Gitiles
Code Review Sign In
gerrit.osmocom.org / osmo-msc / e53ecde83e4fb2470209e818e9ad76a2d6a19190 / . / src / libmsc / msc_a.c
blob: 0bc7b26978f9c7954ee163f36a4300d1b4d69b56 [file] [log] [blame]
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1/* Code to manage a subscriber's MSC-A role */
2/*
3 * (C) 2019 by sysmocom - s.m.f.c. GmbH <info@sysmocom.de>
4 * All Rights Reserved
5 *
6 * SPDX-License-Identifier: AGPL-3.0+
7 *
8 * Author: Neels Hofmeyr
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU Affero General Public License as published by
12 * the Free Software Foundation; either version 3 of the License, or
13 * (at your option) any later version.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU Affero General Public License for more details.
19 *
20 * You should have received a copy of the GNU Affero General Public License
21 * along with this program. If not, see <http://www.gnu.org/licenses/>.
22 */
23
24#include <osmocom/core/utils.h>
25#include <osmocom/core/tdef.h>
26#include <osmocom/core/rate_ctr.h>
27#include <osmocom/core/signal.h>
28
29#include <osmocom/msc/gsm_data.h>
30#include <osmocom/msc/msc_roles.h>
31#include <osmocom/msc/msub.h>
32#include <osmocom/msc/msc_a.h>
33#include <osmocom/msc/msc_t.h>
34#include <osmocom/msc/msc_i.h>
35#include <osmocom/msc/paging.h>
36#include <osmocom/msc/signal.h>
37#include <osmocom/msc/vlr.h>
38#include <osmocom/msc/transaction.h>
39#include <osmocom/msc/ran_peer.h>
40#include <osmocom/msc/ran_msg_a.h>
41#include <osmocom/msc/ran_msg_iu.h>
42#include <osmocom/msc/sgs_iface.h>
43#include <osmocom/msc/gsm_04_08.h>
44#include <osmocom/msc/gsm_09_11.h>
45#include <osmocom/msc/gsm_04_14.h>
46#include <osmocom/msc/call_leg.h>
47#include <osmocom/msc/rtp_stream.h>
48#include <osmocom/msc/msc_ho.h>
49
50#define MSC_A_USE_WAIT_CLEAR_COMPLETE "wait-Clear-Complete"
51
52static struct osmo_fsm msc_a_fsm;
53
54static const struct osmo_tdef_state_timeout msc_a_fsm_timeouts[32] = {
55 [MSC_A_ST_VALIDATE_L3] = { .T = -1 },
56 [MSC_A_ST_AUTH_CIPH] = { .keep_timer = true },
57 [MSC_A_ST_WAIT_CLASSMARK_UPDATE] = { .keep_timer = true },
58 [MSC_A_ST_AUTHENTICATED] = { .keep_timer = true },
59 [MSC_A_ST_RELEASING] = { .T = -2 },
60 [MSC_A_ST_RELEASED] = { .T = -2 },
61};
62
63/* Transition to a state, using the T timer defined in msc_a_fsm_timeouts.
64 * The actual timeout value is in turn obtained from network->T_defs.
65 * Assumes local variable fi exists. */
Neels Hofmeyr01653252019-09-03 02:06:22 +0200[diff] [blame]66#define msc_a_state_chg_always(msc_a, state) \
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]67 osmo_tdef_fsm_inst_state_chg((msc_a)->c.fi, state, msc_a_fsm_timeouts, (msc_a)->c.ran->tdefs, 5)
68
Neels Hofmeyr01653252019-09-03 02:06:22 +0200[diff] [blame]69/* Same as msc_a_state_chg_always() but ignore if the msc_a already is in the target state. */
70#define msc_a_state_chg(msc_a, STATE) do { \
71 if ((msc_a)->c.fi->state != STATE) \
72 msc_a_state_chg_always(msc_a, STATE); \
73 } while(0)
74
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]75struct gsm_network *msc_a_net(const struct msc_a *msc_a)
76{
77 return msub_net(msc_a->c.msub);
78}
79
80struct vlr_subscr *msc_a_vsub(const struct msc_a *msc_a)
81{
Neels Hofmeyr911e5972019-05-09 13:28:26 +0200[diff] [blame]82 if (!msc_a)
83 return NULL;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]84 return msub_vsub(msc_a->c.msub);
85}
86
87struct msc_i *msc_a_msc_i(const struct msc_a *msc_a)
88{
Neels Hofmeyr911e5972019-05-09 13:28:26 +0200[diff] [blame]89 if (!msc_a)
90 return NULL;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]91 return msub_msc_i(msc_a->c.msub);
92}
93
94struct msc_t *msc_a_msc_t(const struct msc_a *msc_a)
95{
Neels Hofmeyr911e5972019-05-09 13:28:26 +0200[diff] [blame]96 if (!msc_a)
97 return NULL;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]98 return msub_msc_t(msc_a->c.msub);
99}
100
101struct msc_a *msc_a_fi_priv(struct osmo_fsm_inst *fi)
102{
103 OSMO_ASSERT(fi);
104 OSMO_ASSERT(fi->fsm == &msc_a_fsm);
105 OSMO_ASSERT(fi->priv);
106 return fi->priv;
107}
108
109static void update_counters(struct osmo_fsm_inst *fi, bool conn_accepted)
110{
111 struct msc_a *msc_a = fi->priv;
112 struct gsm_network *net = msc_a_net(msc_a);
113 switch (msc_a->complete_layer3_type) {
114 case COMPLETE_LAYER3_LU:
Pau Espin Pedrol2e21a682021-06-04 16:45:44 +0200[diff] [blame]115 rate_ctr_inc(rate_ctr_group_get_ctr(net->msc_ctrs, conn_accepted ? MSC_CTR_LOC_UPDATE_COMPLETED : MSC_CTR_LOC_UPDATE_FAILED));
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]116 break;
117 case COMPLETE_LAYER3_CM_SERVICE_REQ:
Pau Espin Pedrol2e21a682021-06-04 16:45:44 +0200[diff] [blame]118 rate_ctr_inc(rate_ctr_group_get_ctr(net->msc_ctrs, conn_accepted ? MSC_CTR_CM_SERVICE_REQUEST_ACCEPTED : MSC_CTR_CM_SERVICE_REQUEST_REJECTED));
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]119 break;
120 case COMPLETE_LAYER3_PAGING_RESP:
Pau Espin Pedrol2e21a682021-06-04 16:45:44 +0200[diff] [blame]121 rate_ctr_inc(rate_ctr_group_get_ctr(net->msc_ctrs, conn_accepted ? MSC_CTR_PAGING_RESP_ACCEPTED : MSC_CTR_PAGING_RESP_REJECTED));
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]122 break;
123 default:
124 break;
125 }
126}
127
128static void evaluate_acceptance_outcome(struct osmo_fsm_inst *fi, bool conn_accepted)
129{
130 struct msc_a *msc_a = fi->priv;
131 struct vlr_subscr *vsub = msc_a_vsub(msc_a);
132
133 update_counters(fi, conn_accepted);
134
Neels Hofmeyr83cf10c2020-06-24 14:23:26 +0200[diff] [blame]135 if (conn_accepted) {
136 /* Record the Cell ID seen in Complete Layer 3 Information in the VLR, so that it also shows in vty
137 * 'show' output. */
138 vsub->cgi = msc_a->via_cell;
139 }
140
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]141 /* Trigger transactions that we paged for */
142 if (msc_a->complete_layer3_type == COMPLETE_LAYER3_PAGING_RESP) {
143 if (conn_accepted)
144 paging_response(msc_a);
145 else
146 paging_expired(vsub);
147 }
148
149 if (conn_accepted)
150 osmo_signal_dispatch(SS_SUBSCR, S_SUBSCR_ATTACHED, msc_a_vsub(msc_a));
151
152 if (msc_a->complete_layer3_type == COMPLETE_LAYER3_LU)
153 msc_a_put(msc_a, MSC_A_USE_LOCATION_UPDATING);
154}
155
156bool msc_a_is_accepted(const struct msc_a *msc_a)
157{
158 if (!msc_a || !msc_a->c.fi)
159 return false;
160 return msc_a->c.fi->state == MSC_A_ST_AUTHENTICATED
161 || msc_a->c.fi->state == MSC_A_ST_COMMUNICATING;
162}
163
164bool msc_a_in_release(struct msc_a *msc_a)
165{
166 if (!msc_a)
167 return true;
168 if (msc_a->c.fi->state == MSC_A_ST_RELEASING)
169 return true;
170 if (msc_a->c.fi->state == MSC_A_ST_RELEASED)
171 return true;
172 return false;
173}
174
175static int msc_a_ran_dec(struct msc_a *msc_a, const struct an_apdu *an_apdu, enum msc_role from_role)
176{
177 int rc;
178 struct msc_a_ran_dec_data d = {
179 .from_role = from_role,
180 .an_apdu = an_apdu,
181 };
182 msc_a_get(msc_a, __func__);
183 rc = msc_role_ran_decode(msc_a->c.fi, an_apdu, msc_a_ran_decode_cb, &d);
184 msc_a_put(msc_a, __func__);
185 return rc;
186};
187
188static void msc_a_fsm_validate_l3(struct osmo_fsm_inst *fi, uint32_t event, void *data)
189{
190 struct msc_a *msc_a = fi->priv;
191 const struct an_apdu *an_apdu;
192
193 switch (event) {
194 case MSC_A_EV_FROM_I_COMPLETE_LAYER_3:
195 case MSC_A_EV_FROM_I_PROCESS_ACCESS_SIGNALLING_REQUEST:
196 case MSC_A_EV_FROM_I_SEND_END_SIGNAL_REQUEST:
197 an_apdu = data;
198 msc_a_ran_dec(msc_a, an_apdu, MSC_ROLE_I);
199 return;
200
201 case MSC_A_EV_COMPLETE_LAYER_3_OK:
202 msc_a_state_chg(msc_a, MSC_A_ST_AUTH_CIPH);
203 return;
204
205 case MSC_A_EV_MO_CLOSE:
206 case MSC_A_EV_CN_CLOSE:
207 evaluate_acceptance_outcome(fi, false);
208 /* fall through */
209 case MSC_A_EV_UNUSED:
210 msc_a_state_chg(msc_a, MSC_A_ST_RELEASING);
211 return;
212
213 default:
214 OSMO_ASSERT(false);
215 }
216}
217
218/* Figure out whether to first send a Classmark Request to the MS to figure out algorithm support. */
219static bool msc_a_need_classmark_for_ciphering(struct msc_a *msc_a)
220{
221 struct gsm_network *net = msc_a_net(msc_a);
222 struct vlr_subscr *vsub = msc_a_vsub(msc_a);
223 int i = 0;
224 bool request_classmark = false;
225
226 /* Only on GERAN-A do we ever need Classmark Information for Ciphering. */
227 if (msc_a->c.ran->type != OSMO_RAT_GERAN_A)
228 return false;
229
230 for (i = 0; i < 8; i++) {
231 int supported;
232
233 /* A5/n permitted by osmo-msc.cfg? */
234 if (!(net->a5_encryption_mask & (1 << i)))
235 continue;
236
237 /* A5/n supported by MS? */
238 supported = osmo_gsm48_classmark_supports_a5(&vsub->classmark, i);
239 if (supported < 0) {
240 LOG_MSC_A(msc_a, LOGL_DEBUG, "For A5/%d, we still need Classmark %d\n", i, -supported);
241 request_classmark = true;
242 }
243 }
244
245 return request_classmark;
246}
247
248static int msc_a_ran_enc_ciphering(struct msc_a *msc_a, bool umts_aka, bool retrieve_imeisv);
249
250/* VLR callback for ops.set_ciph_mode() */
251int msc_a_vlr_set_cipher_mode(void *_msc_a, bool umts_aka, bool retrieve_imeisv)
252{
253 struct msc_a *msc_a = _msc_a;
Vadim Yanitskiy4dd477f2019-05-11 03:00:30 +0700[diff] [blame]254 struct vlr_subscr *vsub;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]255
Vadim Yanitskiy4dd477f2019-05-11 03:00:30 +0700[diff] [blame]256 if (!msc_a) {
257 LOGP(DMSC, LOGL_ERROR, "Insufficient info to start ciphering: "
258 "MSC-A role is NULL?!?\n");
259 return -EINVAL;
260 }
261
262 vsub = msc_a_vsub(msc_a);
263 if (!vsub || !vsub->last_tuple) {
264 LOG_MSC_A(msc_a, LOGL_ERROR, "Insufficient info to start ciphering: "
265 "vlr_subscr is NULL?!?\n");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]266 return -EINVAL;
267 }
268
269 if (msc_a_need_classmark_for_ciphering(msc_a)) {
270 int rc;
271 struct ran_msg msg = {
272 .msg_type = RAN_MSG_CLASSMARK_REQUEST,
273 };
274 rc = msc_a_ran_down(msc_a, MSC_ROLE_I, &msg);
275 if (rc) {
276 LOG_MSC_A(msc_a, LOGL_ERROR, "Cannot send Classmark Request\n");
277 return -EIO;
278 }
279
280 msc_a->state_before_classmark_update = msc_a->c.fi->state;
281 msc_a->action_on_classmark_update = (struct msc_a_action_on_classmark_update){
282 .type = MSC_A_CLASSMARK_UPDATE_THEN_CIPHERING,
283 .ciphering = {
284 .umts_aka = umts_aka,
285 .retrieve_imeisv = retrieve_imeisv,
286 },
287 };
288 msc_a_state_chg(msc_a, MSC_A_ST_WAIT_CLASSMARK_UPDATE);
289 return 0;
290 }
291
292 return msc_a_ran_enc_ciphering(msc_a, umts_aka, retrieve_imeisv);
293}
294
Neels Hofmeyr6ce2edc2021-06-09 22:26:11 +0200[diff] [blame]295static uint8_t filter_a5(uint8_t a5_mask, bool umts_aka)
296{
297 /* With GSM AKA: allow A5/0, 1, 3 = 0b00001011 = 0xb.
298 * UMTS aka: allow A5/0, 1, 3, 4 = 0b00011011 = 0x1b.
299 */
300 return a5_mask & (umts_aka ? 0x1b : 0x0b);
301}
302
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]303static int msc_a_ran_enc_ciphering(struct msc_a *msc_a, bool umts_aka, bool retrieve_imeisv)
304{
Vadim Yanitskiy4dd477f2019-05-11 03:00:30 +0700[diff] [blame]305 struct gsm_network *net;
306 struct vlr_subscr *vsub;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]307 struct ran_msg msg;
308
Vadim Yanitskiy4dd477f2019-05-11 03:00:30 +0700[diff] [blame]309 if (!msc_a) {
310 LOGP(DMSC, LOGL_ERROR, "Insufficient info to start ciphering: "
311 "MSC-A role is NULL?!?\n");
312 return -EINVAL;
313 }
314
315 net = msc_a_net(msc_a);
316 vsub = msc_a_vsub(msc_a);
317
318 if (!net || !vsub || !vsub->last_tuple) {
319 LOG_MSC_A(msc_a, LOGL_ERROR, "Insufficient info to start ciphering: "
320 "gsm_network and/or vlr_subscr is NULL?!?\n");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]321 return -EINVAL;
322 }
323
324 msg = (struct ran_msg){
325 .msg_type = RAN_MSG_CIPHER_MODE_COMMAND,
326 .cipher_mode_command = {
327 .vec = vsub->last_tuple ? &vsub->last_tuple->vec : NULL,
328 .classmark = &vsub->classmark,
329 .geran = {
330 .umts_aka = umts_aka,
331 .retrieve_imeisv = retrieve_imeisv,
Neels Hofmeyr6ce2edc2021-06-09 22:26:11 +0200[diff] [blame]332 .a5_encryption_mask = filter_a5(net->a5_encryption_mask, umts_aka),
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]333
334 /* for ran_a.c to store the GERAN key that is actually used */
335 .chosen_key = &msc_a->geran_encr,
336 },
337 },
338 };
339
340 if (msc_a_ran_down(msc_a, MSC_ROLE_I, &msg)) {
341 LOG_MSC_A(msc_a, LOGL_ERROR, "Sending Cipher Mode Command failed\n");
342 /* Returning error to the VLR ops.set_ciph_mode() will cancel the attach. Other callers need to take
343 * care of the return value. */
344 return -EINVAL;
345 }
346
347 if (msc_a->geran_encr.key_len)
Neels Hofmeyr73d093a2021-06-23 23:54:43 +0200[diff] [blame]348 LOG_MSC_A(msc_a, LOGL_DEBUG, "RAN encoding chose ciphering: A5/%d kc %s kc128 %s\n",
349 msc_a->geran_encr.alg_id - 1,
350 osmo_hexdump_nospc_c(OTC_SELECT, msc_a->geran_encr.key, msc_a->geran_encr.key_len),
351 msc_a->geran_encr.kc128_present ?
352 osmo_hexdump_nospc_c(OTC_SELECT, msc_a->geran_encr.kc128, sizeof(msc_a->geran_encr.kc128))
353 : "-");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]354 return 0;
355}
356
357static void msc_a_fsm_auth_ciph(struct osmo_fsm_inst *fi, uint32_t event, void *data)
358{
359 struct msc_a *msc_a = fi->priv;
360
361 /* If accepted, transition the state, all other cases mean failure. */
362 switch (event) {
363 case MSC_A_EV_FROM_I_PROCESS_ACCESS_SIGNALLING_REQUEST:
364 case MSC_A_EV_FROM_I_SEND_END_SIGNAL_REQUEST:
365 msc_a_ran_dec(msc_a, data, MSC_ROLE_I);
366 return;
367
368 case MSC_A_EV_AUTHENTICATED:
369 msc_a_state_chg(msc_a, MSC_A_ST_AUTHENTICATED);
370 return;
371
372 case MSC_A_EV_UNUSED:
373 msc_a_state_chg(msc_a, MSC_A_ST_RELEASING);
374 return;
375
376 case MSC_A_EV_MO_CLOSE:
377 case MSC_A_EV_CN_CLOSE:
378 evaluate_acceptance_outcome(fi, false);
379 msc_a_state_chg(msc_a, MSC_A_ST_RELEASING);
380 return;
381
382
383 default:
384 OSMO_ASSERT(false);
385 }
386}
387
388static void msc_a_fsm_wait_classmark_update(struct osmo_fsm_inst *fi, uint32_t event, void *data)
389{
390 struct msc_a *msc_a = fi->priv;
391
392 switch (event) {
393 case MSC_A_EV_FROM_I_PROCESS_ACCESS_SIGNALLING_REQUEST:
394 case MSC_A_EV_FROM_I_SEND_END_SIGNAL_REQUEST:
395 msc_a_ran_dec(msc_a, data, MSC_ROLE_I);
396 return;
397
398 case MSC_A_EV_CLASSMARK_UPDATE:
399 switch (msc_a->action_on_classmark_update.type) {
400 case MSC_A_CLASSMARK_UPDATE_THEN_CIPHERING:
401 msc_a_state_chg(msc_a, MSC_A_ST_AUTH_CIPH);
402 if (msc_a_ran_enc_ciphering(msc_a,
403 msc_a->action_on_classmark_update.ciphering.umts_aka,
404 msc_a->action_on_classmark_update.ciphering.retrieve_imeisv)) {
405 LOG_MSC_A(msc_a, LOGL_ERROR,
406 "After Classmark Update, still failed to send Cipher Mode Command\n");
407 msc_a_state_chg(msc_a, MSC_A_ST_RELEASING);
408 }
409 return;
410
411 default:
412 LOG_MSC_A(msc_a, LOGL_ERROR, "Internal error: After Classmark Update, don't know what to do\n");
413 msc_a_state_chg(msc_a, msc_a->state_before_classmark_update);
414 return;
415 }
416
417 case MSC_A_EV_UNUSED:
418 /* Seems something detached / aborted in the middle of auth+ciph. */
419 evaluate_acceptance_outcome(fi, false);
420 msc_a_state_chg(msc_a, MSC_A_ST_RELEASING);
421 return;
422
423 case MSC_A_EV_MO_CLOSE:
424 case MSC_A_EV_CN_CLOSE:
425 evaluate_acceptance_outcome(fi, false);
426 msc_a_state_chg(msc_a, MSC_A_ST_RELEASING);
427 return;
428
429 default:
430 OSMO_ASSERT(false);
431 }
432}
433
434static bool msc_a_fsm_has_active_transactions(struct osmo_fsm_inst *fi)
435{
436 struct msc_a *msc_a = fi->priv;
437 struct vlr_subscr *vsub = msc_a_vsub(msc_a);
438 struct gsm_trans *trans;
439
440 if (osmo_use_count_by(&msc_a->use_count, MSC_A_USE_SILENT_CALL)) {
441 LOG_MSC_A(msc_a, LOGL_DEBUG, "%s: silent call still active\n", __func__);
442 return true;
443 }
444
445 if (osmo_use_count_by(&msc_a->use_count, MSC_A_USE_CM_SERVICE_CC)) {
446 LOG_MSC_A(msc_a, LOGL_DEBUG, "%s: still awaiting MO CC request after a CM Service Request\n",
447 __func__);
448 return true;
449 }
450 if (osmo_use_count_by(&msc_a->use_count, MSC_A_USE_CM_SERVICE_SMS)) {
451 LOG_MSC_A(msc_a, LOGL_DEBUG, "%s: still awaiting MO SMS after a CM Service Request\n",
452 __func__);
453 return true;
454 }
455 if (osmo_use_count_by(&msc_a->use_count, MSC_A_USE_CM_SERVICE_SS)) {
456 LOG_MSC_A(msc_a, LOGL_DEBUG, "%s: still awaiting MO SS after a CM Service Request\n",
457 __func__);
458 return true;
459 }
460
461 if (vsub && !llist_empty(&vsub->cs.requests)) {
462 struct paging_request *pr;
463 llist_for_each_entry(pr, &vsub->cs.requests, entry) {
464 LOG_MSC_A(msc_a, LOGL_DEBUG, "%s: still active: %s\n", __func__, pr->label);
465 }
466 return true;
467 }
468
469 if ((trans = trans_has_conn(msc_a))) {
470 LOG_MSC_A(msc_a, LOGL_DEBUG, "connection still has active transaction: %s\n",
471 trans_type_name(trans->type));
472 return true;
473 }
474
475 return false;
476}
477
478static void msc_a_fsm_authenticated_enter(struct osmo_fsm_inst *fi, uint32_t prev_state)
479{
480 struct msc_a *msc_a = fi->priv;
481 struct vlr_subscr *vsub = msc_a_vsub(msc_a);
482
483 /* Stop Location Update expiry for this subscriber. While the subscriber
484 * has an open connection the LU expiry timer must remain disabled.
485 * Otherwise we would kick the subscriber off the network when the timer
486 * expires e.g. during a long phone call.
487 * The LU expiry timer will restart once the connection is closed. */
488 if (vsub)
489 vsub->expire_lu = VLR_SUBSCRIBER_NO_EXPIRATION;
490
491 evaluate_acceptance_outcome(fi, true);
492}
493
494static void msc_a_fsm_authenticated(struct osmo_fsm_inst *fi, uint32_t event, void *data)
495{
496 struct msc_a *msc_a = fi->priv;
497
498 switch (event) {
499 case MSC_A_EV_FROM_I_PROCESS_ACCESS_SIGNALLING_REQUEST:
500 case MSC_A_EV_FROM_I_PREPARE_SUBSEQUENT_HANDOVER_REQUEST:
501 case MSC_A_EV_FROM_I_SEND_END_SIGNAL_REQUEST:
502 msc_a_ran_dec(msc_a, data, MSC_ROLE_I);
503 return;
504
505 case MSC_A_EV_COMPLETE_LAYER_3_OK:
506 /* When Authentication is off, we may already be in the Accepted state when the code
507 * evaluates the Compl L3. Simply ignore. This just cosmetically mutes the error log
508 * about the useless event. */
509 return;
510
511 case MSC_A_EV_TRANSACTION_ACCEPTED:
512 msc_a_state_chg(msc_a, MSC_A_ST_COMMUNICATING);
513 return;
514
515 case MSC_A_EV_MO_CLOSE:
516 case MSC_A_EV_CN_CLOSE:
517 case MSC_A_EV_UNUSED:
518 msc_a_state_chg(msc_a, MSC_A_ST_RELEASING);
519 return;
520
521 default:
522 OSMO_ASSERT(false);
523 }
524}
525
526/* The MGW has given us a local IP address for the RAN side. Ready to start the Assignment of a voice channel. */
527static void msc_a_call_leg_ran_local_addr_available(struct msc_a *msc_a)
528{
529 struct ran_msg msg;
530 struct gsm_trans *cc_trans = msc_a->cc.active_trans;
531 struct gsm0808_channel_type channel_type;
532
Neels Hofmeyr00a476b2019-11-28 02:46:05 +0100[diff] [blame]533 if (!cc_trans) {
534 LOG_MSC_A(msc_a, LOGL_ERROR, "No CC transaction active\n");
535 call_leg_release(msc_a->cc.call_leg);
536 return;
537 }
538
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]539 /* Once a CI is known, we could also CRCX the CN side of the MGW endpoint, but it makes sense to wait for the
540 * codec to be determined by the Assignment Complete message, first. */
541
542 if (mncc_bearer_cap_to_channel_type(&channel_type, &cc_trans->bearer_cap)) {
543 LOG_MSC_A(msc_a, LOGL_ERROR, "Cannot compose Channel Type from bearer capabilities\n");
Neels Hofmeyrf439ff12019-10-05 04:19:36 +0200[diff] [blame]544 trans_free(cc_trans);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]545 return;
546 }
547
548 /* The RAN side RTP address is known, so the voice Assignment can commence. */
549 msg = (struct ran_msg){
550 .msg_type = RAN_MSG_ASSIGNMENT_COMMAND,
551 .assignment_command = {
552 .cn_rtp = &msc_a->cc.call_leg->rtp[RTP_TO_RAN]->local,
553 .channel_type = &channel_type,
Pau Espin Pedrola3cdab42019-05-09 17:54:08 +0200[diff] [blame]554 .osmux_present = msc_a->cc.call_leg->rtp[RTP_TO_RAN]->use_osmux,
555 .osmux_cid = msc_a->cc.call_leg->rtp[RTP_TO_RAN]->local_osmux_cid,
Philipp Maierf34d9452020-06-05 15:49:35 +0200[diff] [blame]556 .call_id_present = true,
557 .call_id = cc_trans->callref,
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]558 },
559 };
560 if (msc_a_ran_down(msc_a, MSC_ROLE_I, &msg)) {
561 LOG_MSC_A(msc_a, LOGL_ERROR, "Cannot send Assignment\n");
Neels Hofmeyrf439ff12019-10-05 04:19:36 +0200[diff] [blame]562 trans_free(cc_trans);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]563 return;
564 }
565}
566
567static void msc_a_call_leg_cn_local_addr_available(struct msc_a *msc_a, struct gsm_trans *cc_trans)
568{
569 if (gsm48_tch_rtp_create(cc_trans)) {
570 LOG_MSC_A(msc_a, LOGL_ERROR, "Cannot inform MNCC of RTP address\n");
Neels Hofmeyrf439ff12019-10-05 04:19:36 +0200[diff] [blame]571 trans_free(cc_trans);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]572 return;
573 }
574}
575
576static struct gsm_trans *find_waiting_call(struct msc_a *msc_a)
577{
578 struct gsm_trans *trans;
579 struct gsm_network *net = msc_a_net(msc_a);
580
581 llist_for_each_entry(trans, &net->trans_list, entry) {
582 if (trans->msc_a != msc_a)
583 continue;
584 if (trans->type != TRANS_CC)
585 continue;
586 if (trans->msc_a->cc.active_trans == trans)
587 continue;
588 return trans;
589 }
590 return NULL;
591}
592
593static void msc_a_cleanup_rtp_streams(struct msc_a *msc_a, uint32_t event, void *data)
594{
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]595 switch (event) {
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]596
597 case MSC_EV_CALL_LEG_TERM:
598 msc_a->cc.call_leg = NULL;
599 if (msc_a->cc.mncc_forwarding_to_remote_ran)
600 msc_a->cc.mncc_forwarding_to_remote_ran->rtps = NULL;
601
Neels Hofmeyr265a4c72019-05-09 16:20:51 +0200[diff] [blame]602 if (msc_a->ho.new_cell.mncc_forwarding_to_remote_ran)
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]603 msc_a->ho.new_cell.mncc_forwarding_to_remote_ran->rtps = NULL;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]604 return;
605
606 case MSC_MNCC_EV_CALL_ENDED:
607 msc_a->cc.mncc_forwarding_to_remote_ran = NULL;
608 return;
609
610 default:
611 return;
612 }
613}
614
615static void msc_a_fsm_communicating(struct osmo_fsm_inst *fi, uint32_t event, void *data)
616{
617 struct msc_a *msc_a = fi->priv;
618 struct rtp_stream *rtps;
619 struct gsm_trans *waiting_trans;
620 struct an_apdu *an_apdu;
621
622 msc_a_cleanup_rtp_streams(msc_a, event, data);
623
624 switch (event) {
625 case MSC_A_EV_FROM_I_PROCESS_ACCESS_SIGNALLING_REQUEST:
626 case MSC_A_EV_FROM_I_PREPARE_SUBSEQUENT_HANDOVER_REQUEST:
627 case MSC_A_EV_FROM_I_SEND_END_SIGNAL_REQUEST:
628 an_apdu = data;
629 msc_a_ran_dec(msc_a, an_apdu, MSC_ROLE_I);
630 return;
631
632 case MSC_A_EV_FROM_T_PREPARE_HANDOVER_RESPONSE:
633 case MSC_A_EV_FROM_T_PREPARE_HANDOVER_FAILURE:
634 case MSC_A_EV_FROM_T_PROCESS_ACCESS_SIGNALLING_REQUEST:
635 case MSC_A_EV_FROM_T_SEND_END_SIGNAL_REQUEST:
636 an_apdu = data;
637 msc_a_ran_dec(msc_a, an_apdu, MSC_ROLE_T);
638 return;
639
640 case MSC_A_EV_TRANSACTION_ACCEPTED:
641 /* no-op */
642 return;
643
644 case MSC_EV_CALL_LEG_RTP_LOCAL_ADDR_AVAILABLE:
645 rtps = data;
646 if (!rtps) {
647 LOG_MSC_A(msc_a, LOGL_ERROR, "Invalid data for %s\n", osmo_fsm_event_name(fi->fsm, event));
648 return;
649 }
Neels Hofmeyr00a476b2019-11-28 02:46:05 +0100[diff] [blame]650 if (!msc_a->cc.call_leg) {
651 LOG_MSC_A(msc_a, LOGL_ERROR, "No call leg active\n");
652 return;
653 }
Neels Hofmeyrcc918cb2019-11-28 02:16:34 +0100[diff] [blame]654 if (!osmo_sockaddr_str_is_nonzero(&rtps->local)) {
655 LOG_MSC_A(msc_a, LOGL_ERROR, "Invalid RTP address received from MGW: " OSMO_SOCKADDR_STR_FMT "\n",
656 OSMO_SOCKADDR_STR_FMT_ARGS(&rtps->local));
657 call_leg_release(msc_a->cc.call_leg);
658 return;
659 }
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]660 LOG_MSC_A(msc_a, LOGL_DEBUG,
Pau Espin Pedrola3cdab42019-05-09 17:54:08 +0200[diff] [blame]661 "MGW endpoint's RTP address available for the CI %s: " OSMO_SOCKADDR_STR_FMT " (osmux=%s:%d)\n",
662 rtp_direction_name(rtps->dir), OSMO_SOCKADDR_STR_FMT_ARGS(&rtps->local),
663 rtps->use_osmux ? "yes" : "no", rtps->local_osmux_cid);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]664 switch (rtps->dir) {
665 case RTP_TO_RAN:
666 msc_a_call_leg_ran_local_addr_available(msc_a);
667 return;
668 case RTP_TO_CN:
669 msc_a_call_leg_cn_local_addr_available(msc_a, rtps->for_trans);
670 return;
671 default:
672 LOG_MSC_A(msc_a, LOGL_ERROR, "Invalid data for %s\n", osmo_fsm_event_name(fi->fsm, event));
673 return;
674 }
675
676 case MSC_EV_CALL_LEG_RTP_COMPLETE:
677 /* Nothing to do. */
678 return;
679
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]680 case MSC_MNCC_EV_CALL_ENDED:
681 /* Cleaned up above */
682 return;
683
684 case MSC_EV_CALL_LEG_TERM:
685 /* RTP streams cleaned up above */
686
687 msc_a_get(msc_a, __func__);
688 if (msc_a->cc.active_trans)
689 trans_free(msc_a->cc.active_trans);
690
691 /* If there is another call still waiting to be activated, this is the time when the mgcp_ctx is
692 * available again and the other call can start assigning. */
693 waiting_trans = find_waiting_call(msc_a);
694 if (waiting_trans) {
695 LOG_MSC_A(msc_a, LOGL_DEBUG, "(ti %02x) Call waiting: starting Assignment\n",
696 waiting_trans->transaction_id);
697 msc_a_try_call_assignment(waiting_trans);
698 }
699 msc_a_put(msc_a, __func__);
700 return;
701
702 case MSC_A_EV_HANDOVER_REQUIRED:
703 msc_ho_start(msc_a, (struct ran_handover_required*)data);
704 return;
705
Neels Hofmeyr0a437be2019-05-10 15:55:52 +0200[diff] [blame]706 case MSC_A_EV_HANDOVER_END:
707 /* Termination event of the msc_ho_fsm. No action needed, it's all done in the msc_ho_fsm cleanup. This
708 * event only exists because osmo_fsm_inst_alloc_child() requires a parent term event; and maybe
709 * interesting for logging. */
710 return;
711
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]712 case MSC_A_EV_MO_CLOSE:
713 case MSC_A_EV_CN_CLOSE:
714 case MSC_A_EV_UNUSED:
715 msc_a_state_chg(msc_a, MSC_A_ST_RELEASING);
716 return;
717
718 default:
719 OSMO_ASSERT(false);
720 }
721}
722
723static int msc_a_fsm_timer_cb(struct osmo_fsm_inst *fi)
724{
725 struct msc_a *msc_a = fi->priv;
726 if (msc_a_in_release(msc_a)) {
727 LOG_MSC_A(msc_a, LOGL_ERROR, "Timeout while releasing, discarding right now\n");
728 msc_a_put_all(msc_a, MSC_A_USE_WAIT_CLEAR_COMPLETE);
729 msc_a_state_chg(msc_a, MSC_A_ST_RELEASED);
730 } else {
731 enum gsm48_reject_value cause = GSM48_REJECT_CONGESTION;
732 osmo_fsm_inst_dispatch(fi, MSC_A_EV_CN_CLOSE, &cause);
733 }
734 return 0;
735}
736
737static void msc_a_fsm_releasing_onenter(struct osmo_fsm_inst *fi, uint32_t prev_state)
738{
739 struct msc_a *msc_a = fi->priv;
740 struct vlr_subscr *vsub = msc_a_vsub(msc_a);
741 int i;
742 char buf[128];
743 const char * const use_counts_to_cancel[] = {
744 MSC_A_USE_LOCATION_UPDATING,
745 MSC_A_USE_CM_SERVICE_CC,
746 MSC_A_USE_CM_SERVICE_SMS,
747 MSC_A_USE_CM_SERVICE_SS,
748 MSC_A_USE_PAGING_RESPONSE,
749 };
750
751 LOG_MSC_A(msc_a, LOGL_DEBUG, "Releasing: msc_a use is %s\n",
752 osmo_use_count_name_buf(buf, sizeof(buf), &msc_a->use_count));
753
754 if (vsub) {
755 vlr_subscr_get(vsub, __func__);
756
757 /* Cancel all VLR FSMs, if any */
758 vlr_subscr_cancel_attach_fsm(vsub, OSMO_FSM_TERM_ERROR, GSM48_REJECT_CONGESTION);
759
760 /* The subscriber has no active connection anymore.
761 * Restart the periodic Location Update expiry timer for this subscriber. */
762 vlr_subscr_enable_expire_lu(vsub);
763 }
764
765 /* If we're closing in a middle of a trans, we need to clean up */
766 trans_conn_closed(msc_a);
767
768 call_leg_release(msc_a->cc.call_leg);
769
770 /* Cancel use counts for pending CM Service / Paging */
771 for (i = 0; i < ARRAY_SIZE(use_counts_to_cancel); i++) {
772 const char *use = use_counts_to_cancel[i];
773 int32_t count = osmo_use_count_by(&msc_a->use_count, use);
774 if (!count)
775 continue;
776 LOG_MSC_A(msc_a, LOGL_DEBUG, "Releasing: canceling still pending use: %s (%d)\n", use, count);
777 osmo_use_count_get_put(&msc_a->use_count, use, -count);
778 }
779
780 if (msc_a->c.ran->type == OSMO_RAT_EUTRAN_SGS) {
781 sgs_iface_tx_release(vsub);
782 /* In SGsAP there is no confirmation of a release. */
783 msc_a_state_chg(msc_a, MSC_A_ST_RELEASED);
784 } else {
785 struct ran_msg msg = {
786 .msg_type = RAN_MSG_CLEAR_COMMAND,
787 .clear_command = {
Neels Hofmeyrd9fe7112020-07-11 00:20:20 +0200[diff] [blame]788 /* "Call Control" is the only cause code listed in 3GPP TS 48.008 3.2.1.21 CLEAR COMMAND
789 * that qualifies for a normal release situation. (OS#4664) */
790 .gsm0808_cause = GSM0808_CAUSE_CALL_CONTROL,
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]791 .csfb_ind = (vsub && vsub->sgs_fsm->state == SGS_UE_ST_ASSOCIATED),
792 },
793 };
794 msc_a_get(msc_a, MSC_A_USE_WAIT_CLEAR_COMPLETE);
795 msc_a_ran_down(msc_a, MSC_ROLE_I, &msg);
Philipp Maier47cf84d2019-08-15 14:56:54 +0200[diff] [blame]796
797 /* The connection is cleared. The MS will now go back to 4G,
798 Switch the RAN type back to SGS. */
799 if (vsub && vsub->sgs_fsm->state == SGS_UE_ST_ASSOCIATED)
800 vsub->cs.attached_via_ran = OSMO_RAT_EUTRAN_SGS;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]801 }
802
803 if (vsub)
804 vlr_subscr_put(vsub, __func__);
805}
806
807static void msc_a_fsm_releasing(struct osmo_fsm_inst *fi, uint32_t event, void *data)
808{
809 struct msc_a *msc_a = fi->priv;
810
811 msc_a_cleanup_rtp_streams(msc_a, event, data);
812
813 switch (event) {
814 case MSC_A_EV_FROM_I_PROCESS_ACCESS_SIGNALLING_REQUEST:
815 case MSC_A_EV_FROM_I_SEND_END_SIGNAL_REQUEST:
816 msc_a_ran_dec(msc_a, data, MSC_ROLE_I);
817 return;
818
819 case MSC_A_EV_MO_CLOSE:
820 case MSC_A_EV_CN_CLOSE:
821 case MSC_A_EV_UNUSED:
822 /* Already releasing */
823 return;
824
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]825 case MSC_EV_CALL_LEG_TERM:
826 case MSC_MNCC_EV_CALL_ENDED:
827 /* RTP streams cleaned up above */
828 return;
829
Neels Hofmeyr0a437be2019-05-10 15:55:52 +0200[diff] [blame]830 case MSC_A_EV_HANDOVER_END:
831 /* msc_ho_fsm does cleanup. */
832 return;
833
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]834 default:
835 OSMO_ASSERT(false);
836 }
837}
838
839
840static void msc_a_fsm_released_onenter(struct osmo_fsm_inst *fi, uint32_t prev_state)
841{
842 struct msc_a *msc_a = msc_a_fi_priv(fi);
843 char buf[128];
844 LOG_MSC_A(msc_a, LOGL_DEBUG, "Released: msc_a use is %s\n",
845 osmo_use_count_name_buf(buf, sizeof(buf), &msc_a->use_count));
846 if (osmo_use_count_total(&msc_a->use_count) == 0)
847 osmo_fsm_inst_term(fi, OSMO_FSM_TERM_REGULAR, fi);
848}
849
850static void msc_a_fsm_released(struct osmo_fsm_inst *fi, uint32_t event, void *data)
851{
852 if (event == MSC_A_EV_UNUSED)
853 osmo_fsm_inst_term(fi, OSMO_FSM_TERM_REGULAR, fi);
854}
855
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]856void msc_a_fsm_cleanup(struct osmo_fsm_inst *fi, enum osmo_fsm_term_cause cause)
857{
858 struct msc_a *msc_a = msc_a_fi_priv(fi);
859
860 trans_conn_closed(msc_a);
861
862 if (msc_a_fsm_has_active_transactions(fi))
863 LOG_MSC_A(msc_a, LOGL_ERROR, "Deallocating active transactions failed\n");
864
865 LOG_MSC_A_CAT(msc_a, DREF, LOGL_DEBUG, "max total use count was %d\n", msc_a->max_total_use_count);
866}
867
868const struct value_string msc_a_fsm_event_names[] = {
869 OSMO_VALUE_STRING(MSC_REMOTE_EV_RX_GSUP),
870 OSMO_VALUE_STRING(MSC_EV_CALL_LEG_RTP_LOCAL_ADDR_AVAILABLE),
871 OSMO_VALUE_STRING(MSC_EV_CALL_LEG_RTP_COMPLETE),
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]872 OSMO_VALUE_STRING(MSC_EV_CALL_LEG_TERM),
873 OSMO_VALUE_STRING(MSC_MNCC_EV_NEED_LOCAL_RTP),
874 OSMO_VALUE_STRING(MSC_MNCC_EV_CALL_PROCEEDING),
875 OSMO_VALUE_STRING(MSC_MNCC_EV_CALL_COMPLETE),
876 OSMO_VALUE_STRING(MSC_MNCC_EV_CALL_ENDED),
877 OSMO_VALUE_STRING(MSC_A_EV_FROM_I_COMPLETE_LAYER_3),
878 OSMO_VALUE_STRING(MSC_A_EV_FROM_I_PROCESS_ACCESS_SIGNALLING_REQUEST),
879 OSMO_VALUE_STRING(MSC_A_EV_FROM_I_PREPARE_SUBSEQUENT_HANDOVER_REQUEST),
880 OSMO_VALUE_STRING(MSC_A_EV_FROM_I_SEND_END_SIGNAL_REQUEST),
881 OSMO_VALUE_STRING(MSC_A_EV_FROM_T_PROCESS_ACCESS_SIGNALLING_REQUEST),
882 OSMO_VALUE_STRING(MSC_A_EV_FROM_T_PREPARE_HANDOVER_RESPONSE),
883 OSMO_VALUE_STRING(MSC_A_EV_FROM_T_PREPARE_HANDOVER_FAILURE),
884 OSMO_VALUE_STRING(MSC_A_EV_FROM_T_SEND_END_SIGNAL_REQUEST),
885 OSMO_VALUE_STRING(MSC_A_EV_COMPLETE_LAYER_3_OK),
886 OSMO_VALUE_STRING(MSC_A_EV_CLASSMARK_UPDATE),
887 OSMO_VALUE_STRING(MSC_A_EV_AUTHENTICATED),
888 OSMO_VALUE_STRING(MSC_A_EV_TRANSACTION_ACCEPTED),
889 OSMO_VALUE_STRING(MSC_A_EV_CN_CLOSE),
890 OSMO_VALUE_STRING(MSC_A_EV_MO_CLOSE),
891 OSMO_VALUE_STRING(MSC_A_EV_UNUSED),
892 OSMO_VALUE_STRING(MSC_A_EV_HANDOVER_REQUIRED),
893 OSMO_VALUE_STRING(MSC_A_EV_HANDOVER_END),
894 {}
895};
896
897#define S(x) (1 << (x))
898
899static const struct osmo_fsm_state msc_a_fsm_states[] = {
900 [MSC_A_ST_VALIDATE_L3] = {
901 .name = OSMO_STRINGIFY(MSC_A_ST_VALIDATE_L3),
902 .in_event_mask = 0
903 | S(MSC_A_EV_FROM_I_COMPLETE_LAYER_3)
904 | S(MSC_A_EV_FROM_I_PROCESS_ACCESS_SIGNALLING_REQUEST)
905 | S(MSC_A_EV_FROM_I_SEND_END_SIGNAL_REQUEST)
906 | S(MSC_A_EV_COMPLETE_LAYER_3_OK)
907 | S(MSC_A_EV_MO_CLOSE)
908 | S(MSC_A_EV_CN_CLOSE)
909 | S(MSC_A_EV_UNUSED)
910 ,
911 .out_state_mask = 0
912 | S(MSC_A_ST_VALIDATE_L3)
913 | S(MSC_A_ST_AUTH_CIPH)
914 | S(MSC_A_ST_RELEASING)
915 ,
916 .action = msc_a_fsm_validate_l3,
917 },
918 [MSC_A_ST_AUTH_CIPH] = {
919 .name = OSMO_STRINGIFY(MSC_A_ST_AUTH_CIPH),
920 .in_event_mask = 0
921 | S(MSC_A_EV_FROM_I_PROCESS_ACCESS_SIGNALLING_REQUEST)
922 | S(MSC_A_EV_FROM_I_SEND_END_SIGNAL_REQUEST)
923 | S(MSC_A_EV_AUTHENTICATED)
924 | S(MSC_A_EV_MO_CLOSE)
925 | S(MSC_A_EV_CN_CLOSE)
926 | S(MSC_A_EV_UNUSED)
927 ,
928 .out_state_mask = 0
929 | S(MSC_A_ST_WAIT_CLASSMARK_UPDATE)
930 | S(MSC_A_ST_AUTHENTICATED)
931 | S(MSC_A_ST_RELEASING)
932 ,
933 .action = msc_a_fsm_auth_ciph,
934 },
935 [MSC_A_ST_WAIT_CLASSMARK_UPDATE] = {
936 .name = OSMO_STRINGIFY(MSC_A_ST_WAIT_CLASSMARK_UPDATE),
937 .in_event_mask = 0
938 | S(MSC_A_EV_FROM_I_PROCESS_ACCESS_SIGNALLING_REQUEST)
939 | S(MSC_A_EV_FROM_I_SEND_END_SIGNAL_REQUEST)
940 | S(MSC_A_EV_CLASSMARK_UPDATE)
941 | S(MSC_A_EV_MO_CLOSE)
942 | S(MSC_A_EV_CN_CLOSE)
943 ,
944 .out_state_mask = 0
945 | S(MSC_A_ST_AUTH_CIPH)
946 | S(MSC_A_ST_RELEASING)
947 ,
948 .action = msc_a_fsm_wait_classmark_update,
949 },
950 [MSC_A_ST_AUTHENTICATED] = {
951 .name = OSMO_STRINGIFY(MSC_A_ST_AUTHENTICATED),
952 /* allow everything to release for any odd behavior */
953 .in_event_mask = 0
954 | S(MSC_A_EV_FROM_I_PROCESS_ACCESS_SIGNALLING_REQUEST)
955 | S(MSC_A_EV_FROM_I_PREPARE_SUBSEQUENT_HANDOVER_REQUEST)
956 | S(MSC_A_EV_FROM_I_SEND_END_SIGNAL_REQUEST)
957 | S(MSC_A_EV_TRANSACTION_ACCEPTED)
958 | S(MSC_A_EV_MO_CLOSE)
959 | S(MSC_A_EV_CN_CLOSE)
960 | S(MSC_A_EV_UNUSED)
961 ,
962 .out_state_mask = 0
963 | S(MSC_A_ST_RELEASING)
964 | S(MSC_A_ST_COMMUNICATING)
965 ,
966 .onenter = msc_a_fsm_authenticated_enter,
967 .action = msc_a_fsm_authenticated,
968 },
969 [MSC_A_ST_COMMUNICATING] = {
970 .name = OSMO_STRINGIFY(MSC_A_ST_COMMUNICATING),
971 /* allow everything to release for any odd behavior */
972 .in_event_mask = 0
973 | S(MSC_A_EV_FROM_I_PROCESS_ACCESS_SIGNALLING_REQUEST)
974 | S(MSC_A_EV_FROM_I_PREPARE_SUBSEQUENT_HANDOVER_REQUEST)
975 | S(MSC_A_EV_FROM_I_SEND_END_SIGNAL_REQUEST)
976 | S(MSC_A_EV_FROM_T_PREPARE_HANDOVER_RESPONSE)
977 | S(MSC_A_EV_FROM_T_PREPARE_HANDOVER_FAILURE)
978 | S(MSC_A_EV_FROM_T_PROCESS_ACCESS_SIGNALLING_REQUEST)
979 | S(MSC_A_EV_FROM_T_SEND_END_SIGNAL_REQUEST)
980 | S(MSC_A_EV_TRANSACTION_ACCEPTED)
981 | S(MSC_A_EV_MO_CLOSE)
982 | S(MSC_A_EV_CN_CLOSE)
983 | S(MSC_A_EV_UNUSED)
984 | S(MSC_EV_CALL_LEG_RTP_LOCAL_ADDR_AVAILABLE)
985 | S(MSC_EV_CALL_LEG_RTP_COMPLETE)
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]986 | S(MSC_EV_CALL_LEG_TERM)
987 | S(MSC_MNCC_EV_CALL_ENDED)
988 | S(MSC_A_EV_HANDOVER_REQUIRED)
Neels Hofmeyr0a437be2019-05-10 15:55:52 +0200[diff] [blame]989 | S(MSC_A_EV_HANDOVER_END)
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]990 ,
991 .out_state_mask = 0
992 | S(MSC_A_ST_RELEASING)
993 ,
994 .action = msc_a_fsm_communicating,
995 },
996 [MSC_A_ST_RELEASING] = {
997 .name = OSMO_STRINGIFY(MSC_A_ST_RELEASING),
998 .in_event_mask = 0
999 | S(MSC_A_EV_FROM_I_PROCESS_ACCESS_SIGNALLING_REQUEST)
1000 | S(MSC_A_EV_FROM_I_SEND_END_SIGNAL_REQUEST)
1001 | S(MSC_A_EV_UNUSED)
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1002 | S(MSC_EV_CALL_LEG_TERM)
1003 | S(MSC_MNCC_EV_CALL_ENDED)
Neels Hofmeyr0a437be2019-05-10 15:55:52 +0200[diff] [blame]1004 | S(MSC_A_EV_HANDOVER_END)
Pau Espin Pedrole53ecde2021-07-12 13:37:24 +0200[diff] [blame^]1005 | S(MSC_A_EV_CN_CLOSE)
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1006 ,
1007 .out_state_mask = 0
1008 | S(MSC_A_ST_RELEASED)
1009 ,
1010 .onenter = msc_a_fsm_releasing_onenter,
1011 .action = msc_a_fsm_releasing,
1012 },
1013 [MSC_A_ST_RELEASED] = {
1014 .name = OSMO_STRINGIFY(MSC_A_ST_RELEASED),
1015 .in_event_mask = 0
1016 | S(MSC_A_EV_UNUSED)
1017 ,
1018 .onenter = msc_a_fsm_released_onenter,
1019 .action = msc_a_fsm_released,
1020 },
1021};
1022
1023static struct osmo_fsm msc_a_fsm = {
1024 .name = "msc_a",
1025 .states = msc_a_fsm_states,
1026 .num_states = ARRAY_SIZE(msc_a_fsm_states),
1027 .log_subsys = DMSC,
1028 .event_names = msc_a_fsm_event_names,
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1029 .timer_cb = msc_a_fsm_timer_cb,
1030 .cleanup = msc_a_fsm_cleanup,
1031};
1032
1033static __attribute__((constructor)) void msc_a_fsm_init()
1034{
1035 OSMO_ASSERT(osmo_fsm_register(&msc_a_fsm) == 0);
1036}
1037
1038static int msc_a_use_cb(struct osmo_use_count_entry *e, int32_t old_use_count, const char *file, int line)
1039{
1040 struct msc_a *msc_a = e->use_count->talloc_object;
1041 char buf[128];
1042 int32_t total;
1043 int level;
1044
1045 if (!e->use)
1046 return -EINVAL;
1047
1048 total = osmo_use_count_total(&msc_a->use_count);
1049
1050 if (total == 0
1051 || (total == 1 && old_use_count == 0 && e->count == 1))
1052 level = LOGL_INFO;
1053 else
1054 level = LOGL_DEBUG;
1055
1056 LOG_MSC_A_CAT_SRC(msc_a, DREF, level, file, line, "%s %s: now used by %s\n",
1057 (e->count - old_use_count) > 0? "+" : "-", e->use,
1058 osmo_use_count_name_buf(buf, sizeof(buf), &msc_a->use_count));
1059
1060 if (e->count < 0)
1061 return -ERANGE;
1062
1063 msc_a->max_total_use_count = OSMO_MAX(msc_a->max_total_use_count, total);
1064
1065 if (total == 0)
1066 osmo_fsm_inst_dispatch(msc_a->c.fi, MSC_A_EV_UNUSED, NULL);
1067 return 0;
1068}
1069
1070struct msc_a *msc_a_alloc(struct msub *msub, struct ran_infra *ran)
1071{
1072 struct msc_a *msc_a = msub_role_alloc(msub, MSC_ROLE_A, &msc_a_fsm, struct msc_a, ran);
1073 msc_a->use_count = (struct osmo_use_count){
1074 .talloc_object = msc_a,
1075 .use_cb = msc_a_use_cb,
1076 };
1077 osmo_use_count_make_static_entries(&msc_a->use_count, msc_a->use_count_buf, ARRAY_SIZE(msc_a->use_count_buf));
1078 /* Start timeout for first state */
Neels Hofmeyr01653252019-09-03 02:06:22 +0200[diff] [blame]1079 msc_a_state_chg_always(msc_a, MSC_A_ST_VALIDATE_L3);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1080 return msc_a;
1081}
1082
1083bool msc_a_is_establishing_auth_ciph(const struct msc_a *msc_a)
1084{
1085 if (!msc_a || !msc_a->c.fi)
1086 return false;
1087 return msc_a->c.fi->state == MSC_A_ST_AUTH_CIPH;
1088}
1089
1090const struct value_string complete_layer3_type_names[] = {
1091 { COMPLETE_LAYER3_NONE, "NONE" },
1092 { COMPLETE_LAYER3_LU, "LU" },
1093 { COMPLETE_LAYER3_CM_SERVICE_REQ, "CM_SERVICE_REQ" },
1094 { COMPLETE_LAYER3_PAGING_RESP, "PAGING_RESP" },
1095 { 0, NULL }
1096};
1097
1098#define _msc_a_update_id(MSC_A, FMT, ARGS ...) \
1099 do { \
1100 if (osmo_fsm_inst_update_id_f(msc_a->c.fi, FMT ":%s:%s", \
1101 ## ARGS, \
1102 msub_ran_conn_name(msc_a->c.msub), \
1103 complete_layer3_type_name(msc_a->complete_layer3_type)) \
1104 == 0) { \
1105 struct vlr_subscr *_vsub = msc_a_vsub(MSC_A); \
1106 if (_vsub) { \
1107 if (_vsub->lu_fsm) \
1108 osmo_fsm_inst_update_id(_vsub->lu_fsm, (MSC_A)->c.fi->id); \
1109 if (_vsub->auth_fsm) \
1110 osmo_fsm_inst_update_id(_vsub->auth_fsm, (MSC_A)->c.fi->id); \
1111 if (_vsub->proc_arq_fsm) \
1112 osmo_fsm_inst_update_id(_vsub->proc_arq_fsm, (MSC_A)->c.fi->id); \
1113 } \
1114 LOG_MSC_A(MSC_A, LOGL_DEBUG, "Updated ID\n"); \
1115 } \
1116 /* otherwise osmo_fsm_inst_update_id_f() will log an error. */ \
1117 } while (0)
1118
1119
1120/* Compose an ID almost like gsm48_mi_to_string(), but print the MI type along, and print a TMSI as hex. */
Neels Hofmeyr46d526a2020-05-29 03:27:50 +0200[diff] [blame]1121void msc_a_update_id_from_mi(struct msc_a *msc_a, const struct osmo_mobile_identity *mi)
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1122{
Neels Hofmeyr46d526a2020-05-29 03:27:50 +0200[diff] [blame]1123 _msc_a_update_id(msc_a, "%s", osmo_mobile_identity_to_str_c(OTC_SELECT, mi));
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1124}
1125
1126/* Update msc_a->fi id string from current msc_a->vsub and msc_a->complete_layer3_type. */
1127void msc_a_update_id(struct msc_a *msc_a)
1128{
1129 _msc_a_update_id(msc_a, "%s", vlr_subscr_name(msc_a_vsub(msc_a)));
1130}
1131
1132/* Iterate all msc_a instances that are relevant for this subscriber, and update FSM ID strings for all of the FSM
1133 * instances. */
1134void msc_a_update_id_for_vsub(struct vlr_subscr *for_vsub)
1135{
1136 struct msub *msub;
1137 llist_for_each_entry(msub, &msub_list, entry) {
1138 struct vlr_subscr *vsub = msub_vsub(msub);
1139 if (vsub != for_vsub)
1140 continue;
1141 msc_a_update_id(msub_msc_a(msub));
1142 }
1143}
1144
1145static bool msg_is_initially_permitted(const struct gsm48_hdr *hdr)
1146{
1147 uint8_t pdisc = gsm48_hdr_pdisc(hdr);
1148 uint8_t msg_type = gsm48_hdr_msg_type(hdr);
1149
1150 switch (pdisc) {
1151 case GSM48_PDISC_MM:
1152 switch (msg_type) {
1153 case GSM48_MT_MM_LOC_UPD_REQUEST:
1154 case GSM48_MT_MM_CM_SERV_REQ:
1155 case GSM48_MT_MM_CM_REEST_REQ:
1156 case GSM48_MT_MM_AUTH_RESP:
1157 case GSM48_MT_MM_AUTH_FAIL:
1158 case GSM48_MT_MM_ID_RESP:
1159 case GSM48_MT_MM_TMSI_REALL_COMPL:
1160 case GSM48_MT_MM_IMSI_DETACH_IND:
1161 return true;
1162 default:
1163 break;
1164 }
1165 break;
1166 case GSM48_PDISC_RR:
1167 switch (msg_type) {
1168 /* GSM48_MT_RR_CIPH_M_COMPL is actually handled in bssmap_rx_ciph_compl() and gets redirected in the
1169 * BSSAP layer to ran_conn_cipher_mode_compl() (before this here is reached) */
1170 case GSM48_MT_RR_PAG_RESP:
1171 case GSM48_MT_RR_CIPH_M_COMPL:
1172 return true;
1173 default:
1174 break;
1175 }
1176 break;
1177 default:
1178 break;
1179 }
1180
1181 return false;
1182}
1183
1184/* Main entry point for GSM 04.08/44.008 Layer 3 data (e.g. from the BSC). */
1185int msc_a_up_l3(struct msc_a *msc_a, struct msgb *msg)
1186{
1187 struct gsm48_hdr *gh;
1188 uint8_t pdisc;
1189 int rc;
1190 struct vlr_subscr *vsub = msc_a_vsub(msc_a);
1191 int is_r99;
1192
1193 OSMO_ASSERT(msg->l3h);
1194 OSMO_ASSERT(msg);
1195
1196 gh = msgb_l3(msg);
1197 pdisc = gsm48_hdr_pdisc(gh);
1198
1199 LOG_MSC_A_CAT(msc_a, DRLL, LOGL_DEBUG, "Dispatching 04.08 message: %s %s\n",
1200 gsm48_pdisc_name(pdisc), gsm48_pdisc_msgtype_name(pdisc, gsm48_hdr_msg_type(gh)));
1201
1202 /* To evaluate the 3GPP TS 24.007 Duplicate Detection, we need Classmark information on whether the MS is R99
1203 * capable. If the subscriber is already actively connected, the Classmark information is stored with the
1204 * vlr_subscr. Otherwise, this *must* be a Complete Layer 3 with Classmark info. */
1205 if (vsub)
1206 is_r99 = osmo_gsm48_classmark_is_r99(&vsub->classmark) ? 1 : 0;
1207 else
1208 is_r99 = compl_l3_msg_is_r99(msg);
1209
1210 if (is_r99 < 0) {
1211 LOG_MSC_A(msc_a, LOGL_ERROR,
1212 "No Classmark Information, dropping non-Complete-Layer3 message: %s\n",
1213 gsm48_pdisc_msgtype_name(pdisc, gsm48_hdr_msg_type(gh)));
1214 return -EACCES;
1215 }
1216
1217 if (is_r99 >= 0
1218 && ran_dec_dtap_undup_is_duplicate(msc_a->c.fi, msc_a->n_sd_next, is_r99 ? true : false, msg)) {
1219 LOG_MSC_A(msc_a, LOGL_DEBUG, "Dropping duplicate message"
1220 " (3GPP TS 24.007 11.2.3.2 Message Type Octet / Duplicate Detection)\n");
1221 return 0;
1222 }
1223
1224 if (!msc_a_is_accepted(msc_a)
1225 && !msg_is_initially_permitted(gh)) {
1226 LOG_MSC_A(msc_a, LOGL_ERROR,
1227 "Message not permitted for initial conn: %s\n",
1228 gsm48_pdisc_msgtype_name(pdisc, gsm48_hdr_msg_type(gh)));
1229 return -EACCES;
1230 }
1231
1232 if (vsub && vsub->cs.attached_via_ran != msc_a->c.ran->type) {
1233 LOG_MSC_A(msc_a, LOGL_ERROR,
1234 "Illegal situation: RAN type mismatch:"
1235 " attached via %s, received message via %s\n",
1236 osmo_rat_type_name(vsub->cs.attached_via_ran),
1237 osmo_rat_type_name(msc_a->c.ran->type));
1238 return -EACCES;
1239 }
1240
1241#if 0
1242 if (silent_call_reroute(conn, msg))
1243 return silent_call_rx(conn, msg);
1244#endif
1245
1246 switch (pdisc) {
1247 case GSM48_PDISC_CC:
1248 rc = gsm0408_rcv_cc(msc_a, msg);
1249 break;
1250 case GSM48_PDISC_MM:
1251 rc = gsm0408_rcv_mm(msc_a, msg);
1252 break;
1253 case GSM48_PDISC_RR:
1254 rc = gsm0408_rcv_rr(msc_a, msg);
1255 break;
1256 case GSM48_PDISC_SMS:
1257 rc = gsm0411_rcv_sms(msc_a, msg);
1258 break;
1259 case GSM48_PDISC_MM_GPRS:
1260 case GSM48_PDISC_SM_GPRS:
1261 LOG_MSC_A_CAT(msc_a, DRLL, LOGL_NOTICE, "Unimplemented "
1262 "GSM 04.08 discriminator 0x%02x\n", pdisc);
1263 rc = -ENOTSUP;
1264 break;
1265 case GSM48_PDISC_NC_SS:
1266 rc = gsm0911_rcv_nc_ss(msc_a, msg);
1267 break;
1268 case GSM48_PDISC_TEST:
1269 rc = gsm0414_rcv_test(msc_a, msg);
1270 break;
1271 default:
1272 LOG_MSC_A_CAT(msc_a, DRLL, LOGL_NOTICE, "Unknown "
1273 "GSM 04.08 discriminator 0x%02x\n", pdisc);
1274 rc = -EINVAL;
1275 break;
1276 }
1277
1278 return rc;
1279}
1280
1281static void msc_a_up_call_assignment_complete(struct msc_a *msc_a, const struct ran_msg *ac)
1282{
1283 struct gsm_trans *cc_trans = msc_a->cc.active_trans;
1284 struct rtp_stream *rtps_to_ran = msc_a->cc.call_leg ? msc_a->cc.call_leg->rtp[RTP_TO_RAN] : NULL;
1285
1286 if (!rtps_to_ran) {
1287 LOG_MSC_A(msc_a, LOGL_ERROR, "Rx Assignment Complete, but no RTP stream is set up\n");
1288 return;
1289 }
1290 if (!cc_trans) {
1291 LOG_MSC_A(msc_a, LOGL_ERROR, "Rx Assignment Complete, but CC transaction is active\n");
1292 return;
1293 }
1294
Pau Espin Pedrola3cdab42019-05-09 17:54:08 +0200[diff] [blame]1295 if (rtps_to_ran->use_osmux != ac->assignment_complete.osmux_present) {
1296 LOG_MSC_A_CAT(msc_a, DCC, LOGL_ERROR, "Osmux usage ass request and complete don't match: %d vs %d\n",
1297 rtps_to_ran->use_osmux, ac->assignment_complete.osmux_present);
1298 call_leg_release(msc_a->cc.call_leg);
1299 return;
1300 }
1301
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1302 /* Update RAN-side endpoint CI: */
1303 rtp_stream_set_codec(rtps_to_ran, ac->assignment_complete.codec);
1304 rtp_stream_set_remote_addr(rtps_to_ran, &ac->assignment_complete.remote_rtp);
Pau Espin Pedrola3cdab42019-05-09 17:54:08 +0200[diff] [blame]1305 if (rtps_to_ran->use_osmux)
1306 rtp_stream_set_remote_osmux_cid(rtps_to_ran,
1307 ac->assignment_complete.osmux_cid);
1308
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1309 rtp_stream_commit(rtps_to_ran);
1310
1311 /* Setup CN side endpoint CI:
1312 * Now that
1313 * - the first CI has been created and a definitive endpoint name is assigned to the call_leg's MGW
1314 * endpoint,
1315 * - the Assignment has chosen a speech codec
1316 * go on to create the CN side RTP stream's CI. */
1317 if (call_leg_ensure_ci(msc_a->cc.call_leg, RTP_TO_CN, cc_trans->callref, cc_trans,
1318 &ac->assignment_complete.codec, NULL)) {
1319 LOG_MSC_A_CAT(msc_a, DCC, LOGL_ERROR, "Error creating MGW CI towards CN\n");
1320 call_leg_release(msc_a->cc.call_leg);
1321 return;
1322 }
1323}
1324
1325static void msc_a_up_call_assignment_failure(struct msc_a *msc_a, const struct ran_msg *af)
1326{
1327 struct gsm_trans *trans;
1328
1329 /* For a normal voice call, there will be an rtp_stream FSM. */
1330 if (msc_a->cc.call_leg && msc_a->cc.call_leg->rtp[RTP_TO_RAN]) {
1331 LOG_MSC_A(msc_a, LOGL_ERROR, "Assignment Failure, releasing call\n");
1332 rtp_stream_release(msc_a->cc.call_leg->rtp[RTP_TO_RAN]);
1333 return;
1334 }
1335
1336 /* Otherwise, a silent call might be active */
1337 trans = trans_find_by_type(msc_a, TRANS_SILENT_CALL);
1338 if (trans) {
1339 LOG_MSC_A(msc_a, LOGL_ERROR, "Assignment Failure, releasing silent call\n");
1340 trans_free(trans);
1341 return;
1342 }
1343
1344 /* Neither a voice call nor silent call assignment. Assume the worst and detach. */
1345 msc_a_release_cn(msc_a);
1346}
1347
1348static void msc_a_up_classmark_update(struct msc_a *msc_a, const struct osmo_gsm48_classmark *classmark,
1349 struct osmo_gsm48_classmark *dst)
1350{
1351 if (!dst) {
1352 struct vlr_subscr *vsub = msc_a_vsub(msc_a);
1353
1354 if (!vsub)
1355 dst = &msc_a->temporary_classmark;
1356 else
1357 dst = &vsub->classmark;
1358 }
1359
Martin Hauke3f07dac2019-11-14 17:49:08 +0100[diff] [blame]1360 LOG_MSC_A(msc_a, LOGL_DEBUG, "A5 capabilities received from Classmark Update: %s\n",
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1361 osmo_gsm48_classmark_a5_name(classmark));
1362 osmo_gsm48_classmark_update(dst, classmark);
1363
1364 /* bump subscr conn FSM in case it is waiting for a Classmark Update */
1365 if (msc_a->c.fi->state == MSC_A_ST_WAIT_CLASSMARK_UPDATE)
1366 osmo_fsm_inst_dispatch(msc_a->c.fi, MSC_A_EV_CLASSMARK_UPDATE, NULL);
1367}
1368
1369static void msc_a_up_sapi_n_reject(struct msc_a *msc_a, const struct ran_msg *msg)
1370{
1371 int sapi = msg->sapi_n_reject.dlci & 0x7;
1372 if (sapi == UM_SAPI_SMS)
1373 gsm411_sapi_n_reject(msc_a);
1374}
1375
1376static int msc_a_up_ho(struct msc_a *msc_a, const struct msc_a_ran_dec_data *d, uint32_t ho_fi_event)
1377{
1378 if (!msc_a->ho.fi) {
1379 LOG_MSC_A(msc_a, LOGL_ERROR, "Rx Handover message, but no Handover ongoing: %s\n", d->ran_dec->msg_name);
1380 return -EINVAL;
1381 }
1382 return osmo_fsm_inst_dispatch(msc_a->ho.fi, ho_fi_event, (void*)d);
1383}
1384
1385int msc_a_ran_dec_from_msc_i(struct msc_a *msc_a, struct msc_a_ran_dec_data *d)
1386{
1387 struct vlr_subscr *vsub = msc_a_vsub(msc_a);
1388 const struct ran_msg *msg = d->ran_dec;
1389 int rc = -99;
1390
1391 switch (msg->msg_type) {
1392
1393 case RAN_MSG_COMPL_L3:
Neels Hofmeyr68f50da2020-06-24 14:22:52 +0200[diff] [blame]1394 /* In case the cell_id from Complete Layer 3 Information lacks a PLMN, write the configured PLMN code
1395 * into msc_a->via_cell. Then overwrite with those bits obtained from Complete Layer 3 Information. */
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1396 msc_a->via_cell = (struct osmo_cell_global_id){
1397 .lai.plmn = msc_a_net(msc_a)->plmn,
1398 };
1399 gsm0808_cell_id_to_cgi(&msc_a->via_cell, msg->compl_l3.cell_id);
1400 rc = msc_a_up_l3(msc_a, msg->compl_l3.msg);
1401 if (!rc) {
1402 struct ran_conn *conn = msub_ran_conn(msc_a->c.msub);
1403 if (conn)
1404 ran_peer_cells_seen_add(conn->ran_peer, msg->compl_l3.cell_id);
1405 }
1406 break;
1407
1408 case RAN_MSG_DTAP:
1409 rc = msc_a_up_l3(msc_a, msg->dtap);
1410 break;
1411
1412 case RAN_MSG_CLEAR_REQUEST:
1413 rc = osmo_fsm_inst_dispatch(msc_a->c.fi, MSC_A_EV_MO_CLOSE, NULL);
1414 break;
1415
1416 case RAN_MSG_CLEAR_COMPLETE:
1417 switch (msc_a->c.fi->state) {
1418 case MSC_A_ST_RELEASING:
1419 msc_a_put_all(msc_a, MSC_A_USE_WAIT_CLEAR_COMPLETE);
1420 msc_a_state_chg(msc_a, MSC_A_ST_RELEASED);
1421 break;
1422 case MSC_A_ST_RELEASED:
1423 break;
1424 default:
1425 LOG_MSC_A(msc_a, LOGL_ERROR, "Received Clear Complete event, but did not send Clear Command\n");
1426 msc_a_state_chg(msc_a, MSC_A_ST_RELEASING);
1427 break;
1428 }
1429 rc = 0;
1430 break;
1431
1432 case RAN_MSG_CLASSMARK_UPDATE:
1433 msc_a_up_classmark_update(msc_a, msg->classmark_update.classmark, NULL);
1434 rc = 0;
1435 break;
1436
1437 case RAN_MSG_CIPHER_MODE_COMPLETE:
1438 /* Remember what Ciphering was negotiated (e.g. for Handover) */
1439 if (msg->cipher_mode_complete.alg_id) {
1440 msc_a->geran_encr.alg_id = msg->cipher_mode_complete.alg_id;
1441 LOG_MSC_A(msc_a, LOGL_DEBUG, "Cipher Mode Complete: chosen encryption algorithm: A5/%u\n",
1442 msc_a->geran_encr.alg_id - 1);
1443 };
1444 vlr_subscr_rx_ciph_res(vsub, VLR_CIPH_COMPL);
1445 rc = 0;
Neels Hofmeyre9a39112019-08-29 00:10:49 +0200[diff] [blame]1446
1447 /* Evaluate enclosed L3 message, typically Identity Response (IMEISV) */
1448 if (msg->cipher_mode_complete.l3_msg) {
1449 unsigned char *data = (unsigned char*)(msg->cipher_mode_complete.l3_msg->val);
1450 uint16_t len = msg->cipher_mode_complete.l3_msg->len;
1451 struct msgb *dtap = msgb_alloc(len, "DTAP from Cipher Mode Complete");
1452 unsigned char *pos = msgb_put(dtap, len);
1453 memcpy(pos, data, len);
1454 dtap->l3h = pos;
1455 rc = msc_a_up_l3(msc_a, dtap);
1456 msgb_free(dtap);
1457 }
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1458 break;
1459
1460 case RAN_MSG_CIPHER_MODE_REJECT:
1461 vlr_subscr_rx_ciph_res(vsub, VLR_CIPH_REJECT);
1462 rc = 0;
1463 break;
1464
1465 case RAN_MSG_ASSIGNMENT_COMPLETE:
1466 msc_a_up_call_assignment_complete(msc_a, msg);
1467 rc = 0;
1468 break;
1469
1470 case RAN_MSG_ASSIGNMENT_FAILURE:
1471 msc_a_up_call_assignment_failure(msc_a, msg);
1472 rc = 0;
1473 break;
1474
1475 case RAN_MSG_SAPI_N_REJECT:
1476 msc_a_up_sapi_n_reject(msc_a, msg);
1477 rc = 0;
1478 break;
1479
1480 case RAN_MSG_HANDOVER_PERFORMED:
1481 /* The BSS lets us know that a handover happened within the BSS, which doesn't concern us. */
1482 LOG_MSC_A(msc_a, LOGL_ERROR, "'Handover Performed' handling not implemented\n");
1483 break;
1484
1485 case RAN_MSG_HANDOVER_REQUIRED:
1486 /* The BSS lets us know that it wants to handover to a different cell */
1487 rc = osmo_fsm_inst_dispatch(msc_a->c.fi, MSC_A_EV_HANDOVER_REQUIRED, (void*)&msg->handover_required);
1488 break;
1489
1490 case RAN_MSG_HANDOVER_FAILURE:
1491 rc = msc_a_up_ho(msc_a, d, MSC_HO_EV_RX_FAILURE);
1492 break;
1493
1494 default:
1495 LOG_MSC_A(msc_a, LOGL_ERROR, "Message from MSC-I not implemented: %s\n", ran_msg_type_name(msg->msg_type));
1496 rc = -ENOTSUP;
1497 break;
1498 }
1499 return rc;
1500}
1501
1502static int msc_a_ran_dec_from_msc_t(struct msc_a *msc_a, struct msc_a_ran_dec_data *d)
1503{
1504 struct msc_t *msc_t = msc_a_msc_t(msc_a);
1505 int rc = -99;
1506
1507 if (!msc_t) {
1508 LOG_MSC_A(msc_a, LOGL_ERROR, "Rx message from MSC-T role, but I have no active MSC-T role.\n");
1509 return -EINVAL;
1510 }
1511
1512 OSMO_ASSERT(d->ran_dec);
1513
1514 switch (d->ran_dec->msg_type) {
1515
1516 case RAN_MSG_CLEAR_REQUEST:
1517 rc = osmo_fsm_inst_dispatch(msc_t->c.fi, MSC_T_EV_MO_CLOSE, NULL);
1518 break;
1519
1520 case RAN_MSG_CLEAR_COMPLETE:
1521 rc = osmo_fsm_inst_dispatch(msc_t->c.fi, MSC_T_EV_CLEAR_COMPLETE, NULL);
1522 break;
1523
1524 case RAN_MSG_CLASSMARK_UPDATE:
1525 msc_a_up_classmark_update(msc_a, d->ran_dec->classmark_update.classmark, &msc_t->classmark);
1526 rc = 0;
1527 break;
1528
1529 case RAN_MSG_HANDOVER_REQUEST_ACK:
1530 /* new BSS accepts Handover */
1531 rc = msc_a_up_ho(msc_a, d, MSC_HO_EV_RX_REQUEST_ACK);
1532 break;
1533
1534 case RAN_MSG_HANDOVER_DETECT:
1535 /* new BSS signals the MS is DETECTed on the new lchan */
1536 rc = msc_a_up_ho(msc_a, d, MSC_HO_EV_RX_DETECT);
1537 break;
1538
1539 case RAN_MSG_HANDOVER_COMPLETE:
1540 /* new BSS signals the MS has fully moved to the new lchan */
1541 rc = msc_a_up_ho(msc_a, d, MSC_HO_EV_RX_COMPLETE);
1542 break;
1543
1544 case RAN_MSG_HANDOVER_FAILURE:
1545 rc = msc_a_up_ho(msc_a, d, MSC_HO_EV_RX_FAILURE);
1546 break;
1547
1548 default:
1549 LOG_MSC_A(msc_a, LOGL_ERROR, "Message from MSC-T not implemented: %s\n",
1550 ran_msg_type_name(d->ran_dec->msg_type));
1551 rc = -ENOTSUP;
1552 break;
1553 }
1554 return rc;
1555}
1556
1557int msc_a_ran_decode_cb(struct osmo_fsm_inst *msc_a_fi, void *data, const struct ran_msg *msg)
1558{
1559 struct msc_a *msc_a = msc_a_fi_priv(msc_a_fi);
1560 struct msc_a_ran_dec_data *d = data;
1561 int rc = -99;
1562
1563 d->ran_dec = msg;
1564
1565 switch (d->from_role) {
1566 case MSC_ROLE_I:
1567 LOG_MSC_A(msc_a, LOGL_DEBUG, "RAN decode: %s\n", msg->msg_name ? : ran_msg_type_name(msg->msg_type));
1568 rc = msc_a_ran_dec_from_msc_i(msc_a, d);
1569 break;
1570
1571 case MSC_ROLE_T:
1572 LOG_MSC_A(msc_a, LOGL_DEBUG, "RAN decode from MSC-T: %s\n",
1573 msg->msg_name ? : ran_msg_type_name(msg->msg_type));
1574 rc = msc_a_ran_dec_from_msc_t(msc_a, d);
1575 break;
1576
1577 default:
1578 LOG_MSC_A(msc_a, LOGL_ERROR, "Message from invalid role %s: %s\n", msc_role_name(d->from_role),
1579 ran_msg_type_name(msg->msg_type));
1580 return -ENOTSUP;
1581 }
1582
1583 if (rc)
1584 LOG_MSC_A(msc_a, LOGL_ERROR, "RAN decode error (rc=%d) for %s from %s\n", rc, ran_msg_type_name(msg->msg_type),
1585 msc_role_name(d->from_role));
1586 return rc;
1587}
1588
1589/* Your typical DTAP via FORWARD_ACCESS_SIGNALLING_REQUEST */
1590int _msc_a_ran_down(struct msc_a *msc_a, enum msc_role to_role, const struct ran_msg *ran_msg,
1591 const char *file, int line)
1592{
1593 return _msc_a_msg_down(msc_a, to_role, msub_role_to_role_event(msc_a->c.msub, MSC_ROLE_A, to_role),
1594 ran_msg, file, line);
1595}
1596
1597/* To transmit more complex events than just FORWARD_ACCESS_SIGNALLING_REQUEST, e.g. an
1598 * MSC_T_EV_FROM_A_PREPARE_HANDOVER_REQUEST */
1599int _msc_a_msg_down(struct msc_a *msc_a, enum msc_role to_role, uint32_t to_role_event,
1600 const struct ran_msg *ran_msg,
1601 const char *file, int line)
1602{
1603 struct an_apdu an_apdu = {
1604 .an_proto = msc_a->c.ran->an_proto,
1605 .msg = msc_role_ran_encode(msc_a->c.fi, ran_msg),
1606 };
1607 int rc;
1608 if (!an_apdu.msg)
1609 return -EIO;
1610 rc = _msub_role_dispatch(msc_a->c.msub, to_role, to_role_event, &an_apdu, file, line);
1611 msgb_free(an_apdu.msg);
1612 return rc;
1613}
1614
1615int msc_a_tx_dtap_to_i(struct msc_a *msc_a, struct msgb *dtap)
1616{
1617 struct ran_msg ran_msg;
Neels Hofmeyrc192c0b2019-10-07 21:41:18 +0200[diff] [blame]1618 struct gsm48_hdr *gh = msgb_l3(dtap) ? : dtap->data;
1619 uint8_t pdisc = gsm48_hdr_pdisc(gh);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1620
Neels Hofmeyr2e8f8812019-08-21 16:56:41 +0200[diff] [blame]1621 if (!msc_a) {
Neels Hofmeyr2e8f8812019-08-21 16:56:41 +0200[diff] [blame]1622 LOGP(DMSC, LOGL_ERROR, "Attempt to send DTAP to NULL MSC-A, dropping message: %s %s\n",
1623 gsm48_pdisc_name(pdisc), gsm48_pdisc_msgtype_name(pdisc, gsm48_hdr_msg_type(gh)));
1624 msgb_free(dtap);
1625 return -EIO;
1626 }
1627
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1628 if (msc_a->c.ran->type == OSMO_RAT_EUTRAN_SGS) {
1629 /* The SGs connection to the MME always is at the MSC-A. */
1630 return sgs_iface_tx_dtap_ud(msc_a, dtap);
1631 }
1632
Neels Hofmeyrc192c0b2019-10-07 21:41:18 +0200[diff] [blame]1633 LOG_MSC_A(msc_a, LOGL_DEBUG, "Sending DTAP: %s %s\n",
1634 gsm48_pdisc_name(pdisc), gsm48_pdisc_msgtype_name(pdisc, gsm48_hdr_msg_type(gh)));
1635
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1636 ran_msg = (struct ran_msg){
1637 .msg_type = RAN_MSG_DTAP,
1638 .dtap = dtap,
1639 };
1640 return msc_a_ran_down(msc_a, MSC_ROLE_I, &ran_msg);
1641}
1642
1643struct msc_a *msc_a_for_vsub(const struct vlr_subscr *vsub, bool valid_conn_only)
1644{
1645 struct msc_a *msc_a = msub_msc_a(msub_for_vsub(vsub));
1646 if (valid_conn_only && !msc_a_is_accepted(msc_a))
1647 return NULL;
1648 return msc_a;
1649}
1650
1651int msc_tx_common_id(struct msc_a *msc_a, enum msc_role to_role)
1652{
1653 struct vlr_subscr *vsub = msc_a_vsub(msc_a);
Vadim Yanitskiy435f67f2021-06-06 15:47:49 +0200[diff] [blame]1654 if (vsub == NULL)
1655 return -ENODEV;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1656 struct ran_msg msg = {
1657 .msg_type = RAN_MSG_COMMON_ID,
1658 .common_id = {
1659 .imsi = vsub->imsi,
Pau Espin Pedrol67106702021-04-27 18:20:15 +0200[diff] [blame]1660 .last_eutran_plmn_present = vsub->sgs.last_eutran_plmn_present,
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1661 },
1662 };
Pau Espin Pedrol67106702021-04-27 18:20:15 +0200[diff] [blame]1663 if (vsub->sgs.last_eutran_plmn_present) {
1664 memcpy(&msg.common_id.last_eutran_plmn, &vsub->sgs.last_eutran_plmn,
1665 sizeof(vsub->sgs.last_eutran_plmn));
1666 }
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1667
1668 return msc_a_ran_down(msc_a, to_role, &msg);
1669}
1670
1671static int msc_a_start_assignment(struct msc_a *msc_a, struct gsm_trans *cc_trans)
1672{
1673 struct call_leg *cl = msc_a->cc.call_leg;
Pau Espin Pedrola3cdab42019-05-09 17:54:08 +0200[diff] [blame]1674 struct msc_i *msc_i = msc_a_msc_i(msc_a);
1675 struct gsm_network *net = msc_a_net(msc_a);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1676
1677 OSMO_ASSERT(!msc_a->cc.active_trans);
1678 msc_a->cc.active_trans = cc_trans;
1679
1680 OSMO_ASSERT(cc_trans && cc_trans->type == TRANS_CC);
1681
1682 if (!cl) {
1683 cl = msc_a->cc.call_leg = call_leg_alloc(msc_a->c.fi,
1684 MSC_EV_CALL_LEG_TERM,
1685 MSC_EV_CALL_LEG_RTP_LOCAL_ADDR_AVAILABLE,
Neels Hofmeyr265a4c72019-05-09 16:20:51 +0200[diff] [blame]1686 MSC_EV_CALL_LEG_RTP_COMPLETE);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1687 OSMO_ASSERT(cl);
1688
Martin Hauke3f07dac2019-11-14 17:49:08 +0100[diff] [blame]1689 /* HACK: We put the connection in loopback mode at the beginning to
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1690 * trick the hNodeB into doing the IuUP negotiation with itself.
1691 * This is a hack we need because osmo-mgw does not support IuUP yet, see OS#2459. */
1692 if (msc_a->c.ran->type == OSMO_RAT_UTRAN_IU)
1693 cl->crcx_conn_mode[RTP_TO_RAN] = MGCP_CONN_LOOPBACK;
1694 }
1695
Pau Espin Pedrola3cdab42019-05-09 17:54:08 +0200[diff] [blame]1696 if (net->use_osmux != OSMUX_USAGE_OFF) {
1697 msc_i = msc_a_msc_i(msc_a);
1698 if (msc_i->c.remote_to) {
1699 /* TODO: investigate what to do in this case */
1700 LOG_MSC_A(msc_a, LOGL_ERROR, "Osmux not yet supported for inter-MSC");
1701 } else {
1702 cl->ran_peer_supports_osmux = msc_i->ran_conn->ran_peer->remote_supports_osmux;
1703 }
1704 }
1705
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1706 /* This will lead to either MSC_EV_CALL_LEG_LOCAL_ADDR_AVAILABLE or MSC_EV_CALL_LEG_TERM.
1707 * If the local address is already known, then immediately trigger. */
1708 if (call_leg_local_ip(cl, RTP_TO_RAN))
1709 return osmo_fsm_inst_dispatch(msc_a->c.fi, MSC_EV_CALL_LEG_RTP_LOCAL_ADDR_AVAILABLE, cl->rtp[RTP_TO_RAN]);
1710 else
1711 return call_leg_ensure_ci(msc_a->cc.call_leg, RTP_TO_RAN, cc_trans->callref, cc_trans, NULL, NULL);
1712}
1713
1714int msc_a_try_call_assignment(struct gsm_trans *cc_trans)
1715{
1716 struct msc_a *msc_a = cc_trans->msc_a;
1717 OSMO_ASSERT(cc_trans->type == TRANS_CC);
1718
1719 if (msc_a->cc.active_trans == cc_trans) {
Neels Hofmeyrb4ef5e72019-08-30 01:11:12 +0200[diff] [blame]1720 LOG_MSC_A(msc_a, LOGL_DEBUG, "Assignment for this trans already started earlier\n");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1721 return 0;
1722 }
1723
1724 if (msc_a->cc.active_trans) {
1725 LOG_MSC_A(msc_a, LOGL_INFO, "Another call is already ongoing, not assigning yet\n");
1726 return 0;
1727 }
1728
1729 LOG_MSC_A(msc_a, LOGL_DEBUG, "Starting call assignment\n");
1730 return msc_a_start_assignment(msc_a, cc_trans);
1731}
1732
1733const char *msc_a_cm_service_type_to_use(enum osmo_cm_service_type cm_service_type)
1734{
1735 switch (cm_service_type) {
1736 case GSM48_CMSERV_MO_CALL_PACKET:
1737 case GSM48_CMSERV_EMERGENCY:
1738 return MSC_A_USE_CM_SERVICE_CC;
1739
1740 case GSM48_CMSERV_SMS:
1741 return MSC_A_USE_CM_SERVICE_SMS;
1742
1743 case GSM48_CMSERV_SUP_SERV:
1744 return MSC_A_USE_CM_SERVICE_SS;
1745
1746 default:
1747 return NULL;
1748 }
1749}
1750
1751void msc_a_release_cn(struct msc_a *msc_a)
1752{
1753 osmo_fsm_inst_dispatch(msc_a->c.fi, MSC_A_EV_CN_CLOSE, NULL);
1754}
1755
1756void msc_a_release_mo(struct msc_a *msc_a, enum gsm48_gsm_cause gsm_cause)
1757{
1758 osmo_fsm_inst_dispatch(msc_a->c.fi, MSC_A_EV_MO_CLOSE, NULL);
1759}