in all cells. */
1136 gcc_terminate_and_destroy(trans, OSMO_GSM44068_CAUSE_NORMAL_CALL_CLEARING);
1137 break;
1138 case VGCS_GCC_EV_USER_TERM:
1139 LOG_GCC(trans, LOGL_DEBUG, "Termination by user, destroying call.\n");
1140 /* Send TERMINATE to the calling subscriber and destroy group call in all cells. */
1141 gcc_terminate_and_destroy(trans, OSMO_GSM44068_CAUSE_NORMAL_CALL_CLEARING);
1142 break;
1143 case VGCS_GCC_EV_BSS_ESTABLISHED:
1144 LOG_GCC(trans, LOGL_DEBUG, "All cells establised, for a group call, assign caller to VGCS.\n");
1145 /* Send assignment to the calling subscriber. */
1146 rc = gcc_assign(trans);
1147 if (rc < 0) {
1148 gcc_terminate_and_destroy(trans, OSMO_GSM44068_CAUSE_NETWORK_FAILURE);
1149 break;
1150 }
1151 break;
1152 case VGCS_GCC_EV_BSS_ASSIGN_CPL:
1153 LOG_GCC(trans, LOGL_DEBUG, "Assignment complete, sending CONNECT to caller, releasing channel.\n");
1154 /* Handle assignment complete */
1155 _assign_complete(trans, false);
1156 break;
1157 case VGCS_GCC_EV_BSS_ASSIGN_FAIL:
1158 LOG_GCC(trans, LOGL_DEBUG, "Assignment failed, releasing call.\n");
1159 /* Send TERMINATE to the calling subscriber. */
1160 gcc_terminate_and_destroy(trans, OSMO_GSM44068_CAUSE_NETWORK_FAILURE);
1161 break;
1162 case VGCS_GCC_EV_BSS_RELEASED:
1163 LOG_GCC(trans, LOGL_DEBUG, "All group call in all cells failed, destroying call.\n");
1164 /* Send TERMINATE to the calling subscriber. */
1165 gcc_terminate_and_destroy(trans, OSMO_GSM44068_CAUSE_NETWORK_FAILURE);
1166 break;
1167 default:
1168 OSMO_ASSERT(false);
1169 }
1170}
1171
1172static const struct osmo_fsm_state vgcs_gcc_fsm_states[] = {
1173 [VGCS_GCC_ST_N0_NULL] = {
1174 .name = "NULL (N0)",
1175 .in_event_mask = S(VGCS_GCC_EV_NET_SETUP) |
1176 S(VGCS_GCC_EV_NET_TERM) |
1177 S(VGCS_GCC_EV_USER_SETUP) |
1178 S(VGCS_GCC_EV_BSS_ESTABLISHED) |
1179 S(VGCS_GCC_EV_BSS_RELEASED),
1180 .out_state_mask = S(VGCS_GCC_ST_N1_CALL_INITIATED) |
1181 S(VGCS_GCC_ST_N2_CALL_ACTIVE),
1182 .action = vgcs_gcc_fsm_n0_null,
1183 },
1184 [VGCS_GCC_ST_N1_CALL_INITIATED] = {
1185 .name = "CALL INITATED (N1)",
1186 .in_event_mask = S(VGCS_GCC_EV_NET_TERM) |
1187 S(VGCS_GCC_EV_USER_TERM) |
1188 S(VGCS_GCC_EV_BSS_ESTABLISHED) |
1189 S(VGCS_GCC_EV_BSS_ASSIGN_CPL) |
1190 S(VGCS_GCC_EV_BSS_ASSIGN_FAIL) |
1191 S(VGCS_GCC_EV_BSS_RELEASED),
1192 .out_state_mask = S(VGCS_GCC_ST_N0_NULL) |
1193 S(VGCS_GCC_ST_N2_CALL_ACTIVE) |
1194 S(VGCS_GCC_ST_N3_CALL_EST_PROC),
1195 .action = vgcs_gcc_fsm_n1_call_initiated,
1196 },
1197 [VGCS_GCC_ST_N2_CALL_ACTIVE] = {
1198 .name = "CALL ACTIVE (N2)",
1199 .in_event_mask = S(VGCS_GCC_EV_NET_TERM) |
1200 S(VGCS_GCC_EV_USER_TERM) |
1201 S(VGCS_GCC_EV_BSS_RELEASED) |
1202 S(VGCS_GCC_EV_TIMEOUT),
1203 .out_state_mask = S(VGCS_GCC_ST_N0_NULL),
1204 .action = vgcs_gcc_fsm_n2_call_active,
1205 },
1206 [VGCS_GCC_ST_N3_CALL_EST_PROC] = {
1207 .name = "CALL EST PROCEEDING (N3)",
1208 .in_event_mask = S(VGCS_GCC_EV_NET_TERM) |
1209 S(VGCS_GCC_EV_USER_TERM) |
1210 S(VGCS_GCC_EV_BSS_ESTABLISHED) |
1211 S(VGCS_GCC_EV_BSS_ASSIGN_CPL) |
1212 S(VGCS_GCC_EV_BSS_ASSIGN_FAIL) |
1213 S(VGCS_GCC_EV_BSS_RELEASED),
1214 .out_state_mask = S(VGCS_GCC_ST_N2_CALL_ACTIVE) |
1215 S(VGCS_GCC_ST_N0_NULL),
1216 .action = vgcs_gcc_fsm_n3_call_est_proc,
1217 },
1218 // We don't need a state to wait for the group call to be terminated in all cells
1219};
1220
1221static struct osmo_fsm vgcs_bcc_fsm = {
1222 .name = "bcc",
1223 .states = vgcs_gcc_fsm_states,
1224 .num_states = ARRAY_SIZE(vgcs_gcc_fsm_states),
1225 .log_subsys = DBCC,
1226 .event_names = vgcs_gcc_fsm_event_names,
1227};
1228
1229static struct osmo_fsm vgcs_gcc_fsm = {
1230 .name = "gcc",
1231 .states = vgcs_gcc_fsm_states,
1232 .num_states = ARRAY_SIZE(vgcs_gcc_fsm_states),
1233 .log_subsys = DGCC,
1234 .event_names = vgcs_gcc_fsm_event_names,
1235};
1236
1237const char *vgcs_bcc_gcc_state_name(struct osmo_fsm_inst *fi)
1238{
1239 return vgcs_gcc_fsm_states[fi->state].name;
1240}
1241
1242static int update_uplink_state(struct vgcs_bss *bss, bool uplink_busy);
1243
1244/* Receive RR messages from calling subscriber, prior assignment to VGCS/VBS. */
1245int gsm44068_rcv_rr(struct msc_a *msc_a, struct msgb *msg)
1246{
1247 struct gsm_trans *trans = NULL;
1248 struct gsm48_hdr *gh;
1249 uint8_t msg_type;
1250
1251 gh = msgb_l3(msg);
1252 msg_type = gsm48_hdr_msg_type(gh);
1253
1254 /* Find transaction. */
1255 trans = trans_find_by_type(msc_a, TRANS_GCC);
1256 if (!trans)
1257 trans = trans_find_by_type(msc_a, TRANS_BCC);
1258
1259 if (!trans) {
1260 LOG_GCC(trans, LOGL_ERROR, "No VGCS/VBS transaction.\n");
1261 return -EINVAL;
1262 }
1263
1264 /* In case the phone releases uplink prior being assigned to a VGCS */
1265 if (msg_type == GSM48_MT_RR_UPLINK_RELEASE) {
1266 struct vgcs_bss *bss;
1267
1268 LOG_GCC(trans, LOGL_INFO, "Received UPLINK RELEASE on initial channel.\n");
1269 /* Clear the busy flag and unblock all cells. */
1270 trans->gcc.uplink_bss = NULL;
1271 trans->gcc.uplink_cell = NULL;
1272 trans->gcc.uplink_busy = false;
1273 llist_for_each_entry(bss, &trans->gcc.bss_list, list) {
1274 /* Update uplink state. */
1275 update_uplink_state(bss, trans->gcc.uplink_busy);
1276 }
1277 /* Start inactivity timer. */
1278 start_inactivity_timer(bss->trans);
1279 /* Next, the MS will switch to the VGCS as listener. Nothing else to do here. */
1280 }
1281
1282 return 0;
1283}
1284
1285/* Allocation of transaction for group call */
1286static struct gsm_trans *trans_alloc_vgcs(struct gsm_network *net,
1287 struct vlr_subscr *vsub,
1288 enum trans_type trans_type, uint8_t transaction_id,
1289 uint32_t callref,
1290 struct gcr *gcr,
1291 bool uplink_busy)
1292{
1293 struct gsm_trans *trans;
1294
1295 trans = trans_alloc(net, vsub, trans_type, transaction_id, callref);
1296 if (!trans) {
1297 LOG_GCC(trans, LOGL_ERROR, "No memory for trans.\n");
1298 return NULL;
1299 }
1300 /* The uplink is busy when the call is started until the calling subscriber releases. */
1301 trans->gcc.uplink_busy = uplink_busy;
1302 trans->gcc.uplink_originator = true;
1303 INIT_LLIST_HEAD(&trans->gcc.bss_list);
1304 trans->gcc.inactivity_to = gcr->timeout;
1305 trans->gcc.mute_talker = gcr->mute_talker;
1306 trans->gcc.timer_inactivity.data = trans;
1307 trans->gcc.timer_inactivity.cb = inactivity_timer_cb;
1308 trans->gcc.fi = osmo_fsm_inst_alloc((trans_type == TRANS_GCC) ? &vgcs_gcc_fsm : &vgcs_bcc_fsm,
1309 trans, trans, LOGL_DEBUG, NULL);
1310 if (!trans->gcc.fi) {
1311 LOG_GCC(trans, LOGL_ERROR, "No memory for state machine.\n");
1312 trans_free(trans);
1313 return NULL;
1314 }
1315
1316 return trans;
1317}
1318
1319/* Create transaction from incoming voice group/broadcast call. */
1320static struct gsm_trans *trans_create_bcc_gcc(struct msc_a *msc_a, enum trans_type trans_type, uint8_t transaction_id,
1321 uint8_t pdisc, uint8_t msg_type, uint32_t callref)
1322{
1323 struct gsm_network *net = msc_a_net(msc_a);
1324 struct vlr_subscr *vsub = msc_a_vsub(msc_a);
1325 struct gsm_trans *trans = NULL;
1326 struct gcr *gcr;
1327 int rc;
1328
1329 if (!msc_a) {
1330 LOG_GCC(trans, LOGL_ERROR, "Invalid conn: no msc_a\n");
1331 return NULL;
1332 }
1333 if (!vsub) {
1334 LOG_GCC(trans, LOGL_ERROR, "Invalid conn: no subscriber\n");
1335 return NULL;
1336 }
1337
1338 /* An earlier CM Service Request for this CC message now has concluded */
1339 if (!osmo_use_count_by(&msc_a->use_count,
1340 (trans_type == TRANS_GCC) ? MSC_A_USE_CM_SERVICE_GCC : MSC_A_USE_CM_SERVICE_BCC))
1341 LOG_MSC_A(msc_a, LOGL_ERROR,
1342 "Creating new %s transaction without prior CM Service Request.\n",
1343 get_value_string(trans_type_names, trans_type));
1344 else
1345 msc_a_put(msc_a,
1346 (trans_type == TRANS_GCC) ? MSC_A_USE_CM_SERVICE_GCC : MSC_A_USE_CM_SERVICE_BCC);
1347
1348 /* A transaction must be created with a SETUP message. */
1349 if (msg_type != OSMO_GSM44068_MSGT_IMMEDIATE_SETUP
1350 && msg_type != OSMO_GSM44068_MSGT_SETUP
1351 && msg_type != OSMO_GSM44068_MSGT_IMMEDIATE_SETUP_2) {
1352 LOG_GCC(trans, LOGL_ERROR, "No transaction and message is not a SETUP.\n");
1353 return NULL;
1354 }
1355
1356 /* Check if callref already exists. */
1357 trans = trans_find_by_callref(net, trans_type, callref);
1358 if (trans) {
1359 LOG_GCC(trans, LOGL_INFO, "Call to existing %s with callref %s, rejecting!\n",
1360 trans_type_name(trans_type), gsm44068_group_id_string(callref));
1361 rc = gsm44068_tx_termination(msc_a, NULL,
1362 pdisc | (transaction_id << 4),
1363 OSMO_GSM44068_MSGT_TERMINATION,
1364 OSMO_GSM44068_CAUSE_BUSY, NULL, 0);
1365 if (rc < 0)
1366 LOG_GCC(trans, LOGL_ERROR, "Failed to send TERMINATION towards MS.\n");
1367 return 0;
1368 }
1369
1370 /* Check GCR for Group ID. */
1371 gcr = gcr_by_callref(net, trans_type, callref);
1372 if (!gcr) {
1373 LOG_GCC(trans, LOGL_INFO, "No Group configured for %s callref %s, rejecting!\n",
1374 trans_type_name(trans_type), gsm44068_group_id_string(callref));
1375 // FIXME: Better cause value for a group that does not exist ?
1376 rc = gsm44068_tx_termination(msc_a, NULL,
1377 pdisc | (transaction_id << 4),
1378 OSMO_GSM44068_MSGT_TERMINATION,
1379 OSMO_GSM44068_CAUSE_REQUESTED_SERVICE_NOT_SUB, NULL, 0);
1380 if (rc < 0)
1381 LOG_GCC(trans, LOGL_ERROR, "Failed to send TERMINATION towards MS.\n");
1382 return 0;
1383 }
1384
1385 /* Create transaction, uplink is busy. */
1386 trans = trans_alloc_vgcs(net, vsub, trans_type, transaction_id, callref, gcr, true);
1387 if (!trans) {
1388 rc = gsm44068_tx_termination(msc_a, NULL,
1389 pdisc | (transaction_id << 4),
1390 OSMO_GSM44068_MSGT_TERMINATION,
1391 OSMO_GSM44068_CAUSE_NETWORK_FAILURE, NULL, 0);
1392 if (rc < 0)
1393 LOG_GCC(trans, LOGL_ERROR, "Failed to send TERMINATION towards MS.\n");
1394 return NULL;
1395 }
1396
1397 if (osmo_fsm_inst_dispatch(msc_a->c.fi, MSC_A_EV_TRANSACTION_ACCEPTED, trans)) {
1398 LOG_MSC_A(msc_a, LOGL_ERROR, "Not allowed to accept %s transaction.\n",
1399 get_value_string(trans_type_names, trans_type));
1400 gcc_terminate_and_destroy(trans, OSMO_GSM44068_CAUSE_NETWORK_FAILURE);
1401 return NULL;
1402 }
1403
1404 /* Assign transaction */
1405 msc_a_get(msc_a, (trans_type == TRANS_GCC) ? MSC_A_USE_GCC : MSC_A_USE_BCC);
1406 trans->msc_a = msc_a;
1407 trans->dlci = 0; /* main DCCH */
1408
1409 return trans;
1410}
1411
1412/* Receive GCC/BCC messages from calling subscriber, depending on the PDISC used. */
1413int gsm44068_rcv_bcc_gcc(struct msc_a *msc_a, struct gsm_trans *trans, struct msgb *msg)
1414{
1415 struct gsm48_hdr *gh = msgb_l3(msg);
1416 uint8_t msg_type = gsm48_hdr_msg_type(gh);
1417 uint8_t pdisc = gsm48_hdr_pdisc(gh);
1418 uint8_t transaction_id = gsm48_hdr_trans_id_flip_ti(gh);
1419 enum trans_type trans_type = (pdisc == GSM48_PDISC_GROUP_CC) ? TRANS_GCC : TRANS_BCC;
1420
1421 uint8_t key_seq;
1422 bool talker_prio_requested;
1423 bool with_talker_prio;
1424 uint8_t talker_prio;
1425 struct gsm48_classmark2 cm2;
1426 struct osmo_mobile_identity mi;
1427 uint32_t callref;
1428 bool with_prio;
1429 uint8_t prio;
1430 char user_user[64] = "";
1431 uint8_t cause;
1432 uint8_t diag[256];
1433 uint8_t diag_len;
1434 bool with_call_state;
1435 enum osmo_gsm44068_call_state call_state;
1436 bool with_state_attrs;
1437 uint8_t da, ua, comm, oi;
1438 int rc = 0;
1439
1440 /* Remove sequence number (bit 7) from message type. */
1441 msg_type &= 0xbf;
1442
1443 /* Parse messages. */
1444 switch (msg_type) {
1445 case OSMO_GSM44068_MSGT_SETUP:
1446 rc = gsm44068_rx_setup(msg, &talker_prio_requested, &talker_prio, &callref, &with_prio, &prio,
1447 user_user);
1448 break;
1449 case OSMO_GSM44068_MSGT_IMMEDIATE_SETUP:
1450 case OSMO_GSM44068_MSGT_IMMEDIATE_SETUP_2:
1451 rc = gsm44068_rx_immediate_setup(msg, &talker_prio, &key_seq, &cm2, &mi, &callref, &with_prio, &prio,
1452 user_user);
1453 break;
1454 case OSMO_GSM44068_MSGT_STATUS:
1455 rc = gsm44068_rx_status(msg, &cause, diag, &diag_len, &with_call_state, &call_state,
1456 &with_state_attrs, &da, &ua, &comm, &oi);
1457 break;
1458 case OSMO_GSM44068_MSGT_TERMINATION_REQUEST:
1459 rc = gsm44068_rx_termination_req(msg, &callref, &with_prio, &prio, &with_talker_prio, &talker_prio);
1460 break;
1461 default:
1462 LOG_GCC(trans, LOGL_ERROR, "Invalid message type: 0x%02x\n", msg_type);
1463 return -EINVAL;
1464 }
1465 if (rc < 0)
1466 return rc;
1467
1468 /* Find transaction, if called from msc_a. */
1469 if (!trans)
1470 trans = trans_find_by_id(msc_a, trans_type, transaction_id);
1471
1472 /* Create transaction for SETUP message. */
1473 if (!trans) {
1474 trans = trans_create_bcc_gcc(msc_a, trans_type, transaction_id, pdisc, msg_type, callref);
1475 if (!trans)
1476 return -EINVAL;
1477 } else {
1478 /* A phone may not call while a VGCS is already active */
1479 if (msg_type == OSMO_GSM44068_MSGT_IMMEDIATE_SETUP
1480 || msg_type == OSMO_GSM44068_MSGT_SETUP
1481 || msg_type == OSMO_GSM44068_MSGT_IMMEDIATE_SETUP_2) {
1482 LOG_GCC(trans, LOGL_ERROR, "Received SETUP while call is already set up, rejecting.\n");
1483 rc = gsm44068_tx_termination(msc_a, NULL,
1484 pdisc | (transaction_id << 4),
1485 OSMO_GSM44068_MSGT_TERMINATION,
1486 OSMO_GSM44068_CAUSE_NETWORK_FAILURE, NULL, 0);
1487 if (rc < 0)
1488 LOG_GCC(trans, LOGL_ERROR, "Failed to send TERMINATION towards MS.\n");
1489 return -EINVAL;
1490 }
1491 }
1492
1493 /* Handle received GCC messages (trigger state machine). */
1494 switch (msg_type) {
1495 case OSMO_GSM44068_MSGT_IMMEDIATE_SETUP:
1496 case OSMO_GSM44068_MSGT_SETUP:
1497 case OSMO_GSM44068_MSGT_IMMEDIATE_SETUP_2:
1498 LOG_GCC(trans, LOGL_INFO, "Received SETUP.\n");
1499 osmo_fsm_inst_dispatch(trans->gcc.fi, VGCS_GCC_EV_USER_SETUP, NULL);
1500 break;
1501 case OSMO_GSM44068_MSGT_STATUS:
1502 LOG_GCC(trans, LOGL_NOTICE, "Received STATUS with cause %d (%s).\n", cause,
1503 get_value_string(osmo_gsm44068_cause_names, cause));
1504 if (diag_len)
1505 LOG_GCC(trans, LOGL_NOTICE, " -> diagnostics: %s\n", osmo_hexdump(diag, diag_len));
1506 if (with_call_state)
1507 LOG_GCC(trans, LOGL_NOTICE, " -> call state %s\n",
1508 get_value_string(osmo_gsm44068_call_state_names, call_state));
1509 break;
1510 case OSMO_GSM44068_MSGT_TERMINATION_REQUEST:
1511 LOG_GCC(trans, LOGL_INFO, "Received TERMINATRION REQUEST.\n");
1512 if (callref != trans->callref) {
1513 LOG_GCC(trans, LOGL_NOTICE, "Received callref 0x%x does not match!\n", callref);
1514 break;
1515 }
1516 osmo_fsm_inst_dispatch(trans->gcc.fi, VGCS_GCC_EV_USER_TERM, NULL);
1517 break;
1518 }
1519
1520 return 0;
1521}
1522
1523static void bss_clear(struct vgcs_bss *bss, uint8_t cause, bool notify_trans);
1524
1525/* Call Control Specific transaction release.
1526 * gets called by trans_free, DO NOT CALL YOURSELF! */
1527void gsm44068_bcc_gcc_trans_free(struct gsm_trans *trans)
1528{
1529 struct vgcs_bss *bss, *bss2;
1530
1531 /* Change state. */
1532 osmo_fsm_inst_state_chg(trans->gcc.fi, VGCS_GCC_ST_N0_NULL, 0, 0);
1533
1534 /* Free FSM. */
1535 if (trans->gcc.fi)
1536 osmo_fsm_inst_term(trans->gcc.fi, OSMO_FSM_TERM_REGULAR, NULL);
1537
1538 /* Remove relations to cells.
1539 * We must loop safe, because bss_clear() will detach every call control instance from list. */
1540 llist_for_each_entry_safe(bss, bss2, &trans->gcc.bss_list, list)
1541 osmo_fsm_inst_dispatch(bss->fi, VGCS_BSS_EV_CLEAR, NULL);
1542
1543 /* Stop inactivity timer. */
1544 stop_inactivity_timer(trans);
1545}
1546
1547/* Create a new call from VTY command. */
1548const char *vgcs_vty_initiate(struct gsm_network *gsmnet, struct gcr *gcr)
1549{
1550 enum trans_type trans_type;
1551 uint32_t callref;
1552 struct gsm_trans *trans;
1553
1554 /* Get callref from stored suffix. Caller cannot choose a prefix. */
1555 trans_type = gcr->trans_type;
1556 callref = atoi(gcr->group_id);
1557
1558 /* Check if callref already exists. */
1559 trans = trans_find_by_callref(gsmnet, trans_type, callref);
1560 if (trans) {
1561 LOG_GCC(trans, LOGL_INFO, "Call to existing %s with callref %s, rejecting!\n",
1562 trans_type_name(trans_type), gsm44068_group_id_string(callref));
1563 return "Call already exists.";
1564 }
1565
1566 /* Create transaction, uplink is free. */
1567 trans = trans_alloc_vgcs(gsmnet, NULL, trans_type, 0, callref, gcr, false);
1568 if (!trans) {
1569 LOG_GCC(trans, LOGL_ERROR, "No memory for trans.\n");
1570 return "Failed to create call.";
1571 }
1572
1573 LOG_GCC(trans, LOGL_INFO, "VTY initiates call.\n");
1574 osmo_fsm_inst_dispatch(trans->gcc.fi, VGCS_GCC_EV_NET_SETUP, NULL);
1575
1576 return NULL;
1577}
1578
1579/* Destroy a call from VTY command. */
1580const char *vgcs_vty_terminate(struct gsm_network *gsmnet, struct gcr *gcr)
1581{
1582 enum trans_type trans_type;
1583 uint32_t callref;
1584 struct gsm_trans *trans;
1585
1586 /* Get callref from stored suffix. Caller cannot choose a prefix. */
1587 trans_type = gcr->trans_type;
1588 callref = atoi(gcr->group_id);
1589
1590 /* Check if callref exists. */
1591 trans = trans_find_by_callref(gsmnet, trans_type, callref);
1592 if (!trans)
1593 return "Call does not exist.";
1594
1595 LOG_GCC(trans, LOGL_INFO, "VTY terminates call.\n");
1596 osmo_fsm_inst_dispatch(trans->gcc.fi, VGCS_GCC_EV_NET_TERM, NULL);
1597
1598 return NULL;
1599}
1600
1601/*
1602 * BSS state machine - handles all BSS "call control" instances
1603 */
1604
1605static const struct value_string vgcs_bss_fsm_event_names[] = {
1606 OSMO_VALUE_STRING(VGCS_BSS_EV_SETUP),
1607 OSMO_VALUE_STRING(VGCS_BSS_EV_SETUP_ACK),
1608 OSMO_VALUE_STRING(VGCS_BSS_EV_SETUP_REFUSE),
1609 OSMO_VALUE_STRING(VGCS_BSS_EV_ACTIVE_OR_FAIL),
1610 OSMO_VALUE_STRING(VGCS_BSS_EV_UL_REQUEST),
1611 OSMO_VALUE_STRING(VGCS_BSS_EV_UL_REQUEST_CNF),
1612 OSMO_VALUE_STRING(VGCS_BSS_EV_UL_APP_DATA),
1613 OSMO_VALUE_STRING(VGCS_BSS_EV_BSS_DTAP),
1614 OSMO_VALUE_STRING(VGCS_BSS_EV_UL_RELEASE),
1615 OSMO_VALUE_STRING(VGCS_BSS_EV_CLEAR),
1616 OSMO_VALUE_STRING(VGCS_BSS_EV_CLOSE),
1617 OSMO_VALUE_STRING(VGCS_BSS_EV_RELEASED),
1618 { }
1619};
1620
1621/* Blocks or unblocks uplinks of a BSS. */
1622static int update_uplink_state(struct vgcs_bss *bss, bool uplink_busy)
1623{
1624 struct ran_msg ran_msg;
1625 int rc;
1626
1627 if (uplink_busy) {
1628 /* Send UPLINK SEIZED COMMAND to BSS. */
1629 LOG_BSS(bss, LOGL_DEBUG, "Sending (VGCS) UPLINK SEIZED COMMAND towards BSS.\n");
1630 ran_msg = (struct ran_msg){
1631 .msg_type = RAN_MSG_UPLINK_SEIZED_CMD,
1632 .uplink_seized_cmd = {
1633 .cause = GSM0808_CAUSE_CALL_CONTROL,
1634 },
1635 };
1636 } else {
1637 /* Send UPLINK RELEASE COMMAND to BSS. */
1638 LOG_BSS(bss, LOGL_DEBUG, "Sending (VGCS) UPLINK RELEASE COMMAND towards BSS.\n");
1639 ran_msg = (struct ran_msg){
1640 .msg_type = RAN_MSG_UPLINK_RELEASE_CMD,
1641 .uplink_release_cmd = {
1642 .cause = GSM0808_CAUSE_CALL_CONTROL,
1643 },
1644 };
1645 }
1646
1647 rc = ran_encode_and_send(bss->fi, &ran_msg, bss->conn, false);
1648
1649 return rc;
1650}
1651
1652/* Clear the connection towards BSS.
1653 * The instance is removed soon, so it is detached from transaction and cells. */
1654static void bss_clear(struct vgcs_bss *bss, uint8_t cause, bool notify_trans)
1655{
1656 struct ran_msg ran_msg;
1657 struct gsm_trans *trans = bss->trans;
1658 struct vgcs_bss_cell *cell, *cell2;
1659
1660 /* Must detach us from transaction. */
1661 if (bss->trans) {
1662 /* Remove pointer to talking BSS and cell. */
1663 if (bss == bss->trans->gcc.uplink_bss) {
1664 bss->trans->gcc.uplink_bss = NULL;
1665 bss->trans->gcc.uplink_cell = NULL;
1666 }
1667 llist_del(&bss->list);
1668 bss->trans = NULL;
1669 }
1670
1671 /* Change state. */
1672 osmo_fsm_inst_state_chg(bss->fi, VGCS_BSS_ST_RELEASE, 0, 0);
1673
1674 /* Send Clear Command to BSS. */
1675 ran_msg = (struct ran_msg){
1676 .msg_type = RAN_MSG_CLEAR_COMMAND,
1677 .clear_command = {
1678 .gsm0808_cause = cause,
1679 },
1680 };
1681 if (bss->conn) {
1682 LOG_BSS(bss, LOGL_DEBUG, "Sending CLEAR COMMAND for call controling channel.\n");
1683 ran_encode_and_send(bss->fi, &ran_msg, bss->conn, false);
1684 }
1685
1686 /* Trigger clear of all cells. Be safe, because the process will remove cells from list. */
1687 llist_for_each_entry_safe(cell, cell2, &bss->cell_list, list_bss)
1688 osmo_fsm_inst_dispatch(cell->fi, VGCS_CELL_EV_CLEAR, NULL);
1689
1690 /* Detach us from all BSS, if still linked */
1691 llist_for_each_entry_safe(cell, cell2, &bss->cell_list, list_bss) {
1692 llist_del(&cell->list_bss);
1693 cell->bss = NULL;
1694 }
1695
1696 /* If all BS are gone, notify calling subscriber process. */
1697 if (notify_trans && trans && llist_empty(&trans->gcc.bss_list)) {
1698 LOG_BSS(bss, LOGL_DEBUG, "Notify calling user process, that all BSSs are cleared.\n");
1699 osmo_fsm_inst_dispatch(trans->gcc.fi, VGCS_GCC_EV_BSS_RELEASED, NULL);
1700 }
1701}
1702
1703/* When finally the BSS connection is released. (CLEAR COMPLETE response)
1704 * The instance is removed, so it is detached from transaction and cells, if not already. */
1705static void bss_destroy(struct vgcs_bss *bss)
1706{
1707 struct vgcs_bss_cell *cell, *cell2;
1708
1709 LOG_BSS(bss, LOGL_DEBUG, "Removing BSS call controling instance.\n");
1710
1711 /* Must detach us from transaction, if not already. */
1712 if (bss->trans) {
1713 /* Remove pointer to talking BSS and cell. */
1714 if (bss == bss->trans->gcc.uplink_bss) {
1715 bss->trans->gcc.uplink_bss = NULL;
1716 bss->trans->gcc.uplink_cell = NULL;
1717 }
1718 llist_del(&bss->list);
1719 bss->trans = NULL;
1720 }
1721
1722 /* Detach us from RAN connection. */
1723 if (bss->conn) {
1724 if (bss->conn->vgcs.bss == bss)
1725 bss->conn->vgcs.bss = NULL;
1726 if (bss->conn->vgcs.cell == bss)
1727 bss->conn->vgcs.cell = NULL;
1728 ran_conn_close(bss->conn);
1729 bss->conn = NULL;
1730 }
1731
1732 /* Detach us from all BSS, if still linked */
1733 llist_for_each_entry_safe(cell, cell2, &bss->cell_list, list_bss) {
1734 llist_del(&cell->list_bss);
1735 cell->bss = NULL;
1736 }
1737
1738 /* Free FSM. (should be allocated) */
1739 osmo_fsm_inst_state_chg(bss->fi, VGCS_BSS_ST_NULL, 0, 0);
1740 osmo_fsm_inst_term(bss->fi, OSMO_FSM_TERM_REGULAR, NULL);
1741}
1742
1743/* Get identity of talker.
1744 * This is required to detect if the talker is the calling subscriber. */
1745static int talker_identity(struct vgcs_bss *bss, uint8_t *l3, int l3_len)
1746{
1747 struct osmo_mobile_identity mi;
1748 int rc;
1749
1750 puts(osmo_hexdump(l3, l3_len));
1751 rc = osmo_mobile_identity_decode_from_l3_buf(&mi, l3, l3_len, false);
1752 if (rc < 0) {
1753 LOG_BSS(bss, LOGL_DEBUG, "Talker's Identity cannot be decoded.\n");
1754 return rc;
1755 }
1756
1757 switch (mi.type) {
1758 case GSM_MI_TYPE_IMSI:
1759 if (!bss->trans->vsub)
1760 break;
1761 LOG_BSS(bss, LOGL_DEBUG, "Talker's sends IMSI %s, originator has IMSI %s.\n",
1762 mi.imsi, bss->trans->vsub->imsi);
1763 if (!strcmp(mi.imsi, bss->trans->vsub->imsi))
1764 return 1;
1765 break;
1766 case GSM_MI_TYPE_TMSI:
1767 if (!bss->trans->vsub)
1768 break;
1769 LOG_BSS(bss, LOGL_DEBUG, "Talker's sends TMSI 0x%08x, originator has TMSI 0x%08x.\n",
1770 mi.tmsi, bss->trans->vsub->tmsi);
1771 if (mi.tmsi == bss->trans->vsub->tmsi)
1772 return 1;
1773 break;
1774 default:
1775 LOG_BSS(bss, LOGL_DEBUG, "Talker's Identity is not IMSI nor TMSI.\n");
1776 return -EINVAL;
1777 }
1778
1779 return 0;
1780}
1781
1782static void vgcs_bss_fsm_null(struct osmo_fsm_inst *fi, uint32_t event, void *data)
1783{
1784 struct vgcs_bss *bss = fi->priv;
1785 struct ran_msg ran_msg;
1786
1787 switch (event) {
1788 case VGCS_BSS_EV_SETUP:
1789 /* Change state. */
1790 osmo_fsm_inst_state_chg(fi, VGCS_BSS_ST_SETUP, 0, 0);
1791 /* Send VGCS/VBS SETUP to BSS. */
1792 LOG_BSS(bss, LOGL_DEBUG, "Sending VGCS/VBS SETUP towards BSS.\n");
1793 ran_msg = (struct ran_msg){
1794 .msg_type = RAN_MSG_VGCS_VBS_SETUP,
1795 .vgcs_vbs_setup = {
1796 .callref = {
1797 .sf = (bss->trans->type == TRANS_GCC),
1798 },
1799 .vgcs_feature_flags_present = true,
1800 },
1801 };
1802 osmo_store32be_ext(bss->callref >> 3, &ran_msg.vgcs_vbs_setup.callref.call_ref_hi, 3);
1803 ran_msg.vgcs_vbs_setup.callref.call_ref_lo = bss->callref & 0x7;
1804 /* First message, so we must set "initial" to "true". */
1805 ran_encode_and_send(fi, &ran_msg, bss->conn, true);
1806 break;
1807 case VGCS_BSS_EV_CLEAR:
1808 /* The calling user process requested clearing of VGCS/VBS call. */
1809 LOG_BSS(bss, LOGL_DEBUG, "Received clearing from calling user process.\n");
1810 bss_clear(bss, GSM0808_CAUSE_CALL_CONTROL, false);
1811 break;
1812 default:
1813 OSMO_ASSERT(false);
1814 }
1815}
1816
1817static void vgcs_bss_fsm_setup(struct osmo_fsm_inst *fi, uint32_t event, void *data)
1818{
1819 struct vgcs_bss *bss = fi->priv;
1820 struct vgcs_bss_cell *cell, *cell2;
1821
1822 switch (event) {
1823 case VGCS_BSS_EV_SETUP_ACK:
1824 /* Receive VGCS/VBS SETUP ACK from BSS. */
1825 LOG_BSS(bss, LOGL_DEBUG, "Received VGCS/VBS SETUP ACK from BSS.\n");
1826 /* Send current uplink state to this BSS. */
1827 if (bss->trans)
1828 update_uplink_state(bss, bss->trans->gcc.uplink_busy);
1829 /* Change state. */
1830 osmo_fsm_inst_state_chg(fi, VGCS_BSS_ST_ASSIGNMENT, 0, 0);
1831 /* Trigger VGCS/VBS ASSIGNMENT */
1832 llist_for_each_entry_safe(cell, cell2, &bss->cell_list, list_bss)
1833 osmo_fsm_inst_dispatch(cell->fi, VGCS_CELL_EV_ASSIGN, NULL);
1834 /* If all failed, clear call. */
1835 if (llist_empty(&bss->cell_list)) {
1836 LOG_BSS(bss, LOGL_NOTICE, "All VGCS/VBS assignments failed.\n");
1837 bss_clear(bss, GSM0808_CAUSE_PROTOCOL_ERROR_BETWEEN_BSS_AND_MSC, true);
1838 break;
1839 }
1840 break;
1841 case VGCS_BSS_EV_SETUP_REFUSE:
1842 /* Received VGCS/VBS SETUP REFUSE from BSS. */
1843 LOG_BSS(bss, LOGL_NOTICE, "Received VGCS/VBS SETUP REFUSE from BSS.\n");
1844 bss_clear(bss, GSM0808_CAUSE_PROTOCOL_ERROR_BETWEEN_BSS_AND_MSC, true);
1845 break;
1846 case VGCS_BSS_EV_CLEAR:
1847 /* The calling user process requested clearing of VGCS/VBS call. */
1848 LOG_BSS(bss, LOGL_DEBUG, "Received clearing from calling user process.\n");
1849 bss_clear(bss, GSM0808_CAUSE_CALL_CONTROL, false);
1850 break;
1851 case VGCS_BSS_EV_CLOSE:
1852 /* The SCCP connection from the MSC has been closed. */
1853 LOG_BSS(bss, LOGL_NOTICE, "Received SCCP connecting closing from MSC.\n");
1854 if (bss->conn) {
1855 bss->conn->vgcs.bss = NULL;
1856 bss->conn = NULL;
1857 }
1858 bss_clear(bss, GSM0808_CAUSE_PROTOCOL_ERROR_BETWEEN_BSS_AND_MSC, true);
1859 break;
1860 default:
1861 OSMO_ASSERT(false);
1862 }
1863}
1864
1865static void vgcs_bss_fsm_assignment(struct osmo_fsm_inst *fi, uint32_t event, void *data)
1866{
1867 struct vgcs_bss *bss = fi->priv;
1868 struct vgcs_bss_cell *c;
1869 bool assigned;
1870
1871 switch (event) {
1872 case VGCS_BSS_EV_ACTIVE_OR_FAIL:
1873 /* If all gone, clear call. */
1874 if (llist_empty(&bss->cell_list)) {
1875 LOG_BSS(bss, LOGL_NOTICE, "All VGCS/VBS assignments failed.\n");
1876 bss_clear(bss, GSM0808_CAUSE_PROTOCOL_ERROR_BETWEEN_BSS_AND_MSC, true);
1877 break;
1878 }
1879 /* Is there a response for all cells?
1880 * This means that all the channels have a positive response
1881 * There is no channel with negative response, because a
1882 * negative response will remove the channel. */
1883 assigned = true;
1884 llist_for_each_entry(c, &bss->cell_list, list_bss) {
1885 if (!c->assigned)
1886 assigned = false;
1887 }
1888 if (!assigned)
1889 break;
1890 LOG_BSS(bss, LOGL_DEBUG, "All VGCS/VBS assignments have responded.\n");
1891 /* Change state. */
1892 osmo_fsm_inst_state_chg(fi, VGCS_BSS_ST_ACTIVE, 0, 0);
1893 /* Notify calling subscriber process. */
1894 LOG_BSS(bss, LOGL_DEBUG, "Notify calling user process, that all BSSs are connected.\n");
1895 if (bss->trans)
1896 osmo_fsm_inst_dispatch(bss->trans->gcc.fi, VGCS_GCC_EV_BSS_ESTABLISHED, NULL);
1897 break;
1898 case VGCS_BSS_EV_CLEAR:
1899 /* The calling user process requested clearing of VGCS/VBS call. */
1900 LOG_BSS(bss, LOGL_DEBUG, "Received clearing from calling user process.\n");
1901 bss_clear(bss, GSM0808_CAUSE_CALL_CONTROL, false);
1902 break;
1903 case VGCS_BSS_EV_CLOSE:
1904 /* The SCCP connection from the MSC has been closed. */
1905 LOG_BSS(bss, LOGL_NOTICE, "Received SCCP connecting closing from MSC.\n");
1906 if (bss->conn) {
1907 bss->conn->vgcs.bss = NULL;
1908 bss->conn = NULL;
1909 }
1910 bss_clear(bss, GSM0808_CAUSE_PROTOCOL_ERROR_BETWEEN_BSS_AND_MSC, true);
1911 break;
1912 default:
1913 OSMO_ASSERT(false);
1914 }
1915}
1916
1917static void vgcs_bss_fsm_active(struct osmo_fsm_inst *fi, uint32_t event, void *data)
1918{
1919 struct vgcs_bss *bss = fi->priv, *other;
1920 struct ran_msg *rx_ran_msg = data;
1921 struct ran_msg tx_ran_msg;
1922 int rc;
1923
1924 switch (event) {
1925 case VGCS_BSS_EV_UL_REQUEST:
1926 LOG_BSS(bss, LOGL_DEBUG, "Listener changed to talker.\n");
1927 if (!bss->trans)
1928 break;
1929 /* Someone is talking. Check if there is no other uplink already busy.
1930 * This should not happen, since all other cells are blocked (SEIZED) as soon as the uplink was
1931 * requested. This may happen due to a race condition, where the uplink was requested before the
1932 * UPLINK SEIZED COMMAND has been received by BSS. */
1933 if (bss->trans->gcc.uplink_busy) {
1934 /* Send UPLINK REJECT COMMAND to BSS. */
1935 LOG_BSS(bss, LOGL_DEBUG, "Sending (VGCS) UPLINK REJECT COMMAND towards BSS.\n");
1936 tx_ran_msg = (struct ran_msg){
1937 .msg_type = RAN_MSG_UPLINK_REJECT_CMD,
1938 .uplink_reject_cmd = {
1939 .cause = GSM0808_CAUSE_CALL_CONTROL,
1940 },
1941 };
1942 ran_encode_and_send(fi, &tx_ran_msg, bss->conn, false);
1943 break;
1944 }
1945 /* Send UPLINK REQUEST ACKNOWLEDGE to BSS. */
1946 LOG_BSS(bss, LOGL_DEBUG, "Sending (VGCS) UPLINK REQUEST ACKNOWLEDGE towards BSS.\n");
1947 tx_ran_msg = (struct ran_msg){
1948 .msg_type = RAN_MSG_UPLINK_REQUEST_ACK,
1949 };
1950 ran_encode_and_send(fi, &tx_ran_msg, bss->conn, false);
1951 /* Set the busy flag and block all other cells. */
1952 bss->trans->gcc.uplink_bss = bss;
1953 bss->trans->gcc.uplink_busy = true;
1954 bss->trans->gcc.uplink_originator = false;
1955 llist_for_each_entry(other, &bss->trans->gcc.bss_list, list) {
1956 if (other == bss)
1957 continue;
1958 /* Update uplink state. */
1959 update_uplink_state(bss, bss->trans->gcc.uplink_busy);
1960 }
1961 /* Stop inactivity timer. */
1962 stop_inactivity_timer(bss->trans);
1963 break;
1964 case VGCS_BSS_EV_UL_REQUEST_CNF:
1965 LOG_BSS(bss, LOGL_DEBUG, "Talker established uplink.\n");
1966 if (!bss->trans)
1967 break;
1968 if (!bss->trans->gcc.uplink_busy || bss->trans->gcc.uplink_bss != bss) {
1969 LOG_BSS(bss, LOGL_ERROR, "Got UL REQUEST CNF, but we did not granted uplink.\n");
1970 break;
1971 }
1972 /* Determine if talker is the originator of the call. */
1973 rc = talker_identity(bss, rx_ran_msg->uplink_request_cnf.l3.l3,
1974 rx_ran_msg->uplink_request_cnf.l3.l3_len);
1975 if (rc > 0) {
1976 bss->trans->gcc.uplink_originator = true;
1977 LOG_BSS(bss, LOGL_DEBUG, "Talker is the originator of the call.\n");
1978 }
1979 /* Set parameter. */
1980 set_parameter(bss->trans);
1981 /* Set cell of current talker. */
1982 set_uplink_cell(bss, &rx_ran_msg->uplink_request_cnf.cell_identifier, 0);
1983 /* Set MGW conference. */
1984 set_mgw_conference(bss->trans);
1985 break;
1986 case VGCS_BSS_EV_UL_APP_DATA:
1987 LOG_BSS(bss, LOGL_DEBUG, "Talker sends application data on uplink.\n");
1988 if (!bss->trans)
1989 break;
1990 if (!bss->trans->gcc.uplink_busy || bss->trans->gcc.uplink_bss != bss) {
1991 LOG_BSS(bss, LOGL_ERROR, "Got UP APP DATA, but we did not granted uplink.\n");
1992 break;
1993 }
1994 // FIXME: Use L3 info and feed to app.
1995 break;
1996 case VGCS_BSS_EV_BSS_DTAP:
1997 LOG_BSS(bss, LOGL_DEBUG, "Talker sends DTAP message.\n");
1998 if (!bss->trans)
1999 break;
2000 if (!bss->trans->gcc.uplink_busy || bss->trans->gcc.uplink_bss != bss) {
2001 LOG_BSS(bss, LOGL_ERROR, "Got DTAP from BSS, but we did not granted uplink.\n");
2002 break;
2003 }
2004 gsm44068_rcv_bcc_gcc(NULL, bss->trans, rx_ran_msg->dtap);
2005 break;
2006 case VGCS_BSS_EV_UL_RELEASE:
2007 LOG_BSS(bss, LOGL_DEBUG, "Talker released uplink.\n");
2008 if (!bss->trans)
2009 break;
2010 if (bss->trans->type == TRANS_BCC) {
2011 LOG_BSS(bss, LOGL_DEBUG, "This is a broadcast call, terminating call.\n");
2012 gcc_terminate_and_destroy(bss->trans, OSMO_GSM44068_CAUSE_NORMAL_CALL_CLEARING);
2013 break;
2014 }
2015 if (!bss->trans->gcc.uplink_busy) {
2016 LOG_BSS(bss, LOGL_NOTICE, "Got uplink release, but no uplink busy.\n");
2017 break;
2018 }
2019 /* Talker release the uplink. Ignore, if not from the current talking cell. */
2020 if (bss->trans->gcc.uplink_bss != bss) {
2021 LOG_BSS(bss, LOGL_NOTICE, "Got uplink release, but uplink busy in other cell.\n");
2022 break;
2023 }
2024 /* Clear the busy flag and unblock all other cells. */
2025 bss->trans->gcc.uplink_bss = NULL;
2026 bss->trans->gcc.uplink_cell = NULL;
2027 bss->trans->gcc.uplink_busy = false;
2028 llist_for_each_entry(other, &bss->trans->gcc.bss_list, list) {
2029 if (other == bss)
2030 continue;
2031 /* Update uplink state. */
2032 if (bss->trans)
2033 update_uplink_state(bss, bss->trans->gcc.uplink_busy);
2034 }
2035 /* Set MGW conference. */
2036 set_mgw_conference(bss->trans);
2037 /* Start inactivity timer. */
2038 start_inactivity_timer(bss->trans);
2039 break;
2040 case VGCS_BSS_EV_CLEAR:
2041 /* The calling user process requested clearing of VGCS/VBS call. */
2042 LOG_BSS(bss, LOGL_DEBUG, "Received clearing from calling user process.\n");
2043 bss_clear(bss, GSM0808_CAUSE_CALL_CONTROL, false);
2044 break;
2045 case VGCS_BSS_EV_CLOSE:
2046 /* The SCCP connection from the MSC has been closed. */
2047 LOG_BSS(bss, LOGL_NOTICE, "Received SCCP connecting closing from MSC.\n");
2048 if (bss->conn) {
2049 bss->conn->vgcs.bss = NULL;
2050 bss->conn = NULL;
2051 }
2052 bss_clear(bss, GSM0808_CAUSE_PROTOCOL_ERROR_BETWEEN_BSS_AND_MSC, true);
2053 break;
2054 default:
2055 OSMO_ASSERT(false);
2056 }
2057}
2058
2059static void vgcs_bss_fsm_release(struct osmo_fsm_inst *fi, uint32_t event, void *data)
2060{
2061 struct vgcs_bss *bss = fi->priv;
2062
2063 switch (event) {
2064 case VGCS_BSS_EV_CLOSE:
2065 /* The SCCP connection from the MSC has been closed while waitring fro CLEAR COMPLETE. */
2066 LOG_BSS(bss, LOGL_NOTICE, "Received SCCP closing collision.\n");
2067 bss_destroy(bss);
2068 break;
2069 case VGCS_BSS_EV_RELEASED:
2070 LOG_BSS(bss, LOGL_DEBUG, "Received CLEAR COMPLETE from BSS, we are done!\n");
2071 bss_destroy(bss);
2072 break;
2073 default:
2074 OSMO_ASSERT(false);
2075 }
2076}
2077
2078static const struct osmo_fsm_state vgcs_bss_fsm_states[] = {
2079 [VGCS_BSS_ST_NULL] = {
2080 .name = "NULL",
2081 .in_event_mask = S(VGCS_BSS_EV_SETUP) |
2082 S(VGCS_BSS_EV_CLEAR),
2083 .out_state_mask = S(VGCS_BSS_ST_SETUP),
2084 .action = vgcs_bss_fsm_null,
2085 },
2086 [VGCS_BSS_ST_SETUP] = {
2087 .name = "SETUP sent",
2088 .in_event_mask = S(VGCS_BSS_EV_SETUP_ACK) |
2089 S(VGCS_BSS_EV_SETUP_REFUSE) |
2090 S(VGCS_BSS_EV_CLEAR) |
2091 S(VGCS_BSS_EV_CLOSE),
2092 .out_state_mask = S(VGCS_BSS_ST_ASSIGNMENT) |
2093 S(VGCS_BSS_ST_RELEASE),
2094 .action = vgcs_bss_fsm_setup,
2095 },
2096 [VGCS_BSS_ST_ASSIGNMENT] = {
2097 .name = "ASSIGNMENT Sent",
2098 .in_event_mask = S(VGCS_BSS_EV_ACTIVE_OR_FAIL) |
2099 S(VGCS_BSS_EV_CLEAR) |
2100 S(VGCS_BSS_EV_CLOSE),
2101 .out_state_mask = S(VGCS_BSS_ST_ACTIVE) |
2102 S(VGCS_BSS_ST_RELEASE),
2103 .action = vgcs_bss_fsm_assignment,
2104 },
2105 [VGCS_BSS_ST_ACTIVE] = {
2106 .name = "VGCS/VBS Active",
2107 .in_event_mask = S(VGCS_BSS_EV_UL_REQUEST) |
2108 S(VGCS_BSS_EV_UL_REQUEST_CNF) |
2109 S(VGCS_BSS_EV_UL_APP_DATA) |
2110 S(VGCS_BSS_EV_BSS_DTAP) |
2111 S(VGCS_BSS_EV_UL_RELEASE) |
2112 S(VGCS_BSS_EV_CLEAR) |
2113 S(VGCS_BSS_EV_CLOSE),
2114 .out_state_mask = S(VGCS_BSS_ST_RELEASE),
2115 .action = vgcs_bss_fsm_active,
2116 },
2117 [VGCS_BSS_ST_RELEASE] = {
2118 .name = "Releasing VGCS/VBS control",
2119 .in_event_mask = S(VGCS_BSS_EV_CLEAR) |
2120 S(VGCS_BSS_EV_RELEASED),
2121 .out_state_mask = S(VGCS_BSS_ST_NULL),
2122 .action = vgcs_bss_fsm_release,
2123 },
2124};
2125
2126static struct osmo_fsm vgcs_bss_fsm = {
2127 .name = "vgcs_bss",
2128 .states = vgcs_bss_fsm_states,
2129 .num_states = ARRAY_SIZE(vgcs_bss_fsm_states),
2130 .log_subsys = DASCI,
2131 .event_names = vgcs_bss_fsm_event_names,
2132};
2133
2134/* The BSS accepts VGCS/VBS and sends us supported features. */
2135void vgcs_vbs_setup_ack(struct vgcs_bss *bss, const struct ran_msg *ran_msg)
2136{
2137 if (!bss->trans)
2138 return;
2139 osmo_fsm_inst_dispatch(bss->fi, VGCS_BSS_EV_SETUP_ACK, (void *)ran_msg);
2140}
2141
2142/* The BSS refuses VGCS/VBS. */
2143void vgcs_vbs_setup_refuse(struct vgcs_bss *bss, const struct ran_msg *ran_msg)
2144{
2145 if (!bss->trans)
2146 return;
2147 osmo_fsm_inst_dispatch(bss->fi, VGCS_BSS_EV_SETUP_REFUSE, (void *)ran_msg);
2148}
2149
2150/* The BSS needs more time for VGCS/VBS channel assignment. */
2151void vgcs_vbs_queuing_ind(struct vgcs_bss_cell *cell)
2152{
2153 if (!cell->bss)
2154 return;
2155}
2156
2157/* A mobile station requests the uplink on a VGCS channel. */
2158void vgcs_uplink_request(struct vgcs_bss *bss, const struct ran_msg *ran_msg)
2159{
2160 if (!bss->trans)
2161 return;
2162 osmo_fsm_inst_dispatch(bss->fi, VGCS_BSS_EV_UL_REQUEST, (void *)ran_msg);
2163}
2164
2165/* The uplink on a VGCS channel has been established. */
2166void vgcs_uplink_request_cnf(struct vgcs_bss *bss, const struct ran_msg *ran_msg)
2167{
2168 if (!bss->trans)
2169 return;
2170 osmo_fsm_inst_dispatch(bss->fi, VGCS_BSS_EV_UL_REQUEST_CNF, (void *)ran_msg);
2171}
2172
2173/* Application data received on the uplink of a VGCS channel. */
2174void vgcs_app_data(struct vgcs_bss *bss, const struct ran_msg *ran_msg)
2175{
2176 if (!bss->trans)
2177 return;
2178 osmo_fsm_inst_dispatch(bss->fi, VGCS_BSS_EV_UL_APP_DATA, (void *)ran_msg);
2179}
2180
2181/* Application data received on the uplink of a VGCS channel. */
2182void vgcs_bss_dtap(struct vgcs_bss *bss, const struct ran_msg *ran_msg)
2183{
2184 if (!bss->trans)
2185 return;
2186 osmo_fsm_inst_dispatch(bss->fi, VGCS_BSS_EV_BSS_DTAP, (void *)ran_msg);
2187}
2188
2189/* A mobile station releases the uplink on a VGCS channel. */
2190void vgcs_uplink_release_ind(struct vgcs_bss *bss, const struct ran_msg *ran_msg)
2191{
2192 if (!bss->trans)
2193 return;
2194 osmo_fsm_inst_dispatch(bss->fi, VGCS_BSS_EV_UL_RELEASE, (void *)ran_msg);
2195}
2196
2197/* The BSS gives cell status about VGCS/VBS channel. */
2198void vgcs_vbs_assign_status(struct vgcs_bss_cell *cell, const struct ran_msg *ran_msg)
2199{
2200 if (!cell->bss)
2201 return;
2202}
2203
2204void vgcs_vbs_caller_assign_cpl(struct gsm_trans *trans)
2205{
2206 osmo_fsm_inst_dispatch(trans->gcc.fi, VGCS_GCC_EV_BSS_ASSIGN_CPL, NULL);
2207}
2208
2209void vgcs_vbs_caller_assign_fail(struct gsm_trans *trans)
2210{
2211 osmo_fsm_inst_dispatch(trans->gcc.fi, VGCS_GCC_EV_BSS_ASSIGN_FAIL, NULL);
2212}
2213
2214/* BSS indicated that the channel has been released. */
2215void vgcs_vbs_clear_req(struct vgcs_bss *bss, const struct ran_msg *ran_msg)
2216{
2217 osmo_fsm_inst_dispatch(bss->fi, VGCS_BSS_EV_CLOSE, (void *)ran_msg);
2218}
2219
2220/* BSS indicated that the channel has been released. */
2221void vgcs_vbs_clear_cpl(struct vgcs_bss *bss, const struct ran_msg *ran_msg)
2222{
2223 osmo_fsm_inst_dispatch(bss->fi, VGCS_BSS_EV_RELEASED, (void *)ran_msg);
2224}
2225
2226/*
2227 * Cell resource state machine - handles all "resource control" instances
2228 */
2229
2230static const struct value_string vgcs_cell_fsm_event_names[] = {
2231 OSMO_VALUE_STRING(VGCS_CELL_EV_RTP_STREAM_GONE),
2232 OSMO_VALUE_STRING(VGCS_CELL_EV_RTP_STREAM_ADDR_AVAILABLE),
2233 OSMO_VALUE_STRING(VGCS_CELL_EV_RTP_STREAM_ESTABLISHED),
2234 OSMO_VALUE_STRING(VGCS_CELL_EV_ASSIGN),
2235 OSMO_VALUE_STRING(VGCS_CELL_EV_ASSIGN_RES),
2236 OSMO_VALUE_STRING(VGCS_CELL_EV_ASSIGN_FAIL),
2237 OSMO_VALUE_STRING(VGCS_CELL_EV_CLEAR),
2238 OSMO_VALUE_STRING(VGCS_CELL_EV_CLOSE),
2239 OSMO_VALUE_STRING(VGCS_CELL_EV_RELEASED),
2240 { }
2241};
2242
2243static void cell_destroy(struct vgcs_bss_cell *cell);
2244
2245/* Clear the connection towards BSS.
2246 * Relations to the BSS and transaction is removed. */
2247static void cell_clear(struct vgcs_bss_cell *cell, uint8_t cause)
2248{
2249 struct ran_msg ran_msg;
2250
2251 /* Must detach us from BSS. */
2252 if (cell->bss) {
2253 /* Remove pointer to talking channel. */
2254 if (cell->bss->trans && cell->bss->trans->gcc.uplink_cell == cell)
2255 cell->bss->trans->gcc.uplink_cell = NULL;
2256 llist_del(&cell->list_bss);
2257 cell->bss = NULL;
2258 }
2259
2260 /* Change state. */
2261 if (cell->fi->state != VGCS_CELL_ST_RELEASE)
2262 osmo_fsm_inst_state_chg(cell->fi, VGCS_CELL_ST_RELEASE, 0, 0);
2263
2264 /* If there is no event to wait for, we can just destroy. */
2265 if (!cell->conn && !cell->rtps) {
2266 cell_destroy(cell);
2267 return;
2268 }
2269
2270 /* Send Clear Command to BSS. */
2271 if (cell->conn) {
2272 ran_msg = (struct ran_msg){
2273 .msg_type = RAN_MSG_CLEAR_COMMAND,
2274 .clear_command = {
2275 .gsm0808_cause = cause,
2276 },
2277 };
2278 LOG_CELL(cell, LOGL_DEBUG, "Sending CLEAR COMMAND for call controling channel.\n");
2279 ran_encode_and_send(cell->fi, &ran_msg, cell->conn, false);
2280 }
2281
2282 /* Clear RTP stream. This may trigger VGCS_CELL_EV_RTP_STREAM_GONE within this release function. */
2283 if (cell->rtps)
2284 rtp_stream_release(cell->rtps);
2285}
2286
2287/* When finally the BSS connection is released. (CLEAR COMPLETE response)
2288 * Relations to the BSS and transaction is removed, if not already. */
2289static void cell_destroy(struct vgcs_bss_cell *cell)
2290{
2291 struct vgcs_mgw_ep *mgw;
2292
2293 /* close RAN conn */
2294 if (cell->conn) {
2295 cell->conn->vgcs.cell = NULL;
2296 ran_conn_close(cell->conn);
2297 cell->conn = NULL;
2298 }
2299
2300 /* Detach from BSS now. Check, to prevent race condition. */
2301 if (cell->bss) {
2302 /* Remove pointer to talking channel. */
2303 if (cell->bss->trans && cell->bss->trans->gcc.uplink_cell == cell)
2304 cell->bss->trans->gcc.uplink_cell = NULL;
2305 llist_del(&cell->list_bss);
2306 cell->bss = NULL;
2307 }
2308
2309 /* Detach from MGW now. Check, to prevent race condition. */
2310 if (cell->mgw) {
2311 mgw = cell->mgw;
2312 llist_del(&cell->list_mgw);
2313 cell->mgw = NULL;
2314 /* Destroy MGW endpoint, if list is empty. */
2315 if (llist_empty(&mgw->cell_list))
2316 osmo_fsm_inst_dispatch(mgw->fi, VGCS_MGW_EP_EV_CLEAR, NULL);
2317 }
2318
2319 LOG_CELL(cell, LOGL_DEBUG, "Detroy connection to cell.\n");
2320
2321 /* Free FSM. (should be allocated) */
2322 osmo_fsm_inst_state_chg(cell->fi, VGCS_CELL_ST_NULL, 0, 0);
2323 osmo_fsm_inst_term(cell->fi, OSMO_FSM_TERM_REGULAR, NULL);
2324}
2325
2326static void vgcs_cell_fsm_null(struct osmo_fsm_inst *fi, uint32_t event, void *data)
2327{
2328 struct vgcs_bss_cell *cell = fi->priv;
2329 const struct codec_mapping *cm;
2330 int rc;
2331
2332 switch (event) {
2333 case VGCS_CELL_EV_ASSIGN:
2334 LOG_CELL(cell, LOGL_DEBUG, "Received assignment from BSS controling process.\n");
2335 /* Allocate rtps stream. */
2336 cell->rtps = rtp_stream_alloc(cell->fi, VGCS_CELL_EV_RTP_STREAM_GONE,
2337 VGCS_CELL_EV_RTP_STREAM_ADDR_AVAILABLE,
2338 VGCS_CELL_EV_RTP_STREAM_ESTABLISHED, RTP_TO_RAN, cell->call_id,
2339 NULL);
2340 if (!cell->rtps) {
2341 LOG_CELL(cell, LOGL_DEBUG, "Failed to allocate RTP stream, cannot continue.\n");
2342 cell_destroy(cell);
2343 break;
2344 }
2345 /* Hard coded codec: GSM V1 */
2346 cm = codec_mapping_by_gsm0808_speech_codec_type(GSM0808_SCT_FR1);
2347 rtp_stream_set_one_codec(cell->rtps, &cm->sdp);
2348 /* Set initial mode. */
2349 rtp_stream_set_mode(cell->rtps, MGCP_CONN_RECV_ONLY);
2350 /* Commit RTP stream. */
2351 if (!cell->bss && !cell->bss->trans) {
2352 LOG_CELL(cell, LOGL_DEBUG, "No transaction, cannot continue.\n");
2353 cell_clear(cell, GSM0808_CAUSE_PROTOCOL_ERROR_BETWEEN_BSS_AND_MSC);
2354 break;
2355 }
2356 if (!cell->mgw && !cell->mgw->mgw_ep) {
2357 LOG_CELL(cell, LOGL_DEBUG, "No MGW endpoint, cannot continue.\n");
2358 cell_clear(cell, GSM0808_CAUSE_PROTOCOL_ERROR_BETWEEN_BSS_AND_MSC);
2359 break;
2360 }
2361 rc = rtp_stream_ensure_ci(cell->rtps, cell->mgw->mgw_ep);
2362 if (rc < 0) {
2363 LOG_CELL(cell, LOGL_DEBUG, "Failed to trigger RTP stream CI.\n");
2364 cell_clear(cell, GSM0808_CAUSE_PROTOCOL_ERROR_BETWEEN_BSS_AND_MSC);
2365 break;
2366 }
2367 /* Change state. */
2368 osmo_fsm_inst_state_chg(fi, VGCS_CELL_ST_ASSIGNMENT, 0, 0);
2369 break;
2370 case VGCS_CELL_EV_CLEAR:
2371 /* The calling user process requested clearing of VGCS/VBS call. */
2372 LOG_CELL(cell, LOGL_DEBUG, "Received clearing from BSS controling process.\n");
2373 cell_clear(cell, GSM0808_CAUSE_CALL_CONTROL);
2374 break;
2375 default:
2376 OSMO_ASSERT(false);
2377 }
2378}
2379
2380static void vgcs_cell_fsm_assignment(struct osmo_fsm_inst *fi, uint32_t event, void *data)
2381{
2382 struct vgcs_bss_cell *cell = fi->priv;
2383 struct ran_msg *rx_ran_msg = data;
2384 struct ran_msg tx_ran_msg;
2385 struct osmo_sockaddr_str ss;
2386 const struct codec_mapping *cm;
2387 struct vgcs_bss *bss;
2388 int rc;
2389
2390 switch (event) {
2391 case VGCS_CELL_EV_RTP_STREAM_GONE:
2392 /* The RTP stream failed. */
2393 LOG_CELL(cell, LOGL_ERROR, "RTP stream of MGW failed.\n");
2394 cell->rtps = NULL;
2395 goto channel_fail;
2396 break;
2397 case VGCS_CELL_EV_RTP_STREAM_ADDR_AVAILABLE:
2398 /* The RTP stream sends its peer. */
2399 if (!osmo_sockaddr_str_is_nonzero(&cell->rtps->local)) {
2400 LOG_CELL(cell, LOGL_ERROR, "Invalid RTP address received from MGW: " OSMO_SOCKADDR_STR_FMT "\n",
2401 OSMO_SOCKADDR_STR_FMT_ARGS(&cell->rtps->local));
2402 goto channel_fail;
2403 }
2404 LOG_CELL(cell, LOGL_DEBUG,
2405 "MGW endpoint's RTP address available for the CI %s: " OSMO_SOCKADDR_STR_FMT " (osmux=%s:%d)\n",
2406 rtp_direction_name(cell->rtps->dir), OSMO_SOCKADDR_STR_FMT_ARGS(&cell->rtps->local),
2407 cell->rtps->use_osmux ? "yes" : "no", cell->rtps->local_osmux_cid);
2408 /* Send VGCS/VBS ASSIGNMENT REQUEST to BSS */
2409 LOG_CELL(cell, LOGL_DEBUG, "Sending VGCS/VBS ASSIGNMENT REQUEST towards BSS.\n");
2410 tx_ran_msg = (struct ran_msg) {
2411 .msg_type = RAN_MSG_VGCS_VBS_ASSIGN_REQ,
2412 .vgcs_vbs_assign_req = {
2413 /* For now we support GSM/FR V1 only. This shall be supported by all MS. */
2414 .channel_type = {
2415 .ch_indctr = GSM0808_CHAN_SPEECH,
2416 .ch_rate_type = GSM0808_SPEECH_FULL_BM,
2417 .perm_spch_len = 1,
2418 .perm_spch[0] = GSM0808_PERM_FR1,
2419 },
2420 /* For now we want a channel without any delay. */
2421 .ass_req = GSM0808_ASRQ_IMMEDIATE,
2422 .callref = {
2423 .sf = (cell->trans_type == TRANS_GCC),
2424 },
2425 /* We need to identify the cell only. */
2426 .cell_identifier = {
2427 .id_discr = CELL_IDENT_CI,
2428 .id.ci = cell->cell_id,
2429 },
2430 .aoip_transport_layer_present = true,
2431 .call_id_present = true,
2432 .call_id = cell->call_id,
2433 .codec_list_present = true,
2434 .codec_list_msc_preferred = {
2435 .len = 1,
2436 .codec[0] = {
2437 .fi = 1,
2438 .type = GSM0808_SCT_FR1,
2439 .cfg = 0,
2440 },
2441 },
2442 },
2443 };
2444 osmo_store32be_ext(cell->callref >> 3, &tx_ran_msg.vgcs_vbs_assign_req.callref.call_ref_hi, 3);
2445 tx_ran_msg.vgcs_vbs_assign_req.callref.call_ref_lo = cell->callref & 0x7;
2446 osmo_sockaddr_str_to_sockaddr(&cell->rtps->local, &tx_ran_msg.vgcs_vbs_assign_req.aoip_transport_layer);
2447 /* First message, so we must set "initial" to "true". */
2448 ran_encode_and_send(fi, &tx_ran_msg, cell->conn, true);
2449 break;
2450 case VGCS_CELL_EV_RTP_STREAM_ESTABLISHED:
2451 /* The RTP stream established. */
2452 LOG_CELL(cell, LOGL_DEBUG, "RTP stream is established.\n");
2453 break;
2454 case VGCS_CELL_EV_ASSIGN_RES:
2455 /* Receive VGCS/VBS ASSIGNMENT RESULT from BSS. */
2456 LOG_CELL(cell, LOGL_DEBUG, "Received VGCS/VBS ASSIGNMENT RESULT from BSS.\n");
2457 cell->assigned = true;
2458 if (!rx_ran_msg->vgcs_vbs_assign_res.aoip_transport_layer_present
2459 && !rx_ran_msg->vgcs_vbs_assign_res.codec_present
2460 && !rx_ran_msg->vgcs_vbs_assign_res.call_id_present) {
2461 LOG_CELL(cell, LOGL_ERROR, "Mandatory IEs missing.\n");
2462 goto channel_fail;
2463 }
2464 /* Send remote peer to RTP stream. */
2465 if (osmo_sockaddr_str_from_sockaddr(&ss, &rx_ran_msg->vgcs_vbs_assign_res.aoip_transport_layer)) {
2466 LOG_CELL(cell, LOGL_ERROR, "Cannot RTP-CONNECT, invalid RTP IP:port in incoming MNCC "
2467 "message\n");
2468 goto channel_fail;
2469 }
2470 rtp_stream_set_remote_addr(cell->rtps, &ss);
2471 /* Send remote codec to RTP stream. */
2472 cm = codec_mapping_by_gsm0808_speech_codec_type(rx_ran_msg->vgcs_vbs_assign_res.codec_msc_chosen.type);
2473 if (!cm) {
2474 LOG_CELL(cell, LOGL_ERROR, "Chosen codec by BSC is not supported by MSC.\n");
2475 goto channel_fail;
2476 }
2477 rtp_stream_set_one_codec(cell->rtps, &cm->sdp);
2478 /* Set listening mode. */
2479 rtp_stream_set_mode(cell->rtps, MGCP_CONN_SEND_ONLY);
2480 /* Commit RTP stream. */
2481 rc = rtp_stream_commit(cell->rtps);
2482 if (rc < 0) {
2483 LOG_CELL(cell, LOGL_ERROR, "Failed to commit parameters to RTP stream.\n");
2484 goto channel_fail;
2485 }
2486 /* Change state. */
2487 osmo_fsm_inst_state_chg(fi, VGCS_CELL_ST_ACTIVE, 0, 0);
2488 /* Notify BSS FSM about channel activation. */
2489 if (cell->bss)
2490 osmo_fsm_inst_dispatch(cell->bss->fi, VGCS_BSS_EV_ACTIVE_OR_FAIL, NULL);
2491 break;
2492 case VGCS_CELL_EV_ASSIGN_FAIL:
2493 /* Received VGCS/VBS ASSIGNMENT FAILURE from BSS. */
2494 LOG_CELL(cell, LOGL_NOTICE, "Received VGCS/VBS ASSIGNMENT FAILURE from BSS.\n");
2495channel_fail:
2496 bss = cell->bss;
2497 /* Remove cell. */
2498 tx_ran_msg = (struct ran_msg){
2499 .msg_type = RAN_MSG_CLEAR_COMMAND,
2500 .clear_command = {
2501 .gsm0808_cause = GSM0808_CAUSE_PROTOCOL_ERROR_BETWEEN_BSS_AND_MSC,
2502 },
2503 };
2504 ran_encode_and_send(bss->fi, &tx_ran_msg, cell->conn, false);
2505 cell_clear(cell, GSM0808_CAUSE_PROTOCOL_ERROR_BETWEEN_BSS_AND_MSC);
2506 /* Notify BSS FSM about channel failure. */
2507 if (bss)
2508 osmo_fsm_inst_dispatch(bss->fi, VGCS_BSS_EV_ACTIVE_OR_FAIL, NULL);
2509 break;
2510 case VGCS_CELL_EV_CLEAR:
2511 /* The calling user process requested clearing of VGCS/VBS call. */
2512 LOG_CELL(cell, LOGL_DEBUG, "Received clearing from BSS controling process.\n");
2513 cell_clear(cell, GSM0808_CAUSE_CALL_CONTROL);
2514 break;
2515 case VGCS_CELL_EV_CLOSE:
2516 /* The SCCP connection from the MSC has been closed. */
2517 LOG_CELL(cell, LOGL_NOTICE, "Received SCCP connecting closing from MSC.\n");
2518 if (cell->conn) {
2519 cell->conn->vgcs.bss = NULL;
2520 cell->conn = NULL;
2521 }
2522 cell_clear(cell, GSM0808_CAUSE_PROTOCOL_ERROR_BETWEEN_BSS_AND_MSC);
2523 break;
2524 default:
2525 OSMO_ASSERT(false);
2526 }
2527}
2528
2529static void vgcs_cell_fsm_active(struct osmo_fsm_inst *fi, uint32_t event, void *data)
2530{
2531 struct vgcs_bss_cell *cell = fi->priv;
2532
2533 switch (event) {
2534 case VGCS_CELL_EV_RTP_STREAM_GONE:
2535 /* The RTP stream failed. */
2536 LOG_CELL(cell, LOGL_ERROR, "RTP stream of MGW failed.\n");
2537 cell->rtps = NULL;
2538 cell_clear(cell, GSM0808_CAUSE_PROTOCOL_ERROR_BETWEEN_BSS_AND_MSC);
2539 break;
2540 case VGCS_CELL_EV_RTP_STREAM_ESTABLISHED:
2541 /* The RTP stream established. */
2542 LOG_CELL(cell, LOGL_DEBUG, "RTP stream is established.\n");
2543 break;
2544 case VGCS_CELL_EV_CLEAR:
2545 /* The calling user process requested clearing of VGCS/VBS call. */
2546 LOG_CELL(cell, LOGL_DEBUG, "Received clearing from BSS controling process.\n");
2547 cell_clear(cell, GSM0808_CAUSE_CALL_CONTROL);
2548 break;
2549 case VGCS_CELL_EV_CLOSE:
2550 /* The SCCP connection from the MSC has been closed. */
2551 LOG_CELL(cell, LOGL_NOTICE, "Received SCCP connecting closing from MSC.\n");
2552 if (cell->conn) {
2553 cell->conn->vgcs.bss = NULL;
2554 cell->conn = NULL;
2555 }
2556 cell_clear(cell, GSM0808_CAUSE_PROTOCOL_ERROR_BETWEEN_BSS_AND_MSC);
2557 break;
2558 default:
2559 OSMO_ASSERT(false);
2560 }
2561}
2562
2563static void vgcs_cell_fsm_release(struct osmo_fsm_inst *fi, uint32_t event, void *data)
2564{
2565 struct vgcs_bss_cell *cell = fi->priv;
2566
2567 switch (event) {
2568 case VGCS_CELL_EV_RTP_STREAM_GONE:
2569 /* The RTP stream gone. */
2570 LOG_CELL(cell, LOGL_ERROR, "RTP stream gone.\n");
2571 cell->rtps = NULL;
2572 /* Wait for RAN conn. */
2573 if (cell->conn)
2574 break;
2575 cell_destroy(cell);
2576 break;
2577 case VGCS_CELL_EV_CLEAR:
2578 case VGCS_CELL_EV_RELEASED:
2579 if (event == VGCS_CELL_EV_CLEAR) {
2580 /* The SCCP connection from the MSC has been closed while waiting for CLEAR COMPLETE. */
2581 LOG_CELL(cell, LOGL_NOTICE, "Received SCCP closing collision.\n");
2582 } else
2583 LOG_CELL(cell, LOGL_DEBUG, "Received CLEAR COMPLETE from BSS, we are done!\n");
2584 /* Wait for RTP stream. */
2585 if (cell->rtps) {
2586 /* close RAN conn */
2587 if (cell->conn) {
2588 cell->conn->vgcs.cell = NULL;
2589 ran_conn_close(cell->conn);
2590 cell->conn = NULL;
2591 }
2592 break;
2593 }
2594 cell_destroy(cell);
2595 break;
2596 default:
2597 OSMO_ASSERT(false);
2598 }
2599}
2600
2601static const struct osmo_fsm_state vgcs_cell_fsm_states[] = {
2602 [VGCS_CELL_ST_NULL] = {
2603 .name = "NULL",
2604 .in_event_mask = S(VGCS_CELL_EV_ASSIGN) |
2605 S(VGCS_CELL_EV_CLEAR),
2606 .out_state_mask = S(VGCS_CELL_ST_ASSIGNMENT),
2607 .action = vgcs_cell_fsm_null,
2608 },
2609 [VGCS_CELL_ST_ASSIGNMENT] = {
2610 .name = "ASSIGNMENT Sent",
2611 .in_event_mask = S(VGCS_CELL_EV_RTP_STREAM_GONE) |
2612 S(VGCS_CELL_EV_RTP_STREAM_ADDR_AVAILABLE) |
2613 S(VGCS_CELL_EV_RTP_STREAM_ESTABLISHED) |
2614 S(VGCS_CELL_EV_ASSIGN_RES) |
2615 S(VGCS_CELL_EV_ASSIGN_FAIL) |
2616 S(VGCS_CELL_EV_CLEAR) |
2617 S(VGCS_CELL_EV_CLOSE),
2618 .out_state_mask = S(VGCS_CELL_ST_ACTIVE) |
2619 S(VGCS_CELL_ST_RELEASE),
2620 .action = vgcs_cell_fsm_assignment,
2621 },
2622 [VGCS_CELL_ST_ACTIVE] = {
2623 .name = "VGCS/VBS channel active",
2624 .in_event_mask = S(VGCS_CELL_EV_RTP_STREAM_GONE) |
2625 S(VGCS_CELL_EV_RTP_STREAM_ESTABLISHED) |
2626 S(VGCS_CELL_EV_CLEAR) |
2627 S(VGCS_CELL_EV_CLOSE),
2628 .out_state_mask = S(VGCS_CELL_ST_RELEASE),
2629 .action = vgcs_cell_fsm_active,
2630 },
2631 [VGCS_CELL_ST_RELEASE] = {
2632 .name = "Releasing VGCS/VBS channel",
2633 .in_event_mask = S(VGCS_CELL_EV_RTP_STREAM_GONE) |
2634 S(VGCS_CELL_EV_CLEAR) |
2635 S(VGCS_CELL_EV_RELEASED),
2636 .out_state_mask = S(VGCS_CELL_ST_NULL),
2637 .action = vgcs_cell_fsm_release,
2638 },
2639};
2640
2641static struct osmo_fsm vgcs_cell_fsm = {
2642 .name = "vgcs_cell",
2643 .states = vgcs_cell_fsm_states,
2644 .num_states = ARRAY_SIZE(vgcs_cell_fsm_states),
2645 .log_subsys = DASCI,
2646 .event_names = vgcs_cell_fsm_event_names,
2647};
2648
2649/* The BSS accepts VGCS/VBS channel assignment. */
2650void vgcs_vbs_assign_result(struct vgcs_bss_cell *cell, const struct ran_msg *ran_msg)
2651{
2652 osmo_fsm_inst_dispatch(cell->fi, VGCS_CELL_EV_ASSIGN_RES, (void *)ran_msg);
2653}
2654
2655/* The BSS refuses VGCS/VBS channel assignment. */
2656void vgcs_vbs_assign_fail(struct vgcs_bss_cell *cell, const struct ran_msg *ran_msg)
2657{
2658 osmo_fsm_inst_dispatch(cell->fi, VGCS_CELL_EV_ASSIGN_FAIL, (void *)ran_msg);
2659}
2660
2661/* BSS indicated that the channel has been released. */
2662void vgcs_vbs_clear_req_channel(struct vgcs_bss_cell *cell, const struct ran_msg *ran_msg)
2663{
2664 LOG_CELL(cell, LOGL_DEBUG, "Received CLEAR REQUEST for resource controling channel from BSS.\n");
2665 osmo_fsm_inst_dispatch(cell->fi, VGCS_CELL_EV_CLOSE, (void *)ran_msg);
2666}
2667
2668/* BSS confirms the release of channel. */
2669void vgcs_vbs_clear_cpl_channel(struct vgcs_bss_cell *cell, const struct ran_msg *ran_msg)
2670{
2671 LOG_CELL(cell, LOGL_DEBUG, "Received CLEAR COMPLETE for resource controling channel from BSS.\n");
2672 osmo_fsm_inst_dispatch(cell->fi, VGCS_CELL_EV_RELEASED, (void *)ran_msg);
2673}
2674
2675/*
2676 * MGW endpoint FSM
2677 */
2678
2679static const struct value_string vgcs_mgw_ep_fsm_event_names[] = {
2680 OSMO_VALUE_STRING(VGCS_MGW_EP_EV_FREE),
2681 OSMO_VALUE_STRING(VGCS_MGW_EP_EV_CLEAR),
2682 { }
2683};
2684
2685static void vgcs_mgw_ep_fsm_active(struct osmo_fsm_inst *fi, uint32_t event, void *data)
2686{
2687 struct vgcs_mgw_ep *mgw = fi->priv;
2688 struct vgcs_bss_cell *cell, *cell2;
2689 struct mgcp_client *mgcp_client;
2690
2691 switch (event) {
2692 case VGCS_MGW_EP_EV_FREE:
2693 LOGP(DASCI, LOGL_DEBUG, "MGW connection closed, removing all cell instances.\n");
2694 llist_for_each_entry_safe(cell, cell2, &mgw->cell_list, list_mgw) {
2695 if (cell->rtps)
2696 cell->rtps->ci = NULL;
2697 llist_del(&cell->list_mgw);
2698 cell->mgw = NULL;
2699 }
2700 /* Put MGCP client back into MGW pool. */
2701 mgcp_client = osmo_mgcpc_ep_client(mgw->mgw_ep);
2702 mgcp_client_pool_put(mgcp_client);
2703 /* Destroy this instance. */
2704 osmo_fsm_inst_term_children(fi, OSMO_FSM_TERM_PARENT, NULL);
2705 osmo_fsm_inst_term(fi, OSMO_FSM_TERM_REGULAR, NULL);
2706 break;
2707 case VGCS_MGW_EP_EV_CLEAR:
2708 if (!llist_empty(&mgw->cell_list))
2709 break;
2710 LOGP(DASCI, LOGL_DEBUG, "Cell list of MGW instance is now empty, dropping.\n");
2711 /* Destroy this instance. */
2712 osmo_fsm_inst_term_children(fi, OSMO_FSM_TERM_PARENT, NULL);
2713 osmo_fsm_inst_term(fi, OSMO_FSM_TERM_REGULAR, NULL);
2714 break;
2715 default:
2716 OSMO_ASSERT(false);
2717 }
2718}
2719
2720static const struct osmo_fsm_state vgcs_mgw_ep_fsm_states[] = {
2721 [VGCS_MGW_EP_ST_NULL] = {
2722 .name = "NULL",
2723 .out_state_mask = S(VGCS_MGW_EP_ST_ACTIVE),
2724 },
2725 [VGCS_MGW_EP_ST_ACTIVE] = {
2726 .name = "MGW endpoint allocated",
2727 .in_event_mask = S(VGCS_MGW_EP_EV_FREE) |
2728 S(VGCS_MGW_EP_EV_CLEAR),
2729 .out_state_mask = S(VGCS_MGW_EP_ST_NULL),
2730 .action = vgcs_mgw_ep_fsm_active,
2731 },
2732};
2733
2734static struct osmo_fsm vgcs_mgw_ep_fsm = {
2735 .name = "vgcs_mgw_ep",
2736 .states = vgcs_mgw_ep_fsm_states,
2737 .num_states = ARRAY_SIZE(vgcs_mgw_ep_fsm_states),
2738 .log_subsys = DASCI,
2739 .event_names = vgcs_mgw_ep_fsm_event_names,
2740};