Gitiles
Code Review Sign In
gerrit.osmocom.org / osmo-msc / f092301a0f240ef6497a31e2f3075ff283504ad0 / . / src / libmsc / ran_msg_a.c
blob: 43e27f6ca77a9c2fd12ed6ece01befb3aebe3923 [file] [log] [blame]
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1/* BSSAP/BSSMAP encoding and decoding for MSC */
2/*
3 * (C) 2019 by sysmocom - s.m.f.c. GmbH <info@sysmocom.de>
4 * All Rights Reserved
5 *
6 * Author: Neels Hofmeyr
7 *
8 * SPDX-License-Identifier: GPL-2.0+
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License along
21 * with this program; if not, write to the Free Software Foundation, Inc.,
22 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 */
24
25#include <osmocom/core/byteswap.h>
26
27#include <osmocom/crypt/auth.h>
28
29#include <osmocom/gsm/tlv.h>
30#include <osmocom/gsm/gsm0808.h>
31#include <osmocom/gsm/mncc.h>
32#include <osmocom/gsm/gsm48.h>
33
34#include <osmocom/msc/debug.h>
35#include <osmocom/msc/ran_msg_a.h>
36#include <osmocom/msc/sccp_ran.h>
Pau Espin Pedrolc9ba7542019-05-07 12:23:49 +0200[diff] [blame]37#include <osmocom/msc/gsm_data.h>
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]38
39#define LOG_RAN_A_DEC(RAN_DEC, level, fmt, args...) \
40 LOG_RAN_DEC(RAN_DEC, DBSSAP, level, "BSSMAP: " fmt, ## args)
41
42/* Assumes presence of struct ran_dec *ran_dec and ran_dec_msg.msg_name (set) in the local scope. */
43#define LOG_RAN_A_DEC_MSG(level, fmt, args...) \
44 LOG_RAN_DEC(ran_dec, DBSSAP, level, "%s: " fmt, ran_dec_msg.msg_name, ## args)
45
46#define LOG_RAN_A_ENC(FI, level, fmt, args...) \
47 LOG_RAN_ENC(FI, DBSSAP, level, "BSSMAP: " fmt, ## args)
48
49static int ran_a_decode_l3_compl(struct ran_dec *ran_dec, struct msgb *msg, struct tlv_parsed *tp)
50{
51 struct gsm0808_cell_id_list2 cil;
52 struct gsm0808_cell_id cell_id;
53 struct tlv_p_entry *ie_cell_id = TLVP_GET(tp, GSM0808_IE_CELL_IDENTIFIER);
54 struct tlv_p_entry *ie_l3_info = TLVP_GET(tp, GSM0808_IE_LAYER_3_INFORMATION);
55 struct ran_msg ran_dec_msg = {
56 .msg_type = RAN_MSG_COMPL_L3,
57 .msg_name = "BSSMAP Complete Layer 3",
58 .compl_l3 = {
59 .cell_id = &cell_id,
60 .msg = msg,
61 },
62 };
63 int rc;
64
65 if (!ie_cell_id) {
66 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Mandatory CELL IDENTIFIER not present, discarding message\n");
67 return -EINVAL;
68 }
69 if (!ie_l3_info) {
70 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Mandatory LAYER 3 INFORMATION not present, discarding message\n");
71 return -EINVAL;
72 }
73
74 /* Parse Cell ID element -- this should yield a cell identifier "list" with 1 element. */
75
76 rc = gsm0808_dec_cell_id_list2(&cil, ie_cell_id->val, ie_cell_id->len);
77 if (rc < 0) {
78 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Decoding CELL IDENTIFIER gave rc=%d\n", rc);
79 return -EINVAL;
80 }
81 if (cil.id_list_len != 1) {
82 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Unable to parse element CELL IDENTIFIER, discarding message\n");
83 return -EINVAL;
84 }
85
86 /* Sanity check the Cell Identity */
87 switch (cil.id_discr) {
88 case CELL_IDENT_WHOLE_GLOBAL:
89 case CELL_IDENT_LAI_AND_LAC:
90 case CELL_IDENT_LAC_AND_CI:
91 case CELL_IDENT_LAC:
92 break;
93
94 case CELL_IDENT_CI:
95 case CELL_IDENT_NO_CELL:
96 case CELL_IDENT_BSS:
97 default:
98 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "CELL IDENTIFIER does not specify a LAC, discarding message: %s\n",
99 gsm0808_cell_id_list_name(&cil));
100 return -EINVAL;
101 }
102
103 cell_id = (struct gsm0808_cell_id){
104 .id_discr = cil.id_discr,
105 .id = cil.id_list[0],
106 };
107
108 /* Parse Layer 3 Information element */
109 msg->l3h = (uint8_t*)ie_l3_info->val;
110 msgb_l3trim(msg, ie_l3_info->len);
111
112 if (msgb_l3len(msg) < sizeof(struct gsm48_hdr)) {
113 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "too short L3 info (%d), discarding message\n", msgb_l3len(msg));
114 return -ENODATA;
115 }
116
117 return ran_decoded(ran_dec, &ran_dec_msg);
118}
119
120static int ran_a_decode_clear_request(struct ran_dec *ran_dec, struct msgb *msg, struct tlv_parsed *tp)
121{
122 struct tlv_p_entry *ie_cause = TLVP_GET(tp, GSM0808_IE_CAUSE);
123 struct ran_msg ran_dec_msg = {
124 .msg_type = RAN_MSG_CLEAR_REQUEST,
125 .msg_name = "BSSMAP Clear Request",
126 };
127
128 if (!ie_cause) {
129 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Cause code is missing, using GSM0808_CAUSE_EQUIPMENT_FAILURE\n");
130 ran_dec_msg.clear_request.bssap_cause = GSM0808_CAUSE_EQUIPMENT_FAILURE;
131 } else {
132 ran_dec_msg.clear_request.bssap_cause = ie_cause->val[0];
133 }
134
135 return ran_decoded(ran_dec, &ran_dec_msg);
136}
137
138static int ran_a_decode_clear_complete(struct ran_dec *ran_dec, struct msgb *msg, struct tlv_parsed *tp)
139{
140 struct ran_msg ran_dec_msg = {
141 .msg_type = RAN_MSG_CLEAR_COMPLETE,
142 .msg_name = "BSSMAP Clear Complete",
143 };
144 return ran_decoded(ran_dec, &ran_dec_msg);
145}
146
147static int ran_a_decode_classmark_update(struct ran_dec *ran_dec, struct msgb *msg, struct tlv_parsed *tp)
148{
149 struct tlv_p_entry *ie_cm2 = TLVP_GET(tp, GSM0808_IE_CLASSMARK_INFORMATION_T2);
150 struct tlv_p_entry *ie_cm3 = TLVP_GET(tp, GSM0808_IE_CLASSMARK_INFORMATION_T3);
151 struct osmo_gsm48_classmark cm = {};
152 struct ran_msg ran_dec_msg = {
153 .msg_type = RAN_MSG_CLASSMARK_UPDATE,
154 .msg_name = "BSSMAP Classmark Update",
155 .classmark_update = {
156 .classmark = &cm,
157 },
158 };
159
160 if (!ie_cm2) {
161 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "mandatory Classmark Information Type 2 not present, discarding message\n");
162 return -EINVAL;
163 }
164
165 cm.classmark2_len = OSMO_MIN(sizeof(cm.classmark2), ie_cm2->len);
166 memcpy(&cm.classmark2, ie_cm2->val, cm.classmark2_len);
167
168 if (ie_cm3) {
169 cm.classmark3_len = OSMO_MIN(sizeof(cm.classmark3), ie_cm3->len);
170 memcpy(&cm.classmark3, ie_cm3->val, cm.classmark3_len);
171 }
172
173 return ran_decoded(ran_dec, &ran_dec_msg);
174}
175
176static int ran_a_decode_cipher_mode_complete(struct ran_dec *ran_dec, struct msgb *msg, struct tlv_parsed *tp)
177{
178 struct tlv_p_entry *ie_chosen_encr_alg = TLVP_GET(tp, GSM0808_IE_CHOSEN_ENCR_ALG);
179 struct tlv_p_entry *ie_l3_msg = TLVP_GET(tp, GSM0808_IE_LAYER_3_MESSAGE_CONTENTS);
180 int rc;
181 struct ran_msg ran_dec_msg = {
182 .msg_type = RAN_MSG_CIPHER_MODE_COMPLETE,
183 .msg_name = "BSSMAP Ciphering Mode Complete",
184 };
185
186 if (ie_chosen_encr_alg) {
187 uint8_t ie_val = ie_chosen_encr_alg->val[0];
188 /* 3GPP TS 48.008 3.2.2.44 Chosen Encryption Algorithm encodes as 1 = no encryption, 2 = A5/1, 4 = A5/3.
189 * Internally we handle without this weird off-by-one. */
190 if (ie_val < 1 || ie_val > 8)
191 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Unsupported value for 3.2.2.44 Chosen Encryption Algorithm: %u\n",
192 ie_val);
193 else
194 ran_dec_msg.cipher_mode_complete.alg_id = ie_chosen_encr_alg->val[0];
195 }
196
197 rc = ran_decoded(ran_dec, &ran_dec_msg);
198
199 if (ie_l3_msg) {
200 msg->l3h = (uint8_t*)ie_l3_msg->val;
201 msgb_l3trim(msg, ie_l3_msg->len);
202 ran_dec_msg = (struct ran_msg){
203 .msg_type = RAN_MSG_DTAP,
204 .msg_name = "BSSMAP Ciphering Mode Complete (L3 Message Contents)",
205 .dtap = msg,
206 };
207 ran_decoded(ran_dec, &ran_dec_msg);
208 }
209
210 return rc;
211}
212
213static int ran_a_decode_cipher_mode_reject(struct ran_dec *ran_dec, struct msgb *msg, struct tlv_parsed *tp)
214{
215 int rc;
216 struct ran_msg ran_dec_msg = {
217 .msg_type = RAN_MSG_CIPHER_MODE_REJECT,
218 .msg_name = "BSSMAP Ciphering Mode Reject",
219 };
220
221 rc = gsm0808_get_cipher_reject_cause(tp);
222 if (rc < 0) {
223 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "failed to extract Cause\n");
224 ran_dec_msg.cipher_mode_reject.bssap_cause = GSM0808_CAUSE_EQUIPMENT_FAILURE;
225 } else {
226 ran_dec_msg.cipher_mode_reject.bssap_cause = (enum gsm0808_cause)rc;
227 }
228
229 return ran_decoded(ran_dec, &ran_dec_msg);
230}
231
232enum mgcp_codecs ran_a_mgcp_codec_from_sc(const struct gsm0808_speech_codec *sc)
233{
234 switch (sc->type) {
235 case GSM0808_SCT_FR1:
236 return CODEC_GSM_8000_1;
237 break;
238 case GSM0808_SCT_FR2:
239 return CODEC_GSMEFR_8000_1;
240 break;
241 case GSM0808_SCT_FR3:
242 return CODEC_AMR_8000_1;
243 break;
244 case GSM0808_SCT_FR4:
245 return CODEC_AMRWB_16000_1;
246 break;
247 case GSM0808_SCT_FR5:
248 return CODEC_AMRWB_16000_1;
249 break;
250 case GSM0808_SCT_HR1:
251 return CODEC_GSMHR_8000_1;
252 break;
253 case GSM0808_SCT_HR3:
254 return CODEC_AMR_8000_1;
255 break;
256 case GSM0808_SCT_HR4:
257 return CODEC_AMRWB_16000_1;
258 break;
259 case GSM0808_SCT_HR6:
260 return CODEC_AMRWB_16000_1;
261 break;
262 default:
263 return CODEC_PCMU_8000_1;
264 break;
265 }
266}
267
268static int ran_a_decode_assignment_complete(struct ran_dec *ran_dec, struct msgb *msg, struct tlv_parsed *tp)
269{
270 struct tlv_p_entry *ie_aoip_transp_addr = TLVP_GET(tp, GSM0808_IE_AOIP_TRASP_ADDR);
271 struct tlv_p_entry *ie_speech_codec = TLVP_GET(tp, GSM0808_IE_SPEECH_CODEC);
Pau Espin Pedrola3cdab42019-05-09 17:54:08 +0200[diff] [blame]272 struct tlv_p_entry *ie_osmux_cid = TLVP_GET(tp, GSM0808_IE_OSMO_OSMUX_CID);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]273 struct sockaddr_storage rtp_addr;
274 struct sockaddr_in *rtp_addr_in;
275 struct gsm0808_speech_codec sc;
276 int rc;
277 struct ran_msg ran_dec_msg = {
278 .msg_type = RAN_MSG_ASSIGNMENT_COMPLETE,
279 .msg_name = "BSSMAP Assignment Complete",
280 };
281
282 if (ie_aoip_transp_addr) {
283 /* Decode AoIP transport address element */
284 rc = gsm0808_dec_aoip_trasp_addr(&rtp_addr, ie_aoip_transp_addr->val, ie_aoip_transp_addr->len);
285 if (rc < 0) {
286 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Unable to decode AoIP Transport Layer Address\n");
287 return -EINVAL;
288 }
289
290 rtp_addr_in = (struct sockaddr_in*)&rtp_addr;
291
292 if (rtp_addr.ss_family != AF_INET) {
293 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Assignment Complete: IE AoIP Transport Address:"
294 " unsupported addressing scheme (only IPV4 supported)\n");
295 return -EINVAL;
296 }
297
298 if (osmo_sockaddr_str_from_sockaddr_in(&ran_dec_msg.assignment_complete.remote_rtp, rtp_addr_in)) {
299 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Assignment Complete: unable to decode remote RTP IP address\n");
300 return -EINVAL;
301 }
302 }
303
Pau Espin Pedrola3cdab42019-05-09 17:54:08 +0200[diff] [blame]304 if (ie_osmux_cid) {
305 rc = gsm0808_dec_osmux_cid(&ran_dec_msg.assignment_complete.osmux_cid, ie_osmux_cid->val, ie_osmux_cid->len);
306 if (rc < 0) {
307 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Unable to decode Osmux CID\n");
308 return -EINVAL;
309 }
310 ran_dec_msg.assignment_complete.osmux_present = true;
311 }
312
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]313 if (ie_speech_codec) {
314 /* Decode Speech Codec (Chosen) element */
315 rc = gsm0808_dec_speech_codec(&sc, ie_speech_codec->val, ie_speech_codec->len);
316 if (rc < 0) {
317 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Assignment Complete: unable to decode IE Speech Codec (Chosen)"
318 " (rc=%d).\n", rc);
319 return -EINVAL;
320 }
321 ran_dec_msg.assignment_complete.codec_present = true;
322 ran_dec_msg.assignment_complete.codec = ran_a_mgcp_codec_from_sc(&sc);
323 }
324
325 return ran_decoded(ran_dec, &ran_dec_msg);
326}
327
328static int ran_a_decode_assignment_failure(struct ran_dec *ran_dec, struct msgb *msg, struct tlv_parsed *tp)
329{
330 struct tlv_p_entry *ie_cause = TLVP_GET(tp, GSM0808_IE_CAUSE);
331 struct tlv_p_entry *ie_rr_cause = TLVP_GET(tp, GSM0808_IE_RR_CAUSE);
332 struct tlv_p_entry *ie_speech_codec_list = TLVP_GET(tp, GSM0808_IE_SPEECH_CODEC_LIST);
333 struct gsm0808_speech_codec_list scl;
334 struct ran_msg ran_dec_msg = {
335 .msg_type = RAN_MSG_ASSIGNMENT_FAILURE,
336 .msg_name = "BSSMAP Assignment Failure",
337 .assignment_failure = {
338 .bssap_cause = GSM0808_CAUSE_EQUIPMENT_FAILURE,
339 .rr_cause = GSM48_RR_CAUSE_ABNORMAL_UNSPEC,
340 },
341 };
342
343 if (ie_cause)
344 ran_dec_msg.assignment_failure.bssap_cause = ie_cause->val[0];
345 if (ie_rr_cause)
346 ran_dec_msg.assignment_failure.rr_cause = ie_rr_cause->val[0];
347
348 if (ie_speech_codec_list
349 && gsm0808_dec_speech_codec_list(&scl, ie_speech_codec_list->val, ie_speech_codec_list->len) == 0)
350 ran_dec_msg.assignment_failure.scl_bss_supported = &scl;
351
352 return ran_decoded(ran_dec, &ran_dec_msg);
353}
354
355static int ran_a_decode_sapi_n_reject(struct ran_dec *ran_dec, struct msgb *msg, struct tlv_parsed *tp)
356{
357 struct tlv_p_entry *ie_cause = TLVP_GET(tp, GSM0808_IE_CAUSE);
358 struct tlv_p_entry *ie_dlci = TLVP_GET(tp, GSM0808_IE_DLCI);
359 struct ran_msg ran_dec_msg = {
360 .msg_type = RAN_MSG_SAPI_N_REJECT,
361 .msg_name = "BSSMAP SAPI-N Reject",
362 };
363
364 /* Note: The MSC code seems not to care about the cause code, but by
365 * the specification it is mandatory, so we check its presence. See
366 * also 3GPP TS 48.008 3.2.1.34 SAPI "n" REJECT */
367 if (!ie_cause) {
368 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "SAPI-N Reject: cause code IE is missing, discarding message\n");
369 return -EINVAL;
370 }
371 ran_dec_msg.sapi_n_reject.bssap_cause = ie_cause->val[0];
372
373 if (!ie_dlci) {
374 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "SAPI-N Reject: DLCI IE is missing, discarding message\n");
375 return -EINVAL;
376 }
377 ran_dec_msg.sapi_n_reject.dlci = ie_dlci->val[0];
378
379 return ran_decoded(ran_dec, &ran_dec_msg);
380}
381
382static int ran_a_decode_lcls_notification(struct ran_dec *ran_dec, const struct msgb *msg, const struct tlv_parsed *tp)
383{
384 const struct tlv_p_entry *ie_lcls_bss_status = TLVP_GET(tp, GSM0808_IE_LCLS_BSS_STATUS);
385 const struct tlv_p_entry *ie_lcls_break_req = TLVP_GET(tp, GSM0808_IE_LCLS_BREAK_REQ);
386 struct ran_msg ran_dec_msg;
387
388 /* Either §3.2.2.119 LCLS-BSS-Status or §3.2.2.120 LCLS-Break-Request shall be present */
Vadim Yanitskiy18e8b392019-05-11 04:22:55 +0700[diff] [blame]389 if (ie_lcls_bss_status && !ie_lcls_break_req) {
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]390 ran_dec_msg = (struct ran_msg){
391 .msg_type = RAN_MSG_LCLS_STATUS,
392 .msg_name = "BSSMAP LCLS Notification (LCLS Status)",
393 .lcls_status = {
394 .status = ie_lcls_bss_status->len ?
395 ie_lcls_bss_status->val[0] : GSM0808_LCLS_STS_NA,
396 },
397 };
398 return ran_decoded(ran_dec, &ran_dec_msg);
Vadim Yanitskiy18e8b392019-05-11 04:22:55 +0700[diff] [blame]399 } else if (ie_lcls_break_req && !ie_lcls_bss_status) {
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]400 ran_dec_msg = (struct ran_msg){
401 .msg_type = RAN_MSG_LCLS_BREAK_REQ,
402 .msg_name = "BSSMAP LCLS Notification (LCLS Break Req)",
403 .lcls_break_req = {
404 .todo = 23,
405 },
406 };
407 return ran_decoded(ran_dec, &ran_dec_msg);
408 }
409
Vadim Yanitskiy18e8b392019-05-11 04:22:55 +0700[diff] [blame]410 LOG_RAN_A_DEC(ran_dec, LOGL_ERROR, "Ignoring broken LCLS Notification message\n");
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]411 return -EINVAL;
412}
413
414static int ran_a_decode_handover_required(struct ran_dec *ran_dec, const struct msgb *msg, const struct tlv_parsed *tp)
415{
416 const struct tlv_p_entry *ie_cause = TLVP_GET(tp, GSM0808_IE_CAUSE);
417 const struct tlv_p_entry *ie_cil = TLVP_GET(tp, GSM0808_IE_CELL_IDENTIFIER_LIST);
418 struct ran_msg ran_dec_msg = {
419 .msg_type = RAN_MSG_HANDOVER_REQUIRED,
420 .msg_name = "BSSMAP Handover Required",
421 };
422 /* On decoding failures, dispatch an invalid RAN_MSG_HANDOVER_REQUIRED so msc_a can pass down a
423 * BSS_MAP_MSG_HANDOVER_REQUIRED_REJECT message. */
424
425 if (ie_cause)
426 ran_dec_msg.handover_required.cause = ie_cause->val[0];
427 else
428 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Cause IE missing\n");
429
430 if (!ie_cil
431 || gsm0808_dec_cell_id_list2(&ran_dec_msg.handover_required.cil, ie_cil->val, ie_cil->len) <= 0) {
432 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "No or invalid Cell Identifier List IE\n");
433 ran_dec_msg.handover_required.cil = (struct gsm0808_cell_id_list2){};
434 }
435
436 return ran_decoded(ran_dec, &ran_dec_msg);
437}
438
439static uint8_t a5_encryption_mask_from_gsm0808_chosen_enc_alg(enum gsm0808_chosen_enc_alg val)
440{
441 return 1 << val;
442}
443
444static int ran_a_decode_handover_request(struct ran_dec *ran_dec, const struct msgb *msg, const struct tlv_parsed *tp)
445{
446 struct osmo_gsm48_classmark classmark = {};
447 struct ran_msg ran_dec_msg = {
448 .msg_type = RAN_MSG_HANDOVER_REQUEST,
449 .msg_name = "BSSMAP Handover Request",
450 .handover_request = {
451 .classmark = &classmark,
452 },
453 };
454 struct ran_handover_request *r = &ran_dec_msg.handover_request;
455
456 const struct tlv_p_entry *ie_channel_type = TLVP_GET(tp, GSM0808_IE_CHANNEL_TYPE);
457 const struct tlv_p_entry *ie_encryption_information = TLVP_GET(tp, GSM0808_IE_ENCRYPTION_INFORMATION);
458 const struct tlv_p_entry *ie_classmark1 = TLVP_GET(tp, GSM0808_IE_CLASSMARK_INFORMATION_TYPE_1);
459 const struct tlv_p_entry *ie_classmark2 = TLVP_GET(tp, GSM0808_IE_CLASSMARK_INFORMATION_T2);
460 const struct tlv_p_entry *ie_cell_id_serving = TLVP_GET(&tp[0], GSM0808_IE_CELL_IDENTIFIER);
461 const struct tlv_p_entry *ie_cell_id_target = TLVP_GET(&tp[1], GSM0808_IE_CELL_IDENTIFIER);
462 const struct tlv_p_entry *ie_cause = TLVP_GET(tp, GSM0808_IE_CAUSE);
463 const struct tlv_p_entry *ie_classmark3 = TLVP_GET(tp, GSM0808_IE_CLASSMARK_INFORMATION_T3);
464 const struct tlv_p_entry *ie_current_channel_type_1 = TLVP_GET(tp, GSM0808_IE_CURRENT_CHANNEL_TYPE_1);
465 const struct tlv_p_entry *ie_speech_version_used = TLVP_GET(tp, GSM0808_IE_SPEECH_VERSION);
466 const struct tlv_p_entry *ie_chosen_encr_alg_serving = TLVP_GET(tp, GSM0808_IE_CHOSEN_ENCR_ALG);
467 const struct tlv_p_entry *ie_old_bss_to_new_bss_info = TLVP_GET(tp, GSM0808_IE_OLD_BSS_TO_NEW_BSS_INFORMATION);
468 const struct tlv_p_entry *ie_imsi = TLVP_GET(tp, GSM0808_IE_IMSI);
469 const struct tlv_p_entry *ie_aoip_transp_addr = TLVP_GET(tp, GSM0808_IE_AOIP_TRASP_ADDR);
470 const struct tlv_p_entry *ie_codec_list_msc_preferred = TLVP_GET(tp, GSM0808_IE_SPEECH_CODEC_LIST);
471 const struct tlv_p_entry *ie_call_id = TLVP_GET(tp, GSM0808_IE_CALL_ID);
472 const struct tlv_p_entry *ie_global_call_ref = TLVP_GET(tp, GSM0808_IE_GLOBAL_CALL_REF);
473
474 struct gsm0808_channel_type channel_type;
475 struct gsm0808_encrypt_info encr_info;
476 struct gsm0808_speech_codec_list scl;
477 struct geran_encr geran_encr = {};
478 char imsi[OSMO_IMSI_BUF_SIZE];
479 struct osmo_sockaddr_str rtp_ran_local;
480
481 if (!ie_channel_type) {
482 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Mandatory IE missing: Channel Type\n");
483 return -EINVAL;
484 }
485 if (gsm0808_dec_channel_type(&channel_type, ie_channel_type->val, ie_channel_type->len) <= 0) {
486 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Failed to decode Channel Type IE\n");
487 return -EINVAL;
488 }
489 r->geran.channel_type = &channel_type;
490
491 if (ie_encryption_information) {
492 int i;
493 if (gsm0808_dec_encrypt_info(&encr_info, ie_encryption_information->val, ie_encryption_information->len)
494 <= 0) {
495 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Failed to decode Encryption Informaiton IE\n");
496 return -EINVAL;
497 }
498
499 for (i = 0; i < encr_info.perm_algo_len; i++) {
500 r->geran.a5_encryption_mask |=
501 a5_encryption_mask_from_gsm0808_chosen_enc_alg(encr_info.perm_algo[i]);
502 }
503
504 if (encr_info.key_len > sizeof(geran_encr.key)) {
505 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Failed to decode Encryption Informaiton IE:"
506 " encryption key is too long: %u\n", geran_encr.key_len);
507 return -EINVAL;
508 }
509
510 if (encr_info.key_len) {
511 memcpy(geran_encr.key, encr_info.key, encr_info.key_len);
512 geran_encr.key_len = encr_info.key_len;
513 }
514
515 r->geran.chosen_encryption = &geran_encr;
516 }
517
518 if (!ie_classmark1 && !ie_classmark2) {
519 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Mandatory IE missing: either Classmark Information 1"
520 " or Classmark Information 2 must be included\n");
521 return -EINVAL;
522 }
523
524 if (ie_classmark1) {
525 if (ie_classmark1->len != sizeof(classmark.classmark1)) {
526 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Invalid size for Classmark 1: %u, expected %zu\n",
527 ie_classmark1->len, sizeof(classmark.classmark1));
528 return -EINVAL;
529 }
530 memcpy((uint8_t*)&classmark.classmark1, ie_classmark1->val, ie_classmark1->len);
531 classmark.classmark1_set = true;
532 }
533
534 if (ie_classmark2) {
535 uint8_t len = OSMO_MIN(ie_classmark2->len, sizeof(classmark.classmark2));
536 memcpy((uint8_t*)&classmark.classmark2, ie_classmark2->val, len);
537 classmark.classmark2_len = len;
538 }
539
540 if (!ie_cell_id_serving) {
541 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Mandatory IE missing: Cell Identifier (Serving)\n");
542 return -EINVAL;
543 }
544 if (gsm0808_dec_cell_id(&r->cell_id_serving, ie_cell_id_serving->val,
545 ie_cell_id_serving->len) <= 0) {
546 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Failed to decode Cell Identifier (Serving) IE\n");
547 return -EINVAL;
548 }
549
550 if (!ie_cell_id_target) {
551 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Mandatory IE missing: Cell Identifier (Target)\n");
552 return -EINVAL;
553 }
554 if (gsm0808_dec_cell_id(&r->cell_id_target, ie_cell_id_target->val,
555 ie_cell_id_target->len) <= 0) {
556 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "Failed to decode Cell Identifier (Target) IE\n");
557 return -EINVAL;
558 }
559
560 if (ie_cause)
561 r->bssap_cause = ie_cause->val[0];
562
563 if (ie_classmark3) {
564 uint8_t len = OSMO_MIN(ie_classmark3->len, sizeof(classmark.classmark3));
565 memcpy(classmark.classmark3, ie_classmark3->val, len);
566 classmark.classmark3_len = len;
567 }
568
569 if (ie_current_channel_type_1) {
570 r->current_channel_type_1 = ie_current_channel_type_1->val[0];
571 r->current_channel_type_1_present = true;
572 }
573
574 if (ie_speech_version_used) {
575 r->speech_version_used = ie_speech_version_used->val[0];
576 }
577
578 if (ie_chosen_encr_alg_serving && ie_chosen_encr_alg_serving->len) {
579 geran_encr.alg_id = ie_chosen_encr_alg_serving->val[0];
580 r->geran.chosen_encryption = &geran_encr;
581 }
582
583 if (ie_old_bss_to_new_bss_info) {
584 r->old_bss_to_new_bss_info_raw = ie_old_bss_to_new_bss_info->val;
585 r->old_bss_to_new_bss_info_raw_len = ie_old_bss_to_new_bss_info->len;
586 }
587
588 if (ie_imsi) {
589 gsm48_mi_to_string(imsi, sizeof(imsi), ie_imsi->val, ie_imsi->len);
590 r->imsi = imsi;
591 }
592
593 if (ie_aoip_transp_addr) {
594 do {
595 struct sockaddr_storage rtp_addr;
596 if (gsm0808_dec_aoip_trasp_addr(&rtp_addr, ie_aoip_transp_addr->val, ie_aoip_transp_addr->len) < 0) {
597 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "unable to decode AoIP transport address\n");
598 break;
599 }
600 if (rtp_addr.ss_family != AF_INET) {
601 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "IE AoIP Transport Address:"
602 " unsupported addressing scheme (only IPV4 supported)\n");
603 break;
604 }
605 if (osmo_sockaddr_str_from_sockaddr_in(&rtp_ran_local, (struct sockaddr_in*)&rtp_addr)) {
606 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "unable to decode remote RTP IP address\n");
607 break;
608 }
609 r->rtp_ran_local = &rtp_ran_local;
610 } while(0);
611 }
612
613 if (ie_codec_list_msc_preferred
614 && gsm0808_dec_speech_codec_list(&scl, ie_codec_list_msc_preferred->val,
615 ie_codec_list_msc_preferred->len) == 0)
616 r->codec_list_msc_preferred = &scl;
617
618 if (ie_call_id && ie_call_id->len == 4) {
619 r->call_id = osmo_load32le(ie_call_id->val);
620 r->call_id_present = true;
621 }
622
623 if (ie_global_call_ref) {
624 r->global_call_reference = ie_global_call_ref->val;
625 r->global_call_reference_len = ie_global_call_ref->len;
626 }
627
628 return ran_decoded(ran_dec, &ran_dec_msg);
629}
630
631static int ran_a_decode_handover_request_ack(struct ran_dec *ran_dec, const struct msgb *msg, const struct tlv_parsed *tp)
632{
633 struct ran_msg ran_dec_msg = {
634 .msg_type = RAN_MSG_HANDOVER_REQUEST_ACK,
635 .msg_name = "BSSMAP Handover Request Acknowledge",
636 };
637 const struct tlv_p_entry *ie_l3_info = TLVP_GET(tp, GSM0808_IE_LAYER_3_INFORMATION);
638 const struct tlv_p_entry *ie_aoip_transp_addr = TLVP_GET(tp, GSM0808_IE_AOIP_TRASP_ADDR);
639 const struct tlv_p_entry *ie_speech_codec = TLVP_GET(tp, GSM0808_IE_SPEECH_CODEC);
640 const struct tlv_p_entry *ie_chosen_channel = TLVP_GET(tp, GSM0808_IE_CHOSEN_CHANNEL);
641 const struct tlv_p_entry *ie_chosen_encr_alg = TLVP_GET(tp, GSM0808_IE_CHOSEN_ENCR_ALG);
642 const struct tlv_p_entry *ie_chosen_speech_version = TLVP_GET(tp, GSM0808_IE_SPEECH_VERSION);
643
644 /* On missing mandatory IEs, dispatch an invalid RAN_MSG_HANDOVER_REQUEST_ACK so msc_a can act on the failure. */
645
646 if (ie_l3_info) {
647 ran_dec_msg.handover_request_ack.rr_ho_command = ie_l3_info->val;
648 ran_dec_msg.handover_request_ack.rr_ho_command_len = ie_l3_info->len;
649 }
650
651 if (ie_chosen_channel) {
652 ran_dec_msg.handover_request_ack.chosen_channel_present = true;
653 ran_dec_msg.handover_request_ack.chosen_channel = *ie_chosen_channel->val;
654 }
655
656 if (ie_chosen_encr_alg) {
657 ran_dec_msg.handover_request_ack.chosen_encr_alg = *ie_chosen_encr_alg->val;
658 if (ran_dec_msg.handover_request_ack.chosen_encr_alg < 1
659 || ran_dec_msg.handover_request_ack.chosen_encr_alg > 8) {
660 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "invalid Chosen Encryption Algorithm: %u\n",
661 ran_dec_msg.handover_request_ack.chosen_encr_alg);
662 }
663 }
664
665 if (ie_chosen_speech_version) {
666 struct gsm0808_speech_codec sc;
667 ran_dec_msg.handover_request_ack.chosen_speech_version = ie_chosen_speech_version->val[0];
668
669 /* the codec may be extrapolated from this Speech Version or below from Speech Codec */
670 gsm0808_speech_codec_from_chan_type(&sc, ran_dec_msg.handover_request_ack.chosen_speech_version);
671 ran_dec_msg.handover_request_ack.codec_present = true;
672 ran_dec_msg.handover_request_ack.codec = ran_a_mgcp_codec_from_sc(&sc);
673 }
674
675 if (ie_aoip_transp_addr) {
676 do {
677 struct sockaddr_storage rtp_addr;
678 if (gsm0808_dec_aoip_trasp_addr(&rtp_addr, ie_aoip_transp_addr->val, ie_aoip_transp_addr->len) < 0) {
679 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "unable to decode AoIP transport address\n");
680 break;
681 }
682 if (rtp_addr.ss_family != AF_INET) {
683 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "IE AoIP Transport Address:"
684 " unsupported addressing scheme (only IPV4 supported)\n");
685 break;
686 }
687 if (osmo_sockaddr_str_from_sockaddr_in(&ran_dec_msg.handover_request_ack.remote_rtp,
688 (struct sockaddr_in*)&rtp_addr)) {
689 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "unable to decode remote RTP IP address\n");
690 ran_dec_msg.handover_request_ack.remote_rtp = (struct osmo_sockaddr_str){};
691 break;
692 }
693 } while(0);
694 }
695
696 if (ie_speech_codec) {
697 struct gsm0808_speech_codec sc;
698 if (gsm0808_dec_speech_codec(&sc, ie_speech_codec->val, ie_speech_codec->len) < 0)
699 LOG_RAN_A_DEC_MSG(LOGL_ERROR, "unable to decode IE Speech Codec (Chosen)\n");
700 else {
701 /* the codec may be extrapolated from above Speech Version or from this Speech Codec */
702 ran_dec_msg.handover_request_ack.codec_present = true;
703 ran_dec_msg.handover_request_ack.codec = ran_a_mgcp_codec_from_sc(&sc);
704 }
705 }
706
707 return ran_decoded(ran_dec, &ran_dec_msg);
708}
709
710static int ran_a_decode_handover_detect(struct ran_dec *ran_dec, const struct msgb *msg, const struct tlv_parsed *tp)
711{
712 struct ran_msg ran_dec_msg = {
713 .msg_type = RAN_MSG_HANDOVER_DETECT,
714 .msg_name = "BSSMAP Handover Detect",
715 };
716
717 return ran_decoded(ran_dec, &ran_dec_msg);
718}
719
720static int ran_a_decode_handover_succeeded(struct ran_dec *ran_dec, const struct msgb *msg, const struct tlv_parsed *tp)
721{
722 struct ran_msg ran_dec_msg = {
723 .msg_type = RAN_MSG_HANDOVER_SUCCEEDED,
724 .msg_name = "BSSMAP Handover Succeeded",
725 };
726
727 return ran_decoded(ran_dec, &ran_dec_msg);
728}
729
730static int ran_a_decode_handover_complete(struct ran_dec *ran_dec, const struct msgb *msg, const struct tlv_parsed *tp)
731{
732 struct ran_msg ran_dec_msg = {
733 .msg_type = RAN_MSG_HANDOVER_COMPLETE,
734 .msg_name = "BSSMAP Handover Complete",
735 };
736
737 return ran_decoded(ran_dec, &ran_dec_msg);
738}
739
740static int ran_a_decode_handover_failure(struct ran_dec *ran_dec, const struct msgb *msg, const struct tlv_parsed *tp)
741{
742 struct ran_msg ran_dec_msg = {
743 .msg_type = RAN_MSG_HANDOVER_FAILURE,
744 .msg_name = "BSSMAP Handover Failure",
745 };
746
747 return ran_decoded(ran_dec, &ran_dec_msg);
748}
749
750static int ran_a_decode_bssmap(struct ran_dec *ran_dec, struct msgb *bssmap)
751{
752 struct tlv_parsed tp[2];
753 int rc;
754 struct bssmap_header *h = msgb_l2(bssmap);
755 uint8_t msg_type;
756 bssmap->l3h = bssmap->l2h + sizeof(*h);
757
758 if (msgb_l3len(bssmap) < 1) {
759 LOG_RAN_A_DEC(ran_dec, LOGL_ERROR, "No data received, discarding message\n");
760 return -1;
761 }
762
763 if (msgb_l3len(bssmap) < h->length) {
Neels Hofmeyrf0923012019-08-22 17:19:49 +0200[diff] [blame^]764 LOG_RAN_A_DEC(ran_dec, LOGL_ERROR, "BSSMAP data truncated, discarding message:"
765 " msgb_l3len(bssmap) == %u < bssmap_header->length == %u\n",
766 msgb_l3len(bssmap), h->length);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]767 return -1;
768 }
769
770 if (msgb_l3len(bssmap) > h->length) {
Neels Hofmeyrf0923012019-08-22 17:19:49 +0200[diff] [blame^]771 LOG_RAN_A_DEC(ran_dec, LOGL_NOTICE, "There are %u extra bytes after the BSSMAP data, truncating:"
772 " msgb_l3len(bssmap) == %u > bssmap_header->length == %u\n",
773 msgb_l3len(bssmap) - h->length,
774 msgb_l3len(bssmap), h->length);
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]775 msgb_l3trim(bssmap, h->length);
776 }
777
778 /* h->type == BSSAP_MSG_BSS_MANAGEMENT; h->length is the data length,
779 * which starts with the MAP msg_type, followed by IEs. */
780 msg_type = bssmap->l3h[0];
781 rc = osmo_bssap_tlv_parse2(tp, ARRAY_SIZE(tp), bssmap->l3h + 1, h->length - 1);
782 if (rc < 0) {
783 LOG_RAN_A_DEC(ran_dec, LOGL_ERROR, "Failed parsing TLV, discarding message\n");
784 return -EINVAL;
785 }
786
787 LOG_RAN_A_DEC(ran_dec, LOGL_DEBUG, "Rx BSSMAP DT1 %s\n", gsm0808_bssmap_name(msg_type));
788
789 switch (msg_type) {
790 case BSS_MAP_MSG_COMPLETE_LAYER_3:
791 return ran_a_decode_l3_compl(ran_dec, bssmap, tp);
792 case BSS_MAP_MSG_CLEAR_RQST:
793 return ran_a_decode_clear_request(ran_dec, bssmap, tp);
794 case BSS_MAP_MSG_CLEAR_COMPLETE:
795 return ran_a_decode_clear_complete(ran_dec, bssmap, tp);
796 case BSS_MAP_MSG_CLASSMARK_UPDATE:
797 return ran_a_decode_classmark_update(ran_dec, bssmap, tp);
798 case BSS_MAP_MSG_CIPHER_MODE_COMPLETE:
799 return ran_a_decode_cipher_mode_complete(ran_dec, bssmap, tp);
800 case BSS_MAP_MSG_CIPHER_MODE_REJECT:
801 return ran_a_decode_cipher_mode_reject(ran_dec, bssmap, tp);
802 case BSS_MAP_MSG_ASSIGMENT_COMPLETE:
803 rc = ran_a_decode_assignment_complete(ran_dec, bssmap, tp);
804 if (rc < 0) {
805 struct ran_msg ran_dec_msg = {
806 .msg_type = RAN_MSG_ASSIGNMENT_FAILURE,
807 .msg_name = "BSSMAP Assignment Complete but failed to decode",
808 .clear_request = {
809 .bssap_cause = GSM0808_CAUSE_EQUIPMENT_FAILURE,
810 },
811 };
812 ran_decoded(ran_dec, &ran_dec_msg);
813 }
814 return rc;
815 case BSS_MAP_MSG_ASSIGMENT_FAILURE:
816 return ran_a_decode_assignment_failure(ran_dec, bssmap, tp);
817 case BSS_MAP_MSG_SAPI_N_REJECT:
818 return ran_a_decode_sapi_n_reject(ran_dec, bssmap, tp);
819 case BSS_MAP_MSG_LCLS_NOTIFICATION:
820 return ran_a_decode_lcls_notification(ran_dec, bssmap, tp);
821
822 /* From current RAN peer, the Handover origin: */
823 case BSS_MAP_MSG_HANDOVER_REQUIRED:
824 return ran_a_decode_handover_required(ran_dec, bssmap, tp);
825
826 /* From current MSC to remote handover target MSC */
827 case BSS_MAP_MSG_HANDOVER_RQST:
828 return ran_a_decode_handover_request(ran_dec, bssmap, tp);
829
830 /* From potential new RAN peer, the Handover target: */
831 case BSS_MAP_MSG_HANDOVER_RQST_ACKNOWLEDGE:
832 return ran_a_decode_handover_request_ack(ran_dec, bssmap, tp);
833 case BSS_MAP_MSG_HANDOVER_DETECT:
834 return ran_a_decode_handover_detect(ran_dec, bssmap, tp);
835 case BSS_MAP_MSG_HANDOVER_SUCCEEDED:
836 return ran_a_decode_handover_succeeded(ran_dec, bssmap, tp);
837 case BSS_MAP_MSG_HANDOVER_COMPLETE:
838 return ran_a_decode_handover_complete(ran_dec, bssmap, tp);
839
840 /* From any Handover peer: */
841 case BSS_MAP_MSG_HANDOVER_FAILURE:
842 return ran_a_decode_handover_failure(ran_dec, bssmap, tp);
843
844 default:
845 LOG_RAN_A_DEC(ran_dec, LOGL_ERROR, "Unimplemented msg type: %s\n", gsm0808_bssmap_name(msg_type));
846 return -EINVAL;
847 }
848
849 return -EINVAL;
850}
851
852static int ran_a_decode_l3(struct ran_dec *ran_dec, struct msgb *l3)
853{
854 struct dtap_header *dtap = msgb_l2(l3);
855 struct ran_msg ran_dec_msg = {
856 .msg_type = RAN_MSG_DTAP,
857 .msg_name = "BSSAP DTAP",
858 .dtap = l3,
859 };
860 l3->l3h = l3->l2h + sizeof(struct dtap_header);
861 OMSC_LINKID_CB(l3) = dtap->link_id;
862 return ran_decoded(ran_dec, &ran_dec_msg);
863}
864
865int ran_a_decode_l2(struct ran_dec *ran_dec, struct msgb *bssap)
866{
867 uint8_t bssap_type;
868 OSMO_ASSERT(bssap);
869
870 if (!msgb_l2(bssap) || !msgb_l2len(bssap)) {
871 LOG_RAN_A_DEC(ran_dec, LOGL_ERROR, "Cannot decode L2, msg->l2h is unset / empty: %s\n",
872 msgb_hexdump(bssap));
873 return -EINVAL;
874 }
875
876 if (msgb_l2len(bssap) < sizeof(struct bssmap_header)) {
877 LOG_RAN_A_DEC(ran_dec, LOGL_ERROR, "The header is too short -- discarding message\n");
878 return -EINVAL;
879 }
880
881 bssap_type = bssap->l2h[0];
882 switch (bssap_type) {
883 case BSSAP_MSG_BSS_MANAGEMENT:
884 return ran_a_decode_bssmap(ran_dec, bssap);
885 case BSSAP_MSG_DTAP:
886 return ran_a_decode_l3(ran_dec, bssap);
887 default:
888 LOG_RAN_A_DEC(ran_dec, LOGL_ERROR, "Unimplemented BSSAP msg type: %s\n", gsm0808_bssap_name(bssap_type));
889 return -EINVAL;
890 }
891}
892
893static struct msgb *ran_a_wrap_dtap(struct msgb *dtap)
894{
895 struct msgb *an_apdu;
896 dtap->l3h = dtap->data;
897 an_apdu = gsm0808_create_dtap(dtap, OMSC_LINKID_CB(dtap));
898 an_apdu->l2h = an_apdu->data;
899 msgb_free(dtap);
900 return an_apdu;
901}
902
903static int ran_a_channel_type_to_speech_codec_list(struct gsm0808_speech_codec_list *scl, const struct gsm0808_channel_type *ct)
904{
905 unsigned int i;
906 int rc;
907
908 memset(scl, 0, sizeof(*scl));
909 for (i = 0; i < ct->perm_spch_len; i++) {
910 rc = gsm0808_speech_codec_from_chan_type(&scl->codec[i], ct->perm_spch[i]);
911 if (rc != 0)
912 return -EINVAL;
913 }
914 scl->len = i;
915
916 return 0;
917}
918
Pau Espin Pedrola3cdab42019-05-09 17:54:08 +0200[diff] [blame]919static void _gsm0808_assignment_extend_osmux(struct msgb *msg, uint8_t cid)
920{
921 OSMO_ASSERT(msg->l3h[1] == msgb_l3len(msg) - 2); /*TL not in len */
922 msgb_tv_put(msg, GSM0808_IE_OSMO_OSMUX_CID, cid);
923 msg->l3h[1] = msgb_l3len(msg) - 2;
924}
925
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]926/* Compose a BSSAP Assignment Command.
927 * Passing an RTP address is optional.
928 * The msub is passed merely for error logging. */
929static struct msgb *ran_a_make_assignment_command(struct osmo_fsm_inst *log_fi,
930 const struct ran_assignment_command *ac)
931{
932 struct gsm0808_speech_codec_list scl;
933 struct gsm0808_speech_codec_list *use_scl = NULL;
934 struct sockaddr_storage rtp_addr;
935 struct sockaddr_storage *use_rtp_addr = NULL;
Pau Espin Pedrola3cdab42019-05-09 17:54:08 +0200[diff] [blame]936 struct msgb *msg;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]937 int rc;
938
939 if (!ac->channel_type) {
940 LOG_RAN_A_ENC(log_fi, LOGL_ERROR, "Assignment Command: missing Channel Type\n");
941 return NULL;
942 }
943
944 if (ac->channel_type->ch_indctr == GSM0808_CHAN_SPEECH) {
945 rc = ran_a_channel_type_to_speech_codec_list(&scl, ac->channel_type);
946 if (rc < 0) {
947 LOG_RAN_A_ENC(log_fi, LOGL_ERROR, "Assignment Command: Cannot translate Channel Type to Speech Codec List\n");
948 return NULL;
949 }
950 use_scl = &scl;
951
952 /* Package RTP-Address data */
953 if (osmo_sockaddr_str_is_set(ac->cn_rtp)) {
954 struct sockaddr_in rtp_addr_in;
955
956 memset(&rtp_addr_in, 0, sizeof(rtp_addr_in));
957 rtp_addr_in.sin_family = AF_INET;
958 rtp_addr_in.sin_port = osmo_htons(ac->cn_rtp->port),
959 rtp_addr_in.sin_addr.s_addr = inet_addr(ac->cn_rtp->ip);
960
961 if (rtp_addr_in.sin_addr.s_addr == INADDR_NONE) {
962 LOG_RAN_A_ENC(log_fi, LOGL_ERROR, "Assignment Command: Invalid RTP-Address\n");
963 return NULL;
964 }
965 if (rtp_addr_in.sin_port == 0) {
966 LOG_RAN_A_ENC(log_fi, LOGL_ERROR, "Assignment Command: Invalid RTP-Port\n");
967 return NULL;
968 }
969
970 memset(&rtp_addr, 0, sizeof(rtp_addr));
971 memcpy(&rtp_addr, &rtp_addr_in, sizeof(rtp_addr_in));
972
973 use_rtp_addr = &rtp_addr;
974 }
975 }
976
Pau Espin Pedrola3cdab42019-05-09 17:54:08 +0200[diff] [blame]977 msg = gsm0808_create_ass(ac->channel_type, NULL, use_rtp_addr, use_scl, NULL);
978 if (ac->osmux_present)
979 _gsm0808_assignment_extend_osmux(msg, ac->osmux_cid);
980 return msg;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]981}
982
983/* For an A5/N number a5_n set dst to the matching GSM0808_ALG_ID_A5_<n>. */
984static int a5_n_to_gsm0808_chosen_enc_alg(uint8_t *dst, int a5_n)
985{
986 switch (a5_n) {
987 case 0:
988 *dst = GSM0808_ALG_ID_A5_0;
989 return 0;
990 case 1:
991 *dst = GSM0808_ALG_ID_A5_1;
992 return 0;
993 case 2:
994 *dst = GSM0808_ALG_ID_A5_2;
995 return 0;
996 case 3:
997 *dst = GSM0808_ALG_ID_A5_3;
998 return 0;
999 default:
1000 return -ENOTSUP;
1001 }
1002}
1003
1004static int make_encrypt_info_perm_algo(struct osmo_fsm_inst *fi, struct gsm0808_encrypt_info *ei,
1005 uint8_t a5_encryption_mask, const struct osmo_gsm48_classmark *cm)
1006{
1007 int i;
1008 int j = 0;
1009 for (i = 0; i < 8; i++) {
1010 int supported;
1011
1012 /* A5/n permitted by osmo-msc.cfg? */
1013 if (!(a5_encryption_mask & (1 << i)))
1014 continue;
1015
1016 /* A5/n supported by MS? */
1017 supported = osmo_gsm48_classmark_supports_a5(cm, i);
1018 if (supported != 1)
1019 continue;
1020
1021 if (a5_n_to_gsm0808_chosen_enc_alg(&ei->perm_algo[j], i)) {
1022 LOG_RAN_A_ENC(fi, LOGL_ERROR, "Not supported: A5/%d algorithm\n", i);
1023 return -1;
1024 }
1025 j++;
1026 ei->perm_algo_len = j;
1027 }
1028 return 0;
1029}
1030
1031/* For ran_a_make_cipher_mode_command(), for
1032 * memcpy(ei.key, cm->vec->kc, sizeof(cm->vec->kc));
1033 */
1034osmo_static_assert(sizeof(((struct gsm0808_encrypt_info*)0)->key) >= sizeof(((struct osmo_auth_vector*)0)->kc),
1035 gsm0808_encrypt_info_key_fits_osmo_auth_vec_kc);
1036static struct msgb *ran_a_make_cipher_mode_command(struct osmo_fsm_inst *fi, const struct ran_cipher_mode_command *cm)
1037{
1038 struct gsm0808_encrypt_info ei = {};
1039 char buf[16 * 2 + 1];
1040 const uint8_t cipher_response_mode = 1;
1041
1042 if (make_encrypt_info_perm_algo(fi, &ei, cm->geran.a5_encryption_mask, cm->classmark))
1043 return NULL;
1044
1045 if (ei.perm_algo_len == 0) {
1046 LOG_RAN_A_ENC(fi, LOGL_ERROR, "cannot start ciphering, no intersection between MSC-configured"
1047 " and MS-supported A5 algorithms. MSC: 0x%02x MS: %s\n",
1048 cm->geran.a5_encryption_mask, osmo_gsm48_classmark_a5_name(cm->classmark));
1049 return NULL;
1050 }
1051
1052 /* In case of UMTS AKA, the Kc for ciphering must be derived from the 3G auth
1053 * tokens. vec->kc was calculated from the GSM algorithm and is not
1054 * necessarily a match for the UMTS AKA tokens. */
1055 if (cm->geran.umts_aka)
1056 osmo_auth_c3(ei.key, cm->vec->ck, cm->vec->ik);
1057 else
1058 memcpy(ei.key, cm->vec->kc, sizeof(cm->vec->kc));
1059 ei.key_len = sizeof(cm->vec->kc);
1060
1061 /* Store chosen GERAN key where the caller asked it to be stored.
1062 * alg_id remains unknown until we receive a Cipher Mode Complete from the BSC */
1063 if (cm->geran.chosen_key) {
1064 if (ei.key_len > sizeof(cm->geran.chosen_key->key)) {
1065 LOG_RAN_A_ENC(fi, LOGL_ERROR, "Chosen key is larger than I can store\n");
1066 return NULL;
1067 }
1068 memcpy(cm->geran.chosen_key->key, ei.key, ei.key_len);
1069 cm->geran.chosen_key->key_len = ei.key_len;
1070 }
1071
1072 LOG_RAN_A_ENC(fi, LOGL_DEBUG, "Tx BSSMAP CIPHER MODE COMMAND to BSC, %u ciphers (%s) key %s\n",
1073 ei.perm_algo_len, osmo_hexdump_nospc(ei.perm_algo, ei.perm_algo_len),
1074 osmo_hexdump_buf(buf, sizeof(buf), ei.key, ei.key_len, NULL, false));
1075 return gsm0808_create_cipher(&ei, cm->geran.retrieve_imeisv ? &cipher_response_mode : NULL);
1076}
1077
1078struct msgb *ran_a_make_handover_request(struct osmo_fsm_inst *log_fi, const struct ran_handover_request *n)
1079{
1080 struct sockaddr_storage ss;
1081 struct gsm0808_handover_request r = {
1082 .cell_identifier_serving = n->cell_id_serving,
1083 .cell_identifier_target = n->cell_id_target,
1084 .cause = n->bssap_cause,
1085 .current_channel_type_1_present = n->current_channel_type_1_present,
1086 .current_channel_type_1 = n->current_channel_type_1,
1087
1088 .speech_version_used = n->speech_version_used,
1089
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1090 .old_bss_to_new_bss_info_raw = n->old_bss_to_new_bss_info_raw,
1091 .old_bss_to_new_bss_info_raw_len = n->old_bss_to_new_bss_info_raw_len,
1092
1093 .imsi = n->imsi,
1094 .codec_list_msc_preferred = n->codec_list_msc_preferred,
1095 .call_id = n->call_id,
1096 .global_call_reference = n->global_call_reference,
1097 .global_call_reference_len = n->global_call_reference_len,
1098 };
1099
1100 if (!n->geran.channel_type) {
1101 LOG_RAN_A_ENC(log_fi, LOGL_ERROR, "Channel Type required for encoding Handover Request in BSSAP\n");
1102 return NULL;
1103 }
1104 r.channel_type = *n->geran.channel_type;
1105
1106 /* Encryption Information */
1107 make_encrypt_info_perm_algo(log_fi, &r.encryption_information, n->geran.a5_encryption_mask, n->classmark);
1108 if (n->geran.chosen_encryption && n->geran.chosen_encryption->key_len) {
Vadim Yanitskiy444771d2019-05-11 04:46:24 +0700[diff] [blame]1109 /* Prevent both source / destination buffer overrun / overflow */
1110 if (n->geran.chosen_encryption->key_len > sizeof(r.encryption_information.key)
1111 || n->geran.chosen_encryption->key_len > sizeof(n->geran.chosen_encryption->key)) {
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1112 LOG_RAN_A_ENC(log_fi, LOGL_ERROR, "Handover Request: invalid chosen encryption key size %u\n",
1113 n->geran.chosen_encryption->key_len);
1114 return NULL;
1115 }
1116 memcpy(r.encryption_information.key,
1117 n->geran.chosen_encryption->key, n->geran.chosen_encryption->key_len);
1118 r.encryption_information.key_len = n->geran.chosen_encryption->key_len;
Vadim Yanitskiybfe8eb72019-05-11 03:52:28 +0700[diff] [blame]1119 r.chosen_encryption_algorithm_serving = n->geran.chosen_encryption->alg_id;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1120 }
1121
1122 if (n->classmark)
1123 r.classmark_information = *n->classmark;
1124
1125 if (osmo_sockaddr_str_is_set(n->rtp_ran_local)) {
1126 if (osmo_sockaddr_str_to_sockaddr(n->rtp_ran_local, &ss)) {
1127 LOG_RAN_A_ENC(log_fi, LOGL_ERROR,
1128 "Handover Request: invalid AoIP Transport Layer address/port: "
1129 OSMO_SOCKADDR_STR_FMT "\n", OSMO_SOCKADDR_STR_FMT_ARGS(n->rtp_ran_local));
1130 return NULL;
1131 }
1132 r.aoip_transport_layer = &ss;
1133 }
1134
1135 return gsm0808_create_handover_request(&r);
1136}
1137
1138static struct msgb *ran_a_make_handover_request_ack(struct osmo_fsm_inst *caller_fi, const struct ran_handover_request_ack *r)
1139{
1140 struct sockaddr_storage ss;
1141 struct gsm0808_handover_request_ack params = {
1142 .l3_info = r->rr_ho_command,
1143 .l3_info_len = r->rr_ho_command_len,
1144 .chosen_channel_present = r->chosen_channel_present,
1145 .chosen_channel = r->chosen_channel,
1146 .chosen_encr_alg = r->chosen_encr_alg,
1147 .chosen_speech_version = r->chosen_speech_version,
1148 };
1149
1150 if (osmo_sockaddr_str_is_set(&r->remote_rtp)) {
1151 osmo_sockaddr_str_to_sockaddr(&r->remote_rtp, &ss);
1152 params.aoip_transport_layer = &ss;
1153 }
1154
1155 return gsm0808_create_handover_request_ack2(&params);
1156}
1157
1158struct msgb *ran_a_make_handover_command(struct osmo_fsm_inst *log_fi, const struct ran_handover_command *n)
1159{
1160 struct gsm0808_handover_command c = {
1161 .l3_info = n->rr_ho_command,
1162 .l3_info_len = n->rr_ho_command_len,
1163 };
1164
1165 return gsm0808_create_handover_command(&c);
1166}
1167
1168struct msgb *ran_a_make_handover_failure(struct osmo_fsm_inst *log_fi, const struct ran_msg *msg)
1169{
1170 struct gsm0808_handover_failure params = {
1171 .cause = msg->handover_failure.cause,
1172 };
1173 return gsm0808_create_handover_failure(&params);
1174}
1175
1176static struct msgb *_ran_a_encode(struct osmo_fsm_inst *caller_fi, const struct ran_msg *ran_enc_msg)
1177{
1178
1179 LOG_RAN_A_ENC(caller_fi, LOGL_DEBUG, "%s\n", ran_msg_type_name(ran_enc_msg->msg_type));
1180
1181 switch (ran_enc_msg->msg_type) {
1182
1183 case RAN_MSG_DTAP:
1184 return ran_a_wrap_dtap(ran_enc_msg->dtap);
1185
1186 case RAN_MSG_CLASSMARK_REQUEST:
1187 return gsm0808_create_classmark_request();
1188
1189 case RAN_MSG_CLEAR_COMMAND:
1190 return gsm0808_create_clear_command2(ran_enc_msg->clear_command.gsm0808_cause,
1191 ran_enc_msg->clear_command.csfb_ind);
1192
1193 case RAN_MSG_ASSIGNMENT_COMMAND:
1194 return ran_a_make_assignment_command(caller_fi, &ran_enc_msg->assignment_command);
1195
1196 case RAN_MSG_CIPHER_MODE_COMMAND:
1197 return ran_a_make_cipher_mode_command(caller_fi, &ran_enc_msg->cipher_mode_command);
1198
1199 case RAN_MSG_HANDOVER_REQUIRED_REJECT:
1200 return gsm0808_create_handover_required_reject(&ran_enc_msg->handover_required_reject);
1201
1202 case RAN_MSG_HANDOVER_REQUEST:
1203 return ran_a_make_handover_request(caller_fi, &ran_enc_msg->handover_request);
1204
1205 case RAN_MSG_HANDOVER_REQUEST_ACK:
1206 return ran_a_make_handover_request_ack(caller_fi, &ran_enc_msg->handover_request_ack);
1207
1208 case RAN_MSG_HANDOVER_COMMAND:
1209 return ran_a_make_handover_command(caller_fi, &ran_enc_msg->handover_command);
1210
1211 case RAN_MSG_HANDOVER_SUCCEEDED:
1212 return gsm0808_create_handover_succeeded();
1213
1214 case RAN_MSG_HANDOVER_FAILURE:
1215 return ran_a_make_handover_failure(caller_fi, ran_enc_msg);
1216
1217 default:
1218 LOG_RAN_A_ENC(caller_fi, LOGL_ERROR, "Unimplemented RAN-encode message type: %s\n",
1219 ran_msg_type_name(ran_enc_msg->msg_type));
1220 return NULL;
1221 }
1222}
1223
1224struct msgb *ran_a_encode(struct osmo_fsm_inst *caller_fi, const struct ran_msg *ran_enc_msg)
1225{
1226 struct msgb *msg = _ran_a_encode(caller_fi, ran_enc_msg);
1227
1228 if (!msg)
1229 return NULL;
1230
1231 msg->l2h = msg->data;
1232
1233 /* some consistency checks to ensure we don't send invalid length */
1234 switch (msg->l2h[0]) {
1235 case BSSAP_MSG_DTAP:
1236 OSMO_ASSERT(msgb_l2len(msg) == msg->l2h[2] + 3);
1237 break;
1238 case BSSAP_MSG_BSS_MANAGEMENT:
1239 OSMO_ASSERT(msgb_l2len(msg) == msg->l2h[1] + 2);
1240 break;
1241 default:
1242 break;
1243 }
1244
1245 return msg;
1246}
1247
1248/* Return 1 for a RESET, 2 for a RESET ACK message, 0 otherwise */
1249enum reset_msg_type bssmap_is_reset_msg(const struct sccp_ran_inst *sri, const struct msgb *l2)
1250{
1251 struct bssmap_header *bs = (struct bssmap_header *)msgb_l2(l2);
1252
1253 if (!bs
1254 || msgb_l2len(l2) < (sizeof(*bs) + 1)
1255 || bs->type != BSSAP_MSG_BSS_MANAGEMENT)
1256 return SCCP_RAN_MSG_NON_RESET;
1257
1258 switch (l2->l2h[sizeof(*bs)]) {
1259 case BSS_MAP_MSG_RESET:
1260 return SCCP_RAN_MSG_RESET;
1261 case BSS_MAP_MSG_RESET_ACKNOWLEDGE:
1262 return SCCP_RAN_MSG_RESET_ACK;
1263 default:
1264 return SCCP_RAN_MSG_NON_RESET;
1265 }
1266}
1267
Pau Espin Pedrolc9ba7542019-05-07 12:23:49 +0200[diff] [blame]1268/* Patch regular BSSMAP RESET to add extra T to announce Osmux support (osmocom extension) */
1269static void _gsm0808_extend_announce_osmux(struct msgb *msg)
1270{
1271 OSMO_ASSERT(msg->l3h[1] == msgb_l3len(msg) - 2); /*TL not in len */
1272 msgb_put_u8(msg, GSM0808_IE_OSMO_OSMUX_SUPPORT);
1273 msg->l3h[1] = msgb_l3len(msg) - 2;
1274}
1275
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1276struct msgb *bssmap_make_reset_msg(const struct sccp_ran_inst *sri, enum reset_msg_type type)
1277{
Pau Espin Pedrolc9ba7542019-05-07 12:23:49 +0200[diff] [blame]1278 struct gsm_network *net = sri->user_data;
1279 struct msgb *msg;
1280
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1281 switch (type) {
1282 case SCCP_RAN_MSG_RESET:
Pau Espin Pedrolc9ba7542019-05-07 12:23:49 +0200[diff] [blame]1283 msg = gsm0808_create_reset();
1284 break;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1285 case SCCP_RAN_MSG_RESET_ACK:
Pau Espin Pedrolc9ba7542019-05-07 12:23:49 +0200[diff] [blame]1286 msg = gsm0808_create_reset_ack();
1287 break;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1288 default:
1289 return NULL;
1290 }
Pau Espin Pedrolc9ba7542019-05-07 12:23:49 +0200[diff] [blame]1291
1292 if (!msg)
1293 return NULL;
1294
1295 if (net->use_osmux != OSMUX_USAGE_OFF)
1296 _gsm0808_extend_announce_osmux(msg);
1297
1298 return msg;
Neels Hofmeyrc4628a32018-12-07 14:47:34 +0100[diff] [blame]1299}
1300
1301struct msgb *bssmap_make_paging_msg(const struct sccp_ran_inst *sri, const struct gsm0808_cell_id *page_cell_id,
1302 const char *imsi, uint32_t tmsi, enum paging_cause cause)
1303{
1304 struct gsm0808_cell_id_list2 cil;
1305 gsm0808_cell_id_to_list(&cil, page_cell_id);
1306 return gsm0808_create_paging2(imsi, tmsi == GSM_RESERVED_TMSI ? NULL : &tmsi, &cil, NULL);
1307}
1308
1309const char *bssmap_msg_name(const struct sccp_ran_inst *sri, const struct msgb *l2)
1310{
1311 struct bssmap_header *bs;
1312
1313 if (!l2->l2h)
1314 return "?";
1315
1316 bs = (struct bssmap_header *)msgb_l2(l2);
1317 switch (bs->type) {
1318 case BSSAP_MSG_BSS_MANAGEMENT:
1319 return gsm0808_bssmap_name(l2->l2h[0]);
1320 case BSSAP_MSG_DTAP:
1321 return "DTAP";
1322 default:
1323 return "?";
1324 }
1325}