diff options
Diffstat (limited to 'openbsc')
59 files changed, 6739 insertions, 268 deletions
diff --git a/openbsc/configure.in b/openbsc/configure.in index 615e59d91..9db2e2458 100644 --- a/openbsc/configure.in +++ b/openbsc/configure.in @@ -1,9 +1,7 @@ dnl Process this file with autoconf to produce a configure script -AC_INIT([openbsc], - m4_esyscmd([./git-version-gen .tarball-version]), - [openbsc-devel@lists.openbsc.org]) +AC_INIT -AM_INIT_AUTOMAKE([dist-bzip2]) +AM_INIT_AUTOMAKE(openbsc, 0.3.91onwaves) dnl kernel style compile messages m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) @@ -54,4 +52,5 @@ AC_OUTPUT( tests/db/Makefile tests/channel/Makefile tests/sccp/Makefile + tests/bsc-nat/Makefile Makefile) diff --git a/openbsc/contrib/README b/openbsc/contrib/README new file mode 100644 index 000000000..43c8d623f --- /dev/null +++ b/openbsc/contrib/README @@ -0,0 +1,2 @@ +This contains a set of scripts used for the development of the +MSC functionality. diff --git a/openbsc/contrib/mgcp_server.py b/openbsc/contrib/mgcp_server.py index cf3ef3845..05c489db5 100755 --- a/openbsc/contrib/mgcp_server.py +++ b/openbsc/contrib/mgcp_server.py @@ -10,7 +10,7 @@ rsip_resp = """200 321321332\r\n""" audit_packet = """AUEP %d 13@mgw MGCP 1.0\r\n""" crcx_packet = """CRCX %d 14@mgw MGCP 1.0\r\nC: 4a84ad5d25f\r\nL: p:20, a:GSM-EFR, nt:IN\r\nM: recvonly\r\n""" dlcx_packet = """DLCX %d 14@mgw MGCP 1.0\r\nC: 4a84ad5d25f\r\nI: %d\r\n""" -mdcx_packet = """MDCX %d 14@mgw MGCP 1.0\r\nC: 4a84ad5d25f\r\nI: %d\r\nL: p:20, a:GSM-EFR, nt:IN\r\nM: recvonly\r\n\r\nv=0\r\no=- 258696477 0 IN IP4 172.16.1.107\r\ns=-\r\nc=IN IP4 172.16.1.107\r\nt=0 0\r\nm=audio 4400 RTP/AVP 127\r\na=rtpmap:127 GSM-EFR/8000/1\r\na=ptime:20\r\na=recvonly\r\nm=image 4402 udptl t38\r\na=T38FaxVersion:0\r\na=T38MaxBitRate:14400\r\n""" +mdcx_packet = """MDCX %d 14@mgw MGCP 1.0\r\nC: 4a84ad5d25f\r\nI: %d\r\nL: p:20, a:GSM-EFR, nt:IN\r\nM: recvonly\r\n\r\nv=0\r\no=- 258696477 0 IN IP4 172.16.1.107\r\ns=-\r\nc=IN IP4 172.16.1.107\r\nt=0 0\r\nm=audio 6666 RTP/AVP 127\r\na=rtpmap:127 GSM-EFR/8000/1\r\na=ptime:20\r\na=recvonly\r\nm=image 4402 udptl t38\r\na=T38FaxVersion:0\r\na=T38MaxBitRate:14400\r\n""" def hexdump(src, length=8): """Recipe is from http://code.activestate.com/recipes/142812/""" @@ -25,15 +25,24 @@ def hexdump(src, length=8): server_socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) server_socket.bind(("127.0.0.1", MGCP_CALLAGENT_PORT)) -server_socket.setblocking(0) +server_socket.setblocking(1) - -def send_receive(packet): +last_ci = 1 +def send_and_receive(packet): + global last_ci server_socket.sendto(packet, ("127.0.0.1", MGCP_GATEWAY_PORT)) try: data, addr = server_socket.recvfrom(4096) + + # attempt to store the CI of the response + list = data.split("\n") + for item in list: + if item.startswith("I: "): + last_ci = int(item[3:]) + print hexdump(data), addr - except socket.error: + except socket.error, e: + print e pass def generate_tid(): @@ -42,13 +51,10 @@ def generate_tid(): -i = 1 while True: - send_receive(rsip_resp) - send_receive(audit_packet) - send_receive(crcx_packet % generate_tid() ) - send_receive(mdcx_packet % (generate_tid(), i)) - send_receive(dlcx_packet % (generate_tid(), i)) - i = i + 1 + send_and_receive(audit_packet % generate_tid()) + send_and_receive(crcx_packet % generate_tid() ) + send_and_receive(mdcx_packet % (generate_tid(), last_ci)) + send_and_receive(dlcx_packet % (generate_tid(), last_ci)) time.sleep(3) diff --git a/openbsc/contrib/send_handshake.py b/openbsc/contrib/send_handshake.py new file mode 100755 index 000000000..2d0dcec42 --- /dev/null +++ b/openbsc/contrib/send_handshake.py @@ -0,0 +1,30 @@ +#!/usr/bin/env python + +import sys + +# packages +ACK ="\x00\x01\xfe\x06" +RESET_ACK = "\x00\x13\xfd\x09\x00\x03\x07\x0b\x04\x43\x01\x00\xfe\x04\x43\x5c\x00\xfe\x03\x00\x01\x31" +PAGE = "\x00\x20\xfd\x09\x00\x03\x07\x0b\x04\x43\x01\x00\xfe\x04\x43\x5c\x00\xfe\x10\x00\x0e\x52\x08\x08\x29\x42\x08\x05\x03\x12\x23\x42\x1a\x01\x06" + + +# simple handshake... +sys.stdout.write(ACK) +sys.stdout.flush() +sys.stdin.read(4) + +# wait for some data and send reset ack +sys.stdin.read(21) +sys.stdout.write(RESET_ACK) +sys.stdout.flush() + +sys.stdout.write(RESET_ACK) +sys.stdout.flush() + +# page a subscriber +sys.stdout.write(PAGE) +sys.stdout.flush() + +while True: + sys.stdin.read(1) + diff --git a/openbsc/include/openbsc/Makefile.am b/openbsc/include/openbsc/Makefile.am index 259e6d6f5..25e3f4dd9 100644 --- a/openbsc/include/openbsc/Makefile.am +++ b/openbsc/include/openbsc/Makefile.am @@ -6,7 +6,7 @@ noinst_HEADERS = abis_nm.h abis_rsl.h db.h gsm_04_08.h gsm_data.h \ bsc_rll.h mncc.h transaction.h ussd.h gsm_04_80.h \ silent_call.h mgcp.h meas_rep.h rest_octets.h \ system_information.h handover.h mgcp_internal.h \ - vty.h + vty.h bssap.h bsc_msc.h bsc_nat.h openbsc_HEADERS = gsm_04_08.h meas_rep.h bsc_api.h openbscdir = $(includedir)/openbsc diff --git a/openbsc/include/openbsc/abis_rsl.h b/openbsc/include/openbsc/abis_rsl.h index e6973eef0..c8ac1dead 100644 --- a/openbsc/include/openbsc/abis_rsl.h +++ b/openbsc/include/openbsc/abis_rsl.h @@ -68,7 +68,7 @@ unsigned int get_paging_group(u_int64_t imsi, unsigned int bs_cc_chans, unsigned int n_pag_blocks(int bs_ccch_sdcch_comb, unsigned int bs_ag_blks_res); u_int64_t str_to_imsi(const char *imsi_str); u_int8_t lchan2chan_nr(const struct gsm_lchan *lchan); -int rsl_release_request(struct gsm_lchan *lchan, u_int8_t link_id); +int rsl_release_request(struct gsm_lchan *lchan, u_int8_t link_id, u_int8_t release_reason); /* to be provided by external code */ int abis_rsl_sendmsg(struct msgb *msg); diff --git a/openbsc/include/openbsc/bsc_msc.h b/openbsc/include/openbsc/bsc_msc.h new file mode 100644 index 000000000..29ce065d1 --- /dev/null +++ b/openbsc/include/openbsc/bsc_msc.h @@ -0,0 +1,46 @@ +/* Routines to talk to the MSC using the IPA Protocol */ +/* + * (C) 2010 by Holger Hans Peter Freyther <zecke@selfish.org> + * (C) 2010 by On-Waves + * All Rights Reserved + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + */ + +#ifndef BSC_MSC_H +#define BSC_MSC_H + +#include <osmocore/write_queue.h> +#include <osmocore/timer.h> + +struct bsc_msc_connection { + struct write_queue write_queue; + int is_connected; + const char *ip; + int port; + + void (*connection_loss) (struct bsc_msc_connection *); + void (*connected) (struct bsc_msc_connection *); + struct timer_list reconnect_timer; +}; + +struct bsc_msc_connection *bsc_msc_create(const char *ip, int port); +int bsc_msc_connect(struct bsc_msc_connection *); +void bsc_msc_schedule_connect(struct bsc_msc_connection *); + +void bsc_msc_lost(struct bsc_msc_connection *); + +#endif diff --git a/openbsc/include/openbsc/bsc_nat.h b/openbsc/include/openbsc/bsc_nat.h new file mode 100644 index 000000000..ff0f907c5 --- /dev/null +++ b/openbsc/include/openbsc/bsc_nat.h @@ -0,0 +1,212 @@ +/* + * (C) 2010 by Holger Hans Peter Freyther <zecke@selfish.org> + * (C) 2010 by On-Waves + * All Rights Reserved + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + */ + +#ifndef BSC_NAT_H +#define BSC_NAT_H + +#include "mgcp.h" + +#include <sys/types.h> +#include <sccp/sccp_types.h> + +#include <osmocore/select.h> +#include <osmocore/msgb.h> +#include <osmocore/timer.h> +#include <osmocore/write_queue.h> + +#define DIR_BSC 1 +#define DIR_MSC 2 + +#define NAT_IPAC_PROTO_MGCP 0xfc + +struct bsc_nat; + +/* + * For the NAT we will need to analyze and later patch + * the received message. This would require us to parse + * the IPA and SCCP header twice. Instead of doing this + * we will have one analyze structure and have the patching + * and filter operate on the same structure. + */ +struct bsc_nat_parsed { + /* ip access prototype */ + int ipa_proto; + + /* source local reference */ + struct sccp_source_reference *src_local_ref; + + /* destination local reference */ + struct sccp_source_reference *dest_local_ref; + + /* called ssn number */ + int called_ssn; + + /* calling ssn number */ + int calling_ssn; + + /* sccp message type */ + int sccp_type; + + /* bssap type, e.g. 0 for BSS Management */ + int bssap; + + /* the gsm0808 message type */ + int gsm_type; +}; + +/* + * Per BSC data structure + */ +struct bsc_connection { + struct llist_head list_entry; + + /* do we know anything about this BSC? */ + int authenticated; + + /* the fd we use to communicate */ + struct write_queue write_queue; + + /* the BSS associated */ + struct bsc_config *cfg; + + /* a timeout node */ + struct timer_list id_timeout; + + /* a back pointer */ + struct bsc_nat *nat; +}; + +/* + * Per SCCP source local reference patch table. It needs to + * be updated on new SCCP connections, connection confirm and reject, + * and on the loss of the BSC connection. + */ +struct sccp_connections { + struct llist_head list_entry; + + struct bsc_connection *bsc; + + struct sccp_source_reference real_ref; + struct sccp_source_reference patched_ref; + struct sccp_source_reference remote_ref; + + /* GSM audio handling. That is 32 * multiplex + ts */ + int msc_timeslot; + int bsc_timeslot; +}; + +/** + * One BSC entry in the config + */ +struct bsc_config { + struct llist_head entry; + + char *token; + unsigned int lac; + int nr; + + struct bsc_nat *nat; +}; + +/** + * BSCs point of view of endpoints + */ +struct bsc_endpoint { + /* the pending transaction id */ + char *transaction_id; + /* the bsc we are talking to */ + struct bsc_connection *bsc; + /* pending delete */ + int pending_delete; +}; + +/** + * the structure of the "nat" network + */ +struct bsc_nat { + /* active SCCP connections that need patching */ + struct llist_head sccp_connections; + + /* active BSC connections that need patching */ + struct llist_head bsc_connections; + + /* known BSC's */ + struct llist_head bsc_configs; + int num_bsc; + + /* MGCP config */ + struct mgcp_config *mgcp_cfg; + struct write_queue mgcp_queue; + u_int8_t mgcp_msg[4096]; + int mgcp_length; + + struct bsc_endpoint *bsc_endpoints; +}; + +/* create and init the structures */ +struct bsc_config *bsc_config_alloc(struct bsc_nat *nat, const char *token, unsigned int lac); +struct bsc_config *bsc_config_num(struct bsc_nat *nat, int num); +struct bsc_nat *bsc_nat_alloc(void); +struct bsc_connection *bsc_connection_alloc(struct bsc_nat *nat); + +void sccp_connection_destroy(struct sccp_connections *); + +/** + * parse the given message into the above structure + */ +struct bsc_nat_parsed *bsc_nat_parse(struct msgb *msg); + +/** + * filter based on IP Access header in both directions + */ +int bsc_nat_filter_ipa(int direction, struct msgb *msg, struct bsc_nat_parsed *parsed); +int bsc_nat_vty_init(struct bsc_nat *nat); +struct bsc_connection *bsc_nat_find_bsc(struct bsc_nat *nat, struct msgb *msg); + +/** + * SCCP patching and handling + */ +int create_sccp_src_ref(struct bsc_connection *bsc, struct msgb *msg, struct bsc_nat_parsed *parsed); +int update_sccp_src_ref(struct sccp_connections *sccp, struct bsc_nat_parsed *parsed); +void remove_sccp_src_ref(struct bsc_connection *bsc, struct msgb *msg, struct bsc_nat_parsed *parsed); +struct sccp_connections *patch_sccp_src_ref_to_bsc(struct msgb *, struct bsc_nat_parsed *, struct bsc_nat *); +struct sccp_connections *patch_sccp_src_ref_to_msc(struct msgb *, struct bsc_nat_parsed *, struct bsc_nat *); + +/** + * MGCP/Audio handling + */ +int bsc_write_mgcp_msg(struct bsc_connection *bsc, struct msgb *msg); +int bsc_write_mgcp(struct bsc_connection *bsc, const u_int8_t *data, unsigned int length); +int bsc_mgcp_assign(struct sccp_connections *, struct msgb *msg); +void bsc_mgcp_clear(struct sccp_connections *); +void bsc_mgcp_free_endpoint(struct bsc_nat *nat, int); +void bsc_mgcp_free_endpoints(struct bsc_nat *nat); +int bsc_mgcp_init(struct bsc_nat *nat); + +struct bsc_connection *bsc_mgcp_find_con(struct bsc_nat *, int endpoint_number); +struct msgb *bsc_mgcp_rewrite(char *input, int length, const char *ip, int port); +void bsc_mgcp_forward(struct bsc_connection *bsc, struct msgb *msg); + +void bsc_mgcp_clear_endpoints_for(struct bsc_connection *bsc); +int bsc_mgcp_parse_response(const char *str, int *code, char transaction[60]); +int bsc_mgcp_extract_ci(const char *resp); + +#endif diff --git a/openbsc/include/openbsc/bssap.h b/openbsc/include/openbsc/bssap.h new file mode 100644 index 000000000..3b06fb5c3 --- /dev/null +++ b/openbsc/include/openbsc/bssap.h @@ -0,0 +1,336 @@ +/* From GSM08.08 */ + +#ifndef BSSAP_H +#define BSSAP_H + +#include <stdlib.h> + +#include <osmocore/msgb.h> +#include <openbsc/gsm_data.h> + +/* + * this is from GSM 03.03 CGI but is copied in GSM 08.08 + * in § 3.2.2.27 for Cell Identifier List + */ +enum CELL_IDENT { + CELL_IDENT_WHOLE_GLOBAL = 0, + CELL_IDENT_LAC_AND_CI = 1, + CELL_IDENT_CI = 2, + CELL_IDENT_NO_CELL = 3, + CELL_IDENT_LAI_AND_LAC = 4, + CELL_IDENT_LAC = 5, + CELL_IDENT_BSS = 6, + CELL_IDENT_UTRAN_PLMN_LAC_RNC = 8, + CELL_IDENT_UTRAN_RNC = 9, + CELL_IDENT_UTRAN_LAC_RNC = 10, +}; + + +/* GSM 08.06 § 6.3 */ +enum BSSAP_MSG_TYPE { + BSSAP_MSG_BSS_MANAGEMENT = 0x0, + BSSAP_MSG_DTAP = 0x1, +}; + +struct bssmap_header { + u_int8_t type; + u_int8_t length; +} __attribute__((packed)); + +struct dtap_header { + u_int8_t type; + u_int8_t link_id; + u_int8_t length; +} __attribute__((packed)); + + +enum BSS_MAP_MSG_TYPE { + BSS_MAP_MSG_RESERVED_0 = 0, + + /* ASSIGNMENT MESSAGES */ + BSS_MAP_MSG_ASSIGMENT_RQST = 1, + BSS_MAP_MSG_ASSIGMENT_COMPLETE = 2, + BSS_MAP_MSG_ASSIGMENT_FAILURE = 3, + + /* HANDOVER MESSAGES */ + BSS_MAP_MSG_HANDOVER_RQST = 16, + BSS_MAP_MSG_HANDOVER_REQUIRED = 17, + BSS_MAP_MSG_HANDOVER_RQST_ACKNOWLEDGE= 18, + BSS_MAP_MSG_HANDOVER_CMD = 19, + BSS_MAP_MSG_HANDOVER_COMPLETE = 20, + BSS_MAP_MSG_HANDOVER_SUCCEEDED = 21, + BSS_MAP_MSG_HANDOVER_FAILURE = 22, + BSS_MAP_MSG_HANDOVER_PERFORMED = 23, + BSS_MAP_MSG_HANDOVER_CANDIDATE_ENQUIRE = 24, + BSS_MAP_MSG_HANDOVER_CANDIDATE_RESPONSE = 25, + BSS_MAP_MSG_HANDOVER_REQUIRED_REJECT = 26, + BSS_MAP_MSG_HANDOVER_DETECT = 27, + + /* RELEASE MESSAGES */ + BSS_MAP_MSG_CLEAR_CMD = 32, + BSS_MAP_MSG_CLEAR_COMPLETE = 33, + BSS_MAP_MSG_CLEAR_RQST = 34, + BSS_MAP_MSG_RESERVED_1 = 35, + BSS_MAP_MSG_RESERVED_2 = 36, + BSS_MAP_MSG_SAPI_N_REJECT = 37, + BSS_MAP_MSG_CONFUSION = 38, + + /* OTHER CONNECTION RELATED MESSAGES */ + BSS_MAP_MSG_SUSPEND = 40, + BSS_MAP_MSG_RESUME = 41, + BSS_MAP_MSG_CONNECTION_ORIENTED_INFORMATION = 42, + BSS_MAP_MSG_PERFORM_LOCATION_RQST = 43, + BSS_MAP_MSG_LSA_INFORMATION = 44, + BSS_MAP_MSG_PERFORM_LOCATION_RESPONSE = 45, + BSS_MAP_MSG_PERFORM_LOCATION_ABORT = 46, + BSS_MAP_MSG_COMMON_ID = 47, + + /* GENERAL MESSAGES */ + BSS_MAP_MSG_RESET = 48, + BSS_MAP_MSG_RESET_ACKNOWLEDGE = 49, + BSS_MAP_MSG_OVERLOAD = 50, + BSS_MAP_MSG_RESERVED_3 = 51, + BSS_MAP_MSG_RESET_CIRCUIT = 52, + BSS_MAP_MSG_RESET_CIRCUIT_ACKNOWLEDGE = 53, + BSS_MAP_MSG_MSC_INVOKE_TRACE = 54, + BSS_MAP_MSG_BSS_INVOKE_TRACE = 55, + BSS_MAP_MSG_CONNECTIONLESS_INFORMATION = 58, + + /* TERRESTRIAL RESOURCE MESSAGES */ + BSS_MAP_MSG_BLOCK = 64, + BSS_MAP_MSG_BLOCKING_ACKNOWLEDGE = 65, + BSS_MAP_MSG_UNBLOCK = 66, + BSS_MAP_MSG_UNBLOCKING_ACKNOWLEDGE = 67, + BSS_MAP_MSG_CIRCUIT_GROUP_BLOCK = 68, + BSS_MAP_MSG_CIRCUIT_GROUP_BLOCKING_ACKNOWLEDGE = 69, + BSS_MAP_MSG_CIRCUIT_GROUP_UNBLOCK = 70, + BSS_MAP_MSG_CIRCUIT_GROUP_UNBLOCKING_ACKNOWLEDGE = 71, + BSS_MAP_MSG_UNEQUIPPED_CIRCUIT = 72, + BSS_MAP_MSG_CHANGE_CIRCUIT = 78, + BSS_MAP_MSG_CHANGE_CIRCUIT_ACKNOWLEDGE = 79, + + /* RADIO RESOURCE MESSAGES */ + BSS_MAP_MSG_RESOURCE_RQST = 80, + BSS_MAP_MSG_RESOURCE_INDICATION = 81, + BSS_MAP_MSG_PAGING = 82, + BSS_MAP_MSG_CIPHER_MODE_CMD = 83, + BSS_MAP_MSG_CLASSMARK_UPDATE = 84, + BSS_MAP_MSG_CIPHER_MODE_COMPLETE = 85, + BSS_MAP_MSG_QUEUING_INDICATION = 86, + BSS_MAP_MSG_COMPLETE_LAYER_3 = 87, + BSS_MAP_MSG_CLASSMARK_RQST = 88, + BSS_MAP_MSG_CIPHER_MODE_REJECT = 89, + BSS_MAP_MSG_LOAD_INDICATION = 90, + + /* VGCS/VBS */ + BSS_MAP_MSG_VGCS_VBS_SETUP = 4, + BSS_MAP_MSG_VGCS_VBS_SETUP_ACK = 5, + BSS_MAP_MSG_VGCS_VBS_SETUP_REFUSE = 6, + BSS_MAP_MSG_VGCS_VBS_ASSIGNMENT_RQST = 7, + BSS_MAP_MSG_VGCS_VBS_ASSIGNMENT_RESULT = 28, + BSS_MAP_MSG_VGCS_VBS_ASSIGNMENT_FAILURE = 29, + BSS_MAP_MSG_VGCS_VBS_QUEUING_INDICATION = 30, + BSS_MAP_MSG_UPLINK_RQST = 31, + BSS_MAP_MSG_UPLINK_RQST_ACKNOWLEDGE = 39, + BSS_MAP_MSG_UPLINK_RQST_CONFIRMATION = 73, + BSS_MAP_MSG_UPLINK_RELEASE_INDICATION = 74, + BSS_MAP_MSG_UPLINK_REJECT_CMD = 75, + BSS_MAP_MSG_UPLINK_RELEASE_CMD = 76, + BSS_MAP_MSG_UPLINK_SEIZED_CMD = 77, +}; + +enum GSM0808_IE_CODING { + GSM0808_IE_CIRCUIT_IDENTITY_CODE = 1, + GSM0808_IE_RESERVED_0 = 2, + GSM0808_IE_RESOURCE_AVAILABLE = 3, + GSM0808_IE_CAUSE = 4, + GSM0808_IE_CELL_IDENTIFIER = 5, + GSM0808_IE_PRIORITY = 6, + GSM0808_IE_LAYER_3_HEADER_INFORMATION = 7, + GSM0808_IE_IMSI = 8, + GSM0808_IE_TMSI = 9, + GSM0808_IE_ENCRYPTION_INFORMATION = 10, + GSM0808_IE_CHANNEL_TYPE = 11, + GSM0808_IE_PERIODICITY = 12, + GSM0808_IE_EXTENDED_RESOURCE_INDICATOR = 13, + GSM0808_IE_NUMBER_OF_MSS = 14, + GSM0808_IE_RESERVED_1 = 15, + GSM0808_IE_RESERVED_2 = 16, + GSM0808_IE_RESERVED_3 = 17, + GSM0808_IE_CLASSMARK_INFORMATION_T2 = 18, + GSM0808_IE_CLASSMARK_INFORMATION_T3 = 19, + GSM0808_IE_INTERFERENCE_BAND_TO_USE = 20, + GSM0808_IE_RR_CAUSE = 21, + GSM0808_IE_RESERVED_4 = 22, + GSM0808_IE_LAYER_3_INFORMATION = 23, + GSM0808_IE_DLCI = 24, + GSM0808_IE_DOWNLINK_DTX_FLAG = 25, + GSM0808_IE_CELL_IDENTIFIER_LIST = 26, + GSM0808_IE_RESPONSE_RQST = 27, + GSM0808_IE_RESOURCE_INDICATION_METHOD = 28, + GSM0808_IE_CLASSMARK_INFORMATION_TYPE_1 = 29, + GSM0808_IE_CIRCUIT_IDENTITY_CODE_LIST = 30, + GSM0808_IE_DIAGNOSTIC = 31, + GSM0808_IE_LAYER_3_MESSAGE_CONTENTS = 32, + GSM0808_IE_CHOSEN_CHANNEL = 33, + GSM0808_IE_TOTAL_RESOURCE_ACCESSIBLE = 34, + GSM0808_IE_CIPHER_RESPONSE_MODE = 35, + GSM0808_IE_CHANNEL_NEEDED = 36, + GSM0808_IE_TRACE_TYPE = 37, + GSM0808_IE_TRIGGERID = 38, + GSM0808_IE_TRACE_REFERENCE = 39, + GSM0808_IE_TRANSACTIONID = 40, + GSM0808_IE_MOBILE_IDENTITY = 41, + GSM0808_IE_OMCID = 42, + GSM0808_IE_FORWARD_INDICATOR = 43, + GSM0808_IE_CHOSEN_ENCR_ALG = 44, + GSM0808_IE_CIRCUIT_POOL = 45, + GSM0808_IE_CIRCUIT_POOL_LIST = 46, + GSM0808_IE_TIME_INDICATION = 47, + GSM0808_IE_RESOURCE_SITUATION = 48, + GSM0808_IE_CURRENT_CHANNEL_TYPE_1 = 49, + GSM0808_IE_QUEUEING_INDICATOR = 50, + GSM0808_IE_SPEECH_VERSION = 64, + GSM0808_IE_ASSIGNMENT_REQUIREMENT = 51, + GSM0808_IE_TALKER_FLAG = 53, + GSM0808_IE_CONNECTION_RELEASE_RQSTED = 54, + GSM0808_IE_GROUP_CALL_REFERENCE = 55, + GSM0808_IE_EMLPP_PRIORITY = 56, + GSM0808_IE_CONFIG_EVO_INDI = 57, + GSM0808_IE_OLD_BSS_TO_NEW_BSS_INFORMATION = 58, + GSM0808_IE_LSA_IDENTIFIER = 59, + GSM0808_IE_LSA_IDENTIFIER_LIST = 60, + GSM0808_IE_LSA_INFORMATION = 61, + GSM0808_IE_LCS_QOS = 62, + GSM0808_IE_LSA_ACCESS_CTRL_SUPPR = 63, + GSM0808_IE_LCS_PRIORITY = 67, + GSM0808_IE_LOCATION_TYPE = 68, + GSM0808_IE_LOCATION_ESTIMATE = 69, + GSM0808_IE_POSITIONING_DATA = 70, + GSM0808_IE_LCS_CAUSE = 71, + GSM0808_IE_LCS_CLIENT_TYPE = 72, + GSM0808_IE_APDU = 73, + GSM0808_IE_NETWORK_ELEMENT_IDENTITY = 74, + GSM0808_IE_GPS_ASSISTANCE_DATA = 75, + GSM0808_IE_DECIPHERING_KEYS = 76, + GSM0808_IE_RETURN_ERROR_RQST = 77, + GSM0808_IE_RETURN_ERROR_CAUSE = 78, + GSM0808_IE_SEGMENTATION = 79, + GSM0808_IE_SERVICE_HANDOVER = 80, + GSM0808_IE_SOURCE_RNC_TO_TARGET_RNC_TRANSPARENT_UMTS = 81, + GSM0808_IE_SOURCE_RNC_TO_TARGET_RNC_TRANSPARENT_CDMA2000= 82, + GSM0808_IE_RESERVED_5 = 65, + GSM0808_IE_RESERVED_6 = 66, +}; + +enum gsm0808_cause { + GSM0808_CAUSE_RADIO_INTERFACE_MESSAGE_FAILURE = 0, + GSM0808_CAUSE_RADIO_INTERFACE_FAILURE = 1, + GSM0808_CAUSE_UPLINK_QUALITY = 2, + GSM0808_CAUSE_UPLINK_STRENGTH = 3, + GSM0808_CAUSE_DOWNLINK_QUALITY = 4, + GSM0808_CAUSE_DOWNLINK_STRENGTH = 5, + GSM0808_CAUSE_DISTANCE = 6, + GSM0808_CAUSE_O_AND_M_INTERVENTION = 7, + GSM0808_CAUSE_RESPONSE_TO_MSC_INVOCATION = 8, + GSM0808_CAUSE_CALL_CONTROL = 9, + GSM0808_CAUSE_RADIO_INTERFACE_FAILURE_REVERSION = 10, + GSM0808_CAUSE_HANDOVER_SUCCESSFUL = 11, + GSM0808_CAUSE_BETTER_CELL = 12, + GSM0808_CAUSE_DIRECTED_RETRY = 13, + GSM0808_CAUSE_JOINED_GROUP_CALL_CHANNEL = 14, + GSM0808_CAUSE_TRAFFIC = 15, + GSM0808_CAUSE_EQUIPMENT_FAILURE = 32, + GSM0808_CAUSE_NO_RADIO_RESOURCE_AVAILABLE = 33, + GSM0808_CAUSE_RQSTED_TERRESTRIAL_RESOURCE_UNAVAILABLE = 34, + GSM0808_CAUSE_CCCH_OVERLOAD = 35, + GSM0808_CAUSE_PROCESSOR_OVERLOAD = 36, + GSM0808_CAUSE_BSS_NOT_EQUIPPED = 37, + GSM0808_CAUSE_MS_NOT_EQUIPPED = 38, + GSM0808_CAUSE_INVALID_CELL = 39, + GSM0808_CAUSE_TRAFFIC_LOAD = 40, + GSM0808_CAUSE_PREEMPTION = 41, + GSM0808_CAUSE_RQSTED_TRANSCODING_RATE_ADAPTION_UNAVAILABLE = 48, + GSM0808_CAUSE_CIRCUIT_POOL_MISMATCH = 49, + GSM0808_CAUSE_SWITCH_CIRCUIT_POOL = 50, + GSM0808_CAUSE_RQSTED_SPEECH_VERSION_UNAVAILABLE = 51, + GSM0808_CAUSE_LSA_NOT_ALLOWED = 52, + GSM0808_CAUSE_CIPHERING_ALGORITHM_NOT_SUPPORTED = 64, + GSM0808_CAUSE_TERRESTRIAL_CIRCUIT_ALREADY_ALLOCATED = 80, + GSM0808_CAUSE_INVALID_MESSAGE_CONTENTS = 81, + GSM0808_CAUSE_INFORMATION_ELEMENT_OR_FIELD_MISSING = 82, + GSM0808_CAUSE_INCORRECT_VALUE = 83, + GSM0808_CAUSE_UNKNOWN_MESSAGE_TYPE = 84, + GSM0808_CAUSE_UNKNOWN_INFORMATION_ELEMENT = 85, + GSM0808_CAUSE_PROTOCOL_ERROR_BETWEEN_BSS_AND_MSC = 96, +}; + +/* GSM 08.08 3.2.2.11 Channel Type */ +enum gsm0808_chan_indicator { + GSM0808_CHAN_SPEECH = 1, + GSM0808_CHAN_DATA = 2, + GSM0808_CHAN_SIGN = 3, +}; + +enum gsm0808_chan_rate_type_data { + GSM0808_DATA_FULL_BM = 0x8, + GSM0808_DATA_HALF_LM = 0x9, + GSM0808_DATA_FULL_RPREF = 0xa, + GSM0808_DATA_HALF_PREF = 0xb, + GSM0808_DATA_FULL_PREF_NO_CHANGE = 0x1a, + GSM0808_DATA_HALF_PREF_NO_CHANGE = 0x1b, + GSM0808_DATA_MULTI_MASK = 0x20, + GSM0808_DATA_MULTI_MASK_NO_CHANGE = 0x30, +}; + +enum gsm0808_chan_rate_type_speech { + GSM0808_SPEECH_FULL_BM = 0x8, + GSM0808_SPEECH_HALF_LM = 0x9, + GSM0808_SPEECH_FULL_PREF= 0xa, + GSM0808_SPEECH_HALF_PREF= 0xb, + GSM0808_SPEECH_FULL_PREF_NO_CHANGE = 0x1a, + GSM0808_SPEECH_HALF_PREF_NO_CHANGE = 0x1b, + GSM0808_SPEECH_PERM = 0xf, + GSM0808_SPEECH_PERM_NO_CHANGE = 0x1f, +}; + +enum gsm0808_permitted_speech { + GSM0808_PERM_FR1 = 0x01, + GSM0808_PERM_FR2 = 0x11, + GSM0808_PERM_FR3 = 0x21, + GSM0808_PERM_HR1 = GSM0808_PERM_FR1 | 0x4, + GSM0808_PERM_HR2 = GSM0808_PERM_FR2 | 0x4, + GSM0808_PERM_HR3 = GSM0808_PERM_FR3 | 0x4, +}; + +int bssmap_rcvmsg_dt1(struct sccp_connection *conn, struct msgb *msg, unsigned int length); +int bssmap_rcvmsg_udt(struct gsm_network *net, struct msgb *msg, unsigned int length); + +struct msgb *bssmap_create_layer3(struct msgb *msg); +struct msgb *bssmap_create_reset(void); +struct msgb *bssmap_create_clear_complete(void); +struct msgb *bssmap_create_cipher_complete(struct msgb *layer3); +struct msgb *bssmap_create_cipher_reject(u_int8_t cause); +struct msgb *bssmap_create_sapi_reject(u_int8_t link_id); +struct msgb *bssmap_create_assignment_completed(struct gsm_lchan *lchan, u_int8_t rr_cause); +struct msgb *bssmap_create_assignment_failure(u_int8_t cause, u_int8_t *rr_cause); +struct msgb *bssmap_create_classmark_update(const u_int8_t *classmark, u_int8_t length); + +void gsm0808_send_assignment_failure(struct gsm_lchan *l, u_int8_t cause, u_int8_t *rr_value); +void gsm0808_send_assignment_compl(struct gsm_lchan *l, u_int8_t rr_value); + +int dtap_rcvmsg(struct gsm_lchan *lchan, struct msgb *msg, unsigned int length); +struct msgb *dtap_create_msg(struct msgb *msg_l3, u_int8_t link_id); + +void bsc_queue_connection_write(struct sccp_connection *conn, struct msgb *msg); +void bsc_free_queued(struct sccp_connection *conn); +void bsc_send_queued(struct sccp_connection *conn); + +void bts_queue_send(struct msgb *msg, int link_id); +void bts_send_queued(struct bss_sccp_connection_data*); +void bts_free_queued(struct bss_sccp_connection_data*); +void bts_unblock_queue(struct bss_sccp_connection_data*); + +const struct tlv_definition *gsm0808_att_tlvdef(); + +#endif diff --git a/openbsc/include/openbsc/chan_alloc.h b/openbsc/include/openbsc/chan_alloc.h index f564e9e4d..2cf447c7f 100644 --- a/openbsc/include/openbsc/chan_alloc.h +++ b/openbsc/include/openbsc/chan_alloc.h @@ -23,6 +23,28 @@ #include "gsm_subscriber.h" +/* + * Refcounting for the lchan. If the refcount drops to zero + * the channel will send a RSL release request. + */ +#define use_subscr_con(con) \ + do { (con)->use_count++; \ + DEBUGP(DREF, "lchan (bts=%d,trx=%d,ts=%d,ch=%d) increases usage to: %d\n", \ + (con)->lchan->ts->trx->bts->nr, (con)->lchan->ts->trx->nr, (con)->lchan->ts->nr, \ + (con)->lchan->nr, (con)->use_count); \ + } while(0); + +#define put_subscr_con(con, reason) \ + do { (con)->use_count--; \ + DEBUGP(DREF, "lchan (bts=%d,trx=%d,ts=%d,ch=%d) decreases usage to: %d\n", \ + (con)->lchan->ts->trx->bts->nr, (con)->lchan->ts->trx->nr, (con)->lchan->ts->nr, \ + (con)->lchan->nr, (con)->use_count); \ + if ((con)->use_count <= 0) \ + _lchan_release((con)->lchan, reason); \ + } while(0); + + + /* Special allocator for C0 of BTS */ struct gsm_bts_trx_ts *ts_c0_alloc(struct gsm_bts *bts, enum gsm_phys_chan_config pchan); @@ -46,8 +68,8 @@ struct gsm_lchan *lchan_alloc(struct gsm_bts *bts, enum gsm_chan_t type); /* Free a logical channel (SDCCH, TCH, ...) */ void lchan_free(struct gsm_lchan *lchan); -/* Consider releasing the channel */ -int lchan_auto_release(struct gsm_lchan *lchan); +/* internal.. do not use */ +int _lchan_release(struct gsm_lchan *lchan, u_int8_t release_reason); struct load_counter { unsigned int total; diff --git a/openbsc/include/openbsc/debug.h b/openbsc/include/openbsc/debug.h index f1c5a699a..c96d58922 100644 --- a/openbsc/include/openbsc/debug.h +++ b/openbsc/include/openbsc/debug.h @@ -29,6 +29,7 @@ enum { DHO, DDB, DREF, + DNAT, Debug_LastEntry, }; diff --git a/openbsc/include/openbsc/gsm_04_08.h b/openbsc/include/openbsc/gsm_04_08.h index daf3bd780..eb445d11a 100644 --- a/openbsc/include/openbsc/gsm_04_08.h +++ b/openbsc/include/openbsc/gsm_04_08.h @@ -16,8 +16,9 @@ struct gsm_trans; void gsm0408_allow_everyone(int allow); int gsm0408_rcvmsg(struct msgb *msg, u_int8_t link_id); -enum gsm_chan_t get_ctype_by_chreq(struct gsm_bts *bts, u_int8_t ra, int neci); -enum gsm_chreq_reason_t get_reason_by_chreq(struct gsm_bts *bts, u_int8_t ra, int neci); +enum gsm_chan_t get_ctype_by_chreq(struct gsm_network *bts, u_int8_t ra); +enum gsm_chreq_reason_t get_reason_by_chreq(u_int8_t ra, int neci); +void gsm_net_update_ctype(struct gsm_network *net); int gsm48_tx_mm_info(struct gsm_lchan *lchan); int gsm48_tx_mm_auth_req(struct gsm_lchan *lchan, u_int8_t *rand, int key_seq); diff --git a/openbsc/include/openbsc/gsm_data.h b/openbsc/include/openbsc/gsm_data.h index 8dfa5886b..303663f41 100644 --- a/openbsc/include/openbsc/gsm_data.h +++ b/openbsc/include/openbsc/gsm_data.h @@ -79,31 +79,13 @@ typedef int gsm_cbfn(unsigned int hooknum, struct msgb *msg, void *data, void *param); -/* - * Use the channel. As side effect the lchannel recycle timer - * will be started. - */ -#define LCHAN_RELEASE_TIMEOUT 20, 0 -#define use_subscr_con(con) \ - do { (con)->use_count++; \ - DEBUGP(DREF, "lchan (bts=%d,trx=%d,ts=%d,ch=%d) increases usage to: %d\n", \ - (con)->lchan->ts->trx->bts->nr, (con)->lchan->ts->trx->nr, (con)->lchan->ts->nr, \ - (con)->lchan->nr, (con)->use_count); \ - bsc_schedule_timer(&(con)->release_timer, LCHAN_RELEASE_TIMEOUT); } while(0); - -#define put_subscr_con(con) \ - do { (con)->use_count--; \ - DEBUGP(DREF, "lchan (bts=%d,trx=%d,ts=%d,ch=%d) decreases usage to: %d\n", \ - (con)->lchan->ts->trx->bts->nr, (con)->lchan->ts->trx->nr, (con)->lchan->ts->nr, \ - (con)->lchan->nr, (con)->use_count); \ - } while(0); - - /* communications link with a BTS */ struct gsm_bts_link { struct gsm_bts *bts; }; +struct sccp_connection; + /* Real authentication information containing Ki */ enum gsm_auth_algo { AUTH_ALGO_NONE, @@ -131,6 +113,43 @@ struct gsm_subscriber; struct gsm_mncc; struct rtp_socket; +/* BSC/MSC data holding them together */ +struct bss_sccp_connection_data { + struct gsm_lchan *lchan; + struct gsm_lchan *secondary_lchan; + struct sccp_connection *sccp; + int ciphering_handled : 1; + + /* Timers... */ + + /* for assginment command */ + struct timer_list T10; + + /* for SCCP ... */ + struct timer_list sccp_it; + + /* audio handling */ + int rtp_port; + + /* Queue SCCP and GSM0408 messages */ + int block_gsm; + struct llist_head gsm_queue; + unsigned int gsm_queue_size; + + struct llist_head sccp_queue; + unsigned int sccp_queue_size; + + /* Active connections */ + struct llist_head active_connections; +}; + +#define GSM0808_T10_VALUE 6, 0 +#define sccp_get_lchan(data_ctx) ((struct bss_sccp_connection_data *)data_ctx)->lchan +#define lchan_get_sccp(lchan) lchan->msc_data->sccp +struct bss_sccp_connection_data *bss_sccp_create_data(); +void bss_sccp_free_data(struct bss_sccp_connection_data *); + + /* Network Management State */ struct gsm_nm_state { u_int8_t operational; @@ -187,9 +206,6 @@ struct gsm_subscriber_connection { /* To whom we are allocated at the moment */ struct gsm_subscriber *subscr; - /* Timer started to release the channel */ - struct timer_list release_timer; - /* * Operations that have a state and might be pending */ @@ -237,6 +253,12 @@ struct gsm_lchan { /* Established data link layer services */ u_int8_t sapis[8]; + /* + * MSC handling... + */ + struct bss_sccp_connection_data *msc_data; + + /* cache of last measurement reports on this lchan */ struct gsm_meas_rep meas_rep[6]; int meas_rep_idx; @@ -546,6 +568,14 @@ enum gsm_auth_policy { #define GSM_T3101_DEFAULT 10 #define GSM_T3113_DEFAULT 60 +/* + * internal data for audio management + */ +struct gsm_audio_support { + u_int8_t hr : 1, + ver : 7; +}; + struct gsm_network { /* global parameters */ u_int16_t country_code; @@ -576,6 +606,11 @@ struct gsm_network { struct gsmnet_stats stats; + struct gsm_audio_support **audio_support; + int audio_length; + int rtp_payload; + int rtp_base_port; + /* layer 4 */ int (*mncc_recv) (struct gsm_network *net, int msg_type, void *arg); struct llist_head upqueue; @@ -601,6 +636,18 @@ struct gsm_network { struct { enum rrlp_mode mode; } rrlp; + + enum gsm_chan_t ctype_by_chreq[16]; + + /* Use a TCH for handling requests of type paging any */ + int pag_any_tch; + + /* a hack for On Waves. It must be signed */ + int32_t core_country_code; + int32_t core_network_code; + + /* a simple token for this network... */ + char *bsc_token; }; #define SMS_HDR_SIZE 128 diff --git a/openbsc/include/openbsc/gsm_subscriber.h b/openbsc/include/openbsc/gsm_subscriber.h index 06539960e..a7dac8df8 100644 --- a/openbsc/include/openbsc/gsm_subscriber.h +++ b/openbsc/include/openbsc/gsm_subscriber.h @@ -81,6 +81,8 @@ struct gsm_subscriber *subscr_get_by_extension(struct gsm_network *net, const char *ext); struct gsm_subscriber *subscr_get_by_id(struct gsm_network *net, unsigned long long id); +struct gsm_subscriber *subscr_get_or_create(struct gsm_network *net, + const char *imsi); int subscr_update(struct gsm_subscriber *s, struct gsm_bts *bts, int reason); void subscr_put_channel(struct gsm_lchan *lchan); void subscr_get_channel(struct gsm_subscriber *subscr, diff --git a/openbsc/include/openbsc/mgcp.h b/openbsc/include/openbsc/mgcp.h index f7e800bd8..778a1f116 100644 --- a/openbsc/include/openbsc/mgcp.h +++ b/openbsc/include/openbsc/mgcp.h @@ -29,7 +29,6 @@ #include <arpa/inet.h> #define RTP_PORT_DEFAULT 4000 - /** * Calculate the RTP audio port for the given multiplex * and the direction. This allows a semi static endpoint @@ -77,14 +76,17 @@ struct mgcp_config; typedef int (*mgcp_change)(struct mgcp_config *cfg, int endpoint, int state, int local_rtp); typedef int (*mgcp_policy)(struct mgcp_config *cfg, int endpoint, int state, const char *transactio_id); +typedef int (*mgcp_reset)(struct mgcp_config *cfg); struct mgcp_config { + /* common configuration */ int source_port; char *local_ip; char *source_addr; - unsigned int number_endpoints; char *bts_ip; + char *call_agent_addr; + /* default endpoint data */ struct in_addr bts_in; char *audio_name; int audio_payload; @@ -92,15 +94,21 @@ struct mgcp_config { int early_bind; int rtp_base_port; + /* only used in forward mode */ char *forward_ip; int forward_port; + unsigned int last_call_id; + + /* endpoint configuration */ + unsigned int number_endpoints; + struct mgcp_endpoint *endpoints; + + /* callback functionality */ mgcp_change change_cb; mgcp_policy policy_cb; + mgcp_reset reset_cb; void *data; - - struct mgcp_endpoint *endpoints; - unsigned int last_call_id; }; /* config management */ @@ -115,8 +123,15 @@ void mgcp_free_endp(struct mgcp_endpoint *endp); * format helper functions */ struct msgb *mgcp_handle_message(struct mgcp_config *cfg, struct msgb *msg); -struct msgb *mgcp_create_rsip(void); struct msgb *mgcp_create_response_with_data(int code, const char *msg, const char *trans, const char *data); +/* adc helper */ +static inline int mgcp_timeslot_to_endpoint(int multiplex, int timeslot) +{ + if (timeslot == 0) + timeslot = 1; + return timeslot + (31 * multiplex); +} + #endif diff --git a/openbsc/include/openbsc/mgcp_internal.h b/openbsc/include/openbsc/mgcp_internal.h index 10d0ca6ae..7ce1732f9 100644 --- a/openbsc/include/openbsc/mgcp_internal.h +++ b/openbsc/include/openbsc/mgcp_internal.h @@ -61,4 +61,13 @@ struct mgcp_endpoint { #define ENDPOINT_NUMBER(endp) abs(endp - endp->cfg->endpoints) +struct mgcp_msg_ptr { + unsigned int start; + unsigned int length; +}; + +int mgcp_analyze_header(struct mgcp_config *cfg, struct msgb *msg, + struct mgcp_msg_ptr *ptr, int size, + const char **transaction_id, struct mgcp_endpoint **endp); + #endif diff --git a/openbsc/include/sccp/sccp.h b/openbsc/include/sccp/sccp.h index 643479adc..604a2ac72 100644 --- a/openbsc/include/sccp/sccp.h +++ b/openbsc/include/sccp/sccp.h @@ -94,7 +94,7 @@ struct sccp_connection { * call sccp_system_incoming for incoming data (from the network) * sccp will call outgoing whenever outgoing data exists */ -int sccp_system_init(int (*outgoing)(struct msgb *data, void *ctx), void *context); +int sccp_system_init(void (*outgoing)(struct msgb *data, void *ctx), void *context); int sccp_system_incoming(struct msgb *data); /** @@ -106,6 +106,11 @@ int sccp_connection_close(struct sccp_connection *connection, int cause); int sccp_connection_free(struct sccp_connection *connection); /** + * internal.. + */ +int sccp_connection_force_free(struct sccp_connection *conn); + +/** * Create a new socket. Set your callbacks and then call bind to open * the connection. */ diff --git a/openbsc/include/vty/command.h b/openbsc/include/vty/command.h index 03b071f70..31dd7f3b2 100644 --- a/openbsc/include/vty/command.h +++ b/openbsc/include/vty/command.h @@ -107,6 +107,8 @@ enum node_type { TS_NODE, SUBSCR_NODE, MGCP_NODE, + NAT_NODE, + BSC_NODE, }; /* Node which has some commands and prompt string and configuration diff --git a/openbsc/src/Makefile.am b/openbsc/src/Makefile.am index f4d1c01a1..c749ed94a 100644 --- a/openbsc/src/Makefile.am +++ b/openbsc/src/Makefile.am @@ -3,7 +3,8 @@ AM_CFLAGS=-Wall $(LIBOSMOCORE_CFLAGS) AM_LDFLAGS = $(LIBOSMOCORE_LIBS) sbin_PROGRAMS = bsc_hack bs11_config ipaccess-find ipaccess-config \ - isdnsync bsc_mgcp ipaccess-proxy + isdnsync bsc_mgcp ipaccess-proxy \ + bsc_msc_ip bsc_nat noinst_LIBRARIES = libbsc.a libmsc.a libvty.a noinst_HEADERS = vty/cardshell.h @@ -17,12 +18,12 @@ libbsc_a_SOURCES = abis_rsl.c abis_nm.c gsm_data.c gsm_04_08_utils.c \ input/misdn.c input/ipaccess.c \ talloc_ctx.c system_information.c rest_octets.c \ rtp_proxy.c bts_siemens_bs11.c bts_ipaccess_nanobts.c \ - bts_unknown.c bsc_version.c bsc_api.c vty_interface_cmds.c + bts_unknown.c meas_rep.c telnet_interface.c bsc_version.c bsc_api.c vty_interface_cmds.c -libmsc_a_SOURCES = gsm_subscriber.c db.c telnet_interface.c \ +libmsc_a_SOURCES = gsm_subscriber.c db.c \ mncc.c gsm_04_08.c gsm_04_11.c transaction.c \ token_auth.c rrlp.c gsm_04_80.c ussd.c silent_call.c \ - handover_logic.c handover_decision.c meas_rep.c + handover_logic.c handover_decision.c libvty_a_SOURCES = vty/buffer.c vty/command.c vty/vector.c vty/vty.c @@ -33,6 +34,10 @@ bsc_hack_LDADD = libmsc.a libbsc.a libmsc.a libvty.a -ldl -ldbi $(LIBCRYPT) bs11_config_SOURCES = bs11_config.c abis_nm.c gsm_data.c debug.c \ rs232.c bts_siemens_bs11.c +bsc_msc_ip_SOURCES = bssap.c bsc_msc_ip.c bsc_init.c vty_interface.c vty_interface_bsc.c \ + bsc_msc.c +bsc_msc_ip_LDADD = libbsc.a libvty.a libsccp.a + ipaccess_find_SOURCES = ipaccess/ipaccess-find.c @@ -42,7 +47,13 @@ ipaccess_config_LDADD = libbsc.a libmsc.a libbsc.a libvty.a -ldl -ldbi $(LIBCRYP isdnsync_SOURCES = isdnsync.c bsc_mgcp_SOURCES = mgcp/mgcp_main.c mgcp/mgcp_protocol.c mgcp/mgcp_network.c mgcp/mgcp_vty.c \ - debug.c telnet_interface.c + debug.c telnet_interface.c vty_interface_cmds.c bsc_mgcp_LDADD = libvty.a ipaccess_proxy_SOURCES = ipaccess/ipaccess-proxy.c debug.c + +bsc_nat_SOURCES = nat/bsc_nat.c nat/bsc_filter.c nat/bsc_sccp.c \ + nat/bsc_nat_utils.c nat/bsc_nat_vty.c nat/bsc_mgcp_utils.c \ + mgcp/mgcp_protocol.c mgcp/mgcp_network.c mgcp/mgcp_vty.c \ + bsc_msc.c bssap.c +bsc_nat_LDADD = libvty.a libbsc.a libsccp.a diff --git a/openbsc/src/abis_rsl.c b/openbsc/src/abis_rsl.c index 0e572ccce..939143f2e 100644 --- a/openbsc/src/abis_rsl.c +++ b/openbsc/src/abis_rsl.c @@ -718,14 +718,15 @@ int rsl_establish_request(struct gsm_lchan *lchan, u_int8_t link_id) RELEASE CONFIRM, which we in turn use to trigger RSL CHANNEL RELEASE, which in turn is acknowledged by RSL CHANNEL RELEASE ACK, which calls lchan_free() */ -int rsl_release_request(struct gsm_lchan *lchan, u_int8_t link_id) +int rsl_release_request(struct gsm_lchan *lchan, u_int8_t link_id, u_int8_t reason) { struct msgb *msg; msg = rsl_rll_simple(RSL_MT_REL_REQ, lchan2chan_nr(lchan), link_id, 0); - msgb_tv_put(msg, RSL_IE_RELEASE_MODE, 0); /* normal release */ + /* 0 is normal release, 1 is local end */ + msgb_tv_put(msg, RSL_IE_RELEASE_MODE, reason); lchan->state = LCHAN_S_REL_REQ; /* FIXME: start some timer in case we don't receive a REL ACK ? */ @@ -1105,8 +1106,8 @@ static int rsl_rx_chan_rqd(struct msgb *msg) /* determine channel type (SDCCH/TCH_F/TCH_H) based on * request reference RA */ - lctype = get_ctype_by_chreq(bts, rqd_ref->ra, bts->network->neci); - chreq_reason = get_reason_by_chreq(bts, rqd_ref->ra, bts->network->neci); + lctype = get_ctype_by_chreq(bts->network, rqd_ref->ra); + chreq_reason = get_reason_by_chreq(rqd_ref->ra, bts->network->neci); counter_inc(bts->network->stats.chreq.total); @@ -1330,31 +1331,11 @@ static u_int8_t ipa_smod_s_for_lchan(struct gsm_lchan *lchan) { switch (lchan->tch_mode) { case GSM48_CMODE_SPEECH_V1: - switch (lchan->type) { - case GSM_LCHAN_TCH_F: - return 0x00; - case GSM_LCHAN_TCH_H: - return 0x03; - default: - break; - } + return 0x00; case GSM48_CMODE_SPEECH_EFR: - switch (lchan->type) { - case GSM_LCHAN_TCH_F: - return 0x01; - /* there's no half-rate EFR */ - default: - break; - } + return 0x01; case GSM48_CMODE_SPEECH_AMR: - switch (lchan->type) { - case GSM_LCHAN_TCH_F: - return 0x02; - case GSM_LCHAN_TCH_H: - return 0x05; - default: - break; - } + return 0x02; default: break; } @@ -1652,9 +1633,21 @@ static int abis_rsl_rx_ipacc(struct msgb *msg) /* Entry-point where L2 RSL from BTS enters */ int abis_rsl_rcvmsg(struct msgb *msg) { - struct abis_rsl_common_hdr *rslh = msgb_l2(msg) ; + struct abis_rsl_common_hdr *rslh; int rc = 0; + if (!msg) { + DEBUGP(DRSL, "Empty RSL msg?..\n"); + return -1; + } + + if (msgb_l2len(msg) < sizeof(*rslh)) { + DEBUGP(DRSL, "Truncated RSL message with l2len: %u\n", msgb_l2len(msg)); + return -1; + } + + rslh = msgb_l2(msg); + switch (rslh->msg_discr & 0xfe) { case ABIS_RSL_MDISC_RLL: rc = abis_rsl_rx_rll(msg); diff --git a/openbsc/src/bs11_config.c b/openbsc/src/bs11_config.c index a7493b422..8193ecd34 100644 --- a/openbsc/src/bs11_config.c +++ b/openbsc/src/bs11_config.c @@ -870,3 +870,8 @@ int main(int argc, char **argv) exit(0); } + +/* dummy to be able to compile */ +void gsm_net_update_ctype(struct gsm_network *net) +{ +} diff --git a/openbsc/src/bsc-nat.cfg b/openbsc/src/bsc-nat.cfg new file mode 100644 index 000000000..eb943754a --- /dev/null +++ b/openbsc/src/bsc-nat.cfg @@ -0,0 +1,24 @@ +! +! BSC NAT configuration hand edited +! ! +password foo +! +line vty + no login +! +nat + bsc 0 + token zecke + location_area_code 3 + bsc 1 + token roch + location_area_code 4 +mgcp + local ip 10.0.0.23 + bts ip 0.0.0.0 + bind ip 127.0.0.1 + bind port 2427 + bind early 1 + rtp base 4000 + number endpoints 31 + call agent ip 127.0.0.1 diff --git a/openbsc/src/bsc_init.c b/openbsc/src/bsc_init.c index f3436621f..5ef22db40 100644 --- a/openbsc/src/bsc_init.c +++ b/openbsc/src/bsc_init.c @@ -426,6 +426,7 @@ int nm_state_event(enum nm_evt evt, u_int8_t obj_class, void *obj, case NM_OC_BTS: bts = obj; if (new_state->availability == NM_AVSTATE_DEPENDENCY) { + printf("STARTING BTS...\n"); patch_nm_tables(bts); abis_nm_set_bts_attr(bts, nanobts_attr_bts, sizeof(nanobts_attr_bts)); @@ -441,6 +442,7 @@ int nm_state_event(enum nm_evt evt, u_int8_t obj_class, void *obj, trx = ts->trx; if (new_state->operational == 1 && new_state->availability == NM_AVSTATE_DEPENDENCY) { + printf("STARTING OC Channel...\n"); patch_nm_tables(trx->bts); enum abis_nm_chan_comb ccomb = abis_nm_chcomb4pchan(ts->pchan); diff --git a/openbsc/src/bsc_msc.c b/openbsc/src/bsc_msc.c new file mode 100644 index 000000000..3ebb1d1bd --- /dev/null +++ b/openbsc/src/bsc_msc.c @@ -0,0 +1,214 @@ +/* Routines to talk to the MSC using the IPA Protocol */ +/* + * (C) 2010 by Holger Hans Peter Freyther <zecke@selfish.org> + * (C) 2010 by On-Waves + * All Rights Reserved + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + */ + +#include <openbsc/bsc_msc.h> +#include <openbsc/debug.h> + +#include <osmocore/write_queue.h> +#include <osmocore/talloc.h> + +#include <arpa/inet.h> +#include <sys/socket.h> +#include <errno.h> +#include <fcntl.h> +#include <stdio.h> +#include <string.h> +#include <unistd.h> + +static void connection_loss(struct bsc_msc_connection *con) +{ + struct bsc_fd *fd; + + fd = &con->write_queue.bfd; + + close(fd->fd); + fd->fd = -1; + fd->cb = write_queue_bfd_cb; + fd->when = 0; + + con->is_connected = 0; + con->connection_loss(con); +} + +/* called in the case of a non blocking connect */ +static int msc_connection_connect(struct bsc_fd *fd, unsigned int what) +{ + int rc; + int val; + struct bsc_msc_connection *con; + struct write_queue *queue; + + socklen_t len = sizeof(val); + + if ((what & BSC_FD_WRITE) == 0) { + LOGP(DMSC, LOGL_ERROR, "Callback but not readable.\n"); + return -1; + } + + queue = container_of(fd, struct write_queue, bfd); + con = container_of(queue, struct bsc_msc_connection, write_queue); + + /* check the socket state */ + rc = getsockopt(fd->fd, SOL_SOCKET, SO_ERROR, &val, &len); + if (rc != 0) { + LOGP(DMSC, LOGL_ERROR, "getsockopt for the MSC socket failed.\n"); + goto error; + } + if (val != 0) { + LOGP(DMSC, LOGL_ERROR, "Not connected to the MSC: %d\n", val); + goto error; + } + + + /* go to full operation */ + fd->cb = write_queue_bfd_cb; + fd->when = BSC_FD_READ; + + con->is_connected = 1; + LOGP(DMSC, LOGL_NOTICE, "(Re)Connected to the MSC.\n"); + if (con->connected) + con->connected(con); + return 0; + +error: + bsc_unregister_fd(fd); + connection_loss(con); + return -1; +} +static void setnonblocking(struct bsc_fd *fd) +{ + int flags; + + flags = fcntl(fd->fd, F_GETFL); + if (flags < 0) { + perror("fcntl get failed"); + close(fd->fd); + fd->fd = -1; + return; + } + + flags |= O_NONBLOCK; + flags = fcntl(fd->fd, F_SETFL, flags); + if (flags < 0) { + perror("fcntl get failed"); + close(fd->fd); + fd->fd = -1; + return; + } +} + +int bsc_msc_connect(struct bsc_msc_connection *con) +{ + struct bsc_fd *fd; + struct sockaddr_in sin; + int on = 1, ret; + + LOGP(DMSC, LOGL_NOTICE, "Attempting to connect MSC at %s:%d\n", con->ip, con->port); + + con->is_connected = 0; + + fd = &con->write_queue.bfd; + fd->fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); + fd->data = NULL; + fd->priv_nr = 1; + + if (fd->fd < 0) { + perror("Creating TCP socket failed"); + return fd->fd; + } + + /* make it non blocking */ + setnonblocking(fd); + + memset(&sin, 0, sizeof(sin)); + sin.sin_family = AF_INET; + sin.sin_port = htons(con->port); + inet_aton(con->ip, &sin.sin_addr); + + setsockopt(fd->fd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)); + ret = connect(fd->fd, (struct sockaddr *) &sin, sizeof(sin)); + + if (ret == -1 && errno == EINPROGRESS) { + LOGP(DMSC, LOGL_ERROR, "MSC Connection in progress\n"); + fd->when = BSC_FD_WRITE; + fd->cb = msc_connection_connect; + } else if (ret < 0) { + perror("Connection failed"); + connection_loss(con); + return ret; + } else { + fd->when = BSC_FD_READ; + fd->cb = write_queue_bfd_cb; + con->is_connected = 1; + if (con->connected) + con->connected(con); + } + + ret = bsc_register_fd(fd); + if (ret < 0) { + perror("Registering the fd failed"); + close(fd->fd); + return ret; + } + + return ret; +} + + +struct bsc_msc_connection *bsc_msc_create(const char *ip, int port) +{ + struct bsc_msc_connection *con; + + con = talloc_zero(NULL, struct bsc_msc_connection); + if (!con) { + LOGP(DMSC, LOGL_FATAL, "Failed to create the MSC connection.\n"); + return NULL; + } + + con->ip = ip; + con->port = port; + write_queue_init(&con->write_queue, 100); + return con; +} + +void bsc_msc_lost(struct bsc_msc_connection *con) +{ + write_queue_clear(&con->write_queue); + bsc_unregister_fd(&con->write_queue.bfd); + connection_loss(con); +} + +static void reconnect_msc(void *_msc) +{ + struct bsc_msc_connection *con = _msc; + + LOGP(DMSC, LOGL_NOTICE, "Attempting to reconnect to the MSC.\n"); + bsc_msc_connect(con); +} + +void bsc_msc_schedule_connect(struct bsc_msc_connection *con) +{ + LOGP(DMSC, LOGL_NOTICE, "Attempting to reconnect to the MSC.\n"); + con->reconnect_timer.cb = reconnect_msc; + con->reconnect_timer.data = con; + bsc_schedule_timer(&con->reconnect_timer, 5, 0); +} diff --git a/openbsc/src/bsc_msc_ip.c b/openbsc/src/bsc_msc_ip.c new file mode 100644 index 000000000..862bac02e --- /dev/null +++ b/openbsc/src/bsc_msc_ip.c @@ -0,0 +1,1071 @@ +/* A hackish minimal BSC (+MSC +HLR) implementation */ + +/* (C) 2008-2009 by Harald Welte <laforge@gnumonks.org> + * (C) 2009 by Holger Hans Peter Freyther <zecke@selfish.org> + * (C) 2009 by On-Waves + * All Rights Reserved + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + */ + +#include <unistd.h> +#include <time.h> +#include <errno.h> +#include <signal.h> +#include <fcntl.h> +#include <sys/stat.h> + +#include <sys/socket.h> +#include <netinet/in.h> +#include <arpa/inet.h> + +#define _GNU_SOURCE +#include <getopt.h> + +#include <openbsc/debug.h> +#include <openbsc/e1_input.h> +#include <openbsc/ipaccess.h> +#include <openbsc/bssap.h> +#include <openbsc/paging.h> +#include <openbsc/signal.h> +#include <openbsc/chan_alloc.h> +#include <openbsc/bsc_msc.h> +#include <openbsc/bsc_nat.h> + +#include <osmocore/select.h> +#include <osmocore/talloc.h> +#include <osmocore/write_queue.h> + +#include <sccp/sccp.h> + +/* SCCP helper */ +#define SCCP_IT_TIMER 60 + +/* MCC and MNC for the Location Area Identifier */ +static struct log_target *stderr_target; +struct gsm_network *bsc_gsmnet = 0; +static const char *config_file = "openbsc.cfg"; +static char *msc_address = "127.0.0.1"; +static struct bsc_msc_connection *msc_con; +static struct in_addr local_addr; +static LLIST_HEAD(active_connections); +static struct write_queue mgcp_agent; +extern int ipacc_rtp_direct; + +extern int bsc_bootstrap_network(int (*layer4)(struct gsm_network *, int, void *), const char *cfg_file); +extern int bsc_shutdown_net(struct gsm_network *net); + +struct bss_sccp_connection_data *bss_sccp_create_data() +{ + struct bss_sccp_connection_data *data; + + data = _talloc_zero(tall_bsc_ctx, + sizeof(struct bss_sccp_connection_data), + "bsc<->msc"); + if (!data) + return NULL; + + INIT_LLIST_HEAD(&data->sccp_queue); + INIT_LLIST_HEAD(&data->gsm_queue); + llist_add_tail(&data->active_connections, &active_connections); + return data; +} + +void bss_sccp_free_data(struct bss_sccp_connection_data *data) +{ + bsc_del_timer(&data->T10); + bsc_del_timer(&data->sccp_it); + if (data->sccp) + bsc_free_queued(data->sccp); + bts_free_queued(data); + llist_del(&data->active_connections); + talloc_free(data); +} + +static void sccp_it_fired(void *_data) +{ + struct bss_sccp_connection_data *data = + (struct bss_sccp_connection_data *) _data; + + sccp_connection_send_it(data->sccp); + bsc_schedule_timer(&data->sccp_it, SCCP_IT_TIMER, 0); +} + + +/* GSM subscriber drop-ins */ +extern struct llist_head *subscr_bsc_active_subscriber(void); +struct gsm_subscriber *find_subscriber(u_int8_t type, const char *mi_string) +{ + struct gsm_subscriber *subscr; + u_int32_t tmsi = GSM_RESERVED_TMSI; + if (type == GSM_MI_TYPE_TMSI) { + tmsi = tmsi_from_string(mi_string); + if (tmsi == GSM_RESERVED_TMSI) { + DEBUGP(DMSC, "The TMSI is the reserved one.\n"); + return NULL; + } + } + + llist_for_each_entry(subscr, subscr_bsc_active_subscriber(), entry) { + if (type == GSM_MI_TYPE_TMSI && tmsi == subscr->tmsi) { + return subscr_get(subscr); + } else if (type == GSM_MI_TYPE_IMSI && strcmp(mi_string, subscr->imsi) == 0) { + return subscr_get(subscr); + } + } + + DEBUGP(DMSC, "No subscriber has been found.\n"); + return NULL; +} + + + +/* SCCP handling */ +void msc_outgoing_sccp_data(struct sccp_connection *conn, struct msgb *msg, unsigned int len) +{ + struct bssmap_header *bs; + + if (len < 1) { + DEBUGP(DMSC, "The header is too short.\n"); + return; + } + + switch (msg->l3h[0]) { + case BSSAP_MSG_BSS_MANAGEMENT: + msg->l4h = &msg->l3h[sizeof(*bs)]; + msg->lchan = sccp_get_lchan(conn->data_ctx); + bssmap_rcvmsg_dt1(conn, msg, len - sizeof(*bs)); + break; + case BSSAP_MSG_DTAP: + dtap_rcvmsg(sccp_get_lchan(conn->data_ctx), msg, len); + break; + default: + DEBUGPC(DMSC, "Unimplemented msg type: %d\n", msg->l3h[0]); + } +} + +void msc_outgoing_sccp_state(struct sccp_connection *conn, int old_state) +{ + if (conn->connection_state >= SCCP_CONNECTION_STATE_RELEASE_COMPLETE) { + DEBUGP(DMSC, "Freeing sccp conn: %p state: %d\n", conn, conn->connection_state); + if (sccp_get_lchan(conn->data_ctx) != NULL) { + struct gsm_lchan *lchan = sccp_get_lchan(conn->data_ctx); + + DEBUGP(DMSC, "ERROR: The lchan is still associated\n."); + + lchan->msc_data = NULL; + put_subscr_con(&lchan->conn, 0); + } + + bss_sccp_free_data((struct bss_sccp_connection_data *)conn->data_ctx); + sccp_connection_free(conn); + return; + } else if (conn->connection_state == SCCP_CONNECTION_STATE_ESTABLISHED) { + struct bss_sccp_connection_data *con_data; + + DEBUGP(DMSC, "Connection established: %p\n", conn); + + /* start the inactivity test timer */ + con_data = (struct bss_sccp_connection_data *) conn->data_ctx; + con_data->sccp_it.cb = sccp_it_fired; + con_data->sccp_it.data = con_data; + bsc_schedule_timer(&con_data->sccp_it, SCCP_IT_TIMER, 0); + + bsc_send_queued(conn); + } +} + +/* + * General COMPLETE LAYER3 INFORMATION handling for + * PAGING RESPONSE, LOCATION UPDATING REQUEST, CM REESTABLISHMENT REQUEST, + * CM SERVICE REQUEST, IMSI DETACH, IMMEDIATE SETUP. + * + * IMMEDIATE SETUP is coming from GROUP CC that is not yet + * supported... + */ +static int open_sccp_connection(struct msgb *layer3) +{ + struct bss_sccp_connection_data *con_data; + struct sccp_connection *sccp_connection; + struct msgb *data; + + /* When not connected to a MSC. We will simply close things down. */ + if (!msc_con->is_connected) { + LOGP(DMSC, LOGL_ERROR, "Not connected to a MSC. Not forwarding data.\n"); + use_subscr_con(&layer3->lchan->conn); + put_subscr_con(&layer3->lchan->conn, 0); + return -1; + } + + DEBUGP(DMSC, "Opening new layer3 connection\n"); + sccp_connection = sccp_connection_socket(); + if (!sccp_connection) { + DEBUGP(DMSC, "Failed to allocate memory.\n"); + return -ENOMEM; + } + + data = bssmap_create_layer3(layer3); + if (!data) { + DEBUGP(DMSC, "Failed to allocate complete layer3.\n"); + sccp_connection_free(sccp_connection); + return -ENOMEM; + } + + con_data = bss_sccp_create_data(); + if (!con_data) { + DEBUGP(DMSC, "Failed to allocate bss<->msc data.\n"); + sccp_connection_free(sccp_connection); + msgb_free(data); + return -ENOMEM; + } + + /* initialize the bridge */ + con_data->lchan = layer3->lchan; + con_data->sccp = sccp_connection; + + sccp_connection->state_cb = msc_outgoing_sccp_state; + sccp_connection->data_cb = msc_outgoing_sccp_data; + sccp_connection->data_ctx = con_data; + layer3->lchan->msc_data = con_data; + + /* FIXME: Use transaction for this */ + use_subscr_con(&layer3->lchan->conn); + sccp_connection_connect(sccp_connection, &sccp_ssn_bssap, data); + msgb_free(data); + + return 1; +} + +/* figure out if this is the inial layer3 message */ +static int send_dtap_or_open_connection(struct msgb *msg) +{ + if (msg->lchan->msc_data) { + struct msgb *dtap = dtap_create_msg(msg, 0); + if (!dtap) { + DEBUGP(DMSC, "Creating a DTAP message failed.\n"); + return -1; + } + + bsc_queue_connection_write(lchan_get_sccp(msg->lchan), dtap); + return 1; + } else { + return open_sccp_connection(msg); + } +} + +/* Receive a PAGING RESPONSE message from the MS */ +static int handle_paging_response(struct msgb *msg) +{ + struct gsm_subscriber *subscr; + char mi_string[GSM48_MI_SIZE]; + u_int8_t mi_type; + + gsm48_paging_extract_mi(msg, mi_string, &mi_type); + DEBUGP(DMSC, "PAGING RESPONSE: mi_type=0x%02x MI(%s)\n", + mi_type, mi_string); + + subscr = find_subscriber(mi_type, mi_string); + if (!subscr) + return -EINVAL; + + /* force the paging to stop at every bts */ + subscr->lac = GSM_LAC_RESERVED_ALL_BTS; + if (gsm48_handle_paging_resp(msg, subscr) != 0) { + DEBUGP(DMSC, "Paging failed.\n"); + return -1; + } + + /* open a new transaction and SCCP connection */ + return send_dtap_or_open_connection(msg); +} + +/* Receive a CIPHER MODE COMPLETE from the MS */ +static int handle_cipher_m_complete(struct msgb *msg) +{ + struct msgb *resp; + + if (!msg->lchan->msc_data) { + LOGP(DMSC, LOGL_ERROR, "No MSC data for CIPHER MODE COMPLETE.\n"); + return -1; + } + + DEBUGP(DMSC, "CIPHER MODE COMPLETE from MS, forwarding to MSC\n"); + resp = bssmap_create_cipher_complete(msg); + if (!resp) { + DEBUGP(DMSC, "Creating MSC response failed.\n"); + return -1; + } + + + /* handled this message */ + bts_unblock_queue(msg->lchan->msc_data); + bsc_queue_connection_write(lchan_get_sccp(msg->lchan), resp); + return 1; +} + +/* Receive a ASSIGNMENT COMPLETE */ +static int handle_ass_compl(struct msgb *msg) +{ + struct gsm_lchan *old_chan; + struct gsm48_hdr *gh = msgb_l3(msg); + + DEBUGP(DMSC, "ASSIGNMENT COMPLETE from MS, forwarding to MSC\n"); + + if (!msg->lchan->msc_data) { + LOGP(DMSC, LOGL_ERROR, "No MSC data\n"); + put_subscr_con(&msg->lchan->conn, 0); + return -1; + } + + if (msg->lchan->msc_data->secondary_lchan != msg->lchan) { + LOGP(DMSC, LOGL_NOTICE, "Wrong assignment complete.\n"); + put_subscr_con(&msg->lchan->conn, 0); + return -1; + } + + if (msgb_l3len(msg) - sizeof(*gh) != 1) { + DEBUGP(DMSC, "assignment failure invalid: %d\n", + msgb_l3len(msg) - sizeof(*gh)); + put_subscr_con(&msg->lchan->conn, 0); + return -1; + } + + /* swap the channels and release the old */ + old_chan = msg->lchan->msc_data->lchan; + msg->lchan->msc_data->lchan = msg->lchan; + msg->lchan->msc_data->secondary_lchan = NULL; + old_chan->msc_data = NULL; + + /* give up the old channel to not do a SACCH deactivate */ + subscr_put(old_chan->conn.subscr); + old_chan->conn.subscr = NULL; + put_subscr_con(&old_chan->conn, 1); + + /* activate audio on it... */ + if (is_ipaccess_bts(msg->lchan->ts->trx->bts) && msg->lchan->tch_mode != GSM48_CMODE_SIGN) + rsl_ipacc_crcx(msg->lchan); + + gsm0808_send_assignment_compl(msg->lchan, gh->data[0]); + return 1; +} + +/* + * Receive a ASSIGNMENT FAILURE. If the message is failed + * to be parsed the T10 timer will send the failure. + */ +static int handle_ass_fail(struct msgb *msg) +{ + struct gsm48_hdr *gh = msgb_l3(msg); + + DEBUGP(DMSC, "ASSIGNMENT FAILURE from MS, forwarding to MSC\n"); + if (!msg->lchan->msc_data) { + LOGP(DMSC, LOGL_ERROR, "No MSC data\n"); + put_subscr_con(&msg->lchan->conn, 0); + return -1; + } + + if (msg->lchan->msc_data->secondary_lchan != msg->lchan) { + LOGP(DMSC, LOGL_NOTICE, "Wrong assignment complete.\n"); + put_subscr_con(&msg->lchan->conn, 0); + return -1; + } + + if (msgb_l3len(msg) - sizeof(*gh) != 1) { + DEBUGP(DMSC, "assignment failure invalid: %d\n", + msgb_l3len(msg) - sizeof(*gh)); + put_subscr_con(&msg->lchan->conn, 0); + return -1; + } + + gsm0808_send_assignment_failure(msg->lchan, + GSM0808_CAUSE_RADIO_INTERFACE_MESSAGE_FAILURE, &gh->data[0]); + return 1; +} + +/* + * Receive a GSM04.08 MODIFY ACK. Actually we have to check + * the content to see if this was a success or not. + */ +static int handle_modify_ack(struct msgb *msg) +{ + int rc; + + if (!msg->lchan->msc_data) { + LOGP(DMSC, LOGL_ERROR, "No MSC data for modify ack.\n"); + return -1; + } + + /* modify RSL */ + rc = gsm48_rx_rr_modif_ack(msg); + if (rc < 0) + gsm0808_send_assignment_failure(msg->lchan, + GSM0808_CAUSE_NO_RADIO_RESOURCE_AVAILABLE, NULL); + else + gsm0808_send_assignment_compl(msg->lchan, 0); + + return 1; +} + +/* Receive a GSM 04.08 Radio Resource (RR) message */ +static int gsm0408_rcv_rr(struct msgb *msg) +{ + struct gsm48_hdr *gh = msgb_l3(msg); + int rc = 0; + + switch (gh->msg_type) { + case GSM48_MT_RR_PAG_RESP: + rc = handle_paging_response(msg); + break; + case GSM48_MT_RR_MEAS_REP: + /* ignore measurement for now */ + rc = -1; + break; + case GSM48_MT_RR_CIPH_M_COMPL: + rc = handle_cipher_m_complete(msg); + break; + case GSM48_MT_RR_ASS_COMPL: + rc = handle_ass_compl(msg); + break; + case GSM48_MT_RR_ASS_FAIL: + rc = handle_ass_fail(msg); + break; + case GSM48_MT_RR_CHAN_MODE_MODIF_ACK: + rc = handle_modify_ack(msg); + break; + default: + break; + } + + return rc; +} + +/* Receive a GSM 04.08 Mobility Management (MM) message */ +static int gsm0408_rcv_mm(struct msgb *msg) +{ + struct gsm48_hdr *gh = msgb_l3(msg); + int rc = 0; + + switch (gh->msg_type & 0xbf) { + case GSM48_MT_MM_LOC_UPD_REQUEST: + case GSM48_MT_MM_CM_REEST_REQ: + case GSM48_MT_MM_CM_SERV_REQ: + case GSM48_MT_MM_IMSI_DETACH_IND: + rc = send_dtap_or_open_connection(msg); + break; + default: + break; + } + + return rc; +} + +int gsm0408_rcvmsg(struct msgb *msg, u_int8_t link_id) +{ + struct gsm48_hdr *gh = msgb_l3(msg); + u_int8_t pdisc = gh->proto_discr & 0x0f; + int rc = 0; + + switch (pdisc) { + case GSM48_PDISC_RR: + rc = gsm0408_rcv_rr(msg); + break; + case GSM48_PDISC_MM: + rc = gsm0408_rcv_mm(msg); + break; + default: + break; + } + + /* + * if we have a sccp connection and didn't handle the message + * forward it to the MSC using DTAP + */ + if (rc == 0 && msg->lchan->msc_data && lchan_get_sccp(msg->lchan)) { + struct msgb *dtap = dtap_create_msg(msg, link_id); + if (!dtap) { + DEBUGP(DMSC, "Creating a DTAP message failed.\n"); + return -1; + } + + bsc_queue_connection_write(lchan_get_sccp(msg->lchan), dtap); + } + + return rc; +} + +/* handle ipaccess signals */ +static int handle_abisip_signal(unsigned int subsys, unsigned int signal, + void *handler_data, void *signal_data) +{ + struct gsm_lchan *lchan = signal_data; + struct gsm_bts_trx_ts *ts; + int rc; + + if (subsys != SS_ABISIP) + return 0; + + ts = lchan->ts; + + switch (signal) { + case S_ABISIP_CRCX_ACK: + /* we can ask it to connect now */ + if (lchan->msc_data) { + DEBUGP(DMSC, "Connecting BTS to port: %d conn: %d\n", + lchan->msc_data->rtp_port, lchan->abis_ip.conn_id); + + int rtp_payload = ts->trx->bts->network->rtp_payload; + if (rtp_payload == 0) + rtp_payload = lchan->abis_ip.rtp_payload2; + + rc = rsl_ipacc_mdcx(lchan, ntohl(local_addr.s_addr), + lchan->msc_data->rtp_port, + rtp_payload); + if (rc < 0) { + DEBUGP(DMSC, "Failed to send connect: %d\n", rc); + return rc; + } + } + break; + case S_ABISIP_DLCX_IND: + break; + } + + return 0; +} + +static void print_usage() +{ + printf("Usage: bsc_hack\n"); +} + +/* + * SCCP handling + */ +static int msc_queue_write(struct msgb *msg, int proto) +{ + ipaccess_prepend_header(msg, proto); + if (write_queue_enqueue(&msc_con->write_queue, msg) != 0) { + LOGP(DMSC, LOGL_FATAL, "Failed to queue IPA/%d\n", proto); + msgb_free(msg); + return -1; + } + + return 0; +} + +static int msc_sccp_do_write(struct bsc_fd *fd, struct msgb *msg) +{ + int ret; + + DEBUGP(DMSC, "Sending SCCP to MSC: %u\n", msgb_l2len(msg)); + DEBUGP(DMI, "MSC TX %s\n", hexdump(msg->l2h, msgb_l2len(msg))); + + ret = write(msc_con->write_queue.bfd.fd, msg->data, msg->len); + if (ret < msg->len) + perror("MSC: Failed to send SCCP"); + + return ret; +} + +static void msc_sccp_write_ipa(struct msgb *msg, void *data) +{ + msc_queue_write(msg, IPAC_PROTO_SCCP); +} + +/* + * mgcp forwarding is below + */ +static int mgcp_do_write(struct bsc_fd *fd, struct msgb *msg) +{ + int ret; + + LOGP(DMGCP, LOGL_DEBUG, "Sending msg to MGCP GW size: %u\n", msg->len); + + ret = write(fd->fd, msg->data, msg->len); + if (ret != msg->len) + LOGP(DMGCP, LOGL_ERROR, "Failed to forward message to MGCP GW (%s).\n", strerror(errno)); + + return ret; +} + +static int mgcp_do_read(struct bsc_fd *fd) +{ + struct msgb *mgcp; + int ret; + + mgcp = msgb_alloc_headroom(4096, 128, "mgcp_from_gw"); + if (!mgcp) { + LOGP(DMGCP, LOGL_ERROR, "Failed to allocate MGCP message.\n"); + return -1; + } + + ret = read(fd->fd, mgcp->data, mgcp->data_len); + if (ret <= 0) { + LOGP(DMGCP, LOGL_ERROR, "Failed to read: %d/%s\n", errno, strerror(errno)); + msgb_free(mgcp); + return -1; + } else if (ret > 4096 - 128) { + LOGP(DMGCP, LOGL_ERROR, "Too much data: %d\n", ret); + msgb_free(mgcp); + return -1; + } + + mgcp->l2h = msgb_put(mgcp, ret); + msc_queue_write(mgcp, NAT_IPAC_PROTO_MGCP); + return 0; +} + +static void mgcp_forward(struct msgb *msg) +{ + struct msgb *mgcp; + + if (msgb_l2len(msg) > 4096) { + LOGP(DMGCP, LOGL_ERROR, "Can not forward too big message.\n"); + return; + } + + mgcp = msgb_alloc(4096, "mgcp_to_gw"); + if (!mgcp) { + LOGP(DMGCP, LOGL_ERROR, "Failed to send message.\n"); + return; + } + + msgb_put(mgcp, msgb_l2len(msg)); + memcpy(mgcp->data, msg->l2h, mgcp->len); + if (write_queue_enqueue(&mgcp_agent, mgcp) != 0) { + LOGP(DMGCP, LOGL_FATAL, "Could not queue message to MGCP GW.\n"); + msgb_free(mgcp); + } +} +static int mgcp_create_port(void) +{ + int on; + struct sockaddr_in addr; + + mgcp_agent.bfd.fd = socket(AF_INET, SOCK_DGRAM, 0); + if (mgcp_agent.bfd.fd < 0) { + LOGP(DMGCP, LOGL_FATAL, "Failed to create UDP socket errno: %d\n", errno); + return -1; + } + + on = 1; + setsockopt(mgcp_agent.bfd.fd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)); + + /* try to bind the socket */ + memset(&addr, 0, sizeof(addr)); + addr.sin_family = AF_INET; + addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK); + addr.sin_port = 0; + + if (bind(mgcp_agent.bfd.fd, (struct sockaddr *) &addr, sizeof(addr)) < 0) { + LOGP(DMGCP, LOGL_FATAL, "Failed to bind to any port.\n"); + close(mgcp_agent.bfd.fd); + mgcp_agent.bfd.fd = -1; + return -1; + } + + /* connect to the remote */ + addr.sin_port = htons(2427); + if (connect(mgcp_agent.bfd.fd, (struct sockaddr *) & addr, sizeof(addr)) < 0) { + LOGP(DMGCP, LOGL_FATAL, "Failed to connect to local MGCP GW. %s\n", strerror(errno)); + close(mgcp_agent.bfd.fd); + mgcp_agent.bfd.fd = -1; + return -1; + } + + write_queue_init(&mgcp_agent, 10); + mgcp_agent.bfd.when = BSC_FD_READ; + mgcp_agent.read_cb = mgcp_do_read; + mgcp_agent.write_cb = mgcp_do_write; + + if (bsc_register_fd(&mgcp_agent.bfd) != 0) { + LOGP(DMGCP, LOGL_FATAL, "Failed to register BFD\n"); + close(mgcp_agent.bfd.fd); + mgcp_agent.bfd.fd = -1; + return -1; + } + + + return 0; +} + + +static int msc_sccp_accept(struct sccp_connection *connection, void *data) +{ + DEBUGP(DMSC, "Rejecting incoming SCCP connection.\n"); + return -1; +} + +static int msc_sccp_read(struct msgb *msgb, unsigned int length, void *data) +{ + struct bssmap_header *bs; + + DEBUGP(DMSC, "Incoming SCCP message ftom MSC: %s\n", hexdump(msgb->l3h, length)); + + if (length < sizeof(*bs)) { + DEBUGP(DMSC, "The header is too short.\n"); + return -1; + } + + bs = (struct bssmap_header *) msgb->l3h; + if (bs->length < length - sizeof(*bs)) + return -1; + + switch (bs->type) { + case BSSAP_MSG_BSS_MANAGEMENT: + msgb->l4h = &msgb->l3h[sizeof(*bs)]; + bssmap_rcvmsg_udt(bsc_gsmnet, msgb, length - sizeof(*bs)); + break; + default: + DEBUGPC(DMSC, "Unimplemented msg type: %d\n", bs->type); + } + + return 0; +} + + +/* + * network initialisation + */ +static void initialize_if_needed(void) +{ + if (!bsc_gsmnet) { + int rc; + struct msgb *msg; + + fprintf(stderr, "Bootstraping the network. Sending GSM08.08 reset.\n"); + rc = bsc_bootstrap_network(NULL, config_file); + if (rc < 0) { + fprintf(stderr, "Bootstrapping the network failed. exiting.\n"); + exit(1); + } + + + /* send a gsm 08.08 reset message from here */ + msg = bssmap_create_reset(); + if (!msg) { + DEBUGP(DMSC, "Failed to create the reset message.\n"); + return; + } + + sccp_write(msg, &sccp_ssn_bssap, &sccp_ssn_bssap, 0); + msgb_free(msg); + } +} + +static void send_id_get_response(int fd) +{ + struct msgb *msg; + if (!bsc_gsmnet) { + LOGP(DMSC, LOGL_ERROR, "The network is not initialized yet.\n"); + return; + } + + if (!bsc_gsmnet->bsc_token) { + LOGP(DMSC, LOGL_ERROR, "The bsc token is not set.\n"); + return; + } + + msg = msgb_alloc_headroom(4096, 128, "id resp"); + + msg->l2h = msgb_v_put(msg, IPAC_MSGT_ID_RESP); + msgb_l16tv_put(msg, strlen(bsc_gsmnet->bsc_token) + 1, + IPAC_IDTAG_UNITNAME, (u_int8_t *) bsc_gsmnet->bsc_token); + ipaccess_prepend_header(msg, IPAC_PROTO_IPACCESS); + + if (write(fd, msg->data, msg->len) != msg->len) { + LOGP(DMSC, LOGL_ERROR, "Short write.\n"); + } + + msgb_free(msg); +} + +/* + * The connection to the MSC was lost and we will need to free all + * resources and then attempt to reconnect. + */ +static void msc_connection_was_lost(struct bsc_msc_connection *msc) +{ + struct bss_sccp_connection_data *bss, *tmp; + + LOGP(DMSC, LOGL_ERROR, "Lost MSC connection. Freing stuff.\n"); + + llist_for_each_entry_safe(bss, tmp, &active_connections, active_connections) { + if (bss->lchan) { + bss->lchan->msc_data = NULL; + put_subscr_con(&bss->lchan->conn, 0); + bss->lchan = NULL; + } + + if (bss->secondary_lchan) { + bss->secondary_lchan->msc_data = NULL; + put_subscr_con(&bss->secondary_lchan->conn, 0); + bss->secondary_lchan = NULL; + } + + /* force the close by poking stuff */ + if (bss->sccp) { + sccp_connection_force_free(bss->sccp); + bss->sccp = NULL; + } + + bss_sccp_free_data(bss); + } + + bsc_msc_schedule_connect(msc); +} + +/* + * callback with IP access data + */ +static int ipaccess_a_fd_cb(struct bsc_fd *bfd) +{ + int error; + struct msgb *msg = ipaccess_read_msg(bfd, &error); + struct ipaccess_head *hh; + + if (!msg) { + if (error == 0) { + LOGP(DMSC, LOGL_ERROR, "The connection to the MSC was lost.\n"); + bsc_msc_lost(msc_con); + return -1; + } + + fprintf(stderr, "Failed to parse ip access message: %d\n", error); + return -1; + } + + DEBUGP(DMSC, "From MSC: %s proto: %d\n", hexdump(msg->data, msg->len), msg->l2h[0]); + + /* handle base message handling */ + hh = (struct ipaccess_head *) msg->data; + ipaccess_rcvmsg_base(msg, bfd); + + /* initialize the networking. This includes sending a GSM08.08 message */ + if (hh->proto == IPAC_PROTO_IPACCESS) { + if (msg->l2h[0] == IPAC_MSGT_ID_ACK) + initialize_if_needed(); + else if (msg->l2h[0] == IPAC_MSGT_ID_GET) { + send_id_get_response(bfd->fd); + } + } else if (hh->proto == IPAC_PROTO_SCCP) { + sccp_system_incoming(msg); + } else if (hh->proto == NAT_IPAC_PROTO_MGCP) { + mgcp_forward(msg); + } + + msgb_free(msg); + return 0; +} + +static void print_help() +{ + printf(" Some useful help...\n"); + printf(" -h --help this text\n"); + printf(" -d option --debug=DRLL:DCC:DMM:DRR:DRSL:DNM enable debugging\n"); + printf(" -s --disable-color\n"); + printf(" -c --config-file filename The config file to use.\n"); + printf(" -m --msc=IP. The address of the MSC.\n"); + printf(" -l --local=IP. The local address of the MGCP.\n"); + printf(" -e --log-level number. Set a global loglevel.\n"); +} + +static void handle_options(int argc, char** argv) +{ + while (1) { + int option_index = 0, c; + static struct option long_options[] = { + {"help", 0, 0, 'h'}, + {"debug", 1, 0, 'd'}, + {"config-file", 1, 0, 'c'}, + {"disable-color", 0, 0, 's'}, + {"timestamp", 0, 0, 'T'}, + {"rtp-proxy", 0, 0, 'P'}, + {"msc", 1, 0, 'm'}, + {"local", 1, 0, 'l'}, + {"log-level", 1, 0, 'e'}, + {0, 0, 0, 0} + }; + + c = getopt_long(argc, argv, "hd:sTPc:m:l:", + long_options, &option_index); + if (c == -1) + break; + + switch (c) { + case 'h': + print_usage(); + print_help(); + exit(0); + case 's': + log_set_use_color(stderr_target, 0); + break; + case 'd': + log_parse_category_mask(stderr_target, optarg); + break; + case 'c': + config_file = strdup(optarg); + break; + case 'T': + log_set_print_timestamp(stderr_target, 1); + break; + case 'P': + ipacc_rtp_direct = 0; + break; + case 'm': + msc_address = strdup(optarg); + break; + case 'l': + inet_aton(optarg, &local_addr); + break; + case 'e': + log_set_log_level(stderr_target, atoi(optarg)); + break; + default: + /* ignore */ + break; + } + } +} + +static void signal_handler(int signal) +{ + fprintf(stdout, "signal %u received\n", signal); + + switch (signal) { + case SIGINT: + bsc_shutdown_net(bsc_gsmnet); + sleep(3); + exit(0); + break; + case SIGABRT: + /* in case of abort, we want to obtain a talloc report + * and then return to the caller, who will abort the process */ + case SIGUSR1: + talloc_report_full(tall_bsc_ctx, stderr); + break; + case SIGUSR2: + if (!msc_con->is_connected) + return; + bsc_msc_lost(msc_con); + break; + default: + break; + } +} + +static void test_mode() +{ + static const u_int8_t assignment_req[] = { 0x01, 0x0b, 0x03, 0x01, 0x0b, 0x25, 0x01, 0x00, 0x01 }; + struct gsm_lchan lchan; + struct sccp_connection conn; + struct bss_sccp_connection_data data; + + struct gsm_bts_trx_ts trx_ts; + struct gsm_bts_trx trx; + struct gsm_bts bts; + int rc; + + /* initialize */ + fprintf(stderr, "Bootstraping the network. Sending GSM08.08 reset.\n"); + rc = bsc_bootstrap_network(NULL, config_file); + if (rc < 0) { + fprintf(stderr, "Bootstrapping the network failed. exiting.\n"); + exit(1); + } + + bts.network = bsc_gsmnet; + trx.bts = &bts; + trx_ts.trx = &trx; + lchan.ts = &trx_ts; + + /* create fake data connection */ + data.lchan = &lchan; + data.sccp = &conn; + lchan.msc_data = &data; + conn.data_ctx = &data; + + + struct msgb *msg = msgb_alloc(400, "test-msg"); + msg->lchan = &lchan; + + msg->l4h = msgb_put(msg, ARRAY_SIZE(assignment_req)); + memcpy(msg->l4h, assignment_req, ARRAY_SIZE(assignment_req)); + bssmap_rcvmsg_dt1(&conn, msg, ARRAY_SIZE(assignment_req)); +} + +extern int bts_model_unknown_init(void); +extern int bts_model_bs11_init(void); +extern int bts_model_nanobts_init(void); + +int main(int argc, char **argv) +{ + log_init(&log_info); + tall_bsc_ctx = talloc_named_const(NULL, 1, "openbsc"); + stderr_target = log_target_create_stderr(); + log_add_target(stderr_target); + + bts_model_unknown_init(); + bts_model_bs11_init(); + bts_model_nanobts_init(); + + /* enable filters */ + log_set_all_filter(stderr_target, 1); + + /* parse options */ + handle_options(argc, argv); + + /* seed the PRNG */ + srand(time(NULL)); + + /* attempt to register the local mgcp forward */ + if (mgcp_create_port() != 0) { + fprintf(stderr, "Failed to bind local MGCP port\n"); + exit(1); + } + + /* initialize sccp */ + sccp_system_init(msc_sccp_write_ipa, NULL); + sccp_connection_set_incoming(&sccp_ssn_bssap, msc_sccp_accept, NULL); + sccp_set_read(&sccp_ssn_bssap, msc_sccp_read, NULL); + + /* initialize ipaccess handling */ + register_signal_handler(SS_ABISIP, handle_abisip_signal, NULL); + + + /* setup MSC Connection handling */ + msc_con = bsc_msc_create(msc_address, 5000); + if (!msc_con) { + fprintf(stderr, "Creating a bsc_msc_connection failed.\n"); + exit(1); + } + + msc_con->connection_loss = msc_connection_was_lost; + msc_con->write_queue.read_cb = ipaccess_a_fd_cb; + msc_con->write_queue.write_cb = msc_sccp_do_write; + bsc_msc_connect(msc_con); + + + signal(SIGINT, &signal_handler); + signal(SIGABRT, &signal_handler); + signal(SIGUSR1, &signal_handler); + signal(SIGUSR2, &signal_handler); + signal(SIGPIPE, SIG_IGN); + + while (1) { + bsc_select_main(0); + } +} diff --git a/openbsc/src/bsc_rll.c b/openbsc/src/bsc_rll.c index 9a4f5aae4..368c2665b 100644 --- a/openbsc/src/bsc_rll.c +++ b/openbsc/src/bsc_rll.c @@ -55,7 +55,7 @@ static void complete_rllr(struct bsc_rll_req *rllr, enum bsc_rllr_ind type) conn = &rllr->lchan->conn; llist_del(&rllr->list); - put_subscr_con(conn); + put_subscr_con(conn, 0); rllr->cb(rllr->lchan, rllr->link_id, rllr->data, type); talloc_free(rllr); } diff --git a/openbsc/src/bssap.c b/openbsc/src/bssap.c new file mode 100644 index 000000000..ec20341aa --- /dev/null +++ b/openbsc/src/bssap.c @@ -0,0 +1,1312 @@ +/* GSM 08.08 BSSMAP handling */ +/* (C) 2009 by Holger Hans Peter Freyther <zecke@selfish.org> + * (C) 2009 by On-Waves + * All Rights Reserved + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + */ + +#include <openbsc/bssap.h> +#include <openbsc/bsc_rll.h> +#include <openbsc/gsm_04_08.h> +#include <openbsc/gsm_subscriber.h> +#include <openbsc/debug.h> +#include <openbsc/mgcp.h> +#include <openbsc/signal.h> +#include <openbsc/paging.h> +#include <openbsc/chan_alloc.h> + +#include <osmocore/tlv.h> + +#include <sccp/sccp.h> + +#include <arpa/inet.h> +#include <assert.h> + + +#define BSSMAP_MSG_SIZE 512 +#define BSSMAP_MSG_HEADROOM 128 + + +static const struct tlv_definition bss_att_tlvdef = { + .def = { + [GSM0808_IE_IMSI] = { TLV_TYPE_TLV }, + [GSM0808_IE_TMSI] = { TLV_TYPE_TLV }, + [GSM0808_IE_CELL_IDENTIFIER_LIST] = { TLV_TYPE_TLV }, + [GSM0808_IE_CHANNEL_NEEDED] = { TLV_TYPE_TV }, + [GSM0808_IE_EMLPP_PRIORITY] = { TLV_TYPE_TV }, + [GSM0808_IE_CHANNEL_TYPE] = { TLV_TYPE_TLV }, + [GSM0808_IE_PRIORITY] = { TLV_TYPE_TLV }, + [GSM0808_IE_CIRCUIT_IDENTITY_CODE] = { TLV_TYPE_TV }, + [GSM0808_IE_DOWNLINK_DTX_FLAG] = { TLV_TYPE_TV }, + [GSM0808_IE_INTERFERENCE_BAND_TO_USE] = { TLV_TYPE_TV }, + [GSM0808_IE_CLASSMARK_INFORMATION_T2] = { TLV_TYPE_TLV }, + [GSM0808_IE_GROUP_CALL_REFERENCE] = { TLV_TYPE_TLV }, + [GSM0808_IE_TALKER_FLAG] = { TLV_TYPE_T }, + [GSM0808_IE_CONFIG_EVO_INDI] = { TLV_TYPE_TV }, + [GSM0808_IE_LSA_ACCESS_CTRL_SUPPR] = { TLV_TYPE_TV }, + [GSM0808_IE_SERVICE_HANDOVER] = { TLV_TYPE_TV}, + [GSM0808_IE_ENCRYPTION_INFORMATION] = { TLV_TYPE_TLV }, + [GSM0808_IE_CIPHER_RESPONSE_MODE] = { TLV_TYPE_TV }, + }, +}; + +const struct tlv_definition *gsm0808_att_tlvdef() +{ + return &bss_att_tlvdef; +} + +static u_int16_t get_network_code_for_msc(struct gsm_network *net) +{ + if (net->core_network_code > 0) + return net->core_network_code; + return net->network_code; +} + +static u_int16_t get_country_code_for_msc(struct gsm_network *net) +{ + if (net->core_country_code > 0) + return net->core_country_code; + return net->country_code; +} + +static int bssmap_paging_cb(unsigned int hooknum, unsigned int event, struct msgb *msg, void *data, void *param) +{ + DEBUGP(DMSC, "Paging is complete.\n"); + return 0; +} + +static int bssmap_handle_reset_ack(struct gsm_network *net, struct msgb *msg, unsigned int length) +{ + DEBUGP(DMSC, "Reset ACK from MSC\n"); + + return 0; +} + +/* GSM 08.08 § 3.2.1.19 */ +static int bssmap_handle_paging(struct gsm_network *net, struct msgb *msg, unsigned int payload_length) +{ + struct tlv_parsed tp; + char mi_string[GSM48_MI_SIZE]; + u_int32_t tmsi = GSM_RESERVED_TMSI; + unsigned int lac = GSM_LAC_RESERVED_ALL_BTS; + u_int8_t data_length; + const u_int8_t *data; + struct gsm_subscriber *subscr; + u_int8_t chan_needed = RSL_CHANNEED_ANY; + int paged; + + tlv_parse(&tp, &bss_att_tlvdef, msg->l4h + 1, payload_length - 1, 0, 0); + + if (!TLVP_PRESENT(&tp, GSM0808_IE_IMSI)) { + DEBUGP(DMSC, "Mandantory IMSI not present.\n"); + return -1; + } else if ((TLVP_VAL(&tp, GSM0808_IE_IMSI)[0] & GSM_MI_TYPE_MASK) != GSM_MI_TYPE_IMSI) { + DEBUGP(DMSC, "Wrong content in the IMSI\n"); + return -1; + } + + if (!TLVP_PRESENT(&tp, GSM0808_IE_CELL_IDENTIFIER_LIST)) { + DEBUGP(DMSC, "Mandantory CELL IDENTIFIER LIST not present.\n"); + return -1; + } + + if (TLVP_PRESENT(&tp, GSM0808_IE_TMSI)) { + gsm48_mi_to_string(mi_string, sizeof(mi_string), + TLVP_VAL(&tp, GSM0808_IE_TMSI), TLVP_LEN(&tp, GSM0808_IE_TMSI)); + tmsi = strtoul(mi_string, NULL, 10); + } + + + /* + * parse the IMSI + */ + gsm48_mi_to_string(mi_string, sizeof(mi_string), + TLVP_VAL(&tp, GSM0808_IE_IMSI), TLVP_LEN(&tp, GSM0808_IE_IMSI)); + + /* + * parse the cell identifier list + */ + data_length = TLVP_LEN(&tp, GSM0808_IE_CELL_IDENTIFIER_LIST); + data = TLVP_VAL(&tp, GSM0808_IE_CELL_IDENTIFIER_LIST); + + /* + * Support paging to all network or one BTS at one LAC + */ + if (data_length == 3 && data[0] == CELL_IDENT_LAC) { + unsigned int *_lac = (unsigned int *)&data[1]; + lac = ntohs(*_lac); + } else if (data_length > 1 || (data[0] & 0x0f) != CELL_IDENT_BSS) { + DEBUGPC(DMSC, "Unsupported Cell Identifier List: %s\n", hexdump(data, data_length)); + return -1; + } + + if (TLVP_PRESENT(&tp, GSM0808_IE_CHANNEL_NEEDED) && TLVP_LEN(&tp, GSM0808_IE_CHANNEL_NEEDED) == 1) + chan_needed = TLVP_VAL(&tp, GSM0808_IE_CHANNEL_NEEDED)[0] & 0x03; + + if (TLVP_PRESENT(&tp, GSM0808_IE_EMLPP_PRIORITY)) { + DEBUGP(DMSC, "eMLPP is not handled\n"); + } + + DEBUGP(DMSC, "Paging request from MSC IMSI: '%s' TMSI: '0x%x/%u' LAC: 0x%x\n", mi_string, tmsi, tmsi, lac); + subscr = subscr_get_or_create(net, mi_string); + if (!subscr) + return -1; + + /* reassign the tmsi, trust the net over our internal state */ + subscr->tmsi = tmsi; + subscr->lac = lac; + paged = paging_request(net, subscr, chan_needed, bssmap_paging_cb, subscr); + DEBUGP(DMSC, "Paged IMSI: '%s' TMSI: '0x%x/%u' LAC: 0x%x on #bts: %d\n", mi_string, tmsi, tmsi, lac, paged); + + subscr_put(subscr); + return -1; +} + +/* GSM 08.08 § 3.1.9.1 and 3.2.1.21... release our gsm_lchan and send message */ +static int bssmap_handle_clear_command(struct sccp_connection *conn, + struct msgb *msg, unsigned int payload_length) +{ + struct msgb *resp; + + /* TODO: handle the cause of this package */ + + if (msg->lchan) { + DEBUGP(DMSC, "Releasing all transactions on %p\n", conn); + bsc_del_timer(&msg->lchan->msc_data->T10); + msg->lchan->msc_data->lchan = NULL; + + /* we might got killed during an assignment */ + if (msg->lchan->msc_data->secondary_lchan) + put_subscr_con(&msg->lchan->msc_data->secondary_lchan->conn, 0); + + msg->lchan->msc_data = NULL; + put_subscr_con(&msg->lchan->conn, 0); + } + + /* send the clear complete message */ + resp = bssmap_create_clear_complete(); + if (!resp) { + DEBUGP(DMSC, "Sending clear complete failed.\n"); + return -1; + } + + bsc_queue_connection_write(conn, resp); + return 0; +} + +/* + * GSM 08.08 § 3.4.7 cipher mode handling. We will have to pick + * the cipher to be used for this. In case we are already using + * a cipher we will have to send cipher mode reject to the MSC, + * otherwise we will have to pick something that we and the MS + * is supporting. Currently we are doing it in a rather static + * way by picking one ecnryption or no encrytpion. + */ +static int bssmap_handle_cipher_mode(struct sccp_connection *conn, + struct msgb *msg, unsigned int payload_length) +{ + u_int16_t len; + struct gsm_network *network = NULL; + const u_int8_t *data; + struct tlv_parsed tp; + struct msgb *resp; + int reject_cause = -1; + int include_imeisv = 1; + + /* HACK: Sending A5/0 to the MS */ + if (!msg->lchan || !msg->lchan->msc_data) { + DEBUGP(DMSC, "No lchan/msc_data in cipher mode command.\n"); + goto reject; + } + + if (msg->lchan->msc_data->ciphering_handled) { + DEBUGP(DMSC, "Already seen ciphering command. Protocol Error.\n"); + goto reject; + } + + msg->lchan->msc_data->ciphering_handled = 1; + msg->lchan->msc_data->block_gsm = 1; + + tlv_parse(&tp, &bss_att_tlvdef, msg->l4h + 1, payload_length - 1, 0, 0); + if (!TLVP_PRESENT(&tp, GSM0808_IE_ENCRYPTION_INFORMATION)) { + DEBUGP(DMSC, "IE Encryption Information missing.\n"); + goto reject; + } + + /* + * check if our global setting is allowed + * - Currently we check for A5/0 and A5/1 + * - Copy the key if that is necessary + * - Otherwise reject + */ + len = TLVP_LEN(&tp, GSM0808_IE_ENCRYPTION_INFORMATION); + if (len < 1) { + DEBUGP(DMSC, "IE Encryption Information is too short.\n"); + goto reject; + } + + network = msg->lchan->ts->trx->bts->network; + data = TLVP_VAL(&tp, GSM0808_IE_ENCRYPTION_INFORMATION); + + if (network->a5_encryption == 0 && (data[0] & 0x1) == 0x1) { + msg->lchan->encr.alg_id = RSL_ENC_ALG_A5(0); + } else if (network->a5_encryption != 0 && (data[0] & 0x2) == 0x2) { + msg->lchan->encr.alg_id = RSL_ENC_ALG_A5(1); + msg->lchan->encr.key_len = len - 1; + memcpy(msg->lchan->encr.key, &data[1], len - 1); + } else { + DEBUGP(DMSC, "Can not select encryption...\n"); + goto reject; + } + + if (TLVP_PRESENT(&tp, GSM0808_IE_CIPHER_RESPONSE_MODE)) { + include_imeisv = TLVP_VAL(&tp, GSM0808_IE_CIPHER_RESPONSE_MODE)[0] & 0x1; + } + + return gsm48_send_rr_ciph_mode(msg->lchan, include_imeisv); + +reject: + if (msg->lchan->msc_data) + msg->lchan->msc_data->block_gsm = 0; + + resp = bssmap_create_cipher_reject(reject_cause); + if (!resp) { + DEBUGP(DMSC, "Sending the cipher reject failed.\n"); + return -1; + } + + bsc_queue_connection_write(conn, resp); + return -1; +} + +/* + * Handle the network configurable T10 parameter + */ +static void bssmap_t10_fired(void *_conn) +{ + struct sccp_connection *conn = (struct sccp_connection *) _conn; + struct msgb *resp; + + DEBUGP(DMSC, "T10 fired, assignment failed: %p\n", conn); + resp = bssmap_create_assignment_failure( + GSM0808_CAUSE_NO_RADIO_RESOURCE_AVAILABLE, NULL); + if (!resp) { + DEBUGP(DMSC, "Allocation failure: %p\n", conn); + return; + } + + bsc_queue_connection_write(conn, resp); +} + +/* + * helpers for the assignment command + */ +enum gsm0808_permitted_speech audio_support_to_gsm88(struct gsm_audio_support *audio) +{ + if (audio->hr) { + switch (audio->ver) { + case 1: + return GSM0808_PERM_HR1; + break; + case 2: + return GSM0808_PERM_HR2; + break; + case 3: + return GSM0808_PERM_HR3; + break; + default: + DEBUGP(DMSC, "Wrong speech mode: %d\n", audio->ver); + return GSM0808_PERM_FR1; + } + } else { + switch (audio->ver) { + case 1: + return GSM0808_PERM_FR1; + break; + case 2: + return GSM0808_PERM_FR2; + break; + case 3: + return GSM0808_PERM_FR3; + break; + default: + DEBUGP(DMSC, "Wrong speech mode: %d\n", audio->ver); + return GSM0808_PERM_HR1; + } + } +} + +enum gsm48_chan_mode gsm88_to_chan_mode(enum gsm0808_permitted_speech speech) +{ + switch (speech) { + case GSM0808_PERM_HR1: + case GSM0808_PERM_FR1: + return GSM48_CMODE_SPEECH_V1; + break; + case GSM0808_PERM_HR2: + case GSM0808_PERM_FR2: + return GSM48_CMODE_SPEECH_EFR; + break; + case GSM0808_PERM_HR3: + case GSM0808_PERM_FR3: + return GSM48_CMODE_SPEECH_AMR; + break; + } + + assert(0); +} + +/* + * The assignment request has started T10. We need to be faster than this + * or an assignment failure will be sent... + * + * 1.) allocate a new lchan + * 2.) copy the encryption key and other data from the + * old to the new channel. + * 3.) RSL Channel Activate this channel and wait + * + * -> Signal handler for the LCHAN + * 4.) Send GSM 04.08 assignment command to the MS + * + * -> Assignment Complete + * 5.) Release the SDCCH, continue signalling on the new link + */ +static int handle_new_assignment(struct msgb *msg, int full_rate, int chan_mode) +{ + struct bss_sccp_connection_data *msc_data; + struct gsm_bts *bts; + struct gsm_lchan *new_lchan; + int chan_type; + + msc_data = msg->lchan->msc_data; + bts = msg->lchan->ts->trx->bts; + chan_type = full_rate ? GSM_LCHAN_TCH_F : GSM_LCHAN_TCH_H; + + new_lchan = lchan_alloc(bts, chan_type); + + if (!new_lchan) { + LOGP(DMSC, LOGL_NOTICE, "No free channel.\n"); + return -1; + } + + /* copy old data to the new channel */ + memcpy(&new_lchan->encr, &msg->lchan->encr, sizeof(new_lchan->encr)); + new_lchan->ms_power = msg->lchan->ms_power; + new_lchan->bs_power = msg->lchan->bs_power; + new_lchan->conn.subscr = subscr_get(msg->lchan->conn.subscr); + + /* copy new data to it */ + use_subscr_con(&new_lchan->conn); + new_lchan->tch_mode = chan_mode; + new_lchan->rsl_cmode = RSL_CMOD_SPD_SPEECH; + + /* handle AMR correctly */ + if (chan_mode == GSM48_CMODE_SPEECH_AMR) { + new_lchan->mr_conf.ver = 1; + new_lchan->mr_conf.icmi = 1; + new_lchan->mr_conf.m5_90 = 1; + } + + if (rsl_chan_activate_lchan(new_lchan, 0x1, 0, 0) < 0) { + LOGP(DHO, LOGL_ERROR, "could not activate channel\n"); + lchan_free(new_lchan); + return -1; + } + + msc_data->secondary_lchan = new_lchan; + new_lchan->msc_data = msc_data; + return 0; +} + +/* + * Any failure will be caught with the T10 timer ticking... + */ +static void continue_new_assignment(struct gsm_lchan *new_lchan) +{ + if (!new_lchan->msc_data) { + LOGP(DMSC, LOGL_ERROR, "No BSS data found.\n"); + put_subscr_con(&new_lchan->conn, 0); + return; + } + + if (new_lchan->msc_data->secondary_lchan != new_lchan) { + LOGP(DMSC, LOGL_ERROR, "This is not the secondary channel?\n"); + put_subscr_con(&new_lchan->conn, 0); + return; + } + + LOGP(DMSC, LOGL_NOTICE, "Sending assignment on chan: %p\n", new_lchan); + gsm48_send_rr_ass_cmd(new_lchan->msc_data->lchan, new_lchan, 0x3); +} + +/* + * Handle the assignment request message. + * + * See §3.2.1.1 for the message type + */ +static int bssmap_handle_assignm_req(struct sccp_connection *conn, + struct msgb *msg, unsigned int length) +{ + struct gsm_network *network; + struct tlv_parsed tp; + struct bss_sccp_connection_data *msc_data; + u_int8_t *data; + u_int16_t cic; + u_int8_t timeslot; + u_int8_t multiplex; + enum gsm48_chan_mode chan_mode = GSM48_CMODE_SIGN; + int i, supported, port, full_rate = -1; + + if (!msg->lchan || !msg->lchan->msc_data) { + DEBUGP(DMSC, "No lchan/msc_data in cipher mode command.\n"); + goto reject; + } + + msc_data = msg->lchan->msc_data; + network = msg->lchan->ts->trx->bts->network; + tlv_parse(&tp, &bss_att_tlvdef, msg->l4h + 1, length - 1, 0, 0); + + if (!TLVP_PRESENT(&tp, GSM0808_IE_CHANNEL_TYPE)) { + DEBUGP(DMSC, "Mandantory channel type not present.\n"); + goto reject; + } + + if (!TLVP_PRESENT(&tp, GSM0808_IE_CIRCUIT_IDENTITY_CODE)) { + DEBUGP(DMSC, "Identity code missing. Audio routing will not work.\n"); + goto reject; + } + + cic = ntohs(*(u_int16_t *)TLVP_VAL(&tp, GSM0808_IE_CIRCUIT_IDENTITY_CODE)); + timeslot = cic & 0x1f; + multiplex = (cic & ~0x1f) >> 5; + + /* + * Currently we only support a limited subset of all + * possible channel types. The limitation ends by not using + * multi-slot, limiting the channel coding, speech... + */ + if (TLVP_LEN(&tp, GSM0808_IE_CHANNEL_TYPE) < 3) { + DEBUGP(DMSC, "ChannelType len !=3 not supported: %d\n", + TLVP_LEN(&tp, GSM0808_IE_CHANNEL_TYPE)); + goto reject; + } + + /* + * Try to figure out if we support the proposed speech codecs. For + * now we will always pick the full rate codecs. + */ + + data = (u_int8_t *) TLVP_VAL(&tp, GSM0808_IE_CHANNEL_TYPE); + if ((data[0] & 0xf) != 0x1) { + DEBUGP(DMSC, "ChannelType != speech: %d\n", data[0]); + goto reject; + } + + if (data[1] != GSM0808_SPEECH_FULL_PREF && data[1] != GSM0808_SPEECH_HALF_PREF) { + DEBUGP(DMSC, "ChannelType full not allowed: %d\n", data[1]); + goto reject; + } + + /* + * go through the list of preferred codecs of our gsm network + * and try to find it among the permitted codecs. If we found + * it we will send chan_mode to the right mode and break the + * inner loop. The outer loop will exit due chan_mode having + * the correct value. + */ + full_rate = 0; + for (supported = 0; + chan_mode == GSM48_CMODE_SIGN && supported < network->audio_length; + ++supported) { + + int perm_val = audio_support_to_gsm88(network->audio_support[supported]); + for (i = 2; i < TLVP_LEN(&tp, GSM0808_IE_CHANNEL_TYPE); ++i) { + if ((data[i] & 0x7f) == perm_val) { + chan_mode = gsm88_to_chan_mode(perm_val); + full_rate = (data[i] & 0x4) == 0; + break; + } else if ((data[i] & 0x80) == 0x00) { + break; + } + } + } + + if (chan_mode == GSM48_CMODE_SIGN) { + DEBUGP(DMSC, "No supported audio type found.\n"); + goto reject; + } + + /* modify the channel now */ + msc_data->T10.cb = bssmap_t10_fired; + msc_data->T10.data = conn; + bsc_schedule_timer(&msc_data->T10, GSM0808_T10_VALUE); + + /* the mgcp call agent starts counting at one. a bit of a weird mapping */ + port = mgcp_timeslot_to_endpoint(multiplex, timeslot); + msc_data->rtp_port = rtp_calculate_port(port, + network->rtp_base_port); + + if (msg->lchan->type == GSM_LCHAN_SDCCH) { + /* start to assign a new channel, if it works */ + if (handle_new_assignment(msg, full_rate, chan_mode) == 0) + return 0; + else + goto reject; + } else { + DEBUGP(DMSC, "Sending ChanModify for speech on: sccp: %p mode: 0x%x on port %d %d/0x%x port: %u\n", + conn, chan_mode, port, multiplex, timeslot, msc_data->rtp_port); + + if (chan_mode == GSM48_CMODE_SPEECH_AMR) { + msg->lchan->mr_conf.ver = 1; + msg->lchan->mr_conf.icmi = 1; + msg->lchan->mr_conf.m5_90 = 1; + } + + return gsm48_lchan_modify(msg->lchan, chan_mode); + } + +reject: + gsm0808_send_assignment_failure(msg->lchan, + GSM0808_CAUSE_NO_RADIO_RESOURCE_AVAILABLE, NULL); + return -1; +} + +int bssmap_rcvmsg_udt(struct gsm_network *net, struct msgb *msg, unsigned int length) +{ + int ret = 0; + + if (length < 1) { + DEBUGP(DMSC, "Not enough room: %d\n", length); + return -1; + } + + switch (msg->l4h[0]) { + case BSS_MAP_MSG_RESET_ACKNOWLEDGE: + ret = bssmap_handle_reset_ack(net, msg, length); + break; + case BSS_MAP_MSG_PAGING: + ret = bssmap_handle_paging(net, msg, length); + break; + } + + return ret; +} + +int bssmap_rcvmsg_dt1(struct sccp_connection *conn, struct msgb *msg, unsigned int length) +{ + int ret = 0; + + if (length < 1) { + DEBUGP(DMSC, "Not enough room: %d\n", length); + return -1; + } + + switch (msg->l4h[0]) { + case BSS_MAP_MSG_CLEAR_CMD: + ret = bssmap_handle_clear_command(conn, msg, length); + break; + case BSS_MAP_MSG_CIPHER_MODE_CMD: + ret = bssmap_handle_cipher_mode(conn, msg, length); + break; + case BSS_MAP_MSG_ASSIGMENT_RQST: + ret = bssmap_handle_assignm_req(conn, msg, length); + break; + default: + DEBUGP(DMSC, "Unimplemented msg type: %d\n", msg->l4h[0]); + break; + } + + return ret; +} + +int dtap_rcvmsg(struct gsm_lchan *lchan, struct msgb *msg, unsigned int length) +{ + struct dtap_header *header; + struct msgb *gsm48; + u_int8_t *data; + u_int8_t link_id; + + if (!lchan) { + DEBUGP(DMSC, "No lchan available\n"); + return -1; + } + + header = (struct dtap_header *) msg->l3h; + if (sizeof(*header) >= length) { + DEBUGP(DMSC, "The DTAP header does not fit. Wanted: %u got: %u\n", sizeof(*header), length); + DEBUGP(DMSC, "hex: %s\n", hexdump(msg->l3h, length)); + return -1; + } + + if (header->length > length - sizeof(*header)) { + DEBUGP(DMSC, "The DTAP l4 information does not fit: header: %u length: %u\n", header->length, length); + DEBUGP(DMSC, "hex: %s\n", hexdump(msg->l3h, length)); + return -1; + } + + DEBUGP(DMSC, "DTAP message: SAPI: %u CHAN: %u\n", header->link_id & 0x07, header->link_id & 0xC0); + + /* forward the data */ + gsm48 = gsm48_msgb_alloc(); + if (!gsm48) { + DEBUGP(DMSC, "Allocation of the message failed.\n"); + return -1; + } + + gsm48->lchan = lchan; + gsm48->trx = gsm48->lchan->ts->trx; + gsm48->l3h = gsm48->data; + data = msgb_put(gsm48, length - sizeof(*header)); + memcpy(data, msg->l3h + sizeof(*header), length - sizeof(*header)); + + /* + * This is coming from the network. We need to regenerate the + * LAI for the Location Update Accept packet and maybe more + * as well. + */ + if (gsm48->trx->bts->network->core_network_code > 0 || + gsm48->trx->bts->network->core_country_code > 0) { + if (msgb_l3len(gsm48) >= sizeof(struct gsm48_loc_area_id) + 1) { + struct gsm48_hdr *gh = (struct gsm48_hdr *)gsm48->l3h; + if (gh->msg_type == GSM48_MT_MM_LOC_UPD_ACCEPT) { + struct gsm_network *net = gsm48->trx->bts->network; + struct gsm48_loc_area_id *lai = (struct gsm48_loc_area_id *) &gh->data[0]; + gsm48_generate_lai(lai, net->country_code, + net->network_code, + gsm48->trx->bts->location_area_code); + } + } + } + + link_id = header->link_id; + + /* If we are on a TCH and need to submit a SMS (on SAPI=3) we need to use the SACH */ + if ((lchan->type == GSM_LCHAN_TCH_F || + lchan->type == GSM_LCHAN_TCH_H) && (link_id & 0x7) != 0) + link_id |= 0x40; + + bts_queue_send(gsm48, link_id); + return 0; +} + +/* Create messages */ +struct msgb *bssmap_create_layer3(struct msgb *msg_l3) +{ + u_int8_t *data; + u_int16_t *ci; + struct msgb* msg; + struct gsm48_loc_area_id *lai; + struct gsm_bts *bts = msg_l3->lchan->ts->trx->bts; + u_int16_t network_code = get_network_code_for_msc(bts->network); + u_int16_t country_code = get_country_code_for_msc(bts->network); + + msg = msgb_alloc_headroom(BSSMAP_MSG_SIZE, BSSMAP_MSG_HEADROOM, + "bssmap cmpl l3"); + if (!msg) + return NULL; + + /* create the bssmap header */ + msg->l3h = msgb_put(msg, 2); + msg->l3h[0] = 0x0; + + /* create layer 3 header */ + data = msgb_put(msg, 1); + data[0] = BSS_MAP_MSG_COMPLETE_LAYER_3; + + /* create the cell header */ + data = msgb_put(msg, 3); + data[0] = GSM0808_IE_CELL_IDENTIFIER; + data[1] = 1 + sizeof(*lai) + 2; + data[2] = CELL_IDENT_WHOLE_GLOBAL; + + lai = (struct gsm48_loc_area_id *) msgb_put(msg, sizeof(*lai)); + gsm48_generate_lai(lai, country_code, + network_code, bts->location_area_code); + + ci = (u_int16_t *) msgb_put(msg, 2); + *ci = htons(bts->cell_identity); + + /* copy the layer3 data */ + data = msgb_put(msg, msgb_l3len(msg_l3) + 2); + data[0] = GSM0808_IE_LAYER_3_INFORMATION; + data[1] = msgb_l3len(msg_l3); + memcpy(&data[2], msg_l3->l3h, data[1]); + + /* update the size */ + msg->l3h[1] = msgb_l3len(msg) - 2; + + return msg; +} + +struct msgb *bssmap_create_reset(void) +{ + struct msgb *msg = msgb_alloc(30, "bssmap: reset"); + if (!msg) + return NULL; + + msg->l3h = msgb_put(msg, 6); + msg->l3h[0] = BSSAP_MSG_BSS_MANAGEMENT; + msg->l3h[1] = 0x04; + msg->l3h[2] = 0x30; + msg->l3h[3] = 0x04; + msg->l3h[4] = 0x01; + msg->l3h[5] = 0x20; + return msg; +} + +struct msgb *bssmap_create_clear_complete(void) +{ + struct msgb *msg = msgb_alloc(30, "bssmap: clear complete"); + if (!msg) + return NULL; + + msg->l3h = msgb_put(msg, 3); + msg->l3h[0] = BSSAP_MSG_BSS_MANAGEMENT; + msg->l3h[1] = 1; + msg->l3h[2] = BSS_MAP_MSG_CLEAR_COMPLETE; + + return msg; +} + +struct msgb *bssmap_create_cipher_complete(struct msgb *layer3) +{ + struct msgb *msg = msgb_alloc_headroom(BSSMAP_MSG_SIZE, BSSMAP_MSG_HEADROOM, + "cipher-complete"); + if (!msg) + return NULL; + + /* send response with BSS override for A5/1... cheating */ + msg->l3h = msgb_put(msg, 3); + msg->l3h[0] = BSSAP_MSG_BSS_MANAGEMENT; + msg->l3h[1] = 0xff; + msg->l3h[2] = BSS_MAP_MSG_CIPHER_MODE_COMPLETE; + + /* include layer3 in case we have at least two octets */ + if (layer3 && msgb_l3len(layer3) > 2) { + msg->l4h = msgb_put(msg, msgb_l3len(layer3) + 2); + msg->l4h[0] = GSM0808_IE_LAYER_3_MESSAGE_CONTENTS; + msg->l4h[1] = msgb_l3len(layer3); + memcpy(&msg->l4h[2], layer3->l3h, msgb_l3len(layer3)); + } + + /* and the optional BSS message */ + msg->l4h = msgb_put(msg, 2); + msg->l4h[0] = GSM0808_IE_CHOSEN_ENCR_ALG; + msg->l4h[1] = layer3->lchan->encr.alg_id; + + /* update the size */ + msg->l3h[1] = msgb_l3len(msg) - 2; + return msg; +} + +struct msgb *bssmap_create_cipher_reject(u_int8_t cause) +{ + struct msgb *msg = msgb_alloc(30, "bssmap: clear complete"); + if (!msg) + return NULL; + + msg->l3h = msgb_put(msg, 3); + msg->l3h[0] = BSSAP_MSG_BSS_MANAGEMENT; + msg->l3h[1] = 2; + msg->l3h[2] = BSS_MAP_MSG_CIPHER_MODE_REJECT; + msg->l3h[3] = cause; + + return msg; +} + +struct msgb *bssmap_create_classmark_update(const u_int8_t *classmark_data, u_int8_t length) +{ + struct msgb *msg = msgb_alloc_headroom(BSSMAP_MSG_SIZE, BSSMAP_MSG_HEADROOM, + "classmark-update"); + if (!msg) + return NULL; + + msg->l3h = msgb_put(msg, 3); + msg->l3h[0] = BSSAP_MSG_BSS_MANAGEMENT; + msg->l3h[1] = 0xff; + msg->l3h[2] = BSS_MAP_MSG_CLASSMARK_UPDATE; + + msg->l4h = msgb_put(msg, length); + memcpy(msg->l4h, classmark_data, length); + + /* update the size */ + msg->l3h[1] = msgb_l3len(msg) - 2; + return msg; +} + +struct msgb *bssmap_create_sapi_reject(u_int8_t link_id) +{ + struct msgb *msg = msgb_alloc(30, "bssmap: sapi 'n' reject"); + if (!msg) + return NULL; + + msg->l3h = msgb_put(msg, 5); + msg->l3h[0] = BSSAP_MSG_BSS_MANAGEMENT; + msg->l3h[1] = 3; + msg->l3h[2] = BSS_MAP_MSG_SAPI_N_REJECT; + msg->l3h[3] = link_id; + msg->l3h[4] = GSM0808_CAUSE_BSS_NOT_EQUIPPED; + + return msg; +} + +static u_int8_t chan_mode_to_speech(struct gsm_lchan *lchan) +{ + int mode = 0; + + switch (lchan->tch_mode) { + case GSM48_CMODE_SPEECH_V1: + mode = 1; + break; + case GSM48_CMODE_SPEECH_EFR: + mode = 0x11; + break; + case GSM48_CMODE_SPEECH_AMR: + mode = 0x21; + break; + case GSM48_CMODE_SIGN: + case GSM48_CMODE_DATA_14k5: + case GSM48_CMODE_DATA_12k0: + case GSM48_CMODE_DATA_6k0: + case GSM48_CMODE_DATA_3k6: + default: + DEBUGP(DMSC, "Using non speech mode: %d\n", mode); + return 0; + break; + } + + if (lchan->type == GSM_LCHAN_TCH_H) + mode |= 0x4; + + return mode; +} + +/* 3.2.2.33 */ +static u_int8_t lchan_to_chosen_channel(struct gsm_lchan *lchan) +{ + u_int8_t channel_mode = 0, channel = 0; + + switch (lchan->tch_mode) { + case GSM48_CMODE_SPEECH_V1: + case GSM48_CMODE_SPEECH_EFR: + case GSM48_CMODE_SPEECH_AMR: + channel_mode = 0x9; + break; + case GSM48_CMODE_SIGN: + channel_mode = 0x8; + break; + case GSM48_CMODE_DATA_14k5: + channel_mode = 0xe; + break; + case GSM48_CMODE_DATA_12k0: + channel_mode = 0xb; + break; + case GSM48_CMODE_DATA_6k0: + channel_mode = 0xc; + break; + case GSM48_CMODE_DATA_3k6: + channel_mode = 0xd; + break; + } + + switch (lchan->type) { + case GSM_LCHAN_NONE: + channel = 0x0; + break; + case GSM_LCHAN_SDCCH: + channel = 0x1; + break; + case GSM_LCHAN_TCH_F: + channel = 0x8; + break; + case GSM_LCHAN_TCH_H: + channel = 0x9; + break; + case GSM_LCHAN_UNKNOWN: + DEBUGP(DMSC, "Unknown lchan type: %p\n", lchan); + break; + } + + return channel_mode << 4 | channel; +} + +struct msgb *bssmap_create_assignment_completed(struct gsm_lchan *lchan, u_int8_t rr_cause) +{ + u_int8_t *data; + u_int8_t speech_mode; + + struct msgb *msg = msgb_alloc(35, "bssmap: ass compl"); + if (!msg) + return NULL; + + msg->l3h = msgb_put(msg, 3); + msg->l3h[0] = BSSAP_MSG_BSS_MANAGEMENT; + msg->l3h[1] = 0xff; + msg->l3h[2] = BSS_MAP_MSG_ASSIGMENT_COMPLETE; + + /* write 3.2.2.22 */ + data = msgb_put(msg, 2); + data[0] = GSM0808_IE_RR_CAUSE; + data[1] = rr_cause; + + /* write cirtcuit identity code 3.2.2.2 */ + /* write cell identifier 3.2.2.17 */ + /* write chosen channel 3.2.2.33 when BTS picked it */ + data = msgb_put(msg, 2); + data[0] = GSM0808_IE_CHOSEN_CHANNEL; + data[1] = lchan_to_chosen_channel(lchan); + + /* write chosen encryption algorithm 3.2.2.44 */ + data = msgb_put(msg, 2); + data[0] = GSM0808_IE_CHOSEN_ENCR_ALG; + data[1] = lchan->encr.alg_id; + + /* write circuit pool 3.2.2.45 */ + /* write speech version chosen: 3.2.2.51 when BTS picked it */ + speech_mode = chan_mode_to_speech(lchan); + if (speech_mode != 0) { + data = msgb_put(msg, 2); + data[0] = GSM0808_IE_SPEECH_VERSION; + data[1] = speech_mode; + } + + /* write LSA identifier 3.2.2.15 */ + + + /* update the size */ + msg->l3h[1] = msgb_l3len(msg) - 2; + return msg; +} + +struct msgb *bssmap_create_assignment_failure(u_int8_t cause, u_int8_t *rr_cause) +{ + u_int8_t *data; + struct msgb *msg = msgb_alloc(35, "bssmap: ass fail"); + if (!msg) + return NULL; + + msg->l3h = msgb_put(msg, 6); + msg->l3h[0] = BSSAP_MSG_BSS_MANAGEMENT; + msg->l3h[1] = 0xff; + msg->l3h[2] = BSS_MAP_MSG_ASSIGMENT_FAILURE; + msg->l3h[3] = GSM0808_IE_CAUSE; + msg->l3h[4] = 1; + msg->l3h[5] = cause; + + /* RR cause 3.2.2.22 */ + if (rr_cause) { + data = msgb_put(msg, 2); + data[0] = GSM0808_IE_RR_CAUSE; + data[1] = *rr_cause; + } + + /* Circuit pool 3.22.45 */ + /* Circuit pool list 3.2.2.46 */ + + /* update the size */ + msg->l3h[1] = msgb_l3len(msg) - 2; + return msg; +} + +struct msgb *dtap_create_msg(struct msgb *msg_l3, u_int8_t link_id) +{ + struct dtap_header *header; + u_int8_t *data; + struct msgb *msg = msgb_alloc_headroom(BSSMAP_MSG_SIZE, BSSMAP_MSG_HEADROOM, + "dtap"); + if (!msg) + return NULL; + + /* DTAP header */ + msg->l3h = msgb_put(msg, sizeof(*header)); + header = (struct dtap_header *) &msg->l3h[0]; + header->type = BSSAP_MSG_DTAP; + header->link_id = link_id; + header->length = msgb_l3len(msg_l3); + + /* Payload */ + data = msgb_put(msg, header->length); + memcpy(data, msg_l3->l3h, header->length); + + return msg; +} + +static int bssap_handle_lchan_signal(unsigned int subsys, unsigned int signal, + void *handler_data, void *signal_data) +{ + struct msgb *msg; + struct gsm_lchan *lchan; + struct sccp_connection *conn; + + /* + * If we have a SCCP Connection we need to inform the MSC about + * the resource error and then drop the lchan<->sccp association. + */ + switch (subsys) { + case SS_LCHAN: + lchan = (struct gsm_lchan *)signal_data; + + if (!lchan || !lchan->msc_data) + return 0; + switch (signal) { + case S_LCHAN_UNEXPECTED_RELEASE: + /* handle this through the T10 timeout */ + if (lchan->msc_data->lchan != lchan) + return 0; + + bsc_del_timer(&lchan->msc_data->T10); + conn = lchan->msc_data->sccp; + lchan->msc_data->lchan = NULL; + lchan->msc_data = NULL; + + msg = msgb_alloc(30, "sccp: clear request"); + if (!msg) { + DEBUGP(DMSC, "Failed to allocate clear request.\n"); + return 0; + } + + msg->l3h = msgb_put(msg, 2 + 4); + msg->l3h[0] = BSSAP_MSG_BSS_MANAGEMENT; + msg->l3h[1] = 4; + + msg->l3h[2] = BSS_MAP_MSG_CLEAR_RQST; + msg->l3h[3] = GSM0808_IE_CAUSE; + msg->l3h[4] = 1; + msg->l3h[5] = GSM0808_CAUSE_RADIO_INTERFACE_FAILURE; + + DEBUGP(DMSC, "Sending clear request on unexpected channel release.\n"); + bsc_queue_connection_write(conn, msg); + break; + case S_LCHAN_ACTIVATE_ACK: + continue_new_assignment(lchan); + break; + } + break; + } + + return 0; +} + +/* + * queue handling for BSS AP + */ +void bsc_queue_connection_write(struct sccp_connection *conn, struct msgb *msg) +{ + struct bss_sccp_connection_data *data; + + data = (struct bss_sccp_connection_data *)conn->data_ctx; + + if (conn->connection_state > SCCP_CONNECTION_STATE_ESTABLISHED) { + DEBUGP(DMSC, "Connection closing, dropping packet on: %p\n", conn); + msgb_free(msg); + } else if (conn->connection_state == SCCP_CONNECTION_STATE_ESTABLISHED + && data->sccp_queue_size == 0) { + sccp_connection_write(conn, msg); + msgb_free(msg); + } else if (data->sccp_queue_size > 10) { + DEBUGP(DMSC, "Dropping packet on %p due queue overflow\n", conn); + msgb_free(msg); + } else { + DEBUGP(DMSC, "Queuing packet on %p. Queue size: %d\n", conn, data->sccp_queue_size); + ++data->sccp_queue_size; + msgb_enqueue(&data->sccp_queue, msg); + } +} + +void bsc_free_queued(struct sccp_connection *conn) +{ + struct bss_sccp_connection_data *data; + struct msgb *msg; + + data = (struct bss_sccp_connection_data *)conn->data_ctx; + while (!llist_empty(&data->sccp_queue)) { + /* this is not allowed to fail */ + msg = msgb_dequeue(&data->sccp_queue); + msgb_free(msg); + } + + data->sccp_queue_size = 0; +} + +void bsc_send_queued(struct sccp_connection *conn) +{ + struct bss_sccp_connection_data *data; + struct msgb *msg; + + data = (struct bss_sccp_connection_data *)conn->data_ctx; + + while (!llist_empty(&data->sccp_queue)) { + /* this is not allowed to fail */ + msg = msgb_dequeue(&data->sccp_queue); + sccp_connection_write(conn, msg); + msgb_free(msg); + --data->sccp_queue_size; + } +} + +/* RLL callback */ +static void rll_ind_cb(struct gsm_lchan *lchan, u_int8_t link_id, + void *_data, enum bsc_rllr_ind rllr_ind) +{ + struct sccp_source_reference ref = sccp_src_ref_from_int((u_int32_t) _data); + struct bss_sccp_connection_data *data = lchan->msc_data; + + if (!data || !data->sccp) { + DEBUGP(DMSC, "Time-out/Establish after sccp release? Ind: %d lchan: %p\n", + rllr_ind, lchan); + return; + } + + if (memcmp(&data->sccp->source_local_reference, &ref, sizeof(ref)) != 0) { + DEBUGP(DMSC, "Wrong SCCP connection. Not handling RLL callback: %u %u\n", + sccp_src_ref_to_int(&ref), + sccp_src_ref_to_int(&data->sccp->source_local_reference)); + return; + } + + switch (rllr_ind) { + case BSC_RLLR_IND_EST_CONF: + /* nothing to do */ + bts_send_queued(data); + break; + case BSC_RLLR_IND_REL_IND: + case BSC_RLLR_IND_ERR_IND: + case BSC_RLLR_IND_TIMEOUT: { + /* reject queued messages */ + struct msgb *sapi_reject; + + bts_free_queued(data); + sapi_reject = bssmap_create_sapi_reject(link_id); + if (!sapi_reject){ + DEBUGP(DMSC, "Failed to create SAPI reject\n"); + return; + } + + bsc_queue_connection_write(data->sccp, sapi_reject); + break; + } + } +} + +/* decide if we need to queue because of SAPI != 0 */ +void bts_queue_send(struct msgb *msg, int link_id) +{ + struct bss_sccp_connection_data *data = msg->lchan->msc_data; + + if (!data->block_gsm && data->gsm_queue_size == 0) { + if (msg->lchan->sapis[link_id & 0x7] != LCHAN_SAPI_UNUSED) { + rsl_data_request(msg, link_id); + } else { + msg->smsh = (unsigned char*) link_id; + msgb_enqueue(&data->gsm_queue, msg); + ++data->gsm_queue_size; + + /* establish link */ + rll_establish(msg->lchan, link_id & 0x7, + rll_ind_cb, + (void *)sccp_src_ref_to_int(&data->sccp->source_local_reference)); + } + } else if (data->gsm_queue_size == 10) { + DEBUGP(DMSC, "Queue full on %p. Dropping GSM0408.\n", data->sccp); + } else { + DEBUGP(DMSC, "Queueing GSM0408 message on %p. Queue size: %d\n", + data->sccp, data->gsm_queue_size + 1); + + msg->smsh = (unsigned char*) link_id; + msgb_enqueue(&data->gsm_queue, msg); + ++data->gsm_queue_size; + } +} + +void bts_free_queued(struct bss_sccp_connection_data *data) +{ + struct msgb *msg; + + while (!llist_empty(&data->gsm_queue)) { + /* this is not allowed to fail */ + msg = msgb_dequeue(&data->gsm_queue); + msgb_free(msg); + } + + data->gsm_queue_size = 0; +} + +void bts_send_queued(struct bss_sccp_connection_data *data) +{ + struct msgb *msg; + + while (!llist_empty(&data->gsm_queue)) { + /* this is not allowed to fail */ + msg = msgb_dequeue(&data->gsm_queue); + rsl_data_request(msg, (int) msg->smsh); + } + + data->gsm_queue_size = 0; +} + +void bts_unblock_queue(struct bss_sccp_connection_data *data) +{ + struct msgb *msg; + LLIST_HEAD(head); + + /* move the messages to a new list */ + data->block_gsm = 0; + data->gsm_queue_size = 0; + while (!llist_empty(&data->gsm_queue)) { + msg = msgb_dequeue(&data->gsm_queue); + msgb_enqueue(&head, msg); + } + + /* now queue them again to send RSL establish and such */ + while (!llist_empty(&head)) { + msg = msgb_dequeue(&head); + bts_queue_send(msg, (int) msg->smsh); + } +} + +void gsm0808_send_assignment_failure(struct gsm_lchan *lchan, u_int8_t cause, u_int8_t *rr_value) +{ + struct msgb *resp; + + bsc_del_timer(&lchan->msc_data->T10); + resp = bssmap_create_assignment_failure(cause, rr_value); + if (!resp) { + DEBUGP(DMSC, "Allocation failure: %p\n", lchan_get_sccp(lchan)); + return; + } + + bsc_queue_connection_write(lchan_get_sccp(lchan), resp); +} + +void gsm0808_send_assignment_compl(struct gsm_lchan *lchan, u_int8_t rr_cause) +{ + struct msgb *resp; + + bsc_del_timer(&lchan->msc_data->T10); + resp = bssmap_create_assignment_completed(lchan, rr_cause); + if (!resp) { + DEBUGP(DMSC, "Creating MSC response failed: %p\n", lchan_get_sccp(lchan)); + return; + } + + bsc_queue_connection_write(lchan_get_sccp(lchan), resp); +} + +static __attribute__((constructor)) void on_dso_load_bssap(void) +{ + register_signal_handler(SS_LCHAN, bssap_handle_lchan_signal, NULL); +} diff --git a/openbsc/src/chan_alloc.c b/openbsc/src/chan_alloc.c index cd48e4359..5ca47f909 100644 --- a/openbsc/src/chan_alloc.c +++ b/openbsc/src/chan_alloc.c @@ -33,8 +33,6 @@ #include <openbsc/debug.h> #include <openbsc/signal.h> -static void auto_release_channel(void *_lchan); - static int ts_is_usable(struct gsm_bts_trx_ts *ts) { /* FIXME: How does this behave for BS-11 ? */ @@ -268,16 +266,13 @@ struct gsm_lchan *lchan_alloc(struct gsm_bts *bts, enum gsm_chan_t type) /* clear multi rate config */ memset(&lchan->mr_conf, 0, sizeof(lchan->mr_conf)); + /* clear any msc reference */ + lchan->msc_data = NULL; + /* clear per MSC/BSC data */ memset(&lchan->conn, 0, sizeof(lchan->conn)); - - /* Configure the time and start it so it will be closed */ lchan->conn.lchan = lchan; lchan->conn.bts = lchan->ts->trx->bts; - lchan->conn.release_timer.cb = auto_release_channel; - lchan->conn.release_timer.data = lchan; - bsc_schedule_timer(&lchan->conn.release_timer, LCHAN_RELEASE_TIMEOUT); - } else { struct challoc_signal_data sig; sig.bts = bts; @@ -307,8 +302,6 @@ void lchan_free(struct gsm_lchan *lchan) lchan->conn.use_count = 0; } - /* stop the timer */ - bsc_del_timer(&lchan->conn.release_timer); bsc_del_timer(&lchan->T3101); /* clear cached measuement reports */ @@ -319,7 +312,6 @@ void lchan_free(struct gsm_lchan *lchan) } for (i = 0; i < ARRAY_SIZE(lchan->neigh_meas); i++) lchan->neigh_meas[i].arfcn = 0; - lchan->conn.silent_call = 0; sig.lchan = lchan; @@ -331,15 +323,18 @@ void lchan_free(struct gsm_lchan *lchan) } /* Consider releasing the channel now */ -int lchan_auto_release(struct gsm_lchan *lchan) +int _lchan_release(struct gsm_lchan *lchan, u_int8_t release_reason) { if (lchan->conn.use_count > 0) { + DEBUGP(DRLL, "BUG: _lchan_release called without zero use_count.\n"); return 0; } /* Assume we have GSM04.08 running and send a release */ if (lchan->conn.subscr) { + ++lchan->conn.use_count; gsm48_send_rr_release(lchan); + --lchan->conn.use_count; } /* spoofed? message */ @@ -348,19 +343,10 @@ int lchan_auto_release(struct gsm_lchan *lchan) lchan->conn.use_count); DEBUGP(DRLL, "%s Recycling Channel\n", gsm_lchan_name(lchan)); - rsl_release_request(lchan, 0); + rsl_release_request(lchan, 0, release_reason); return 1; } -/* Auto release the channel when the use count is zero */ -static void auto_release_channel(void *_lchan) -{ - struct gsm_lchan *lchan = _lchan; - - if (!lchan_auto_release(lchan)) - bsc_schedule_timer(&lchan->conn.release_timer, LCHAN_RELEASE_TIMEOUT); -} - struct gsm_lchan* lchan_find(struct gsm_bts *bts, struct gsm_subscriber *subscr) { struct gsm_bts_trx *trx; int ts_no, lchan_no; diff --git a/openbsc/src/debug.c b/openbsc/src/debug.c index a55d79013..aaf8f88fc 100644 --- a/openbsc/src/debug.c +++ b/openbsc/src/debug.c @@ -146,6 +146,11 @@ static const struct log_info_cat default_categories[] = { .description = "Reference Counting", .enabled = 0, .loglevel = LOGL_NOTICE, }, + [DNAT] = { + .name = "DNAT", + .description = "BSC MUX/NAT", + .enabled = 1, .loglevel = LOGL_NOTICE, + }, }; enum log_ctxt { diff --git a/openbsc/src/gsm_04_08.c b/openbsc/src/gsm_04_08.c index b0e55414f..f8602a330 100644 --- a/openbsc/src/gsm_04_08.c +++ b/openbsc/src/gsm_04_08.c @@ -104,12 +104,12 @@ static void release_loc_updating_req(struct gsm_subscriber_connection *conn) bsc_del_timer(&conn->loc_operation->updating_timer); talloc_free(conn->loc_operation); conn->loc_operation = 0; - put_subscr_con(conn); + put_subscr_con(conn, 0); } static void allocate_loc_updating_req(struct gsm_subscriber_connection *conn) { - use_subscr_con(conn) + use_subscr_con(conn); release_loc_updating_req(conn); conn->loc_operation = talloc_zero(tall_locop_ctx, @@ -122,7 +122,6 @@ static int gsm0408_authorize(struct gsm_subscriber_connection *conn, struct msgb int rc; db_subscriber_alloc_tmsi(conn->subscr); - release_loc_updating_req(conn); rc = gsm0408_loc_upd_acc(msg->lchan, conn->subscr->tmsi); if (msg->lchan->ts->trx->bts->network->send_mm_info) { /* send MM INFO with network name */ @@ -134,9 +133,7 @@ static int gsm0408_authorize(struct gsm_subscriber_connection *conn, struct msgb * trigger further action like SMS delivery */ subscr_update(conn->subscr, msg->trx->bts, GSM_SUBSCRIBER_UPDATE_ATTACHED); - - /* try to close channel ASAP */ - lchan_auto_release(conn->lchan); + release_loc_updating_req(conn); return rc; } @@ -298,9 +295,8 @@ static void loc_upd_rej_cb(void *data) struct gsm_lchan *lchan = conn->lchan; struct gsm_bts *bts = lchan->ts->trx->bts; - release_loc_updating_req(conn); gsm0408_loc_upd_rej(lchan, bts->network->reject_cause); - lchan_auto_release(lchan); + release_loc_updating_req(conn); } static void schedule_reject(struct gsm_subscriber_connection *conn) @@ -722,8 +718,6 @@ static int gsm48_rx_mm_imsi_detach_ind(struct msgb *msg) * imagine an IMSI DETACH happening during an active call! */ /* subscriber is detached: should we release lchan? */ - lchan_auto_release(msg->lchan); - return 0; } @@ -2070,7 +2064,6 @@ static int gsm48_cc_rx_release_compl(struct gsm_trans *trans, struct msgb *msg) MNCC_REL_CNF, &rel); /* FIXME: in case of multiple calls, we can't simply * hang up here ! */ - lchan_auto_release(msg->lchan); break; default: rc = mncc_recvmsg(trans->subscr->net, trans, diff --git a/openbsc/src/gsm_04_08_utils.c b/openbsc/src/gsm_04_08_utils.c index b770b52fc..dbbc7fbb2 100644 --- a/openbsc/src/gsm_04_08_utils.c +++ b/openbsc/src/gsm_04_08_utils.c @@ -164,13 +164,46 @@ static const enum gsm_chreq_reason_t reason_by_chreq[] = { [CHREQ_T_RESERVED_IGNORE] = GSM_CHREQ_REASON_OTHER, }; -enum gsm_chan_t get_ctype_by_chreq(struct gsm_bts *bts, u_int8_t ra, int neci) +/* verify that the two tables match */ +static_assert(sizeof(ctype_by_chreq) == + sizeof(((struct gsm_network *) NULL)->ctype_by_chreq), assert_size); + +/* + * Update channel types for request based on policy. E.g. in the + * case of a TCH/H network/bsc use TCH/H for the emergency calls, + * for early assignment assign a SDCCH and some other options. + */ +void gsm_net_update_ctype(struct gsm_network *network) +{ + /* copy over the data */ + memcpy(network->ctype_by_chreq, ctype_by_chreq, sizeof(ctype_by_chreq)); + + /* + * Use TCH/H for emergency calls when this cell allows TCH/H. Maybe it + * is better to iterate over the BTS/TRX and check if no TCH/F is available + * and then set it to TCH/H. + */ + if (network->neci) + network->ctype_by_chreq[CHREQ_T_EMERG_CALL] = GSM_LCHAN_TCH_H; + + if (network->pag_any_tch) { + if (network->neci) { + network->ctype_by_chreq[CHREQ_T_PAG_R_ANY_NECI0] = GSM_LCHAN_TCH_H; + network->ctype_by_chreq[CHREQ_T_PAG_R_ANY_NECI1] = GSM_LCHAN_TCH_H; + } else { + network->ctype_by_chreq[CHREQ_T_PAG_R_ANY_NECI0] = GSM_LCHAN_TCH_F; + network->ctype_by_chreq[CHREQ_T_PAG_R_ANY_NECI1] = GSM_LCHAN_TCH_F; + } + } +} + +enum gsm_chan_t get_ctype_by_chreq(struct gsm_network *network, u_int8_t ra) { int i; int length; const struct chreq *chreq; - if (neci) { + if (network->neci) { chreq = chreq_type_neci1; length = ARRAY_SIZE(chreq_type_neci1); } else { @@ -182,13 +215,13 @@ enum gsm_chan_t get_ctype_by_chreq(struct gsm_bts *bts, u_int8_t ra, int neci) for (i = 0; i < length; i++) { const struct chreq *chr = &chreq[i]; if ((ra & chr->mask) == chr->val) - return ctype_by_chreq[chr->type]; + return network->ctype_by_chreq[chr->type]; } LOGP(DRR, LOGL_ERROR, "Unknown CHANNEL REQUEST RQD 0x%02x\n", ra); return GSM_LCHAN_SDCCH; } -enum gsm_chreq_reason_t get_reason_by_chreq(struct gsm_bts *bts, u_int8_t ra, int neci) +enum gsm_chreq_reason_t get_reason_by_chreq(u_int8_t ra, int neci) { int i; int length; diff --git a/openbsc/src/gsm_04_11.c b/openbsc/src/gsm_04_11.c index 511ad47e7..0c12f15f5 100644 --- a/openbsc/src/gsm_04_11.c +++ b/openbsc/src/gsm_04_11.c @@ -757,7 +757,7 @@ static int gsm411_rx_rp_ack(struct msgb *msg, struct gsm_trans *trans, /* release channel if done */ #warning "BROKEN. The SAPI will be released automatically by the BSC" if (!sms) - rsl_release_request(msg->lchan, trans->sms.link_id); + rsl_release_request(msg->lchan, trans->sms.link_id, 0); return 0; } @@ -833,7 +833,7 @@ static int gsm411_rx_rp_smma(struct msgb *msg, struct gsm_trans *trans, if (sms) gsm411_send_sms_lchan(trans->conn, sms); else - rsl_release_request(msg->lchan, trans->sms.link_id); + rsl_release_request(msg->lchan, trans->sms.link_id, 0); #warning "BROKEN: The SAPI=3 will be released automatically by the BSC" return rc; diff --git a/openbsc/src/gsm_data.c b/openbsc/src/gsm_data.c index 176367dc7..74c6adcae 100644 --- a/openbsc/src/gsm_data.c +++ b/openbsc/src/gsm_data.c @@ -283,6 +283,12 @@ struct gsm_network *gsm_network_init(u_int16_t country_code, u_int16_t network_c net->mncc_recv = mncc_recv; + gsm_net_update_ctype(net); + + net->core_country_code = -1; + net->core_network_code = -1; + net->rtp_base_port = 4000; + return net; } diff --git a/openbsc/src/gsm_subscriber_base.c b/openbsc/src/gsm_subscriber_base.c index 40c3bbda3..13cdfbe08 100644 --- a/openbsc/src/gsm_subscriber_base.c +++ b/openbsc/src/gsm_subscriber_base.c @@ -31,6 +31,7 @@ #include <openbsc/gsm_subscriber.h> #include <openbsc/paging.h> #include <openbsc/debug.h> +#include <openbsc/chan_alloc.h> LLIST_HEAD(active_subscribers); void *tall_subscr_ctx; @@ -88,6 +89,7 @@ static int subscr_paging_cb(unsigned int hooknum, unsigned int event, request->cbfn(hooknum, event, msg, data, request->param); subscr->in_callback = 0; + subscr_put(request->subscr); talloc_free(request); return 0; } @@ -165,7 +167,7 @@ void subscr_get_channel(struct gsm_subscriber *subscr, } memset(request, 0, sizeof(*request)); - request->subscr = subscr; + request->subscr = subscr_get(subscr); request->channel_type = type; request->cbfn = cbfn; request->param = param; @@ -206,9 +208,28 @@ void subscr_put_channel(struct gsm_lchan *lchan) * will listen to the paging requests before we timeout */ - put_subscr_con(conn); + put_subscr_con(conn, 0); if (lchan->conn.subscr && !llist_empty(&lchan->conn.subscr->requests)) subscr_send_paging_request(lchan->conn.subscr); } +struct gsm_subscriber *subscr_get_or_create(struct gsm_network *net, + const char *imsi) +{ + struct gsm_subscriber *subscr; + + llist_for_each_entry(subscr, subscr_bsc_active_subscriber(), entry) { + if (strcmp(subscr->imsi, imsi) == 0 && subscr->net == net) + return subscr_get(subscr); + } + + subscr = subscr_alloc(); + if (!subscr) + return NULL; + + strcpy(subscr->imsi, imsi); + subscr->net = net; + return subscr; +} + diff --git a/openbsc/src/handover_logic.c b/openbsc/src/handover_logic.c index 7fb0b13e1..2d857f43e 100644 --- a/openbsc/src/handover_logic.c +++ b/openbsc/src/handover_logic.c @@ -230,7 +230,6 @@ static int ho_gsm48_ho_compl(struct gsm_lchan *new_lchan) trans_lchan_change(&ho->old_lchan->conn, &new_lchan->conn); ho->old_lchan->state = LCHAN_S_INACTIVE; - lchan_auto_release(ho->old_lchan); /* do something to re-route the actual speech frames ! */ @@ -258,7 +257,7 @@ static int ho_gsm48_ho_fail(struct gsm_lchan *old_lchan) bsc_del_timer(&ho->T3103); llist_del(&ho->list); conn = &ho->new_lchan->conn; - put_subscr_con(conn); + put_subscr_con(conn, 0); talloc_free(ho); return 0; diff --git a/openbsc/src/input/ipaccess.c b/openbsc/src/input/ipaccess.c index 323540f48..2449e261d 100644 --- a/openbsc/src/input/ipaccess.c +++ b/openbsc/src/input/ipaccess.c @@ -57,7 +57,7 @@ struct ia_e1_handle { static struct ia_e1_handle *e1h; -#define TS1_ALLOC_SIZE 300 +#define TS1_ALLOC_SIZE 900 static const u_int8_t pong[] = { 0, 1, IPAC_PROTO_IPACCESS, IPAC_MSGT_PONG }; static const u_int8_t id_ack[] = { 0, 1, IPAC_PROTO_IPACCESS, IPAC_MSGT_ID_ACK }; diff --git a/openbsc/src/mgcp/mgcp_main.c b/openbsc/src/mgcp/mgcp_main.c index 147a765f0..80b7b543c 100644 --- a/openbsc/src/mgcp/mgcp_main.c +++ b/openbsc/src/mgcp/mgcp_main.c @@ -38,7 +38,11 @@ #include <openbsc/gsm_data.h> #include <osmocore/select.h> #include <openbsc/mgcp.h> +#include <openbsc/mgcp_internal.h> #include <openbsc/telnet_interface.h> +#include <openbsc/vty.h> + +#include <vty/command.h> #include "../../bscconfig.h" @@ -51,8 +55,9 @@ void subscr_put() { abort(); } #warning "Make use of the rtp proxy code" static struct bsc_fd bfd; -static int first_request = 1; static struct mgcp_config *cfg; +static int reset_endpoints = 0; + const char *openbsc_version = "OpenBSC MGCP " PACKAGE_VERSION; const char *openbsc_copyright = "Copyright (C) 2009-2010 Holger Freyther and On-Waves\n" @@ -74,10 +79,10 @@ static void print_help() printf(" -c --config-file filename The config file to use.\n"); } -static void print_version() +static void print_mgcp_version() { printf("%s\n\n", openbsc_version); - printf(openbsc_copyright); + printf("%s", openbsc_copyright); } static void handle_options(int argc, char** argv) @@ -105,7 +110,7 @@ static void handle_options(int argc, char** argv) config_file = talloc_strdup(tall_bsc_ctx, optarg); break; case 'V': - print_version(); + print_mgcp_version(); exit(0); break; default: @@ -115,12 +120,21 @@ static void handle_options(int argc, char** argv) } } +/* simply remember this */ +static int mgcp_rsip_cb(struct mgcp_config *cfg) +{ + reset_endpoints = 1; + + return 0; +} + static int read_call_agent(struct bsc_fd *fd, unsigned int what) { struct sockaddr_in addr; socklen_t slen = sizeof(addr); struct msgb *msg; struct msgb *resp; + int i; msg = (struct msgb *) fd->data; @@ -136,18 +150,6 @@ static int read_call_agent(struct bsc_fd *fd, unsigned int what) return -1; } - if (first_request) { - first_request = 0; - resp = mgcp_create_rsip(); - - if (resp) { - sendto(bfd.fd, resp->l2h, msgb_l2len(resp), 0, - (struct sockaddr *) &addr, sizeof(addr)); - msgb_free(resp); - } - return 0; - } - /* handle message now */ msg->l2h = msgb_put(msg, rc); resp = mgcp_handle_message(cfg, msg); @@ -157,6 +159,16 @@ static int read_call_agent(struct bsc_fd *fd, unsigned int what) sendto(bfd.fd, resp->l2h, msgb_l2len(resp), 0, (struct sockaddr *) &addr, sizeof(addr)); msgb_free(resp); } + + if (reset_endpoints) { + LOGP(DMGCP, LOGL_NOTICE, "Asked to reset endpoints.\n"); + reset_endpoints = 0; + + /* is checking in_addr.s_addr == INADDR_LOOPBACK making it more secure? */ + for (i = 1; i < cfg->number_endpoints; ++i) + mgcp_free_endp(&cfg->endpoints[i]); + } + return 0; } @@ -186,6 +198,8 @@ int main(int argc, char** argv) if (rc < 0) return rc; + /* set some callbacks */ + cfg->reset_cb = mgcp_rsip_cb; /* we need to bind a socket */ if (rc == 0) { @@ -217,11 +231,11 @@ int main(int argc, char** argv) if (bsc_register_fd(&bfd) != 0) { - DEBUGP(DMGCP, "Failed to register the fd\n"); + LOGP(DMGCP, LOGL_FATAL, "Failed to register the fd\n"); return -1; } - DEBUGP(DMGCP, "Configured for MGCP.\n"); + LOGP(DMGCP, LOGL_NOTICE, "Configured for MGCP.\n"); } /* initialisation */ @@ -235,3 +249,15 @@ int main(int argc, char** argv) return 0; } + +struct gsm_network; +int bsc_vty_init(struct gsm_network *dummy) +{ + cmd_init(1); + vty_init(); + + openbsc_vty_add_cmds(); + mgcp_vty_init(); + return 0; +} + diff --git a/openbsc/src/mgcp/mgcp_network.c b/openbsc/src/mgcp/mgcp_network.c index b76ca4732..6cc6e9d70 100644 --- a/openbsc/src/mgcp/mgcp_network.c +++ b/openbsc/src/mgcp/mgcp_network.c @@ -90,6 +90,9 @@ static void patch_payload(int payload, char *data, int len) if (len < sizeof(*rtp_hdr)) return; + if (payload < 0) + return; + rtp_hdr = (struct rtp_hdr *) data; rtp_hdr->payload_type = payload; } @@ -126,7 +129,7 @@ static int rtp_data_cb(struct bsc_fd *fd, unsigned int what) /* do not forward aynthing... maybe there is a packet from the bts */ if (endp->ci == CI_UNUSED) { - LOGP(DMGCP, LOGL_ERROR, "Unknown message on endpoint: 0x%x\n", ENDPOINT_NUMBER(endp)); + LOGP(DMGCP, LOGL_DEBUG, "Unknown message on endpoint: 0x%x\n", ENDPOINT_NUMBER(endp)); return -1; } @@ -146,7 +149,9 @@ static int rtp_data_cb(struct bsc_fd *fd, unsigned int what) /* We have no idea who called us, maybe it is the BTS. */ if (dest == DEST_NETWORK && (endp->bts_rtp == 0 || cfg->forward_ip)) { /* it was the BTS... */ - if (!cfg->bts_ip || memcmp(&addr.sin_addr, &cfg->bts_in, sizeof(cfg->bts_in)) == 0) { + if (!cfg->bts_ip + || memcmp(&addr.sin_addr, &cfg->bts_in, sizeof(cfg->bts_in)) == 0 + || memcmp(&addr.sin_addr, &endp->bts, sizeof(endp->bts)) == 0) { if (fd == &endp->local_rtp) { endp->bts_rtp = addr.sin_port; } else { diff --git a/openbsc/src/mgcp/mgcp_protocol.c b/openbsc/src/mgcp/mgcp_protocol.c index f7ef5470d..bbdc43e05 100644 --- a/openbsc/src/mgcp/mgcp_protocol.c +++ b/openbsc/src/mgcp/mgcp_protocol.c @@ -80,11 +80,6 @@ enum mgcp_connection_mode { } -struct mgcp_msg_ptr { - unsigned int start; - unsigned int length; -}; - struct mgcp_request { char *name; struct msgb *(*handle_request) (struct mgcp_config *cfg, struct msgb *msg); @@ -98,6 +93,7 @@ static struct msgb *handle_audit_endpoint(struct mgcp_config *cfg, struct msgb * static struct msgb *handle_create_con(struct mgcp_config *cfg, struct msgb *msg); static struct msgb *handle_delete_con(struct mgcp_config *cfg, struct msgb *msg); static struct msgb *handle_modify_con(struct mgcp_config *cfg, struct msgb *msg); +static struct msgb *handle_rsip(struct mgcp_config *cfg, struct msgb *msg); static int generate_call_id(struct mgcp_config *cfg) { @@ -119,12 +115,6 @@ static int generate_call_id(struct mgcp_config *cfg) return cfg->last_call_id; } -/* FIXIME/TODO: need to have a list of pending transactions and check that */ -static unsigned int generate_transaction_id() -{ - return abs(rand()); -} - /* * array of function pointers for handling various * messages. In the future this might be binary sorted @@ -135,6 +125,9 @@ static const struct mgcp_request mgcp_requests [] = { MGCP_REQUEST("CRCX", handle_create_con, "CreateConnection") MGCP_REQUEST("DLCX", handle_delete_con, "DeleteConnection") MGCP_REQUEST("MDCX", handle_modify_con, "ModifiyConnection") + + /* SPEC extension */ + MGCP_REQUEST("RSIP", handle_rsip, "ReSetInProgress") }; static struct msgb *mgcp_msgb_alloc(void) @@ -194,23 +187,6 @@ static struct msgb *create_response_with_sdp(struct mgcp_endpoint *endp, return mgcp_create_response_with_data(200, msg, trans_id, sdp_record); } -/* send a static record */ -struct msgb *mgcp_create_rsip(void) -{ - struct msgb *msg; - int len; - - msg = mgcp_msgb_alloc(); - if (!msg) - return NULL; - - len = snprintf((char *) msg->data, 2048, - "RSIP %u *@mgw MGCP 1.0\n" - "RM: restart\n", generate_transaction_id()); - msg->l2h = msgb_put(msg, len); - return msg; -} - /* * handle incoming messages: * - this can be a command (four letters, space, transaction id) @@ -221,25 +197,25 @@ struct msgb *mgcp_handle_message(struct mgcp_config *cfg, struct msgb *msg) int code; struct msgb *resp = NULL; - if (msg->len < 4) { + if (msgb_l2len(msg) < 4) { LOGP(DMGCP, LOGL_ERROR, "mgs too short: %d\n", msg->len); return NULL; } /* attempt to treat it as a response */ - if (sscanf((const char *)&msg->data[0], "%3d %*s", &code) == 1) { + if (sscanf((const char *)&msg->l2h[0], "%3d %*s", &code) == 1) { LOGP(DMGCP, LOGL_DEBUG, "Response: Code: %d\n", code); } else { int i, handled = 0; msg->l3h = &msg->l2h[4]; for (i = 0; i < ARRAY_SIZE(mgcp_requests); ++i) - if (strncmp(mgcp_requests[i].name, (const char *) &msg->data[0], 4) == 0) { + if (strncmp(mgcp_requests[i].name, (const char *) &msg->l2h[0], 4) == 0) { handled = 1; resp = mgcp_requests[i].handle_request(cfg, msg); break; } if (!handled) { - LOGP(DMGCP, LOGL_NOTICE, "MSG with type: '%.4s' not handled\n", &msg->data[0]); + LOGP(DMGCP, LOGL_NOTICE, "MSG with type: '%.4s' not handled\n", &msg->l2h[0]); } } @@ -296,9 +272,9 @@ static struct mgcp_endpoint *find_endpoint(struct mgcp_config *cfg, const char * return &cfg->endpoints[gw]; } -static int analyze_header(struct mgcp_config *cfg, struct msgb *msg, - struct mgcp_msg_ptr *ptr, int size, - const char **transaction_id, struct mgcp_endpoint **endp) +int mgcp_analyze_header(struct mgcp_config *cfg, struct msgb *msg, + struct mgcp_msg_ptr *ptr, int size, + const char **transaction_id, struct mgcp_endpoint **endp) { int found; @@ -334,8 +310,11 @@ static int analyze_header(struct mgcp_config *cfg, struct msgb *msg, } *transaction_id = (const char *)&msg->l3h[ptr[0].start]; - *endp = find_endpoint(cfg, (const char *)&msg->l3h[ptr[1].start]); - return *endp == NULL; + if (endp) { + *endp = find_endpoint(cfg, (const char *)&msg->l3h[ptr[1].start]); + return *endp == NULL; + } + return 0; } static int verify_call_id(const struct mgcp_endpoint *endp, @@ -369,7 +348,7 @@ static struct msgb *handle_audit_endpoint(struct mgcp_config *cfg, struct msgb * const char *trans_id; struct mgcp_endpoint *endp; - found = analyze_header(cfg, msg, data_ptrs, ARRAY_SIZE(data_ptrs), &trans_id, &endp); + found = mgcp_analyze_header(cfg, msg, data_ptrs, ARRAY_SIZE(data_ptrs), &trans_id, &endp); if (found != 0) response = 500; else @@ -402,7 +381,7 @@ static struct msgb *handle_create_con(struct mgcp_config *cfg, struct msgb *msg) int error_code = 500; int port; - found = analyze_header(cfg, msg, data_ptrs, ARRAY_SIZE(data_ptrs), &trans_id, &endp); + found = mgcp_analyze_header(cfg, msg, data_ptrs, ARRAY_SIZE(data_ptrs), &trans_id, &endp); if (found != 0) return create_response(500, "CRCX", trans_id); @@ -501,7 +480,7 @@ static struct msgb *handle_modify_con(struct mgcp_config *cfg, struct msgb *msg) struct mgcp_endpoint *endp; int error_code = 500; - found = analyze_header(cfg, msg, data_ptrs, ARRAY_SIZE(data_ptrs), &trans_id, &endp); + found = mgcp_analyze_header(cfg, msg, data_ptrs, ARRAY_SIZE(data_ptrs), &trans_id, &endp); if (found != 0) return create_response(error_code, "MDCX", trans_id); @@ -614,7 +593,7 @@ static struct msgb *handle_delete_con(struct mgcp_config *cfg, struct msgb *msg) struct mgcp_endpoint *endp; int error_code = 500; - found = analyze_header(cfg, msg, data_ptrs, ARRAY_SIZE(data_ptrs), &trans_id, &endp); + found = mgcp_analyze_header(cfg, msg, data_ptrs, ARRAY_SIZE(data_ptrs), &trans_id, &endp); if (found != 0) return create_response(error_code, "DLCX", trans_id); @@ -678,6 +657,13 @@ error3: return create_response(error_code, "DLCX", trans_id); } +static struct msgb *handle_rsip(struct mgcp_config *cfg, struct msgb *msg) +{ + if (cfg->reset_cb) + cfg->reset_cb(cfg); + return NULL; +} + struct mgcp_config *mgcp_config_alloc(void) { struct mgcp_config *cfg; @@ -722,7 +708,7 @@ int mgcp_endpoints_allocate(struct mgcp_config *cfg) void mgcp_free_endp(struct mgcp_endpoint *endp) { - LOGP(DMGCP, LOGL_NOTICE, "Deleting endpoint on: 0x%x\n", ENDPOINT_NUMBER(endp)); + LOGP(DMGCP, LOGL_DEBUG, "Deleting endpoint on: 0x%x\n", ENDPOINT_NUMBER(endp)); endp->ci= CI_UNUSED; if (endp->callid) { @@ -732,7 +718,7 @@ void mgcp_free_endp(struct mgcp_endpoint *endp) if (endp->local_options) { talloc_free(endp->local_options); - endp->callid = NULL; + endp->local_options = NULL; } if (!endp->cfg->early_bind) { @@ -742,4 +728,6 @@ void mgcp_free_endp(struct mgcp_endpoint *endp) endp->net_rtp = endp->net_rtcp = endp->bts_rtp = endp->bts_rtcp = 0; endp->net_payload_type = endp->bts_payload_type = -1; + memset(&endp->remote, 0, sizeof(endp->remote)); + memset(&endp->bts, 0, sizeof(endp->bts)); } diff --git a/openbsc/src/mgcp/mgcp_vty.c b/openbsc/src/mgcp/mgcp_vty.c index f13b3cfa7..c8d4b7fe6 100644 --- a/openbsc/src/mgcp/mgcp_vty.c +++ b/openbsc/src/mgcp/mgcp_vty.c @@ -63,6 +63,8 @@ static int config_write_mgcp(struct vty *vty) vty_out(vty, " forward audio ip %s%s", g_cfg->forward_ip, VTY_NEWLINE); if (g_cfg->forward_port != 0) vty_out(vty, " forward audio port %d%s", g_cfg->forward_port, VTY_NEWLINE); + if (g_cfg->call_agent_addr) + vty_out(vty, " call agent ip %s%s", g_cfg->call_agent_addr, VTY_NEWLINE); return CMD_SUCCESS; } @@ -75,10 +77,11 @@ DEFUN(show_mcgp, show_mgcp_cmd, "show mgcp", vty_out(vty, "MGCP is up and running with %u endpoints:%s", g_cfg->number_endpoints - 1, VTY_NEWLINE); for (i = 1; i < g_cfg->number_endpoints; ++i) { struct mgcp_endpoint *endp = &g_cfg->endpoints[i]; - vty_out(vty, " Endpoint 0x%.2x: CI: %d net: %u/%u bts: %u/%u%s", + vty_out(vty, " Endpoint 0x%.2x: CI: %d net: %u/%u bts: %u/%u on %s%s", i, endp->ci, ntohs(endp->net_rtp), ntohs(endp->net_rtcp), - ntohs(endp->bts_rtp), ntohs(endp->bts_rtcp), VTY_NEWLINE); + ntohs(endp->bts_rtp), ntohs(endp->bts_rtcp), + inet_ntoa(endp->bts), VTY_NEWLINE); } return CMD_SUCCESS; @@ -237,6 +240,17 @@ DEFUN(cfg_mgcp_forward_port, return CMD_SUCCESS; } +DEFUN(cfg_mgcp_agent_addr, + cfg_mgcp_agent_addr_cmd, + "call agent ip IP", + "Set the address of the call agent.") +{ + if (g_cfg->call_agent_addr) + talloc_free(g_cfg->call_agent_addr); + g_cfg->call_agent_addr = talloc_strdup(g_cfg, argv[0]); + return CMD_SUCCESS; +} + int mgcp_vty_init(void) { install_element(VIEW_NODE, &show_mgcp_cmd); @@ -256,6 +270,7 @@ int mgcp_vty_init(void) install_element(MGCP_NODE, &cfg_mgcp_number_endp_cmd); install_element(MGCP_NODE, &cfg_mgcp_forward_ip_cmd); install_element(MGCP_NODE, &cfg_mgcp_forward_port_cmd); + install_element(MGCP_NODE, &cfg_mgcp_agent_addr_cmd); return 0; } @@ -274,6 +289,11 @@ int mgcp_parse_config(const char *config_file, struct mgcp_config *cfg) if (!g_cfg->bts_ip) fprintf(stderr, "No BTS ip address specified. This will allow everyone to connect.\n"); + if (!g_cfg->source_addr) { + fprintf(stderr, "You need to specify a bind address.\n"); + return -1; + } + if (mgcp_endpoints_allocate(g_cfg) != 0) { fprintf(stderr, "Failed to allocate endpoints: %d. Quitting.\n", g_cfg->number_endpoints); return -1; @@ -327,13 +347,3 @@ int mgcp_parse_config(const char *config_file, struct mgcp_config *cfg) return !!g_cfg->forward_ip; } -struct gsm_network; -int bsc_vty_init(struct gsm_network *dummy) -{ - cmd_init(1); - vty_init(); - - mgcp_vty_init(); - return 0; -} - diff --git a/openbsc/src/nat/bsc_filter.c b/openbsc/src/nat/bsc_filter.c new file mode 100644 index 000000000..891d4555d --- /dev/null +++ b/openbsc/src/nat/bsc_filter.c @@ -0,0 +1,216 @@ +/* BSC Multiplexer/NAT */ + +/* + * (C) 2010 by Holger Hans Peter Freyther <zecke@selfish.org> + * (C) 2010 by On-Waves + * All Rights Reserved + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + */ + +#include <openbsc/bsc_nat.h> +#include <openbsc/bssap.h> +#include <openbsc/ipaccess.h> +#include <openbsc/debug.h> + +#include <osmocore/talloc.h> + +#include <sccp/sccp.h> + +/* + * The idea is to have a simple struct describing a IPA packet with + * SCCP SSN and the GSM 08.08 payload and decide. We will both have + * a white and a blacklist of packets we want to handle. + * + * TODO: Implement a "NOT" in the filter language. + */ + +#define ALLOW_ANY -1 + +#define FILTER_TO_BSC 1 +#define FILTER_TO_MSC 2 +#define FILTER_TO_BOTH 3 + + +struct bsc_pkt_filter { + int ipa_proto; + int dest_ssn; + int bssap; + int gsm; + int filter_dir; +}; + +static struct bsc_pkt_filter black_list[] = { + /* filter reset messages to the MSC */ + { IPAC_PROTO_SCCP, SCCP_SSN_BSSAP, 0, BSS_MAP_MSG_RESET, FILTER_TO_MSC }, + + /* filter reset ack messages to the BSC */ + { IPAC_PROTO_SCCP, SCCP_SSN_BSSAP, 0, BSS_MAP_MSG_RESET_ACKNOWLEDGE, FILTER_TO_BSC }, + + /* filter ip access */ + { IPAC_PROTO_IPACCESS, ALLOW_ANY, ALLOW_ANY, ALLOW_ANY, FILTER_TO_MSC }, +}; + +static struct bsc_pkt_filter white_list[] = { + /* allow IPAC_PROTO_SCCP messages to both sides */ + { IPAC_PROTO_SCCP, ALLOW_ANY, ALLOW_ANY, ALLOW_ANY, FILTER_TO_BOTH }, + + /* allow MGCP messages to both sides */ + { NAT_IPAC_PROTO_MGCP, ALLOW_ANY, ALLOW_ANY, ALLOW_ANY, FILTER_TO_BOTH }, +}; + +struct bsc_nat_parsed* bsc_nat_parse(struct msgb *msg) +{ + struct sccp_parse_result result; + struct bsc_nat_parsed *parsed; + struct ipaccess_head *hh; + + /* quick fail */ + if (msg->len < 4) + return NULL; + + parsed = talloc_zero(msg, struct bsc_nat_parsed); + if (!parsed) + return NULL; + + /* more init */ + parsed->ipa_proto = parsed->called_ssn = parsed->calling_ssn = -1; + parsed->sccp_type = parsed->bssap = parsed->gsm_type = -1; + + /* start parsing */ + hh = (struct ipaccess_head *) msg->data; + parsed->ipa_proto = hh->proto; + + msg->l2h = &hh->data[0]; + + /* do a size check on the input */ + if (ntohs(hh->len) != msgb_l2len(msg)) { + LOGP(DINP, LOGL_ERROR, "Wrong input length?\n"); + talloc_free(parsed); + return NULL; + } + + /* analyze sccp down here */ + if (parsed->ipa_proto == IPAC_PROTO_SCCP) { + memset(&result, 0, sizeof(result)); + if (sccp_parse_header(msg, &result) != 0) { + talloc_free(parsed); + return 0; + } + + if (msg->l3h && msgb_l3len(msg) < 3) { + LOGP(DNAT, LOGL_ERROR, "Not enough space or GSM payload\n"); + talloc_free(parsed); + return 0; + } + + parsed->sccp_type = sccp_determine_msg_type(msg); + parsed->src_local_ref = result.source_local_reference; + parsed->dest_local_ref = result.destination_local_reference; + parsed->called_ssn = result.called.ssn; + parsed->calling_ssn = result.calling.ssn; + + /* in case of connection confirm we have no payload */ + if (msg->l3h) { + parsed->bssap = msg->l3h[0]; + parsed->gsm_type = msg->l3h[2]; + } + } + + return parsed; +} + +int bsc_nat_filter_ipa(int dir, struct msgb *msg, struct bsc_nat_parsed *parsed) +{ + int i; + + /* go through the blacklist now */ + for (i = 0; i < ARRAY_SIZE(black_list); ++i) { + /* ignore the rule? */ + if (black_list[i].filter_dir != FILTER_TO_BOTH + && black_list[i].filter_dir != dir) + continue; + + /* the proto is not blacklisted */ + if (black_list[i].ipa_proto != ALLOW_ANY + && black_list[i].ipa_proto != parsed->ipa_proto) + continue; + + if (parsed->ipa_proto == IPAC_PROTO_SCCP) { + /* the SSN is not blacklisted */ + if (black_list[i].dest_ssn != ALLOW_ANY + && black_list[i].dest_ssn != parsed->called_ssn) + continue; + + /* bssap */ + if (black_list[i].bssap != ALLOW_ANY + && black_list[i].bssap != parsed->bssap) + continue; + + /* gsm */ + if (black_list[i].gsm != ALLOW_ANY + && black_list[i].gsm != parsed->gsm_type) + continue; + + /* blacklisted */ + LOGP(DNAT, LOGL_INFO, "Blacklisted with rule %d\n", i); + return 1; + } else { + /* blacklisted, we have no content sniffing yet */ + LOGP(DNAT, LOGL_INFO, "Blacklisted with rule %d\n", i); + return 1; + } + } + + /* go through the whitelust now */ + for (i = 0; i < ARRAY_SIZE(white_list); ++i) { + /* ignore the rule? */ + if (white_list[i].filter_dir != FILTER_TO_BOTH + && white_list[i].filter_dir != dir) + continue; + + /* the proto is not whitelisted */ + if (white_list[i].ipa_proto != ALLOW_ANY + && white_list[i].ipa_proto != parsed->ipa_proto) + continue; + + if (parsed->ipa_proto == IPAC_PROTO_SCCP) { + /* the SSN is not whitelisted */ + if (white_list[i].dest_ssn != ALLOW_ANY + && white_list[i].dest_ssn != parsed->called_ssn) + continue; + + /* bssap */ + if (white_list[i].bssap != ALLOW_ANY + && white_list[i].bssap != parsed->bssap) + continue; + + /* gsm */ + if (white_list[i].gsm != ALLOW_ANY + && white_list[i].gsm != parsed->gsm_type) + continue; + + /* whitelisted */ + LOGP(DNAT, LOGL_INFO, "Whitelisted with rule %d\n", i); + return 0; + } else { + /* whitelisted */ + return 0; + } + } + + return 1; +} diff --git a/openbsc/src/nat/bsc_mgcp_utils.c b/openbsc/src/nat/bsc_mgcp_utils.c new file mode 100644 index 000000000..2dbf1fd00 --- /dev/null +++ b/openbsc/src/nat/bsc_mgcp_utils.c @@ -0,0 +1,473 @@ +/* + * (C) 2010 by Holger Hans Peter Freyther <zecke@selfish.org> + * (C) 2010 by On-Waves + * All Rights Reserved + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + */ + +#include <openbsc/bsc_nat.h> +#include <openbsc/gsm_data.h> +#include <openbsc/bssap.h> +#include <openbsc/debug.h> +#include <openbsc/mgcp.h> +#include <openbsc/mgcp_internal.h> + +#include <osmocore/talloc.h> + +#include <netinet/in.h> +#include <arpa/inet.h> + +#include <errno.h> +#include <unistd.h> + +int bsc_mgcp_assign(struct sccp_connections *con, struct msgb *msg) +{ + struct tlv_parsed tp; + u_int16_t cic; + u_int8_t timeslot; + u_int8_t multiplex; + + if (!msg->l3h) { + LOGP(DNAT, LOGL_ERROR, "Assignment message should have l3h pointer.\n"); + return -1; + } + + if (msgb_l3len(msg) < 3) { + LOGP(DNAT, LOGL_ERROR, "Assignment message has not enough space for GSM0808.\n"); + return -1; + } + + tlv_parse(&tp, gsm0808_att_tlvdef(), msg->l3h + 3, msgb_l3len(msg) - 3, 0, 0); + if (!TLVP_PRESENT(&tp, GSM0808_IE_CIRCUIT_IDENTITY_CODE)) { + LOGP(DNAT, LOGL_ERROR, "Circuit identity code not found in assignment message.\n"); + return -1; + } + + cic = ntohs(*(u_int16_t *)TLVP_VAL(&tp, GSM0808_IE_CIRCUIT_IDENTITY_CODE)); + timeslot = cic & 0x1f; + multiplex = (cic & ~0x1f) >> 5; + + con->msc_timeslot = (32 * multiplex) + timeslot; + con->bsc_timeslot = con->msc_timeslot; + return 0; +} + +void bsc_mgcp_clear(struct sccp_connections *con) +{ + con->msc_timeslot = -1; + con->bsc_timeslot = -1; +} + +void bsc_mgcp_free_endpoint(struct bsc_nat *nat, int i) +{ + if (nat->bsc_endpoints[i].transaction_id) { + talloc_free(nat->bsc_endpoints[i].transaction_id); + nat->bsc_endpoints[i].transaction_id = NULL; + } + + nat->bsc_endpoints[i].bsc = NULL; + mgcp_free_endp(&nat->mgcp_cfg->endpoints[i]); +} + +void bsc_mgcp_free_endpoints(struct bsc_nat *nat) +{ + int i; + + for (i = 1; i < nat->mgcp_cfg->number_endpoints; ++i) + bsc_mgcp_free_endpoint(nat, i); +} + +struct bsc_connection *bsc_mgcp_find_con(struct bsc_nat *nat, int endpoint) +{ + struct sccp_connections *sccp; + + llist_for_each_entry(sccp, &nat->sccp_connections, list_entry) { + if (sccp->msc_timeslot == -1) + continue; + if (mgcp_timeslot_to_endpoint(0, sccp->msc_timeslot) != endpoint) + continue; + + return sccp->bsc; + } + + LOGP(DMGCP, LOGL_ERROR, "Failed to find the connection.\n"); + return NULL; +} + +int bsc_mgcp_policy_cb(struct mgcp_config *cfg, int endpoint, int state, const char *transaction_id) +{ + struct bsc_nat *nat; + struct bsc_endpoint *bsc_endp; + struct bsc_connection *bsc_con; + struct mgcp_endpoint *mgcp_endp; + struct msgb *bsc_msg; + + nat = cfg->data; + bsc_endp = &nat->bsc_endpoints[endpoint]; + mgcp_endp = &nat->mgcp_cfg->endpoints[endpoint]; + + bsc_con = bsc_mgcp_find_con(nat, endpoint); + + if (!bsc_con) { + LOGP(DMGCP, LOGL_ERROR, "Did not find BSC for a new connection on 0x%x for %d\n", endpoint, state); + + switch (state) { + case MGCP_ENDP_CRCX: + return MGCP_POLICY_REJECT; + break; + case MGCP_ENDP_DLCX: + return MGCP_POLICY_CONT; + break; + case MGCP_ENDP_MDCX: + return MGCP_POLICY_CONT; + break; + default: + LOGP(DMGCP, LOGL_FATAL, "Unhandled state: %d\n", state); + return MGCP_POLICY_CONT; + break; + } + } + + if (bsc_endp->transaction_id) { + LOGP(DMGCP, LOGL_ERROR, "One transaction with id '%s' on 0x%x\n", + bsc_endp->transaction_id, endpoint); + talloc_free(bsc_endp->transaction_id); + } + + bsc_endp->transaction_id = talloc_strdup(nat, transaction_id); + bsc_endp->bsc = bsc_con; + bsc_endp->pending_delete = state == MGCP_ENDP_DLCX; + + /* we need to update some bits */ + if (state == MGCP_ENDP_CRCX) { + struct sockaddr_in sock; + socklen_t len = sizeof(sock); + if (getpeername(bsc_con->write_queue.bfd.fd, (struct sockaddr *) &sock, &len) != 0) { + LOGP(DMGCP, LOGL_ERROR, "Can not get the peername...%d/%s\n", + errno, strerror(errno)); + } else { + mgcp_endp->bts = sock.sin_addr; + } + } + + /* we need to generate a new and patched message */ + bsc_msg = bsc_mgcp_rewrite((char *) nat->mgcp_msg, nat->mgcp_length, + nat->mgcp_cfg->source_addr, mgcp_endp->rtp_port); + if (!bsc_msg) { + LOGP(DMGCP, LOGL_ERROR, "Failed to patch the msg.\n"); + return MGCP_POLICY_CONT; + } + + bsc_write_mgcp_msg(bsc_con, bsc_msg); + return MGCP_POLICY_DEFER; +} + +/* + * We have received a msg from the BSC. We will see if we know + * this transaction and if it belongs to the BSC. Then we will + * need to patch the content to point to the local network and we + * need to update the I: that was assigned by the BSS. + */ +void bsc_mgcp_forward(struct bsc_connection *bsc, struct msgb *msg) +{ + struct msgb *output; + struct bsc_endpoint *bsc_endp = NULL; + struct mgcp_endpoint *endp = NULL; + int i, code; + char transaction_id[60]; + + /* Some assumption that our buffer is big enough.. and null terminate */ + if (msgb_l2len(msg) > 2000) { + LOGP(DMGCP, LOGL_ERROR, "MGCP message too long.\n"); + return; + } + + msg->l2h[msgb_l2len(msg)] = '\0'; + + if (bsc_mgcp_parse_response((const char *) msg->l2h, &code, transaction_id) != 0) { + LOGP(DMGCP, LOGL_ERROR, "Failed to parse response code.\n"); + return; + } + + for (i = 1; i < bsc->nat->mgcp_cfg->number_endpoints; ++i) { + if (bsc->nat->bsc_endpoints[i].bsc != bsc) + continue; + /* no one listening? a bug? */ + if (!bsc->nat->bsc_endpoints[i].transaction_id) + continue; + if (strcmp(transaction_id, bsc->nat->bsc_endpoints[i].transaction_id) != 0) + continue; + + endp = &bsc->nat->mgcp_cfg->endpoints[i]; + bsc_endp = &bsc->nat->bsc_endpoints[i]; + break; + } + + if (!bsc_endp) { + LOGP(DMGCP, LOGL_ERROR, "Could not find active endpoint: %s for msg: '%s'\n", + transaction_id, (const char *) msg->l2h); + return; + } + + /* free some stuff */ + talloc_free(bsc_endp->transaction_id); + bsc_endp->transaction_id = NULL; + + /* make it point to our endpoint */ + endp->ci = bsc_mgcp_extract_ci((const char *) msg->l2h); + output = bsc_mgcp_rewrite((char * ) msg->l2h, msgb_l2len(msg), + bsc->nat->mgcp_cfg->source_addr, endp->rtp_port); + + if (bsc_endp->pending_delete) { + mgcp_free_endp(endp); + bsc_endp->bsc = NULL; + bsc_endp->pending_delete = 0; + } + + if (!output) { + LOGP(DMGCP, LOGL_ERROR, "Failed to rewrite MGCP msg.\n"); + return; + } + + if (write_queue_enqueue(&bsc->nat->mgcp_queue, output) != 0) { + LOGP(DMGCP, LOGL_ERROR, "Failed to queue MGCP msg.\n"); + msgb_free(output); + } +} + +int bsc_mgcp_parse_response(const char *str, int *code, char transaction[60]) +{ + /* we want to parse two strings */ + return sscanf(str, "%3d %59s\n", code, transaction) != 2; +} + +int bsc_mgcp_extract_ci(const char *str) +{ + int ci; + char *res = strstr(str, "I: "); + if (!res) + return CI_UNUSED; + + if (sscanf(res, "I: %d", &ci) != 1) + return CI_UNUSED; + return ci; +} + +/* we need to replace some strings... */ +struct msgb *bsc_mgcp_rewrite(char *input, int length, const char *ip, int port) +{ + static const char *ip_str = "c=IN IP4 "; + static const char *aud_str = "m=audio "; + + char buf[128]; + char *running, *token; + struct msgb *output; + + if (length > 4096 - 128) { + LOGP(DMGCP, LOGL_ERROR, "Input is too long.\n"); + return NULL; + } + + output = msgb_alloc_headroom(4096, 128, "MGCP rewritten"); + if (!output) { + LOGP(DMGCP, LOGL_ERROR, "Failed to allocate new MGCP msg.\n"); + return NULL; + } + + running = input; + output->l2h = output->data; + for (token = strsep(&running, "\n"); running; token = strsep(&running, "\n")) { + int len = strlen(token); + int cr = len > 0 && token[len - 1] == '\r'; + + if (strncmp(ip_str, token, (sizeof ip_str) - 1) == 0) { + output->l3h = msgb_put(output, strlen(ip_str)); + memcpy(output->l3h, ip_str, strlen(ip_str)); + output->l3h = msgb_put(output, strlen(ip)); + memcpy(output->l3h, ip, strlen(ip)); + + if (cr) { + output->l3h = msgb_put(output, 2); + output->l3h[0] = '\r'; + output->l3h[1] = '\n'; + } else { + output->l3h = msgb_put(output, 1); + output->l3h[0] = '\n'; + } + } else if (strncmp(aud_str, token, (sizeof aud_str) - 1) == 0) { + int payload; + if (sscanf(token, "m=audio %*d RTP/AVP %d", &payload) != 1) { + LOGP(DMGCP, LOGL_ERROR, "Could not parsed audio line.\n"); + msgb_free(output); + return NULL; + } + + snprintf(buf, sizeof(buf)-1, "m=audio %d RTP/AVP %d%s", + port, payload, cr ? "\r\n" : "\n"); + buf[sizeof(buf)-1] = '\0'; + + output->l3h = msgb_put(output, strlen(buf)); + memcpy(output->l3h, buf, strlen(buf)); + } else { + output->l3h = msgb_put(output, len + 1); + memcpy(output->l3h, token, len); + output->l3h[len] = '\n'; + } + } + + return output; +} + +static int mgcp_do_read(struct bsc_fd *fd) +{ + struct bsc_nat *nat; + struct msgb *msg, *resp; + int rc; + + nat = fd->data; + + rc = read(fd->fd, nat->mgcp_msg, sizeof(nat->mgcp_msg) - 1); + if (rc <= 0) { + LOGP(DMGCP, LOGL_ERROR, "Failed to read errno: %d\n", errno); + return -1; + } + + nat->mgcp_msg[rc] = '\0'; + nat->mgcp_length = rc; + + msg = msgb_alloc(sizeof(nat->mgcp_msg), "MGCP GW Read"); + if (!msg) { + LOGP(DMGCP, LOGL_ERROR, "Failed to create buffer.\n"); + return -1; + } + + msg->l2h = msgb_put(msg, rc); + memcpy(msg->l2h, nat->mgcp_msg, msgb_l2len(msg)); + resp = mgcp_handle_message(nat->mgcp_cfg, msg); + msgb_free(msg); + + /* we do have a direct answer... e.g. AUEP */ + if (resp) { + if (write_queue_enqueue(&nat->mgcp_queue, resp) != 0) { + LOGP(DMGCP, LOGL_ERROR, "Failed to enqueue msg.\n"); + msgb_free(resp); + } + } + + return 0; +} + +static int mgcp_do_write(struct bsc_fd *bfd, struct msgb *msg) +{ + int rc; + + rc = write(bfd->fd, msg->data, msg->len); + + if (rc != msg->len) { + LOGP(DMGCP, LOGL_ERROR, "Failed to write msg to MGCP CallAgent.\n"); + return -1; + } + + return rc; +} + +int bsc_mgcp_init(struct bsc_nat *nat) +{ + int on; + struct sockaddr_in addr; + + if (!nat->mgcp_cfg->call_agent_addr) { + LOGP(DMGCP, LOGL_ERROR, "The BSC nat requires the call agent ip to be set.\n"); + return -1; + } + + if (nat->mgcp_cfg->bts_ip) { + LOGP(DMGCP, LOGL_ERROR, "Do not set the BTS ip for the nat.\n"); + return -1; + } + + nat->mgcp_queue.bfd.fd = socket(AF_INET, SOCK_DGRAM, 0); + if (nat->mgcp_queue.bfd.fd < 0) { + LOGP(DMGCP, LOGL_ERROR, "Failed to create MGCP socket. errno: %d\n", errno); + return -1; + } + + on = 1; + setsockopt(nat->mgcp_queue.bfd.fd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)); + + addr.sin_family = AF_INET; + addr.sin_port = htons(nat->mgcp_cfg->source_port); + inet_aton(nat->mgcp_cfg->source_addr, &addr.sin_addr); + + if (bind(nat->mgcp_queue.bfd.fd, (struct sockaddr *) &addr, sizeof(addr)) < 0) { + LOGP(DMGCP, LOGL_ERROR, "Failed to bind. errno: %d\n", errno); + close(nat->mgcp_queue.bfd.fd); + nat->mgcp_queue.bfd.fd = -1; + return -1; + } + + addr.sin_port = htons(2727); + inet_aton(nat->mgcp_cfg->call_agent_addr, &addr.sin_addr); + if (connect(nat->mgcp_queue.bfd.fd, (struct sockaddr *) &addr, sizeof(addr)) < 0) { + LOGP(DMGCP, LOGL_ERROR, "Failed to connect to: '%s'. errno: %d\n", + nat->mgcp_cfg->call_agent_addr, errno); + close(nat->mgcp_queue.bfd.fd); + nat->mgcp_queue.bfd.fd = -1; + return -1; + } + + write_queue_init(&nat->mgcp_queue, 10); + nat->mgcp_queue.bfd.when = BSC_FD_READ; + nat->mgcp_queue.bfd.data = nat; + nat->mgcp_queue.read_cb = mgcp_do_read; + nat->mgcp_queue.write_cb = mgcp_do_write; + + if (bsc_register_fd(&nat->mgcp_queue.bfd) != 0) { + LOGP(DMGCP, LOGL_ERROR, "Failed to register MGCP fd.\n"); + close(nat->mgcp_queue.bfd.fd); + nat->mgcp_queue.bfd.fd = -1; + return -1; + } + + /* some more MGCP config handling */ + nat->mgcp_cfg->audio_payload = -1; + nat->mgcp_cfg->data = nat; + nat->mgcp_cfg->policy_cb = bsc_mgcp_policy_cb; + nat->bsc_endpoints = talloc_zero_array(nat, + struct bsc_endpoint, + nat->mgcp_cfg->number_endpoints + 1); + + return 0; +} + +void bsc_mgcp_clear_endpoints_for(struct bsc_connection *bsc) +{ + int i; + for (i = 1; i < bsc->nat->mgcp_cfg->number_endpoints; ++i) { + struct bsc_endpoint *bsc_endp = &bsc->nat->bsc_endpoints[i]; + + if (bsc_endp->bsc != bsc) + continue; + + bsc_endp->bsc = NULL; + bsc_endp->pending_delete = 0; + if (bsc_endp->transaction_id) + talloc_free(bsc_endp->transaction_id); + bsc_endp->transaction_id = NULL; + mgcp_free_endp(&bsc->nat->mgcp_cfg->endpoints[i]); + } +} diff --git a/openbsc/src/nat/bsc_nat.c b/openbsc/src/nat/bsc_nat.c new file mode 100644 index 000000000..631d89994 --- /dev/null +++ b/openbsc/src/nat/bsc_nat.c @@ -0,0 +1,804 @@ +/* BSC Multiplexer/NAT */ + +/* + * (C) 2010 by Holger Hans Peter Freyther <zecke@selfish.org> + * (C) 2010 by On-Waves + * (C) 2009 by Harald Welte <laforge@gnumonks.org> + * All Rights Reserved + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + */ +#include <sys/socket.h> +#include <netinet/in.h> +#include <arpa/inet.h> + +#include <errno.h> +#include <signal.h> +#include <stdio.h> +#include <stdlib.h> +#include <time.h> +#include <unistd.h> + +#define _GNU_SOURCE +#include <getopt.h> + +#include <openbsc/debug.h> +#include <openbsc/bsc_msc.h> +#include <openbsc/bsc_nat.h> +#include <openbsc/bssap.h> +#include <openbsc/ipaccess.h> +#include <openbsc/abis_nm.h> +#include <openbsc/telnet_interface.h> + +#include <osmocore/talloc.h> + +#include <vty/vty.h> + +#include <sccp/sccp.h> + +struct log_target *stderr_target; +static const char *config_file = "bsc-nat.cfg"; +static char *msc_address = "127.0.0.1"; +static struct in_addr local_addr; +static struct bsc_msc_connection *msc_con; +static struct bsc_fd bsc_listen; + + +static struct bsc_nat *nat; +static void bsc_write(struct bsc_connection *bsc, const u_int8_t *data, unsigned int length); +static void remove_bsc_connection(struct bsc_connection *connection); + +struct bsc_config *bsc_config_num(struct bsc_nat *nat, int num) +{ + struct bsc_config *conf; + + llist_for_each_entry(conf, &nat->bsc_configs, entry) + if (conf->nr == num) + return conf; + + return NULL; +} + +/* + * below are stubs we need to link + */ +int nm_state_event(enum nm_evt evt, u_int8_t obj_class, void *obj, + struct gsm_nm_state *old_state, struct gsm_nm_state *new_state) +{ + return -1; +} + +void input_event(int event, enum e1inp_sign_type type, struct gsm_bts_trx *trx) +{} + +int gsm0408_rcvmsg(struct msgb *msg, u_int8_t link_id) +{ + return -1; +} + +static void send_reset_ack(struct bsc_connection *bsc) +{ + static const u_int8_t gsm_reset_ack[] = { + 0x00, 0x13, 0xfd, + 0x09, 0x00, 0x03, 0x07, 0x0b, 0x04, 0x43, 0x01, + 0x00, 0xfe, 0x04, 0x43, 0x5c, 0x00, 0xfe, 0x03, + 0x00, 0x01, 0x31, + }; + + bsc_write(bsc, gsm_reset_ack, sizeof(gsm_reset_ack)); +} + +static void send_id_ack(struct bsc_connection *bsc) +{ + static const u_int8_t id_ack[] = { + 0, 1, IPAC_PROTO_IPACCESS, IPAC_MSGT_ID_ACK + }; + + bsc_write(bsc, id_ack, sizeof(id_ack)); +} + +static void send_id_req(struct bsc_connection *bsc) +{ + static const u_int8_t id_req[] = { + 0, 17, IPAC_PROTO_IPACCESS, IPAC_MSGT_ID_GET, + 0x01, IPAC_IDTAG_UNIT, + 0x01, IPAC_IDTAG_MACADDR, + 0x01, IPAC_IDTAG_LOCATION1, + 0x01, IPAC_IDTAG_LOCATION2, + 0x01, IPAC_IDTAG_EQUIPVERS, + 0x01, IPAC_IDTAG_SWVERSION, + 0x01, IPAC_IDTAG_UNITNAME, + 0x01, IPAC_IDTAG_SERNR, + }; + + bsc_write(bsc, id_req, sizeof(id_req)); +} + +static void nat_send_rlsd(struct sccp_connections *conn) +{ + struct sccp_connection_released *rel; + struct msgb *msg; + + msg = msgb_alloc_headroom(4096, 128, "rlsd"); + if (!msg) { + LOGP(DNAT, LOGL_ERROR, "Failed to allocate clear command.\n"); + return; + } + + msg->l2h = msgb_put(msg, sizeof(*rel)); + rel = (struct sccp_connection_released *) msg->l2h; + rel->type = SCCP_MSG_TYPE_RLSD; + rel->release_cause = SCCP_RELEASE_CAUSE_SCCP_FAILURE; + rel->destination_local_reference = conn->remote_ref; + rel->source_local_reference = conn->patched_ref; + + ipaccess_prepend_header(msg, IPAC_PROTO_SCCP); + + if (write_queue_enqueue(&msc_con->write_queue, msg) != 0) { + LOGP(DINP, LOGL_ERROR, "Failed to enqueue the write.\n"); + msgb_free(msg); + } +} + +static void send_mgcp_reset(struct bsc_connection *bsc) +{ + static const u_int8_t mgcp_reset[] = { + "RSIP 1 13@mgw MGCP 1.0\r\n" + }; + + bsc_write_mgcp(bsc, mgcp_reset, sizeof mgcp_reset - 1); +} + +/* + * Below is the handling of messages coming + * from the MSC and need to be forwarded to + * a real BSC. + */ +static void initialize_msc_if_needed() +{ + static int init = 0; + init = 1; + + /* do we need to send a GSM 08.08 message here? */ +} + +/* + * Currently we are lacking refcounting so we need to copy each message. + */ +static void bsc_write(struct bsc_connection *bsc, const u_int8_t *data, unsigned int length) +{ + struct msgb *msg; + + if (length > 4096) { + LOGP(DINP, LOGL_ERROR, "Can not send message of that size.\n"); + return; + } + + msg = msgb_alloc(4096, "to-bsc"); + if (!msg) { + LOGP(DINP, LOGL_ERROR, "Failed to allocate memory for BSC msg.\n"); + return; + } + + msgb_put(msg, length); + memcpy(msg->data, data, length); + if (write_queue_enqueue(&bsc->write_queue, msg) != 0) { + LOGP(DINP, LOGL_ERROR, "Failed to enqueue the write.\n"); + msgb_free(msg); + } +} + +static int forward_sccp_to_bts(struct msgb *msg) +{ + struct sccp_connections *con; + struct bsc_connection *bsc; + struct bsc_nat_parsed *parsed; + + /* filter, drop, patch the message? */ + parsed = bsc_nat_parse(msg); + if (!parsed) { + LOGP(DNAT, LOGL_ERROR, "Can not parse msg from BSC.\n"); + return -1; + } + + if (bsc_nat_filter_ipa(DIR_BSC, msg, parsed)) + goto exit; + + /* Route and modify the SCCP packet */ + if (parsed->ipa_proto == IPAC_PROTO_SCCP) { + switch (parsed->sccp_type) { + case SCCP_MSG_TYPE_UDT: + /* forward UDT messages to every BSC */ + goto send_to_all; + break; + case SCCP_MSG_TYPE_RLSD: + case SCCP_MSG_TYPE_CREF: + case SCCP_MSG_TYPE_DT1: + case SCCP_MSG_TYPE_IT: + con = patch_sccp_src_ref_to_bsc(msg, parsed, nat); + if (parsed->gsm_type == BSS_MAP_MSG_ASSIGMENT_RQST) { + if (con) { + if (bsc_mgcp_assign(con, msg) != 0) + LOGP(DNAT, LOGL_ERROR, "Failed to assign...\n"); + } else + LOGP(DNAT, LOGL_ERROR, "Assignment command but no BSC.\n"); + } + break; + case SCCP_MSG_TYPE_CC: + con = patch_sccp_src_ref_to_bsc(msg, parsed, nat); + if (!con || update_sccp_src_ref(con, parsed) != 0) + goto exit; + break; + case SCCP_MSG_TYPE_RLC: + LOGP(DNAT, LOGL_ERROR, "Unexpected release complete from MSC.\n"); + goto exit; + break; + case SCCP_MSG_TYPE_CR: + /* MSC never opens a SCCP connection, fall through */ + default: + goto exit; + } + + if (!con) + LOGP(DNAT, LOGL_ERROR, "Unknown connection for msg type: 0x%x.\n", parsed->sccp_type); + } + + talloc_free(parsed); + if (!con) + return -1; + if (!con->bsc->authenticated) { + LOGP(DNAT, LOGL_ERROR, "Selected BSC not authenticated.\n"); + return -1; + } + + bsc_write(con->bsc, msg->data, msg->len); + return 0; + +send_to_all: + /* + * Filter Paging from the network. We do not want to send a PAGING + * Command to every BSC in our network. We will analys the PAGING + * message and then send it to the authenticated messages... + */ + if (parsed->ipa_proto == IPAC_PROTO_SCCP && parsed->gsm_type == BSS_MAP_MSG_PAGING) { + bsc = bsc_nat_find_bsc(nat, msg); + if (bsc) + bsc_write(bsc, msg->data, msg->len); + else + LOGP(DNAT, LOGL_ERROR, "Could not determine BSC for paging.\n"); + + goto exit; + } + /* currently send this to every BSC connected */ + llist_for_each_entry(bsc, &nat->bsc_connections, list_entry) { + if (!bsc->authenticated) + continue; + + bsc_write(bsc, msg->data, msg->len); + } + +exit: + talloc_free(parsed); + return 0; +} + +static void msc_connection_was_lost(struct bsc_msc_connection *con) +{ + struct bsc_connection *bsc, *tmp; + + LOGP(DMSC, LOGL_ERROR, "Closing all connections downstream.\n"); + llist_for_each_entry_safe(bsc, tmp, &nat->bsc_connections, list_entry) + remove_bsc_connection(bsc); + + bsc_mgcp_free_endpoints(nat); + bsc_msc_schedule_connect(con); +} + +static int ipaccess_msc_read_cb(struct bsc_fd *bfd) +{ + int error; + struct msgb *msg = ipaccess_read_msg(bfd, &error); + struct ipaccess_head *hh; + + if (!msg) { + if (error == 0) { + LOGP(DNAT, LOGL_FATAL, "The connection the MSC was lost, exiting\n"); + bsc_msc_lost(msc_con); + return -1; + } + + LOGP(DNAT, LOGL_ERROR, "Failed to parse ip access message: %d\n", error); + return -1; + } + + LOGP(DNAT, LOGL_DEBUG, "MSG from MSC: %s proto: %d\n", hexdump(msg->data, msg->len), msg->l2h[0]); + + /* handle base message handling */ + hh = (struct ipaccess_head *) msg->data; + ipaccess_rcvmsg_base(msg, bfd); + + /* initialize the networking. This includes sending a GSM08.08 message */ + if (hh->proto == IPAC_PROTO_IPACCESS && msg->l2h[0] == IPAC_MSGT_ID_ACK) + initialize_msc_if_needed(); + else if (hh->proto == IPAC_PROTO_SCCP) + forward_sccp_to_bts(msg); + + msgb_free(msg); + return 0; +} + +static int ipaccess_msc_write_cb(struct bsc_fd *bfd, struct msgb *msg) +{ + int rc; + rc = write(bfd->fd, msg->data, msg->len); + + if (rc != msg->len) { + LOGP(DNAT, LOGL_ERROR, "Failed to write MSG to MSC.\n"); + return -1; + } + + return rc; +} + +/* + * Below is the handling of messages coming + * from the BSC and need to be forwarded to + * a real BSC. + */ + +/* + * Remove the connection from the connections list, + * remove it from the patching of SCCP header lists + * as well. Maybe in the future even close connection.. + */ +static void remove_bsc_connection(struct bsc_connection *connection) +{ + struct sccp_connections *sccp_patch, *tmp; + bsc_unregister_fd(&connection->write_queue.bfd); + close(connection->write_queue.bfd.fd); + write_queue_clear(&connection->write_queue); + llist_del(&connection->list_entry); + + /* stop the timeout timer */ + bsc_del_timer(&connection->id_timeout); + + /* remove all SCCP connections */ + llist_for_each_entry_safe(sccp_patch, tmp, &nat->sccp_connections, list_entry) { + if (sccp_patch->bsc != connection) + continue; + + nat_send_rlsd(sccp_patch); + sccp_connection_destroy(sccp_patch); + } + + /* close endpoints allocated by this BSC */ + bsc_mgcp_clear_endpoints_for(connection); + + talloc_free(connection); +} + +static void ipaccess_close_bsc(void *data) +{ + struct bsc_connection *conn = data; + + LOGP(DNAT, LOGL_ERROR, "BSC didn't respond to identity request. Closing.\n"); + remove_bsc_connection(conn); +} + +static void ipaccess_auth_bsc(struct tlv_parsed *tvp, struct bsc_connection *bsc) +{ + struct bsc_config *conf; + const char* token = (const char *) TLVP_VAL(tvp, IPAC_IDTAG_UNITNAME); + + llist_for_each_entry(conf, &bsc->nat->bsc_configs, entry) { + if (strcmp(conf->token, token) == 0) { + bsc->authenticated = 1; + bsc->cfg = conf; + bsc_del_timer(&bsc->id_timeout); + LOGP(DNAT, LOGL_NOTICE, "Authenticated bsc nr: %d lac: %d\n", conf->nr, conf->lac); + break; + } + } +} + +static int forward_sccp_to_msc(struct bsc_connection *bsc, struct msgb *msg) +{ + struct sccp_connections *con; + struct bsc_nat_parsed *parsed; + + /* Parse and filter messages */ + parsed = bsc_nat_parse(msg); + if (!parsed) { + LOGP(DNAT, LOGL_ERROR, "Can not parse msg from BSC.\n"); + msgb_free(msg); + return -1; + } + + if (bsc_nat_filter_ipa(DIR_MSC, msg, parsed)) + goto exit; + + /* + * check authentication after filtering to not reject auth + * responses coming from the BSC. We have to make sure that + * nothing from the exit path will forward things to the MSC + */ + if (!bsc->authenticated) { + LOGP(DNAT, LOGL_ERROR, "BSC is not authenticated.\n"); + msgb_free(msg); + return -1; + } + + + /* modify the SCCP entries */ + if (parsed->ipa_proto == IPAC_PROTO_SCCP) { + switch (parsed->sccp_type) { + case SCCP_MSG_TYPE_CR: + if (create_sccp_src_ref(bsc, msg, parsed) != 0) + goto exit2; + con = patch_sccp_src_ref_to_msc(msg, parsed, nat); + break; + case SCCP_MSG_TYPE_RLSD: + case SCCP_MSG_TYPE_CREF: + case SCCP_MSG_TYPE_DT1: + case SCCP_MSG_TYPE_CC: + case SCCP_MSG_TYPE_IT: + con = patch_sccp_src_ref_to_msc(msg, parsed, nat); + break; + case SCCP_MSG_TYPE_RLC: + con = patch_sccp_src_ref_to_msc(msg, parsed, nat); + remove_sccp_src_ref(bsc, msg, parsed); + break; + case SCCP_MSG_TYPE_UDT: + /* simply forward everything */ + con = NULL; + break; + default: + LOGP(DNAT, LOGL_ERROR, "Not forwarding to msc sccp type: 0x%x\n", parsed->sccp_type); + con = NULL; + goto exit2; + break; + } + } else if (parsed->ipa_proto == NAT_IPAC_PROTO_MGCP) { + bsc_mgcp_forward(bsc, msg); + goto exit2; + } else { + LOGP(DNAT, LOGL_ERROR, "Not forwarding unknown stream id: 0x%x\n", parsed->ipa_proto); + goto exit2; + } + + if (con && con->bsc != bsc) { + LOGP(DNAT, LOGL_ERROR, "Found the wrong entry.\n"); + goto exit2; + } + + /* send the non-filtered but maybe modified msg */ + if (write_queue_enqueue(&msc_con->write_queue, msg) != 0) { + LOGP(DNAT, LOGL_ERROR, "Can not queue message for the MSC.\n"); + msgb_free(msg); + } + talloc_free(parsed); + return 0; + +exit: + /* if we filter out the reset send an ack to the BSC */ + if (parsed->bssap == 0 && parsed->gsm_type == BSS_MAP_MSG_RESET) { + send_reset_ack(bsc); + send_reset_ack(bsc); + } else if (parsed->ipa_proto == IPAC_PROTO_IPACCESS) { + /* do we know who is handling this? */ + if (msg->l2h[0] == IPAC_MSGT_ID_RESP) { + struct tlv_parsed tvp; + ipaccess_idtag_parse(&tvp, + (unsigned char *) msg->l2h + 2, + msgb_l2len(msg) - 2); + if (TLVP_PRESENT(&tvp, IPAC_IDTAG_UNITNAME)) + ipaccess_auth_bsc(&tvp, bsc); + } + + goto exit2; + } + +exit2: + talloc_free(parsed); + msgb_free(msg); + return -1; +} + +static int ipaccess_bsc_read_cb(struct bsc_fd *bfd) +{ + int error; + struct bsc_connection *bsc = bfd->data; + struct msgb *msg = ipaccess_read_msg(bfd, &error); + + if (!msg) { + if (error == 0) { + LOGP(DNAT, LOGL_ERROR, "The connection to the BSC was lost. Cleaning it\n"); + remove_bsc_connection(bsc); + } else { + LOGP(DNAT, LOGL_ERROR, "Failed to parse ip access message: %d\n", error); + } + return -1; + } + + + LOGP(DNAT, LOGL_DEBUG, "MSG from BSC: %s proto: %d\n", hexdump(msg->data, msg->len), msg->l2h[0]); + + /* Handle messages from the BSC */ + /* FIXME: Currently no PONG is sent to the BSC */ + /* FIXME: Currently no ID ACK is sent to the BSC */ + forward_sccp_to_msc(bsc, msg); + + return 0; +} + +static int ipaccess_bsc_write_cb(struct bsc_fd *bfd, struct msgb *msg) +{ + int rc; + + rc = write(bfd->fd, msg->data, msg->len); + if (rc != msg->len) + LOGP(DNAT, LOGL_ERROR, "Failed to write message to the BSC.\n"); + + return rc; +} + +static int ipaccess_listen_bsc_cb(struct bsc_fd *bfd, unsigned int what) +{ + struct bsc_connection *bsc; + int ret; + struct sockaddr_in sa; + socklen_t sa_len = sizeof(sa); + + if (!(what & BSC_FD_READ)) + return 0; + + ret = accept(bfd->fd, (struct sockaddr *) &sa, &sa_len); + if (ret < 0) { + perror("accept"); + return ret; + } + + /* + * if we are not connected to a msc... just close the socket + */ + if (!msc_con->is_connected) { + LOGP(DNAT, LOGL_NOTICE, "Disconnecting BSC due lack of MSC connection.\n"); + close(ret); + return 0; + } + + /* todo... do something with the connection */ + /* todo... use GNUtls to see if we want to trust this as a BTS */ + + /* + * + */ + bsc = bsc_connection_alloc(nat); + if (!bsc) { + LOGP(DNAT, LOGL_ERROR, "Failed to allocate BSC struct.\n"); + close(ret); + return -1; + } + + write_queue_init(&bsc->write_queue, 100); + bsc->write_queue.bfd.data = bsc; + bsc->write_queue.bfd.fd = ret; + bsc->write_queue.read_cb = ipaccess_bsc_read_cb; + bsc->write_queue.write_cb = ipaccess_bsc_write_cb; + bsc->write_queue.bfd.when = BSC_FD_READ; + if (bsc_register_fd(&bsc->write_queue.bfd) < 0) { + LOGP(DNAT, LOGL_ERROR, "Failed to register BSC fd.\n"); + close(ret); + talloc_free(bsc); + return -2; + } + + LOGP(DNAT, LOGL_NOTICE, "Registered new BSC\n"); + llist_add(&bsc->list_entry, &nat->bsc_connections); + send_id_ack(bsc); + send_id_req(bsc); + send_mgcp_reset(bsc); + + /* + * start the hangup timer + */ + bsc->id_timeout.data = bsc; + bsc->id_timeout.cb = ipaccess_close_bsc; + bsc_schedule_timer(&bsc->id_timeout, 2, 0); + return 0; +} + +static int listen_for_bsc(struct bsc_fd *bfd, struct in_addr *in_addr, int port) +{ + struct sockaddr_in addr; + int ret, on = 1; + + bfd->fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); + bfd->cb = ipaccess_listen_bsc_cb; + bfd->when = BSC_FD_READ; + + memset(&addr, 0, sizeof(addr)); + addr.sin_family = AF_INET; + addr.sin_port = htons(port); + addr.sin_addr.s_addr = in_addr->s_addr; + + setsockopt(bfd->fd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)); + + ret = bind(bfd->fd, (struct sockaddr *) &addr, sizeof(addr)); + if (ret < 0) { + fprintf(stderr, "Could not bind the BSC socket %s\n", + strerror(errno)); + return -EIO; + } + + ret = listen(bfd->fd, 1); + if (ret < 0) { + perror("listen"); + return ret; + } + + ret = bsc_register_fd(bfd); + if (ret < 0) { + perror("register_listen_fd"); + return ret; + } + return 0; +} + +static void print_usage() +{ + printf("Usage: bsc_nat\n"); +} + +static void print_help() +{ + printf(" Some useful help...\n"); + printf(" -h --help this text\n"); + printf(" -d option --debug=DRLL:DCC:DMM:DRR:DRSL:DNM enable debugging\n"); + printf(" -s --disable-color\n"); + printf(" -c --config-file filename The config file to use.\n"); + printf(" -m --msc=IP. The address of the MSC.\n"); + printf(" -l --local=IP. The local address of this BSC.\n"); +} + +static void handle_options(int argc, char** argv) +{ + while (1) { + int option_index = 0, c; + static struct option long_options[] = { + {"help", 0, 0, 'h'}, + {"debug", 1, 0, 'd'}, + {"config-file", 1, 0, 'c'}, + {"disable-color", 0, 0, 's'}, + {"timestamp", 0, 0, 'T'}, + {"msc", 1, 0, 'm'}, + {"local", 1, 0, 'l'}, + {0, 0, 0, 0} + }; + + c = getopt_long(argc, argv, "hd:sTPc:m:l:", + long_options, &option_index); + if (c == -1) + break; + + switch (c) { + case 'h': + print_usage(); + print_help(); + exit(0); + case 's': + log_set_use_color(stderr_target, 0); + break; + case 'd': + log_parse_category_mask(stderr_target, optarg); + break; + case 'c': + config_file = strdup(optarg); + break; + case 'T': + log_set_print_timestamp(stderr_target, 1); + break; + case 'm': + msc_address = strdup(optarg); + break; + case 'l': + inet_aton(optarg, &local_addr); + break; + default: + /* ignore */ + break; + } + } +} + +static void signal_handler(int signal) +{ + switch (signal) { + case SIGABRT: + /* in case of abort, we want to obtain a talloc report + * and then return to the caller, who will abort the process */ + case SIGUSR1: + talloc_report_full(tall_bsc_ctx, stderr); + break; + default: + break; + } +} + +int main(int argc, char** argv) +{ + log_init(&log_info); + stderr_target = log_target_create_stderr(); + log_add_target(stderr_target); + log_set_all_filter(stderr_target, 1); + + /* parse options */ + local_addr.s_addr = INADDR_ANY; + handle_options(argc, argv); + + nat = bsc_nat_alloc(); + if (!nat) { + fprintf(stderr, "Failed to allocate the BSC nat.\n"); + return -4; + } + + nat->mgcp_cfg = talloc_zero(nat, struct mgcp_config); + + /* init vty and parse */ + bsc_nat_vty_init(nat); + telnet_init(NULL, 4244); + if (mgcp_parse_config(config_file, nat->mgcp_cfg) < 0) { + fprintf(stderr, "Failed to parse the config file: '%s'\n", config_file); + return -3; + } + + /* seed the PRNG */ + srand(time(NULL)); + + /* + * Setup the MGCP code.. + */ + if (bsc_mgcp_init(nat) != 0) + return -4; + + /* connect to the MSC */ + msc_con = bsc_msc_create(msc_address, 5000); + if (!msc_con) { + fprintf(stderr, "Creating a bsc_msc_connection failed.\n"); + exit(1); + } + + msc_con->connection_loss = msc_connection_was_lost; + msc_con->write_queue.read_cb = ipaccess_msc_read_cb; + msc_con->write_queue.write_cb = ipaccess_msc_write_cb;; + bsc_msc_connect(msc_con); + + /* wait for the BSC */ + if (listen_for_bsc(&bsc_listen, &local_addr, 5000) < 0) { + fprintf(stderr, "Failed to listen for BSC.\n"); + exit(1); + } + + signal(SIGABRT, &signal_handler); + signal(SIGUSR1, &signal_handler); + signal(SIGPIPE, SIG_IGN); + + while (1) { + bsc_select_main(0); + } + + return 0; +} diff --git a/openbsc/src/nat/bsc_nat_utils.c b/openbsc/src/nat/bsc_nat_utils.c new file mode 100644 index 000000000..24b4e1f00 --- /dev/null +++ b/openbsc/src/nat/bsc_nat_utils.c @@ -0,0 +1,165 @@ + +/* BSC Multiplexer/NAT Utilities */ + +/* + * (C) 2010 by Holger Hans Peter Freyther <zecke@selfish.org> + * (C) 2010 by On-Waves + * All Rights Reserved + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + */ + +#include <openbsc/bsc_nat.h> +#include <openbsc/gsm_data.h> +#include <openbsc/bssap.h> +#include <openbsc/debug.h> +#include <openbsc/ipaccess.h> + +#include <osmocore/linuxlist.h> +#include <osmocore/talloc.h> + +#include <sccp/sccp.h> + +#include <netinet/in.h> +#include <arpa/inet.h> + +struct bsc_nat *bsc_nat_alloc(void) +{ + struct bsc_nat *nat = talloc_zero(tall_bsc_ctx, struct bsc_nat); + if (!nat) + return NULL; + + INIT_LLIST_HEAD(&nat->sccp_connections); + INIT_LLIST_HEAD(&nat->bsc_connections); + INIT_LLIST_HEAD(&nat->bsc_configs); + return nat; +} + +struct bsc_connection *bsc_connection_alloc(struct bsc_nat *nat) +{ + struct bsc_connection *con = talloc_zero(nat, struct bsc_connection); + if (!con) + return NULL; + + con->nat = nat; + return con; +} + +struct bsc_config *bsc_config_alloc(struct bsc_nat *nat, const char *token, unsigned int lac) +{ + struct bsc_config *conf = talloc_zero(nat, struct bsc_config); + if (!conf) + return NULL; + + conf->token = talloc_strdup(conf, token); + conf->lac = lac; + conf->nr = nat->num_bsc; + conf->nat = nat; + + llist_add(&conf->entry, &nat->bsc_configs); + ++nat->num_bsc; + + return conf; +} + +void sccp_connection_destroy(struct sccp_connections *conn) +{ + LOGP(DNAT, LOGL_DEBUG, "Destroy 0x%x <-> 0x%x mapping for con %p\n", + sccp_src_ref_to_int(&conn->real_ref), + sccp_src_ref_to_int(&conn->patched_ref), conn->bsc); + bsc_mgcp_clear(conn); + llist_del(&conn->list_entry); + talloc_free(conn); +} + +struct bsc_connection *bsc_nat_find_bsc(struct bsc_nat *nat, struct msgb *msg) +{ + struct bsc_connection *bsc; + int data_length; + const u_int8_t *data; + struct tlv_parsed tp; + int i = 0; + + if (!msg->l3h || msgb_l3len(msg) < 3) { + LOGP(DNAT, LOGL_ERROR, "Paging message is too short.\n"); + return NULL; + } + + tlv_parse(&tp, gsm0808_att_tlvdef(), msg->l3h + 3, msgb_l3len(msg) - 3, 0, 0); + if (!TLVP_PRESENT(&tp, GSM0808_IE_CELL_IDENTIFIER_LIST)) { + LOGP(DNAT, LOGL_ERROR, "No CellIdentifier List inside paging msg.\n"); + return NULL; + } + + data_length = TLVP_LEN(&tp, GSM0808_IE_CELL_IDENTIFIER_LIST); + data = TLVP_VAL(&tp, GSM0808_IE_CELL_IDENTIFIER_LIST); + if (data[0] != CELL_IDENT_LAC) { + LOGP(DNAT, LOGL_ERROR, "Unhandled cell ident discrminator: %d\n", data[0]); + return NULL; + } + + /* Currently we only handle one BSC */ + for (i = 1; i < data_length - 1; i += 2) { + unsigned int _lac = ntohs(*(unsigned int *) &data[i]); + llist_for_each_entry(bsc, &nat->bsc_connections, list_entry) { + if (!bsc->cfg) + continue; + if (!bsc->authenticated || _lac != bsc->cfg->lac) + continue; + + return bsc; + } + } + + return NULL; +} + +int bsc_write_mgcp(struct bsc_connection *bsc, const u_int8_t *data, unsigned int length) +{ + struct msgb *msg; + + if (length > 4096 - 128) { + LOGP(DINP, LOGL_ERROR, "Can not send message of that size.\n"); + return -1; + } + + msg = msgb_alloc_headroom(4096, 128, "to-bsc"); + if (!msg) { + LOGP(DINP, LOGL_ERROR, "Failed to allocate memory for BSC msg.\n"); + return -1; + } + + /* copy the data */ + msg->l3h = msgb_put(msg, length); + memcpy(msg->l3h, data, length); + + return bsc_write_mgcp_msg(bsc, msg); +} + +int bsc_write_mgcp_msg(struct bsc_connection *bsc, struct msgb *msg) +{ + /* prepend the header */ + ipaccess_prepend_header(msg, NAT_IPAC_PROTO_MGCP); + + if (write_queue_enqueue(&bsc->write_queue, msg) != 0) { + LOGP(DINP, LOGL_ERROR, "Failed to enqueue the write.\n"); + msgb_free(msg); + return -1; + } + + return 0; +} + diff --git a/openbsc/src/nat/bsc_nat_vty.c b/openbsc/src/nat/bsc_nat_vty.c new file mode 100644 index 000000000..4c60a19f7 --- /dev/null +++ b/openbsc/src/nat/bsc_nat_vty.c @@ -0,0 +1,228 @@ +/* OpenBSC NAT interface to quagga VTY */ +/* (C) 2010 by Holger Hans Peter Freyther + * (C) 2010 by On-Waves + * All Rights Reserved + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + */ + +#include <vty/command.h> +#include <vty/buffer.h> +#include <vty/vty.h> + +#include <openbsc/bsc_nat.h> +#include <openbsc/gsm_04_08.h> +#include <openbsc/mgcp.h> +#include <openbsc/vty.h> + +#include <osmocore/talloc.h> + +#include <sccp/sccp.h> + +#include <stdlib.h> + +static struct bsc_nat *_nat; + +static struct cmd_node nat_node = { + NAT_NODE, + "%s(nat)#", + 1, +}; + +static struct cmd_node bsc_node = { + BSC_NODE, + "%s(bsc)#", + 1, +}; + +static int config_write_nat(struct vty *vty) +{ + vty_out(vty, "nat%s", VTY_NEWLINE); + return CMD_SUCCESS; +} + +static void config_write_bsc_single(struct vty *vty, struct bsc_config *bsc) +{ + vty_out(vty, " bsc %u%s", bsc->nr, VTY_NEWLINE); + vty_out(vty, " token %s%s", bsc->token, VTY_NEWLINE); + vty_out(vty, " lac %u%s", bsc->lac, VTY_NEWLINE); +} + +static int config_write_bsc(struct vty *vty) +{ + struct bsc_config *bsc; + + llist_for_each_entry(bsc, &_nat->bsc_configs, entry) + config_write_bsc_single(vty, bsc); + return CMD_SUCCESS; +} + + +DEFUN(show_sccp, show_sccp_cmd, "show connections sccp", + SHOW_STR "Display information about current SCCP connections") +{ + struct sccp_connections *con; + llist_for_each_entry(con, &_nat->sccp_connections, list_entry) { + vty_out(vty, "SCCP for BSC: Nr: %d lac: %d BSC ref: 0x%x Local ref: 0x%x MSC/BSC mux: 0x%x/0x%x%s", + con->bsc->cfg ? con->bsc->cfg->nr : -1, + con->bsc->cfg ? con->bsc->cfg->lac : -1, + sccp_src_ref_to_int(&con->real_ref), + sccp_src_ref_to_int(&con->patched_ref), + con->msc_timeslot, con->bsc_timeslot, + VTY_NEWLINE); + } + + return CMD_SUCCESS; +} + +DEFUN(show_bsc, show_bsc_cmd, "show connections bsc", + SHOW_STR "Display information about current BSCs") +{ + struct bsc_connection *con; + llist_for_each_entry(con, &_nat->bsc_connections, list_entry) { + vty_out(vty, "BSC lac: %d, %d auth: %d fd: %d%s", + con->cfg ? con->cfg->nr : -1, + con->cfg ? con->cfg->lac : -1, + con->authenticated, con->write_queue.bfd.fd, VTY_NEWLINE); + } + + return CMD_SUCCESS; +} + +DEFUN(show_bsc_cfg, show_bsc_cfg_cmd, "show bsc config", + SHOW_STR "Display information about known BSC configs") +{ + struct bsc_config *conf; + llist_for_each_entry(conf, &_nat->bsc_configs, entry) { + vty_out(vty, "BSC token: '%s' lac: %u nr: %u%s", + conf->token, conf->lac, conf->nr, VTY_NEWLINE); + } + + return CMD_SUCCESS; +} + + +DEFUN(cfg_nat, cfg_nat_cmd, "nat", "Configute the NAT") +{ + vty->index = _nat; + vty->node = NAT_NODE; + + return CMD_SUCCESS; +} + +/* per BSC configuration */ +DEFUN(cfg_bsc, cfg_bsc_cmd, "bsc BSC_NR", "Select a BSC to configure\n") +{ + int bsc_nr = atoi(argv[0]); + struct bsc_config *bsc; + + if (bsc_nr > _nat->num_bsc) { + vty_out(vty, "%% The next unused BSC number is %u%s", + _nat->num_bsc, VTY_NEWLINE); + return CMD_WARNING; + } else if (bsc_nr == _nat->num_bsc) { + /* allocate a new one */ + bsc = bsc_config_alloc(_nat, "unknown", 0); + } else + bsc = bsc_config_num(_nat, bsc_nr); + + if (!bsc) + return CMD_WARNING; + + vty->index = bsc; + vty->node = BSC_NODE; + + return CMD_SUCCESS; +} + +DEFUN(cfg_bsc_token, cfg_bsc_token_cmd, "token TOKEN", "Set the token") +{ + struct bsc_config *conf = vty->index; + + if (conf->token) + talloc_free(conf->token); + conf->token = talloc_strdup(conf, argv[0]); + return CMD_SUCCESS; +} + +DEFUN(cfg_bsc_lac, cfg_bsc_lac_cmd, "location_area_code <0-65535>", + "Set the Location Area Code (LAC) of this BSC\n") +{ + struct bsc_config *tmp; + struct bsc_config *conf = vty->index; + + int lac = atoi(argv[0]); + + if (lac < 0 || lac > 0xffff) { + vty_out(vty, "%% LAC %d is not in the valid range (0-65535)%s", + lac, VTY_NEWLINE); + return CMD_WARNING; + } + + if (lac == GSM_LAC_RESERVED_DETACHED || lac == GSM_LAC_RESERVED_ALL_BTS) { + vty_out(vty, "%% LAC %d is reserved by GSM 04.08%s", + lac, VTY_NEWLINE); + return CMD_WARNING; + } + + /* verify that the LACs are unique */ + llist_for_each_entry(tmp, &_nat->bsc_configs, entry) { + if (tmp->lac == lac) { + vty_out(vty, "%% LAC %d is already used.%s", lac, VTY_NEWLINE); + return CMD_ERR_INCOMPLETE; + } + } + + conf->lac = lac; + + return CMD_SUCCESS; +} + +int bsc_nat_vty_init(struct bsc_nat *nat) +{ + _nat = nat; + + cmd_init(1); + vty_init(); + + /* show commands */ + install_element(VIEW_NODE, &show_sccp_cmd); + install_element(VIEW_NODE, &show_bsc_cmd); + install_element(VIEW_NODE, &show_bsc_cfg_cmd); + + openbsc_vty_add_cmds(); + + /* nat group */ + install_element(CONFIG_NODE, &cfg_nat_cmd); + install_node(&nat_node, config_write_nat); + install_default(NAT_NODE); + + /* BSC subgroups */ + install_element(NAT_NODE, &cfg_bsc_cmd); + install_node(&bsc_node, config_write_bsc); + install_default(BSC_NODE); + install_element(BSC_NODE, &cfg_bsc_token_cmd); + install_element(BSC_NODE, &cfg_bsc_lac_cmd); + + mgcp_vty_init(); + + return 0; +} + + +/* called by the telnet interface... we have our own init above */ +void bsc_vty_init() +{} diff --git a/openbsc/src/nat/bsc_sccp.c b/openbsc/src/nat/bsc_sccp.c new file mode 100644 index 000000000..e76d52268 --- /dev/null +++ b/openbsc/src/nat/bsc_sccp.c @@ -0,0 +1,203 @@ +/* SCCP patching and handling routines */ +/* + * (C) 2010 by Holger Hans Peter Freyther <zecke@selfish.org> + * (C) 2010 by On-Waves + * All Rights Reserved + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + */ + +#include <openbsc/debug.h> +#include <openbsc/bsc_nat.h> + +#include <sccp/sccp.h> + +#include <osmocore/talloc.h> + +#include <string.h> + +static int equal(struct sccp_source_reference *ref1, struct sccp_source_reference *ref2) +{ + return memcmp(ref1, ref2, sizeof(*ref1)) == 0; +} + +/* + * SCCP patching below + */ + +/* check if we are using this ref for patched already */ +static int sccp_ref_is_free(struct sccp_source_reference *ref, struct bsc_nat *nat) +{ + struct sccp_connections *conn; + + llist_for_each_entry(conn, &nat->sccp_connections, list_entry) { + if (memcmp(ref, &conn->patched_ref, sizeof(*ref)) == 0) + return -1; + } + + return 0; +} + +/* copied from sccp.c */ +static int assign_src_local_reference(struct sccp_source_reference *ref, struct bsc_nat *nat) +{ + static u_int32_t last_ref = 0x50000; + int wrapped = 0; + + do { + struct sccp_source_reference reference; + reference.octet1 = (last_ref >> 0) & 0xff; + reference.octet2 = (last_ref >> 8) & 0xff; + reference.octet3 = (last_ref >> 16) & 0xff; + + ++last_ref; + /* do not use the reversed word and wrap around */ + if ((last_ref & 0x00FFFFFF) == 0x00FFFFFF) { + LOGP(DNAT, LOGL_NOTICE, "Wrapped searching for a free code\n"); + last_ref = 0; + ++wrapped; + } + + if (sccp_ref_is_free(&reference, nat) == 0) { + *ref = reference; + return 0; + } + } while (wrapped != 2); + + LOGP(DNAT, LOGL_ERROR, "Finding a free reference failed\n"); + return -1; +} + +int create_sccp_src_ref(struct bsc_connection *bsc, struct msgb *msg, struct bsc_nat_parsed *parsed) +{ + struct sccp_connections *conn; + + conn = talloc_zero(bsc->nat, struct sccp_connections); + if (!conn) { + LOGP(DNAT, LOGL_ERROR, "Memory allocation failure.\n"); + return -1; + } + + conn->bsc = bsc; + conn->real_ref = *parsed->src_local_ref; + if (assign_src_local_reference(&conn->patched_ref, bsc->nat) != 0) { + LOGP(DNAT, LOGL_ERROR, "Failed to assign a ref.\n"); + talloc_free(conn); + return -1; + } + + llist_add(&conn->list_entry, &bsc->nat->sccp_connections); + + LOGP(DNAT, LOGL_DEBUG, "Created 0x%x <-> 0x%x mapping for con %p\n", + sccp_src_ref_to_int(&conn->real_ref), + sccp_src_ref_to_int(&conn->patched_ref), bsc); + + return 0; +} + +int update_sccp_src_ref(struct sccp_connections *sccp, struct bsc_nat_parsed *parsed) +{ + if (!parsed->dest_local_ref || !parsed->src_local_ref) { + LOGP(DNAT, LOGL_ERROR, "CC MSG should contain both local and dest address.\n"); + return -1; + } + + sccp->remote_ref = *parsed->src_local_ref; + LOGP(DNAT, LOGL_DEBUG, "Updating 0x%x to remote 0x%x on %p\n", + sccp_src_ref_to_int(&sccp->patched_ref), + sccp_src_ref_to_int(&sccp->remote_ref), sccp->bsc); + + return 0; +} + +void remove_sccp_src_ref(struct bsc_connection *bsc, struct msgb *msg, struct bsc_nat_parsed *parsed) +{ + struct sccp_connections *conn; + + llist_for_each_entry(conn, &bsc->nat->sccp_connections, list_entry) { + if (memcmp(parsed->src_local_ref, + &conn->patched_ref, sizeof(conn->patched_ref)) == 0) { + + sccp_connection_destroy(conn); + return; + } + } + + LOGP(DNAT, LOGL_ERROR, "Can not remove connection: 0x%x\n", + sccp_src_ref_to_int(parsed->src_local_ref)); +} + +/* + * We have a message from the MSC to the BSC. The MSC is using + * an address that was assigned by the MUX, we need to update the + * dest reference to the real network. + */ +struct sccp_connections *patch_sccp_src_ref_to_bsc(struct msgb *msg, + struct bsc_nat_parsed *parsed, + struct bsc_nat *nat) +{ + struct sccp_connections *conn; + + if (!parsed->dest_local_ref) { + LOGP(DNAT, LOGL_ERROR, "MSG should contain dest_local_ref.\n"); + return NULL; + } + + + llist_for_each_entry(conn, &nat->sccp_connections, list_entry) { + if (!equal(parsed->dest_local_ref, &conn->patched_ref)) + continue; + + /* Change the dest address to the real one */ + *parsed->dest_local_ref = conn->real_ref; + return conn; + } + + return NULL; +} + +/* + * These are message to the MSC. We will need to find the BSC + * Connection by either the SRC or the DST local reference. + * + * In case of a CR we need to work by the SRC local reference + * in all other cases we need to work by the destination local + * reference.. + */ +struct sccp_connections *patch_sccp_src_ref_to_msc(struct msgb *msg, + struct bsc_nat_parsed *parsed, + struct bsc_nat *nat) +{ + struct sccp_connections *conn; + + llist_for_each_entry(conn, &nat->sccp_connections, list_entry) { + if (parsed->src_local_ref) { + if (equal(parsed->src_local_ref, &conn->real_ref)) { + *parsed->src_local_ref = conn->patched_ref; + return conn; + } + } else if (parsed->dest_local_ref) { + if (equal(parsed->dest_local_ref, &conn->remote_ref)) + return conn; + } else { + LOGP(DNAT, LOGL_ERROR, "Header has neither loc/dst ref.\n"); + return NULL; + } + } + + return NULL; +} + diff --git a/openbsc/src/paging.c b/openbsc/src/paging.c index 7c3750d66..9c978bee6 100644 --- a/openbsc/src/paging.c +++ b/openbsc/src/paging.c @@ -160,7 +160,7 @@ static void paging_handle_pending_requests(struct gsm_bts_paging_state *paging_b } while (paging_bts->available_slots > 0 && initial_request != current_request); - bsc_schedule_timer(&paging_bts->work_timer, 1, 0); + bsc_schedule_timer(&paging_bts->work_timer, 2, 0); } static void paging_worker(void *data) @@ -245,7 +245,7 @@ static int _paging_request(struct gsm_bts *bts, struct gsm_subscriber *subscr, llist_add_tail(&req->entry, &bts_entry->pending_requests); if (!bsc_timer_pending(&bts_entry->work_timer)) - bsc_schedule_timer(&bts_entry->work_timer, 1, 0); + bsc_schedule_timer(&bts_entry->work_timer, 2, 0); return 0; } diff --git a/openbsc/src/sccp/sccp.c b/openbsc/src/sccp/sccp.c index b1da2c721..e0fd02e0e 100644 --- a/openbsc/src/sccp/sccp.c +++ b/openbsc/src/sccp/sccp.c @@ -45,7 +45,7 @@ const struct sockaddr_sccp sccp_ssn_bssap = { struct sccp_system { /* layer3 -> layer2 */ - int (*write_data)(struct msgb *data, void *context); + void (*write_data)(struct msgb *data, void *context); void *write_context; }; @@ -91,9 +91,9 @@ static struct sccp_data_callback *_find_ssn(u_int8_t ssn) } -static int _send_msg(struct msgb *msg) +static void _send_msg(struct msgb *msg) { - return sccp_system.write_data(msg, sccp_system.write_context); + sccp_system.write_data(msg, sccp_system.write_context); } /* @@ -499,7 +499,6 @@ static int _sccp_send_data(int class, const struct sockaddr_sccp *in, { struct sccp_data_unitdata *udt; u_int8_t *data; - int ret; if (msgb_l3len(payload) > 256) { DEBUGP(DSCCP, "The payload is too big for one udt\n"); @@ -533,10 +532,8 @@ static int _sccp_send_data(int class, const struct sockaddr_sccp *in, data[0] = msgb_l3len(payload); memcpy(&data[1], payload->l3h, msgb_l3len(payload)); - ret = _send_msg(msg); - msgb_free(msg); - - return ret; + _send_msg(msg); + return 0; } static int _sccp_handle_read(struct msgb *msgb) @@ -627,7 +624,6 @@ static int _sccp_send_refuse(struct sccp_source_reference *src_ref, int cause) struct msgb *msgb; struct sccp_connection_refused *ref; u_int8_t *data; - int ret; msgb = msgb_alloc_headroom(SCCP_MSG_SIZE, SCCP_MSG_HEADROOM, "sccp ref"); @@ -643,9 +639,8 @@ static int _sccp_send_refuse(struct sccp_source_reference *src_ref, int cause) data = msgb_put(msgb, 1); data[0] = SCCP_PNC_END_OF_OPTIONAL; - ret = _send_msg(msgb); - msgb_free(msgb); - return ret; + _send_msg(msgb); + return 0; } static int _sccp_send_connection_confirm(struct sccp_connection *connection) @@ -653,7 +648,6 @@ static int _sccp_send_connection_confirm(struct sccp_connection *connection) struct msgb *response; struct sccp_connection_confirm *confirm; u_int8_t *optional_data; - int ret; if (assign_source_local_reference(connection) != 0) return -1; @@ -677,11 +671,9 @@ static int _sccp_send_connection_confirm(struct sccp_connection *connection) optional_data = (u_int8_t *) msgb_put(response, 1); optional_data[0] = SCCP_PNC_END_OF_OPTIONAL; - ret = _send_msg(response); - msgb_free(response); - + _send_msg(response); _sccp_set_connection_state(connection, SCCP_CONNECTION_STATE_ESTABLISHED); - return ret; + return 0; } static int _sccp_send_connection_request(struct sccp_connection *connection, @@ -691,7 +683,6 @@ static int _sccp_send_connection_request(struct sccp_connection *connection, struct sccp_connection_request *req; u_int8_t *data; u_int8_t extra_size = 3 + 1; - int ret; if (msg && (msgb_l3len(msg) < 3 || msgb_l3len(msg) > 130)) { @@ -741,10 +732,8 @@ static int _sccp_send_connection_request(struct sccp_connection *connection, llist_add_tail(&connection->list, &sccp_connections); _sccp_set_connection_state(connection, SCCP_CONNECTION_STATE_REQUEST); - ret = _send_msg(request); - msgb_free(request); - - return ret; + _send_msg(request); + return 0; } static int _sccp_send_connection_data(struct sccp_connection *conn, struct msgb *_data) @@ -753,7 +742,6 @@ static int _sccp_send_connection_data(struct sccp_connection *conn, struct msgb struct sccp_data_form1 *dt1; u_int8_t *data; int extra_size; - int ret; if (msgb_l3len(_data) < 2 || msgb_l3len(_data) > 256) { DEBUGP(DSCCP, "data size too big, segmenting unimplemented.\n"); @@ -777,17 +765,14 @@ static int _sccp_send_connection_data(struct sccp_connection *conn, struct msgb data[0] = extra_size - 1; memcpy(&data[1], _data->l3h, extra_size - 1); - ret = _send_msg(msgb); - msgb_free(msgb); - - return ret; + _send_msg(msgb); + return 0; } static int _sccp_send_connection_it(struct sccp_connection *conn) { struct msgb *msgb; struct sccp_data_it *it; - int ret; msgb = msgb_alloc_headroom(SCCP_MSG_SIZE, SCCP_MSG_HEADROOM, "sccp it"); @@ -803,9 +788,8 @@ static int _sccp_send_connection_it(struct sccp_connection *conn) it->sequencing[0] = it->sequencing[1] = 0; it->credit = 0; - ret = _send_msg(msgb); - msgb_free(msgb); - return ret; + _send_msg(msgb); + return 0; } static int _sccp_send_connection_released(struct sccp_connection *conn, int cause) @@ -813,7 +797,6 @@ static int _sccp_send_connection_released(struct sccp_connection *conn, int caus struct msgb *msg; struct sccp_connection_released *rel; u_int8_t *data; - int ret; msg = msgb_alloc_headroom(SCCP_MSG_SIZE, SCCP_MSG_HEADROOM, "sccp: connection released"); @@ -832,10 +815,8 @@ static int _sccp_send_connection_released(struct sccp_connection *conn, int caus data[0] = SCCP_PNC_END_OF_OPTIONAL; _sccp_set_connection_state(conn, SCCP_CONNECTION_STATE_RELEASE); - ret = _send_msg(msg); - msgb_free(msg); - - return ret; + _send_msg(msg); + return 0; } /* @@ -982,7 +963,6 @@ static int _sccp_send_connection_release_complete(struct sccp_connection *connec { struct msgb *msgb; struct sccp_connection_release_complete *rlc; - int ret; msgb = msgb_alloc_headroom(SCCP_MSG_SIZE, SCCP_MSG_HEADROOM, "sccp rlc"); @@ -995,8 +975,7 @@ static int _sccp_send_connection_release_complete(struct sccp_connection *connec memcpy(&rlc->source_local_reference, &connection->source_local_reference, sizeof(struct sccp_source_reference)); - ret = _send_msg(msgb); - msgb_free(msgb); + _send_msg(msgb); /* * Remove from the list of active connections and set the state. User code @@ -1004,8 +983,7 @@ static int _sccp_send_connection_release_complete(struct sccp_connection *connec */ llist_del(&connection->list); _sccp_set_connection_state(connection, SCCP_CONNECTION_STATE_RELEASE_COMPLETE); - - return ret; + return 0; } /* connection released, send a released confirm */ @@ -1118,7 +1096,7 @@ found: } -int sccp_system_init(int (*outgoing)(struct msgb *data, void *ctx), void *ctx) +int sccp_system_init(void (*outgoing)(struct msgb *data, void *ctx), void *ctx) { sccp_system.write_data = outgoing; sccp_system.write_context = ctx; @@ -1220,6 +1198,17 @@ int sccp_connection_free(struct sccp_connection *connection) return 0; } +int sccp_connection_force_free(struct sccp_connection *con) +{ + if (con->connection_state > SCCP_CONNECTION_STATE_NONE && + con->connection_state < SCCP_CONNECTION_STATE_RELEASE_COMPLETE) + llist_del(&con->list); + + con->connection_state = SCCP_CONNECTION_STATE_REFUSED; + sccp_connection_free(con); + return 0; +} + struct sccp_connection *sccp_connection_socket(void) { return talloc_zero(tall_sccp_ctx, struct sccp_connection); diff --git a/openbsc/src/silent_call.c b/openbsc/src/silent_call.c index 8bd5341ec..85c7f8987 100644 --- a/openbsc/src/silent_call.c +++ b/openbsc/src/silent_call.c @@ -140,7 +140,7 @@ int gsm_silent_call_stop(struct gsm_subscriber *subscr) if (!conn->silent_call) return -EINVAL; - put_subscr_con(conn); + put_subscr_con(conn, 0); return 0; } diff --git a/openbsc/src/transaction.c b/openbsc/src/transaction.c index 5e0d50796..bd2761b5f 100644 --- a/openbsc/src/transaction.c +++ b/openbsc/src/transaction.c @@ -28,6 +28,7 @@ #include <openbsc/gsm_04_08.h> #include <openbsc/mncc.h> #include <openbsc/paging.h> +#include <openbsc/chan_alloc.h> void *tall_trans_ctx; @@ -95,14 +96,14 @@ void trans_free(struct gsm_trans *trans) break; } - if (trans->conn) - put_subscr_con(trans->conn); - if (!trans->conn && trans->subscr && trans->subscr->net) { /* Stop paging on all bts' */ paging_request_stop(NULL, trans->subscr, NULL); } + if (trans->conn) + put_subscr_con(trans->conn, 0); + if (trans->subscr) subscr_put(trans->subscr); @@ -159,7 +160,7 @@ int trans_lchan_change(struct gsm_subscriber_connection *conn_old, if (trans->conn == conn_old) { /* drop old channel use count */ - put_subscr_con(conn_old); + put_subscr_con(conn_old, 0); /* assign new channel */ trans->conn = conn_new; /* bump new channel use count */ diff --git a/openbsc/src/vty/command.c b/openbsc/src/vty/command.c index 2faed35e4..d46a1bedb 100644 --- a/openbsc/src/vty/command.c +++ b/openbsc/src/vty/command.c @@ -47,6 +47,7 @@ Boston, MA 02111-1307, USA. */ #include <openbsc/gsm_data.h> #include <openbsc/gsm_subscriber.h> +#include <openbsc/bsc_nat.h> #include <osmocore/talloc.h> void *tall_vty_cmd_ctx; @@ -1949,6 +1950,13 @@ enum node_type vty_go_parent(struct vty *vty) subscr_put(vty->index); vty->index = NULL; break; + case BSC_NODE: + vty->node = NAT_NODE; + { + struct bsc_config *bsc = vty->index; + vty->index = bsc->nat; + } + break; default: vty->node = CONFIG_NODE; } @@ -2362,6 +2370,18 @@ DEFUN(config_exit, case VTY_NODE: vty->node = CONFIG_NODE; break; + case MGCP_NODE: + vty->node = CONFIG_NODE; + vty->index = NULL; + case NAT_NODE: + vty->node = CONFIG_NODE; + vty->index = NULL; + break; + case BSC_NODE: + vty->node = NAT_NODE; + vty->index = NULL; + break; + default: break; } diff --git a/openbsc/src/vty_interface.c b/openbsc/src/vty_interface.c index 897ed2f69..94b177ef3 100644 --- a/openbsc/src/vty_interface.c +++ b/openbsc/src/vty_interface.c @@ -100,6 +100,7 @@ static void dump_pchan_load_vty(struct vty *vty, char *prefix, static void net_dump_vty(struct vty *vty, struct gsm_network *net) { + int i; struct pchan_load pl; vty_out(vty, "BSC is on Country Code %u, Network Code %u " @@ -117,6 +118,8 @@ static void net_dump_vty(struct vty *vty, struct gsm_network *net) VTY_NEWLINE); vty_out(vty, " NECI (TCH/H): %u%s", net->neci, VTY_NEWLINE); + vty_out(vty, " Use TCH for Paging any: %d%s", net->pag_any_tch, + VTY_NEWLINE); vty_out(vty, " RRLP Mode: %s%s", rrlp_mode_name(net->rrlp.mode), VTY_NEWLINE); vty_out(vty, " MM Info: %s%s", net->send_mm_info ? "On" : "Off", @@ -126,6 +129,12 @@ static void net_dump_vty(struct vty *vty, struct gsm_network *net) network_chan_load(&pl, net); vty_out(vty, " Current Channel Load:%s", VTY_NEWLINE); dump_pchan_load_vty(vty, " ", &pl); + + vty_out(vty, " Allowed Audio Codecs: "); + for (i = 0; i < net->audio_length; ++i) + vty_out(vty, "hr: %d ver: %d, ", + net->audio_support[i]->hr, net->audio_support[i]->ver); + vty_out(vty, "%s", VTY_NEWLINE); } DEFUN(show_net, show_net_cmd, "show network", @@ -358,7 +367,11 @@ static int config_write_net(struct vty *vty) { vty_out(vty, "network%s", VTY_NEWLINE); vty_out(vty, " network country code %u%s", gsmnet->country_code, VTY_NEWLINE); + if (gsmnet->core_country_code > 0) + vty_out(vty, " core network country code %u%s", gsmnet->core_country_code, VTY_NEWLINE); vty_out(vty, " mobile network code %u%s", gsmnet->network_code, VTY_NEWLINE); + if (gsmnet->core_network_code > 0) + vty_out(vty, " core mobile network code %u%s", gsmnet->core_network_code, VTY_NEWLINE); vty_out(vty, " short name %s%s", gsmnet->name_short, VTY_NEWLINE); vty_out(vty, " long name %s%s", gsmnet->name_long, VTY_NEWLINE); vty_out(vty, " auth policy %s%s", gsm_auth_policy_name(gsmnet->auth_policy), VTY_NEWLINE); @@ -366,6 +379,7 @@ static int config_write_net(struct vty *vty) gsmnet->reject_cause, VTY_NEWLINE); vty_out(vty, " encryption a5 %u%s", gsmnet->a5_encryption, VTY_NEWLINE); vty_out(vty, " neci %u%s", gsmnet->neci, VTY_NEWLINE); + vty_out(vty, " paging any use tch %d%s", gsmnet->pag_any_tch, VTY_NEWLINE); vty_out(vty, " rrlp mode %s%s", rrlp_mode_name(gsmnet->rrlp.mode), VTY_NEWLINE); vty_out(vty, " mm info %u%s", gsmnet->send_mm_info, VTY_NEWLINE); @@ -393,6 +407,28 @@ static int config_write_net(struct vty *vty) vty_out(vty, " timer t3117 %u%s", gsmnet->T3117, VTY_NEWLINE); vty_out(vty, " timer t3119 %u%s", gsmnet->T3119, VTY_NEWLINE); vty_out(vty, " timer t3141 %u%s", gsmnet->T3141, VTY_NEWLINE); + vty_out(vty, " ipacc rtp_payload %u%s", gsmnet->rtp_payload, VTY_NEWLINE); + vty_out(vty, " rtp base %u%s", gsmnet->rtp_base_port, VTY_NEWLINE); + + if (gsmnet->audio_length != 0) { + int i; + + vty_out(vty, " codec_list "); + for (i = 0; i < gsmnet->audio_length; ++i) { + printf("I... %d %d\n", i, gsmnet->audio_length); + if (i != 0) + vty_out(vty, ", "); + + if (gsmnet->audio_support[i]->hr) + vty_out(vty, "hr%.1u", gsmnet->audio_support[i]->ver); + else + vty_out(vty, "fr%.1u", gsmnet->audio_support[i]->ver); + } + vty_out(vty, "%s", VTY_NEWLINE); + } + + if (gsmnet->bsc_token) + vty_out(vty, " bsc_token %s%s", gsmnet->bsc_token, VTY_NEWLINE); return CMD_SUCCESS; } @@ -941,6 +977,16 @@ DEFUN(cfg_net_ncc, return CMD_SUCCESS; } +DEFUN(cfg_core_net_ncc, + cfg_core_net_ncc_cmd, + "core network country code <1-999>", + "Set the GSM country code to be used in the MSC connection") +{ + gsmnet->core_country_code = atoi(argv[0]); + + return CMD_SUCCESS; +} + DEFUN(cfg_net_mnc, cfg_net_mnc_cmd, "mobile network code <1-999>", @@ -951,6 +997,16 @@ DEFUN(cfg_net_mnc, return CMD_SUCCESS; } +DEFUN(cfg_core_net_mnc, + cfg_core_net_mnc_cmd, + "core mobile network code <1-999>", + "Set the GSM mobile network code to be used in the MSC connection") +{ + gsmnet->core_network_code = atoi(argv[0]); + + return CMD_SUCCESS; +} + DEFUN(cfg_net_name_short, cfg_net_name_short_cmd, "short name NAME", @@ -1015,6 +1071,7 @@ DEFUN(cfg_net_neci, "Set if NECI of cell selection is to be set") { gsmnet->neci = atoi(argv[0]); + gsm_net_update_ctype(gsmnet); return CMD_SUCCESS; } @@ -1101,6 +1158,112 @@ DEFUN(cfg_net_ho_max_distance, cfg_net_ho_max_distance_cmd, return CMD_SUCCESS; } +DEFUN(cfg_net_supported_codecs, + cfg_net_supported_codecs_cmd, + "codec_list .LIST", + "Set the three preferred audio codecs.\n" + "Codec List") +{ + int saw_fr, saw_hr; + int i; + + saw_fr = saw_hr = 0; + + /* free the old list... if it exists */ + if (gsmnet->audio_support) { + talloc_free(gsmnet->audio_support); + gsmnet->audio_support = NULL; + gsmnet->audio_length = 0; + } + + /* create a new array */ + gsmnet->audio_support = + talloc_zero_array(gsmnet, struct gsm_audio_support *, argc); + gsmnet->audio_length = argc; + + for (i = 0; i < argc; ++i) { + /* check for hrX or frX */ + if (strlen(argv[i]) != 3 + || argv[i][1] != 'r' + || (argv[i][0] != 'h' && argv[i][0] != 'f') + || argv[i][2] < 0x30 + || argv[i][2] > 0x39) + goto error; + + gsmnet->audio_support[i] = talloc_zero(gsmnet->audio_support, + struct gsm_audio_support); + gsmnet->audio_support[i]->ver = atoi(argv[i] + 2); + + if (strncmp("hr", argv[i], 2) == 0) { + gsmnet->audio_support[i]->hr = 1; + saw_hr = 1; + } else if (strncmp("fr", argv[i], 2) == 0) { + gsmnet->audio_support[i]->hr = 0; + saw_fr = 1; + } + + if (saw_hr && saw_fr) { + vty_out(vty, "Can not have full-rate and half-rate codec.%s", + VTY_NEWLINE); + return CMD_ERR_INCOMPLETE; + } + } + + return CMD_SUCCESS; + +error: + vty_out(vty, "Codec name must be hrX or frX. Was '%s'%s", + argv[i], VTY_NEWLINE); + return CMD_ERR_INCOMPLETE; +} + +DEFUN(cfg_net_ipacc_rtp_payload, + cfg_net_ipacc_rtp_payload_cmd, + "ipacc rtp_payload <0-256>", + "Override the RTP payload to use") +{ + gsmnet->rtp_payload = atoi(argv[0]) & 0xff; + + return CMD_SUCCESS; +} + +DEFUN(cfg_net_rtp_base_port, + cfg_net_rtp_base_port_cmd, + "rtp base <0-65534>", + "Base port to use for MGCP RTP") +{ + unsigned int port = atoi(argv[0]); + if (port > 65534) { + vty_out(vty, "%% wrong base port '%s'%s", argv[0], VTY_NEWLINE); + return CMD_WARNING; + } + + gsmnet->rtp_base_port = port; + return CMD_SUCCESS; +} + +DEFUN(cfg_net_bsc_token, + cfg_net_bsc_token_cmd, + "bsc_token TOKEN", + "A token for the BSC to be sent to the MSC") +{ + if (gsmnet->bsc_token) + talloc_free(gsmnet->bsc_token); + gsmnet->bsc_token = talloc_strdup(gsmnet, argv[0]); + + return CMD_SUCCESS; +} + +DEFUN(cfg_net_pag_any_tch, + cfg_net_pag_any_tch_cmd, + "paging any use tch (0|1)", + "Assign a TCH when receiving a Paging Any request") +{ + gsmnet->pag_any_tch = atoi(argv[0]); + gsm_net_update_ctype(gsmnet); + return CMD_SUCCESS; +} + #define DECLARE_TIMER(number, doc) \ DEFUN(cfg_net_T##number, \ cfg_net_T##number##_cmd, \ @@ -1111,7 +1274,7 @@ DEFUN(cfg_net_ho_max_distance, cfg_net_ho_max_distance_cmd, \ if (value < 0 || value > 65535) { \ vty_out(vty, "Timer value %s out of range.%s", \ - argv[0], VTY_NEWLINE); \ + argv[0], VTY_NEWLINE); \ return CMD_WARNING; \ } \ \ @@ -1131,7 +1294,6 @@ DECLARE_TIMER(3117, "Currently not used.") DECLARE_TIMER(3119, "Currently not used.") DECLARE_TIMER(3141, "Currently not used.") - /* per-BTS configuration */ DEFUN(cfg_bts, cfg_bts_cmd, @@ -1761,12 +1923,14 @@ int bsc_vty_init(struct gsm_network *net) install_element(VIEW_NODE, &show_stats_cmd); openbsc_vty_add_cmds(); - + install_element(CONFIG_NODE, &cfg_net_cmd); install_node(&net_node, config_write_net); install_default(GSMNET_NODE); install_element(GSMNET_NODE, &cfg_net_ncc_cmd); + install_element(GSMNET_NODE, &cfg_core_net_ncc_cmd); install_element(GSMNET_NODE, &cfg_net_mnc_cmd); + install_element(GSMNET_NODE, &cfg_core_net_mnc_cmd); install_element(GSMNET_NODE, &cfg_net_name_short_cmd); install_element(GSMNET_NODE, &cfg_net_name_long_cmd); install_element(GSMNET_NODE, &cfg_net_auth_policy_cmd); @@ -1782,6 +1946,9 @@ int bsc_vty_init(struct gsm_network *net) install_element(GSMNET_NODE, &cfg_net_ho_pwr_interval_cmd); install_element(GSMNET_NODE, &cfg_net_ho_pwr_hysteresis_cmd); install_element(GSMNET_NODE, &cfg_net_ho_max_distance_cmd); + install_element(GSMNET_NODE, &cfg_net_supported_codecs_cmd); + install_element(GSMNET_NODE, &cfg_net_ipacc_rtp_payload_cmd); + install_element(GSMNET_NODE, &cfg_net_rtp_base_port_cmd); install_element(GSMNET_NODE, &cfg_net_T3101_cmd); install_element(GSMNET_NODE, &cfg_net_T3103_cmd); install_element(GSMNET_NODE, &cfg_net_T3105_cmd); @@ -1793,6 +1960,8 @@ int bsc_vty_init(struct gsm_network *net) install_element(GSMNET_NODE, &cfg_net_T3117_cmd); install_element(GSMNET_NODE, &cfg_net_T3119_cmd); install_element(GSMNET_NODE, &cfg_net_T3141_cmd); + install_element(GSMNET_NODE, &cfg_net_bsc_token_cmd); + install_element(GSMNET_NODE, &cfg_net_pag_any_tch_cmd); install_element(GSMNET_NODE, &cfg_bts_cmd); install_node(&bts_node, config_write_bts); diff --git a/openbsc/src/vty_interface_bsc.c b/openbsc/src/vty_interface_bsc.c new file mode 100644 index 000000000..346ed007f --- /dev/null +++ b/openbsc/src/vty_interface_bsc.c @@ -0,0 +1,48 @@ +/* OpenBSC interface to quagga VTY - BSC options */ +/* (C) 2009 by Harald Welte <laforge@gnumonks.org> + * All Rights Reserved + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + */ + +#include <stdlib.h> +#include <unistd.h> +#include <sys/types.h> + +#include <vty/command.h> +#include <vty/buffer.h> +#include <vty/vty.h> + +#include <openbsc/gsm_data.h> + +static struct gsmnet *gsmnet = NULL; + +DEFUN(show_bsc, show_bsc_cmd, "show bsc", + SHOW_STR "Display information about the BSC\n") +{ + vty_out(vty, "BSC... not implemented yet%s", VTY_NEWLINE); + return CMD_SUCCESS; +} + +int bsc_vty_init_extra(struct gsm_network *net) +{ + gsmnet = net; + + /* get runtime information */ + install_element(VIEW_NODE, &show_bsc_cmd); + + return 0; +} diff --git a/openbsc/tests/Makefile.am b/openbsc/tests/Makefile.am index 3b1b93120..b469832fc 100644 --- a/openbsc/tests/Makefile.am +++ b/openbsc/tests/Makefile.am @@ -1 +1 @@ -SUBDIRS = debug gsm0408 db channel sccp +SUBDIRS = debug gsm0408 db channel sccp bsc-nat diff --git a/openbsc/tests/bsc-nat/Makefile.am b/openbsc/tests/bsc-nat/Makefile.am new file mode 100644 index 000000000..5a066a491 --- /dev/null +++ b/openbsc/tests/bsc-nat/Makefile.am @@ -0,0 +1,17 @@ +INCLUDES = $(all_includes) -I$(top_srcdir)/include +AM_CFLAGS=-Wall -ggdb3 $(LIBOSMOCORE_CFLAGS) + +EXTRA_DIST = bsc_data.c + +noinst_PROGRAMS = bsc_nat_test + +bsc_nat_test_SOURCES = bsc_nat_test.c \ + $(top_srcdir)/src/nat/bsc_filter.c \ + $(top_srcdir)/src/nat/bsc_sccp.c \ + $(top_srcdir)/src/nat/bsc_nat_utils.c \ + $(top_srcdir)/src/nat/bsc_mgcp_utils.c \ + $(top_srcdir)/src/mgcp/mgcp_protocol.c \ + $(top_srcdir)/src/mgcp/mgcp_network.c \ + $(top_srcdir)/src/bssap.c +bsc_nat_test_LDADD = $(top_builddir)/src/libbsc.a $(top_builddir)/src/libsccp.a $(LIBOSMOCORE_LIBS) + diff --git a/openbsc/tests/bsc-nat/bsc_data.c b/openbsc/tests/bsc-nat/bsc_data.c new file mode 100644 index 000000000..34242db8c --- /dev/null +++ b/openbsc/tests/bsc-nat/bsc_data.c @@ -0,0 +1,154 @@ +/* test data */ + +/* BSC -> MSC, CR */ +static const u_int8_t bsc_cr[] = { +0x00, 0x2e, 0xfd, +0x01, 0x00, 0x00, 0x15, 0x02, 0x02, 0x04, 0x02, +0x42, 0xfe, 0x0f, 0x21, 0x00, 0x1f, 0x57, 0x05, +0x08, 0x00, 0x72, 0xf4, 0x80, 0x20, 0x1c, 0xc3, +0x51, 0x17, 0x12, 0x05, 0x08, 0x20, 0x72, 0xf4, +0x90, 0x20, 0x1d, 0x50, 0x08, 0x29, 0x47, 0x80, +0x00, 0x00, 0x00, 0x00, 0x80, 0x00 }; + +static const u_int8_t bsc_cr_patched[] = { +0x00, 0x2e, 0xfd, +0x01, 0x00, 0x00, 0x05, 0x02, 0x02, 0x04, 0x02, +0x42, 0xfe, 0x0f, 0x21, 0x00, 0x1f, 0x57, 0x05, +0x08, 0x00, 0x72, 0xf4, 0x80, 0x20, 0x1c, 0xc3, +0x51, 0x17, 0x12, 0x05, 0x08, 0x20, 0x72, 0xf4, +0x90, 0x20, 0x1d, 0x50, 0x08, 0x29, 0x47, 0x80, +0x00, 0x00, 0x00, 0x00, 0x80, 0x00 }; + +/* CC, MSC -> BSC */ +static const u_int8_t msc_cc[] = { +0x00, 0x0a, 0xfd, +0x02, 0x00, 0x00, 0x05, 0x01, 0x1f, 0xe4, 0x02, +0x01, 0x00 }; +static const u_int8_t msc_cc_patched[] = { +0x00, 0x0a, 0xfd, +0x02, 0x00, 0x00, 0x15, 0x01, 0x1f, 0xe4, 0x02, +0x01, 0x00 }; + +/* Classmark, BSC -> MSC */ +static const u_int8_t bsc_dtap[] = { +0x00, 0x17, 0xfd, +0x06, 0x01, 0x1f, 0xe4, 0x00, 0x01, 0x10, 0x00, +0x0e, 0x54, 0x12, 0x03, 0x50, 0x18, 0x93, 0x13, +0x06, 0x60, 0x14, 0x45, 0x00, 0x81, 0x00 }; + +static const u_int8_t bsc_dtap_patched[] = { +0x00, 0x17, 0xfd, +0x06, 0x01, 0x1f, 0xe4, 0x00, 0x01, 0x10, 0x00, +0x0e, 0x54, 0x12, 0x03, 0x50, 0x18, 0x93, 0x13, +0x06, 0x60, 0x14, 0x45, 0x00, 0x81, 0x00 }; + +/* Clear command, MSC -> BSC */ +static const u_int8_t msc_dtap[] = { +0x00, 0x0d, 0xfd, +0x06, 0x00, 0x00, 0x05, 0x00, 0x01, 0x06, 0x00, +0x04, 0x20, 0x04, 0x01, 0x09 }; +static const u_int8_t msc_dtap_patched[] = { +0x00, 0x0d, 0xfd, +0x06, 0x00, 0x00, 0x15, 0x00, 0x01, 0x06, 0x00, +0x04, 0x20, 0x04, 0x01, 0x09 }; + +/*RLSD, MSC -> BSC */ +static const u_int8_t msc_rlsd[] = { +0x00, 0x0a, 0xfd, +0x04, 0x00, 0x00, 0x05, 0x01, 0x1f, 0xe4, 0x00, +0x01, 0x00 }; +static const u_int8_t msc_rlsd_patched[] = { +0x00, 0x0a, 0xfd, +0x04, 0x00, 0x00, 0x15, 0x01, 0x1f, 0xe4, 0x00, +0x01, 0x00 }; + +/* RLC, BSC -> MSC */ +static const u_int8_t bsc_rlc[] = { +0x00, 0x07, 0xfd, +0x05, 0x01, 0x1f, 0xe4, 0x00, 0x00, 0x15 }; + +static const u_int8_t bsc_rlc_patched[] = { +0x00, 0x07, 0xfd, +0x05, 0x01, 0x1f, 0xe4, 0x00, 0x00, 0x05 }; + + +/* a paging command */ +static const u_int8_t paging_by_lac_cmd[] = { +0x00, 0x22, 0xfd, 0x09, +0x00, 0x03, 0x07, 0x0b, 0x04, 0x43, 0x02, 0x00, +0xfe, 0x04, 0x43, 0x5c, 0x00, 0xfe, 0x12, 0x00, +0x10, 0x52, 0x08, 0x08, 0x29, 0x47, 0x10, 0x02, +0x01, 0x50, 0x02, 0x30, 0x1a, 0x03, 0x05, 0x20, +0x15 }; + +/* an assignment command */ +static const u_int8_t ass_cmd[] = { +0x00, 0x12, 0xfd, 0x06, +0x00, 0x00, 0x49, 0x00, 0x01, 0x0b, 0x00, 0x09, +0x01, 0x0b, 0x03, 0x01, 0x0a, 0x11, 0x01, 0x00, +0x15 }; + +/* + * MGCP messages + */ + +/* nothing to patch */ +static const char crcx[] = "CRCX 23265295 8@mgw MGCP 1.0\r\nC: 394b0439fb\r\nL: p:20, a:AMR, nt:IN\r\nM: recvonly\r\n"; +static const char crcx_patched[] = "CRCX 23265295 8@mgw MGCP 1.0\r\nC: 394b0439fb\r\nL: p:20, a:AMR, nt:IN\r\nM: recvonly\r\n"; + + +/* patch the ip and port */ +static const char crcx_resp[] = "200 23265295\r\nI: 1\r\n\r\nv=0\r\nc=IN IP4 172.16.18.2\r\nm=audio 4002 RTP/AVP 98\r\na=rtpmap:98 AMR/8000\r\n"; +static const char crcx_resp_patched[] = "200 23265295\r\nI: 1\r\n\r\nv=0\r\nc=IN IP4 10.0.0.1\r\nm=audio 999 RTP/AVP 98\r\na=rtpmap:98 AMR/8000\r\n"; + +/* patch the ip and port */ +static const char mdcx[] = " MDCX 23330829 8@mgw MGCP 1.0\r\nC: 394b0439fb\r\nI: 1\r\nL: p:20, a:AMR, nt:IN\r\nM: recvonly\r\n\r\nv=0\r\no=- 1049380491 0 IN IP4 172.16.18.2\r\ns=-\r\nc=IN IP4 172.16.18.2\r\nt=0 0\r\nm=audio 4410 RTP/AVP 126\r\na=rtpmap:126 AMR/8000/1\r\na=fmtp:126 mode-set=2;start-mode=0\r\na=ptime:20\r\na=recvonly\r\nm=image 4412 udptl t38\r\na=T38FaxVersion:0\r\na=T38MaxBitRate:14400\r\n"; +static const char mdcx_patched[] = " MDCX 23330829 8@mgw MGCP 1.0\r\nC: 394b0439fb\r\nI: 1\r\nL: p:20, a:AMR, nt:IN\r\nM: recvonly\r\n\r\nv=0\r\no=- 1049380491 0 IN IP4 172.16.18.2\r\ns=-\r\nc=IN IP4 10.0.0.23\r\nt=0 0\r\nm=audio 6666 RTP/AVP 126\r\na=rtpmap:126 AMR/8000/1\r\na=fmtp:126 mode-set=2;start-mode=0\r\na=ptime:20\r\na=recvonly\r\nm=image 4412 udptl t38\r\na=T38FaxVersion:0\r\na=T38MaxBitRate:14400\r\n"; + + +static const char mdcx_resp[] = "200 23330829\r\n\r\nv=0\r\nc=IN IP4 172.16.18.2\r\nm=audio 4002 RTP/AVP 98\r\na=rtpmap:98 AMR/8000\r\n"; +static const char mdcx_resp_patched[] = "200 23330829\r\n\r\nv=0\r\nc=IN IP4 10.0.0.23\r\nm=audio 5555 RTP/AVP 98\r\na=rtpmap:98 AMR/8000\r\n"; + +/* different line ending */ +static const char mdcx_resp2[] = "200 33330829\n\nv=0\nc=IN IP4 172.16.18.2\nm=audio 4002 RTP/AVP 98\na=rtpmap:98 AMR/8000\n"; +static const char mdcx_resp_patched2[] = "200 33330829\n\nv=0\nc=IN IP4 10.0.0.23\nm=audio 5555 RTP/AVP 98\na=rtpmap:98 AMR/8000\n"; + +struct mgcp_patch_test { + const char *orig; + const char *patch; + const char *ip; + const int port; +}; + +static const struct mgcp_patch_test mgcp_messages[] = { + { + .orig = crcx, + .patch = crcx_patched, + .ip = "0.0.0.0", + .port = 2323, + }, + { + .orig = crcx_resp, + .patch = crcx_resp_patched, + .ip = "10.0.0.1", + .port = 999, + }, + { + .orig = mdcx, + .patch = mdcx_patched, + .ip = "10.0.0.23", + .port = 6666, + }, + { + .orig = mdcx_resp, + .patch = mdcx_resp_patched, + .ip = "10.0.0.23", + .port = 5555, + }, + { + .orig = mdcx_resp2, + .patch = mdcx_resp_patched2, + .ip = "10.0.0.23", + .port = 5555, + }, +}; diff --git a/openbsc/tests/bsc-nat/bsc_nat_test.c b/openbsc/tests/bsc-nat/bsc_nat_test.c new file mode 100644 index 000000000..4780a7a88 --- /dev/null +++ b/openbsc/tests/bsc-nat/bsc_nat_test.c @@ -0,0 +1,539 @@ +/* + * BSC NAT Message filtering + * + * (C) 2010 by Holger Hans Peter Freyther <zecke@selfish.org> + * (C) 2010 by On-Waves + * + * All Rights Reserved + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + */ + + +#include <openbsc/debug.h> +#include <openbsc/gsm_data.h> +#include <openbsc/bsc_nat.h> + +#include <osmocore/talloc.h> + +#include <stdio.h> + +/* test messages for ipa */ +static u_int8_t ipa_id[] = { + 0x00, 0x01, 0xfe, 0x06, +}; + +/* SCCP messages are below */ +static u_int8_t gsm_reset[] = { + 0x00, 0x12, 0xfd, + 0x09, 0x00, 0x03, 0x05, 0x07, 0x02, 0x42, 0xfe, + 0x02, 0x42, 0xfe, 0x06, 0x00, 0x04, 0x30, 0x04, + 0x01, 0x20, +}; + +static const u_int8_t gsm_reset_ack[] = { + 0x00, 0x13, 0xfd, + 0x09, 0x00, 0x03, 0x07, 0x0b, 0x04, 0x43, 0x01, + 0x00, 0xfe, 0x04, 0x43, 0x5c, 0x00, 0xfe, 0x03, + 0x00, 0x01, 0x31, +}; + +static const u_int8_t gsm_paging[] = { + 0x00, 0x20, 0xfd, + 0x09, 0x00, 0x03, 0x07, 0x0b, 0x04, 0x43, 0x01, + 0x00, 0xfe, 0x04, 0x43, 0x5c, 0x00, 0xfe, 0x10, + 0x00, 0x0e, 0x52, 0x08, 0x08, 0x29, 0x47, 0x10, + 0x02, 0x01, 0x31, 0x97, 0x61, 0x1a, 0x01, 0x06, +}; + +/* BSC -> MSC connection open */ +static const u_int8_t bssmap_cr[] = { + 0x00, 0x2c, 0xfd, + 0x01, 0x01, 0x02, 0x03, 0x02, 0x02, 0x04, 0x02, + 0x42, 0xfe, 0x0f, 0x1f, 0x00, 0x1d, 0x57, 0x05, + 0x08, 0x00, 0x72, 0xf4, 0x80, 0x20, 0x12, 0xc3, + 0x50, 0x17, 0x10, 0x05, 0x24, 0x11, 0x03, 0x33, + 0x19, 0xa2, 0x08, 0x29, 0x47, 0x10, 0x02, 0x01, + 0x31, 0x97, 0x61, 0x00 +}; + +/* MSC -> BSC connection confirm */ +static const u_int8_t bssmap_cc[] = { + 0x00, 0x0a, 0xfd, + 0x02, 0x01, 0x02, 0x03, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00, +}; + +/* MSC -> BSC released */ +static const u_int8_t bssmap_released[] = { + 0x00, 0x0e, 0xfd, + 0x04, 0x00, 0x00, 0x03, 0x01, 0x02, 0x03, 0x00, 0x01, 0x0f, + 0x02, 0x23, 0x42, 0x00, +}; + +/* BSC -> MSC released */ +static const u_int8_t bssmap_release_complete[] = { + 0x00, 0x07, 0xfd, + 0x05, 0x01, 0x02, 0x03, 0x00, 0x00, 0x03 +}; + +/* both directions IT timer */ +static const u_int8_t connnection_it[] = { + 0x00, 0x0b, 0xfd, + 0x10, 0x01, 0x02, 0x03, 0x01, 0x02, 0x03, + 0x00, 0x00, 0x00, 0x00, +}; + +/* MGCP wrap... */ +static const u_int8_t mgcp_msg[] = { + 0x00, 0x03, 0xfc, + 0x20, 0x20, 0x20, +}; + +struct filter_result { + const u_int8_t *data; + const u_int16_t length; + const int dir; + const int result; +}; + +static const struct filter_result results[] = { + { + .data = ipa_id, + .length = ARRAY_SIZE(ipa_id), + .dir = DIR_MSC, + .result = 1, + }, + { + .data = gsm_reset, + .length = ARRAY_SIZE(gsm_reset), + .dir = DIR_MSC, + .result = 1, + }, + { + .data = gsm_reset_ack, + .length = ARRAY_SIZE(gsm_reset_ack), + .dir = DIR_BSC, + .result = 1, + }, + { + .data = gsm_paging, + .length = ARRAY_SIZE(gsm_paging), + .dir = DIR_BSC, + .result = 0, + }, + { + .data = bssmap_cr, + .length = ARRAY_SIZE(bssmap_cr), + .dir = DIR_MSC, + .result = 0, + }, + { + .data = bssmap_cc, + .length = ARRAY_SIZE(bssmap_cc), + .dir = DIR_BSC, + .result = 0, + }, + { + .data = bssmap_released, + .length = ARRAY_SIZE(bssmap_released), + .dir = DIR_MSC, + .result = 0, + }, + { + .data = bssmap_release_complete, + .length = ARRAY_SIZE(bssmap_release_complete), + .dir = DIR_BSC, + .result = 0, + }, + { + .data = mgcp_msg, + .length = ARRAY_SIZE(mgcp_msg), + .dir = DIR_MSC, + .result = 0, + }, + { + .data = connnection_it, + .length = ARRAY_SIZE(connnection_it), + .dir = DIR_BSC, + .result = 0, + }, + { + .data = connnection_it, + .length = ARRAY_SIZE(connnection_it), + .dir = DIR_MSC, + .result = 0, + }, +}; + +static void test_filter(void) +{ + int i; + + + /* start testinh with proper messages */ + fprintf(stderr, "Testing BSS Filtering.\n"); + for (i = 0; i < ARRAY_SIZE(results); ++i) { + int result; + struct bsc_nat_parsed *parsed; + struct msgb *msg = msgb_alloc(4096, "test-message"); + + fprintf(stderr, "Going to test item: %d\n", i); + memcpy(msg->data, results[i].data, results[i].length); + msg->l2h = msgb_put(msg, results[i].length); + + parsed = bsc_nat_parse(msg); + if (!parsed) { + fprintf(stderr, "FAIL: Failed to parse the message\n"); + continue; + } + + result = bsc_nat_filter_ipa(results[i].dir, msg, parsed); + if (result != results[i].result) { + fprintf(stderr, "FAIL: Not the expected result got: %d wanted: %d\n", + result, results[i].result); + } + + msgb_free(msg); + } +} + +#include "bsc_data.c" + +static void copy_to_msg(struct msgb *msg, const u_int8_t *data, unsigned int length) +{ + msgb_reset(msg); + msg->l2h = msgb_put(msg, length); + memcpy(msg->l2h, data, msgb_l2len(msg)); +} + +#define VERIFY(con_found, con, msg, ver, str) \ + if (!con_found || con_found->bsc != con) { \ + fprintf(stderr, "Failed to find the con: %p\n", con_found); \ + abort(); \ + } \ + if (memcmp(msg->data, ver, sizeof(ver)) != 0) { \ + fprintf(stderr, "Failed to patch the %s msg.\n", str); \ + abort(); \ + } + +/* test conn tracking once */ +static void test_contrack() +{ + int rc; + struct bsc_nat *nat; + struct bsc_connection *con; + struct sccp_connections *con_found; + struct bsc_nat_parsed *parsed; + struct msgb *msg; + + fprintf(stderr, "Testing connection tracking.\n"); + nat = bsc_nat_alloc(); + con = bsc_connection_alloc(nat); + msg = msgb_alloc(4096, "test"); + + /* 1.) create a connection */ + copy_to_msg(msg, bsc_cr, sizeof(bsc_cr)); + parsed = bsc_nat_parse(msg); + con_found = patch_sccp_src_ref_to_msc(msg, parsed, nat); + if (con_found != NULL) { + fprintf(stderr, "Con should not exist %p\n", con_found); + abort(); + } + rc = create_sccp_src_ref(con, msg, parsed); + if (rc != 0) { + fprintf(stderr, "Failed to create a ref\n"); + abort(); + } + con_found = patch_sccp_src_ref_to_msc(msg, parsed, nat); + if (!con_found || con_found->bsc != con) { + fprintf(stderr, "Failed to find the con: %p\n", con_found); + abort(); + } + if (memcmp(msg->data, bsc_cr_patched, sizeof(bsc_cr_patched)) != 0) { + fprintf(stderr, "Failed to patch the BSC CR msg.\n"); + abort(); + } + talloc_free(parsed); + + /* 2.) get the cc */ + copy_to_msg(msg, msc_cc, sizeof(msc_cc)); + parsed = bsc_nat_parse(msg); + con_found = patch_sccp_src_ref_to_bsc(msg, parsed, nat); + VERIFY(con_found, con, msg, msc_cc_patched, "MSC CC"); + if (update_sccp_src_ref(con_found, parsed) != 0) { + fprintf(stderr, "Failed to update the SCCP con.\n"); + abort(); + } + + /* 3.) send some data */ + copy_to_msg(msg, bsc_dtap, sizeof(bsc_dtap)); + parsed = bsc_nat_parse(msg); + con_found = patch_sccp_src_ref_to_msc(msg, parsed, nat); + VERIFY(con_found, con, msg, bsc_dtap_patched, "BSC DTAP"); + + /* 4.) receive some data */ + copy_to_msg(msg, msc_dtap, sizeof(msc_dtap)); + parsed = bsc_nat_parse(msg); + con_found = patch_sccp_src_ref_to_bsc(msg, parsed, nat); + VERIFY(con_found, con, msg, msc_dtap_patched, "MSC DTAP"); + + /* 5.) close the connection */ + copy_to_msg(msg, msc_rlsd, sizeof(msc_rlsd)); + parsed = bsc_nat_parse(msg); + con_found = patch_sccp_src_ref_to_bsc(msg, parsed, nat); + VERIFY(con_found, con, msg, msc_rlsd_patched, "MSC RLSD"); + + /* 6.) confirm the connection close */ + copy_to_msg(msg, bsc_rlc, sizeof(bsc_rlc)); + parsed = bsc_nat_parse(msg); + con_found = patch_sccp_src_ref_to_msc(msg, parsed, nat); + if (!con_found || con_found->bsc != con) { + fprintf(stderr, "Failed to find the con: %p\n", con_found); + abort(); + } + if (memcmp(msg->data, bsc_rlc_patched, sizeof(bsc_rlc_patched)) != 0) { + fprintf(stderr, "Failed to patch the BSC CR msg.\n"); + abort(); + } + remove_sccp_src_ref(con, msg, parsed); + talloc_free(parsed); + + copy_to_msg(msg, bsc_rlc, sizeof(bsc_rlc)); + parsed = bsc_nat_parse(msg); + con_found = patch_sccp_src_ref_to_msc(msg, parsed, nat); + + /* verify that it is gone */ + if (con_found != NULL) { + fprintf(stderr, "Con should be gone. %p\n", con_found); + abort(); + } + talloc_free(parsed); + + + talloc_free(nat); + msgb_free(msg); +} + +static void test_paging(void) +{ + struct bsc_nat *nat; + struct bsc_connection *con; + struct bsc_nat_parsed *parsed; + struct bsc_config cfg; + struct msgb *msg; + + fprintf(stderr, "Testing paging by lac.\n"); + + nat = bsc_nat_alloc(); + con = bsc_connection_alloc(nat); + con->cfg = &cfg; + cfg.lac = 23; + con->authenticated = 1; + llist_add(&con->list_entry, &nat->bsc_connections); + msg = msgb_alloc(4096, "test"); + + /* Test completely bad input */ + copy_to_msg(msg, paging_by_lac_cmd, sizeof(paging_by_lac_cmd)); + if (bsc_nat_find_bsc(nat, msg) != 0) { + fprintf(stderr, "Should have not found anything.\n"); + abort(); + } + + /* Test it by not finding it */ + copy_to_msg(msg, paging_by_lac_cmd, sizeof(paging_by_lac_cmd)); + parsed = bsc_nat_parse(msg); + if (bsc_nat_find_bsc(nat, msg) != 0) { + fprintf(stderr, "Should have not found aynthing.\n"); + abort(); + } + talloc_free(parsed); + + /* Test by finding it */ + cfg.lac = 8213; + copy_to_msg(msg, paging_by_lac_cmd, sizeof(paging_by_lac_cmd)); + parsed = bsc_nat_parse(msg); + if (bsc_nat_find_bsc(nat, msg) != con) { + fprintf(stderr, "Should have found it.\n"); + abort(); + } + talloc_free(parsed); +} + +static void test_mgcp_ass_tracking(void) +{ + struct sccp_connections con; + struct bsc_nat_parsed *parsed; + struct msgb *msg; + + fprintf(stderr, "Testing MGCP.\n"); + memset(&con, 0, sizeof(con)); + + msg = msgb_alloc(4096, "foo"); + copy_to_msg(msg, ass_cmd, sizeof(ass_cmd)); + parsed = bsc_nat_parse(msg); + if (bsc_mgcp_assign(&con, msg) != 0) { + fprintf(stderr, "Failed to handle assignment.\n"); + abort(); + } + + if (con.msc_timeslot != 21) { + fprintf(stderr, "Timeslot should be 21.\n"); + abort(); + } + + if (con.bsc_timeslot != 21) { + fprintf(stderr, "Assigned timeslot should have been 21.\n"); + abort(); + } + talloc_free(parsed); + + bsc_mgcp_clear(&con); + if (con.bsc_timeslot != -1 || con.msc_timeslot != -1) { + fprintf(stderr, "Clearing should remove the mapping.\n"); + abort(); + } +} + +/* test the code to find a given connection */ +static void test_mgcp_find(void) +{ + struct bsc_nat *nat; + struct bsc_connection *con; + struct sccp_connections *sccp_con; + + fprintf(stderr, "Testing finding of a BSC Connection\n"); + + nat = bsc_nat_alloc(); + con = bsc_connection_alloc(nat); + llist_add(&con->list_entry, &nat->bsc_connections); + + sccp_con = talloc_zero(con, struct sccp_connections); + sccp_con->msc_timeslot = 12; + sccp_con->bsc_timeslot = 12; + sccp_con->bsc = con; + llist_add(&sccp_con->list_entry, &nat->sccp_connections); + + if (bsc_mgcp_find_con(nat, 11) != NULL) { + fprintf(stderr, "Found the wrong connection.\n"); + abort(); + } + + if (bsc_mgcp_find_con(nat, 12) != con) { + fprintf(stderr, "Didn't find the connection\n"); + abort(); + } + + sccp_con->msc_timeslot = 0; + sccp_con->bsc_timeslot = 0; + if (bsc_mgcp_find_con(nat, 1) != con) { + fprintf(stderr, "Didn't find the connection\n"); + abort(); + } + + /* free everything */ + talloc_free(nat); +} + +static void test_mgcp_rewrite(void) +{ + int i; + struct msgb *output; + fprintf(stderr, "Test rewriting MGCP messages.\n"); + + for (i = 0; i < ARRAY_SIZE(mgcp_messages); ++i) { + const char *orig = mgcp_messages[i].orig; + const char *patc = mgcp_messages[i].patch; + const char *ip = mgcp_messages[i].ip; + const int port = mgcp_messages[i].port; + + char *input = strdup(orig); + + output = bsc_mgcp_rewrite(input, strlen(input), ip, port); + if (msgb_l2len(output) != strlen(patc)) { + fprintf(stderr, "Wrong sizes for test: %d %d != %d != %d\n", i, msgb_l2len(output), strlen(patc), strlen(orig)); + fprintf(stderr, "String '%s' vs '%s'\n", (const char *) output->l2h, patc); + abort(); + } + + if (memcmp(output->l2h, patc, msgb_l2len(output)) != 0) { + fprintf(stderr, "Broken on %d msg: '%s'\n", i, (const char *) output->l2h); + abort(); + } + + msgb_free(output); + free(input); + } +} + +static void test_mgcp_parse(void) +{ + int code, ci; + char transaction[60]; + + fprintf(stderr, "Test MGCP response parsing.\n"); + + if (bsc_mgcp_parse_response(crcx_resp, &code, transaction) != 0) { + fprintf(stderr, "Failed to parse CRCX resp.\n"); + abort(); + } + + if (code != 200) { + fprintf(stderr, "Failed to parse the CODE properly. Got: %d\n", code); + abort(); + } + + if (strcmp(transaction, "23265295") != 0) { + fprintf(stderr, "Failed to parse transaction id: '%s'\n", transaction); + abort(); + } + + ci = bsc_mgcp_extract_ci(crcx_resp); + if (ci != 1) { + fprintf(stderr, "Failed to parse the CI. Got: %d\n", ci); + abort(); + } +} + +int main(int argc, char **argv) +{ + struct log_target *stderr_target; + + log_init(&log_info); + stderr_target = log_target_create_stderr(); + log_add_target(stderr_target); + log_set_all_filter(stderr_target, 1); + + test_filter(); + test_contrack(); + test_paging(); + test_mgcp_ass_tracking(); + test_mgcp_find(); + test_mgcp_rewrite(); + test_mgcp_parse(); + return 0; +} + +void input_event() +{} +int nm_state_event() +{ + return -1; +} + +int gsm0408_rcvmsg(struct msgb *msg, u_int8_t link_id) +{ + return -1; +} diff --git a/openbsc/tests/channel/channel_test.c b/openbsc/tests/channel/channel_test.c index 759001c57..96f13cbbd 100644 --- a/openbsc/tests/channel/channel_test.c +++ b/openbsc/tests/channel/channel_test.c @@ -76,6 +76,8 @@ int main(int argc, char** argv) void nm_state_event() {} void input_event() {} void sms_alloc() {} +void _lchan_release() {} +void gsm_net_update_ctype(struct gsm_network *network) {} struct tlv_definition nm_att_tlvdef; diff --git a/openbsc/tests/sccp/sccp_test.c b/openbsc/tests/sccp/sccp_test.c index eb41d3eaf..0c2adc83f 100644 --- a/openbsc/tests/sccp/sccp_test.c +++ b/openbsc/tests/sccp/sccp_test.c @@ -354,14 +354,14 @@ int sccp_read_cb(struct msgb *data, unsigned len, void *context) return 0; } -int sccp_write_cb(struct msgb *data, void *ctx) +void sccp_write_cb(struct msgb *data, void *ctx) { int i = 0; const u_int8_t *got, *wanted; if (test_data[current_test].response == NULL) { FAIL("Didn't expect write callback\n"); - return -1; + goto exit; } else if (test_data[current_test].response_length != msgb_l2len(data)) { FAIL("Size does not match. Got: %d Wanted: %d\n", msgb_l2len(data), test_data[current_test].response_length); @@ -374,12 +374,14 @@ int sccp_write_cb(struct msgb *data, void *ctx) if (got[i] != wanted[i]) { FAIL("Failed to compare byte. Got: 0x%x Wanted: 0x%x at %d\n", got[i], wanted[i], i); - return -1; + goto exit; } } write_called = 1; - return 0; + +exit: + msgb_free(data); } void sccp_c_read(struct sccp_connection *connection, struct msgb *msgb, unsigned int len) @@ -409,7 +411,7 @@ int sccp_accept_cb(struct sccp_connection *connection, void *user_data) return 0; } -static int sccp_udt_write_cb(struct msgb *data, void *context) +static void sccp_udt_write_cb(struct msgb *data, void *context) { const u_int8_t *got, *wanted; int i; @@ -419,7 +421,7 @@ static int sccp_udt_write_cb(struct msgb *data, void *context) if (send_data[current_test].length != msgb_l2len(data)) { FAIL("Size does not match. Got: %d Wanted: %d\n", msgb_l2len(data), send_data[current_test].length); - return -1; + goto exit; } got = &data->l2h[0]; @@ -429,12 +431,14 @@ static int sccp_udt_write_cb(struct msgb *data, void *context) if (got[i] != wanted[i]) { FAIL("Failed to compare byte. Got: 0x%x Wanted: 0x%x at %d\n", got[i], wanted[i], i); - return -1; + goto exit; } } matched = 1; - return 0; + +exit: + msgb_free(data); } static void test_sccp_system(void) @@ -504,11 +508,11 @@ static int sccp_udt_read(struct msgb *data, unsigned int len, void *context) return 0; } -static int sccp_write_loop(struct msgb *data, void *context) +static void sccp_write_loop(struct msgb *data, void *context) { /* send it back to us */ sccp_system_incoming(data); - return 0; + msgb_free(data); } static void test_sccp_udt_communication(void) |