path: root/openbsc/src/libmsc/gsm_04_08.c
AgeCommit message (Collapse)AuthorFilesLines
2016-11-12IuCS: detect whether a conn is already secureNeels Hofmeyr1-0/+4
If a CM Service Request is received on an already secure IuCS connection, we so far didn't notice and started to authenticate again. The UE would readily renew its authentication, but then our state got stuck since ciphering was already established. Instead, don't authenticate again when integrity protection is already established. Change-Id: I3c01fe58276ba0ad918f2cd30cc3dca7c6663e68
2016-11-12bridge calls via mgcpgwNeels Hofmeyr1-2/+1
Change-Id: Ie259e30bc532fe9817c96562022ac33443d5747a
2016-11-12also do call assignment for MT calls, upon Call ConfirmedNeels Hofmeyr1-0/+2
Change-Id: I863fa73948f61aaffd7f4472f3abc3e44228e31f
2016-11-12IuCS: cosmetic prep for msc_call_assignment()Neels Hofmeyr1-3/+8
Rename gsm48_cc_tx_call_proc() to gsm48_cc_tx_call_proc_and_assign() to mark the place where the A-interface will send a BSSAP Assignment Request / where the IuCS-interface will send a RAB Assignment Request. Add function msc_call_assignment() to decide between A-iface and IuCS assignment, to be implemented in subsequent commit. Change-Id: I0695e233d57d13658793b0e63bb7c3ff224909a0
2016-11-12IuCS: send RANAP CommonIDNeels Hofmeyr1-0/+1
Add libiu function to send a CommonID message down a UE connection, iu_tx_common_id(); add also a corresponding stub to libiudummy for linking with tests. Add libmsc function msc_tx_common_id() to call the above. Add this mostly to clearly indicate in msc_ifaces.h that libmsc is calling out of the MSC; also to do conn->via_iface checking. Call msc_tx_common_id() after ciphering is established, in _gsm48_rx_mm_serv_req_sec_cb()'s GSM_SECURITY_SUCCEEDED case. Change-Id: I576ddd5bbabfc989149debd2f8a9743db6d26043
2016-11-12cosmetic: remove legacy comment from gsm0408_loc_upd_rej()Neels Hofmeyr1-1/+1
2016-11-12cosmetic: make gsm0408_loc_upd_rej() staticNeels Hofmeyr1-1/+1
2016-11-12LU counters: count completion and failure, not messages sentNeels Hofmeyr1-12/+30
From a human admin viewpoint it doesn't make sense to count the messages sent: When we use TMSIs, we first send a LU Accept with a new TMSI, and then expect the MS to respond with a TMSI Realloc Complete message. When that fails to come through, the LU actually ends in failure, even though a LU Accept was sent. In 3G, if a UE sends an Iu Release during LU (e.g. user enables flight mode), we cancel the LU without sending any reply at all, so nothing would be counted. Instead, count Location Updating results, i.e. completion and failures.
2016-11-12remove handle_abisip_signal()Neels Hofmeyr1-71/+0
Change-Id: I9cf80f9c2c8a53a29e42f000029e680a9922cb41
2016-11-12gsm0408_clear_request(): actually free the released connNeels Hofmeyr1-0/+2
By having conn->in_release == 1, calling msc_release_connection() has no effect and thus never frees the conn. So, after all pending requests have been discarded, also discard and free the unused connection.
2016-11-12gsm_04_08.c: iu.hNeels Hofmeyr1-0/+1
Change-Id: I624612b5d5cd70770326347634aee2a42ba88945
2016-11-12comment on mscsplit, indent commentNeels Hofmeyr1-1/+1
2016-11-12gsm_04_08: remove apply_codec_restrictions() -- TODO really?Neels Hofmeyr1-28/+0
This function is wrongly placed on the MSC level. Unfortunately I cannot remember the very plausible details that hwelte had back in the days to argue for this change. (Refactoring an old commit that fails to explain in more detail.) Change-Id: I82623847e652a59a921d2fb142b77cf22420a746
2016-11-12include msc_ifaces.h in gsm_04_08.cNeels Hofmeyr1-0/+2
Change-Id: I11be1bdfe6993f89b34319e7d1526c729d6e0cde
2016-11-12complete IuCS paging implementationNeels Hofmeyr1-11/+28
Add paging timeout to struct gsm_subscriber. Previously, paging timeout was implemented only on BSC level, where each request has its own timeout value. The MSC will still send individual requests to BSC or RNC level, where they timeout individually. However, the MSC must also have an own timeout to be sure to discard stale pagings that the BSC or RNC never replied for. Add handle_paging_resp(), copying the few libmsc relevant parts of gsm48_handle_paging_resp().
2016-11-12move subscr auth check to gsm_subscriber.cNeels Hofmeyr1-34/+3
add subscr_authorized(), subscr_authorized_imsi() Change-Id: If2ef06b1229351127c61477ca14653d6ae4cb6bb
2016-11-12auth logNeels Hofmeyr1-1/+3
Change-Id: Icd9f8505388a06ee768d2176cb2b9187953098ef
2016-11-12iu auth wipNeels Hofmeyr1-18/+64
Change-Id: Icc2522252cf15c54f1a1ea5255314a0de8bfba03
2016-11-12Iu auth wipNeels Hofmeyr1-8/+71
Change-Id: I44effcca80dc6850178174dc957bcd5608b0ae14
2016-11-12cosmetic prep: change int -> bool authorize_subscriber()Neels Hofmeyr1-6/+6
Upcoming function subscr_authorized() will flip this to bool, so separate this change cosmetically. Change-Id: Iba0184a71afa01141ef06c474cb554e79ad8f5d5
2016-11-12cut off libbsc paging, pending paging in libmscNeels Hofmeyr1-1/+6
Temporarily disable all paging to be able to link libmsc without libbsc. Skip the paging part of channel_test because the paging is now disabled. In osmo-nitb, paging is done on BSC level and MSC level "at the same time". When the new CSCN is fully operational, paging will be controlled separately on the MSC level, and the BSC (RNC) level will be instructed over an IuCS or A-interface to negotiate paging with the MS (UE). This MSC level paging does not yet exist and will be added in subsequent commits. Change-Id: I8b6920ddc54fc3f2876a59664e6722666d8a8a4a
2016-11-12libmsc: duplicate gsm0808 / gsm48 functions (towards BSC)Neels Hofmeyr1-13/+16
In osmo-nitb, libmsc would directly call the functions on the BSC level, not always via the bsc_api. When separating libmsc from libbsc, some functions are missing from the linkage. Hence duplicate these functions to libmsc, add an msc_ prefix for clarity, also add a _tx to gsm0808_cipher_mode(): * add msc_gsm0808_tx_cipher_mode() (dummy/stub) * add msc_gsm48_tx_mm_serv_ack() * add msc_gsm48_tx_mm_serv_rej() Call these from libmsc instead of * gsm0808_cipher_mode() * gsm48_tx_mm_serv_ack() * gsm48_tx_mm_serv_rej() Also add a comment relatd to msc_gsm0808_tx_cipher_mode() in two places. Change-Id: I5b276853d3af71f5e3f0a031fd17b4fff0580020
2016-11-12Use new msc_tx_dtap() instead of gsm0808_submit_dtap()Neels Hofmeyr1-1/+1
Aim: msc_tx_dtap() shall redirect to IuCS or A interfaces depending on subscr conn. Change-Id: I30d961f16eb7b9c0ab9cc3f43198098d3f1a909f
2016-11-12gsm0408_loc_upd_rej(): remove bts use (used only for debug log)Neels Hofmeyr1-5/+3
Change-Id: I3ac38f4b701ad8308470573260fa91a4b04c2f18
2016-11-12gsm_04_08, gsm_subscriber: decouple lac from btsNeels Hofmeyr1-6/+4
The idea is to not have a direct pointer to a bts struct (into BSC land), but a LAC to resolve the BSC or RNC depending on the appropriate A or IuCS interface. subscr_update(): remove bts arg, add lac arg. Pass conn->lac to gsm48_generate_lai() instead of bts->location_area_code. Change-Id: I9f2b298a785bf4b2a1b3fcdd91b8256106b2d9de
2016-11-12libmsc: iucs dev: disable large parts of the codeNeels Hofmeyr1-1/+66
Change-Id: I3ef6ca26150b6102a0fa22a88a60d9a442d640b4
2016-11-12don't use lchan in libmscNeels Hofmeyr1-11/+9
Change-Id: Ic7ed7faa2bcc7aae799f41ed4abc2c001bfb61b7
2016-11-12gsm_04_08.c: Don't set msg->lchan nor msg->dstHarald Welte1-34/+0
the BSC-side of the API behind gsm0808_submit_dtap() is doing this resolving again anyway. So let's avoid doing it twice, and avoid having more dependency of the MSC down into the lchan details. Conflicts: openbsc/src/libmsc/gsm_04_08.c Change-Id: I14254be68ee1a48e9f1ce968233414d86c6ba9d5
2016-11-12split subscr_con_allocate()/_free() in bsc_ and msc_Neels Hofmeyr1-0/+27
Rename current subscr_con_allocate() and subscr_con_free to bsc_*, and add two separate msc_subscr_con_allocate() and _free(). The msc_subscr_con_free() ignores all lchan members. In libbsc use bsc_*, in libmsc use msc_*. Change-Id: I3cf7c7cafdf4672ec7b26058bba8a77159855257 Future: there will be distinct subscr conns for libbsc and libmsc.
2016-11-12Move timezone settings up to network levelNeels Hofmeyr1-9/+8
Time zone used to be configurable per-BTS. In the upcoming MSC-split, no BTS structures will be available on the MSC level. To simplify, drop the ability to manage several time zones in a core network and place the time zone config on the network VTY level, i.e. in gsm_network. If we are going to re-add fine grained time zone settings, it should probably be tied to the LAC. Adjust time zone VTY config code (to be moved to libxsc in subsequent commit). Adjust time zone Ctrl Interface code. Change-Id: I69848887d92990f3d6f969be80f6ef91f6bdbbe8
2016-11-01gsm0408: Adding log output for 3g specific RR messagesPhilipp1-2/+2
GSM 04.18, which is the successor of GSM 04.08, describes additional RR 3g specific message types. This commit adds log output for those messages. The behaviour is not changed all affected message types are still forwared to the MSC as they were before. See also 3GPP TS 04.18, section 10.4, table 10.4.1 The change requires to update libosmocore as well, see also commit f48fdb3a108da0dc23d7af4ac021e98e11f07152 in libosmocore.git for details. Change-Id: I41f2242fdf59c3eb4b3f8f7f003c17f7e0df01aa
2016-10-14fix mistypes, spaces and tabsAlexander Couzens1-15/+15
Change-Id: I651473f638365bbd333c4c80d223cdd023dd2c51
2016-10-04msc: add counters to track call attempts/active/success/failedAlexander Couzens1-0/+34
active_calls describe all calls in active state. call.complete Call got terminated by disconnect requested either by MS or MSC. call.incomplete Call got terminated by any other reason. Calls reached active state. Change-Id: I49b93af2e6a0ba16c2fb00b7b83974e8a6a16df3
2016-09-26mscsplit: directly access gsm_network backpointer from gsm_subscriber_connectionNeels Hofmeyr1-40/+33
The previous commit added a network backpointer to gsm_subscriber_connection. Use it wherever it makes sense, to skip the step through the bts structure. In some places, remove local variables that become unused. Change-Id: I34537025986713291e14c8212a81539b497befd4
2016-09-18Sanity fixes for gsm0408_dispatch(): rc, assertionsNeels Hofmeyr1-0/+5
gsm0408_dispatch() is the main entry point for receiving data from the BSC/RNC level, so make sure callers pass valid pointers before using them all the way down the code path (related to CID#93769, a fix before this was refactored). For unknown/unimplemented packet discriminators, make sure to return error codes. Change-Id: Ieec39c74a53ef4dfa971dd935c8c9aa60fef58c1
2016-09-18cosmetic: various comment, whitespace tweaksNeels Hofmeyr1-2/+2
Change-Id: I131939cfba4d67d7e2c935341deeb14d09523fee
2016-08-29libmsc/bsc: split rate counters into bsc and msc groupAlexander Couzens1-10/+10
Tweaked-By: Neels Hofmeyr <> Change-Id: I7361033cd1eb919ec3c2ea2652f40ab8c75b2f99
2016-08-27libbsc/libmsc: convert old osmo counter into rate_ctrgsAlexander Couzens1-10/+10
rate counters support the export to statsd and can have a delta value. Change-Id: Ie749cebd53a0bb618d0e23d375885712078bf8dd
2016-07-09Make random MSISDN assignment optionalMax1-6/+4
Previously if subscriber was automatically created it got assigned random MSISDN number. Make it optional (defaulting to previous behavior) by adding following: * new optional no-extension argument for subscriber-create-on-demand vty command * db unit tests * vty test Note: using the db made with new code might result in subscribers with empty extension. Such subscribers cannot be deleted using old code. Make sure not to mix db versions or manually fix it by editing sqlite with external program. Fixes: OS#1658 Change-Id: Ibbc2e88e4722b08854ebc631485f19ed56443cbb
2016-06-14Make random extension range configurableMax1-1/+2
Previously if subscriber was automatically created it got assigned random MSISDN number between 20000 and 49999. Make it configurable with new vty command "subscriber-create-on-demand random" and expand vty tests to check it. Change-Id: I040a1d227b0c7a1601dc7c33eccb0007941408a6 Related: OS#1658
2016-06-05Add regexp authorization policy for IMSIMax1-3/+28
* extend "auth policy" vty command with new option "regexp" * add vty command "authorized-regexp" for setting arbitrary POSIX regular expression * add basic vty test * add optional "regexp" argument to subscriber-create-on-demand vty command With those in place we can now set the regexp against which MS's IMSI will be matched. If IMSI match the regexp than MS is allowed to access the network. If subscriber is already marked as authorized in HLR than it'll be allowed regardless of IMSI matching. The same way we can decide whether to create subscribers on-demand basesd on IMSI regexp match. Similar to authorization this restriction can be overridden by manually creating subscriber via vty, ctrl interface or directly in HLR. Change-Id: I525f4b80676de47d1d422686da2ca012301b0129 Fixes: OS#1647
2016-05-23gsm04_08_clear_request(): release loc with arg release=0Neels Hofmeyr1-1/+1
In gsm04_08_clear_request(), in_release == 1 anyway and msc_release_connection() would exit immediately without any effect. Don't confuse the reader by passing release=1 arg. Change-Id: I5bf9eb4889d32ad5e42ac7d096bf62fa3a493e20 Reviewed-on: Reviewed-by: Holger Freyther <> Tested-by: Jenkins Builder
2016-05-22subscr_name(): Handle case for subscr == NULLHarald Welte1-5/+2
subscr_name() was called from several places: * either without a check for subscr being NULL, which for example was causing a segfault if we hand-over a channel before identifying the subscriber * or with an explicit NULL check and the ternary operator (?). We now simplify the code by checking for the NULL Subscriber in subscr_name() itself. Change-Id: Ide09f4a515222eb2ec6c25e7a6a8c5f6cc2ffd4b Reviewed-on: Tested-by: Jenkins Builder Reviewed-by: Holger Freyther <>
2016-05-20Make extending subscriber creation easierMax1-7/+13
* rename variable controlling subscriber creation * use enum for subscriber creation policy * move check for subscriber creation policy into separate static function Related: OS#1658, OS#1647 Change-Id: I3b10a9a764fd3a7bb96717a990e52caae16266da Reviewed-on: Tested-by: Jenkins Builder Reviewed-by: Holger Freyther <>
2016-04-29Start to use struct osmo_auth_vector from gsm_auth_tupleHarald Welte1-5/+5
Rather than having a 'private' structure for kc, sres and rand, we now finally (with 4 years delay) use osmo_auth_vector from libosmogsm, which encapsulates authentication vectors that can be either GSM triplets or UMTS quintuples or a combination of both. gsm_auth_tuple becomes a wrapper around osmo_auth_vector, adding use_count and key_seq to it. key_seq is no longer initialized inside gprs_gsup_messages.c, as there is no CKSN / key_seq inside the message anyway. If a usre of the code needs key_seq, they need to manage it themselves.
2016-04-29Disconnect calls with incompatible channel types / modesMax1-1/+45
In case both TCH/H and TCH/F or different codecs are configured and internal MNCC handler is used we might end up in a situation where call legs with incompatible channel types or codecs would be connected resulting in a broken audio. Disconnect such calls with appropriate error message. Fixes: OS#1663
2016-04-22Add extra debug output with channel mode and typeMax1-5/+18
This provides helpful information for debugging internal MNCC handler.
2016-03-17fix confusing typo in constant (THAN -> THEN)Neels Hofmeyr1-1/+1
2016-03-1504.08: apply new transaction id inline functionsNeels Hofmeyr1-1/+1
libosmocore recently added inline functions to relieve callers from applying bitmasks and bit shifts to access the transaction id of a GSM 04.08 header. Apply these functions.
2016-03-1504.08: apply new bitmask functions, fix bitmask useNeels Hofmeyr1-6/+5
Replace hardcoded protocol discriminator and message type bitmasks with function calls recently introduced in libosmocore. Note that the release 98 bitmasks slightly differ from the release 99 bitmasks. This patch uses the "default" gsm48_hdr_msg_type invocation, thus it depends on libosmocore whether 98 or 99 bitmasks are used. In some places, use of the bitmask was erratic. Fix these implicitly by employing the bitmask functions: * silent_call.c: silent_call_reroute(): add missing bitmask for MM. * bsc_msg_filter.c: bsc_msg_filter_initial(): RR vs. MM messages. * osmo_bsc_filter.c: bsc_find_msc() and bsc_scan_bts_msg(): RR vs. MM messages. * bsc_nat_rewrite.c: bsc_nat_rewrite_msg(): SMS vs. CC messages. * bsc_ussd.c: no bitmask is applicable for the message types used here. * gb_proxy.c: gbproxy_imsi_acquisition(): missing bit mask for pdisc. In gprs_gb_parse.c: gprs_gb_parse_dtap(), add a log notice for unexpected message types.