diff options
Diffstat (limited to 'openbsc/src/gprs')
| -rw-r--r-- | openbsc/src/gprs/Makefile.am | 15 | ||||
| -rw-r--r-- | openbsc/src/gprs/gprs_gmm.c | 512 | ||||
| -rw-r--r-- | openbsc/src/gprs/gprs_llc.c | 6 | ||||
| -rw-r--r-- | openbsc/src/gprs/gprs_sgsn.c | 71 | ||||
| -rw-r--r-- | openbsc/src/gprs/gsm_04_08_gprs.c | 37 | ||||
| -rw-r--r-- | openbsc/src/gprs/osmo_sgsn.cfg | 59 | ||||
| -rw-r--r-- | openbsc/src/gprs/sgsn_cdr.c | 4 | ||||
| -rw-r--r-- | openbsc/src/gprs/sgsn_libgtp.c | 130 | ||||
| -rw-r--r-- | openbsc/src/gprs/sgsn_main.c | 20 | ||||
| -rw-r--r-- | openbsc/src/gprs/sgsn_vty.c | 4 |
10 files changed, 751 insertions, 107 deletions
diff --git a/openbsc/src/gprs/Makefile.am b/openbsc/src/gprs/Makefile.am index 6dc7e1634..d098559f9 100644 --- a/openbsc/src/gprs/Makefile.am +++ b/openbsc/src/gprs/Makefile.am @@ -2,9 +2,11 @@ AM_CPPFLAGS = $(all_includes) -I$(top_srcdir)/include -I$(top_builddir) AM_CFLAGS=-Wall -fno-strict-aliasing $(LIBOSMOCORE_CFLAGS) \ $(LIBOSMOGSM_CFLAGS) $(LIBOSMOVTY_CFLAGS) $(LIBOSMOCTRL_CFLAGS) \ $(LIBOSMOABIS_CFLAGS) $(LIBOSMOGB_CFLAGS) $(COVERAGE_CFLAGS) \ - $(LIBCARES_CFLAGS) $(LIBCRYPTO_CFLAGS) $(LIBGTP_CFLAGS) + $(LIBCARES_CFLAGS) $(LIBCRYPTO_CFLAGS) $(LIBGTP_CFLAGS) \ + $(LIBASN1C_CFLAGS) $(LIBOSMOSIGTRAN_CFLAGS) $(LIBOSMORANAP_CFLAGS) + OSMO_LIBS = $(LIBOSMOCORE_LIBS) $(LIBOSMOGSM_LIBS) $(LIBOSMOVTY_LIBS) \ - $(LIBOSMOCTRL_LIBS) $(LIBOSMOGB_LIBS) + $(LIBOSMOCTRL_LIBS) $(LIBOSMOGB_LIBS) -ltalloc -lm noinst_HEADERS = gprs_sndcp.h @@ -16,6 +18,8 @@ bin_PROGRAMS += osmo-sgsn osmo-gtphub endif endif +IUHDIR = $(top_srcdir)/../../osmo-iuh + osmo_gbproxy_SOURCES = gb_proxy.c gb_proxy_main.c gb_proxy_vty.c \ gb_proxy_patch.c gb_proxy_tlli.c gb_proxy_peer.c \ gprs_gb_parse.c gprs_llc_parse.c crc24.c gprs_utils.c @@ -27,12 +31,15 @@ osmo_sgsn_SOURCES = gprs_gmm.c gprs_sgsn.c gprs_sndcp.c gprs_sndcp_vty.c \ gprs_llc.c gprs_llc_parse.c gprs_llc_vty.c crc24.c \ sgsn_ctrl.c sgsn_auth.c gprs_subscriber.c \ gprs_utils.c gprs_gsup_client.c \ - sgsn_cdr.c sgsn_ares.c \ + gsm_04_08_gprs.c sgsn_cdr.c sgsn_ares.c \ oap.c oap_messages.c + osmo_sgsn_LDADD = \ $(top_builddir)/src/libcommon/libcommon.a \ + $(top_builddir)/src/libiu/libiu.a \ -lgtp $(OSMO_LIBS) $(LIBOSMOABIS_LIBS) $(LIBCARES_LIBS) \ - $(LIBCRYPTO_LIBS) -lrt + $(LIBCRYPTO_LIBS) -lrt \ + $(LIBOSMOSIGTRAN_LIBS) $(LIBOSMORANAP_LIBS) $(LIBASN1C_LIBS) osmo_gtphub_SOURCES = gtphub_main.c gtphub.c gtphub_sock.c gtphub_ares.c \ gtphub_vty.c sgsn_ares.c gprs_utils.c diff --git a/openbsc/src/gprs/gprs_gmm.c b/openbsc/src/gprs/gprs_gmm.c index 2bbc5ff34..2304c1a01 100644 --- a/openbsc/src/gprs/gprs_gmm.c +++ b/openbsc/src/gprs/gprs_gmm.c @@ -31,6 +31,8 @@ #include <arpa/inet.h> #include <netdb.h> +#include <openssl/rand.h> + #include <openbsc/db.h> #include <osmocom/core/msgb.h> #include <osmocom/gsm/tlv.h> @@ -38,15 +40,17 @@ #include <osmocom/core/signal.h> #include <osmocom/core/talloc.h> #include <osmocom/core/rate_ctr.h> +#include <osmocom/crypt/auth.h> #include <osmocom/gsm/apn.h> -#include <osmocom/gsm/protocol/gsm_04_08_gprs.h> #include <osmocom/gprs/gprs_bssgp.h> +#include <osmocom/ranap/ranap_ies_defs.h> #include <openbsc/debug.h> #include <openbsc/gsm_data.h> #include <openbsc/gsm_subscriber.h> #include <openbsc/gsm_04_08.h> +#include <openbsc/gsm_04_08_gprs.h> #include <openbsc/paging.h> #include <openbsc/transaction.h> #include <openbsc/gprs_llc.h> @@ -55,6 +59,7 @@ #include <openbsc/gprs_utils.h> #include <openbsc/sgsn.h> #include <openbsc/signal.h> +#include <openbsc/iu.h> #include <pdp.h> @@ -95,6 +100,46 @@ static const struct tlv_definition gsm48_sm_att_tlvdef = { static int gsm48_gmm_authorize(struct sgsn_mm_ctx *ctx); +int sgsn_ranap_rab_ass_resp(struct sgsn_mm_ctx *ctx, RANAP_RAB_SetupOrModifiedItemIEs_t *setup_ies); +int sgsn_ranap_iu_event(struct ue_conn_ctx *ctx, enum iu_event_type type, void *data) +{ + struct sgsn_mm_ctx *mm; + int rc = -1; + + mm = sgsn_mm_ctx_by_ue_ctx(ctx); + if (!mm) { + LOGP(DRANAP, LOGL_NOTICE, "Cannot find mm ctx for IU event %i!\n", type); + return rc; + } + + switch (type) { + case IU_EVENT_RAB_ASSIGN: + rc = sgsn_ranap_rab_ass_resp(mm, (RANAP_RAB_SetupOrModifiedItemIEs_t *)data); + break; + case IU_EVENT_IU_RELEASE: + /* fall thru */ + case IU_EVENT_LINK_INVALIDATED: + /* Clean up ue_conn_ctx here */ + LOGMMCTXP(LOGL_INFO, mm, "IU release for imsi %s\n", mm->imsi); + if (mm->pmm_state == PMM_CONNECTED) + mm->pmm_state = PMM_IDLE; + + rc = 0; + break; + case IU_EVENT_SECURITY_MODE_COMPLETE: + /* Continue authentication here */ + mm->iu.ue_ctx->integrity_active = 1; + rc = gsm48_gmm_authorize(mm); + break; + default: + LOGP(DRANAP, LOGL_NOTICE, "Unknown event received: %i\n", type); + rc = -1; + break; + } + return rc; +} + + /* Our implementation, should be kept in SGSN */ static void mmctx_timer_cb(void *_mm); @@ -135,6 +180,9 @@ static int gsm48_gmm_sendmsg(struct msgb *msg, int command, if (mm) rate_ctr_inc(&mm->ctrg->ctr[GMM_CTR_PKTS_SIG_OUT]); + if (msg->dst) + return iu_tx(msg, GPRS_SAPI_GMM); + /* caller needs to provide TLLI, BVCI and NSEI */ return gprs_llc_tx_ui(msg, GPRS_SAPI_GMM, command, mm); } @@ -146,21 +194,24 @@ static void gmm_copy_id(struct msgb *msg, const struct msgb *old) msgb_tlli(msg) = msgb_tlli(old); msgb_bvci(msg) = msgb_bvci(old); msgb_nsei(msg) = msgb_nsei(old); + msg->dst = old->dst; } /* Store BVCI/NSEI in MM context */ static void msgid2mmctx(struct sgsn_mm_ctx *mm, const struct msgb *msg) { - mm->bvci = msgb_bvci(msg); - mm->nsei = msgb_nsei(msg); + mm->gb.bvci = msgb_bvci(msg); + mm->gb.nsei = msgb_nsei(msg); + mm->iu.ue_ctx = msg->dst; } /* Store BVCI/NSEI in MM context */ static void mmctx2msgid(struct msgb *msg, const struct sgsn_mm_ctx *mm) { - msgb_tlli(msg) = mm->tlli; - msgb_bvci(msg) = mm->bvci; - msgb_nsei(msg) = mm->nsei; + msgb_tlli(msg) = mm->gb.tlli; + msgb_bvci(msg) = mm->gb.bvci; + msgb_nsei(msg) = mm->gb.nsei; + msg->dst = mm->iu.ue_ctx; } static void mm_ctx_cleanup_free(struct sgsn_mm_ctx *ctx, const char *log_text) @@ -169,6 +220,7 @@ static void mm_ctx_cleanup_free(struct sgsn_mm_ctx *ctx, const char *log_text) /* Mark MM state as deregistered */ ctx->mm_state = GMM_DEREGISTERED; + ctx->pmm_state = PMM_DETACHED; sgsn_mm_ctx_cleanup_free(ctx); } @@ -524,10 +576,15 @@ static int gsm48_rx_gmm_auth_ciph_resp(struct sgsn_mm_ctx *ctx, ctx->is_authenticated = 1; + if (ctx->ran_type == MM_CTX_T_UTRAN_Iu) + ctx->iu.new_key = 1; + /* FIXME: enable LLC cipheirng */ /* Check if we can let the mobile station enter */ - return gsm48_gmm_authorize(ctx); + rc = gsm48_gmm_authorize(ctx); + + return rc; } static void extract_subscr_msisdn(struct sgsn_mm_ctx *ctx) @@ -599,9 +656,72 @@ static void extract_subscr_hlr(struct sgsn_mm_ctx *ctx) strncpy(&ctx->hlr[0], called.number, sizeof(ctx->hlr) - 1); } +/* Chapter 9.4.21: Service accept */ +static int gsm48_tx_gmm_service_ack(struct sgsn_mm_ctx *mm) +{ + struct msgb *msg = gsm48_msgb_alloc_name("GSM 04.08 SERVICE ACK"); + struct gsm48_hdr *gh; + + LOGMMCTXP(LOGL_INFO, mm, "<- GPRS SERVICE ACCEPT (P-TMSI=0x%08x)\n", mm->p_tmsi); + + mmctx2msgid(msg, mm); + + gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh)); + gh->proto_discr = GSM48_PDISC_MM_GPRS; + gh->msg_type = GSM48_MT_GMM_SERVICE_ACK; + + /* Optional: PDP context status */ + /* Optional: MBMS context status */ + + return gsm48_gmm_sendmsg(msg, 0, mm); +} + +/* Chapter 9.4.22: Service reject */ +static int _tx_gmm_service_rej(struct msgb *msg, uint8_t gmm_cause, + const struct sgsn_mm_ctx *mm) +{ + struct gsm48_hdr *gh; + + LOGMMCTXP(LOGL_NOTICE, mm, "<- GPRS SERVICE REJECT: %s\n", + get_value_string(gsm48_gmm_cause_names, gmm_cause)); + + gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh) + 1); + gh->proto_discr = GSM48_PDISC_MM_GPRS; + gh->msg_type = GSM48_MT_GMM_SERVICE_REJ; + gh->data[0] = gmm_cause; + + return gsm48_gmm_sendmsg(msg, 0, NULL); +} +static int gsm48_tx_gmm_service_rej_oldmsg(const struct msgb *old_msg, + uint8_t gmm_cause) +{ + struct msgb *msg = gsm48_msgb_alloc_name("GSM 04.08 SERVICE REJ OLD"); + gmm_copy_id(msg, old_msg); + return _tx_gmm_service_rej(msg, gmm_cause, NULL); +} +static int gsm48_tx_gmm_service_rej(struct sgsn_mm_ctx *mm, + uint8_t gmm_cause) +{ + struct msgb *msg = gsm48_msgb_alloc_name("GSM 04.08 SERVICE REJ"); + mmctx2msgid(msg, mm); + return _tx_gmm_service_rej(msg, gmm_cause, mm); +} + +static int gsm48_tx_gmm_ra_upd_ack(struct sgsn_mm_ctx *mm); + +void activate_pdp_rabs(struct sgsn_mm_ctx *ctx) +{ + /* Send RAB activation requests for all PDP contexts */ + struct sgsn_pdp_ctx *pdp; + llist_for_each_entry(pdp, &ctx->pdp_list, list) { + iu_rab_act_ps(pdp->nsapi, pdp, 1); + } +} + /* Check if we can already authorize a subscriber */ static int gsm48_gmm_authorize(struct sgsn_mm_ctx *ctx) { + int rc; #ifndef PTMSI_ALLOC struct sgsn_signal_data sig_data; #endif @@ -656,6 +776,11 @@ static int gsm48_gmm_authorize(struct sgsn_mm_ctx *ctx) } /* The MS is authorized */ + if (ctx->ran_type == MM_CTX_T_UTRAN_Iu && !ctx->iu.ue_ctx->integrity_active) { + rc = iu_tx_sec_mode_cmd(ctx->iu.ue_ctx, &ctx->auth_triplet, 0, ctx->iu.new_key); + ctx->iu.new_key = 0; + return rc; + } switch (ctx->pending_req) { case 0: @@ -663,6 +788,7 @@ static int gsm48_gmm_authorize(struct sgsn_mm_ctx *ctx) "no pending request, authorization completed\n"); break; case GSM48_MT_GMM_ATTACH_REQ: + ctx->pending_req = 0; extract_subscr_msisdn(ctx); extract_subscr_hlr(ctx); @@ -678,6 +804,22 @@ static int gsm48_gmm_authorize(struct sgsn_mm_ctx *ctx) #endif return gsm48_tx_gmm_att_ack(ctx); + case GSM48_MT_GMM_SERVICE_REQ: + /* TODO: PMM State transition */ + ctx->pending_req = 0; + ctx->pmm_state = PMM_CONNECTED; + rc = gsm48_tx_gmm_service_ack(ctx); + + if (ctx->iu.service.type == 1) { + activate_pdp_rabs(ctx); + } + + return rc; + case GSM48_MT_GMM_RA_UPD_REQ: + ctx->pending_req = 0; + /* Send RA UPDATE ACCEPT */ + return gsm48_tx_gmm_ra_upd_ack(ctx); + default: LOGMMCTXP(LOGL_ERROR, ctx, "only Attach Request is supported yet, " @@ -834,7 +976,7 @@ static int gsm48_rx_gmm_att_req(struct sgsn_mm_ctx *ctx, struct msgb *msg, uint32_t tmsi; char mi_string[GSM48_MI_SIZE]; struct gprs_ra_id ra_id; - uint16_t cid; + uint16_t cid = 0; enum gsm48_gmm_cause reject_cause; int rc; @@ -844,7 +986,8 @@ static int gsm48_rx_gmm_att_req(struct sgsn_mm_ctx *ctx, struct msgb *msg, * with a foreign TLLI (P-TMSI that was allocated to the MS before), * or with random TLLI. */ - cid = bssgp_parse_cell_id(&ra_id, msgb_bcid(msg)); + if (!msg->dst) + cid = bssgp_parse_cell_id(&ra_id, msgb_bcid(msg)); /* MS network capability 10.5.5.12 */ msnc_len = *cur++; @@ -853,8 +996,10 @@ static int gsm48_rx_gmm_att_req(struct sgsn_mm_ctx *ctx, struct msgb *msg, goto err_inval; cur += msnc_len; + /* TODO: In iu mode - handle follow-on request */ + /* aTTACH Type 10.5.5.2 */ - att_type = *cur++ & 0x0f; + att_type = *cur++ & 0x07; /* DRX parameter 10.5.5.6 */ drx_par = *cur++ << 8; @@ -896,7 +1041,10 @@ static int gsm48_rx_gmm_att_req(struct sgsn_mm_ctx *ctx, struct msgb *msg, #if 0 return gsm48_tx_gmm_att_rej(msg, GMM_CAUSE_IMSI_UNKNOWN); #else - ctx = sgsn_mm_ctx_alloc(0, &ra_id); + if (msg->dst) + ctx = sgsn_mm_ctx_alloc_iu(msg->dst); + else + ctx = sgsn_mm_ctx_alloc(0, &ra_id); if (!ctx) { reject_cause = GMM_CAUSE_NET_FAIL; goto rejected; @@ -904,8 +1052,10 @@ static int gsm48_rx_gmm_att_req(struct sgsn_mm_ctx *ctx, struct msgb *msg, strncpy(ctx->imsi, mi_string, sizeof(ctx->imsi) - 1); #endif } - ctx->tlli = msgb_tlli(msg); - ctx->llme = llme; + if (ctx->ran_type == MM_CTX_T_GERAN_Gb) { + ctx->gb.tlli = msgb_tlli(msg); + ctx->gb.llme = llme; + } msgid2mmctx(ctx, msg); break; case GSM_MI_TYPE_TMSI: @@ -917,11 +1067,16 @@ static int gsm48_rx_gmm_att_req(struct sgsn_mm_ctx *ctx, struct msgb *msg, if (!ctx) { /* Allocate a context as most of our code expects one. * Context will not have an IMSI ultil ID RESP is received */ - ctx = sgsn_mm_ctx_alloc(msgb_tlli(msg), &ra_id); + if (msg->dst) + ctx = sgsn_mm_ctx_alloc_iu(msg->dst); + else + ctx = sgsn_mm_ctx_alloc(msgb_tlli(msg), &ra_id); ctx->p_tmsi = tmsi; } - ctx->tlli = msgb_tlli(msg); - ctx->llme = llme; + if (ctx->ran_type == MM_CTX_T_GERAN_Gb) { + ctx->gb.tlli = msgb_tlli(msg); + ctx->gb.llme = llme; + } msgid2mmctx(ctx, msg); break; default: @@ -932,7 +1087,32 @@ static int gsm48_rx_gmm_att_req(struct sgsn_mm_ctx *ctx, struct msgb *msg, } /* Update MM Context with currient RA and Cell ID */ ctx->ra = ra_id; - ctx->cell_id = cid; + if (ctx->ran_type == MM_CTX_T_GERAN_Gb) + ctx->gb.cell_id = cid; + else if (ctx->ran_type == MM_CTX_T_UTRAN_Iu) { + unsigned char tmp_rand[16]; + /* Ki 000102030405060708090a0b0c0d0e0f */ + struct osmo_sub_auth_data auth = { + .type = OSMO_AUTH_TYPE_GSM, + .algo = OSMO_AUTH_ALG_COMP128v1, + .u.gsm.ki = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, + 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, + 0x0e, 0x0f + }, + }; + //ctx->iu.sac = sac; + /* XXX: Hack to make 3G auth work with special SIM card */ + ctx->auth_state = SGSN_AUTH_AUTHENTICATE; + + RAND_bytes(tmp_rand, 16); + + memset(&ctx->auth_triplet.vec, 0, sizeof(ctx->auth_triplet.vec)); + osmo_auth_gen_vec(&ctx->auth_triplet.vec, &auth, tmp_rand); + + ctx->auth_triplet.key_seq = 0; + } + /* Update MM Context with other data */ ctx->drx_parms = drx_par; ctx->ms_radio_access_capa.len = ms_ra_acc_cap_len; @@ -950,13 +1130,16 @@ static int gsm48_rx_gmm_att_req(struct sgsn_mm_ctx *ctx, struct msgb *msg, } ctx->mm_state = GMM_COMMON_PROC_INIT; #endif - /* Even if there is no P-TMSI allocated, the MS will switch from - * foreign TLLI to local TLLI */ - ctx->tlli_new = gprs_tmsi2tlli(ctx->p_tmsi, TLLI_LOCAL); - /* Inform LLC layer about new TLLI but keep old active */ - gprs_llgmm_assign(ctx->llme, ctx->tlli, ctx->tlli_new, - GPRS_ALGO_GEA0, NULL); + if (ctx->ran_type == MM_CTX_T_GERAN_Gb) { + /* Even if there is no P-TMSI allocated, the MS will + * switch from foreign TLLI to local TLLI */ + ctx->gb.tlli_new = gprs_tmsi2tlli(ctx->p_tmsi, TLLI_LOCAL); + + /* Inform LLC layer about new TLLI but keep old active */ + gprs_llgmm_assign(ctx->gb.llme, ctx->gb.tlli, ctx->gb.tlli_new, + GPRS_ALGO_GEA0, NULL); + } ctx->pending_req = GSM48_MT_GMM_ATTACH_REQ; return gsm48_gmm_authorize(ctx); @@ -1131,8 +1314,10 @@ static int gsm48_rx_gmm_ra_upd_req(struct sgsn_mm_ctx *mmctx, struct msgb *msg, enum gsm48_gmm_cause reject_cause; int rc; + /* TODO: In iu mode - handle follow-on request */ + /* Update Type 10.5.5.18 */ - upd_type = *cur++ & 0x0f; + upd_type = *cur++ & 0x07; LOGP(DMM, LOGL_INFO, "-> GMM RA UPDATE REQUEST type=\"%s\"\n", get_value_string(gprs_upd_t_strs, upd_type)); @@ -1165,6 +1350,7 @@ static int gsm48_rx_gmm_ra_upd_req(struct sgsn_mm_ctx *mmctx, struct msgb *msg, break; } +#warning "Differentiate look-up between Iu and Gb" if (!mmctx) { /* BSSGP doesn't give us an mmctx */ @@ -1174,7 +1360,24 @@ static int gsm48_rx_gmm_ra_upd_req(struct sgsn_mm_ctx *mmctx, struct msgb *msg, * is an optimization to avoid the RA reject (impl detached) * below, which will cause a new attach cycle. */ /* Look-up the MM context based on old RA-ID and TLLI */ - mmctx = sgsn_mm_ctx_by_tlli_and_ptmsi(msgb_tlli(msg), &old_ra_id); + if (!msg->dst) { + mmctx = sgsn_mm_ctx_by_tlli_and_ptmsi(msgb_tlli(msg), &old_ra_id); + } else if (TLVP_PRESENT(&tp, GSM48_IE_GMM_ALLOC_PTMSI)) { + /* In Iu mode search only for ptmsi */ + char mi_string[GSM48_MI_SIZE]; + uint8_t mi_len = TLVP_LEN(&tp, GSM48_IE_GMM_ALLOC_PTMSI); + uint8_t *mi = TLVP_VAL(&tp, GSM48_IE_GMM_ALLOC_PTMSI); + uint8_t mi_type = *mi & GSM_MI_TYPE_MASK; + uint32_t tmsi; + + gsm48_mi_to_string(mi_string, sizeof(mi_string), mi, mi_len); + + if (mi_type == GSM_MI_TYPE_TMSI) { + memcpy(&tmsi, mi+1, 4); + tmsi = ntohl(tmsi); + mmctx = sgsn_mm_ctx_by_ptmsi(tmsi); + } + } if (mmctx) { LOGMMCTXP(LOGL_INFO, mmctx, "Looked up by matching TLLI and P_TMSI. " @@ -1182,7 +1385,7 @@ static int gsm48_rx_gmm_ra_upd_req(struct sgsn_mm_ctx *mmctx, struct msgb *msg, "TLLI: %08x (%08x), RA: %d-%d-%d-%d\n", msgb_tlli(msg), mmctx->p_tmsi, mmctx->p_tmsi_old, - mmctx->tlli, mmctx->tlli_new, + mmctx->gb.tlli, mmctx->gb.tlli_new, mmctx->ra.mcc, mmctx->ra.mnc, mmctx->ra.lac, mmctx->ra.rac); @@ -1200,10 +1403,12 @@ static int gsm48_rx_gmm_ra_upd_req(struct sgsn_mm_ctx *mmctx, struct msgb *msg, } if (!mmctx) { - /* send a XID reset to re-set all LLC sequence numbers - * in the MS */ - LOGMMCTXP(LOGL_NOTICE, mmctx, "LLC XID RESET\n"); - gprs_llgmm_reset(llme); + if (llme) { + /* send a XID reset to re-set all LLC sequence numbers + * in the MS */ + LOGMMCTXP(LOGL_NOTICE, mmctx, "LLC XID RESET\n"); + gprs_llgmm_reset(llme); + } /* The MS has to perform GPRS attach */ /* Device is still IMSI attached for CS but initiate GPRS ATTACH, * see GSM 04.08, 4.7.5.1.4 and G.6 */ @@ -1217,9 +1422,12 @@ static int gsm48_rx_gmm_ra_upd_req(struct sgsn_mm_ctx *mmctx, struct msgb *msg, rate_ctr_inc(&mmctx->ctrg->ctr[GMM_CTR_PKTS_SIG_IN]); /* Update the MM context with the new RA-ID */ - bssgp_parse_cell_id(&mmctx->ra, msgb_bcid(msg)); - /* Update the MM context with the new (i.e. foreign) TLLI */ - mmctx->tlli = msgb_tlli(msg); +#warning "how to obtain RA_ID in Iu case?" + if (mmctx->ran_type == MM_CTX_T_GERAN_Gb) { + bssgp_parse_cell_id(&mmctx->ra, msgb_bcid(msg)); + /* Update the MM context with the new (i.e. foreign) TLLI */ + mmctx->gb.tlli = msgb_tlli(msg); + } /* FIXME: Update the MM context with the MS radio acc capabilities */ /* FIXME: Update the MM context with the MS network capabilities */ @@ -1244,13 +1452,16 @@ static int gsm48_rx_gmm_ra_upd_req(struct sgsn_mm_ctx *mmctx, struct msgb *msg, sig_data.mm = mmctx; osmo_signal_dispatch(SS_SGSN, S_SGSN_UPDATE, &sig_data); #endif - /* Even if there is no P-TMSI allocated, the MS will switch from - * foreign TLLI to local TLLI */ - mmctx->tlli_new = gprs_tmsi2tlli(mmctx->p_tmsi, TLLI_LOCAL); - - /* Inform LLC layer about new TLLI but keep old active */ - gprs_llgmm_assign(mmctx->llme, mmctx->tlli, mmctx->tlli_new, - GPRS_ALGO_GEA0, NULL); + if (mmctx->ran_type == MM_CTX_T_GERAN_Gb) { + /* Even if there is no P-TMSI allocated, the MS will switch from + * foreign TLLI to local TLLI */ + mmctx->gb.tlli_new = gprs_tmsi2tlli(mmctx->p_tmsi, TLLI_LOCAL); + + /* Inform LLC layer about new TLLI but keep old active */ + gprs_llgmm_assign(mmctx->gb.llme, mmctx->gb.tlli, + mmctx->gb.tlli_new, GPRS_ALGO_GEA0, + NULL); + } /* Look at PDP Context Status IE and see if MS's view of * activated/deactivated NSAPIs agrees with our view */ @@ -1259,8 +1470,9 @@ static int gsm48_rx_gmm_ra_upd_req(struct sgsn_mm_ctx *mmctx, struct msgb *msg, process_ms_ctx_status(mmctx, pdp_status); } + mmctx->pending_req = GSM48_MT_GMM_RA_UPD_REQ; /* Send RA UPDATE ACCEPT */ - return gsm48_tx_gmm_ra_upd_ack(mmctx); + return gsm48_gmm_authorize(mmctx); rejected: /* Send RA UPDATE REJECT */ @@ -1270,14 +1482,126 @@ rejected: rc = gsm48_tx_gmm_ra_upd_rej(msg, reject_cause); if (mmctx) mm_ctx_cleanup_free(mmctx, "GPRS RA UPDATE REJ"); - else - /* TLLI unassignment */ - gprs_llgmm_assign(llme, llme->tlli, 0xffffffff, GPRS_ALGO_GEA0, - NULL); + else { + if (llme) { + /* TLLI unassignment */ + gprs_llgmm_assign(llme, llme->tlli, 0xffffffff, + GPRS_ALGO_GEA0, NULL); + } + } return rc; } +/* 3GPP TS 24.008 Section 9.4.20 Service request */ +static int gsm48_rx_gmm_service_req(struct sgsn_mm_ctx *ctx, struct msgb *msg) +{ + struct gsm48_hdr *gh = (struct gsm48_hdr *) msgb_gmmh(msg); + uint8_t *cur = gh->data, *mi; + uint8_t ciph_seq_nr, service_type, mi_len, mi_type; + uint32_t tmsi; + struct tlv_parsed tp; + char mi_string[GSM48_MI_SIZE]; + uint16_t cid = 0; + enum gsm48_gmm_cause reject_cause; + int rc; + + LOGMMCTXP(LOGL_INFO, ctx, "-> GMM SERVICE REQUEST "); + + /* This message is only valid in Iu mode */ + if (!msg->dst) { + LOGPC(DMM, LOGL_INFO, "Invalid if not in Iu mode\n"); + return -1; + } + + /* Skip Ciphering key sequence number 10.5.1.2 */ + ciph_seq_nr = *cur & 0x07; + + /* Service type 10.5.5.20 */ + service_type = (*cur++ >> 4) & 0x07; + + /* Mobile Identity (P-TMSI or IMSI) 10.5.1.4 */ + mi_len = *cur++; + mi = cur; + if (mi_len > 8) + goto err_inval; + mi_type = *mi & GSM_MI_TYPE_MASK; + cur += mi_len; + + gsm48_mi_to_string(mi_string, sizeof(mi_string), mi, mi_len); + + DEBUGPC(DMM, "MI(%s) type=\"%s\" ", mi_string, + get_value_string(gprs_service_t_strs, service_type)); + + LOGPC(DMM, LOGL_INFO, "\n"); + + /* Optional: PDP context status, MBMS context status, Uplink data status, Device properties */ + tlv_parse(&tp, &gsm48_gmm_att_tlvdef, cur, (msg->data + msg->len) - cur, 0, 0); + + switch (mi_type) { + case GSM_MI_TYPE_IMSI: + /* Try to find MM context based on IMSI */ + if (!ctx) + ctx = sgsn_mm_ctx_by_imsi(mi_string); + if (!ctx) { + /* FIXME: We need to have a context for service request? */ + reject_cause = GMM_CAUSE_NET_FAIL; + goto rejected; + } + msgid2mmctx(ctx, msg); + break; + case GSM_MI_TYPE_TMSI: + memcpy(&tmsi, mi+1, 4); + tmsi = ntohl(tmsi); + /* Try to find MM context based on P-TMSI */ + if (!ctx) + ctx = sgsn_mm_ctx_by_ptmsi(tmsi); + if (!ctx) { + /* FIXME: We need to have a context for service request? */ + reject_cause = GMM_CAUSE_NET_FAIL; + goto rejected; + } + msgid2mmctx(ctx, msg); + break; + default: + LOGMMCTXP(LOGL_NOTICE, ctx, "Rejecting SERVICE REQUEST with " + "MI type %s\n", gsm48_mi_type_name(mi_type)); + reject_cause = GMM_CAUSE_MS_ID_NOT_DERIVED; + goto rejected; + } + + ctx->mm_state = GMM_COMMON_PROC_INIT; + + ctx->iu.service.type = service_type; + + /* TODO: Handle those only in case of accept? */ + /* Look at PDP Context Status IE and see if MS's view of + * activated/deactivated NSAPIs agrees with our view */ + if (TLVP_PRESENT(&tp, GSM48_IE_GMM_PDP_CTX_STATUS)) { + const uint8_t *pdp_status = TLVP_VAL(&tp, GSM48_IE_GMM_PDP_CTX_STATUS); + process_ms_ctx_status(ctx, pdp_status); + } + + + ctx->pending_req = GSM48_MT_GMM_SERVICE_REQ; + return gsm48_gmm_authorize(ctx); + +err_inval: + LOGPC(DMM, LOGL_INFO, "\n"); + reject_cause = GMM_CAUSE_SEM_INCORR_MSG; + +rejected: + /* Send SERVICE REJECT */ + LOGMMCTXP(LOGL_NOTICE, ctx, + "Rejecting Service Request with cause '%s' (%d)\n", + get_value_string(gsm48_gmm_cause_names, reject_cause), reject_cause); + rc = gsm48_tx_gmm_service_rej_oldmsg(msg, reject_cause); + + return rc; + +} + + static int gsm48_rx_gmm_status(struct sgsn_mm_ctx *mmctx, struct msgb *msg) { struct gsm48_hdr *gh = msgb_l3(msg); @@ -1298,7 +1622,7 @@ static int gsm0408_rcv_gmm(struct sgsn_mm_ctx *mmctx, struct msgb *msg, /* MMCTX can be NULL when called */ - if (!mmctx && + if (llme && !mmctx && gh->msg_type != GSM48_MT_GMM_ATTACH_REQ && gh->msg_type != GSM48_MT_GMM_RA_UPD_REQ) { LOGP(DMM, LOGL_NOTICE, "Cannot handle GMM for unknown MM CTX\n"); @@ -1346,7 +1670,20 @@ static int gsm0408_rcv_gmm(struct sgsn_mm_ctx *mmctx, struct msgb *msg, case GSM48_MT_GMM_ATTACH_REQ: rc = gsm48_rx_gmm_att_req(mmctx, msg, llme); break; + case GSM48_MT_GMM_SERVICE_REQ: + rc = gsm48_rx_gmm_service_req(mmctx, msg); + break; + default: + break; + } + /* For all the following types mmctx can not be NULL */ + if (!mmctx) { + /* FIXME: return some error? */ + return -1; + } + + switch (gh->msg_type) { case GSM48_MT_GMM_ID_RESP: rc = gsm48_rx_gmm_id_resp(mmctx, msg); break; @@ -1368,11 +1705,15 @@ static int gsm0408_rcv_gmm(struct sgsn_mm_ctx *mmctx, struct msgb *msg, mmctx->t3350_mode = GMM_T3350_MODE_NONE; mmctx->p_tmsi_old = 0; mmctx->pending_req = 0; - /* Unassign the old TLLI */ - mmctx->tlli = mmctx->tlli_new; - gprs_llgmm_assign(mmctx->llme, 0xffffffff, mmctx->tlli_new, - GPRS_ALGO_GEA0, NULL); + if (mmctx->ran_type == MM_CTX_T_GERAN_Gb) { + /* Unassign the old TLLI */ + mmctx->gb.tlli = mmctx->gb.tlli_new; + gprs_llgmm_assign(mmctx->gb.llme, 0xffffffff, + mmctx->gb.tlli_new, + GPRS_ALGO_GEA0, NULL); + } mmctx->mm_state = GMM_REGISTERED_NORMAL; + mmctx->pmm_state = PMM_CONNECTED; rc = 0; memset(&sig_data, 0, sizeof(sig_data)); @@ -1386,11 +1727,15 @@ static int gsm0408_rcv_gmm(struct sgsn_mm_ctx *mmctx, struct msgb *msg, mmctx->t3350_mode = GMM_T3350_MODE_NONE; mmctx->p_tmsi_old = 0; mmctx->pending_req = 0; - /* Unassign the old TLLI */ - mmctx->tlli = mmctx->tlli_new; - gprs_llgmm_assign(mmctx->llme, 0xffffffff, mmctx->tlli_new, - GPRS_ALGO_GEA0, NULL); + if (mmctx->ran_type == MM_CTX_T_GERAN_Gb) { + /* Unassign the old TLLI */ + mmctx->gb.tlli = mmctx->gb.tlli_new; + gprs_llgmm_assign(mmctx->gb.llme, 0xffffffff, mmctx->gb.tlli_new, + GPRS_ALGO_GEA0, NULL); + } mmctx->mm_state = GMM_REGISTERED_NORMAL; + mmctx->pmm_state = PMM_CONNECTED; + activate_pdp_rabs(mmctx); rc = 0; memset(&sig_data, 0, sizeof(sig_data)); @@ -1403,9 +1748,11 @@ static int gsm0408_rcv_gmm(struct sgsn_mm_ctx *mmctx, struct msgb *msg, mmctx->t3350_mode = GMM_T3350_MODE_NONE; mmctx->p_tmsi_old = 0; mmctx->pending_req = 0; - /* Unassign the old TLLI */ - mmctx->tlli = mmctx->tlli_new; - //gprs_llgmm_assign(mmctx->llme, 0xffffffff, mmctx->tlli_new, GPRS_ALGO_GEA0, NULL); + if (mmctx->ran_type == MM_CTX_T_GERAN_Gb) { + /* Unassign the old TLLI */ + mmctx->gb.tlli = mmctx->gb.tlli_new; + //gprs_llgmm_assign(mmctx->gb.llme, 0xffffffff, mmctx->gb.tlli_new, GPRS_ALGO_GEA0, NULL); + } rc = 0; break; case GSM48_MT_GMM_AUTH_CIPH_RESP: @@ -2077,7 +2424,8 @@ int gsm0408_gprs_force_reattach_oldmsg(struct msgb *msg) int gsm0408_gprs_force_reattach(struct sgsn_mm_ctx *mmctx) { int rc; - gprs_llgmm_reset(mmctx->llme); + if (mmctx->ran_type == MM_CTX_T_GERAN_Gb) + gprs_llgmm_reset(mmctx->gb.llme); rc = gsm48_tx_gmm_detach_req( mmctx, GPRS_DET_T_MT_REATT_REQ, GMM_CAUSE_IMPL_DETACHED); @@ -2087,8 +2435,50 @@ int gsm0408_gprs_force_reattach(struct sgsn_mm_ctx *mmctx) return rc; } -/* Main entry point for incoming 04.08 GPRS messages */ -int gsm0408_gprs_rcvmsg(struct msgb *msg, struct gprs_llc_llme *llme) +/* Main entry point for incoming 04.08 GPRS messages from Iu */ +int gsm0408_gprs_rcvmsg_iu(struct msgb *msg, struct gprs_ra_id *ra_id, + uint16_t *sai) +{ + struct gsm48_hdr *gh = (struct gsm48_hdr *) msgb_gmmh(msg); + uint8_t pdisc = gsm48_hdr_pdisc(gh); + struct sgsn_mm_ctx *mmctx; + int rc = -EINVAL; + + DEBUGP(DMM, "grps_rcvmsg_iu(%s)\n", osmo_hexdump(msgb_gmmh(msg), msgb_l3len(msg))); + + mmctx = sgsn_mm_ctx_by_ue_ctx(msg->dst); + if (mmctx) { + rate_ctr_inc(&mmctx->ctrg->ctr[GMM_CTR_PKTS_SIG_IN]); + if (ra_id) + memcpy(&mmctx->ra, ra_id, sizeof(mmctx->ra)); + //if (sai) + //mmctx->iu.sai = *sai; + } + + /* MMCTX can be NULL */ + + switch (pdisc) { + case GSM48_PDISC_MM_GPRS: + rc = gsm0408_rcv_gmm(mmctx, msg, NULL); + break; + case GSM48_PDISC_SM_GPRS: + rc = gsm0408_rcv_gsm(mmctx, msg, NULL); + break; + default: + LOGMMCTXP(LOGL_NOTICE, mmctx, + "Unknown GSM 04.08 discriminator 0x%02x: %s\n", + pdisc, osmo_hexdump((uint8_t *)gh, msgb_l3len(msg))); + /* FIXME: return status message */ + break; + } + + /* MMCTX can be invalid */ + + return rc; +} + +/* Main entry point for incoming 04.08 GPRS messages from Gb */ +int gsm0408_gprs_rcvmsg_gb(struct msgb *msg, struct gprs_llc_llme *llme) { struct gsm48_hdr *gh = (struct gsm48_hdr *) msgb_gmmh(msg); uint8_t pdisc = gsm48_hdr_pdisc(gh); @@ -2101,7 +2491,7 @@ int gsm0408_gprs_rcvmsg(struct msgb *msg, struct gprs_llc_llme *llme) if (mmctx) { msgid2mmctx(mmctx, msg); rate_ctr_inc(&mmctx->ctrg->ctr[GMM_CTR_PKTS_SIG_IN]); - mmctx->llme = llme; + mmctx->gb.llme = llme; } /* MMCTX can be NULL */ diff --git a/openbsc/src/gprs/gprs_llc.c b/openbsc/src/gprs/gprs_llc.c index 4cf51631b..8d0968ca1 100644 --- a/openbsc/src/gprs/gprs_llc.c +++ b/openbsc/src/gprs/gprs_llc.c @@ -56,8 +56,8 @@ static int _bssgp_tx_dl_ud(struct msgb *msg, struct sgsn_mm_ctx *mmctx) dup.ms_ra_cap.v = mmctx->ms_radio_access_capa.buf; /* make sure we only send it to the right llme */ - OSMO_ASSERT(msgb_tlli(msg) == mmctx->llme->tlli - || msgb_tlli(msg) == mmctx->llme->old_tlli); + OSMO_ASSERT(msgb_tlli(msg) == mmctx->gb.llme->tlli + || msgb_tlli(msg) == mmctx->gb.llme->old_tlli); } memcpy(&dup.qos_profile, qos_profile_default, sizeof(qos_profile_default)); @@ -663,7 +663,7 @@ int gprs_llc_rcvmsg(struct msgb *msg, struct tlv_parsed *tv) switch (llhp.sapi) { case GPRS_SAPI_GMM: /* send LL_UNITDATA_IND to GMM */ - rc = gsm0408_gprs_rcvmsg(msg, lle->llme); + rc = gsm0408_gprs_rcvmsg_gb(msg, lle->llme); break; case GPRS_SAPI_SNDCP3: case GPRS_SAPI_SNDCP5: diff --git a/openbsc/src/gprs/gprs_sgsn.c b/openbsc/src/gprs/gprs_sgsn.c index 65f789d6d..9e7143540 100644 --- a/openbsc/src/gprs/gprs_sgsn.c +++ b/openbsc/src/gprs/gprs_sgsn.c @@ -39,6 +39,9 @@ #include <openbsc/gprs_utils.h> #include <openbsc/signal.h> #include "openbsc/gprs_llc.h" +#include <openbsc/iu.h> + +#include <pdp.h> #include <time.h> @@ -91,13 +94,26 @@ static const struct rate_ctr_group_desc pdpctx_ctrg_desc = { }; /* look-up a SGSN MM context based on TLLI + RAI */ +struct sgsn_mm_ctx *sgsn_mm_ctx_by_ue_ctx(const void *uectx) +{ + struct sgsn_mm_ctx *ctx; + + llist_for_each_entry(ctx, &sgsn_mm_ctxts, list) { + if (ctx->ran_type == MM_CTX_T_UTRAN_Iu && uectx == ctx->iu.ue_ctx) + return ctx; + } + + return NULL; +} + +/* look-up a SGSN MM context based on TLLI + RAI */ struct sgsn_mm_ctx *sgsn_mm_ctx_by_tlli(uint32_t tlli, const struct gprs_ra_id *raid) { struct sgsn_mm_ctx *ctx; llist_for_each_entry(ctx, &sgsn_mm_ctxts, list) { - if ((tlli == ctx->tlli || tlli == ctx->tlli_new) && + if ((tlli == ctx->gb.tlli || tlli == ctx->gb.tlli_new) && gprs_ra_id_equals(raid, &ctx->ra)) return ctx; } @@ -165,7 +181,8 @@ struct sgsn_mm_ctx *sgsn_mm_ctx_alloc(uint32_t tlli, return NULL; memcpy(&ctx->ra, raid, sizeof(ctx->ra)); - ctx->tlli = tlli; + ctx->ran_type = MM_CTX_T_GERAN_Gb; + ctx->gb.tlli = tlli; ctx->mm_state = GMM_DEREGISTERED; ctx->auth_triplet.key_seq = GSM_KEY_SEQ_INVAL; ctx->ctrg = rate_ctr_group_alloc(ctx, &mmctx_ctrg_desc, tlli); @@ -176,6 +193,34 @@ struct sgsn_mm_ctx *sgsn_mm_ctx_alloc(uint32_t tlli, return ctx; } +/* Allocate a new SGSN MM context */ +struct sgsn_mm_ctx *sgsn_mm_ctx_alloc_iu(void *uectx) +{ + struct sgsn_mm_ctx *ctx; + + ctx = talloc_zero(tall_bsc_ctx, struct sgsn_mm_ctx); + if (!ctx) + return NULL; + + ctx->ran_type = MM_CTX_T_UTRAN_Iu; + ctx->iu.ue_ctx = uectx; + ctx->iu.new_key = 1; + ctx->mm_state = GMM_DEREGISTERED; + ctx->pmm_state = PMM_DETACHED; + ctx->auth_triplet.key_seq = GSM_KEY_SEQ_INVAL; + ctx->ctrg = rate_ctr_group_alloc(ctx, &mmctx_ctrg_desc, 0); + + /* Need to get RAID from IU conn */ + ctx->ra = ctx->iu.ue_ctx->ra_id; + + INIT_LLIST_HEAD(&ctx->pdp_list); + + llist_add(&ctx->list, &sgsn_mm_ctxts); + + return ctx; +} + + /* this is a hard _free_ function, it doesn't clean up the PDP contexts * in libgtp! */ static void sgsn_mm_ctx_free(struct sgsn_mm_ctx *mm) @@ -196,10 +241,11 @@ static void sgsn_mm_ctx_free(struct sgsn_mm_ctx *mm) void sgsn_mm_ctx_cleanup_free(struct sgsn_mm_ctx *mm) { - struct gprs_llc_llme *llme = mm->llme; - uint32_t tlli = mm->tlli; + struct gprs_llc_llme *llme = mm->gb.llme; + uint32_t tlli = mm->gb.tlli; struct sgsn_pdp_ctx *pdp, *pdp2; struct sgsn_signal_data sig_data; + enum sgsn_ran_type ran_type; /* Forget about ongoing look-ups */ if (mm->ggsn_lookup) { @@ -233,11 +279,15 @@ void sgsn_mm_ctx_cleanup_free(struct sgsn_mm_ctx *mm) subscr_put(subscr); } + ran_type = mm->ran_type; + sgsn_mm_ctx_free(mm); mm = NULL; - /* TLLI unassignment, must be called after sgsn_mm_ctx_free */ - gprs_llgmm_assign(llme, tlli, 0xffffffff, GPRS_ALGO_GEA0, NULL); + if (ran_type == MM_CTX_T_GERAN_Gb) { + /* TLLI unassignment, must be called after sgsn_mm_ctx_free */ + gprs_llgmm_assign(llme, tlli, 0xffffffff, GPRS_ALGO_GEA0, NULL); + } } @@ -290,7 +340,6 @@ struct sgsn_pdp_ctx *sgsn_pdp_ctx_alloc(struct sgsn_mm_ctx *mm, return pdp; } -#include <pdp.h> /* * This function will not trigger any GSM DEACT PDP ACK messages, so you * probably want to call sgsn_delete_pdp_ctx() instead if the connection @@ -307,8 +356,10 @@ void sgsn_pdp_ctx_terminate(struct sgsn_pdp_ctx *pdp) LOGPDPCTXP(LOGL_INFO, pdp, "Forcing release of PDP context\n"); - /* Force the deactivation of the SNDCP layer */ - sndcp_sm_deactivate_ind(&pdp->mm->llme->lle[pdp->sapi], pdp->nsapi); + if (pdp->mm->ran_type == MM_CTX_T_GERAN_Gb) { + /* Force the deactivation of the SNDCP layer */ + sndcp_sm_deactivate_ind(&pdp->mm->gb.llme->lle[pdp->sapi], pdp->nsapi); + } memset(&sig_data, 0, sizeof(sig_data)); sig_data.pdp = pdp; @@ -751,7 +802,7 @@ static void sgsn_llme_cleanup_free(struct gprs_llc_llme *llme) struct sgsn_mm_ctx *mmctx = NULL; llist_for_each_entry(mmctx, &sgsn_mm_ctxts, list) { - if (llme == mmctx->llme) { + if (llme == mmctx->gb.llme) { gsm0408_gprs_access_cancelled(mmctx, SGSN_ERROR_CAUSE_NONE); return; } diff --git a/openbsc/src/gprs/gsm_04_08_gprs.c b/openbsc/src/gprs/gsm_04_08_gprs.c new file mode 100644 index 000000000..90657eb05 --- /dev/null +++ b/openbsc/src/gprs/gsm_04_08_gprs.c @@ -0,0 +1,37 @@ +/* (C) 2009-2010 by Harald Welte <laforge@gnumonks.org> + * (C) 2010 by On-Waves + * (C) 2014-2015 by Sysmocom s.f.m.c. GmbH + * + * All Rights Reserved + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ + +/* TODO: Move this to osmocom/gsm/protocol/gsm_04_08_gprs.h ? */ + +#include <openbsc/gsm_04_08_gprs.h> + +#include <osmocom/core/utils.h> + +const struct value_string gprs_service_t_strs_[] = { + { GPRS_SERVICE_T_SIGNALLING, "signalling" }, + { GPRS_SERVICE_T_DATA, "data" }, + { GPRS_SERVICE_T_PAGING_RESP, "paging response" }, + { GPRS_SERVICE_T_MBMS_MC_SERV, "MBMS multicast service" }, + { GPRS_SERVICE_T_MBMS_BC_SERV, "MBMS broadcast service" }, + { 0, NULL } +}; + +const struct value_string *gprs_service_t_strs = gprs_service_t_strs_; diff --git a/openbsc/src/gprs/osmo_sgsn.cfg b/openbsc/src/gprs/osmo_sgsn.cfg index c4c9ec1cf..a1306beb9 100644 --- a/openbsc/src/gprs/osmo_sgsn.cfg +++ b/openbsc/src/gprs/osmo_sgsn.cfg @@ -1,14 +1,38 @@ ! -! Osmocom SGSN (0.9.0.474-0ede2) configuration saved from vty +! OsmoSGSN (0.15.0.145-a710-dirty) configuration saved from vty !! ! +log stderr + logging filter all 1 + logging color 1 + logging print category 0 + logging timestamp 0 + logging level all everything + logging level mm debug + logging level pag notice + logging level meas notice + logging level ref notice + logging level gprs debug + logging level ns info + logging level bssgp debug + logging level llc debug + logging level sndcp debug + logging level lglobal notice + logging level llapd notice + logging level linp notice + logging level lmux notice + logging level lmi notice + logging level lmib notice + logging level lsms notice + logging level lctrl notice + logging level lgtp notice + logging level lstats notice +! +stats interval 5 +! line vty no login ! -sgsn - gtp local-ip 192.168.100.11 - ggsn 0 remote-ip 192.168.100.239 - ggsn 0 gtp-version 1 ns timer tns-block 3 timer tns-block-retries 3 @@ -17,7 +41,30 @@ ns timer tns-test 30 timer tns-alive 3 timer tns-alive-retries 10 - encapsulation udp local-ip 192.168.100.11 + encapsulation udp local-ip 192.168.0.51 encapsulation udp local-port 23000 encapsulation framerelay-gre enabled 0 bssgp +sgsn + gtp local-ip 127.0.0.2 + ggsn 0 remote-ip 192.168.0.51 + ggsn 0 gtp-version 1 + auth-policy closed + gsup oap-id 0 + imsi-acl add 262032312854076 + imsi-acl add 262778026147135 + ! apn * ggsn 0 + no cdr filename + cdr interval 600 + timer t3312 600 + timer t3322 6 + timer t3350 6 + timer t3360 6 + timer t3370 6 + timer t3313 30 + timer t3314 44 + timer t3316 44 + timer t3385 8 + timer t3386 8 + timer t3395 8 + timer t3397 8 diff --git a/openbsc/src/gprs/sgsn_cdr.c b/openbsc/src/gprs/sgsn_cdr.c index d0cb71235..bf0d6f704 100644 --- a/openbsc/src/gprs/sgsn_cdr.c +++ b/openbsc/src/gprs/sgsn_cdr.c @@ -94,7 +94,7 @@ static void cdr_log_mm(struct sgsn_instance *inst, const char *ev, mmctx->imsi, mmctx->imei, mmctx->msisdn, - mmctx->cell_id, + mmctx->gb.cell_id, mmctx->ra.lac, mmctx->hlr, ev); @@ -179,7 +179,7 @@ static void cdr_log_pdp(struct sgsn_instance *inst, const char *ev, pdp->mm ? pdp->mm->imsi : "N/A", pdp->mm ? pdp->mm->imei : "N/A", pdp->mm ? pdp->mm->msisdn : "N/A", - pdp->mm ? pdp->mm->cell_id : -1, + pdp->mm ? pdp->mm->gb.cell_id : -1, pdp->mm ? pdp->mm->ra.lac : -1, pdp->mm ? pdp->mm->hlr : "N/A", ev, diff --git a/openbsc/src/gprs/sgsn_libgtp.c b/openbsc/src/gprs/sgsn_libgtp.c index aaf7e7aa7..303fa887c 100644 --- a/openbsc/src/gprs/sgsn_libgtp.c +++ b/openbsc/src/gprs/sgsn_libgtp.c @@ -37,6 +37,7 @@ #include <osmocom/core/talloc.h> #include <osmocom/core/select.h> #include <osmocom/core/rate_ctr.h> +#include <osmocom/crypt/auth.h> #include <osmocom/gprs/gprs_bssgp.h> #include <osmocom/gsm/protocol/gsm_04_08_gprs.h> @@ -47,6 +48,11 @@ #include <openbsc/gprs_sgsn.h> #include <openbsc/gprs_gmm.h> #include <openbsc/gsm_subscriber.h> +#include <openbsc/iu.h> + +#include <osmocom/ranap/ranap_ies_defs.h> + +#include <asn1c/asn1helpers.h> #include <gtp.h> #include <pdp.h> @@ -218,7 +224,10 @@ struct sgsn_pdp_ctx *sgsn_create_pdp_ctx(struct sgsn_ggsn_ctx *ggsn, memcpy(pdp->gsnlc.v, &sgsn->cfg.gtp_listenaddr.sin_addr, sizeof(sgsn->cfg.gtp_listenaddr.sin_addr)); - /* SGSN address for user plane */ + /* SGSN address for user plane + * Default to the control plane addr for now. If we are connected to a + * hnbgw via IuPS we'll need to send a PDP context update with the + * correct IP address after the RAB Assignment is complete */ pdp->gsnlu.l = sizeof(sgsn->cfg.gtp_listenaddr.sin_addr); memcpy(pdp->gsnlu.v, &sgsn->cfg.gtp_listenaddr.sin_addr, sizeof(sgsn->cfg.gtp_listenaddr.sin_addr)); @@ -239,7 +248,7 @@ struct sgsn_pdp_ctx *sgsn_create_pdp_ctx(struct sgsn_ggsn_ctx *ggsn, pdp->userloc_given = 1; pdp->userloc.l = 8; pdp->userloc.v[0] = 0; /* CGI for GERAN */ - bssgp_create_cell_id(&pdp->userloc.v[1], &mmctx->ra, mmctx->cell_id); + bssgp_create_cell_id(&pdp->userloc.v[1], &mmctx->ra, mmctx->gb.cell_id); /* include the IMEI(SV) */ pdp->imeisv_given = 1; @@ -304,6 +313,19 @@ static const struct cause_map gtp2sm_cause_map[] = { { 0, 0 } }; +static int send_act_pdp_cont_acc(struct sgsn_pdp_ctx *pctx) +{ + struct sgsn_signal_data sig_data; + + /* Inform others about it */ + memset(&sig_data, 0, sizeof(sig_data)); + sig_data.pdp = pctx; + osmo_signal_dispatch(SS_SGSN, S_SGSN_PDP_ACT, &sig_data); + + /* Send PDP CTX ACT to MS */ + return gsm48_tx_gsm_act_pdp_acc(pctx); +} + /* The GGSN has confirmed the creation of a PDP Context */ static int create_pdp_conf(struct pdp_t *pdp, void *cbp, int cause) { @@ -340,16 +362,17 @@ static int create_pdp_conf(struct pdp_t *pdp, void *cbp, int cause) goto reject; } - /* Activate the SNDCP layer */ - sndcp_sm_activate_ind(&pctx->mm->llme->lle[pctx->sapi], pctx->nsapi); + if (pctx->mm->ran_type == MM_CTX_T_GERAN_Gb) { + /* Activate the SNDCP layer */ + sndcp_sm_activate_ind(&pctx->mm->gb.llme->lle[pctx->sapi], pctx->nsapi); - /* Inform others about it */ - memset(&sig_data, 0, sizeof(sig_data)); - sig_data.pdp = pctx; - osmo_signal_dispatch(SS_SGSN, S_SGSN_PDP_ACT, &sig_data); - /* Send PDP CTX ACT to MS */ - return gsm48_tx_gsm_act_pdp_acc(pctx); + return send_act_pdp_cont_acc(pctx); + } else { + /* Activate a radio bearer */ + iu_rab_act_ps(pdp->nsapi, pctx, 1); + return 0; + } reject: /* @@ -372,6 +395,70 @@ reject: return EOF; } +/* Callback for RAB assignment response */ +int sgsn_ranap_rab_ass_resp(struct sgsn_mm_ctx *ctx, RANAP_RAB_SetupOrModifiedItemIEs_t *setup_ies) +{ + uint8_t rab_id; + bool require_pdp_update = false; + struct sgsn_pdp_ctx *pdp = NULL; + RANAP_RAB_SetupOrModifiedItem_t *item = &setup_ies->raB_SetupOrModifiedItem; + + rab_id = item->rAB_ID.buf[0]; + + pdp = sgsn_pdp_ctx_by_nsapi(ctx, rab_id); + if (!pdp) { + LOGP(DRANAP, LOGL_ERROR, "RAB Assignment Response for unknown RAB/NSAPI=%u\n", rab_id); + return -1; + } + + if (item->transportLayerAddress) { + LOGPC(DRANAP, LOGL_INFO, " Setup: (%u/%s)", rab_id, osmo_hexdump(item->transportLayerAddress->buf, + item->transportLayerAddress->size)); + switch (item->transportLayerAddress->size) { + case 7: + /* It must be IPv4 inside a X213 NSAP */ + memcpy(pdp->lib->gsnlu.v, &item->transportLayerAddress->buf[3], 4); + break; + case 4: + /* It must be a raw IPv4 address */ + memcpy(pdp->lib->gsnlu.v, item->transportLayerAddress->buf, 4); + break; + case 16: + /* TODO: It must be a raw IPv6 address */ + case 19: + /* TODO: It must be IPv6 inside a X213 NSAP */ + default: + LOGP(DRANAP, LOGL_ERROR, "RAB Assignment Resp: Unknown " + "transport layer address size %u\n", + item->transportLayerAddress->size); + return -1; + } + require_pdp_update = true; + } + + /* The TEI on the RNC side might have changed, too */ + if (item->iuTransportAssociation && + item->iuTransportAssociation->present == RANAP_IuTransportAssociation_PR_gTP_TEI && + item->iuTransportAssociation->choice.gTP_TEI.buf && + item->iuTransportAssociation->choice.gTP_TEI.size >= 4) { + uint32_t tei = osmo_load32be(item->iuTransportAssociation->choice.gTP_TEI.buf); + LOGP(DRANAP, LOGL_DEBUG, "Updating TEID on RNC side from 0x%08x to 0x%08x\n", + pdp->lib->teid_own, tei); + pdp->lib->teid_own = tei; + require_pdp_update = true; + } + + if (require_pdp_update) + gtp_update_context(pdp->ggsn->gsn, pdp->lib, pdp, &pdp->lib->hisaddr0); + + if (pdp->state != PDP_STATE_CR_CONF) { + send_act_pdp_cont_acc(pdp); + pdp->state = PDP_STATE_CR_CONF; + } + return 0; + +} + /* Confirmation of a PDP Context Delete */ static int delete_pdp_conf(struct pdp_t *pdp, void *cbp, int cause) { @@ -387,8 +474,13 @@ static int delete_pdp_conf(struct pdp_t *pdp, void *cbp, int cause) osmo_signal_dispatch(SS_SGSN, S_SGSN_PDP_DEACT, &sig_data); if (pctx->mm) { - /* Deactivate the SNDCP layer */ - sndcp_sm_deactivate_ind(&pctx->mm->llme->lle[pctx->sapi], pctx->nsapi); + if (pctx->mm->ran_type == MM_CTX_T_GERAN_Gb) { + /* Deactivate the SNDCP layer */ + sndcp_sm_deactivate_ind(&pctx->mm->gb.llme->lle[pctx->sapi], pctx->nsapi); + } else { + /* Dectivate a radio bearer */ + iu_rab_deact(pctx->mm->iu.ue_ctx, 1); + } /* Confirm deactivation of PDP context to MS */ rc = gsm48_tx_gsm_deact_pdp_acc(pctx); @@ -521,9 +613,9 @@ static int cb_data_ind(struct pdp_t *lib, void *packet, unsigned int len) ud = msgb_put(msg, len); memcpy(ud, packet, len); - msgb_tlli(msg) = mm->tlli; - msgb_bvci(msg) = mm->bvci; - msgb_nsei(msg) = mm->nsei; + msgb_tlli(msg) = mm->gb.tlli; + msgb_bvci(msg) = mm->gb.bvci; + msgb_nsei(msg) = mm->gb.nsei; switch (mm->mm_state) { case GMM_REGISTERED_SUSPENDED: @@ -531,12 +623,12 @@ static int cb_data_ind(struct pdp_t *lib, void *packet, unsigned int len) memset(&pinfo, 0, sizeof(pinfo)); pinfo.mode = BSSGP_PAGING_PS; pinfo.scope = BSSGP_PAGING_BVCI; - pinfo.bvci = mm->bvci; + pinfo.bvci = mm->gb.bvci; pinfo.imsi = mm->imsi; pinfo.ptmsi = &mm->p_tmsi; pinfo.drx_params = mm->drx_parms; pinfo.qos[0] = 0; // FIXME - bssgp_tx_paging(mm->nsei, 0, &pinfo); + bssgp_tx_paging(mm->gb.nsei, 0, &pinfo); rate_ctr_inc(&mm->ctrg->ctr[GMM_CTR_PAGING_PS]); /* FIXME: queue the packet we received from GTP */ break; @@ -544,7 +636,7 @@ static int cb_data_ind(struct pdp_t *lib, void *packet, unsigned int len) break; default: LOGP(DGPRS, LOGL_ERROR, "GTP DATA IND for TLLI %08X in state " - "%u\n", mm->tlli, mm->mm_state); + "%u\n", mm->gb.tlli, mm->mm_state); msgb_free(msg); return -1; } @@ -557,7 +649,7 @@ static int cb_data_ind(struct pdp_t *lib, void *packet, unsigned int len) /* It is easier to have a global count */ pdp->cdr_bytes_out += len; - return sndcp_unitdata_req(msg, &mm->llme->lle[pdp->sapi], + return sndcp_unitdata_req(msg, &mm->gb.llme->lle[pdp->sapi], pdp->nsapi, mm); } diff --git a/openbsc/src/gprs/sgsn_main.c b/openbsc/src/gprs/sgsn_main.c index cb762b792..8c0ead051 100644 --- a/openbsc/src/gprs/sgsn_main.c +++ b/openbsc/src/gprs/sgsn_main.c @@ -55,6 +55,8 @@ #include <openbsc/sgsn.h> #include <openbsc/gprs_llc.h> #include <openbsc/gprs_gmm.h> +#include <openbsc/iu.h> + #include <osmocom/ctrl/control_if.h> #include <osmocom/ctrl/ports.h> @@ -232,6 +234,8 @@ static void handle_options(int argc, char **argv) } } +extern int asn_debug; + /* default categories */ static struct log_info_cat gprs_categories[] = { [DMM] = { @@ -281,6 +285,16 @@ static struct log_info_cat gprs_categories[] = { .description = "GPRS Sub-Network Dependent Control Protocol (SNDCP)", .enabled = 1, .loglevel = LOGL_DEBUG, }, + [DSUA] = { + .name = "DSUA", + .description = "SCCP User Adaptation (SUA)", + .enabled = 1, .loglevel = LOGL_DEBUG, + }, + [DRANAP] = { + .name = "DRANAP", + .description = "RAN Application Part (RANAP)", + .enabled = 1, .loglevel = LOGL_DEBUG, + }, }; static const struct log_info gprs_log_info = { @@ -289,6 +303,9 @@ static const struct log_info gprs_log_info = { .num_cat = ARRAY_SIZE(gprs_categories), }; +int asn_debug; + +int sgsn_ranap_iu_event(struct ue_conn_ctx *ctx, enum iu_event_type type, void *data); int main(int argc, char **argv) { @@ -404,6 +421,9 @@ int main(int argc, char **argv) } } + asn_debug = 0; + iu_init(tall_bsc_ctx, "127.0.0.2", 14001, gsm0408_gprs_rcvmsg_iu, sgsn_ranap_iu_event); + if (daemonize) { rc = osmo_daemonize(); if (rc < 0) { diff --git a/openbsc/src/gprs/sgsn_vty.c b/openbsc/src/gprs/sgsn_vty.c index f16c95ad4..02c0f318c 100644 --- a/openbsc/src/gprs/sgsn_vty.c +++ b/openbsc/src/gprs/sgsn_vty.c @@ -431,12 +431,12 @@ static void vty_dump_mmctx(struct vty *vty, const char *pfx, vty_out(vty, "%sMM Context for IMSI %s, IMEI %s, P-TMSI %08x%s", pfx, mm->imsi, mm->imei, mm->p_tmsi, VTY_NEWLINE); vty_out(vty, "%s MSISDN: %s, TLLI: %08x%s HLR: %s", - pfx, mm->msisdn, mm->tlli, mm->hlr, VTY_NEWLINE); + pfx, mm->msisdn, mm->gb.tlli, mm->hlr, VTY_NEWLINE); vty_out(vty, "%s MM State: %s, Routeing Area: %u-%u-%u-%u, " "Cell ID: %u%s", pfx, get_value_string(gprs_mm_st_strs, mm->mm_state), mm->ra.mcc, mm->ra.mnc, mm->ra.lac, mm->ra.rac, - mm->cell_id, VTY_NEWLINE); + mm->gb.cell_id, VTY_NEWLINE); vty_out_rate_ctr_group(vty, " ", mm->ctrg); |