This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.
Harald Welte gerrit-no-reply at lists.osmocom.orgHarald Welte has submitted this change and it was merged. ( https://gerrit.osmocom.org/11642 )
Change subject: Add SGs Interface
......................................................................
Add SGs Interface
Add an SGs interface (3GPP TS 29.118) to osmo-msc in order to support
SMS tunneling and Circuit Switched Fallback (CSFB)
Change-Id: I73359925fc1ca72b33a1466e6ac41307f2f0b11d
Related: OS#3615
---
M include/osmocom/msc/Makefile.am
M include/osmocom/msc/debug.h
M include/osmocom/msc/gsm_04_08.h
M include/osmocom/msc/gsm_subscriber.h
M include/osmocom/msc/ran_conn.h
A include/osmocom/msc/sgs_iface.h
A include/osmocom/msc/sgs_server.h
A include/osmocom/msc/sgs_vty.h
M include/osmocom/msc/vlr.h
A include/osmocom/msc/vlr_sgs.h
M include/osmocom/msc/vty.h
M src/libmsc/Makefile.am
M src/libmsc/gsm_04_08.c
M src/libmsc/gsm_04_08_cc.c
M src/libmsc/gsm_04_11.c
M src/libmsc/gsm_09_11.c
M src/libmsc/gsm_subscriber.c
M src/libmsc/msc_ifaces.c
M src/libmsc/msc_vty.c
M src/libmsc/ran_conn.c
A src/libmsc/sgs_iface.c
A src/libmsc/sgs_server.c
A src/libmsc/sgs_vty.c
M src/libmsc/silent_call.c
M src/libvlr/Makefile.am
M src/libvlr/vlr.c
M src/libvlr/vlr_lu_fsm.c
A src/libvlr/vlr_sgs.c
A src/libvlr/vlr_sgs_fsm.c
A src/libvlr/vlr_sgs_fsm.h
M src/osmo-msc/Makefile.am
M src/osmo-msc/msc_main.c
M tests/msc_vlr/Makefile.am
M tests/msc_vlr/msc_vlr_test_authen_reuse.c
M tests/msc_vlr/msc_vlr_test_call.c
M tests/msc_vlr/msc_vlr_test_gsm_authen.c
M tests/msc_vlr/msc_vlr_test_gsm_ciph.c
M tests/msc_vlr/msc_vlr_test_hlr_reject.c
M tests/msc_vlr/msc_vlr_test_hlr_timeout.c
M tests/msc_vlr/msc_vlr_test_ms_timeout.c
M tests/msc_vlr/msc_vlr_test_no_authen.c
M tests/msc_vlr/msc_vlr_test_reject_concurrency.c
M tests/msc_vlr/msc_vlr_test_rest.c
M tests/msc_vlr/msc_vlr_test_ss.c
M tests/msc_vlr/msc_vlr_test_umts_authen.c
A tests/msc_vlr/stubs.h
M tests/sms_queue/sms_queue_test.c
M tests/test_nodes.vty
48 files changed, 2,939 insertions(+), 22 deletions(-)
Approvals:
Jenkins Builder: Verified
Harald Welte: Looks good to me, approved
diff --git a/include/osmocom/msc/Makefile.am b/include/osmocom/msc/Makefile.am
index 13ac166..408d710 100644
--- a/include/osmocom/msc/Makefile.am
+++ b/include/osmocom/msc/Makefile.am
@@ -23,11 +23,15 @@
a_reset.h \
ran_conn.h \
rrlp.h \
+ sgs_iface.h \
+ sgs_server.h \
+ sgs_vty.h \
signal.h \
silent_call.h \
smpp.h \
sms_queue.h \
transaction.h \
vlr.h \
+ vlr_sgs.h \
vty.h \
$(NULL)
diff --git a/include/osmocom/msc/debug.h b/include/osmocom/msc/debug.h
index 717cf74..28ba482 100644
--- a/include/osmocom/msc/debug.h
+++ b/include/osmocom/msc/debug.h
@@ -21,5 +21,6 @@
DVLR,
DIUCS,
DBSSAP,
+ DSGS,
Debug_LastEntry,
};
diff --git a/include/osmocom/msc/gsm_04_08.h b/include/osmocom/msc/gsm_04_08.h
index 5ff16de..2d4a0cd 100644
--- a/include/osmocom/msc/gsm_04_08.h
+++ b/include/osmocom/msc/gsm_04_08.h
@@ -77,5 +77,6 @@
int gsm48_tch_rtp_create(struct gsm_trans *trans);
int gsm48_conn_sendmsg(struct msgb *msg, struct ran_conn *conn, struct gsm_trans *trans);
+struct msgb *gsm48_create_mm_info(struct gsm_network *net);
#endif
diff --git a/include/osmocom/msc/gsm_subscriber.h b/include/osmocom/msc/gsm_subscriber.h
index 2051067..f848ac8 100644
--- a/include/osmocom/msc/gsm_subscriber.h
+++ b/include/osmocom/msc/gsm_subscriber.h
@@ -5,6 +5,7 @@
#include <osmocom/core/linuxlist.h>
#include <osmocom/gsm/protocol/gsm_23_003.h>
+#include <osmocom/gsm/protocol/gsm_29_118.h>
#include <osmocom/msc/gsm_data.h>
@@ -36,8 +37,8 @@
*/
struct subscr_request *subscr_request_conn(struct vlr_subscr *vsub,
gsm_cbfn *cbfn, void *param,
- const char *label);
-
+ const char *label,
+ enum sgsap_service_ind serv_ind);
void subscr_remove_request(struct subscr_request *req);
void subscr_paging_cancel(struct vlr_subscr *vsub, enum gsm_paging_event event);
diff --git a/include/osmocom/msc/ran_conn.h b/include/osmocom/msc/ran_conn.h
index affebc8..fca7ab6 100644
--- a/include/osmocom/msc/ran_conn.h
+++ b/include/osmocom/msc/ran_conn.h
@@ -208,6 +208,7 @@
void ran_conn_rx_bssmap_clear_complete(struct ran_conn *conn);
void ran_conn_rx_iu_release_complete(struct ran_conn *conn);
+void ran_conn_sgs_release_sent(struct ran_conn *conn);
enum ran_conn_use {
RAN_CONN_USE_UNTRACKED = -1,
diff --git a/include/osmocom/msc/sgs_iface.h b/include/osmocom/msc/sgs_iface.h
new file mode 100644
index 0000000..a167cd6
--- /dev/null
+++ b/include/osmocom/msc/sgs_iface.h
@@ -0,0 +1,87 @@
+/* (C) 2018-2019 by sysmocom s.f.m.c. GmbH
+ * All Rights Reserved
+ *
+ * Author: Harald Welte, Philipp Maier
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#pragma once
+
+#include <osmocom/gsm/protocol/gsm_23_003.h>
+#include <osmocom/gsm/protocol/gsm_29_118.h>
+#include <osmocom/msc/vlr.h>
+#include <osmocom/msc/vlr_sgs.h>
+#include <osmocom/core/socket.h>
+
+static const unsigned int sgs_state_timer_defaults[_NUM_SGS_STATE_TIMERS] = {
+ [SGS_STATE_TS5] = SGS_TS5_DEFAULT,
+ [SGS_STATE_TS6_2] = SGS_TS6_2_DEFAULT,
+ [SGS_STATE_TS7] = SGS_TS7_DEFAULT,
+ [SGS_STATE_TS11] = SGS_TS11_DEFAULT,
+ [SGS_STATE_TS14] = SGS_TS14_DEFAULT,
+ [SGS_STATE_TS15] = SGS_TS15_DEFAULT,
+};
+
+static const unsigned int sgs_state_counter_defaults[_NUM_SGS_STATE_COUNTERS] = {
+ [SGS_STATE_NS7] = SGS_NS7_DEFAULT,
+ [SGS_STATE_NS11] = SGS_NS11_DEFAULT,
+};
+
+struct sgs_connection {
+ /* global list of SGs connections */
+ struct llist_head entry;
+
+ /* back-pointer */
+ struct sgs_state *sgs;
+
+ /* Socket name from osmo_sock_get_name() */
+ char sockname[OSMO_SOCK_NAME_MAXLEN];
+
+ /* MME for this connection, if any. This field is NULL until we
+ * receive the first "MME name" IE from the MME, which could be part
+ * of the RESET procedure, but also just a normal LU request. */
+ struct sgs_mme_ctx *mme;
+
+ /* represents the SCTP connection we accept()ed from this MME */
+ struct osmo_stream_srv *srv;
+};
+
+struct sgs_mme_ctx {
+ /* global list of MME contexts */
+ struct llist_head entry;
+
+ /* back-pointer */
+ struct sgs_state *sgs;
+
+ /* MME name as string representation */
+ char fqdn[GSM23003_MME_DOMAIN_LEN + 1];
+
+ /* current connection for this MME, if any. Can be NULL if the SCTP
+ * connection to the MME was lost and hasn't been re-established yet */
+ struct sgs_connection *conn;
+
+ /* FSM for the "VLR reset" procedure" */
+ struct osmo_fsm_inst *fi;
+ unsigned int ns11_remaining;
+};
+
+extern struct sgs_state *g_sgs;
+
+struct sgs_state *sgs_iface_init(void *ctx, struct gsm_network *network);
+int sgs_iface_rx(struct sgs_connection *sgc, struct msgb *msg);
+int sgs_iface_tx_paging(struct vlr_subscr *vsub, enum sgsap_service_ind serv_ind);
+int sgs_iface_tx_dtap_ud(struct msgb *msg);
+void sgs_iface_tx_release(struct ran_conn *conn);
diff --git a/include/osmocom/msc/sgs_server.h b/include/osmocom/msc/sgs_server.h
new file mode 100644
index 0000000..a89022d
--- /dev/null
+++ b/include/osmocom/msc/sgs_server.h
@@ -0,0 +1,53 @@
+/* (C) 2018-2019 by sysmocom s.f.m.c. GmbH
+ * All Rights Reserved
+ *
+ * Author: Harald Welte, Philipp Maier
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#pragma once
+
+#include <arpa/inet.h>
+#include <osmocom/gsm/protocol/gsm_29_118.h>
+
+#define DEFAULT_SGS_SERVER_IP "0.0.0.0"
+#define DEFAULT_SGS_SERVER_VLR_NAME "vlr.example.net"
+
+/* global SGs state */
+struct sgs_state {
+ /* list of MMEs (sgs_mme_ctx) */
+ struct llist_head mme_list;
+
+ /* list of SCTP client connections */
+ struct llist_head conn_list;
+
+ /* SCTP server for inbound SGs connections */
+ struct osmo_stream_srv_link *srv_link;
+
+ struct {
+ char local_addr[INET6_ADDRSTRLEN];
+ uint16_t local_port;
+ /* user-configured VLR name (FQDN) */
+ char vlr_name[SGS_VLR_NAME_MAXLEN];
+ /* timers on VLR side */
+ unsigned int timer[_NUM_SGS_STATE_TIMERS];
+ /* countrs on VLR side */
+ unsigned int counter[_NUM_SGS_STATE_COUNTERS];
+ } cfg;
+};
+
+struct sgs_state *sgs_server_alloc(void *ctx);
+int sgs_server_open(struct sgs_state *sgs);
diff --git a/include/osmocom/msc/sgs_vty.h b/include/osmocom/msc/sgs_vty.h
new file mode 100644
index 0000000..daf69c1
--- /dev/null
+++ b/include/osmocom/msc/sgs_vty.h
@@ -0,0 +1,23 @@
+/* (C) 2018-2019 by sysmocom s.f.m.c. GmbH
+ * All Rights Reserved
+ *
+ * Author: Harald Welte, Philipp Maier
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#pragma once
+
+void sgs_vty_init(void);
diff --git a/include/osmocom/msc/vlr.h b/include/osmocom/msc/vlr.h
index 83c8e1b..3529640 100644
--- a/include/osmocom/msc/vlr.h
+++ b/include/osmocom/msc/vlr.h
@@ -13,6 +13,7 @@
#include <osmocom/msc/ran_conn.h>
#include <osmocom/msc/msc_common.h>
#include <osmocom/gsupclient/gsup_client.h>
+#include <osmocom/msc/vlr_sgs.h>
#define LOGGSUPP(level, gsup, fmt, args...) \
LOGP(DVLR, level, "GSUP(%s) " fmt, (gsup)->imsi, ## args)
@@ -162,6 +163,7 @@
struct osmo_fsm_inst *lu_fsm;
struct osmo_fsm_inst *auth_fsm;
struct osmo_fsm_inst *proc_arq_fsm;
+ struct osmo_fsm_inst *sgs_fsm;
bool lu_complete;
time_t expire_lu;
@@ -182,6 +184,17 @@
uint8_t lac;
enum osmo_rat_type attached_via_ran;
} cs;
+ /* SGs (MME) specific parts */
+ struct {
+ struct vlr_sgs_cfg cfg;
+ char mme_name[SGS_MME_NAME_LEN + 1];
+ struct osmo_location_area_id lai;
+ vlr_sgs_lu_response_cb_t response_cb;
+ vlr_sgs_lu_paging_cb_t paging_cb;
+ vlr_sgs_lu_mminfo_cb_t mminfo_cb;
+ enum sgsap_service_ind paging_serv_ind;
+ struct osmo_timer_list Ts5;
+ } sgs;
struct gsm_classmark classmark;
};
diff --git a/include/osmocom/msc/vlr_sgs.h b/include/osmocom/msc/vlr_sgs.h
new file mode 100644
index 0000000..cc07807
--- /dev/null
+++ b/include/osmocom/msc/vlr_sgs.h
@@ -0,0 +1,107 @@
+/* (C) 2018-2019 by sysmocom s.f.m.c. GmbH
+ * All Rights Reserved
+ *
+ * Author: Harald Welte, Philipp Maier
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#pragma once
+
+#include <osmocom/gsm/gsm29118.h>
+
+enum vlr_lu_type;
+struct vlr_subscr;
+struct vlr_instance;
+
+/* See also 3GPP TS 29.118, chapter 4.2.2 States at the VLR */
+enum sgs_ue_fsm_state {
+ SGS_UE_ST_NULL,
+ SGS_UE_ST_ASSOCIATED,
+ SGS_UE_ST_LA_UPD_PRES,
+};
+
+enum vlr_sgs_state_tmr {
+ /* Started when sending the SGsAP-PAGING-REQUEST, implemented in vlr_sgs.c */
+ SGS_STATE_TS5,
+ /* TMSI reallocation, 5.2.3.5, implemented by fsm in vlr_sgs_fsm.c */
+ SGS_STATE_TS6_2,
+ /* Started when SGsAP-ALERT-REQUEST is sent 5.3.2.1, not implemented yet */
+ SGS_STATE_TS7,
+ /* Reset ack timeout, implemnted in sgs_iface.c */
+ SGS_STATE_TS11,
+ /* Started when SGsAP-SERVICE-REQUEST is received 5.15.1, not implemented yet */
+ SGS_STATE_TS14,
+ /* Started when SGsAP-MO-CSFB-INDICATION is received 5.16.3 (UE fallback, not implemented yet) */
+ SGS_STATE_TS15,
+ _NUM_SGS_STATE_TIMERS
+};
+
+enum vlr_sgs_state_ctr {
+ /* Alert request retransmit count */
+ SGS_STATE_NS7,
+ /* Reset repeat count */
+ SGS_STATE_NS11,
+ _NUM_SGS_STATE_COUNTERS
+};
+
+extern const struct value_string sgs_state_timer_names[];
+static inline const char *vlr_sgs_state_timer_name(enum vlr_sgs_state_tmr Ts)
+{
+ return get_value_string(sgs_state_timer_names, Ts);
+}
+
+extern const struct value_string sgs_state_counter_names[];
+static inline const char *vlr_sgs_state_counter_name(enum vlr_sgs_state_ctr Ns)
+{
+ return get_value_string(sgs_state_timer_names, Ns);
+}
+
+/* This callback function is called when an SGs location update is complete */
+struct sgs_lu_response {
+ bool accepted;
+ struct vlr_subscr *vsub;
+};
+typedef void (*vlr_sgs_lu_response_cb_t) (struct sgs_lu_response *response);
+
+/* This callback function is called in cases where a paging request is required
+ * after the LU is completed */
+typedef int (*vlr_sgs_lu_paging_cb_t) (struct vlr_subscr *vsub, enum sgsap_service_ind serv_ind);
+
+/* This callback function is called to send the MM info to the UE. */
+typedef void (*vlr_sgs_lu_mminfo_cb_t) (struct vlr_subscr *vsub);
+
+/* Configuration parameters for the SGs FSM */
+struct vlr_sgs_cfg {
+ unsigned int timer[_NUM_SGS_STATE_TIMERS];
+ unsigned int counter[_NUM_SGS_STATE_COUNTERS];
+};
+
+void vlr_sgs_reset(struct vlr_instance *vlr);
+int vlr_sgs_loc_update(struct vlr_instance *vlr, struct vlr_sgs_cfg *cfg,
+ vlr_sgs_lu_response_cb_t response_cb, vlr_sgs_lu_paging_cb_t paging_cb,
+ vlr_sgs_lu_mminfo_cb_t mminfo_cb, char *mme_name, enum vlr_lu_type type, const char *imsi,
+ struct osmo_location_area_id *new_lai);
+void vlr_sgs_loc_update_acc_sent(struct vlr_subscr *vsub);
+void vlr_sgs_loc_update_rej_sent(struct vlr_subscr *vsub);
+void vlr_sgs_detach(struct vlr_instance *vlr, const char *imsi, bool eps);
+void vlr_sgs_imsi_detach(struct vlr_instance *vlr, const char *imsi, enum sgsap_imsi_det_noneps_type type);
+void vlr_sgs_eps_detach(struct vlr_instance *vlr, const char *imsi, enum sgsap_imsi_det_eps_type type);
+void vlr_sgs_tmsi_reall_compl(struct vlr_instance *vlr, const char *imsi);
+void vlr_sgs_pag_rej(struct vlr_instance *vlr, const char *imsi, enum sgsap_sgs_cause cause);
+void vlr_sgs_pag_ack(struct vlr_instance *vlr, const char *imsi);
+void vlr_sgs_ue_unr(struct vlr_instance *vlr, const char *imsi, enum sgsap_sgs_cause cause);
+void vlr_sgs_pag(struct vlr_subscr *vsub, enum sgsap_service_ind serv_ind);
+bool vlr_sgs_pag_pend(struct vlr_subscr *vsub);
diff --git a/include/osmocom/msc/vty.h b/include/osmocom/msc/vty.h
index 6a55df7..2a3b18b 100644
--- a/include/osmocom/msc/vty.h
+++ b/include/osmocom/msc/vty.h
@@ -23,6 +23,7 @@
SMPP_NODE,
SMPP_ESME_NODE,
HLR_NODE,
+ CFG_SGS_NODE,
};
int bsc_vty_init_extra(void);
diff --git a/src/libmsc/Makefile.am b/src/libmsc/Makefile.am
index 72da747..454b970 100644
--- a/src/libmsc/Makefile.am
+++ b/src/libmsc/Makefile.am
@@ -17,6 +17,7 @@
$(LIBOSMOMGCPCLIENT_CFLAGS) \
$(LIBOSMOGSUPCLIENT_CFLAGS) \
$(LIBOSMORANAP_CFLAGS) \
+ $(LIBOSMONETIF_CFLAGS) \
$(NULL)
noinst_HEADERS = \
@@ -52,6 +53,9 @@
transaction.c \
osmo_msc.c \
ctrl_commands.c \
+ sgs_iface.c \
+ sgs_server.c \
+ sgs_vty.c \
$(NULL)
if BUILD_IU
libmsc_a_SOURCES += \
diff --git a/src/libmsc/gsm_04_08.c b/src/libmsc/gsm_04_08.c
index adc946e..c6e5528 100644
--- a/src/libmsc/gsm_04_08.c
+++ b/src/libmsc/gsm_04_08.c
@@ -469,13 +469,12 @@
return ret;
}
-
-/* Section 9.2.15a */
-int gsm48_tx_mm_info(struct ran_conn *conn)
+/* Generate a message buffer that contains a valid MM info message,
+ * See also 3GPP TS 24.008, chapter 9.2.15a */
+struct msgb *gsm48_create_mm_info(struct gsm_network *net)
{
struct msgb *msg = gsm48_msgb_alloc_name("GSM 04.08 MM INF");
struct gsm48_hdr *gh;
- struct gsm_network *net = conn->network;
uint8_t *ptr8;
int name_len, name_pad;
@@ -617,8 +616,18 @@
ptr8[2] = dst;
}
- LOG_RAN_CONN(conn, LOGL_DEBUG, "Tx MM INFO\n");
+ return msg;
+}
+/* Section 9.2.15a */
+int gsm48_tx_mm_info(struct ran_conn *conn)
+{
+ struct gsm_network *net = conn->network;
+ struct msgb *msg;
+
+ msg = gsm48_create_mm_info(net);
+
+ LOG_RAN_CONN(conn, LOGL_DEBUG, "Tx MM INFO\n");
return gsm48_conn_sendmsg(msg, conn, NULL);
}
diff --git a/src/libmsc/gsm_04_08_cc.c b/src/libmsc/gsm_04_08_cc.c
index 0119e7b..93e136c 100644
--- a/src/libmsc/gsm_04_08_cc.c
+++ b/src/libmsc/gsm_04_08_cc.c
@@ -1969,7 +1969,8 @@
vsub,
setup_trig_pag_evt,
trans,
- "MNCC: establish call");
+ "MNCC: establish call",
+ SGSAP_SERV_IND_CS_CALL);
if (!trans->paging_request) {
LOGP(DCC, LOGL_ERROR, "Failed to allocate paging token.\n");
vlr_subscr_put(vsub);
diff --git a/src/libmsc/gsm_04_11.c b/src/libmsc/gsm_04_11.c
index 1edf2d4..e63d1b6 100644
--- a/src/libmsc/gsm_04_11.c
+++ b/src/libmsc/gsm_04_11.c
@@ -193,7 +193,9 @@
LOGP(DLSMS, LOGL_DEBUG, "Initiating Paging procedure "
"for %s due to MMSMS_EST_REQ\n", vlr_subscr_name(trans->vsub));
trans->paging_request = subscr_request_conn(trans->vsub,
- paging_cb_mmsms_est_req, trans, "MT SMS");
+ paging_cb_mmsms_est_req,
+ trans, "MT SMS",
+ SGSAP_SERV_IND_SMS);
if (!trans->paging_request) {
LOGP(DLSMS, LOGL_ERROR, "Failed to initiate Paging "
"procedure for %s\n", vlr_subscr_name(trans->vsub));
diff --git a/src/libmsc/gsm_09_11.c b/src/libmsc/gsm_09_11.c
index 608d4ff..dca315d 100644
--- a/src/libmsc/gsm_09_11.c
+++ b/src/libmsc/gsm_09_11.c
@@ -343,7 +343,8 @@
/* Trigger Paging Request */
trans->paging_request = subscr_request_conn(vsub,
- &handle_paging_event, trans, "GSM 09.11 SS/USSD");
+ &handle_paging_event, trans, "GSM 09.11 SS/USSD",
+ SGSAP_SERV_IND_CS_CALL);
if (!trans->paging_request) {
LOGP(DMM, LOGL_ERROR, "Failed to allocate paging token\n");
trans_free(trans);
diff --git a/src/libmsc/gsm_subscriber.c b/src/libmsc/gsm_subscriber.c
index 9ca5e2b..e60344f 100644
--- a/src/libmsc/gsm_subscriber.c
+++ b/src/libmsc/gsm_subscriber.c
@@ -48,6 +48,7 @@
#include <osmocom/msc/vlr.h>
#include <osmocom/msc/msc_ifaces.h>
#include <osmocom/msc/a_iface.h>
+#include <osmocom/msc/sgs_iface.h>
void subscr_paging_cancel(struct vlr_subscr *vsub, enum gsm_paging_event event)
{
@@ -109,7 +110,9 @@
return 0;
}
-static int msc_paging_request(struct vlr_subscr *vsub)
+/* Execute a paging on the currently active RAN. Returns the number of
+ * delivered paging requests or -EINVAL in case of failure. */
+static int msc_paging_request(struct vlr_subscr *vsub, enum sgsap_service_ind serv_ind)
{
/* The subscriber was last seen in subscr->lac. Find out which
* BSCs/RNCs are responsible and send them a paging request via open
@@ -122,6 +125,8 @@
vsub->tmsi == GSM_RESERVED_TMSI?
NULL : &vsub->tmsi,
vsub->cgi.lai.lac);
+ case OSMO_RAT_EUTRAN_SGS:
+ return sgs_iface_tx_paging(vsub, serv_ind);
default:
break;
}
@@ -142,10 +147,11 @@
* \param cbfn function to call when the conn is established.
* \param param caller defined param to pass to cbfn().
* \param label human readable label of the request kind used for logging.
+ * \param serv_ind sgsap service indicator (in case SGs interface is used to page).
*/
struct subscr_request *subscr_request_conn(struct vlr_subscr *vsub,
gsm_cbfn *cbfn, void *param,
- const char *label)
+ const char *label, enum sgsap_service_ind serv_ind)
{
int rc;
struct subscr_request *request;
@@ -155,7 +161,7 @@
if (!vsub->cs.is_paging) {
LOGP(DMM, LOGL_DEBUG, "Subscriber %s not paged yet, start paging.\n",
vlr_subscr_name(vsub));
- rc = msc_paging_request(vsub);
+ rc = msc_paging_request(vsub, serv_ind);
if (rc <= 0) {
LOGP(DMM, LOGL_ERROR, "Subscriber %s paging failed: %d\n",
vlr_subscr_name(vsub), rc);
diff --git a/src/libmsc/msc_ifaces.c b/src/libmsc/msc_ifaces.c
index 3074d07..e2c52df 100644
--- a/src/libmsc/msc_ifaces.c
+++ b/src/libmsc/msc_ifaces.c
@@ -28,6 +28,7 @@
#include <osmocom/mgcp_client/mgcp_client.h>
#include <osmocom/msc/vlr.h>
#include <osmocom/msc/a_iface.h>
+#include <osmocom/msc/sgs_iface.h>
#include <osmocom/msc/gsm_04_08.h>
#include <osmocom/msc/msc_mgcp.h>
@@ -60,6 +61,10 @@
msg->dst = conn->iu.ue_ctx;
return ranap_iu_tx(msg, 0);
+ case OSMO_RAT_EUTRAN_SGS:
+ msg->dst = conn;
+ return sgs_iface_tx_dtap_ud(msg);
+
default:
LOGP(DMSC, LOGL_ERROR,
"msc_tx(): conn->via_ran invalid (%d)\n",
diff --git a/src/libmsc/msc_vty.c b/src/libmsc/msc_vty.c
index 93d093f..e1019a2 100644
--- a/src/libmsc/msc_vty.c
+++ b/src/libmsc/msc_vty.c
@@ -56,6 +56,8 @@
#include <osmocom/msc/signal.h>
#include <osmocom/msc/mncc_int.h>
#include <osmocom/msc/rrlp.h>
+#include <osmocom/msc/vlr_sgs.h>
+#include <osmocom/msc/sgs_vty.h>
static struct gsm_network *gsmnet = NULL;
@@ -565,7 +567,7 @@
{
vty_out(vty, "%08x %3s %5u %3u %08x %c /%1u %27s %22s%s",
conn->a.conn_id,
- conn->via_ran == OSMO_RAT_UTRAN_IU ? "Iu" : "A",
+ osmo_rat_type_name(conn->via_ran),
conn->lac,
conn->use_count,
conn->use_tokens,
@@ -729,6 +731,15 @@
reqs += 1;
vty_out(vty, " Paging: %s paging for %d requests%s",
vsub->cs.is_paging ? "is" : "not", reqs, VTY_NEWLINE);
+
+ /* SGs related */
+ vty_out(vty, " SGs-state: %s%s",
+ osmo_fsm_inst_state_name(vsub->sgs_fsm), VTY_NEWLINE);
+ if (vsub->sgs.mme_name && strlen(vsub->sgs.mme_name))
+ vty_out(vty, " SGs-MME: %s%s", vsub->sgs.mme_name, VTY_NEWLINE);
+ else
+ vty_out(vty, " SGs-MME: (none)%s", VTY_NEWLINE);
+
vty_out(vty, " Use count: %u%s", vsub->use_count, VTY_NEWLINE);
/* Connection */
@@ -1159,7 +1170,7 @@
return CMD_WARNING;
}
- req = subscr_request_conn(vsub, NULL, NULL, "manual Paging from VTY");
+ req = subscr_request_conn(vsub, NULL, NULL, "manual Paging from VTY", SGSAP_SERV_IND_CS_CALL);
if (req)
vty_out(vty, "%% paging subscriber%s", VTY_NEWLINE);
else
@@ -1590,6 +1601,7 @@
#ifdef BUILD_IU
ranap_iu_vty_init(MSC_NODE, &msc_network->iu.rab_assign_addr_enc);
#endif
+ sgs_vty_init();
osmo_fsm_vty_add_cmds();
osmo_signal_register_handler(SS_SCALL, scall_cbfn, NULL);
diff --git a/src/libmsc/ran_conn.c b/src/libmsc/ran_conn.c
index 4eefa6d..6629bf6 100644
--- a/src/libmsc/ran_conn.c
+++ b/src/libmsc/ran_conn.c
@@ -31,6 +31,7 @@
#include <osmocom/msc/transaction.h>
#include <osmocom/msc/signal.h>
#include <osmocom/msc/a_iface.h>
+#include <osmocom/msc/sgs_iface.h>
#include <osmocom/msc/iucs.h>
#include "../../bscconfig.h"
@@ -338,6 +339,13 @@
{
struct ran_conn *conn = fi->priv;
+ /* The SGs interface needs to access vsub struct members to send the
+ * release message, however the following release procedures will
+ * remove conn->vsub, so we need to send the release right now. */
+ if (conn->via_ran == OSMO_RAT_EUTRAN_SGS) {
+ sgs_iface_tx_release(conn);
+ }
+
/* Use count for either conn->a.waiting_for_clear_complete or
* conn->iu.waiting_for_release_complete. 'get' it early, so we don't deallocate after tearing
* down active transactions. Safeguard against double-get (though it shouldn't happen). */
@@ -381,6 +389,12 @@
}
conn->iu.waiting_for_release_complete = true;
break;
+ case OSMO_RAT_EUTRAN_SGS:
+ /* Release message is already sent at the beginning of this
+ * functions (see above), but we still need to notify the
+ * conn that a release has been sent / is in progress. */
+ ran_conn_sgs_release_sent(conn);
+ break;
default:
LOGP(DMM, LOGL_ERROR, "%s: Unknown RAN type, cannot tx release/clear\n",
vlr_subscr_name(conn->vsub));
@@ -667,6 +681,8 @@
case OSMO_RAT_UTRAN_IU:
conn->log_subsys = DRANAP;
break;
+ case OSMO_RAT_EUTRAN_SGS:
+ conn->log_subsys = DSGS;
default:
conn->log_subsys = DMSC;
break;
@@ -772,3 +788,11 @@
{
rx_close_complete(conn, "Iu Release Complete", &conn->iu.waiting_for_release_complete);
}
+
+void ran_conn_sgs_release_sent(struct ran_conn *conn)
+{
+ bool dummy_waiting_for_release_complete = true;
+
+ /* Note: In SGsAP there is no confirmation of a release. */
+ rx_close_complete(conn, "SGs Release Complete", &dummy_waiting_for_release_complete);
+}
diff --git a/src/libmsc/sgs_iface.c b/src/libmsc/sgs_iface.c
new file mode 100644
index 0000000..1c2146a
--- /dev/null
+++ b/src/libmsc/sgs_iface.c
@@ -0,0 +1,1265 @@
+/* SGs Interface according to 3GPP TS 23.272 + TS 29.118 */
+
+/* (C) 2018-2019 by sysmocom s.f.m.c. GmbH
+ * All Rights Reserved
+ *
+ * Author: Harald Welte, Philipp Maier
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#include <osmocom/core/utils.h>
+#include <osmocom/core/msgb.h>
+#include <osmocom/core/fsm.h>
+#include <osmocom/core/socket.h>
+#include <osmocom/core/select.h>
+
+#include <osmocom/gsm/tlv.h>
+#include <osmocom/gsm/gsm48.h>
+#include <osmocom/gsm/gsm23003.h>
+#include <osmocom/gsm/gsm29118.h>
+
+#include <osmocom/netif/stream.h>
+
+#include <osmocom/msc/vlr.h>
+#include <osmocom/msc/vlr_sgs.h>
+#include <osmocom/msc/gsm_data.h>
+#include <osmocom/msc/a_iface.h>
+#include <osmocom/msc/gsm_04_08.h>
+
+#include <osmocom/msc/debug.h>
+#include <osmocom/msc/sgs_iface.h>
+#include <osmocom/msc/sgs_server.h>
+#include <osmocom/msc/msc_ifaces.h>
+#include <osmocom/gsm/protocol/gsm_29_118.h>
+
+#include <osmocom/gsm/apn.h>
+
+#define S(x) (1 << (x))
+
+/* A pointer to the GSM network we work with. By the current paradigm,
+ * there can only be one gsm_network per MSC. The pointer is set once
+ * when calling a_init() */
+static struct gsm_network *gsm_network = NULL;
+
+static struct osmo_fsm sgs_vlr_reset_fsm;
+static void sgs_tx(struct sgs_connection *sgc, struct msgb *msg);
+
+struct sgs_state *g_sgs;
+
+/***********************************************************************
+ * SGs state per MME connection
+ ***********************************************************************/
+
+#define LOGSGC(sgc, lvl, fmt, args...) \
+ LOGP(DSGS, lvl, "%s: " fmt, sgc->sockname, ## args)
+
+#define LOGSGC_VSUB(sgc, sub_info, lvl, fmt, args...) \
+ LOGP(DSGS, lvl, "(sub %s) %s: " fmt, sub_info, sgc->sockname, ## args)
+
+#define LOGMME(mme, lvl, fmt, args...) \
+ LOGP(DSGS, lvl, "%s: " fmt, mme->fqdn ? mme->fqdn : mme->conn->sockname, ## args)
+
+enum sgs_vlr_reset_fsm_state {
+ SGS_VLRR_ST_NULL,
+ SGS_VLRR_ST_WAIT_ACK,
+ SGS_VLRR_ST_COMPLETE,
+};
+
+enum sgs_vlr_reset_fsm_event {
+ SGS_VLRR_E_START_RESET,
+ SGS_VLRR_E_RX_RESET_ACK,
+};
+
+/***********************************************************************
+ * SGs utility functions
+ ***********************************************************************/
+
+/* Allocate a new subscriber connection */
+static struct ran_conn *subscr_conn_allocate_sgs(struct sgs_connection *sgc, struct vlr_subscr *vsub, bool mt)
+{
+ struct ran_conn *conn;
+
+ conn = ran_conn_alloc(gsm_network, OSMO_RAT_EUTRAN_SGS, vsub->sgs.lai.lac);
+ if (!conn) {
+ LOGSGC_VSUB(sgc, vlr_subscr_name(vsub), LOGL_ERROR, "Connection allocation failed\n");
+ return NULL;
+ }
+
+ conn->vsub = vsub;
+ conn->vsub->cs.attached_via_ran = conn->via_ran;
+
+ /* Accept the connection immediately, since the UE is already
+ * authenticated by the MME no authentication is required. */
+ conn->complete_layer3_type = mt ? COMPLETE_LAYER3_PAGING_RESP : COMPLETE_LAYER3_CM_SERVICE_REQ;
+ ran_conn_update_id(conn);
+ osmo_fsm_inst_dispatch(conn->fi, RAN_CONN_E_COMPLETE_LAYER_3, NULL);
+ osmo_fsm_inst_dispatch(conn->fi, RAN_CONN_E_ACCEPTED, NULL);
+
+ LOG_RAN_CONN(conn, LOGL_DEBUG, "RAN connection successfully allocated!\n");
+ return conn;
+}
+
+/* Check if there are connections associated with a given subscriber. If yes,
+ * make sure that those connections are tossed. */
+static void subscr_conn_toss(struct vlr_subscr *vsub)
+{
+ struct ran_conn *conn;
+
+ conn = connection_for_subscr(vsub);
+ if (!conn)
+ return;
+
+ LOG_RAN_CONN(conn, LOGL_DEBUG, "RAN connection tossed because of unexpected RAN change!\n");
+
+ ran_conn_mo_close(conn, GSM48_REJECT_CONGESTION);
+}
+
+struct sgs_mme_ctx *sgs_mme_by_fqdn(struct sgs_state *sgs, const char *mme_fqdn)
+{
+ struct sgs_mme_ctx *mme;
+
+ llist_for_each_entry(mme, &sgs->mme_list, entry) {
+ if (!strcasecmp(mme_fqdn, mme->fqdn))
+ return mme;
+ }
+ return NULL;
+}
+
+static struct sgs_mme_ctx *sgs_mme_alloc(struct sgs_state *sgs, const char *mme_fqdn, const struct osmo_gummei *gummei)
+{
+ struct sgs_mme_ctx *mme;
+
+ OSMO_ASSERT(sgs_mme_by_fqdn(sgs, mme_fqdn) == NULL);
+
+ mme = talloc_zero(sgs, struct sgs_mme_ctx);
+ if (!mme)
+ return NULL;
+ mme->sgs = sgs;
+ OSMO_STRLCPY_ARRAY(mme->fqdn, mme_fqdn);
+ mme->fi = osmo_fsm_inst_alloc(&sgs_vlr_reset_fsm, mme, mme, LOGL_INFO, osmo_gummei_name(gummei));
+ if (!mme->fi) {
+ talloc_free(mme);
+ return NULL;
+ }
+ llist_add_tail(&mme->entry, &sgs->mme_list);
+ return mme;
+}
+
+/* Decode and verify MME name */
+static int decode_mme_name(char *mme_name, const struct tlv_parsed *tp)
+{
+ const uint8_t *mme_name_enc = TLVP_VAL_MINLEN(tp, SGSAP_IE_MME_NAME, SGS_MME_NAME_LEN);
+ struct osmo_gummei gummei;
+
+ if (!mme_name_enc)
+ return -EINVAL;
+
+ /* decode the MME name from DNS labels to string */
+ osmo_apn_to_str(mme_name, TLVP_VAL(tp, SGSAP_IE_MME_NAME), TLVP_LEN(tp, SGSAP_IE_MME_NAME));
+
+ /* try to parse the MME name into a GUMMEI as a test for the format */
+ if (osmo_parse_mme_domain(&gummei, mme_name) < 0)
+ return -EINVAL;
+
+ return 0;
+}
+
+/* A MME FQDN was received (e.g. RESET-IND/RESET-ACK/LU-REQ) */
+static int sgs_mme_fqdn_received(struct sgs_connection *sgc, const char *mme_fqdn)
+{
+ struct sgs_mme_ctx *mme;
+ struct osmo_gummei gummei;
+
+ /* caller must pass in a valid FQDN string syntax */
+ OSMO_ASSERT(osmo_parse_mme_domain(&gummei, mme_fqdn) == 0);
+
+ if (!sgc->mme) {
+ /* attempt to find MME with given name */
+ mme = sgs_mme_by_fqdn(sgc->sgs, mme_fqdn);
+ if (!mme)
+ mme = sgs_mme_alloc(sgc->sgs, mme_fqdn, &gummei);
+ OSMO_ASSERT(mme);
+
+ if (mme->conn) {
+ /* The MME context has another connection !?! */
+ LOGSGC(sgc, LOGL_ERROR, "Rx MME name %s, but that MME already has other "
+ "SCTP connection?!?\n", mme_fqdn);
+ return -1;
+ } else {
+ /* associate the two */
+ mme->conn = sgc;
+ sgc->mme = mme;
+ }
+ } else {
+ mme = sgc->mme;
+ if (strcasecmp(mme->fqdn, mme_fqdn) != 0) {
+ LOGMME(mme, LOGL_ERROR, "Rx MME name \"%s\" in packet from MME \"%s\" ?!?\n", mme_fqdn,
+ mme->fqdn);
+ return -2;
+ }
+ }
+ return 0;
+}
+
+/* Safely get the mme-name for an sgs-connection */
+static char *sgs_mme_fqdn_get(struct sgs_connection *sgc)
+{
+ if (!sgc)
+ return NULL;
+ if (!sgc->mme)
+ return NULL;
+ if (sgc->mme->fqdn[0] == '\0')
+ return NULL;
+ return sgc->mme->fqdn;
+}
+
+/* Find an sgs_mme_ctx for a given vlr subscriber, also check result */
+struct sgs_mme_ctx *sgs_mme_ctx_by_vsub(struct vlr_subscr *vsub, uint8_t msg_type)
+{
+ struct sgs_mme_ctx *mme;
+
+ /* Find SGS connection by MME name */
+ mme = sgs_mme_by_fqdn(g_sgs, vsub->sgs.mme_name);
+ if (!mme) {
+ LOGP(DSGS, LOGL_ERROR, "(sub %s) Tx %s cannot find suitable MME!\n",
+ vlr_subscr_name(vsub), sgsap_msg_type_name(msg_type));
+ return NULL;
+ }
+ if (!mme->conn) {
+ LOGP(DSGS, LOGL_ERROR,
+ "(sub %s) Tx %s suitable MME found, but no SGS connection present!\n",
+ vlr_subscr_name(vsub), sgsap_msg_type_name(msg_type));
+ return NULL;
+ }
+ if (!mme->sgs) {
+ LOGP(DSGS, LOGL_ERROR,
+ "(sub %s) Tx %s suitable MME found, but no SGS state present!\n",
+ vlr_subscr_name(vsub), sgsap_msg_type_name(msg_type));
+ return NULL;
+ }
+
+ return mme;
+}
+
+/* Make sure that the subscriber is known and that the subscriber is in the
+ * SGs associated state. In case of failure the function returns false and
+ * automatically sends a release message to the MME */
+static bool check_sgs_association(struct sgs_connection *sgc, struct msgb *msg, char *imsi)
+{
+ struct vlr_subscr *vsub;
+ struct msgb *resp;
+ uint8_t msg_type = msg->data[0];
+
+ /* Subscriber must be known by the VLR */
+ vsub = vlr_subscr_find_by_imsi(gsm_network->vlr, imsi);
+ if (!vsub) {
+ LOGSGC(sgc, LOGL_NOTICE, "SGsAP Message %s with unknown IMSI (%s), releasing\n",
+ sgsap_msg_type_name(msg_type), imsi);
+ resp = gsm29118_create_release_req(imsi, SGSAP_SGS_CAUSE_IMSI_UNKNOWN);
+ sgs_tx(sgc, resp);
+ return false;
+ }
+
+ /* The SGs FSM must also be in SGs associated state */
+ if (vsub->sgs_fsm->state != SGS_UE_ST_ASSOCIATED) {
+ LOGSGC(sgc, LOGL_NOTICE, "(sub %s) SGsAP Message %s subscriber not SGs-associated, releasing\n",
+ vlr_subscr_name(vsub), sgsap_msg_type_name(msg_type));
+ resp = gsm29118_create_release_req(vsub->imsi, SGSAP_SGS_CAUSE_IMSI_DET_EPS_NONEPS);
+ sgs_tx(sgc, resp);
+ vlr_subscr_put(vsub);
+ return false;
+ }
+
+ vlr_subscr_put(vsub);
+ return true;
+}
+
+/***********************************************************************
+ * SGsAP transmit functions
+ ***********************************************************************/
+
+/* Send message out to remote end (final step) */
+static void sgs_tx(struct sgs_connection *sgc, struct msgb *msg)
+{
+ if (!msg) {
+ LOGSGC(sgc, LOGL_NOTICE, "Null message, cannot transmit!\n");
+ return;
+ }
+
+ msgb_sctp_ppid(msg) = 0;
+ if (!sgc) {
+ LOGSGC(sgc, LOGL_NOTICE, "Cannot transmit %s: connection dead. Discarding\n",
+ sgsap_msg_type_name(msg->data[0]));
+ msgb_free(msg);
+ return;
+ }
+ osmo_stream_srv_send(sgc->srv, msg);
+}
+
+/* Get some subscriber info from ISMI (for the log text) */
+const char *subscr_info(const char *imsi)
+{
+ const char *subscr_string = "<unknown>";
+ struct vlr_subscr *vsub;
+
+ if (imsi) {
+ vsub = vlr_subscr_find_by_imsi(gsm_network->vlr, imsi);
+ if (!vsub)
+ subscr_string = imsi;
+ else {
+ subscr_string = vlr_subscr_name(vsub);
+ vlr_subscr_put(vsub);
+ }
+ }
+
+ return subscr_string;
+}
+
+/* Comfortable status message generator that also generates some basic
+ * context-dependent dependand log output */
+static int sgs_tx_status(struct sgs_connection *sgc, const char *imsi, enum sgsap_sgs_cause cause, struct msgb *msg,
+ int sgsap_iei)
+{
+ struct msgb *resp;
+
+ if (sgsap_iei < 0) {
+ LOGSGC_VSUB(sgc, subscr_info(imsi), LOGL_ERROR, "Rx %s failed with cause %s!\n",
+ sgsap_msg_type_name(msg->data[0]), sgsap_sgs_cause_name(cause));
+ } else if (cause == SGSAP_SGS_CAUSE_MISSING_MAND_IE) {
+ LOGSGC_VSUB(sgc, subscr_info(imsi), LOGL_ERROR, "Rx %s with missing mandatory %s IEI!\n",
+ sgsap_msg_type_name(msg->data[0]), sgsap_iei_name(sgsap_iei));
+ } else if (cause == SGSAP_SGS_CAUSE_INVALID_MAND_IE) {
+ LOGSGC_VSUB(sgc, subscr_info(imsi), LOGL_ERROR, "Rx %s with invalid mandatory %s IEI!\n",
+ sgsap_msg_type_name(msg->data[0]), sgsap_iei_name(sgsap_iei));
+ } else if (cause == SGSAP_SGS_CAUSE_COND_IE_ERROR) {
+ LOGSGC_VSUB(sgc, subscr_info(imsi), LOGL_ERROR, "Rx %s with errornous conditional %s IEI!\n",
+ sgsap_msg_type_name(msg->data[0]), sgsap_iei_name(sgsap_iei));
+ } else {
+ LOGSGC_VSUB(sgc, subscr_info(imsi), LOGL_ERROR, "Rx %s failed with cause %s at %s IEI!\n",
+ sgsap_msg_type_name(msg->data[0]), sgsap_sgs_cause_name(cause), sgsap_iei_name(sgsap_iei));
+ }
+
+ resp = gsm29118_create_status(imsi, cause, msg);
+ sgs_tx(sgc, resp);
+ return 0;
+}
+
+/* Called by VLR via callback, transmits the the location update response or
+ * reject, depending on the outcome of the location update. */
+static void sgs_tx_loc_upd_resp_cb(struct sgs_lu_response *response)
+{
+ struct msgb *resp;
+ struct vlr_subscr *vsub = response->vsub;
+ struct sgs_mme_ctx *mme;
+ uint8_t new_id[2 + GSM48_TMSI_LEN];
+ uint8_t *new_id_ptr = new_id;
+ unsigned int new_id_len = 0;
+ uint8_t resp_msg_type;
+
+ if (response->accepted)
+ resp_msg_type = SGSAP_MSGT_LOC_UPD_ACK;
+ else
+ resp_msg_type = SGSAP_MSGT_LOC_UPD_REJ;
+
+ mme = sgs_mme_ctx_by_vsub(vsub, resp_msg_type);
+ if (!mme)
+ return;
+
+ if (response->accepted) {
+ if (vsub->tmsi_new != GSM_RESERVED_TMSI) {
+ new_id_len = gsm48_generate_mid_from_tmsi(new_id, vsub->tmsi_new);
+ new_id_ptr = new_id + 2;
+ new_id_len -= 2;
+ }
+ resp = gsm29118_create_lu_ack(vsub->imsi, &vsub->sgs.lai, new_id_ptr, new_id_len);
+ sgs_tx(mme->conn, resp);
+ vlr_sgs_loc_update_acc_sent(vsub);
+ } else {
+ resp = gsm29118_create_lu_rej(vsub->imsi, SGSAP_SGS_CAUSE_IMSI_UNKNOWN, &vsub->sgs.lai);
+ sgs_tx(mme->conn, resp);
+ vlr_sgs_loc_update_rej_sent(vsub);
+ }
+}
+
+/* Called by VLR via callback, transmits MM information to the UE */
+static void sgs_tx_mm_info_cb(struct vlr_subscr *vsub)
+{
+ struct msgb *msg;
+ struct msgb *msg_mm_info;
+ struct sgs_mme_ctx *mme;
+
+ /* The sending of MM information requests is an optional feature and
+ * depends on the network configuration (VTY) */
+ if (!gsm_network->send_mm_info)
+ return;
+
+ mme = sgs_mme_ctx_by_vsub(vsub, SGSAP_MSGT_MM_INFO_REQ);
+ if (!mme)
+ return;
+
+ /* Create and send MM information request message, see also:
+ * 3GPP TS 29.118, chapter 8.12 SGsAP-MM-INFORMATION-REQUEST and
+ * 3GPP TS 29.018, chapter 18.4.16 MM information. */
+ msg_mm_info = gsm48_create_mm_info(gsm_network);
+ msg = gsm29118_create_mm_info_req(vsub->imsi, msg_mm_info->data + 2, msg_mm_info->len - 2);
+ sgs_tx(mme->conn, msg);
+ msgb_free(msg_mm_info);
+}
+
+/*! Page UE through SGs interface
+ * \param[in] vsub subscriber context
+ * \param[in] serv_ind service indicator (sms or voide)
+ * \returns 0 in case of success, -EINVAL in case of error. */
+int sgs_iface_tx_paging(struct vlr_subscr *vsub, enum sgsap_service_ind serv_ind)
+{
+ struct msgb *resp;
+ struct gsm29118_paging_req paging_params;
+ struct sgs_mme_ctx *mme;
+
+ /* See also: 3GPP TS 29.118, chapter 5.1.2.2 Paging Initiation */
+ if (vsub->sgs_fsm->state == SGS_UE_ST_NULL && vsub->conf_by_radio_contact_ind == true)
+ return -EINVAL;
+
+ mme = sgs_mme_ctx_by_vsub(vsub, SGSAP_MSGT_PAGING_REQ);
+ if (!mme)
+ return -EINVAL;
+
+ /* Check if there is still a paging in progress for this subscriber,
+ * if yes, don't initiate another paging request. */
+ if (vlr_sgs_pag_pend(vsub))
+ return 0;
+
+ memset(&paging_params, 0, sizeof(paging_params));
+ osmo_strlcpy(paging_params.imsi, vsub->imsi, sizeof(paging_params.imsi));
+ osmo_strlcpy(paging_params.vlr_name, mme->sgs->cfg.vlr_name, sizeof(paging_params.vlr_name));
+ paging_params.serv_ind = serv_ind;
+ if (vsub->conf_by_radio_contact_ind == true) {
+ memcpy(&paging_params.lai, &vsub->sgs.lai, sizeof(paging_params.lai));
+ paging_params.lai_present = true;
+ }
+ resp = gsm29118_create_paging_req(&paging_params);
+ sgs_tx(mme->conn, resp);
+
+ /* FIXME: If we are in SGS_UE_ST_NULL while sub->conf_by_radio_contact_ind == false,
+ * we are supposed to start a search procedure as defined in 3GPP TS 23.018 */
+
+ /* Inform the VLR that a paging via SGs is in progress */
+ vlr_sgs_pag(vsub, serv_ind);
+
+ /* Return a page count of 1 (success) */
+ return 1;
+}
+
+/***********************************************************************
+ * SGs incoming messages from the MME
+ ***********************************************************************/
+
+/* Safely read out the SGs cause code from a given message/tlv set, send status
+ * message in case the cause code is invalid or missing. */
+static int sgs_cause_from_msg(struct sgs_connection *sgc, struct msgb *msg, const struct tlv_parsed *tp,
+ const char *imsi)
+{
+ enum sgsap_sgs_cause cause;
+ const uint8_t *cause_ptr;
+ cause_ptr = TLVP_VAL_MINLEN(tp, SGSAP_IE_SGS_CAUSE, 1);
+ if (!cause_ptr) {
+ sgs_tx_status(sgc, imsi, SGSAP_SGS_CAUSE_MISSING_MAND_IE, msg, SGSAP_IE_SGS_CAUSE);
+ return -1;
+ } else
+ cause = *cause_ptr;
+ return cause;
+}
+
+/* SGsAP-STATUS 3GPP TS 29.118, chapter 8.18 */
+static int sgs_rx_status(struct sgs_connection *sgc, struct msgb *msg, const struct tlv_parsed *tp, const char *imsi)
+{
+ int cause;
+ const uint8_t *err_msg;
+ const char *imsi_ptr;
+ char *err_msg_hex = "(none)";
+
+ cause = sgs_cause_from_msg(sgc, msg, tp, NULL);
+ if (cause < 0)
+ return 0;
+
+ if (imsi[0] != '\0')
+ imsi_ptr = imsi;
+ else
+ imsi_ptr = "<none>";
+
+ if (TLVP_PRESENT(tp, SGSAP_IE_ERR_MSG))
+ err_msg = TLVP_VAL(tp, SGSAP_IE_ERR_MSG);
+ else
+ err_msg = NULL;
+
+ if (err_msg)
+ err_msg_hex = osmo_hexdump(err_msg, TLVP_LEN(tp, SGSAP_IE_ERR_MSG));
+
+ LOGSGC(sgc, LOGL_NOTICE, "Rx STATUS cause=%s, IMSI=%s, err_msg=%s\n",
+ sgsap_sgs_cause_name(cause), imsi_ptr, err_msg_hex);
+
+ return 0;
+}
+
+/* SGsAP-RESET-INDICATION 3GPP TS 29.118, chapter 8.16 */
+static int sgs_rx_reset_ind(struct sgs_connection *sgc, struct msgb *msg, const struct tlv_parsed *tp)
+{
+ struct gsm29118_reset_msg reset_params;
+ struct msgb *resp;
+
+ memset(&reset_params, 0, sizeof(reset_params));
+ osmo_strlcpy(reset_params.vlr_name, sgc->sgs->cfg.vlr_name, sizeof(reset_params.vlr_name));
+ reset_params.vlr_name_present = true;
+
+ resp = gsm29118_create_reset_ack(&reset_params);
+
+ /* Perform a reset of the SGS FSM of all subscribers that are present in the VLR */
+ vlr_sgs_reset(gsm_network->vlr);
+
+ sgs_tx(sgc, resp);
+ return 0;
+}
+
+/* SGsAP-RESET-ACK 3GPP TS 29.118, chapter 8.15 */
+static int sgs_rx_reset_ack(struct sgs_connection *sgc, struct msgb *msg, const struct tlv_parsed *tp)
+{
+ /* dispatch event to VLR reset FSM for this MME */
+ if (sgc->mme && sgc->mme->fi)
+ osmo_fsm_inst_dispatch(sgc->mme->fi, SGS_VLRR_E_RX_RESET_ACK, msg);
+ return 0;
+}
+
+/* SGsAP-LOCATION-UPDATE-REQUEST 3GPP TS 29.118, chapter 8.11 */
+static int sgs_rx_loc_upd_req(struct sgs_connection *sgc, struct msgb *msg, const struct tlv_parsed *tp, char *imsi)
+{
+ struct msgb *resp;
+ const uint8_t *lu_type_ie;
+ enum vlr_lu_type type;
+ struct osmo_location_area_id new_lai;
+ const struct gsm48_loc_area_id *gsm48_lai;
+ int rc;
+ char *mme_name;
+ struct vlr_sgs_cfg vlr_sgs_cfg;
+ struct vlr_subscr *vsub;
+
+ /* Check for lingering connections */
+ vsub = vlr_subscr_find_by_imsi(gsm_network->vlr, imsi);
+ if (vsub) {
+ subscr_conn_toss(vsub);
+ vlr_subscr_put(vsub);
+ }
+
+ /* Determine MME-Name */
+ mme_name = sgs_mme_fqdn_get(sgc);
+ if (!mme_name) {
+ resp = gsm29118_create_lu_rej(imsi, SGSAP_SGS_CAUSE_IMSI_UNKNOWN, NULL);
+ sgs_tx(sgc, resp);
+ return 0;
+ }
+
+ /* Parse LU-Type */
+ lu_type_ie = TLVP_VAL_MINLEN(tp, SGSAP_IE_EPS_LU_TYPE, 1);
+ if (!lu_type_ie)
+ return sgs_tx_status(sgc, imsi, SGSAP_SGS_CAUSE_MISSING_MAND_IE, msg, SGSAP_IE_EPS_LU_TYPE);
+ if (lu_type_ie[0] == 0x01)
+ type = VLR_LU_TYPE_IMSI_ATTACH;
+ else
+ type = VLR_LU_TYPE_REGULAR;
+
+ /* Parse LAI of the new location */
+ gsm48_lai = (struct gsm48_loc_area_id *)TLVP_VAL_MINLEN(tp, SGSAP_IE_LAI, 5);
+ if (!gsm48_lai)
+ return sgs_tx_status(sgc, imsi, SGSAP_SGS_CAUSE_MISSING_MAND_IE, msg, SGSAP_IE_LAI);
+ gsm48_decode_lai2(gsm48_lai, &new_lai);
+
+ /* Perform actual location update */
+ memcpy(vlr_sgs_cfg.timer, sgc->sgs->cfg.timer, sizeof(vlr_sgs_cfg.timer));
+ memcpy(vlr_sgs_cfg.counter, sgc->sgs->cfg.counter, sizeof(vlr_sgs_cfg.counter));
+ rc = vlr_sgs_loc_update(gsm_network->vlr, &vlr_sgs_cfg, sgs_tx_loc_upd_resp_cb, sgs_iface_tx_paging,
+ sgs_tx_mm_info_cb, mme_name, type, imsi, &new_lai);
+ if (rc != 0) {
+ resp = gsm29118_create_lu_rej(imsi, SGSAP_SGS_CAUSE_IMSI_UNKNOWN, NULL);
+ sgs_tx(sgc, resp);
+ }
+
+ return 0;
+}
+
+/* SGsAP-IMSI-DETACH-INDICATION 3GPP TS 29.118, chapter 8.8 */
+static int sgs_rx_imsi_det_ind(struct sgs_connection *sgc, struct msgb *msg, const struct tlv_parsed *tp, char *imsi)
+{
+ struct msgb *resp;
+ enum sgsap_imsi_det_noneps_type type;
+ const uint8_t *type_ie;
+
+ type_ie = TLVP_VAL_MINLEN(tp, SGSAP_IE_IMSI_DET_NONEPS_TYPE, 1);
+ if (!type_ie)
+ return sgs_tx_status(sgc, imsi, SGSAP_SGS_CAUSE_MISSING_MAND_IE, msg, SGSAP_IE_IMSI_DET_NONEPS_TYPE);
+
+ switch (type_ie[0]) {
+ case SGSAP_ID_NONEPS_T_EXPLICIT_UE_NONEPS:
+ type = SGSAP_ID_NONEPS_T_EXPLICIT_UE_NONEPS;
+ break;
+ case SGSAP_ID_NONEPS_T_COMBINED_UE_EPS_NONEPS:
+ type = SGSAP_ID_NONEPS_T_COMBINED_UE_EPS_NONEPS;
+ break;
+ case SGSAP_ID_NONEPS_T_IMPLICIT_UE_EPS_NONEPS:
+ type = SGSAP_ID_NONEPS_T_IMPLICIT_UE_EPS_NONEPS;
+ break;
+ default:
+ return sgs_tx_status(sgc, imsi, SGSAP_SGS_CAUSE_INVALID_MAND_IE, msg, SGSAP_IE_IMSI_DET_NONEPS_TYPE);
+ break;
+ }
+
+ vlr_sgs_imsi_detach(gsm_network->vlr, imsi, type);
+ resp = gsm29118_create_imsi_det_ack(imsi);
+ sgs_tx(sgc, resp);
+
+ return 0;
+}
+
+/* SGsAP-EPS-DETACH-INDICATION 3GPP TS 29.118, chapter 8.6 */
+static int sgs_rx_eps_det_ind(struct sgs_connection *sgc, struct msgb *msg, const struct tlv_parsed *tp, char *imsi)
+{
+ struct msgb *resp;
+ enum sgsap_imsi_det_eps_type type;
+ const uint8_t *type_ie;
+
+ type_ie = TLVP_VAL_MINLEN(tp, SGSAP_IE_IMSI_DET_EPS_TYPE, 1);
+ if (!type_ie)
+ return sgs_tx_status(sgc, imsi, SGSAP_SGS_CAUSE_MISSING_MAND_IE, msg, SGSAP_IE_IMSI_DET_EPS_TYPE);
+
+ switch (type_ie[0]) {
+ case SGSAP_ID_EPS_T_NETWORK_INITIATED:
+ type = SGSAP_ID_EPS_T_NETWORK_INITIATED;
+ break;
+ case SGSAP_ID_EPS_T_UE_INITIATED:
+ type = SGSAP_ID_EPS_T_UE_INITIATED;
+ break;
+ case SGSAP_ID_EPS_T_EPS_NOT_ALLOWED:
+ type = SGSAP_ID_EPS_T_EPS_NOT_ALLOWED;
+ break;
+ default:
+ return sgs_tx_status(sgc, imsi, SGSAP_SGS_CAUSE_INVALID_MAND_IE, msg, SGSAP_IE_IMSI_DET_EPS_TYPE);
+ break;
+ }
+
+ vlr_sgs_eps_detach(gsm_network->vlr, imsi, type);
+ resp = gsm29118_create_eps_det_ack(imsi);
+ sgs_tx(sgc, resp);
+
+ return 0;
+}
+
+/* SGsAP-PAGING-REJECT 3GPP TS 29.118, chapter 8.13 */
+static int sgs_rx_pag_rej(struct sgs_connection *sgc, struct msgb *msg, const struct tlv_parsed *tp, char *imsi)
+{
+ int cause;
+ struct vlr_subscr *vsub;
+
+ cause = sgs_cause_from_msg(sgc, msg, tp, NULL);
+ if (cause < 0)
+ return 0;
+
+ /* Subscriber must be known by the VLR */
+ vsub = vlr_subscr_find_by_imsi(gsm_network->vlr, imsi);
+ if (!vsub)
+ return sgs_tx_status(sgc, imsi, SGSAP_SGS_CAUSE_IMSI_UNKNOWN, msg, SGSAP_IE_IMSI);
+
+ /* Inform the VLR */
+ vlr_sgs_pag_rej(gsm_network->vlr, imsi, cause);
+
+ /* Stop all paging activity */
+ subscr_paging_cancel(vsub, GSM_PAGING_EXPIRED);
+
+ /* Depending on the cause code some action is required */
+ if (cause == SGSAP_SGS_CAUSE_MT_CSFB_REJ_USER) {
+ /* FIXME: We are supposed to trigger a User Determined User Busy (UDUB)
+ * as specified in 3GPP TS 24.082 here, SGs association state shall not
+ * be changed */
+ LOGSGC(sgc, LOGL_ERROR,
+ "Rx %s with SGSAP_SGS_CAUSE_MT_CSFB_REJ_USER, but sending UDUP is not implemented yet!\n",
+ sgsap_msg_type_name(msg->data[0]));
+ } else if (cause == SGSAP_SGS_CAUSE_IMSI_DET_EPS) {
+ /* FIXME: In this case we should send the paging via A/Iu interface */
+ OSMO_ASSERT(false);
+ }
+
+ vlr_subscr_put(vsub);
+ return 0;
+}
+
+/* SGsAP-UE-UNREACHABLE 3GPP TS 29.118, chapter 8.21 */
+static int sgs_rx_ue_unr(struct sgs_connection *sgc, struct msgb *msg, const struct tlv_parsed *tp, char *imsi)
+{
+ int cause;
+
+ cause = sgs_cause_from_msg(sgc, msg, tp, NULL);
+ if (cause < 0)
+ return 0;
+
+ vlr_sgs_ue_unr(gsm_network->vlr, imsi, cause);
+
+ return 0;
+}
+
+/* SGsAP-TMSI-REALLOCATION-COMPLETE 3GPP TS 29.118, chapter 8.19 */
+static int sgs_rx_tmsi_reall_cmpl(struct sgs_connection *sgc, struct msgb *msg, const struct tlv_parsed *tp, char *imsi)
+{
+ vlr_sgs_tmsi_reall_compl(gsm_network->vlr, imsi);
+ return 0;
+}
+
+/* SGsAP-SERVICE-REQUEST 3GPP TS 29.118, chapter 8.17 */
+static int sgs_rx_service_req(struct sgs_connection *sgc, struct msgb *msg, const struct tlv_parsed *tp, char *imsi)
+{
+ enum sgsap_service_ind serv_ind;
+ const uint8_t *serv_ind_ie;
+ struct ran_conn *conn;
+ struct vlr_subscr *vsub;
+
+ /* Note: While in other RAN concepts a service request is used to
+ * initiate mobile originated operation, the service request in SGsAP
+ * is comparable to a paging response. The SGsAP SERVICE REQUEST must
+ * not be confused or compared with a CM SERVICE REQUEST! */
+
+ if (!check_sgs_association(sgc, msg, imsi))
+ return 0;
+
+ vsub = vlr_subscr_find_by_imsi(gsm_network->vlr, imsi);
+ /* Note: vsub is already sufficiently verified by check_sgs_association(),
+ * we must have a vsub at this point! */
+ OSMO_ASSERT(vsub);
+
+ /* The Service request is intended as a paging response, if one is
+ * received while nothing is paging something is very wrong! */
+ if (!vlr_sgs_pag_pend(vsub)) {
+ vlr_subscr_put(vsub);
+ return sgs_tx_status(sgc, imsi, SGSAP_SGS_CAUSE_MSG_INCOMP_STATE, msg, -1);
+ }
+ serv_ind_ie = TLVP_VAL_MINLEN(tp, SGSAP_IE_SERVICE_INDICATOR, 1);
+
+ if (!serv_ind_ie) {
+ vlr_subscr_put(vsub);
+ return sgs_tx_status(sgc, imsi, SGSAP_SGS_CAUSE_MISSING_MAND_IE, msg, SGSAP_IE_SERVICE_INDICATOR);
+ }
+ if (serv_ind_ie[0] == SGSAP_SERV_IND_CS_CALL)
+ serv_ind = serv_ind_ie[0];
+ else if (serv_ind_ie[0] == SGSAP_SERV_IND_SMS)
+ serv_ind = serv_ind_ie[0];
+ else {
+ vlr_subscr_put(vsub);
+ return sgs_tx_status(sgc, imsi, SGSAP_SGS_CAUSE_INVALID_MAND_IE, msg, SGSAP_IE_SERVICE_INDICATOR);
+ }
+
+ /* FIXME: The MME shall include an UE EMM Mode IE, but the field is
+ * marked optional. (Why do we need this info at all?) */
+
+ /* Report to the VLR that the paging has successfully completed */
+ vlr_sgs_pag_ack(gsm_network->vlr, imsi);
+
+ /* Exit early when the service indicator indicates that a call is being
+ * established. In those cases we do not allocate a connection, instead
+ * the connection will be allocated when the MS is appearing on the
+ * A-Interface. */
+ if (serv_ind == SGSAP_SERV_IND_CS_CALL) {
+ vlr_subscr_put(vsub);
+ return 0;
+ }
+
+ /* Allocate subscriber connection */
+ conn = subscr_conn_allocate_sgs(sgc, vsub, true);
+ if (!conn) {
+ vlr_subscr_put(vsub);
+ return sgs_tx_status(sgc, imsi, SGSAP_SGS_CAUSE_MSG_INCOMP_STATE, msg, -1);
+ }
+
+ return 0;
+}
+
+/* SGsAP-UPLINK-UNITDATA 3GPP TS 29.118, chapter 8.22 */
+static int sgs_rx_ul_ud(struct sgs_connection *sgc, struct msgb *msg, const struct tlv_parsed *tp, char *imsi)
+{
+ struct dtap_header *dtap;
+ struct ran_conn *conn;
+ bool ran_conn_created = false;
+ const uint8_t *nas_msg_container_ie;
+ struct vlr_subscr *vsub;
+
+ if (!check_sgs_association(sgc, msg, imsi))
+ return 0;
+
+ vsub = vlr_subscr_find_by_imsi(gsm_network->vlr, imsi);
+ /* Note: vsub is already sufficiently verified by check_sgs_association(),
+ * we must have a vsub at this point! */
+ OSMO_ASSERT(vsub);
+
+ /* Try to find existing connection (MT) or allocate a new one (MO) */
+ conn = connection_for_subscr(vsub);
+ if (!conn) {
+ conn = subscr_conn_allocate_sgs(sgc, vsub, false);
+ ran_conn_created = true;
+ } else {
+ if (conn->via_ran != OSMO_RAT_EUTRAN_SGS) {
+ LOGSGC(sgc, LOGL_ERROR,
+ "Receiving uplink unit-data for non-sgs connection -- discarding message!\n");
+ msgb_free(msg);
+ return 0;
+ }
+ }
+
+ /* If we do not find an existing connection and allocating a new one
+ * faild, give up and return status. */
+ if (!conn) {
+ vlr_subscr_put(vsub);
+ return sgs_tx_status(sgc, imsi, SGSAP_SGS_CAUSE_MSG_INCOMP_STATE, msg, 0);
+ }
+
+ nas_msg_container_ie = TLVP_VAL_MINLEN(tp, SGSAP_IE_NAS_MSG_CONTAINER, 1);
+ if (!nas_msg_container_ie) {
+ vlr_subscr_put(vsub);
+ return sgs_tx_status(sgc, imsi, SGSAP_SGS_CAUSE_MISSING_MAND_IE, msg, SGSAP_IE_NAS_MSG_CONTAINER);
+ }
+
+ /* ran_conn_dtap expects the dtap payload in l3h */
+ dtap = (struct dtap_header *)nas_msg_container_ie;
+ msg->l3h = (uint8_t *) nas_msg_container_ie;
+ OMSC_LINKID_CB(msg) = dtap->link_id;
+
+ /* Forward dtap payload into the msc */
+ ran_conn_dtap(conn, msg);
+
+ /* If we did not create the conn right here, we just handle the ref
+ * counting normally. Otherwise we are in the same role as
+ * sgs_rx_service_req() and we want that the refcount says incremented
+ * througout the lifetime of the newly created conn. */
+ if (!ran_conn_created)
+ vlr_subscr_put(vsub);
+ return 0;
+}
+
+/* SGsAP-MO-CSFB-INDICATION, chapter 8.25 */
+static int sgs_rx_csfb_ind(struct sgs_connection *sgc, struct msgb *msg, const struct tlv_parsed *tp, char *imsi)
+{
+ struct vlr_subscr *vsub;
+
+ /* The MME informs us with this message that the UE has returned back
+ * to the 4G network, so we use the SGs interface again for further
+ * communication with the UE. */
+
+ vsub = vlr_subscr_find_by_imsi(gsm_network->vlr, imsi);
+ if (!vsub)
+ return sgs_tx_status(sgc, imsi, SGSAP_SGS_CAUSE_IMSI_UNKNOWN, msg, SGSAP_IE_IMSI);
+
+ /* Check for lingering connections */
+ subscr_conn_toss(vsub);
+
+ vsub->cs.attached_via_ran = OSMO_RAT_EUTRAN_SGS;
+ vlr_subscr_put(vsub);
+ return 0;
+}
+
+/* SGsAP-UE-ACTIVITY-INDICATION, chapter 8.20 */
+static int sgs_rx_ue_act_ind(struct sgs_connection *sgc, struct msgb *msg, const struct tlv_parsed *tp, char *imsi)
+{
+ /* In this MSC/VLR implementation we do not support the alerting
+ * procedure yet and therefore we will never request any alerting
+ * at the MME. Given that it is unlikely that we ever get activity
+ * indications from the MME, but if we do we should not act all too
+ * hostile and ignore the indication silently. */
+
+ LOGSGC(sgc, LOGL_ERROR, "Rx %s unexpected, we do not implement alerting yet, ignoring!\n",
+ sgsap_msg_type_name(msg->data[0]));
+
+ return 0;
+}
+
+#define TX_STATUS_AND_LOG(sgc, msg_type, cause, fmt) \
+ LOGSGC(sgc, LOGL_ERROR, fmt, sgsap_msg_type_name(msg_type)); \
+ resp = gsm29118_create_status(NULL, cause, msg); \
+ sgs_tx(sgc, resp); \
+
+/*! Process incoming SGs message (see sgs_server.c)
+ * \param[in] sgc related sgs connection
+ * \param[in] msg received message
+ * \returns 0 in case of success, -EINVAL in case of error. */
+int sgs_iface_rx(struct sgs_connection *sgc, struct msgb *msg)
+{
+ struct msgb *resp;
+ uint8_t msg_type = msg->l2h[0];
+ struct tlv_parsed tp;
+ int rc;
+ char imsi[GSM48_MI_SIZE];
+ char mme_name[SGS_MME_NAME_LEN + 1];
+
+ memset(imsi, 0, sizeof(imsi));
+ memset(mme_name, 0, sizeof(mme_name));
+
+ /* When the receiving entity receives a message that is too short to contain a complete
+ * message type information element, the receiving entity shall ignore that message. */
+ if (msgb_l2len(msg) < 1)
+ goto error;
+
+ /* Parse TLV elements */
+ rc = tlv_parse(&tp, &sgsap_ie_tlvdef, msgb_l2(msg) + 1, msgb_l2len(msg) - 1, 0, 0);
+ if (rc < 0) {
+ TX_STATUS_AND_LOG(sgc, msg_type, SGSAP_SGS_CAUSE_SEMANT_INCORR_MSG, "SGsAP Message %s parsing error\n");
+ goto error;
+ }
+
+ /* Most of the messages contain an IMSI as mandatory IE, parse it right here */
+ if (!TLVP_PRESENT(&tp, SGSAP_IE_IMSI) &&
+ msg_type != SGSAP_MSGT_STATUS && msg_type != SGSAP_MSGT_RESET_IND && msg_type != SGSAP_MSGT_RESET_ACK) {
+ /* reject the message; all but the three above have mandatory IMSI */
+ TX_STATUS_AND_LOG(sgc, msg_type, SGSAP_SGS_CAUSE_MISSING_MAND_IE,
+ "SGsAP Message %s without IMSI, dropping\n");
+ goto error;
+ }
+
+ if (TLVP_PRESENT(&tp, SGSAP_IE_IMSI)) {
+ gsm48_mi_to_string(imsi, sizeof(imsi), TLVP_VAL(&tp, SGSAP_IE_IMSI), TLVP_LEN(&tp, SGSAP_IE_IMSI));
+ if (strlen(imsi) < GSM23003_IMSI_MIN_DIGITS) {
+ TX_STATUS_AND_LOG(sgc, msg_type, SGSAP_SGS_CAUSE_INVALID_MAND_IE,
+ "SGsAP Message %s with short IMSI, dropping\n");
+ goto error;
+ }
+ }
+
+ /* Some messages contain an MME-NAME as mandatore IE, parse it right here. The
+ * MME-NAME is als immediately registered with the sgc, so it will be implicitly
+ * known to all functions that have access to the sgc context. */
+ if (!TLVP_PRESENT(&tp, SGSAP_IE_MME_NAME)
+ && (msg_type == SGSAP_MSGT_RESET_IND || msg_type == SGSAP_MSGT_RESET_ACK
+ || msg_type == SGSAP_MSGT_LOC_UPD_REQ || msg_type == SGSAP_MSGT_IMSI_DET_IND
+ || msg_type == SGSAP_MSGT_EPS_DET_IND)) {
+ TX_STATUS_AND_LOG(sgc, msg_type, SGSAP_SGS_CAUSE_MISSING_MAND_IE,
+ "SGsAP Message %s without MME-Name, dropping\n");
+ goto error;
+ }
+
+ if (TLVP_PRESENT(&tp, SGSAP_IE_MME_NAME)) {
+ if (decode_mme_name(mme_name, &tp) != 0) {
+ TX_STATUS_AND_LOG(sgc, msg_type, SGSAP_SGS_CAUSE_INVALID_MAND_IE,
+ "SGsAP Message %s with invalid MME-Name, dropping\n");
+ goto error;
+ }
+ /* Regsister/check mme_name with sgc */
+ if (sgs_mme_fqdn_received(sgc, mme_name) < 0) {
+ TX_STATUS_AND_LOG(sgc, msg_type, SGSAP_SGS_CAUSE_MSG_INCOMP_STATE,
+ "SGsAP Message %s with invalid MME-Name, dropping\n");
+ goto error;
+ }
+ }
+
+ /* dispatch msg to various handler functions. msgb ownership remains here! */
+ rc = -EINVAL;
+ switch (msg_type) {
+ case SGSAP_MSGT_STATUS:
+ rc = sgs_rx_status(sgc, msg, &tp, imsi);
+ break;
+ case SGSAP_MSGT_RESET_IND:
+ rc = sgs_rx_reset_ind(sgc, msg, &tp);
+ break;
+ case SGSAP_MSGT_RESET_ACK:
+ rc = sgs_rx_reset_ack(sgc, msg, &tp);
+ break;
+ case SGSAP_MSGT_LOC_UPD_REQ:
+ rc = sgs_rx_loc_upd_req(sgc, msg, &tp, imsi);
+ break;
+ case SGSAP_MSGT_IMSI_DET_IND:
+ rc = sgs_rx_imsi_det_ind(sgc, msg, &tp, imsi);
+ break;
+ case SGSAP_MSGT_EPS_DET_IND:
+ rc = sgs_rx_eps_det_ind(sgc, msg, &tp, imsi);
+ break;
+ case SGSAP_MSGT_PAGING_REJ:
+ rc = sgs_rx_pag_rej(sgc, msg, &tp, imsi);
+ break;
+ case SGSAP_MSGT_UE_UNREACHABLE:
+ rc = sgs_rx_ue_unr(sgc, msg, &tp, imsi);
+ break;
+ case SGSAP_MSGT_TMSI_REALL_CMPL:
+ rc = sgs_rx_tmsi_reall_cmpl(sgc, msg, &tp, imsi);
+ break;
+ case SGSAP_MSGT_SERVICE_REQ:
+ rc = sgs_rx_service_req(sgc, msg, &tp, imsi);
+ break;
+ case SGSAP_MSGT_UL_UD:
+ rc = sgs_rx_ul_ud(sgc, msg, &tp, imsi);
+ break;
+ case SGSAP_MSGT_MO_CSFB_IND:
+ rc = sgs_rx_csfb_ind(sgc, msg, &tp, imsi);
+ break;
+ case SGSAP_MSGT_UE_ACT_IND:
+ rc = sgs_rx_ue_act_ind(sgc, msg, &tp, imsi);
+ break;
+ case SGSAP_MSGT_ALERT_ACK:
+ case SGSAP_MSGT_ALERT_REJ:
+ LOGSGC(sgc, LOGL_ERROR, "Rx unmplemented SGsAP %s: %s\n",
+ sgsap_msg_type_name(msg_type), msgb_hexdump(msg));
+ resp = gsm29118_create_status(imsi, SGSAP_SGS_CAUSE_MSG_UNKNOWN, msg);
+ sgs_tx(sgc, resp);
+ rc = 0;
+ break;
+ default:
+ LOGSGC(sgc, LOGL_ERROR, "Rx unknown SGsAP message type 0x%02x: %s\n", msg_type, msgb_hexdump(msg));
+ resp = gsm29118_create_status(imsi, SGSAP_SGS_CAUSE_MSG_UNKNOWN, msg);
+ sgs_tx(sgc, resp);
+ rc = 0;
+ break;
+ }
+
+ /* Catch unhandled errors */
+ if (rc < 0) {
+ /* Note: Usually the sgs_rx_ should catch errors locally and
+ * eimit a status message with proper cause code, including
+ * a suitable log message. If we end up here, something is
+ * not right and should be fixed */
+ LOGSGC(sgc, LOGL_ERROR, "Rx unable to decode SGsAP %s: %s\n",
+ sgsap_msg_type_name(msg_type), msgb_hexdump(msg));
+ resp = gsm29118_create_status(imsi, SGSAP_SGS_CAUSE_MSG_UNKNOWN, msg);
+ sgs_tx(sgc, resp);
+ }
+
+error:
+ msgb_free(msg);
+ return 0;
+}
+
+/***********************************************************************
+ * SGs connection "VLR Reset Procedure" FSM
+ ***********************************************************************/
+
+static const struct value_string sgs_vlr_reset_fsm_event_names[] = {
+ {SGS_VLRR_E_START_RESET, "START-RESET"},
+ {SGS_VLRR_E_RX_RESET_ACK, "RX-RESET-ACK"},
+ {0, NULL}
+};
+
+static void sgs_vlr_reset_fsm_null(struct osmo_fsm_inst *fi, uint32_t event, void *data)
+{
+ switch (event) {
+ case SGS_VLRR_E_RX_RESET_ACK:
+ break;
+ default:
+ OSMO_ASSERT(0);
+ break;
+ }
+}
+
+static void sgs_vlr_reset_fsm_wait_ack(struct osmo_fsm_inst *fi, uint32_t event, void *data)
+{
+ switch (event) {
+ case SGS_VLRR_E_RX_RESET_ACK:
+ osmo_fsm_inst_state_chg(fi, SGS_VLRR_ST_COMPLETE, 0, 0);
+ break;
+ default:
+ OSMO_ASSERT(0);
+ break;
+ }
+}
+
+static void sgs_vlr_reset_fsm_complete(struct osmo_fsm_inst *fi, uint32_t event, void *data)
+{
+ switch (event) {
+ case SGS_VLRR_E_RX_RESET_ACK:
+ break;
+ default:
+ OSMO_ASSERT(0);
+ break;
+ }
+}
+
+static void sgs_vlr_reset_fsm_allstate(struct osmo_fsm_inst *fi, uint32_t event, void *data)
+{
+ struct msgb *reset_ind;
+ struct gsm29118_reset_msg reset_params;
+ struct sgs_mme_ctx *mme = (struct sgs_mme_ctx *)fi->priv;
+ struct sgs_connection *sgc = mme->conn;
+ struct sgs_state *sgs = mme->sgs;
+
+ switch (event) {
+ case SGS_VLRR_E_START_RESET:
+ osmo_fsm_inst_state_chg(fi, SGS_VLRR_ST_NULL, 0, 0);
+ mme->ns11_remaining = sgs->cfg.counter[SGS_STATE_NS11];
+ /* send a reset message and enter WAIT_ACK state */
+ memset(&reset_params, 0, sizeof(reset_params));
+ osmo_strlcpy(reset_params.vlr_name, sgs->cfg.vlr_name, sizeof(reset_params.vlr_name));
+ reset_params.vlr_name_present = true;
+ reset_ind = gsm29118_create_reset_ind(&reset_params);
+ sgs_tx(sgc, reset_ind);
+ osmo_fsm_inst_state_chg(fi, SGS_VLRR_ST_WAIT_ACK, sgs->cfg.timer[SGS_STATE_TS11], 11);
+ break;
+ default:
+ OSMO_ASSERT(0);
+ break;
+ }
+}
+
+static int sgs_vlr_reset_fsm_timer_cb(struct osmo_fsm_inst *fi)
+{
+ struct msgb *reset_ind;
+ struct gsm29118_reset_msg reset_params;
+ struct sgs_mme_ctx *mme = (struct sgs_mme_ctx *)fi->priv;
+ struct sgs_connection *sgc = mme->conn;
+ struct sgs_state *sgs = mme->sgs;
+
+ switch (fi->T) {
+ case 11:
+ if (mme->ns11_remaining >= 1) {
+ memset(&reset_params, 0, sizeof(reset_params));
+ osmo_strlcpy(reset_params.vlr_name, sgs->cfg.vlr_name, sizeof(reset_params.vlr_name));
+ reset_params.vlr_name_present = true;
+ reset_ind = gsm29118_create_reset_ind(&reset_params);
+ sgs_tx(sgc, reset_ind);
+ osmo_fsm_inst_state_chg(fi, SGS_VLRR_ST_WAIT_ACK, sgs->cfg.timer[SGS_STATE_TS11], 11);
+ mme->ns11_remaining--;
+ } else {
+ LOGMME(mme, LOGL_ERROR, "Ts11 expired more than %u (Ns11) times, giving up\n",
+ sgs->cfg.counter[SGS_STATE_TS11]);
+ osmo_fsm_inst_state_chg(fi, SGS_VLRR_ST_NULL, 0, 0);
+ }
+ break;
+ default:
+ OSMO_ASSERT(0);
+ break;
+ }
+ return 0;
+}
+
+static const struct osmo_fsm_state sgs_vlr_reset_fsm_states[] = {
+ [SGS_VLRR_ST_NULL] = {
+ /* We haven't even tried yet to send a RESET */
+ .name = "NULL",
+ .action = sgs_vlr_reset_fsm_null,
+ .in_event_mask = S(SGS_VLRR_E_RX_RESET_ACK),
+ .out_state_mask = S(SGS_VLRR_ST_NULL) | S(SGS_VLRR_ST_WAIT_ACK),
+ },
+ [SGS_VLRR_ST_WAIT_ACK] = {
+ /* We're waiting for a SGsAP_RESET_ACK */
+ .name = "WAIT-ACK",
+ .action = sgs_vlr_reset_fsm_wait_ack,
+ .in_event_mask = S(SGS_VLRR_E_RX_RESET_ACK),
+ .out_state_mask = S(SGS_VLRR_ST_NULL) |
+ S(SGS_VLRR_ST_COMPLETE) | S(SGS_VLRR_ST_WAIT_ACK),
+ },
+ [SGS_VLRR_ST_COMPLETE] = {
+ /* Reset procedure to this MME has been completed */
+ .name = "COMPLETE",
+ .action = sgs_vlr_reset_fsm_complete,
+ .in_event_mask = S(SGS_VLRR_E_RX_RESET_ACK),
+ .out_state_mask = S(SGS_VLRR_ST_NULL) | S(SGS_VLRR_ST_COMPLETE),
+ },
+};
+
+static struct osmo_fsm sgs_vlr_reset_fsm = {
+ .name = "SGs-VLR-RESET",
+ .states = sgs_vlr_reset_fsm_states,
+ .allstate_event_mask = S(SGS_VLRR_E_START_RESET),
+ .allstate_action = sgs_vlr_reset_fsm_allstate,
+ .timer_cb = sgs_vlr_reset_fsm_timer_cb,
+ .log_subsys = DSGS,
+ .event_names = sgs_vlr_reset_fsm_event_names,
+};
+
+/*! Send unit-data through SGs interface (see msc_ifaces.c)
+ * \param[in] msg layer 3 message to send.
+ * \returns 0 in case of success, -EINVAL in case of error. */
+int sgs_iface_tx_dtap_ud(struct msgb *msg)
+{
+ struct ran_conn *conn;
+ struct vlr_subscr *vsub;
+ struct msgb *msg_sgs;
+ struct sgs_mme_ctx *mme;
+ int rc = -EINVAL;
+
+ /* This function expects a pointer to the related gsm subscriber
+ * connection (conn) in msg->dst. Also conn->vsub must point to
+ * the related subscriber */
+
+ OSMO_ASSERT(msg->dst);
+ conn = msg->dst;
+ OSMO_ASSERT(conn->vsub);
+ vsub = conn->vsub;
+
+ mme = sgs_mme_ctx_by_vsub(vsub, SGSAP_MSGT_DL_UD);
+ if (!mme)
+ goto error;
+
+ /* Make sure the subscriber has a valid SGs association, otherwise
+ * don't let unit-data through. */
+ if (vsub->sgs_fsm->state != SGS_UE_ST_ASSOCIATED) {
+ LOG_RAN_CONN(conn, LOGL_NOTICE, "Tx %s subscriber not SGs-associated, dropping\n",
+ sgsap_msg_type_name(SGSAP_MSGT_DL_UD));
+ goto error;
+ }
+
+ msg_sgs = gsm29118_create_dl_ud(vsub->imsi, msg);
+ sgs_tx(mme->conn, msg_sgs);
+ rc = 0;
+
+error:
+ msgb_free(msg);
+ return rc;
+}
+
+/*! Send a relase message through SGs interface (see msc_ifaces.c)
+ * \param[in] msg layer 3 message to send.
+ * \returns 0 in case of success, -EINVAL in case of error. */
+void sgs_iface_tx_release(struct ran_conn *conn)
+{
+ struct msgb *msg_sgs;
+ struct vlr_subscr *vsub;
+ struct sgs_mme_ctx *mme;
+
+ /*! Use this function to release an SGs connection normally
+ * (cause code is 0). This function also automatically causes
+ * the VLR subscriber usage to be balanced. */
+
+ OSMO_ASSERT(conn->vsub);
+ vsub = conn->vsub;
+
+ mme = sgs_mme_ctx_by_vsub(vsub, SGSAP_MSGT_DL_UD);
+ if (!mme)
+ return;
+
+ msg_sgs = gsm29118_create_release_req(vsub->imsi, 0);
+ sgs_tx(mme->conn, msg_sgs);
+}
+
+/*! initalize SGs new interface
+ * \param[in] ctx talloc context
+ * \param[in] network associated gsm network
+ * \returns returns allocated sgs_stae, NULL in case of error. */
+struct sgs_state *sgs_iface_init(void *ctx, struct gsm_network *network)
+{
+ struct sgs_state *sgs;
+
+ gsm_network = network;
+
+ sgs = sgs_server_alloc(ctx);
+ OSMO_ASSERT(sgs);
+
+ /* We currently only support one SGs instance */
+ if (g_sgs)
+ return NULL;
+ g_sgs = sgs;
+
+ osmo_fsm_register(&sgs_vlr_reset_fsm);
+ sgs_server_open(sgs);
+
+ return sgs;
+}
diff --git a/src/libmsc/sgs_server.c b/src/libmsc/sgs_server.c
new file mode 100644
index 0000000..56f1548
--- /dev/null
+++ b/src/libmsc/sgs_server.c
@@ -0,0 +1,187 @@
+/* (C) 2018-2019 by sysmocom s.f.m.c. GmbH
+ * All Rights Reserved
+ *
+ * Author: Harald Welte, Philipp Maier
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#include <osmocom/msc/sgs_iface.h>
+#include <osmocom/msc/debug.h>
+#include <osmocom/msc/sgs_server.h>
+#include <osmocom/core/utils.h>
+#include <osmocom/core/socket.h>
+#include <osmocom/core/select.h>
+#include <osmocom/netif/stream.h>
+#include <netinet/sctp.h>
+
+#define LOGSGC(sgc, lvl, fmt, args...) \
+ LOGP(DSGS, lvl, "%s: " fmt, (sgc)->sockname, ## args)
+
+/* call-back when data arrives on SGs */
+static int sgs_conn_readable_cb(struct osmo_stream_srv *conn)
+{
+ struct osmo_fd *ofd = osmo_stream_srv_get_ofd(conn);
+ struct sgs_connection *sgc = osmo_stream_srv_get_data(conn);
+ struct msgb *msg = gsm29118_msgb_alloc();
+ struct sctp_sndrcvinfo sinfo;
+ int flags = 0;
+ int rc;
+
+ /* we cannot use osmo_stream_srv_recv() here, as we might get some out-of-band info from
+ * SCTP. FIXME: add something like osmo_stream_srv_recv_sctp() to libosmo-netif and use
+ * it here as well as in libosmo-sigtran */
+ rc = sctp_recvmsg(ofd->fd, msgb_data(msg), msgb_tailroom(msg), NULL, NULL, &sinfo, &flags);
+ if (rc < 0) {
+ osmo_stream_srv_destroy(conn);
+ rc = -EBADF;
+ goto out;
+ } else if (rc == 0) {
+ osmo_stream_srv_destroy(conn);
+ rc = -EBADF;
+ goto out;
+ } else {
+ msgb_put(msg, rc);
+ }
+
+ if (flags & MSG_NOTIFICATION) {
+ union sctp_notification *notif = (union sctp_notification *)msgb_data(msg);
+
+ switch (notif->sn_header.sn_type) {
+ case SCTP_SHUTDOWN_EVENT:
+ osmo_stream_srv_destroy(conn);
+ rc = -EBADF;
+ break;
+ case SCTP_ASSOC_CHANGE:
+ /* FIXME: do we have to notify the SGs code about this? */
+ break;
+ default:
+ break;
+ }
+ rc = 0;
+ goto out;
+ }
+
+ /* set l2 header, as that's what we use in SGs code */
+ msg->l2h = msgb_data(msg);
+
+ if (msgb_sctp_ppid(msg) != 0) {
+ LOGSGC(sgc, LOGL_NOTICE, "Ignoring SCTP PPID %ld (spec violation)\n", msgb_sctp_ppid(msg));
+ msgb_free(msg);
+ return 0;
+ }
+
+ /* handle message */
+ sgs_iface_rx(sgc, msg);
+
+ return 0;
+out:
+ msgb_free(msg);
+ return rc;
+}
+
+/* call-back when new connection is closed ed on SGs */
+static int sgs_conn_closed_cb(struct osmo_stream_srv *conn)
+{
+ struct sgs_connection *sgc = osmo_stream_srv_get_data(conn);
+
+ LOGSGC(sgc, LOGL_NOTICE, "Connection lost\n");
+ if (sgc->mme) {
+ /* unlink ourselves from the MME context */
+ if (sgc->mme->conn == sgc)
+ sgc->mme->conn = NULL;
+ }
+ llist_del(&sgc->entry);
+ return 0;
+}
+
+/* call-back when new connection is accept() ed on SGs */
+static int sgs_accept_cb(struct osmo_stream_srv_link *link, int fd)
+{
+ struct sgs_state *sgs = osmo_stream_srv_link_get_data(link);
+ struct sgs_connection *sgc = talloc_zero(link, struct sgs_connection);
+ OSMO_ASSERT(sgc);
+ sgc->sgs = sgs;
+ osmo_sock_get_name_buf(sgc->sockname, sizeof(sgc->sockname), fd);
+ sgc->srv = osmo_stream_srv_create(sgc, link, fd, sgs_conn_readable_cb, sgs_conn_closed_cb, sgc);
+ if (!sgc->srv) {
+ talloc_free(sgc);
+ return -1;
+ }
+ LOGSGC(sgc, LOGL_INFO, "Accepted new SGs connection\n");
+ llist_add_tail(&sgc->entry, &sgs->conn_list);
+
+ return 0;
+}
+
+static struct sgs_state *sgs_state_alloc(void *ctx)
+{
+ struct sgs_state *sgs = talloc_zero(ctx, struct sgs_state);
+
+ INIT_LLIST_HEAD(&sgs->mme_list);
+ INIT_LLIST_HEAD(&sgs->conn_list);
+
+ memcpy(sgs->cfg.timer, sgs_state_timer_defaults, sizeof(sgs->cfg.timer));
+ memcpy(sgs->cfg.counter, sgs_state_counter_defaults, sizeof(sgs->cfg.counter));
+ sgs->cfg.local_port = SGS_PORT_DEFAULT;
+ osmo_strlcpy(sgs->cfg.local_addr, DEFAULT_SGS_SERVER_IP, sizeof(sgs->cfg.local_addr));
+ osmo_strlcpy(sgs->cfg.vlr_name, DEFAULT_SGS_SERVER_VLR_NAME, sizeof(sgs->cfg.vlr_name));
+
+ return sgs;
+}
+
+/*! allocate SGs new sgs state
+ * \param[in] ctx talloc context
+ * \returns returns allocated sgs state, NULL in case of error. */
+struct sgs_state *sgs_server_alloc(void *ctx)
+{
+ struct sgs_state *sgs;
+ struct osmo_stream_srv_link *link;
+
+ sgs = sgs_state_alloc(ctx);
+ if (!sgs)
+ return NULL;
+
+ sgs->srv_link = link = osmo_stream_srv_link_create(ctx);
+ if (!sgs->srv_link)
+ return NULL;
+
+ osmo_stream_srv_link_set_nodelay(link, true);
+ osmo_stream_srv_link_set_addr(link, sgs->cfg.local_addr);
+ osmo_stream_srv_link_set_port(link, sgs->cfg.local_port);
+ osmo_stream_srv_link_set_proto(link, IPPROTO_SCTP);
+ osmo_stream_srv_link_set_data(link, sgs);
+ osmo_stream_srv_link_set_accept_cb(link, sgs_accept_cb);
+
+ return sgs;
+}
+
+/*! (re)open SGs interface (SCTP)
+ * \param[in] sgs associated sgs state
+ * \returns 0 in case of success, -EINVAL in case of error. */
+int sgs_server_open(struct sgs_state *sgs)
+{
+ int rc;
+ struct osmo_fd *ofd = osmo_stream_srv_link_get_ofd(sgs->srv_link);
+
+ rc = osmo_stream_srv_link_open(sgs->srv_link);
+ if (rc < 0) {
+ LOGP(DSGS, LOGL_ERROR, "SGs socket cannot be opened: %s\n", strerror(errno));
+ return -EINVAL;
+ }
+
+ LOGP(DSGS, LOGL_NOTICE, "SGs socket bound to %s\n", osmo_sock_get_name2(ofd->fd));
+ return 0;
+}
diff --git a/src/libmsc/sgs_vty.c b/src/libmsc/sgs_vty.c
new file mode 100644
index 0000000..5b26178
--- /dev/null
+++ b/src/libmsc/sgs_vty.c
@@ -0,0 +1,197 @@
+/* (C) 2018-2019 by sysmocom s.f.m.c. GmbH
+ * All Rights Reserved
+ *
+ * Author: Harald Welte, Philipp Maier
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#include <string.h>
+#include <errno.h>
+#include <osmocom/core/utils.h>
+#include <osmocom/core/msgb.h>
+#include <osmocom/msc/vty.h>
+#include <osmocom/netif/stream.h>
+#include <osmocom/msc/sgs_iface.h>
+#include <osmocom/msc/sgs_server.h>
+#include <osmocom/msc/debug.h>
+#include <osmocom/gsm/tlv.h>
+
+struct cmd_node cfg_sgs_node = {
+ CFG_SGS_NODE,
+ "%s(config-sgs)# ",
+ 1
+};
+
+DEFUN(cfg_sgs, cfg_sgs_cmd,
+ "sgs",
+ "Configure the SGs interface\n")
+{
+ vty->index = g_sgs;
+ vty->node = CFG_SGS_NODE;
+
+ return CMD_SUCCESS;
+}
+
+DEFUN(cfg_sgs_local_ip, cfg_sgs_local_ip_cmd,
+ "local-ip A.B.C.D",
+ "Set the Local IP Address of the SGs interface\n"
+ "Local IP Address of the SGs interface\n")
+{
+ struct sgs_state *sgs = vty->index;
+ int rc;
+
+ osmo_strlcpy(sgs->cfg.local_addr, argv[0], sizeof(sgs->cfg.local_addr));
+ osmo_stream_srv_link_set_addr(sgs->srv_link, sgs->cfg.local_addr);
+
+ rc = sgs_server_open(sgs);
+ if (rc < 0) {
+ vty_out(vty, "%% SGs socket cannot be opened: %s%s", strerror(errno), VTY_NEWLINE);
+ return CMD_WARNING;
+ }
+
+ return CMD_SUCCESS;
+}
+
+DEFUN(cfg_sgs_local_port, cfg_sgs_local_port_cmd,
+ "local-port <0-65535>",
+ "Set the local SCTP port of the SGs interface\n"
+ "Local SCTP port of the SGs interface\n")
+{
+ struct sgs_state *sgs = vty->index;
+ int rc;
+
+ sgs->cfg.local_port = atoi(argv[0]);
+ osmo_stream_srv_link_set_port(sgs->srv_link, sgs->cfg.local_port);
+
+ rc = sgs_server_open(sgs);
+ if (rc < 0) {
+ vty_out(vty, "%% SGs socket cannot be opened: %s%s", strerror(errno), VTY_NEWLINE);
+ return CMD_WARNING;
+ }
+
+ return CMD_SUCCESS;
+}
+
+DEFUN(cfg_sgs_vlr_name, cfg_sgs_vlr_name_cmd,
+ "vlr-name FQDN",
+ "Set the SGs VLR Name as per TS 29.118 9.4.22\n"
+ "Fully-Qualified Domain Name of this VLR\n")
+{
+ struct sgs_state *sgs = vty->index;
+ osmo_strlcpy(sgs->cfg.vlr_name, argv[0], sizeof(sgs->cfg.vlr_name));
+
+ return CMD_SUCCESS;
+}
+
+DEFUN(cfg_sgs_timer, cfg_sgs_timer_cmd,
+ "timer (ts5|ts6-2|ts7|ts11|ts14|ts15) <1-120>",
+ "Configure SGs Timer\n"
+ "Paging procedure guard timer\n"
+ "TMSI reallocation guard timer\n"
+ "Non-EPS alert procedure guard timer\n"
+ "VLR reset guard timer\n"
+ "UE fallback prcoedure timer\n"
+ "MO UE fallback procedure guard timer\n"
+ "Time in seconds\n")
+{
+ struct sgs_state *sgs = vty->index;
+ unsigned int i;
+
+ for (i = 0; i < ARRAY_SIZE(sgs->cfg.timer); i++) {
+ if (!strcasecmp(argv[0], vlr_sgs_state_timer_name(i))) {
+ sgs->cfg.timer[i] = atoi(argv[1]);
+ return CMD_SUCCESS;
+ }
+ }
+
+ return CMD_WARNING;
+}
+
+DEFUN(cfg_sgs_counter, cfg_sgs_counter_cmd,
+ "counter (ns7|ns11) <0-255>",
+ "Configure SGs Counter\n"
+ "Non-EPS alert request retry counter\n"
+ "VLR reset retry counter\n" "Counter value\n")
+{
+ struct sgs_state *sgs = vty->index;
+ unsigned int i = 0;
+
+ for (i = 0; i < ARRAY_SIZE(sgs->cfg.counter); i++) {
+ if (!strcasecmp(argv[0], vlr_sgs_state_counter_name(i))) {
+ sgs->cfg.counter[i] = atoi(argv[1]);
+ return CMD_SUCCESS;
+ }
+ }
+
+ return CMD_WARNING;
+}
+
+DEFUN(show_sgs_conn, show_sgs_conn_cmd,
+ "show sgs-connections", SHOW_STR
+ "Show SGs interface connections / MMEs\n")
+{
+ struct sgs_connection *sgc;
+
+ llist_for_each_entry(sgc, &g_sgs->conn_list, entry) {
+ vty_out(vty, " %s %s%s", sgc->sockname, sgc->mme ? sgc->mme->fqdn : "", VTY_NEWLINE);
+ }
+ return CMD_SUCCESS;
+}
+
+static int config_write_sgs(struct vty *vty)
+{
+ struct sgs_state *sgs = g_sgs;
+ unsigned int i;
+ char str_buf[256];
+
+ vty_out(vty, "sgs%s", VTY_NEWLINE);
+ if (sgs->cfg.local_port != SGS_PORT_DEFAULT)
+ vty_out(vty, " local-port %u%s", sgs->cfg.local_port, VTY_NEWLINE);
+ if (sgs->cfg.local_addr)
+ vty_out(vty, " local-ip %s%s", sgs->cfg.local_addr, VTY_NEWLINE);
+ if (sgs->cfg.vlr_name)
+ vty_out(vty, " vlr-name %s%s", sgs->cfg.vlr_name, VTY_NEWLINE);
+
+ for (i = 0; i < ARRAY_SIZE(sgs->cfg.timer); i++) {
+ if (sgs->cfg.timer[i] == sgs_state_timer_defaults[i])
+ continue;
+ osmo_str_tolower_buf(str_buf, sizeof(str_buf), vlr_sgs_state_timer_name(i));
+ vty_out(vty, " timer %s %u%s", str_buf, sgs->cfg.timer[i], VTY_NEWLINE);
+ }
+
+ for (i = 0; i < ARRAY_SIZE(sgs->cfg.counter); i++) {
+ if (sgs->cfg.counter[i] == sgs_state_counter_defaults[i])
+ continue;
+ osmo_str_tolower_buf(str_buf, sizeof(str_buf), vlr_sgs_state_counter_name(i));
+ vty_out(vty, " counter %s %u%s", str_buf, sgs->cfg.counter[i], VTY_NEWLINE);
+ }
+
+ return CMD_SUCCESS;
+}
+
+void sgs_vty_init(void)
+{
+ /* configuration commands / nodes */
+ install_element(CONFIG_NODE, &cfg_sgs_cmd);
+ install_node(&cfg_sgs_node, config_write_sgs);
+ install_element(CFG_SGS_NODE, &cfg_sgs_local_ip_cmd);
+ install_element(CFG_SGS_NODE, &cfg_sgs_local_port_cmd);
+ install_element(CFG_SGS_NODE, &cfg_sgs_timer_cmd);
+ install_element(CFG_SGS_NODE, &cfg_sgs_counter_cmd);
+ install_element(CFG_SGS_NODE, &cfg_sgs_vlr_name_cmd);
+
+ install_element_ve(&show_sgs_conn_cmd);
+}
diff --git a/src/libmsc/silent_call.c b/src/libmsc/silent_call.c
index b4fc154..2a9fa9c 100644
--- a/src/libmsc/silent_call.c
+++ b/src/libmsc/silent_call.c
@@ -128,7 +128,8 @@
* This doesn't apply to the situation after MSCSPLIT with an
* A-interface. */
req = subscr_request_conn(vsub, paging_cb_silent, data,
- "establish silent call");
+ "establish silent call",
+ SGSAP_SERV_IND_CS_CALL);
if (!req)
return -ENODEV;
return 0;
diff --git a/src/libvlr/Makefile.am b/src/libvlr/Makefile.am
index dcae1c7..14cd302 100644
--- a/src/libvlr/Makefile.am
+++ b/src/libvlr/Makefile.am
@@ -8,6 +8,7 @@
$(LIBOSMOGSUPCLIENT_CFLAGS) \
$(LIBOSMOABIS_CFLAGS) \
$(LIBOSMORANAP_CFLAGS) \
+ $(LIBOSMOGSM_CFLAGS) \
$(COVERAGE_CFLAGS) \
$(NULL)
@@ -16,6 +17,7 @@
vlr_auth_fsm.h \
vlr_core.h \
vlr_lu_fsm.h \
+ vlr_sgs_fsm.h \
$(NULL)
noinst_LIBRARIES = libvlr.a
@@ -25,4 +27,6 @@
vlr_access_req_fsm.c \
vlr_auth_fsm.c \
vlr_lu_fsm.c \
+ vlr_sgs.c \
+ vlr_sgs_fsm.c \
$(NULL)
diff --git a/src/libvlr/vlr.c b/src/libvlr/vlr.c
index 451c521..c5b3c80 100644
--- a/src/libvlr/vlr.c
+++ b/src/libvlr/vlr.c
@@ -30,6 +30,7 @@
#include <osmocom/gsm/ipa.h>
#include <osmocom/msc/gsm_subscriber.h>
#include <osmocom/gsupclient/gsup_client.h>
+#include <osmocom/msc/vlr_sgs.h>
#include <osmocom/msc/vlr.h>
#include <osmocom/msc/debug.h>
@@ -42,6 +43,7 @@
#include "vlr_auth_fsm.h"
#include "vlr_lu_fsm.h"
#include "vlr_access_req_fsm.h"
+#include "vlr_sgs_fsm.h"
#define SGSN_SUBSCR_MAX_RETRIES 3
#define SGSN_SUBSCR_RETRY_INTERVAL 10
@@ -262,6 +264,11 @@
INIT_LLIST_HEAD(&vsub->cs.requests);
INIT_LLIST_HEAD(&vsub->ps.pdp_list);
+ /* Create an SGs FSM, which is needed to control CSFB,
+ * in cases where CSFB/SGs is not in use, this FSM will
+ * just do nothing. (see also: sgs_iface.c) */
+ vlr_sgs_fsm_create(vsub);
+
llist_add_tail(&vsub->list, &vlr->subscribers);
return vsub;
}
@@ -307,6 +314,13 @@
{
llist_del(&vsub->list);
DEBUGP(DREF, "freeing VLR subscr %s\n", vlr_subscr_name(vsub));
+
+ /* Make sure SGs timer Ts5 is removed */
+ osmo_timer_del(&vsub->sgs.Ts5);
+
+ /* Remove SGs FSM (see also: sgs_iface.c) */
+ vlr_sgs_fsm_remove(vsub);
+
talloc_free(vsub);
}
@@ -854,7 +868,13 @@
static int vlr_subscr_handle_lu_res(struct vlr_subscr *vsub,
const struct osmo_gsup_message *gsup)
{
- if (!vsub->lu_fsm) {
+ struct sgs_lu_response sgs_lu_response;
+ bool sgs_lu_in_progress = false;
+
+ if (vsub->sgs_fsm->state == SGS_UE_ST_LA_UPD_PRES)
+ sgs_lu_in_progress = true;
+
+ if (!vsub->lu_fsm && !sgs_lu_in_progress) {
LOGVSUBP(LOGL_ERROR, vsub, "Rx GSUP LU Result "
"without LU in progress\n");
return -ENODEV;
@@ -865,7 +885,12 @@
* nested INSERT SUBSCRIBER DATA transaction */
vlr_subscr_gsup_insert_data(vsub, gsup);
- osmo_fsm_inst_dispatch(vsub->lu_fsm, VLR_ULA_E_HLR_LU_RES, NULL);
+ if (sgs_lu_in_progress) {
+ sgs_lu_response.accepted = true;
+ sgs_lu_response.vsub = vsub;
+ vsub->sgs.response_cb(&sgs_lu_response);
+ } else
+ osmo_fsm_inst_dispatch(vsub->lu_fsm, VLR_ULA_E_HLR_LU_RES, NULL);
return 0;
}
@@ -874,7 +899,13 @@
static int vlr_subscr_handle_lu_err(struct vlr_subscr *vsub,
const struct osmo_gsup_message *gsup)
{
- if (!vsub->lu_fsm) {
+ struct sgs_lu_response sgs_lu_response;
+ bool sgs_lu_in_progress = false;
+
+ if (vsub->sgs_fsm->state == SGS_UE_ST_LA_UPD_PRES)
+ sgs_lu_in_progress = true;
+
+ if (!vsub->lu_fsm && !sgs_lu_in_progress) {
LOGVSUBP(LOGL_ERROR, vsub, "Rx GSUP LU Error "
"without LU in progress\n");
return -ENODEV;
@@ -883,9 +914,13 @@
LOGVSUBP(LOGL_DEBUG, vsub, "UpdateLocation failed; gmm_cause: %s\n",
get_value_string(gsm48_gmm_cause_names, gsup->cause));
- osmo_fsm_inst_dispatch(vsub->lu_fsm, VLR_ULA_E_HLR_LU_RES,
- (void *)&gsup->cause);
-
+ if (sgs_lu_in_progress) {
+ sgs_lu_response.accepted = false;
+ sgs_lu_response.vsub = vsub;
+ vsub->sgs.response_cb(&sgs_lu_response);
+ } else
+ osmo_fsm_inst_dispatch(vsub->lu_fsm, VLR_ULA_E_HLR_LU_RES,
+ (void *)&gsup->cause);
return 0;
}
@@ -1225,6 +1260,9 @@
vsub->imsi_detached_flag = true;
vsub->expire_lu = VLR_SUBSCRIBER_NO_EXPIRATION;
+ /* Inform the UE-SGs FSM that the subscriber has been detached */
+ osmo_fsm_inst_dispatch(vsub->sgs_fsm, SGS_UE_E_RX_DETACH_IND_FROM_UE, NULL);
+
vlr_subscr_expire(vsub);
return 0;
@@ -1273,6 +1311,8 @@
vlr_lu_fsm_init();
/* vlr_access_request_fsm.c */
vlr_parq_fsm_init();
+ /* vlr_sgs_fsm.c */
+ vlr_sgs_fsm_init();
return vlr;
}
diff --git a/src/libvlr/vlr_lu_fsm.c b/src/libvlr/vlr_lu_fsm.c
index a97e97a..8152d20 100644
--- a/src/libvlr/vlr_lu_fsm.c
+++ b/src/libvlr/vlr_lu_fsm.c
@@ -27,6 +27,7 @@
#include "vlr_core.h"
#include "vlr_auth_fsm.h"
#include "vlr_lu_fsm.h"
+#include "vlr_sgs_fsm.h"
#define S(x) (1 << (x))
@@ -362,6 +363,7 @@
vlr_subscr_get(vsub);
}
_vlr_lu_compl_fsm_done(fi, VLR_FSM_RESULT_SUCCESS, 0);
+ vlr_sgs_fsm_update_id(vsub);
}
static void vlr_lu_compl_fsm_failure(struct osmo_fsm_inst *fi, uint8_t cause)
@@ -1055,6 +1057,11 @@
OSMO_ASSERT(lfp->vsub);
+ /* At this point we know for which subscriber the location update is,
+ * we now must inform SGs-UE FSM that we received a location update
+ * via A, IU or Gs interface. */
+ osmo_fsm_inst_dispatch(lfp->vsub->sgs_fsm, SGS_UE_E_RX_LU_FROM_A_IU_GS, NULL);
+
/* See 3GPP TS 23.012, procedure Retrieve_IMEISV_If_Required */
if ((!vlr->cfg.retrieve_imeisv_early)
|| (lfp->type == VLR_LU_TYPE_PERIODIC && lfp->vsub->imeisv[0])) {
diff --git a/src/libvlr/vlr_sgs.c b/src/libvlr/vlr_sgs.c
new file mode 100644
index 0000000..8614892
--- /dev/null
+++ b/src/libvlr/vlr_sgs.c
@@ -0,0 +1,331 @@
+/* (C) 2018-2019 by sysmocom s.f.m.c. GmbH
+ * All Rights Reserved
+ *
+ * Author: Harald Welte, Philipp Maier
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#include <osmocom/core/utils.h>
+#include <osmocom/core/fsm.h>
+#include <osmocom/msc/debug.h>
+#include <osmocom/msc/vlr.h>
+#include <osmocom/msc/vlr_sgs.h>
+#include "vlr_sgs_fsm.h"
+
+const struct value_string sgs_state_timer_names[] = {
+ {SGS_STATE_TS5, "Ts5"},
+ {SGS_STATE_TS6_2, "Ts6-2"},
+ {SGS_STATE_TS7, "Ts7"},
+ {SGS_STATE_TS11, "Ts11"},
+ {SGS_STATE_TS14, "Ts14"},
+ {SGS_STATE_TS15, "Ts15"},
+ {0, NULL}
+};
+
+const struct value_string sgs_state_counter_names[] = {
+ {SGS_STATE_NS7, "Ns7"},
+ {SGS_STATE_NS11, "Ns11"},
+ {0, NULL}
+};
+
+/* Reset all SGs-Associations back to zero.
+ * \param[in] vlr VLR instace. */
+void vlr_sgs_reset(struct vlr_instance *vlr)
+{
+ struct vlr_subscr *vsub;
+
+ OSMO_ASSERT(vlr);
+
+ LOGP(DVLR, LOGL_INFO, "dropping all SGs associations.\n");
+
+ llist_for_each_entry(vsub, &vlr->subscribers, list) {
+ osmo_fsm_inst_dispatch(vsub->sgs_fsm, SGS_UE_E_RX_RESET_FROM_MME, NULL);
+ }
+}
+
+/*! Perform an SGs location update.
+ * \param[in] vlr VLR instace.
+ * \param[in] cfg SGs interface configuration parameters.
+ * \param[in] response_cb calback function that is called when LU is done.
+ * \param[in] paging_cb calback function that is called when LU needs to page.
+ * \param[in] mminfo_cb calback function that is called to provide MM info to the UE.
+ * \param[in] mme_name fqdn of the requesting MME (mme-name).
+ * \param[in] type location update type (normal or IMSI attach).
+ * \param[in] imsi mobile identity (IMSI).
+ * \param[in] new_lai identifier of the new location area.
+ * \returns 0 in case of success, -EINVAL in case of error. */
+int vlr_sgs_loc_update(struct vlr_instance *vlr, struct vlr_sgs_cfg *cfg,
+ vlr_sgs_lu_response_cb_t response_cb, vlr_sgs_lu_paging_cb_t paging_cb,
+ vlr_sgs_lu_mminfo_cb_t mminfo_cb, char *mme_name, enum vlr_lu_type type, const char *imsi,
+ struct osmo_location_area_id *new_lai)
+{
+ struct vlr_subscr *vsub = NULL;
+
+ OSMO_ASSERT(response_cb);
+ OSMO_ASSERT(paging_cb);
+ OSMO_ASSERT(mminfo_cb);
+ OSMO_ASSERT(cfg);
+ OSMO_ASSERT(imsi);
+
+ vsub = vlr_subscr_find_or_create_by_imsi(vlr, imsi, NULL);
+ if (!vsub) {
+ LOGP(DSGS, LOGL_ERROR, "VLR subscriber allocation failed\n");
+ return -EINVAL;
+ }
+
+ vsub->sgs.cfg = *cfg;
+ vsub->sgs.response_cb = response_cb;
+ vsub->sgs.paging_cb = paging_cb;
+ vsub->sgs.mminfo_cb = mminfo_cb;
+ vlr_subscr_set_imsi(vsub, imsi);
+ osmo_strlcpy(vsub->sgs.mme_name, mme_name, sizeof(vsub->sgs.mme_name));
+
+ osmo_fsm_inst_dispatch(vsub->sgs_fsm, SGS_UE_E_RX_LU_FROM_MME, NULL);
+
+ /* FIXME: Use the "type" type parameter (for what is it useful?) */
+
+ vsub->sgs.lai = *new_lai;
+ vsub->cgi.lai = *new_lai;
+ vsub->cs.lac = vsub->sgs.lai.lac;
+
+ return 0;
+}
+
+/*! Notify that the SGs Location Update accept message has been sent to MME.
+ * \param[in] vsub VLR subscriber. */
+void vlr_sgs_loc_update_acc_sent(struct vlr_subscr *vsub)
+{
+ osmo_fsm_inst_dispatch(vsub->sgs_fsm, SGS_UE_E_TX_LU_ACCEPT, NULL);
+
+ /* FIXME: At this point we need to check the status of Ts5 and if
+ * it is still running this means the LU has interrupted the paging,
+ * and we need to start paging again. 3GPP TS 29.118,
+ * chapter 5.2.3.2 */
+}
+
+/*! Notify that the SGs Location Update reject message has been sent to MME.
+ * \param[in] vsub VLR subscriber. */
+void vlr_sgs_loc_update_rej_sent(struct vlr_subscr *vsub)
+{
+ osmo_fsm_inst_dispatch(vsub->sgs_fsm, SGS_UE_E_TX_LU_REJECT, NULL);
+}
+
+/*! Perform an SGs IMSI detach.
+ * \param[in] vsub VLR subscriber.
+ * \param[in] imsi mobile identity (IMSI).
+ * \param[in] type datach type. */
+void vlr_sgs_imsi_detach(struct vlr_instance *vlr, const char *imsi, enum sgsap_imsi_det_noneps_type type)
+{
+ struct vlr_subscr *vsub;
+ enum sgs_ue_fsm_event evt;
+ vsub = vlr_subscr_find_by_imsi(vlr, imsi);
+ if (!vsub)
+ return;
+
+ switch (type) {
+ case SGSAP_ID_NONEPS_T_EXPLICIT_UE_NONEPS:
+ evt = SGS_UE_E_RX_DETACH_IND_FROM_UE;
+ break;
+ case SGSAP_ID_NONEPS_T_COMBINED_UE_EPS_NONEPS:
+ case SGSAP_ID_NONEPS_T_IMPLICIT_UE_EPS_NONEPS:
+ /* FIXME: Is that right? */
+ evt = SGS_UE_E_RX_DETACH_IND_FROM_MME;
+ break;
+ default:
+ LOGP(DSGS, LOGL_ERROR, "(sub %s) invalid SGS IMSI detach type, detaching anyway...\n",
+ vlr_subscr_msisdn_or_name(vsub));
+ evt = SGS_UE_E_RX_DETACH_IND_FROM_MME;
+ break;
+ }
+
+ osmo_fsm_inst_dispatch(vsub->sgs_fsm, evt, NULL);
+ vlr_subscr_put(vsub);
+}
+
+/*! Perform an SGs EPS detach.
+ * \param[in] vsub VLR subscriber.
+ * \param[in] imsi mobile identity (IMSI).
+ * \param[in] type datach type. */
+void vlr_sgs_eps_detach(struct vlr_instance *vlr, const char *imsi, enum sgsap_imsi_det_eps_type type)
+{
+ struct vlr_subscr *vsub;
+ enum sgs_ue_fsm_event evt;
+ vsub = vlr_subscr_find_by_imsi(vlr, imsi);
+ if (!vsub)
+ return;
+
+ switch (type) {
+ case SGSAP_ID_EPS_T_NETWORK_INITIATED:
+ evt = SGS_UE_E_RX_DETACH_IND_FROM_MME;
+ break;
+ case SGSAP_ID_EPS_T_UE_INITIATED:
+ evt = SGS_UE_E_RX_DETACH_IND_FROM_UE;
+ break;
+ case SGSAP_ID_EPS_T_EPS_NOT_ALLOWED:
+ evt = SGS_UE_E_RX_DETACH_IND_FROM_MME;
+ break;
+ default:
+ LOGP(DSGS, LOGL_ERROR, "(sub %s) invalid SGS IMSI detach type, detaching anyway...\n",
+ vlr_subscr_msisdn_or_name(vsub));
+ evt = SGS_UE_E_RX_DETACH_IND_FROM_MME;
+ break;
+ }
+
+ osmo_fsm_inst_dispatch(vsub->sgs_fsm, evt, NULL);
+ vlr_subscr_put(vsub);
+}
+
+/*! Perform an SGs TMSI reallocation complete.
+ * \param[in] vsub VLR subscriber.
+ * \param[in] imsi mobile identity (IMSI). */
+void vlr_sgs_tmsi_reall_compl(struct vlr_instance *vlr, const char *imsi)
+{
+ struct vlr_subscr *vsub;
+ vsub = vlr_subscr_find_by_imsi(vlr, imsi);
+ if (!vsub)
+ return;
+
+ osmo_fsm_inst_dispatch(vsub->sgs_fsm, SGS_UE_E_RX_TMSI_REALLOC, NULL);
+ vlr_subscr_put(vsub);
+}
+
+/*! Notify that an SGs paging has been rejected by the MME.
+ * \param[in] vsub VLR subscriber.
+ * \param[in] imsi mobile identity (IMSI).
+ * \param[in] cause SGs cause code. */
+void vlr_sgs_pag_rej(struct vlr_instance *vlr, const char *imsi, enum sgsap_sgs_cause cause)
+{
+ struct vlr_subscr *vsub;
+ vsub = vlr_subscr_find_by_imsi(vlr, imsi);
+ if (!vsub)
+ return;
+
+ /* On the reception of a paging rej the VLR is supposed to stop Ts5,
+ also 3GPP TS 29.118, chapter 5.1.2.4 */
+ osmo_timer_del(&vsub->sgs.Ts5);
+ LOGP(DSGS, LOGL_DEBUG, "(sub %s) Paging via SGs interface rejected by MME, %s stopped, cause: %s!\n",
+ vlr_subscr_msisdn_or_name(vsub), vlr_sgs_state_timer_name(SGS_STATE_TS5), sgsap_sgs_cause_name(cause));
+
+ osmo_fsm_inst_dispatch(vsub->sgs_fsm, SGS_UE_E_RX_PAGING_FAILURE, &cause);
+ vlr_subscr_put(vsub);
+
+ /* Balance ref count increment from vlr_sgs_pag() */
+ vlr_subscr_put(vsub);
+}
+
+/*! Notify that an SGs paging has been accepted by the MME.
+ * \param[in] vsub VLR subscriber.
+ * \param[in] imsi mobile identity (IMSI). */
+void vlr_sgs_pag_ack(struct vlr_instance *vlr, const char *imsi)
+{
+ struct vlr_subscr *vsub;
+ vsub = vlr_subscr_find_by_imsi(vlr, imsi);
+ if (!vsub)
+ return;
+
+ /* Stop Ts5 and and consider the paging as successful */
+ osmo_timer_del(&vsub->sgs.Ts5);
+ vlr_subscr_put(vsub);
+
+ /* Balance ref count increment from vlr_sgs_pag() */
+ vlr_subscr_put(vsub);
+}
+
+/*! Notify that the UE has been marked as unreachable by the MME.
+ * \param[in] vsub VLR subscriber.
+ * \param[in] imsi mobile identity (IMSI).
+ * \param[in] cause SGs cause code. */
+void vlr_sgs_ue_unr(struct vlr_instance *vlr, const char *imsi, enum sgsap_sgs_cause cause)
+{
+ struct vlr_subscr *vsub;
+ vsub = vlr_subscr_find_by_imsi(vlr, imsi);
+ if (!vsub)
+ return;
+
+ /* On the reception of an UE unreachable the VLR is supposed to stop
+ * Ts5, also 3GPP TS 29.118, chapter 5.1.2.5 */
+ osmo_timer_del(&vsub->sgs.Ts5);
+ LOGP(DSGS, LOGL_DEBUG,
+ "(sub %s) Paging via SGs interface not possible, UE unreachable, %s stopped, cause: %s\n",
+ vlr_subscr_msisdn_or_name(vsub), vlr_sgs_state_timer_name(SGS_STATE_TS5), sgsap_sgs_cause_name(cause));
+
+ osmo_fsm_inst_dispatch(vsub->sgs_fsm, SGS_UE_E_RX_SGSAP_UE_UNREACHABLE, &cause);
+ vlr_subscr_put(vsub);
+}
+
+/* Callback function that is called when an SGs paging request times out */
+static void Ts5_timeout_cb(void *arg)
+{
+ struct vlr_subscr *vsub = arg;
+
+ /* 3GPP TS 29.118 does not specify a specif action that has to happen
+ * in case Ts5 times out. The timeout just indicates that the paging
+ * failed. Other actions may check the status of Ts5 to see if a paging
+ * is still ongoing or not. */
+
+ LOGP(DSGS, LOGL_ERROR, "(sub %s) Paging via SGs interface timed out (%s expired)!\n",
+ vlr_subscr_msisdn_or_name(vsub), vlr_sgs_state_timer_name(SGS_STATE_TS5));
+
+ /* Balance ref count increment from vlr_sgs_pag() */
+ vlr_subscr_put(vsub);
+
+ return;
+}
+
+/*! Notify that a paging message has been sent and a paging is now in progress.
+ * \param[in] vsub VLR subscriber. */
+void vlr_sgs_pag(struct vlr_subscr *vsub, enum sgsap_service_ind serv_ind)
+{
+
+ /* In cases where we have to respawn a paging after an intermitted LU,
+ * there may e a Ts5 still running. In those cases we have to remove
+ * the old timer first */
+ if (osmo_timer_pending(&vsub->sgs.Ts5))
+ osmo_timer_del(&vsub->sgs.Ts5);
+
+ /* Note: 3GPP TS 29.118, chapter 4.2.2 mentions paging in the FSM
+ * diagram, but paging never causes a state transition except when
+ * an explicit failure is indicated (MME actively rejects paging).
+ * Apparantly it is also possible that an LU happens while the paging
+ * is still ongoing and Ts5 is running. (chapter 5.1.2.3). This means
+ * that the paging procedure is intended to run in parallel to the
+ * SGs FSM and given that the benaviour around Ts5 must be implemented
+ * also separately, to emphasize this separation Ts5 is implemented
+ * here in and not in vlr_sgs_fsm.c. */
+ osmo_timer_setup(&vsub->sgs.Ts5, Ts5_timeout_cb, vsub);
+ osmo_timer_schedule(&vsub->sgs.Ts5, vsub->sgs.cfg.timer[SGS_STATE_TS5], 0);
+
+ /* Formally 3GPP TS 29.118 defines the sending of a paging request
+ * as an event, but as far as the VLR is concerned only Ts5 is
+ * started. */
+ osmo_fsm_inst_dispatch(vsub->sgs_fsm, SGS_UE_E_TX_PAGING, NULL);
+
+ /* Memorize service type in for the case that the paging must be
+ * respawned after an LU */
+ vsub->sgs.paging_serv_ind = serv_ind;
+
+ /* Ensure that the reference count is increased by one while the
+ * paging is happening. We will balance this again in vlr_sgs_pag_rej()
+ * and vlr_sgs_pag_ack(); */
+ vlr_subscr_get(vsub);
+}
+
+/*! Check if the SGs interface is currently paging
+ * \param[in] vsub VLR subscriber. */
+bool vlr_sgs_pag_pend(struct vlr_subscr *vsub)
+{
+ return osmo_timer_pending(&vsub->sgs.Ts5);
+}
diff --git a/src/libvlr/vlr_sgs_fsm.c b/src/libvlr/vlr_sgs_fsm.c
new file mode 100644
index 0000000..ee1d748
--- /dev/null
+++ b/src/libvlr/vlr_sgs_fsm.c
@@ -0,0 +1,386 @@
+/* (C) 2018-2019 by sysmocom s.f.m.c. GmbH
+ * All Rights Reserved
+ *
+ * Author: Harald Welte, Philipp Maier
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#include <osmocom/core/utils.h>
+#include <osmocom/core/fsm.h>
+#include <osmocom/gsm/gsm48.h>
+#include <osmocom/msc/debug.h>
+#include <osmocom/msc/vlr.h>
+#include <osmocom/msc/vlr_sgs.h>
+
+#include "vlr_sgs_fsm.h"
+#include "vlr_core.h"
+
+#define S(x) (1 << (x))
+
+static const struct value_string sgs_ue_fsm_event_names[] = {
+ {SGS_UE_E_VLR_FAILURE, "VLR_FAILURE"},
+ {SGS_UE_E_RX_RESET_FROM_MME, "RX_RESET_FROM_MME"},
+ {SGS_UE_E_RX_DETACH_IND_FROM_MME, "RX_DETACH_IND_FROM_MME"},
+ {SGS_UE_E_RX_DETACH_IND_FROM_UE, "RX_DETACH_IND_FROM_UE"}, /* vlr.c */
+ {SGS_UE_E_RX_LU_FROM_A_IU_GS, "RX_LU_FROM_A_Iu_Gs"}, /* vlr_lu_fsm.c */
+ {SGS_UE_E_RX_PAGING_FAILURE, "RX_PAGING_FAILURE"},
+ {SGS_UE_E_RX_ALERT_FAILURE, "RX_ALERT_FAILURE"},
+ {SGS_UE_E_RX_LU_FROM_MME, "RX_LU_FROM_MME"},
+ {SGS_UE_E_TX_LU_REJECT, "TX_LU_REJECT"},
+ {SGS_UE_E_TX_LU_ACCEPT, "TX_LU_ACCEPT"},
+ {SGS_UE_E_TX_PAGING, "TX_PAGING"},
+ {SGS_UE_E_RX_SGSAP_UE_UNREACHABLE, "RX_SGSAP_UE_UNREACH"},
+ {SGS_UE_E_RX_TMSI_REALLOC, "RX_TMSI_REALLOC"},
+ {0, NULL}
+};
+
+/* Initiate location update and change to SGS_UE_ST_LA_UPD_PRES state */
+static void perform_lu(struct osmo_fsm_inst *fi)
+{
+ struct vlr_subscr *vsub = fi->priv;
+ int rc;
+ osmo_fsm_inst_state_chg(fi, SGS_UE_ST_LA_UPD_PRES, 0, 0);
+ vsub->ms_not_reachable_flag = false;
+
+ /* Note: At the moment we allocate a new TMSI on each LU. */
+ rc = vlr_subscr_alloc_tmsi(vsub);
+ if (rc != 0)
+ LOGPFSML(fi, LOGL_ERROR, "(sub %s) VLR LU tmsi allocation failed\n", vlr_subscr_name(vsub));
+
+ rc = vlr_subscr_req_lu(vsub);
+ if (rc != 0)
+ LOGPFSML(fi, LOGL_ERROR, "(sub %s) HLR LU request failed\n", vlr_subscr_name(vsub));
+}
+
+/* Send the SGs Association to NULL state immediately */
+static void to_null(struct osmo_fsm_inst *fi)
+{
+ struct vlr_subscr *vsub = fi->priv;
+ osmo_fsm_inst_state_chg(fi, SGS_UE_ST_NULL, 0, 0);
+
+ /* Note: This is only relevent for cases where we are in the middle
+ * of an TMSI reallocation procedure. Should a failure of some sort
+ * put us to NULL state, we have to free the pending TMSI */
+ vsub->tmsi_new = GSM_RESERVED_TMSI;
+
+ /* Make sure any ongoing paging is aborted. */
+ vsub->cs.is_paging = false;
+
+ /* Ensure that Ts5 (pending paging via SGs) is deleted */
+ if (vlr_sgs_pag_pend(vsub))
+ osmo_timer_del(&vsub->sgs.Ts5);
+}
+
+/* Respawn a pending paging (Timer is reset and a new paging request is sent) */
+static void respawn_paging(struct vlr_subscr *vsub)
+{
+ if (vlr_sgs_pag_pend(vsub)) {
+
+ /* Delete the old paging timer first. */
+ osmo_timer_del(&vsub->sgs.Ts5);
+
+ /* Issue a fresh paging request */
+ vsub->sgs.paging_cb(vsub, vsub->sgs.paging_serv_ind);
+ }
+}
+
+/* Figure 4.2.2.1 SGs-NULL */
+static void sgs_ue_fsm_null(struct osmo_fsm_inst *fi, uint32_t event, void *data)
+{
+ switch (event) {
+ case SGS_UE_E_RX_LU_FROM_MME:
+ perform_lu(fi);
+ break;
+ case SGS_UE_E_TX_PAGING:
+ /* do nothing */
+ break;
+ case SGS_UE_E_RX_PAGING_FAILURE:
+ /* do nothing */
+ break;
+ default:
+ OSMO_ASSERT(0);
+ }
+}
+
+/* Figure 4.2.2.1 SGs-LA-UPDATE-PRESENT */
+static void sgs_ue_fsm_lau_present(struct osmo_fsm_inst *fi, uint32_t event, void *data)
+{
+ struct vlr_subscr *vsub = fi->priv;
+ enum sgsap_sgs_cause *cause = NULL;
+
+ switch (event) {
+ case SGS_UE_E_TX_LU_ACCEPT:
+ vsub->conf_by_radio_contact_ind = true;
+ vsub->sub_dataconf_by_hlr_ind = true;
+ vsub->loc_conf_in_hlr_ind = true;
+ vsub->la_allowed = true;
+ vsub->imsi_detached_flag = false;
+ vsub->lu_complete = true;
+ vlr_sgs_fsm_update_id(vsub);
+ vsub->cs.attached_via_ran = OSMO_RAT_EUTRAN_SGS;
+
+ /* Check if we expect a TMSI REALLOCATION COMPLETE message from the MME
+ * by checking the tmsi_new flag. If this flag is not GSM_RESERVED_TMSI
+ * we know that we have a TMSI pending and need to wait for the MME
+ * to acknowlege first */
+ if (vsub->tmsi_new != GSM_RESERVED_TMSI) {
+ osmo_fsm_inst_state_chg(fi, SGS_UE_ST_ASSOCIATED, vsub->sgs.cfg.timer[SGS_STATE_TS6_2],
+ SGS_STATE_TS6_2);
+ } else {
+ /* Trigger sending of an MM information request */
+ vsub->sgs.mminfo_cb(vsub);
+
+ /* In cases where the LU has interrupted the paging, respawn the paging now,
+ * See also: 3GPP TS 29.118, chapter 5.2.3.2 Location update response */
+ if (vlr_sgs_pag_pend(vsub))
+ respawn_paging(vsub);
+
+ osmo_fsm_inst_state_chg(fi, SGS_UE_ST_ASSOCIATED, 0, 0);
+ }
+
+ break;
+ case SGS_UE_E_RX_PAGING_FAILURE:
+ cause = data;
+ if (*cause == SGSAP_SGS_CAUSE_MT_CSFB_REJ_USER)
+ break;
+ to_null(fi);
+ break;
+ case SGS_UE_E_TX_LU_REJECT:
+ case SGS_UE_E_RX_ALERT_FAILURE:
+ to_null(fi);
+ break;
+ case SGS_UE_E_TX_PAGING:
+ /* do nothing */
+ break;
+ default:
+ OSMO_ASSERT(0);
+ break;
+ }
+}
+
+/* Figure 4.2.2.1 SGs-ASSOCIATED */
+static void sgs_ue_fsm_associated(struct osmo_fsm_inst *fi, uint32_t event, void *data)
+{
+ struct vlr_subscr *vsub = fi->priv;
+ enum sgsap_sgs_cause *cause = NULL;
+
+ switch (event) {
+ case SGS_UE_E_TX_PAGING:
+ /* do nothing */
+ break;
+ case SGS_UE_E_RX_TMSI_REALLOC:
+ if (vsub->tmsi_new == GSM_RESERVED_TMSI) {
+ LOGPFSML(fi, LOGL_ERROR,
+ "(sub %s) TMSI reallocation completed at the MME, but no TMSI reallocation ordered.\n",
+ vlr_subscr_msisdn_or_name(vsub));
+ }
+
+ vsub->tmsi = vsub->tmsi_new;
+ vsub->tmsi_new = GSM_RESERVED_TMSI;
+
+ /* Trigger sending of MM information */
+ vsub->sgs.mminfo_cb(vsub);
+
+ /* In cases where the LU has interrupted the paging, respawn the paging now,
+ * See also: 3GPP TS 29.118, chapter 5.2.3.2 Location update response */
+ if (vlr_sgs_pag_pend(vsub))
+ respawn_paging(vsub);
+
+ /* Note: We are already in SGS_UE_ST_ASSOCIATED but the
+ * transition that lead us here had is guarded with Ts6-1,
+ * wo we change the state now once more without timeout
+ * to ensure the timer is stopped */
+ osmo_fsm_inst_state_chg(fi, SGS_UE_ST_ASSOCIATED, 0, 0);
+ break;
+ case SGS_UE_E_RX_SGSAP_UE_UNREACHABLE:
+ /* do nothing */
+ break;
+ case SGS_UE_E_RX_PAGING_FAILURE:
+ cause = data;
+ if (*cause == SGSAP_SGS_CAUSE_MT_CSFB_REJ_USER)
+ break;
+ to_null(fi);
+ case SGS_UE_E_RX_ALERT_FAILURE:
+ to_null(fi);
+ break;
+ case SGS_UE_E_RX_LU_FROM_MME:
+ perform_lu(fi);
+ break;
+ default:
+ OSMO_ASSERT(0);
+ break;
+ }
+}
+
+/* Figure 4.2.2.1 From any of the three states (at the VLR) */
+static void sgs_ue_fsm_allstate(struct osmo_fsm_inst *fi, uint32_t event, void *data)
+{
+ struct vlr_subscr *vsub = fi->priv;
+
+ switch (event) {
+ case SGS_UE_E_RX_DETACH_IND_FROM_MME:
+ case SGS_UE_E_RX_DETACH_IND_FROM_UE:
+ vsub->imsi_detached_flag = true;
+ vsub->expire_lu = VLR_SUBSCRIBER_NO_EXPIRATION;
+ /* See 5.4.3 and 5.5.3 */
+ to_null(fi);
+ break;
+ case SGS_UE_E_RX_RESET_FROM_MME:
+ /* See also 3GPP TS 29.118, chapter 5.7.2.1 VLR Reset Initiation */
+ vsub->conf_by_radio_contact_ind = false;
+ to_null(fi);
+ break;
+ case SGS_UE_E_VLR_FAILURE:
+ case SGS_UE_E_RX_LU_FROM_A_IU_GS:
+ to_null(fi);
+ break;
+ default:
+ OSMO_ASSERT(0);
+ break;
+ }
+}
+
+static int sgs_ue_fsm_timer_cb(struct osmo_fsm_inst *fi)
+{
+ struct vlr_subscr *vsub = fi->priv;
+ switch (fi->T) {
+
+ case SGS_STATE_TS6_2:
+ /* Failed TMSI reallocation procedure, deallocate all TMSI
+ * information, but don't change the SGs association state. */
+ vsub->tmsi_new = GSM_RESERVED_TMSI;
+ vsub->tmsi = GSM_RESERVED_TMSI;
+ break;
+ default:
+ /* Unhandled timer */
+ OSMO_ASSERT(false);
+ break;
+ }
+ return 0;
+}
+
+static const struct osmo_fsm_state sgs_ue_fsm_states[] = {
+ [SGS_UE_ST_NULL] = {
+ .name = "SGs-NULL",
+ .action = sgs_ue_fsm_null,
+ .in_event_mask = 0
+ | S(SGS_UE_E_RX_LU_FROM_MME)
+ | S(SGS_UE_E_TX_PAGING)
+ | S(SGS_UE_E_RX_PAGING_FAILURE)
+ ,
+ .out_state_mask = 0
+ | S(SGS_UE_ST_NULL)
+ | S(SGS_UE_ST_LA_UPD_PRES)
+ ,
+ },
+ [SGS_UE_ST_LA_UPD_PRES] = {
+ .name = "SGs-LA-UPDATE-PRESENT",
+ .action = sgs_ue_fsm_lau_present,
+ .in_event_mask = 0
+ | S(SGS_UE_E_TX_LU_ACCEPT)
+ | S(SGS_UE_E_TX_LU_REJECT)
+ | S(SGS_UE_E_TX_PAGING)
+ | S(SGS_UE_E_RX_PAGING_FAILURE)
+ | S(SGS_UE_E_RX_ALERT_FAILURE)
+ ,
+ .out_state_mask = 0
+ | S(SGS_UE_ST_NULL)
+ | S(SGS_UE_ST_ASSOCIATED)
+ | S(SGS_UE_ST_LA_UPD_PRES)
+ ,
+ },
+ [SGS_UE_ST_ASSOCIATED] = {
+ .name = "SGs-ASSOCIATED",
+ .action = sgs_ue_fsm_associated,
+ .in_event_mask = 0
+ | S(SGS_UE_E_TX_PAGING)
+ | S(SGS_UE_E_RX_TMSI_REALLOC)
+ | S(SGS_UE_E_RX_SGSAP_UE_UNREACHABLE)
+ | S(SGS_UE_E_RX_PAGING_FAILURE)
+ | S(SGS_UE_E_RX_ALERT_FAILURE)
+ | S(SGS_UE_E_RX_LU_FROM_MME)
+ ,
+ .out_state_mask = 0
+ | S(SGS_UE_ST_NULL)
+ | S(SGS_UE_ST_ASSOCIATED)
+ | S(SGS_UE_ST_LA_UPD_PRES)
+ ,
+ },
+};
+
+static struct osmo_fsm sgs_ue_fsm = {
+ .name = "SGs-UE",
+ .states = sgs_ue_fsm_states,
+ .num_states = ARRAY_SIZE(sgs_ue_fsm_states),
+ .allstate_event_mask = S(SGS_UE_E_RX_RESET_FROM_MME) |
+ S(SGS_UE_E_VLR_FAILURE) | S(SGS_UE_E_RX_DETACH_IND_FROM_MME) | S(SGS_UE_E_RX_DETACH_IND_FROM_UE) |
+ S(SGS_UE_E_RX_LU_FROM_A_IU_GS),
+ .allstate_action = sgs_ue_fsm_allstate,
+ .timer_cb = sgs_ue_fsm_timer_cb,
+ .log_subsys = DSGS,
+ .event_names = sgs_ue_fsm_event_names,
+};
+
+/*! Initalize/Register SGs FSM in osmo-fsm subsystem */
+void vlr_sgs_fsm_init(void)
+{
+ if (osmo_fsm_find_by_name(sgs_ue_fsm.name) != &sgs_ue_fsm)
+ osmo_fsm_register(&sgs_ue_fsm);
+}
+
+/*! Crate SGs FSM in struct vlr_subscr.
+ * \param[in] vsub VLR subscriber for which the SGs FSM should be created. */
+void vlr_sgs_fsm_create(struct vlr_subscr *vsub)
+{
+ char interim_fsm_id[256];
+ static unsigned int fsm_id_num = 0;
+
+ /* An SGSs FSM must not be created twice! */
+ OSMO_ASSERT(!vsub->sgs_fsm);
+
+ snprintf(interim_fsm_id, sizeof(interim_fsm_id), "num:%u", fsm_id_num);
+
+ vsub->sgs_fsm = osmo_fsm_inst_alloc(&sgs_ue_fsm, vsub, vsub, LOGL_INFO, interim_fsm_id);
+ OSMO_ASSERT(vsub->sgs_fsm);
+
+ osmo_fsm_inst_state_chg(vsub->sgs_fsm, SGS_UE_ST_NULL, 0, 0);
+
+ fsm_id_num++;
+}
+
+/*! Remove SGs FSM from struct vlr_subscr.
+ * \param[in] vsub VLR subscriber from which the SGs FSM should be removed. */
+void vlr_sgs_fsm_remove(struct vlr_subscr *vsub)
+{
+ /* An SGSs FSM must exist! */
+ OSMO_ASSERT(vsub->sgs_fsm);
+
+ osmo_fsm_inst_state_chg(vsub->sgs_fsm, SGS_UE_ST_NULL, 0, 0);
+ osmo_fsm_inst_term(vsub->sgs_fsm, OSMO_FSM_TERM_REGULAR, NULL);
+ vsub->sgs_fsm = NULL;
+}
+
+/*! Update the ID of the SGs FSM with the subscriber IMSI
+ * \param[in] vsub VLR subscriber to update. */
+void vlr_sgs_fsm_update_id(struct vlr_subscr *vsub)
+{
+ char fsm_id[256];
+
+ if (strlen(vsub->imsi) > 0) {
+ snprintf(fsm_id, sizeof(fsm_id), "imsi:%s", vsub->imsi);
+ osmo_fsm_inst_update_id(vsub->sgs_fsm, fsm_id);
+ }
+}
diff --git a/src/libvlr/vlr_sgs_fsm.h b/src/libvlr/vlr_sgs_fsm.h
new file mode 100644
index 0000000..94f202b
--- /dev/null
+++ b/src/libvlr/vlr_sgs_fsm.h
@@ -0,0 +1,42 @@
+/* (C) 2018-2019 by sysmocom s.f.m.c. GmbH
+ * All Rights Reserved
+ *
+ * Author: Harald Welte, Philipp Maier
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#pragma once
+
+enum sgs_ue_fsm_event {
+ SGS_UE_E_VLR_FAILURE,
+ SGS_UE_E_RX_RESET_FROM_MME,
+ SGS_UE_E_RX_DETACH_IND_FROM_MME,
+ SGS_UE_E_RX_DETACH_IND_FROM_UE,
+ SGS_UE_E_RX_LU_FROM_A_IU_GS,
+ SGS_UE_E_RX_PAGING_FAILURE,
+ SGS_UE_E_RX_ALERT_FAILURE,
+ SGS_UE_E_RX_LU_FROM_MME,
+ SGS_UE_E_TX_LU_REJECT,
+ SGS_UE_E_TX_LU_ACCEPT,
+ SGS_UE_E_TX_PAGING,
+ SGS_UE_E_RX_SGSAP_UE_UNREACHABLE,
+ SGS_UE_E_RX_TMSI_REALLOC,
+};
+
+void vlr_sgs_fsm_init(void);
+void vlr_sgs_fsm_create(struct vlr_subscr *vsub);
+void vlr_sgs_fsm_remove(struct vlr_subscr *vsub);
+void vlr_sgs_fsm_update_id(struct vlr_subscr *vsub);
diff --git a/src/osmo-msc/Makefile.am b/src/osmo-msc/Makefile.am
index bcc4ada..abe9ad3 100644
--- a/src/osmo-msc/Makefile.am
+++ b/src/osmo-msc/Makefile.am
@@ -12,6 +12,7 @@
$(LIBOSMOVTY_CFLAGS) \
$(LIBOSMOCTRL_CFLAGS) \
$(LIBOSMOABIS_CFLAGS) \
+ $(LIBOSMONETIF_CFLAGS) \
$(LIBSMPP34_CFLAGS) \
$(LIBOSMORANAP_CFLAGS) \
$(LIBASN1C_CFLAGS) \
@@ -40,11 +41,13 @@
$(LIBOSMOCORE_LIBS) \
$(LIBOSMOCTRL_LIBS) \
$(LIBOSMOABIS_LIBS) \
+ $(LIBOSMONETIF_LIBS) \
$(LIBSMPP34_LIBS) \
$(LIBOSMOSIGTRAN_LIBS) \
$(LIBOSMOMGCPCLIENT_LIBS) \
$(LIBOSMOGSUPCLIENT_LIBS) \
-ldbi \
+ -lsctp \
$(NULL)
if BUILD_IU
osmo_msc_LDADD += \
diff --git a/src/osmo-msc/msc_main.c b/src/osmo-msc/msc_main.c
index 6eecf46..f29b2a8 100644
--- a/src/osmo-msc/msc_main.c
+++ b/src/osmo-msc/msc_main.c
@@ -61,6 +61,7 @@
#include <osmocom/msc/smpp.h>
#include <osmocom/sigtran/osmo_ss7.h>
#include <osmocom/mgcp_client/mgcp_client.h>
+#include <osmocom/msc/sgs_iface.h>
#ifdef BUILD_IU
#include <osmocom/ranap/iu_client.h>
@@ -491,6 +492,12 @@
.description = "BSSAP Protocol (A Interface)",
.enabled = 1, .loglevel = LOGL_NOTICE,
},
+ [DSGS] = {
+ .name = "DSGS",
+ .description = "SGs Interface (SGsAP)",
+ .enabled = 1, .loglevel = LOGL_NOTICE,
+ },
+
};
@@ -566,6 +573,7 @@
if (smpp_openbsc_alloc_init(tall_msc_ctx) < 0)
return -1;
#endif
+ sgs_iface_init(tall_msc_ctx, msc_network);
rc = vty_read_config_file(msc_cmdline_config.config_file, NULL);
if (rc < 0) {
diff --git a/tests/msc_vlr/Makefile.am b/tests/msc_vlr/Makefile.am
index 8a5e719..dea63e5 100644
--- a/tests/msc_vlr/Makefile.am
+++ b/tests/msc_vlr/Makefile.am
@@ -57,6 +57,7 @@
noinst_HEADERS = \
msc_vlr_tests.h \
+ stubs.h \
$(NULL)
EXTRA_DIST = \
diff --git a/tests/msc_vlr/msc_vlr_test_authen_reuse.c b/tests/msc_vlr/msc_vlr_test_authen_reuse.c
index bdbdae3..0972584 100644
--- a/tests/msc_vlr/msc_vlr_test_authen_reuse.c
+++ b/tests/msc_vlr/msc_vlr_test_authen_reuse.c
@@ -24,6 +24,7 @@
/* NOTE that further auth re-use tests exist in msc_vlr_test_hlr_reject.c */
#include "msc_vlr_tests.h"
+#include "stubs.h"
static void _test_auth_reuse(enum osmo_rat_type via_ran,
int set_max_reuse_count,
diff --git a/tests/msc_vlr/msc_vlr_test_call.c b/tests/msc_vlr/msc_vlr_test_call.c
index b5f6b6c..29639b5 100644
--- a/tests/msc_vlr/msc_vlr_test_call.c
+++ b/tests/msc_vlr/msc_vlr_test_call.c
@@ -22,6 +22,7 @@
*/
#include "msc_vlr_tests.h"
+#include "stubs.h"
#include <osmocom/msc/gsm_04_08.h>
diff --git a/tests/msc_vlr/msc_vlr_test_gsm_authen.c b/tests/msc_vlr/msc_vlr_test_gsm_authen.c
index f6f1ab6..8dca655 100644
--- a/tests/msc_vlr/msc_vlr_test_gsm_authen.c
+++ b/tests/msc_vlr/msc_vlr_test_gsm_authen.c
@@ -22,6 +22,7 @@
*/
#include "msc_vlr_tests.h"
+#include "stubs.h"
static void test_gsm_authen()
{
diff --git a/tests/msc_vlr/msc_vlr_test_gsm_ciph.c b/tests/msc_vlr/msc_vlr_test_gsm_ciph.c
index 31b5f5d..19092e2 100644
--- a/tests/msc_vlr/msc_vlr_test_gsm_ciph.c
+++ b/tests/msc_vlr/msc_vlr_test_gsm_ciph.c
@@ -22,6 +22,7 @@
*/
#include "msc_vlr_tests.h"
+#include "stubs.h"
static void test_ciph()
{
diff --git a/tests/msc_vlr/msc_vlr_test_hlr_reject.c b/tests/msc_vlr/msc_vlr_test_hlr_reject.c
index 13bed42..c613ff9 100644
--- a/tests/msc_vlr/msc_vlr_test_hlr_reject.c
+++ b/tests/msc_vlr/msc_vlr_test_hlr_reject.c
@@ -22,6 +22,7 @@
*/
#include "msc_vlr_tests.h"
+#include "stubs.h"
static void test_hlr_rej_auth_info_unknown_imsi()
{
diff --git a/tests/msc_vlr/msc_vlr_test_hlr_timeout.c b/tests/msc_vlr/msc_vlr_test_hlr_timeout.c
index b23a7a7..bb7ef19 100644
--- a/tests/msc_vlr/msc_vlr_test_hlr_timeout.c
+++ b/tests/msc_vlr/msc_vlr_test_hlr_timeout.c
@@ -22,6 +22,7 @@
*/
#include "msc_vlr_tests.h"
+#include "stubs.h"
#include <osmocom/core/logging.h>
diff --git a/tests/msc_vlr/msc_vlr_test_ms_timeout.c b/tests/msc_vlr/msc_vlr_test_ms_timeout.c
index 3702a0c..9eae850 100644
--- a/tests/msc_vlr/msc_vlr_test_ms_timeout.c
+++ b/tests/msc_vlr/msc_vlr_test_ms_timeout.c
@@ -22,6 +22,7 @@
*/
#include "msc_vlr_tests.h"
+#include "stubs.h"
static void test_ms_timeout_lu_auth_resp()
{
diff --git a/tests/msc_vlr/msc_vlr_test_no_authen.c b/tests/msc_vlr/msc_vlr_test_no_authen.c
index d52d3d6..df23011 100644
--- a/tests/msc_vlr/msc_vlr_test_no_authen.c
+++ b/tests/msc_vlr/msc_vlr_test_no_authen.c
@@ -22,6 +22,7 @@
*/
#include "msc_vlr_tests.h"
+#include "stubs.h"
static void test_no_authen()
{
diff --git a/tests/msc_vlr/msc_vlr_test_reject_concurrency.c b/tests/msc_vlr/msc_vlr_test_reject_concurrency.c
index 66d2e39..ec7117b 100644
--- a/tests/msc_vlr/msc_vlr_test_reject_concurrency.c
+++ b/tests/msc_vlr/msc_vlr_test_reject_concurrency.c
@@ -22,6 +22,7 @@
*/
#include "msc_vlr_tests.h"
+#include "stubs.h"
static void test_reject_2nd_conn()
{
diff --git a/tests/msc_vlr/msc_vlr_test_rest.c b/tests/msc_vlr/msc_vlr_test_rest.c
index 4587383..7c17a83 100644
--- a/tests/msc_vlr/msc_vlr_test_rest.c
+++ b/tests/msc_vlr/msc_vlr_test_rest.c
@@ -22,6 +22,7 @@
*/
#include "msc_vlr_tests.h"
+#include "stubs.h"
static void test_early_stage()
{
diff --git a/tests/msc_vlr/msc_vlr_test_ss.c b/tests/msc_vlr/msc_vlr_test_ss.c
index 0390196..b264d07 100644
--- a/tests/msc_vlr/msc_vlr_test_ss.c
+++ b/tests/msc_vlr/msc_vlr_test_ss.c
@@ -21,6 +21,7 @@
*/
#include "msc_vlr_tests.h"
+#include "stubs.h"
#define IMSI "901700000004620"
diff --git a/tests/msc_vlr/msc_vlr_test_umts_authen.c b/tests/msc_vlr/msc_vlr_test_umts_authen.c
index beeea22..8528b98 100644
--- a/tests/msc_vlr/msc_vlr_test_umts_authen.c
+++ b/tests/msc_vlr/msc_vlr_test_umts_authen.c
@@ -22,6 +22,7 @@
*/
#include "msc_vlr_tests.h"
+#include "stubs.h"
static void _test_umts_authen(enum osmo_rat_type via_ran)
{
diff --git a/tests/msc_vlr/stubs.h b/tests/msc_vlr/stubs.h
new file mode 100644
index 0000000..bf55baa
--- /dev/null
+++ b/tests/msc_vlr/stubs.h
@@ -0,0 +1,40 @@
+/* (C) 2018-2019 by sysmocom s.f.m.c. GmbH
+ * All Rights Reserved
+ *
+ * Author: Harald Welte, Philipp Maier
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+void osmo_stream_srv_link_set_data(struct osmo_stream_srv_link *link, void *data) {}
+struct osmo_fd *osmo_stream_srv_get_ofd(struct osmo_stream_srv *srv) { return NULL; }
+void osmo_stream_srv_destroy(struct osmo_stream_srv *conn) {}
+struct osmo_stream_srv *osmo_stream_srv_create(void *ctx, struct osmo_stream_srv_link *link,
+ int fd, int (*cb)(struct osmo_stream_srv *conn),
+ int (*closed_cb)(struct osmo_stream_srv *conn),
+ void *data) { return NULL; }
+void osmo_stream_srv_send(struct osmo_stream_srv *conn, struct msgb *msg) {}
+void osmo_stream_srv_link_set_proto(struct osmo_stream_srv_link *link, uint16_t proto) {}
+struct osmo_fd *osmo_stream_srv_link_get_ofd(struct osmo_stream_srv_link *link) { return NULL; }
+struct osmo_stream_srv_link *osmo_stream_srv_link_create(void *ctx) { return NULL; }
+void *osmo_stream_srv_get_data(struct osmo_stream_srv *conn) { return NULL; }
+void osmo_stream_srv_link_set_nodelay(struct osmo_stream_srv_link *link, bool nodelay) {}
+void osmo_stream_srv_link_set_accept_cb(struct osmo_stream_srv_link *link, int (*accept_cb)
+ (struct osmo_stream_srv_link *link, int fd)) {}
+int osmo_stream_srv_link_open(struct osmo_stream_srv_link *link) { return 0; }
+void *osmo_stream_srv_link_get_data(struct osmo_stream_srv_link *link) { return NULL; }
+void osmo_stream_srv_link_set_port(struct osmo_stream_srv_link *link, uint16_t port) {}
+void osmo_stream_srv_link_set_addr(struct osmo_stream_srv_link *link, const char *addr) {}
+int sctp_recvmsg(int sd, void *msg, size_t len, void *from, void *fromlen, void *info, int *msg_flags) { return 0; }
diff --git a/tests/sms_queue/sms_queue_test.c b/tests/sms_queue/sms_queue_test.c
index 68819b9..e426377 100644
--- a/tests/sms_queue/sms_queue_test.c
+++ b/tests/sms_queue/sms_queue_test.c
@@ -237,3 +237,24 @@
return 0;
}
+
+void osmo_stream_srv_link_set_data(struct osmo_stream_srv_link *link, void *data) {}
+struct osmo_fd *osmo_stream_srv_get_ofd(struct osmo_stream_srv *srv) { return NULL; }
+void osmo_stream_srv_destroy(struct osmo_stream_srv *conn) {}
+struct osmo_stream_srv *osmo_stream_srv_create(void *ctx, struct osmo_stream_srv_link *link,
+ int fd, int (*cb)(struct osmo_stream_srv *conn),
+ int (*closed_cb)(struct osmo_stream_srv *conn),
+ void *data) { return NULL; }
+void osmo_stream_srv_send(struct osmo_stream_srv *conn, struct msgb *msg) {}
+void osmo_stream_srv_link_set_proto(struct osmo_stream_srv_link *link, uint16_t proto) {}
+struct osmo_fd *osmo_stream_srv_link_get_ofd(struct osmo_stream_srv_link *link) { return NULL; }
+struct osmo_stream_srv_link *osmo_stream_srv_link_create(void *ctx) { return NULL; }
+void *osmo_stream_srv_get_data(struct osmo_stream_srv *conn) { return NULL; }
+void osmo_stream_srv_link_set_nodelay(struct osmo_stream_srv_link *link, bool nodelay) {}
+void osmo_stream_srv_link_set_accept_cb(struct osmo_stream_srv_link *link, int (*accept_cb)
+ (struct osmo_stream_srv_link *link, int fd)) {}
+int osmo_stream_srv_link_open(struct osmo_stream_srv_link *link) { return 0; }
+void *osmo_stream_srv_link_get_data(struct osmo_stream_srv_link *link) { return NULL; }
+void osmo_stream_srv_link_set_port(struct osmo_stream_srv_link *link, uint16_t port) {}
+void osmo_stream_srv_link_set_addr(struct osmo_stream_srv_link *link, const char *addr) {}
+int sctp_recvmsg(int sd, void *msg, size_t len, void *from, void *fromlen, void *info, int *msg_flags) { return 0; }
diff --git a/tests/test_nodes.vty b/tests/test_nodes.vty
index c62c692..f2312d1 100644
--- a/tests/test_nodes.vty
+++ b/tests/test_nodes.vty
@@ -4,6 +4,7 @@
...
network
msc
+ sgs
mncc-int
hlr
...
@@ -92,6 +93,18 @@
OsmoMSC# configure terminal
OsmoMSC(config)# network
OsmoMSC(config-net)# end
+
+OsmoMSC# configure terminal
+OsmoMSC(config)# sgs
+OsmoMSC(config-sgs)# list
+...
+ local-ip A.B.C.D
+ local-port <0-65535>
+ timer (ts5|ts6-2|ts7|ts11|ts14|ts15) <1-120>
+ counter (ns7|ns11) <0-255>
+ vlr-name FQDN
+OsmoMSC(config-sgs)# end
+
OsmoMSC# disable
OsmoMSC> enable
@@ -125,4 +138,7 @@
hlr
remote-ip 127.0.0.1
remote-port 4222
+sgs
+ local-ip 0.0.0.0
+ vlr-name vlr.example.net
end
--
To view, visit https://gerrit.osmocom.org/11642
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings
Gerrit-Project: osmo-msc
Gerrit-Branch: master
Gerrit-MessageType: merged
Gerrit-Change-Id: I73359925fc1ca72b33a1466e6ac41307f2f0b11d
Gerrit-Change-Number: 11642
Gerrit-PatchSet: 36
Gerrit-Owner: dexter <pmaier at sysmocom.de>
Gerrit-Assignee: Neels Hofmeyr <nhofmeyr at sysmocom.de>
Gerrit-Reviewer: Harald Welte <laforge at gnumonks.org>
Gerrit-Reviewer: Jenkins Builder (1000002)
Gerrit-Reviewer: Neels Hofmeyr <nhofmeyr at sysmocom.de>
Gerrit-Reviewer: Vadim Yanitskiy <axilirator at gmail.com>
Gerrit-Reviewer: dexter <pmaier at sysmocom.de>
Gerrit-CC: Stefan Sperling <stsp at stsp.name>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osmocom.org/pipermail/gerrit-log/attachments/20190205/fa56acf2/attachment.htm>