From d954dcf9e1178b3f8709831fba47bb54141f486b Mon Sep 17 00:00:00 2001 From: Holger Hans Peter Freyther Date: Sat, 1 Aug 2009 07:30:25 +0200 Subject: [bsc_msc_ip] This is a BSC that connects to real MSC via IP This is a BSC to be used by on-waves.com to connect to a real MSC using SCCP over IP. The following messages and features are currently implemented: - IPA identity ack's - COMPLETE LAYER3 INFORMATION - DTAP - PAGING COMMAND - CLEAR COMPLETE/CLEAR REQUEST - CIPHER MODE COMMAND/ REJECT /COMPLETE It comes with a tool to create the enum's from the spec and a very simple test server to do the handshaking. --- openbsc/contrib/README | 2 + openbsc/contrib/send_handshake.py | 30 ++ openbsc/include/openbsc/Makefile.am | 2 +- openbsc/include/openbsc/bssap.h | 280 ++++++++++++++ openbsc/include/openbsc/gsm_data.h | 20 + openbsc/include/openbsc/gsm_subscriber.h | 2 + openbsc/include/openbsc/msgb.h | 2 + openbsc/src/Makefile.am | 9 +- openbsc/src/bsc_msc_ip.c | 617 +++++++++++++++++++++++++++++++ openbsc/src/bssap.c | 501 +++++++++++++++++++++++++ openbsc/src/chan_alloc.c | 3 + openbsc/src/gsm_subscriber_base.c | 22 +- openbsc/src/msgb.c | 1 + 13 files changed, 1486 insertions(+), 5 deletions(-) create mode 100644 openbsc/contrib/README create mode 100755 openbsc/contrib/send_handshake.py create mode 100644 openbsc/include/openbsc/bssap.h create mode 100644 openbsc/src/bsc_msc_ip.c create mode 100644 openbsc/src/bssap.c (limited to 'openbsc') diff --git a/openbsc/contrib/README b/openbsc/contrib/README new file mode 100644 index 000000000..43c8d623f --- /dev/null +++ b/openbsc/contrib/README @@ -0,0 +1,2 @@ +This contains a set of scripts used for the development of the +MSC functionality. diff --git a/openbsc/contrib/send_handshake.py b/openbsc/contrib/send_handshake.py new file mode 100755 index 000000000..2d0dcec42 --- /dev/null +++ b/openbsc/contrib/send_handshake.py @@ -0,0 +1,30 @@ +#!/usr/bin/env python + +import sys + +# packages +ACK ="\x00\x01\xfe\x06" +RESET_ACK = "\x00\x13\xfd\x09\x00\x03\x07\x0b\x04\x43\x01\x00\xfe\x04\x43\x5c\x00\xfe\x03\x00\x01\x31" +PAGE = "\x00\x20\xfd\x09\x00\x03\x07\x0b\x04\x43\x01\x00\xfe\x04\x43\x5c\x00\xfe\x10\x00\x0e\x52\x08\x08\x29\x42\x08\x05\x03\x12\x23\x42\x1a\x01\x06" + + +# simple handshake... +sys.stdout.write(ACK) +sys.stdout.flush() +sys.stdin.read(4) + +# wait for some data and send reset ack +sys.stdin.read(21) +sys.stdout.write(RESET_ACK) +sys.stdout.flush() + +sys.stdout.write(RESET_ACK) +sys.stdout.flush() + +# page a subscriber +sys.stdout.write(PAGE) +sys.stdout.flush() + +while True: + sys.stdin.read(1) + diff --git a/openbsc/include/openbsc/Makefile.am b/openbsc/include/openbsc/Makefile.am index 461f5a89e..3c42bc033 100644 --- a/openbsc/include/openbsc/Makefile.am +++ b/openbsc/include/openbsc/Makefile.am @@ -3,4 +3,4 @@ noinst_HEADERS = abis_nm.h abis_rsl.h debug.h db.h gsm_04_08.h gsm_data.h \ timer.h misdn.h chan_alloc.h telnet_interface.h paging.h \ subchan_demux.h trau_frame.h e1_input.h trau_mux.h signal.h \ gsm_utils.h ipaccess.h rs232.h openbscdefines.h rtp_proxy.h \ - bsc_rll.h mncc.h talloc.h transaction.h ussd.h gsm_04_80.h + bsc_rll.h mncc.h talloc.h transaction.h ussd.h gsm_04_80.h bssap.h diff --git a/openbsc/include/openbsc/bssap.h b/openbsc/include/openbsc/bssap.h new file mode 100644 index 000000000..b6f6c891d --- /dev/null +++ b/openbsc/include/openbsc/bssap.h @@ -0,0 +1,280 @@ +/* From GSM08.08 */ + +#ifndef BSSAP_H +#define BSSAP_H + +#include + +#include +#include + +/* + * this is from GSM 03.03 CGI but is copied in GSM 08.08 + * in § 3.2.2.27 for Cell Identifier List + */ +enum CELL_IDENT { + CELL_IDENT_WHOLE_GLOBAL = 0, + CELL_IDENT_LAC_AND_CI = 1, + CELL_IDENT_CI = 2, + CELL_IDENT_NO_CELL = 3, + CELL_IDENT_LAI_AND_LAC = 4, + CELL_IDENT_LAC = 5, + CELL_IDENT_BSS = 6, + CELL_IDENT_UTRAN_PLMN_LAC_RNC = 8, + CELL_IDENT_UTRAN_RNC = 9, + CELL_IDENT_UTRAN_LAC_RNC = 10, +}; + + +/* GSM 08.06 § 6.3 */ +enum BSSAP_MSG_TYPE { + BSSAP_MSG_BSS_MANAGEMENT = 0x0, + BSSAP_MSG_DTAP = 0x1, +}; + +struct bssmap_header { + u_int8_t type; + u_int8_t length; +} __attribute__((packed)); + +struct dtap_header { + u_int8_t type; + u_int8_t link_id; + u_int8_t length; +} __attribute__((packed)); + + +enum BSS_MAP_MSG_TYPE { + BSS_MAP_MSG_RESERVED_0 = 0, + + /* ASSIGNMENT MESSAGES */ + BSS_MAP_MSG_ASSIGMENT_RQST = 1, + BSS_MAP_MSG_ASSIGMENT_COMPLETE = 2, + BSS_MAP_MSG_ASSIGMENT_FAILURE = 3, + + /* HANDOVER MESSAGES */ + BSS_MAP_MSG_HANDOVER_RQST = 16, + BSS_MAP_MSG_HANDOVER_REQUIRED = 17, + BSS_MAP_MSG_HANDOVER_RQST_ACKNOWLEDGE= 18, + BSS_MAP_MSG_HANDOVER_CMD = 19, + BSS_MAP_MSG_HANDOVER_COMPLETE = 20, + BSS_MAP_MSG_HANDOVER_SUCCEEDED = 21, + BSS_MAP_MSG_HANDOVER_FAILURE = 22, + BSS_MAP_MSG_HANDOVER_PERFORMED = 23, + BSS_MAP_MSG_HANDOVER_CANDIDATE_ENQUIRE = 24, + BSS_MAP_MSG_HANDOVER_CANDIDATE_RESPONSE = 25, + BSS_MAP_MSG_HANDOVER_REQUIRED_REJECT = 26, + BSS_MAP_MSG_HANDOVER_DETECT = 27, + + /* RELEASE MESSAGES */ + BSS_MAP_MSG_CLEAR_CMD = 32, + BSS_MAP_MSG_CLEAR_COMPLETE = 33, + BSS_MAP_MSG_CLEAR_RQST = 34, + BSS_MAP_MSG_RESERVED_1 = 35, + BSS_MAP_MSG_RESERVED_2 = 36, + BSS_MAP_MSG_SAPI_ = 37, + BSS_MAP_MSG_CONFUSION = 38, + + /* OTHER CONNECTION RELATED MESSAGES */ + BSS_MAP_MSG_SUSPEND = 40, + BSS_MAP_MSG_RESUME = 41, + BSS_MAP_MSG_CONNECTION_ORIENTED_INFORMATION = 42, + BSS_MAP_MSG_PERFORM_LOCATION_RQST = 43, + BSS_MAP_MSG_LSA_INFORMATION = 44, + BSS_MAP_MSG_PERFORM_LOCATION_RESPONSE = 45, + BSS_MAP_MSG_PERFORM_LOCATION_ABORT = 46, + BSS_MAP_MSG_COMMON_ID = 47, + + /* GENERAL MESSAGES */ + BSS_MAP_MSG_RESET = 48, + BSS_MAP_MSG_RESET_ACKNOWLEDGE = 49, + BSS_MAP_MSG_OVERLOAD = 50, + BSS_MAP_MSG_RESERVED_3 = 51, + BSS_MAP_MSG_RESET_CIRCUIT = 52, + BSS_MAP_MSG_RESET_CIRCUIT_ACKNOWLEDGE = 53, + BSS_MAP_MSG_MSC_INVOKE_TRACE = 54, + BSS_MAP_MSG_BSS_INVOKE_TRACE = 55, + BSS_MAP_MSG_CONNECTIONLESS_INFORMATION = 58, + + /* TERRESTRIAL RESOURCE MESSAGES */ + BSS_MAP_MSG_BLOCK = 64, + BSS_MAP_MSG_BLOCKING_ACKNOWLEDGE = 65, + BSS_MAP_MSG_UNBLOCK = 66, + BSS_MAP_MSG_UNBLOCKING_ACKNOWLEDGE = 67, + BSS_MAP_MSG_CIRCUIT_GROUP_BLOCK = 68, + BSS_MAP_MSG_CIRCUIT_GROUP_BLOCKING_ACKNOWLEDGE = 69, + BSS_MAP_MSG_CIRCUIT_GROUP_UNBLOCK = 70, + BSS_MAP_MSG_CIRCUIT_GROUP_UNBLOCKING_ACKNOWLEDGE = 71, + BSS_MAP_MSG_UNEQUIPPED_CIRCUIT = 72, + BSS_MAP_MSG_CHANGE_CIRCUIT = 78, + BSS_MAP_MSG_CHANGE_CIRCUIT_ACKNOWLEDGE = 79, + + /* RADIO RESOURCE MESSAGES */ + BSS_MAP_MSG_RESOURCE_RQST = 80, + BSS_MAP_MSG_RESOURCE_INDICATION = 81, + BSS_MAP_MSG_PAGING = 82, + BSS_MAP_MSG_CIPHER_MODE_CMD = 83, + BSS_MAP_MSG_CLASSMARK_UPDATE = 84, + BSS_MAP_MSG_CIPHER_MODE_COMPLETE = 85, + BSS_MAP_MSG_QUEUING_INDICATION = 86, + BSS_MAP_MSG_COMPLETE_LAYER_3 = 87, + BSS_MAP_MSG_CLASSMARK_RQST = 88, + BSS_MAP_MSG_CIPHER_MODE_REJECT = 89, + BSS_MAP_MSG_LOAD_INDICATION = 90, + + /* VGCS/VBS */ + BSS_MAP_MSG_VGCS_VBS_SETUP = 4, + BSS_MAP_MSG_VGCS_VBS_SETUP_ACK = 5, + BSS_MAP_MSG_VGCS_VBS_SETUP_REFUSE = 6, + BSS_MAP_MSG_VGCS_VBS_ASSIGNMENT_RQST = 7, + BSS_MAP_MSG_VGCS_VBS_ASSIGNMENT_RESULT = 28, + BSS_MAP_MSG_VGCS_VBS_ASSIGNMENT_FAILURE = 29, + BSS_MAP_MSG_VGCS_VBS_QUEUING_INDICATION = 30, + BSS_MAP_MSG_UPLINK_RQST = 31, + BSS_MAP_MSG_UPLINK_RQST_ACKNOWLEDGE = 39, + BSS_MAP_MSG_UPLINK_RQST_CONFIRMATION = 73, + BSS_MAP_MSG_UPLINK_RELEASE_INDICATION = 74, + BSS_MAP_MSG_UPLINK_REJECT_CMD = 75, + BSS_MAP_MSG_UPLINK_RELEASE_CMD = 76, + BSS_MAP_MSG_UPLINK_SEIZED_CMD = 77, +}; + +enum GSM0808_IE_CODING { + GSM0808_IE_CIRCUIT_IDENTITY_CODE = 1, + GSM0808_IE_RESERVED_0 = 2, + GSM0808_IE_RESOURCE_AVAILABLE = 3, + GSM0808_IE_CAUSE = 4, + GSM0808_IE_CELL_IDENTIFIER = 5, + GSM0808_IE_PRIORITY = 6, + GSM0808_IE_LAYER_3_HEADER_INFORMATION = 7, + GSM0808_IE_IMSI = 8, + GSM0808_IE_TMSI = 9, + GSM0808_IE_ENCRYPTION_INFORMATION = 10, + GSM0808_IE_CHANNEL_TYPE = 11, + GSM0808_IE_PERIODICITY = 12, + GSM0808_IE_EXTENDED_RESOURCE_INDICATOR = 13, + GSM0808_IE_NUMBER_OF_MSS = 14, + GSM0808_IE_RESERVED_1 = 15, + GSM0808_IE_RESERVED_2 = 16, + GSM0808_IE_RESERVED_3 = 17, + GSM0808_IE_CLASSMARK_INFORMATION_TYPE_2 = 18, + GSM0808_IE_CLASSMARK_INFORMATION_TYPE_3 = 19, + GSM0808_IE_INTERFERENCE_BAND_TO_BE_USED = 20, + GSM0808_IE_RR_CAUSE = 21, + GSM0808_IE_RESERVED_4 = 22, + GSM0808_IE_LAYER_3_INFORMATION = 23, + GSM0808_IE_DLCI = 24, + GSM0808_IE_DOWNLINK_DTX_FLAG = 25, + GSM0808_IE_CELL_IDENTIFIER_LIST = 26, + GSM0808_IE_RESPONSE_RQST = 27, + GSM0808_IE_RESOURCE_INDICATION_METHOD = 28, + GSM0808_IE_CLASSMARK_INFORMATION_TYPE_1 = 29, + GSM0808_IE_CIRCUIT_IDENTITY_CODE_LIST = 30, + GSM0808_IE_DIAGNOSTIC = 31, + GSM0808_IE_LAYER_3_MESSAGE_CONTENTS = 32, + GSM0808_IE_CHOSEN_CHANNEL = 33, + GSM0808_IE_TOTAL_RESOURCE_ACCESSIBLE = 34, + GSM0808_IE_CIPHER_RESPONSE_MODE = 35, + GSM0808_IE_CHANNEL_NEEDED = 36, + GSM0808_IE_TRACE_TYPE = 37, + GSM0808_IE_TRIGGERID = 38, + GSM0808_IE_TRACE_REFERENCE = 39, + GSM0808_IE_TRANSACTIONID = 40, + GSM0808_IE_MOBILE_IDENTITY = 41, + GSM0808_IE_OMCID = 42, + GSM0808_IE_FORWARD_INDICATOR = 43, + GSM0808_IE_CHOSEN_ENCR_ALG = 44, + GSM0808_IE_CIRCUIT_POOL = 45, + GSM0808_IE_CIRCUIT_POOL_LIST = 46, + GSM0808_IE_TIME_INDICATION = 47, + GSM0808_IE_RESOURCE_SITUATION = 48, + GSM0808_IE_CURRENT_CHANNEL_TYPE_1 = 49, + GSM0808_IE_QUEUEING_INDICATOR = 50, + GSM0808_IE_SPEECH_VERSION = 64, + GSM0808_IE_ASSIGNMENT_REQUIREMENT = 51, + GSM0808_IE_TALKER_FLAG = 53, + GSM0808_IE_CONNECTION_RELEASE_RQSTED = 54, + GSM0808_IE_GROUP_CALL_REFERENCE = 55, + GSM0808_IE_EMLPP_PRIORITY = 56, + GSM0808_IE_CONFIGURATION_EVOLUTION_INDICATION = 57, + GSM0808_IE_OLD_BSS_TO_NEW_BSS_INFORMATION = 58, + GSM0808_IE_LSA_IDENTIFIER = 59, + GSM0808_IE_LSA_IDENTIFIER_LIST = 60, + GSM0808_IE_LSA_INFORMATION = 61, + GSM0808_IE_LCS_QOS = 62, + GSM0808_IE_LSA_ACCESS_CONTROL_SUPPRESSION = 63, + GSM0808_IE_LCS_PRIORITY = 67, + GSM0808_IE_LOCATION_TYPE = 68, + GSM0808_IE_LOCATION_ESTIMATE = 69, + GSM0808_IE_POSITIONING_DATA = 70, + GSM0808_IE_LCS_CAUSE = 71, + GSM0808_IE_LCS_CLIENT_TYPE = 72, + GSM0808_IE_APDU = 73, + GSM0808_IE_NETWORK_ELEMENT_IDENTITY = 74, + GSM0808_IE_GPS_ASSISTANCE_DATA = 75, + GSM0808_IE_DECIPHERING_KEYS = 76, + GSM0808_IE_RETURN_ERROR_RQST = 77, + GSM0808_IE_RETURN_ERROR_CAUSE = 78, + GSM0808_IE_SEGMENTATION = 79, + GSM0808_IE_SERVICE_HANDOVER = 80, + GSM0808_IE_SOURCE_RNC_TO_TARGET_RNC_TRANSPARENT_UMTS = 81, + GSM0808_IE_SOURCE_RNC_TO_TARGET_RNC_TRANSPARENT_CDMA2000= 82, + GSM0808_IE_RESERVED_5 = 65, + GSM0808_IE_RESERVED_6 = 66, +}; + +enum gsm0808_cause { + GSM0808_CAUSE_RADIO_INTERFACE_MESSAGE_FAILURE = 0, + GSM0808_CAUSE_RADIO_INTERFACE_FAILURE = 1, + GSM0808_CAUSE_UPLINK_QUALITY = 2, + GSM0808_CAUSE_UPLINK_STRENGTH = 3, + GSM0808_CAUSE_DOWNLINK_QUALITY = 4, + GSM0808_CAUSE_DOWNLINK_STRENGTH = 5, + GSM0808_CAUSE_DISTANCE = 6, + GSM0808_CAUSE_O_AND_M_INTERVENTION = 7, + GSM0808_CAUSE_RESPONSE_TO_MSC_INVOCATION = 8, + GSM0808_CAUSE_CALL_CONTROL = 9, + GSM0808_CAUSE_RADIO_INTERFACE_FAILURE_REVERSION = 10, + GSM0808_CAUSE_HANDOVER_SUCCESSFUL = 11, + GSM0808_CAUSE_BETTER_CELL = 12, + GSM0808_CAUSE_DIRECTED_RETRY = 13, + GSM0808_CAUSE_JOINED_GROUP_CALL_CHANNEL = 14, + GSM0808_CAUSE_TRAFFIC = 15, + GSM0808_CAUSE_EQUIPMENT_FAILURE = 32, + GSM0808_CAUSE_NO_RADIO_RESOURCE_AVAILABLE = 33, + GSM0808_CAUSE_RQSTED_TERRESTRIAL_RESOURCE_UNAVAILABLE = 34, + GSM0808_CAUSE_CCCH_OVERLOAD = 35, + GSM0808_CAUSE_PROCESSOR_OVERLOAD = 36, + GSM0808_CAUSE_BSS_NOT_EQUIPPED = 37, + GSM0808_CAUSE_MS_NOT_EQUIPPED = 38, + GSM0808_CAUSE_INVALID_CELL = 39, + GSM0808_CAUSE_TRAFFIC_LOAD = 40, + GSM0808_CAUSE_PREEMPTION = 41, + GSM0808_CAUSE_RQSTED_TRANSCODING_RATE_ADAPTION_UNAVAILABLE = 48, + GSM0808_CAUSE_CIRCUIT_POOL_MISMATCH = 49, + GSM0808_CAUSE_SWITCH_CIRCUIT_POOL = 50, + GSM0808_CAUSE_RQSTED_SPEECH_VERSION_UNAVAILABLE = 51, + GSM0808_CAUSE_LSA_NOT_ALLOWED = 52, + GSM0808_CAUSE_CIPHERING_ALGORITHM_NOT_SUPPORTED = 64, + GSM0808_CAUSE_TERRESTRIAL_CIRCUIT_ALREADY_ALLOCATED = 80, + GSM0808_CAUSE_INVALID_MESSAGE_CONTENTS = 81, + GSM0808_CAUSE_INFORMATION_ELEMENT_OR_FIELD_MISSING = 82, + GSM0808_CAUSE_INCORRECT_VALUE = 83, + GSM0808_CAUSE_UNKNOWN_MESSAGE_TYPE = 84, + GSM0808_CAUSE_UNKNOWN_INFORMATION_ELEMENT = 85, + GSM0808_CAUSE_PROTOCOL_ERROR_BETWEEN_BSS_AND_MSC = 96, +}; + +int bssmap_rcvmsg_dt1(struct sccp_connection *conn, struct msgb *msg, unsigned int length); +int bssmap_rcvmsg_udt(struct gsm_network *net, struct msgb *msg, unsigned int length); + +struct msgb *bssmap_create_layer3(struct msgb *msg); +struct msgb *bssmap_create_reset(void); +struct msgb *bssmap_create_clear_complete(void); +struct msgb *bssmap_create_cipher_complete(struct msgb *layer3, int bsc_enc_algo); +struct msgb *bssmap_create_cipher_reject(u_int8_t cause); + +int dtap_rcvmsg(struct gsm_lchan *lchan, struct msgb *msg, unsigned int length); +struct msgb *dtap_create_msg(struct msgb *msg_l3, u_int8_t link_id); + +#endif diff --git a/openbsc/include/openbsc/gsm_data.h b/openbsc/include/openbsc/gsm_data.h index 0ac8674fd..8a9446a5e 100644 --- a/openbsc/include/openbsc/gsm_data.h +++ b/openbsc/include/openbsc/gsm_data.h @@ -110,11 +110,25 @@ struct gsm_bts_link { struct gsm_bts *bts; }; +struct sccp_connection; struct gsm_lchan; struct gsm_subscriber; struct gsm_mncc; struct rtp_socket; +/* BSC/MSC data holding them together */ +struct bss_sccp_connection_data { + struct gsm_lchan *lchan; + struct sccp_connection *sccp; + int ciphering_handled : 1; +}; + +#define sccp_get_lchan(data_ctx) ((struct bss_sccp_connection_data *)data_ctx)->lchan +#define lchan_get_sccp(lchan) lchan->msc_data->sccp +struct bss_sccp_connection_data *bss_sccp_create_data(); +void bss_sccp_free_data(struct bss_sccp_connection_data *); + + /* Network Management State */ struct gsm_nm_state { u_int8_t operational; @@ -183,6 +197,12 @@ struct gsm_lchan { */ struct gsm_loc_updating_operation *loc_operation; + /* + * MSC handling... + */ + struct bss_sccp_connection_data *msc_data; + + /* use count. how many users use this channel */ unsigned int use_count; }; diff --git a/openbsc/include/openbsc/gsm_subscriber.h b/openbsc/include/openbsc/gsm_subscriber.h index d612ed566..eac0ae2a9 100644 --- a/openbsc/include/openbsc/gsm_subscriber.h +++ b/openbsc/include/openbsc/gsm_subscriber.h @@ -81,6 +81,8 @@ struct gsm_subscriber *subscr_get_by_extension(struct gsm_network *net, const char *ext); struct gsm_subscriber *subscr_get_by_id(struct gsm_network *net, unsigned long long id); +struct gsm_subscriber *subscr_get_or_create(struct gsm_network *net, + const char *imsi); int subscr_update(struct gsm_subscriber *s, struct gsm_bts *bts, int reason); void subscr_put_channel(struct gsm_lchan *lchan); void subscr_get_channel(struct gsm_subscriber *subscr, diff --git a/openbsc/include/openbsc/msgb.h b/openbsc/include/openbsc/msgb.h index ab3c03396..1a0688f57 100644 --- a/openbsc/include/openbsc/msgb.h +++ b/openbsc/include/openbsc/msgb.h @@ -37,6 +37,7 @@ struct msgb { unsigned char *l2h; unsigned char *l3h; unsigned char *smsh; + unsigned char *l4h; u_int16_t data_len; u_int16_t len; @@ -55,6 +56,7 @@ extern void msgb_reset(struct msgb *m); #define msgb_l2(m) ((void *)(m->l2h)) #define msgb_l3(m) ((void *)(m->l3h)) +#define msgb_l4(m) ((void *)(m->l4h)) #define msgb_sms(m) ((void *)(m->smsh)) static inline unsigned int msgb_l2len(const struct msgb *msgb) diff --git a/openbsc/src/Makefile.am b/openbsc/src/Makefile.am index d28c80354..e6c5fb743 100644 --- a/openbsc/src/Makefile.am +++ b/openbsc/src/Makefile.am @@ -2,7 +2,7 @@ INCLUDES = $(all_includes) -I$(top_srcdir)/include AM_CFLAGS=-Wall sbin_PROGRAMS = bsc_hack bs11_config ipaccess-find ipaccess-config isdnsync \ - isdnsync bsc_mgcp + isdnsync bsc_mgcp bsc_msc_ip noinst_LIBRARIES = libbsc.a libmsc.a libvty.a libsccp.a noinst_HEADERS = vty/cardshell.h @@ -11,9 +11,9 @@ libbsc_a_SOURCES = abis_rsl.c abis_nm.c gsm_data.c gsm_04_08_utils.c \ gsm_subscriber_base.c subchan_demux.c bsc_rll.c transaction.c \ trau_frame.c trau_mux.c paging.c e1_config.c e1_input.c tlv_parser.c \ input/misdn.c input/ipaccess.c signal.c gsm_utils.c talloc.c \ - talloc_ctx.c + talloc_ctx.c telnet_interface.c -libmsc_a_SOURCES = gsm_subscriber.c db.c telnet_interface.c \ +libmsc_a_SOURCES = gsm_subscriber.c db.c \ mncc.c rtp_proxy.c gsm_04_08.c gsm_04_11.c transaction.c \ token_auth.c rrlp.c gsm_04_80.c ussd.c silent_call.c @@ -24,6 +24,9 @@ libsccp_a_SOURCES = sccp/sccp.c bsc_hack_SOURCES = bsc_hack.c bsc_init.c vty_interface.c vty_interface_layer3.c bsc_hack_LDADD = libmsc.a libbsc.a libmsc.a libvty.a -ldl -ldbi $(LIBCRYPT) +bsc_msc_ip_SOURCES = bssap.c bsc_msc_ip.c bsc_init.c vty_interface.c +bsc_msc_ip_LDADD = libbsc.a libvty.a libsccp.a + bs11_config_SOURCES = bs11_config.c abis_nm.c gsm_data.c msgb.c debug.c \ select.c timer.c rs232.c tlv_parser.c signal.c talloc.c diff --git a/openbsc/src/bsc_msc_ip.c b/openbsc/src/bsc_msc_ip.c new file mode 100644 index 000000000..9b726f89d --- /dev/null +++ b/openbsc/src/bsc_msc_ip.c @@ -0,0 +1,617 @@ +/* A hackish minimal BSC (+MSC +HLR) implementation */ + +/* (C) 2008-2009 by Harald Welte + * (C) 2009 by Holger Hans Peter Freyther + * (C) 2009 by on-waves.com + * All Rights Reserved + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + */ + +#include +#include +#include +#include +#include +#include + +#include +#include +#include + +#define _GNU_SOURCE +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +/* MCC and MNC for the Location Area Identifier */ +struct gsm_network *bsc_gsmnet = 0; +static const char *config_file = "openbsc.cfg"; +static char *msc_address = "127.0.0.1"; +static struct bsc_fd msc_connection; +extern int ipacc_rtp_direct; + +extern int bsc_bootstrap_network(int (*layer4)(struct gsm_network *, int, void *), const char *cfg_file); +extern int bsc_shutdown_net(struct gsm_network *net); + +struct bss_sccp_connection_data *bss_sccp_create_data() +{ + return _talloc_zero(tall_bsc_ctx, + sizeof(struct bss_sccp_connection_data), + "bsc<->msc"); +} + +void bss_sccp_free_data(struct bss_sccp_connection_data *data) +{ + talloc_free(data); +} + + +/* GSM subscriber drop-ins */ +extern struct llist_head *subscr_bsc_active_subscriber(void); +struct gsm_subscriber *find_subscriber(u_int8_t type, const char *mi_string) +{ + struct gsm_subscriber *subscr; + u_int32_t tmsi = GSM_RESERVED_TMSI; + if (type == GSM_MI_TYPE_TMSI) { + tmsi = tmsi_from_string(mi_string); + if (tmsi == GSM_RESERVED_TMSI) { + DEBUGP(DMSC, "The TMSI is the reserved one.\n"); + return NULL; + } + } + + llist_for_each_entry(subscr, subscr_bsc_active_subscriber(), entry) { + if (type == GSM_MI_TYPE_TMSI && tmsi == subscr->tmsi) { + return subscr_get(subscr); + } else if (type == GSM_MI_TYPE_IMSI && strcmp(mi_string, subscr->imsi) == 0) { + return subscr_get(subscr); + } + } + + DEBUGP(DMSC, "No subscriber has been found.\n"); + return NULL; +} + + + +/* BSC -> MSC hooks */ +void bsc_vty_init_extra(void) +{ +} + +/* SCCP handling */ +void msc_outgoing_sccp_data(struct sccp_connection *conn, struct msgb *msg, unsigned int len) +{ + struct bssmap_header *bs; + + if (len < 1) { + DEBUGP(DMSC, "The header is too short.\n"); + return; + } + + switch (msg->l3h[0]) { + case BSSAP_MSG_BSS_MANAGEMENT: + msg->l4h = &msg->l3h[sizeof(*bs)]; + msg->lchan = sccp_get_lchan(conn->data_ctx); + bssmap_rcvmsg_dt1(conn, msg, len - sizeof(*bs)); + break; + case BSSAP_MSG_DTAP: + dtap_rcvmsg(sccp_get_lchan(conn->data_ctx), msg, len); + break; + default: + DEBUGPC(DMSC, "Unimplemented msg type: %d\n", msg->l3h[0]); + } +} + +void msc_outgoing_sccp_state(struct sccp_connection *conn, int old_state) +{ + if (conn->connection_state >= SCCP_CONNECTION_STATE_RELEASE_COMPLETE) { + DEBUGP(DMSC, "Freeing sccp conn: %p state: %d\n", conn, conn->connection_state); + if (sccp_get_lchan(conn->data_ctx) != NULL) { + DEBUGP(DMSC, "ERROR: The lchan is still associated\n."); + } + + bss_sccp_free_data((struct bss_sccp_connection_data *)conn->data_ctx); + sccp_connection_free(conn); + return; + } +} + +/* + * General COMPLETE LAYER3 INFORMATION handling for + * PAGING RESPONSE, LOCATION UPDATING REQUEST, CM REESTABLISHMENT REQUEST, + * CM SERVICE REQUEST, IMSI DETACH, IMMEDIATE SETUP. + * + * IMMEDIATE SETUP is coming from GROUP CC that is not yet + * supported... + */ +int open_sccp_connection(struct msgb *layer3) +{ + struct bss_sccp_connection_data *con_data; + struct sccp_connection *sccp_connection; + struct msgb *data; + + DEBUGP(DMSC, "Opening new layer3 connection\n"); + sccp_connection = sccp_connection_socket(); + if (!sccp_connection) { + DEBUGP(DMSC, "Failed to allocate memory.\n"); + return -ENOMEM; + } + + data = bssmap_create_layer3(layer3); + if (!data) { + DEBUGP(DMSC, "Failed to allocate complete layer3.\n"); + sccp_connection_free(sccp_connection); + return -ENOMEM; + } + + con_data = bss_sccp_create_data(); + if (!con_data) { + DEBUGP(DMSC, "Failed to allocate bss<->msc data.\n"); + sccp_connection_free(sccp_connection); + msgb_free(data); + return -ENOMEM; + } + + /* initialize the bridge */ + con_data->lchan = layer3->lchan; + con_data->sccp = sccp_connection; + + sccp_connection->state_cb = msc_outgoing_sccp_state; + sccp_connection->data_cb = msc_outgoing_sccp_data; + sccp_connection->data_ctx = con_data; + layer3->lchan->msc_data = con_data; + + /* FIXME: Use transaction for this */ + use_lchan(layer3->lchan); + sccp_connection_connect(sccp_connection, &sccp_ssn_bssap, data); + msgb_free(data); + + return 1; +} + +/* figure out if this is the inial layer3 message */ +static int send_dtap_or_open_connection(struct msgb *msg) +{ + if (msg->lchan->msc_data) { + struct msgb *dtap = dtap_create_msg(msg, 0); + if (!dtap) { + DEBUGP(DMSC, "Creating a DTAP message failed.\n"); + return -1; + } + + sccp_connection_write(lchan_get_sccp(msg->lchan), dtap); + return 1; + } else { + return open_sccp_connection(msg); + } +} + +/* Receive a PAGING RESPONSE message from the MS */ +static int handle_paging_response(struct msgb *msg) +{ + struct gsm_subscriber *subscr; + char mi_string[GSM48_MI_SIZE]; + u_int8_t mi_type; + + gsm48_paging_extract_mi(msg, mi_string, &mi_type); + DEBUGP(DMSC, "PAGING RESPONSE: mi_type=0x%02x MI(%s)\n", + mi_type, mi_string); + + subscr = find_subscriber(mi_type, mi_string); + if (!subscr) + return -EINVAL; + + /* force the paging to stop at every bts */ + subscr->lac = GSM_LAC_RESERVED_ALL_BTS; + if (gsm48_handle_paging_resp(msg, subscr) != 0) { + DEBUGP(DMSC, "Paging failed.\n"); + return -1; + } + + /* open a new transaction and SCCP connection */ + return send_dtap_or_open_connection(msg); +} + +/* Receive a CIPHER MODE COMPLETE from the MS */ +static int handle_cipher_m_complete(struct msgb *msg) +{ + struct msgb *resp; + + DEBUGP(DMSC, "CIPHER MODE COMPLETE from MS, forwarding to MSC\n"); + resp = bssmap_create_cipher_complete(msg, -1); + if (!resp) { + DEBUGP(DMSC, "Creating MSC response failed.\n"); + return -1; + } + + + /* handled this message */ + sccp_connection_write(lchan_get_sccp(msg->lchan), resp); + msgb_free(resp); + return 1; +} + +/* Receive a GSM 04.08 Radio Resource (RR) message */ +static int gsm0408_rcv_rr(struct msgb *msg) +{ + struct gsm48_hdr *gh = msgb_l3(msg); + int rc = 0; + + switch (gh->msg_type) { + case GSM48_MT_RR_PAG_RESP: + rc = handle_paging_response(msg); + break; + case GSM48_MT_RR_MEAS_REP: + /* ignore measurement for now */ + rc = -1; + break; + case GSM48_MT_RR_CIPH_M_COMPL: + rc = handle_cipher_m_complete(msg); + break; + default: + break; + } + + return rc; +} + +/* Receive a GSM 04.08 Mobility Management (MM) message */ +static int gsm0408_rcv_mm(struct msgb *msg) +{ + struct gsm48_hdr *gh = msgb_l3(msg); + int rc = 0; + + switch (gh->msg_type & 0xbf) { + case GSM48_MT_MM_LOC_UPD_REQUEST: + case GSM48_MT_MM_CM_REEST_REQ: + case GSM48_MT_MM_CM_SERV_REQ: + case GSM48_MT_MM_IMSI_DETACH_IND: + rc = send_dtap_or_open_connection(msg); + break; + default: + break; + } + + return rc; +} + +int gsm0408_rcvmsg(struct msgb *msg, u_int8_t link_id) +{ + struct gsm48_hdr *gh = msgb_l3(msg); + u_int8_t pdisc = gh->proto_discr & 0x0f; + int rc = 0; + + switch (pdisc) { + case GSM48_PDISC_RR: + rc = gsm0408_rcv_rr(msg); + break; + case GSM48_PDISC_MM: + rc = gsm0408_rcv_mm(msg); + break; + default: + break; + } + + /* + * if we have a sccp connection and didn't handle the message + * forward it to the MSC using DTAP + */ + if (rc == 0 && msg->lchan->msc_data && lchan_get_sccp(msg->lchan)) { + struct msgb *dtap = dtap_create_msg(msg, link_id); + if (!dtap) { + DEBUGP(DMSC, "Creating a DTAP message failed.\n"); + return -1; + } + + sccp_connection_write(lchan_get_sccp(msg->lchan), dtap); + } + + return rc; +} + +static void print_usage() +{ + printf("Usage: bsc_hack\n"); +} + +/* + * SCCP handling + */ +static int msc_sccp_write_ipa(struct msgb *msg, void *data) +{ + int ret; + + DEBUGP(DMSC, "Sending SCCP to MSC: %u\n", msgb_l2len(msg)); + ipaccess_prepend_header(msg, IPAC_PROTO_SCCP); + + + DEBUGP(DMI, "MSC TX %s\n", hexdump(msg->l2h, msgb_l2len(msg))); + ret = write(msc_connection.fd, msg->data, msg->len); + + if (ret <= 0) { + perror("MSC: Failed to send SCCP"); + return -1; + } + + return 0; +} + +static int msc_sccp_accept(struct sccp_connection *connection, void *data) +{ + DEBUGP(DMSC, "Rejecting incoming SCCP connection.\n"); + return -1; +} + +static int msc_sccp_read(struct msgb *msgb, unsigned int length, void *data) +{ + struct bssmap_header *bs; + + DEBUGP(DMSC, "Incoming SCCP message ftom MSC: %s\n", hexdump(msgb->l3h, length)); + + if (length < sizeof(*bs)) { + DEBUGP(DMSC, "The header is too short.\n"); + return -1; + } + + bs = (struct bssmap_header *) msgb->l3h; + if (bs->length < length - sizeof(*bs)) + return -1; + + switch (bs->type) { + case BSSAP_MSG_BSS_MANAGEMENT: + msgb->l4h = &msgb->l3h[sizeof(*bs)]; + bssmap_rcvmsg_udt(bsc_gsmnet, msgb, length - sizeof(*bs)); + break; + default: + DEBUGPC(DMSC, "Unimplemented msg type: %d\n", bs->type); + } + + return 0; +} + + +/* + * network initialisation + */ +static void initialize_if_needed(void) +{ + if (!bsc_gsmnet) { + int rc; + struct msgb *msg; + + fprintf(stderr, "Bootstraping the network. Sending GSM08.08 reset.\n"); + rc = bsc_bootstrap_network(NULL, config_file); + if (rc < 0) { + fprintf(stderr, "Bootstrapping the network failed. exiting.\n"); + exit(1); + } + + + /* send a gsm 08.08 reset message from here */ + msg = bssmap_create_reset(); + if (!msg) { + DEBUGP(DMSC, "Failed to create the reset message.\n"); + return; + } + + sccp_write(msg, &sccp_ssn_bssap, &sccp_ssn_bssap, 0); + msgb_free(msg); + } +} + +/* + * callback with IP access data + */ +static int ipaccess_a_fd_cb(struct bsc_fd *bfd, unsigned int what) +{ + int error; + struct msgb *msg = ipaccess_read_msg(bfd, &error); + struct ipaccess_head *hh; + + if (!msg) { + if (error == 0) { + fprintf(stderr, "The connection to the MSC was lost, exiting\n"); + exit(-2); + } + + fprintf(stderr, "Failed to parse ip access message: %d\n", error); + return -1; + } + + DEBUGP(DMSC, "From MSC: %s proto: %d\n", hexdump(msg->data, msg->len), msg->l2h[0]); + + /* handle base message handling */ + hh = (struct ipaccess_head *) msg->data; + ipaccess_rcvmsg_base(msg, bfd); + + /* initialize the networking. This includes sending a GSM08.08 message */ + if (hh->proto == IPAC_PROTO_IPACCESS && msg->l2h[0] == IPAC_MSGT_ID_ACK) + initialize_if_needed(); + else if (hh->proto == IPAC_PROTO_SCCP) + sccp_system_incoming(msg); + + return 0; +} + +/* + * Connect to the MSC + */ +static int connect_to_msc(const char *ip, int port) +{ + struct sockaddr_in sin; + int on = 1, ret; + + printf("Attempting to connect MSC at %s:%d\n", ip, port); + + msc_connection.fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); + msc_connection.cb = ipaccess_a_fd_cb; + msc_connection.when = BSC_FD_READ; + msc_connection.data = NULL; + msc_connection.priv_nr = 1; + + if (msc_connection.fd < 0) { + perror("Creating TCP socket failed"); + return msc_connection.fd; + } + + + memset(&sin, 0, sizeof(sin)); + sin.sin_family = AF_INET; + sin.sin_port = htons(port); + inet_aton(ip, &sin.sin_addr); + + setsockopt(msc_connection.fd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)); + ret = connect(msc_connection.fd, (struct sockaddr *) &sin, sizeof(sin)); + + if (ret < 0) { + perror("Connection failed"); + return ret; + } + + ret = bsc_register_fd(&msc_connection); + if (ret < 0) { + perror("Registering the fd failed"); + close(msc_connection.fd); + return ret; + } + + return ret; +} + +static void print_help() +{ + printf(" Some useful help...\n"); + printf(" -h --help this text\n"); + printf(" -d option --debug=DRLL:DCC:DMM:DRR:DRSL:DNM enable debugging\n"); + printf(" -s --disable-color\n"); + printf(" -c --config-file filename The config file to use.\n"); + printf(" -m --msc=IP. The address of the MSC.\n"); +} + +static void handle_options(int argc, char** argv) +{ + while (1) { + int option_index = 0, c; + static struct option long_options[] = { + {"help", 0, 0, 'h'}, + {"debug", 1, 0, 'd'}, + {"config-file", 1, 0, 'c'}, + {"disable-color", 0, 0, 's'}, + {"timestamp", 0, 0, 'T'}, + {"rtp-proxy", 0, 0, 'P'}, + {"msc", 1, 0, 'm'}, + {0, 0, 0, 0} + }; + + c = getopt_long(argc, argv, "hd:sTPc:m:", + long_options, &option_index); + if (c == -1) + break; + + switch (c) { + case 'h': + print_usage(); + print_help(); + exit(0); + case 's': + debug_use_color(0); + break; + case 'd': + debug_parse_category_mask(optarg); + break; + case 'c': + config_file = strdup(optarg); + break; + case 'T': + debug_timestamp(1); + break; + case 'P': + ipacc_rtp_direct = 0; + break; + case 'm': + msc_address = strdup(optarg); + break; + default: + /* ignore */ + break; + } + } +} + +static void signal_handler(int signal) +{ + fprintf(stdout, "signal %u received\n", signal); + + switch (signal) { + case SIGINT: + bsc_shutdown_net(bsc_gsmnet); + sleep(3); + exit(0); + break; + case SIGABRT: + /* in case of abort, we want to obtain a talloc report + * and then return to the caller, who will abort the process */ + case SIGUSR1: + talloc_report_full(tall_bsc_ctx, stderr); + break; + default: + break; + } +} + +int main(int argc, char **argv) +{ + int rc; + + tall_bsc_ctx = talloc_named_const(NULL, 1, "openbsc"); + + /* parse options */ + handle_options(argc, argv); + + /* seed the PRNG */ + srand(time(NULL)); + + /* initialize sccp */ + sccp_system_init(msc_sccp_write_ipa, NULL); + sccp_connection_set_incoming(&sccp_ssn_bssap, msc_sccp_accept, NULL); + sccp_set_read(&sccp_ssn_bssap, msc_sccp_read, NULL); + + rc = connect_to_msc(msc_address, 5000); + if (rc < 0) { + fprintf(stderr, "Opening the MSC connection failed.\n"); + exit(1); + } + + signal(SIGINT, &signal_handler); + signal(SIGABRT, &signal_handler); + signal(SIGUSR1, &signal_handler); + + while (1) { + bsc_select_main(0); + } +} diff --git a/openbsc/src/bssap.c b/openbsc/src/bssap.c new file mode 100644 index 000000000..ad52827bc --- /dev/null +++ b/openbsc/src/bssap.c @@ -0,0 +1,501 @@ +/* GSM 08.08 BSSMAP handling */ +/* (C) 2009 by Holger Hans Peter Freyther + * (C) 2009 by on-waves.com + * All Rights Reserved + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + */ + +#include +#include +#include +#include +#include +#include +#include + +#include + +#include + + +#define BSSMAP_MSG_SIZE 512 +#define BSSMAP_MSG_HEADROOM 128 + + +static const struct tlv_definition bss_att_tlvdef = { + .def = { + [GSM0808_IE_IMSI] = { TLV_TYPE_TLV }, + [GSM0808_IE_TMSI] = { TLV_TYPE_TLV }, + [GSM0808_IE_CELL_IDENTIFIER_LIST] = { TLV_TYPE_TLV }, + [GSM0808_IE_CHANNEL_NEEDED] = { TLV_TYPE_TV }, + [GSM0808_IE_EMLPP_PRIORITY] = { TLV_TYPE_TV }, + }, +}; + + +static int bssmap_paging_cb(unsigned int hooknum, unsigned int event, struct msgb *msg, void *data, void *param) +{ + DEBUGP(DMSC, "Paging is complete.\n"); + return 0; +} + +static int bssmap_handle_reset_ack(struct gsm_network *net, struct msgb *msg, unsigned int length) +{ + DEBUGP(DMSC, "Reset ACK from MSC\n"); + + return 0; +} + +/* GSM 08.08 § 3.2.1.19 */ +static int bssmap_handle_paging(struct gsm_network *net, struct msgb *msg, unsigned int payload_length) +{ + struct tlv_parsed tp; + char mi_string[GSM48_MI_SIZE]; + u_int32_t tmsi = GSM_RESERVED_TMSI; + unsigned int lac = GSM_LAC_RESERVED_ALL_BTS; + u_int8_t data_length; + const u_int8_t *data; + struct gsm_subscriber *subscr; + u_int8_t chan_needed = RSL_CHANNEED_ANY; + int paged; + + tlv_parse(&tp, &bss_att_tlvdef, msg->l4h + 1, payload_length - 1, 0, 0); + + if (!TLVP_PRESENT(&tp, GSM0808_IE_IMSI)) { + DEBUGP(DMSC, "Mandantory IMSI not present.\n"); + return -1; + } else if ((TLVP_VAL(&tp, GSM0808_IE_IMSI)[0] & GSM_MI_TYPE_MASK) != GSM_MI_TYPE_IMSI) { + DEBUGP(DMSC, "Wrong content in the IMSI\n"); + return -1; + } + + if (!TLVP_PRESENT(&tp, GSM0808_IE_CELL_IDENTIFIER_LIST)) { + DEBUGP(DMSC, "Mandantory CELL IDENTIFIER LIST not present.\n"); + return -1; + } + + if (TLVP_PRESENT(&tp, GSM0808_IE_TMSI)) { + gsm48_mi_to_string(mi_string, sizeof(mi_string), + TLVP_VAL(&tp, GSM0808_IE_TMSI), TLVP_LEN(&tp, GSM0808_IE_TMSI)); + tmsi = strtoul(mi_string, NULL, 10); + } + + + /* + * parse the IMSI + */ + gsm48_mi_to_string(mi_string, sizeof(mi_string), + TLVP_VAL(&tp, GSM0808_IE_IMSI), TLVP_LEN(&tp, GSM0808_IE_IMSI)); + + /* + * parse the cell identifier list + */ + data_length = TLVP_LEN(&tp, GSM0808_IE_CELL_IDENTIFIER_LIST); + data = TLVP_VAL(&tp, GSM0808_IE_CELL_IDENTIFIER_LIST); + + /* + * Support paging to all network or one BTS at one LAC + */ + if (data_length == 3 && data[0] == CELL_IDENT_LAC) { + unsigned int *_lac = (unsigned int *)&data[1]; + lac = ntohs(*_lac); + } else if (data_length > 1 || (data[0] & 0x0f) != CELL_IDENT_BSS) { + DEBUGPC(DMSC, "Unsupported Cell Identifier List: %s\n", hexdump(data, data_length)); + return -1; + } + + if (TLVP_PRESENT(&tp, GSM0808_IE_CHANNEL_NEEDED) && TLVP_LEN(&tp, GSM0808_IE_CHANNEL_NEEDED) == 1) + chan_needed = TLVP_VAL(&tp, GSM0808_IE_CHANNEL_NEEDED)[0] & 0x03; + + if (TLVP_PRESENT(&tp, GSM0808_IE_EMLPP_PRIORITY)) { + DEBUGP(DMSC, "eMLPP is not handled\n"); + } + + DEBUGP(DMSC, "Paging request from MSC IMSI: '%s' TMSI: '0x%x/%u' LAC: 0x%x\n", mi_string, tmsi, tmsi, lac); + subscr = subscr_get_or_create(net, mi_string); + if (!subscr) + return -1; + + /* reassign the tmsi, trust the net over our internal state */ + subscr->tmsi = tmsi; + subscr->lac = lac; + paged = paging_request(net, subscr, chan_needed, bssmap_paging_cb, subscr); + DEBUGP(DMSC, "Paged IMSI: '%s' TMSI: '0x%x/%u' LAC: 0x%x on #bts: %d\n", mi_string, tmsi, tmsi, lac, paged); + + subscr_put(subscr); + return -1; +} + +/* GSM 08.08 § 3.1.9.1 and 3.2.1.21... release our gsm_lchan and send message */ +static int bssmap_handle_clear_command(struct sccp_connection *conn, + struct msgb *msg, unsigned int payload_length) +{ + struct msgb *resp; + + /* TODO: handle the cause of this package */ + + if (msg->lchan) { + DEBUGP(DMSC, "Releasing all transactions on %p\n", conn); + msg->lchan->msc_data->lchan = NULL; + msg->lchan->msc_data = NULL; + put_lchan(msg->lchan); + } + + /* send the clear complete message */ + resp = bssmap_create_clear_complete(); + if (!resp) { + DEBUGP(DMSC, "Sending clear complete failed.\n"); + return -1; + } + + sccp_connection_write(conn, resp); + msgb_free(resp); + return 0; +} + +/* + * GSM 08.08 § 3.4.7 cipher mode handling. We will have to pick + * the cipher to be used for this. In case we are already using + * a cipher we will have to send cipher mode reject to the MSC, + * otherwise we will have to pick something that we and the MS + * is supporting. Currently we are doing it in a rather static + * way by picking one ecnryption or no encrytpion. + */ +static int bssmap_handle_cipher_mode(struct sccp_connection *conn, + struct msgb *msg, unsigned int payload_length) +{ + struct msgb *resp; + int reject_cause = -1; + + /* HACK: Sending A5/0 to the MS */ + if (!msg->lchan || !msg->lchan->msc_data) { + DEBUGP(DMSC, "No lchan/msc_data in cipher mode command.\n"); + goto reject; + } + + if (msg->lchan->msc_data->ciphering_handled) { + DEBUGP(DMSC, "Already seen ciphering command. Protocol Error.\n"); + goto reject; + } + + msg->lchan->msc_data->ciphering_handled = 1; + + /* FIXME: parse the message. TLVP */ + + return gsm48_send_rr_ciph_mode(msg->lchan, 1); + +reject: + resp = bssmap_create_cipher_reject(reject_cause); + if (!resp) { + DEBUGP(DMSC, "Sending the cipher reject failed.\n"); + return -1; + } + + sccp_connection_write(conn, resp); + msgb_free(resp); + return -1; +} + +int bssmap_rcvmsg_udt(struct gsm_network *net, struct msgb *msg, unsigned int length) +{ + int ret = 0; + + if (length < 1) { + DEBUGP(DMSC, "Not enough room: %d\n", length); + return -1; + } + + switch (msg->l4h[0]) { + case BSS_MAP_MSG_RESET_ACKNOWLEDGE: + ret = bssmap_handle_reset_ack(net, msg, length); + break; + case BSS_MAP_MSG_PAGING: + ret = bssmap_handle_paging(net, msg, length); + break; + } + + return ret; +} + +int bssmap_rcvmsg_dt1(struct sccp_connection *conn, struct msgb *msg, unsigned int length) +{ + int ret = 0; + + if (length < 1) { + DEBUGP(DMSC, "Not enough room: %d\n", length); + return -1; + } + + switch (msg->l4h[0]) { + case BSS_MAP_MSG_CLEAR_CMD: + ret = bssmap_handle_clear_command(conn, msg, length); + break; + case BSS_MAP_MSG_CIPHER_MODE_CMD: + ret = bssmap_handle_cipher_mode(conn, msg, length); + break; + default: + DEBUGP(DMSC, "Unimplemented msg type: %d\n", msg->l4h[0]); + break; + } + + return ret; +} + +int dtap_rcvmsg(struct gsm_lchan *lchan, struct msgb *msg, unsigned int length) +{ + struct dtap_header *header; + struct msgb *gsm48; + u_int8_t *data; + int ret = 0; + + if (!lchan) { + DEBUGP(DMSC, "No lchan available\n"); + return -1; + } + + header = (struct dtap_header *) msg->l3h; + if (sizeof(*header) >= length) { + DEBUGP(DMSC, "The DTAP header does not fit. Wanted: %u got: %u\n", sizeof(*header), length); + DEBUGP(DMSC, "hex: %s\n", hexdump(msg->l3h, length)); + return -1; + } + + if (header->length > length - sizeof(*header)) { + DEBUGP(DMSC, "The DTAP l4 information does not fit: header: %u length: %u\n", header->length, length); + DEBUGP(DMSC, "hex: %s\n", hexdump(msg->l3h, length)); + return -1; + } + + DEBUGP(DMSC, "DTAP message: SAPI: %u CHAN: %u\n", header->link_id & 0x07, header->link_id & 0xC0); + + /* forward the data */ + gsm48 = gsm48_msgb_alloc(); + if (!gsm48) { + DEBUGP(DMSC, "Allocation of the message failed.\n"); + return -1; + } + + gsm48->lchan = lchan; + gsm48->trx = gsm48->lchan->ts->trx; + gsm48->l3h = gsm48->data; + data = msgb_put(gsm48, length - sizeof(*header)); + memcpy(data, msg->l3h + sizeof(*header), length - sizeof(*header)); + ret = rsl_data_request(gsm48, header->link_id); + + return ret; +} + +/* Create messages */ +struct msgb *bssmap_create_layer3(struct msgb *msg_l3) +{ + u_int8_t *data; + u_int16_t *ci; + struct msgb* msg; + struct gsm48_loc_area_id *lai; + struct gsm_bts *bts = msg_l3->lchan->ts->trx->bts; + + msg = msgb_alloc_headroom(BSSMAP_MSG_SIZE, BSSMAP_MSG_HEADROOM, + "bssmap cmpl l3"); + if (!msg) + return NULL; + + + /* create the bssmap header */ + msg->l3h = msgb_put(msg, 2); + msg->l3h[0] = 0x0; + + /* create layer 3 header */ + data = msgb_put(msg, 1); + data[0] = BSS_MAP_MSG_COMPLETE_LAYER_3; + + /* create the cell header */ + data = msgb_put(msg, 3); + data[0] = GSM0808_IE_CELL_IDENTIFIER; + data[1] = 1 + sizeof(*lai) + 2; + data[2] = CELL_IDENT_WHOLE_GLOBAL; + + lai = (struct gsm48_loc_area_id *) msgb_put(msg, sizeof(*lai)); + gsm0408_generate_lai(lai, bts->network->country_code, + bts->network->network_code, bts->location_area_code); + + ci = (u_int16_t *) msgb_put(msg, 2); + *ci = htons(bts->cell_identity); + + /* copy the layer3 data */ + data = msgb_put(msg, msgb_l3len(msg_l3) + 2); + data[0] = GSM0808_IE_LAYER_3_INFORMATION; + data[1] = msgb_l3len(msg_l3); + memcpy(&data[2], msg_l3->l3h, data[1]); + + /* update the size */ + msg->l3h[1] = msgb_l3len(msg) - 2; + + return msg; +} + +struct msgb *bssmap_create_reset(void) +{ + struct msgb *msg = msgb_alloc(30, "bssmap: reset"); + if (!msg) + return NULL; + + msg->l3h = msgb_put(msg, 6); + msg->l3h[0] = BSSAP_MSG_BSS_MANAGEMENT; + msg->l3h[1] = 0x04; + msg->l3h[2] = 0x30; + msg->l3h[3] = 0x04; + msg->l3h[4] = 0x01; + msg->l3h[5] = 0x20; + return msg; +} + +struct msgb *bssmap_create_clear_complete(void) +{ + struct msgb *msg = msgb_alloc(30, "bssmap: clear complete"); + if (!msg) + return NULL; + + msg->l3h = msgb_put(msg, 3); + msg->l3h[0] = BSSAP_MSG_BSS_MANAGEMENT; + msg->l3h[1] = 1; + msg->l3h[2] = BSS_MAP_MSG_CLEAR_COMPLETE; + + return msg; +} + +struct msgb *bssmap_create_cipher_complete(struct msgb *layer3, int bsc_enc_algo) +{ + struct msgb *msg = msgb_alloc_headroom(BSSMAP_MSG_SIZE, BSSMAP_MSG_HEADROOM, + "cipher-complete"); + if (!msg) + return NULL; + + /* send response with BSS override for A5/1... cheating */ + msg->l3h = msgb_put(msg, 3); + msg->l3h[0] = BSSAP_MSG_BSS_MANAGEMENT; + msg->l3h[1] = 1; + msg->l3h[2] = BSS_MAP_MSG_CIPHER_MODE_COMPLETE; + + /* include layer3 in case we have at least two octets */ + if (layer3 && msgb_l3len(layer3) > 2) { + msg->l3h[1] += msgb_l3len(layer3) + 2; + + msg->l4h = msgb_put(msg, msgb_l3len(layer3) + 2); + msg->l4h[0] = GSM0808_IE_LAYER_3_MESSAGE_CONTENTS; + msg->l4h[1] = msgb_l3len(layer3); + memcpy(&msg->l4h[2], layer3->l3h, msgb_l3len(layer3)); + } + + /* and the optional BSS message */ + if (bsc_enc_algo != -1) { + msg->l3h[1] += 2; + + msg->l4h = msgb_put(msg, 2); + msg->l4h[0] = GSM0808_IE_CHOSEN_ENCR_ALG; + msg->l4h[1] = bsc_enc_algo; + } + + return msg; +} + +struct msgb *bssmap_create_cipher_reject(u_int8_t cause) +{ + struct msgb *msg = msgb_alloc(30, "bssmap: clear complete"); + if (!msg) + return NULL; + + msg->l3h = msgb_put(msg, 3); + msg->l3h[0] = BSSAP_MSG_BSS_MANAGEMENT; + msg->l3h[1] = 2; + msg->l3h[2] = BSS_MAP_MSG_CIPHER_MODE_REJECT; + msg->l3h[3] = cause; + + return msg; +} + +struct msgb *dtap_create_msg(struct msgb *msg_l3, u_int8_t link_id) +{ + struct dtap_header *header; + u_int8_t *data; + struct msgb *msg = msgb_alloc_headroom(BSSMAP_MSG_SIZE, BSSMAP_MSG_HEADROOM, + "dtap"); + if (!msg) + return NULL; + + /* DTAP header */ + msg->l3h = msgb_put(msg, sizeof(*header)); + header = (struct dtap_header *) &msg->l3h[0]; + header->type = BSSAP_MSG_DTAP; + header->link_id = link_id; + header->length = msgb_l3len(msg_l3); + + /* Payload */ + data = msgb_put(msg, header->length); + memcpy(data, msg_l3->l3h, header->length); + + return msg; +} + +static int bssap_handle_lchan_signal(unsigned int subsys, unsigned int signal, + void *handler_data, void *signal_data) +{ + struct msgb *msg; + struct gsm_lchan *lchan; + struct sccp_connection *conn; + + if (subsys != SS_LCHAN || signal != S_LCHAN_UNEXPECTED_RELEASE) + return 0; + + /* + * If we have a SCCP Connection we need to inform the MSC about + * the resource error and then drop the lchan<->sccp association. + */ + lchan = (struct gsm_lchan *)signal_data; + + if (!lchan || !lchan->msc_data) + return 0; + + conn = lchan->msc_data->sccp; + lchan->msc_data->lchan = NULL; + lchan->msc_data = NULL; + + msg = msgb_alloc(30, "sccp: clear request"); + if (!msg) { + DEBUGP(DMSC, "Failed to allocate clear request.\n"); + return 0; + } + + msg->l3h = msgb_put(msg, 2 + 4); + msg->l3h[0] = BSSAP_MSG_BSS_MANAGEMENT; + msg->l3h[1] = 4; + + msg->l3h[2] = BSS_MAP_MSG_CLEAR_RQST; + msg->l3h[3] = GSM0808_IE_CAUSE; + msg->l3h[4] = 1; + msg->l3h[5] = GSM0808_CAUSE_RADIO_INTERFACE_FAILURE; + + DEBUGP(DMSC, "Sending clear request on unexpected channel release.\n"); + sccp_connection_write(conn, msg); + msgb_free(msg); + + return 0; +} + +static __attribute__((constructor)) void on_dso_load_bssap(void) +{ + register_signal_handler(SS_LCHAN, bssap_handle_lchan_signal, NULL); +} diff --git a/openbsc/src/chan_alloc.c b/openbsc/src/chan_alloc.c index 7ba679c87..0b9d4199d 100644 --- a/openbsc/src/chan_alloc.c +++ b/openbsc/src/chan_alloc.c @@ -218,6 +218,9 @@ struct gsm_lchan *lchan_alloc(struct gsm_bts *bts, enum gsm_chan_t type) /* clear multi rate config */ memset(&lchan->mr_conf, 0, sizeof(lchan->mr_conf)); + /* clear any msc reference */ + lchan->msc_data = NULL; + /* Configure the time and start it so it will be closed */ lchan->release_timer.cb = auto_release_channel; lchan->release_timer.data = lchan; diff --git a/openbsc/src/gsm_subscriber_base.c b/openbsc/src/gsm_subscriber_base.c index 48374eae5..2255b127b 100644 --- a/openbsc/src/gsm_subscriber_base.c +++ b/openbsc/src/gsm_subscriber_base.c @@ -89,6 +89,7 @@ static int subscr_paging_cb(unsigned int hooknum, unsigned int event, request->cbfn(hooknum, event, msg, data, request->param); subscr->in_callback = 0; + subscr_put(request->subscr); talloc_free(request); return 0; } @@ -166,7 +167,7 @@ void subscr_get_channel(struct gsm_subscriber *subscr, } memset(request, 0, sizeof(*request)); - request->subscr = subscr; + request->subscr = subscr_get(subscr); request->channel_type = type; request->cbfn = cbfn; request->param = param; @@ -212,3 +213,22 @@ void subscr_put_channel(struct gsm_lchan *lchan) subscr_send_paging_request(lchan->subscr); } +struct gsm_subscriber *subscr_get_or_create(struct gsm_network *net, + const char *imsi) +{ + struct gsm_subscriber *subscr; + + llist_for_each_entry(subscr, subscr_bsc_active_subscriber(), entry) { + if (strcmp(subscr->imsi, imsi) == 0 && subscr->net == net) + return subscr_get(subscr); + } + + subscr = subscr_alloc(); + if (!subscr) + return NULL; + + strcpy(subscr->imsi, imsi); + subscr->net = net; + return subscr; +} + diff --git a/openbsc/src/msgb.c b/openbsc/src/msgb.c index edeb975a9..0f8627a27 100644 --- a/openbsc/src/msgb.c +++ b/openbsc/src/msgb.c @@ -92,6 +92,7 @@ void msgb_reset(struct msgb *msg) msg->l2h = NULL; msg->l3h = NULL; msg->smsh = NULL; + msg->l4h = NULL; } static __attribute__((constructor)) void on_dso_load_trau_msgb(void) -- cgit v1.2.3