Commit Graph

338 Commits (master)

Author SHA1 Message Date
Neels Hofmeyr fe4ba7c057 cosmetic: embed compl_l3_type in FSM id
In the subscr_conn_fsm instance's ID, include the Complete Layer 3 type, so
that we can see on the first glance whether a state transition belongs to MO or

The huge patch is due to the cosmetic change affecting nearly every single log
line in the msc_vlr_tests, by nature of changing the FSM's ID.

Related: OS#3122
Change-Id: I2a7e27e0f16df1872dcda64cb928c3b8528ea3f7
2018-04-11 21:39:44 +00:00
Neels Hofmeyr 4068ab278b properly receive BSSMAP Clear Complete and Iu Release Complete
When sending a BSSMAP Clear or Iu Release, do not immediately discard the conn,
but wait until a BSSMAP Clear Complete / Iu Release Complete has been received.

Hence we will no longer show in the log that an incoming Release/Clear Complete
belongs to an unknown subscriber, but will still be around to properly log the

Related: OS#3122
Change-Id: Ie4c6aaba3866d6e5b98004e8870a215e8cf8ffc1
2018-04-11 21:39:44 +00:00
Neels Hofmeyr e3d3dc6ea2 refactor subscr_conn and subscr_conn_fsm de-/alloc

1. Glue the gsm_subscriber_connection alloc to the subscr_conn_fsm.
2. Add separate AUTH_CIPH state to the FSM.
3. Use conn->use_count to trigger conn release.
4. Add separate RELEASING state to the FSM.
5. Add rate counters for each of the three Complete Layer 3 types.


1. Glue the gsm_subscriber_connection alloc to the subscr_conn_fsm.

Historically, a gsm_subscriber_connection was allocated in libbsc land, and
only upon Complete Layer 3 did libmsc add the fsm instance. After splitting
openbsc.git into a separate osmo-msc, this is no longer necessary, hence:

Closely tie gsm_subscriber_connection allocation to the subscr_conn_fsm
instance: talloc the conn as a child of the FSM instance, and discard the conn
as soon as the FSM terminates.

2. Add separate AUTH_CIPH state to the FSM.

Decoding the Complete Layer 3 message is distinctly separate from waiting for
the VLR FSMs to conclude. Use the NEW state as "we don't know if this is a
valid message yet", and the AUTH_CIPH state as "evaluating, don't release".

A profound effect of this: should we for any odd reason fail to leave the FSM's
NEW state, the conn will be released right at the end of msc_compl_l3(),
without needing to trigger release in each code path.

3. Use conn->use_count to trigger conn release.

Before, the FSM itself would hold a use count on the conn, and hence we would
need to ask it whether it is ready to release the conn yet by dispatching
events, to achieve a use_count decrement.

Instead, unite the FSM instance and conn, and do not hold a use count by the
FSM. Hence, trigger an FSM "UNUSED" event only when the use_count reaches zero.
As long as use counts are done correctly, the FSM will terminate correctly.

These exceptions:

- The new AUTH_CIPH state explicitly ignores UNUSED events, since we expect the
  use count to reach zero while evaluating Authentication and Ciphering. (I
  experimented with holding a use count by AUTH_CIPH onenter() and releasing by
  onleave(), but the use count and thus the conn are released before the next
  state can initiate transactions that would increment the use count again.
  Same thing for the VLR FSMs holding a use count, they should be done before
  we advance to the next state. The easiest is to simply expect zero use count
  during the AUTH_CIPH state.)

- A CM Service Request means that even though the MSC would be through with all
  it wants to do, we shall still wait for a request to follow from the MS.
  Hence the FSM holds a use count on itself while a CM Service is pending.

- While waiting for a Release/Clear Complete, the FSM holds a use count on

4. Add separate RELEASING state to the FSM.

If we decide to release for other reasons than a use count reaching zero, we
still need to be able to wait for the msc_dtap() use count on the conn to

(An upcoming patch will further use the RELEASING state to properly wait for
Clear Complete / Release Complete messages.)

5. Add rate counters for each of the three Complete Layer 3 types.

Besides LU, also count CM Service Request and Paging Response
acceptance/rejections. Without these counters, only very few of the auth+ciph
outcomes actually show in the counters.

Related: OS#3122
Change-Id: I55feb379e176a96a831e105b86202b17a0ffe889
2018-04-11 21:39:44 +00:00
Neels Hofmeyr dc2514b220 CC: intentionally release T308 on BSSMAP Clear Request from BSC
So far we hit a running T308 during CC release when caused by a BSSMAP Clear
Request, and we loudly log that as error.

However, now I understand that T308 is a direct cause of the dispatch of a REL
IND towards MNCC, which is used to indicate teardown to MNCC. So during
_gsm48_cc_trans_free(), we first clear all timers, then invoke
mncc_release_ind() which starts another timer (useful for graceful CC Release,
but in this code path the intention is immediate release). Simply immediately
cancel the timer again and release the conn.

A separate question is whether a BSSMAP Clear Request should be less aggressive
in releasing the connections; i.e. instead of calling trans_free() all around,
to rather ask each transaction to "please stop soon", somehow.

Related: OS#3062
Change-Id: I231fdb574a086a206321148474cbdc7ca9cf39f0
2018-04-11 21:39:44 +00:00
Neels Hofmeyr cbcf89c2ac msc_vlr_test_call: reproduce OS#3062
A related ttcn3 test is added in Ic80646e1fba37bb6163ca3a7eead7980b4ad7a51

Related: OS#3062
Change-Id: Ice7197b48d4e163a3c4d97b559fdcd7e88c4107e
2018-04-10 00:18:16 +00:00
Harald Welte 39b5548808 Permit any Sender MSISDN when sending SMS from VTY
In the old days, OsmoNITB couldn't process any SMS that wasn't between
two subscribers on the same NITB.

We've long re-worked the internals in order to process SMS with
arbitrary sender MSISDN (e.g. from SMPP). However, the VTY command
"subscriber ... sms" was never updated, it seems.

Change-Id: I62b17e0a67989484415f0df2c8cb4ff1f94dbf2b
Closes: OS#3151
2018-04-09 19:19:33 +02:00
Neels Hofmeyr 93c7463fce unify allocation of gsm_subscriber_connection
The current msc_subscr_con_allocate() was in fact only used by msc_vlr_tests,
while both a_iface_bssap.c and iucs.c did their own duplicate code of
allocating the gsm_subscriber_connection struct. Unify.

Drop the old msc_subscr_con_allocate(), instead add msc_subscr_conn_alloc().
The new function also takes via_ran and lac arguments directly.

The conn allocation will soon be closely tied to the subscr_conn_fsm instance
allocation, so place the new function definition alongside the other
subscr_conn_fsm API, and match its naming ("conn").

Related: OS#3122
Change-Id: Ia57b42a149a43f9c370b1310e2e1f512183993ea
2018-04-05 01:10:32 +02:00
Neels Hofmeyr 16c42b5fba subscr_conn: store complete_layer3_type in conn, not FSM event arg
Instead of jumping through hoops to pass the Complete Layer 3 operation that
created this conn via FSM event dispatch parameters, put it right in the
gsm_subscriber_connection struct, where it always belonged.

Move definition of the enum complete_layer3_type to gsm_data.h, where
gsm_subscriber_connection is defined.

Introduce msc_subscr_conn_update_id() to set the complete_layer3_type of the
conn as soon as a Complete Layer 3 message is received.

In msc_subscr_conn_update_id(), already include an mi_string argument to
prepare for an upcoming patch where the FSM will be allocated much earlier when
the Mobile Identity is not known yet, and we'll also update the fi->id here.

The odd logging change in the msc_vlr_tests output uncovers a wrong use of the
osmo_fsm_inst_dispatch() data argument for SUBSCR_CONN_E_CN_CLOSE events: if a
child FSM signals unsuccessful result, instead of the failure cause, it passed
the complete_layer3_type, as requested upon FSM allocation, which was then
misinterpreted as a failure cause. Now a child FSM failure will pass NULL
instead, while other SUBSCR_CONN_E_CN_CLOSE events may still pass a valid cause

Related: OS#3122
Change-Id: Iae30dd57a8861c4eaaf56999f872d4e635ba97fb
2018-04-03 02:13:16 +02:00
Neels Hofmeyr 4d3a66b3f8 cosmetic: rename gsm_subscriber_connection->conn_fsm to ->fi
Match osmo-bsc's naming of the subscriber connection's FSM instance; 'conn->fi'
makes more sense anyway than 'conn->conn_fsm'.

BTW, an upcoming commit will do away with the legacy from libbsc/libmsc duality
and firmly glue the conn allocation to the fi.

Related: OS#3122
Change-Id: If442f2ba78d9722b1065ec30c9a13f372b6a8caa
2018-04-03 02:13:04 +02:00
Neels Hofmeyr 9fe52e4af3 test_reject_concurrency: missing assert
I broke this test during dev and saw the failure being noticed only in the next
test when DTAP is expected again. Verify success right there, instead.

Change-Id: Ifdde3a6fa5835203c34c40db77761f2e90c0d5ff
2018-04-03 02:09:39 +02:00
Neels Hofmeyr 08b3828995 use osmo_init_logging2() with proper talloc ctx
Since the logging allocations now also show up in the root context report, some
tests need adjusted talloc checks.

In msc_vlr_tests, also output the number of talloc blocks before tests are
started to show that the number didn't change after the tests.

Change-Id: Iae07ae60230c7bab28e52b5df97fa3844778158e
2018-03-30 23:20:03 +02:00
Neels Hofmeyr a6ac98b6aa remove empty libcommon-cs
Change-Id: If6afda250986b12781ae579323985615621ed75c
2018-03-22 17:11:30 +01:00
Neels Hofmeyr 8ea65b3270 rename libcommon to libgsupclient
All that is left in libcommon now are the GSUP and OAP client implementations.
These are duplicated in osmo-sgsn.git and make sense to remain somewhat
separate from libmsc. So now they get their own little lib.

Change-Id: Ic71aa119c233b6a0ae169a5b2a53819903d2be82
2018-03-22 17:07:13 +01:00
Neels Hofmeyr c01e90933f dissolve libcommon: move talloc ctx into msc_main.c, drop talloc_ctx.c
Drop tall_bsc_ctx; in mncc_sock_init(), talloc the mncc_sock_state from

In tests or utils, move from using an extern tall_bsc_ctx to a local root
context pointer.

Change-Id: I92c252be1d1e7634f1653de47d37c99d77d9501c
2018-03-22 17:06:05 +01:00
Neels Hofmeyr 6a8b9c70fc dissolve libcommon: drop debug.c
Apply more concise logging categories in each main scope. The bulk goes to
msc_main.c, obviously, while tests and utils get a slimmed down bunch of
logging categories.

Change-Id: I969a0662ba273f3721b6820d02151b7a5b8014b8
2018-03-22 17:05:42 +01:00
Neels Hofmeyr d6a769b51c trans_free: tear down conn when last transaction is done
In trans_free(), call subscr_conn_release_when_unused(), so that we are sure to
clean up after the last transaction is done.

This fixes an error where a conn lingered after a CC failure, because that code
path forgot to trigger cleanup.

Rationale: so far we were triggering the release check after each DTAP dispatch
(compl_l3 and "normal" DTAP), which is sufficient for properly closed
transactions. We also need a check for when a timeout clears an erratic trans.

Adjust test expectation of test_call_mo_to_unknown_timeout to show that the
error is now fixed.

msc_vlr_test_reject_concurrency now sees an additional release checking event
when the SMS transaction is done, which is expected and does not affect the
test otherwise.

Related: OS#2779
Change-Id: I46ff2e9b09b67e4e0d79cccf8c04936f17281fcb
2018-03-22 04:35:28 +00:00
Neels Hofmeyr eb1cfdb263 msc_vlr_tests: add CC Release test and test to catch OS#2779
These tests helped to debug issue OS#2779. Now that they're here we might as
well keep them.

The test test_call_mo_to_unknown shows that an MS answering to the Release
Request works as it should: the conn is torn down.

The test test_call_mo_to_unknown_timeout currently expects the error: the conn
remains active if the CC Release times out. This bug and the test expectations
will be fixed in I46ff2e9b09b67e4e0d79cccf8c04936f17281fcb.

Change-Id: Ic3c84520bff8c3fc82512d03ff6ab97d21b8fb7a
2018-03-15 14:24:57 +00:00
Neels Hofmeyr e9e2f5cde6 cosmetic: rename conn_fsm "bump" event to "release_when_unused"
The naming of "bump" was short and made sense to me at the time of writing, but
it is keeping pretty much everyone else at a distance, no-one intuitively gets
what it is supposed to mean.

Clarify by renaming to "release_when_unused".

Adjust test expectations.

Change-Id: I4dcc55f536f63b13a3da29fff1df5fe16751f83a
2018-03-15 14:24:57 +00:00
Neels Hofmeyr 12e17be1a0 cosmetic: msc_vlr_tests: enable CC logging in debug
There are a number of bad failures in CC teardown handling we're solving. It
helps to see CC logging in the msc_vlr_tests.

Change-Id: I56ac269d46b48b6b85efad81c4d2343bfc41ea90
2018-03-15 14:24:57 +00:00
Neels Hofmeyr fe718bc760 cosmetic: vlr_auth: log decision to send UMTS or GSM AKA challenge
Also indicate in msc_vlr_test_gsm_authen.c that we're indeed sending no
capability to do R99 in the Classmark 1 during LU request.

Change-Id: Id79a77ca1f218d55dad21d9dd3de92445fb5d6bf
2018-03-15 14:24:57 +00:00
Neels Hofmeyr a7fd88ce1b msc_vlr_tests: add test_a5_3_not_supported
See also change-id I72a1dbb30e0a39dbf4b81c7e378d5607b62e10d3 in
osmo-ttcn3-hacks.git, which adds a similar test to the MSC_Tests.ttcn suite.

Writing this test helped me fix the issue faster, why not keep it now that it's

Related: OS#2947
Change-Id: Iba56556207cf6e79e6531b0e7dd3eaec28fb5eaa
2018-03-10 23:21:34 +01:00
Neels Hofmeyr a9099bc99a cosmetic: vlr_auth_fsm: log RAN and size along with SRES/RES
Change-Id: Ib0f9f573ffac2302fbd3ee28f48ccd8fce5fe286
2018-03-10 22:23:13 +01:00
Neels Hofmeyr 11d2ce3e34 cosmetic: vlr_auth_fsm: clarify decision on UMTS AKA or GSM AKA
The code deciding on whether UMTS AKA is used was cascaded and convoluted. By
flattening the decisions, they become easier to read and possibly catch more
weird corner cases / log information more clearly.

- First decide what AKA the RES length reflects.
- Then decide whether all prerequisites for UMTS AKA are satisfied.
- Finally, on UTRAN, turn down the auth if we don't have UMTS AKA, and neatly
  log all of the potential causes.

One corner case that should never occur is that the UMTS AKA RES length is
actually the same length as the GSM AKA SRES. If this nevertheless occurs, log
this as an error, though not turning down authentication because of it. (The
effect is that we would favor UMTS AKA when it has a res_len == sizeof(sres)
and would not succeed to GSM AKA. At least the log will tell us why, now.)

Adjust an expected test output, trivial logging difference.

Change-Id: I43f7f301ea85e518bac91f707391a53182e54fab
2018-03-10 22:23:13 +01:00
Neels Hofmeyr 31adcae654 msc_vlr_test_umts_authen: test response with only SRES half of RES
Change-Id: I0e9099625bd9d3de3db5ee29fbf81b2d8a30071d
2018-03-10 22:23:13 +01:00
Neels Hofmeyr c6d20dd5a2 msc_vlr_test_umts_authen: test response with too long RES
Change-Id: Ie5473f06fc2d04c6a9f343da5764ec95b292a5f9
2018-03-10 22:23:13 +01:00
Neels Hofmeyr 15ed426df2 msc_vlr_test_umts_authen: test response with too short RES
Change-Id: Ia1bc57b3dc1f3c3c654ba2d907b16ba925cd03e8
2018-03-10 22:23:13 +01:00
Neels Hofmeyr d97821f8e5 cosmetic: gsm48_rx_mm_auth_resp(): log 'UMTS AUTH', not 'R99 AUTH'
Change-Id: Iba43c685cbe238d96175267e9cc954b2f2f3e7fc
2018-03-10 22:22:56 +01:00
Neels Hofmeyr 8e0af0ba69 vlr auth: gracefully reject malformed auth response
Instead of just closing down the conn hard, actually feed invalid auth response
data to vlr_subscr_rc_auth_resp() in order to trigger all the actions we want
to see with a failed authentication:
- a GSUP signal that the auth failed,
- a LU reject.
Verify this in new test_wrong_sres_length() in msc_vlr_test_gsm_authen.c.

Note that in gsm48_rx_mm_auth_resp(), the is_r99 flag is falsely derived from
the RES length, which upcoming commit Ib7f7d89a8b9455d2c022d53d74328fa7488577f4
will fix.

Change-Id: I4179a290069ac61d0662de4ec7ca3edb76988899
2018-03-10 22:12:13 +01:00
Neels Hofmeyr 7795a19ced vlr: fix GSM AKA in a UMTS AKA capable environment
Switch by vsub->sec_ctx to use the proper Kc for ciphering.

Even on an R99 capable MS with a UMTS AKA capable USIM, the MS may still choose
to only perform GSM AKA, as long as the bearer is GERAN. The VLR already stores
whether the MS replied with a GSM AKA SRES or a UMTS AKA RES in vsub->sec_ctx.
So far, though, we were always using the UMTS AKA Kc just because the USIM and
core net are capable of it, ignoring the choice the MS might have made in the
Authentication Response.

In msc_vlr_test_gsm_ciph, fix the test expectations to the correct GSM AKA Kc
keys, showing that all of LU, CM Service Request and Paging Response now
support MS choosing GSM AKA in a UMTS capable environment.

Related: OS#2793
Change-Id: I42ce51ae979f42d173a45ae69273071c426bf97c
2018-03-10 20:58:24 +00:00
Neels Hofmeyr cac6e89d2a msc_vlr_test_gsm_ciph: add test for GSM AKA in UMTS environment
Even on an R99 capable MS with a UMTS AKA capable USIM, the MS may still choose
to only perform GSM AKA, as long as the bearer is GERAN. In that case, we must
make sure to send the GSM AKA Kc for ciphering.

Add test_gsm_ciph_in_umts_env() to msc_vlr_test_gsm_ciph.c to answer an Auth
Request with a GSM AKA response (see the log stating "AUTH established GSM
security context" after we sent a UMTS AKA challenge).

In the test, show that we currently send the *wrong* Kc, i.e. the UMTS AKA
derived Kc for GERAN, instead of the correct Kc for GSM AKA (which was received
from the HLR in the auth tuples).

Subsequent patch I42ce51ae979f42d173a45ae69273071c426bf97c will fix this and
correct the test expectations.

Related: OS#2793
Change-Id: I85f12a20dcd701e671188e56811ec7b58d84da82
2018-03-10 20:58:24 +00:00
Neels Hofmeyr dbabfd3c43 msc_vlr_tests: clearly separate Ciph Mode from Security Mode checking
Clearly distinguish between Ciphering Mode Command on GERAN and Security Mode
Control on UTRAN.

Cosmetic: explicitly verify the key strings in the testing code (not only in
the expected output).

Change-Id: Ica93ed06c4c63dc6768736d25231de8068001114
2018-03-10 20:58:20 +00:00
Neels Hofmeyr da21a52c92 msc_vlr_tests: improve cipher mode coverage
Actually call msc_vlr_set_ciph_mode() and wrap away a_iface_tx_cipher_mode()
and ranap_iu_tx_sec_mode_cmd(). Hence we'll see decisions and errors in
msc_vlr_set_ciph_mode() as well.

Change-Id: Id23bc245d4b5707edcd27c44db272fbb211bf9bd
2018-03-02 17:00:37 +01:00
Neels Hofmeyr f3d81f6ef5 msc_vlr_tests: make all test functions static
All functions in the individual msc_vlr_test_*.c files should be static; hence
we would be warned if one of them were unused (forgotten to add to the tests

Change-Id: Ia169c6a1443a48879ab4777e09c2040c48810bf6
2018-03-02 03:22:16 +01:00
Neels Hofmeyr 87524ab620 msc_vlr_test_gsm_ciph: drop unused function
This test is actually in msc_vlr_test_rest.c, shouldn't be copied here, and was
anyway unused.

Change-Id: I9bba10a05d43f7f94aa2cd6dcb63dd8f2f644d35
2018-03-02 03:22:16 +01:00
Neels Hofmeyr dfdc61de68 msc_vlr_tests: revert IMSI parameter and test nr output
Three recently merged commits take the msc_vlr_tests in a wrong direction.

The IMSI is usually encoded in the hex streams. The rationale behind hex
streams is that it is a) easily copied from a wireshark trace and b) exactly
the bytes as sent by an actual phone. It is hard to parameterize the IMSI
because we would have to employ our encoding functions, which I intentionally
want to keep out of the loop here.

The test number should not appear in the normal test output, so that adding a
test or changing their order does not affect expected output for following
tests. The nr is simply for manual invocation, only seen when invoked with -v.

- "VLR tests: always print test parameters"
- "Expand VLR tests"
- "Move IMSI into test parameters"

Change-Id: Ie1b49237746751021da88f6f07bbb9f780d077c9
2018-03-02 03:22:16 +01:00
Neels Hofmeyr 7f48420923 cosmetic: gsm_network_init(): imply default 001-01 PLMN
All callers pass mcc=1, mnc=1, so just have it as default.
(Prepare for net->country_code etc to be replaced by net->plmn)

Change-Id: Ibcd1cc38f170895305ae176a5574384c74a33939
2018-02-27 13:01:42 +01:00
Harald Welte 098aa71e83 remove unused "auth policy" VTY command
This is yet another unsused bit from the OsmoNITB legacy.

Related: OS#2528
Change-Id: I825e659da529257e5edec94d9d59f0e10c1b4c63
2018-02-14 09:04:56 +01:00
Harald Welte 2346619c1a remove unused "authorized-regexp" VTY command
This is another left-over VTY command from the OsmoNITB days.

If such functionality is desired, it must be implemented in OsmoHLR,
but not here.

Related: OS#2528
Change-Id: Icf0897c47388e49ba7886b55acc728a6f7d213fe
2018-02-14 09:04:52 +01:00
Harald Welte d5db170261 remove bsc_api.h and all users - they're all dead code
Related: OS#2528
Change-Id: I332aa8697c98a0d7b3db65f98711275da3d381d7
2018-02-14 00:28:02 +01:00
Max 5e60de63ef VLR tests: move network init into function
That's a preparation step for properly splitting main function of
different tests in follow-up function.

Change-Id: I68a2e94cf79fcb83286eef981a8d88bdbe10ef69
Related: OS#2864
2018-02-07 13:01:49 +01:00
Max b0a4314911 VLR tests: always print test parameters
For each test print:
* the test number

Unfortunately tests are organized in such a way that we don't know the
number of particular test in advance. Nevertheless, it make sense to
always print it regardless of -v option presense.

Related: OS#2864
Change-Id: I2e1d7701f5322d2311f32b796148a8b414f53b8e
2018-02-07 12:08:19 +01:00
Max 29ce08a77a VLR tests: remove weird code
Having while(0) as a body for for() cycle generate too much WTF while
looking at the code while not serving any obvious purpose. Let's just
drop it to avoid confusing developers.

Change-Id: I1f571ec319ff3231fd9acd4066e470476c3b1f78
Related: OS#2864
2018-02-07 12:08:12 +01:00
Max 6817190efd VLR tests: don't fail via assert
Don't fail tests using thwart_rx_non_initial_requests() via
OSMO_ASSERT. Instead log extended error which will fail the test
eventually but allows to gather additional info helpful for debugging.

Change-Id: I2607cb1ac60941dbc22fca532ed2b3738bfbcc63
Related: OS#2864
2018-02-07 12:07:59 +01:00
Max d5feadeee8 Expand VLR tests
Print the IMSI used for each test. This enables expansion to tests with
several IMSIs in follow-up patches.

Change-Id: I7958608e5136351f7b7c0c57fe79791d989ce9c3
Related: OS#2864
2018-02-07 12:07:50 +01:00
Max d8d1a9e3cc VLR tests: mark static test functions as such
Related: OS#2864
Change-Id: I5eac4c24257fd38068ba629d3c21848181703220
2018-02-07 12:07:39 +01:00
Max 093300d141 Move IMSI into test parameters
This makes test routines more flexible and allows to easier re-use them
for tests with different IMSIs.

Change-Id: I74d46fdb7e87dc04c6b82a0b6f3ce6bef60bde58
Related: OS#2864
2018-02-07 12:07:24 +01:00
Max 5e2e9bd0be Fix whitespace issues
We don't usually put space before in-place increment or decrement. Let's
make code look similar to other Osmocom projects.

Change-Id: I5962431ad16c97e412939dc1b8949f6361a5c26e
2018-02-06 19:31:08 +01:00
Philipp Maier 621ba032bd mgcp: use osmo-mgw to switch rtp streams
in the current implementation we still use osmo-bsc_mgcp, which
has many problems and is also obsoleted by osmo-mgw.

integrate osmo-mgw and re-implement the current switching using
an osmo fsm.

Depends: osmo-mgw Iab6a6038e7610c62f34e642cd49c93d11151252c
Depends: osmo-iuh I3c1a0455c5f25cae41ee19229d6daf299e023062
Closes: OS#2605
Change-Id: Ieea9630358b3963261fa1993cf1f3b563ff23538
2018-02-05 22:28:43 +00:00
Harald Welte c2007855ce Implement checks for duplicate uplink UL L3 message
According to TS 24.007 Section, it is possible that uplink L3
messages are duplicated in some scenarios, particularly during
assignment/handover procedure.

To avoid L3 entities from seeing duplicated messages, there's a modulo-2
or modulo-4 message sequence counter, based on which the MSC can detect
and suppress such duplicate messages.

It appears that even our unit tests were wrong in that regard so far.
Rather than manually adjusting each and every message, let's make sure
that the sequence number generation always increments as expected, and
that during matching of incoming messages, sequence numbers are masked

Note: the tests will only pass from libosmocore Change-Id
Iec875a77f5458322dfbef174f5abfc0e8c09d464 onwards, due to
gsm48_hdr_msg_type() being broken in earlier versions.

Change-Id: Id15e399ab7e1b05dcd426b292886fa19d36082b1
Closes: #2908
2018-02-03 20:30:03 +00:00
Harald Welte 7b222aa106 Permit a set of multiple different A5 ciphers
So far, the administrator had to pick one particular cipher which
would then be used throughout all subscribers/phones. This is a bit
impractical, as e.g. not all phones support A5/3.  Extend the VTY
command syntax in a backwards-compatible way to permit for multiple

NOTE: Like the previous code, OsmoMSC does *not yet check* whether
the configured cipher is compatible with the MS capabilities as
reported in CLASSMARK!  The network hence might choose an algorithm
not supported by the phone.  Fixing this is subject to another patch.

Closes: OS#2460
Change-Id: I79a4e2892eb5fbecc3d84e11dceffb7149db264b
2018-01-28 00:09:42 +00:00
Harald Welte 71c51df07d Shift ciphering algorithm selection from VLR to MSC
The VLR code seems to have the assumption that there is one particular
algorithm to be used, as opposed to one of a set of algorithms.

What's missing is basically to decide when/where to pick the best
algorithm within the capabilities of the phone (classmark) and the
network configuration (net->a5_encryption_mask).  So far, libvlr has no
notion of classmark.  Rather, libmsc has.

Why does the VLR care about the particular algorithm at all?  The VLR
should probably simply decide if it should use encryption or not, and if
so, the MSC will figure which algorithm to use.

Change-Id: I5ed80ca2086560a5975a758ec568a034a9a8ab89
2018-01-28 00:09:41 +00:00
Harald Welte d35038d229 Massive removal of unused code/structs/headers
osmo-msc still had large amounts of dead code that came along from
openbsc.git.  This commit removes a lot of it, mostly stuff relevant
only to the BSC side of things (or even GPRS).

Change-Id: I247def85da2dc3ec461389fb74414a0d964e7e3c
Related: OS#2528
2018-01-25 00:18:05 +01:00
Harald Welte a3ab1de7dc remove traces of bsc_subscriber
Change-Id: I8672f0a76cb47595444a7ddbc4f34fc4ddaeb375
2018-01-24 23:29:51 +01:00
Harald Welte 80315ef6b5 Fix msc_vlr test results (.err) for new libosmocore GSM48_PDISC names
In I8de7c01f9ea1d66c384e57449c4140186f5ce6c5, libosmocore introduced
shorter names in gsm48_pdisc_names, which has implications on the
expected test output

Change-Id: I4421872a0d609dd50a6b911b928aa5e111d1ad24
2018-01-24 22:55:05 +01:00
Harald Welte a1c5de45c1 Remove traces of meas_feed
Measurement reporting (and the relate feed) are functions of the BSC,
not the MSC.  This code should never have been inherited from OsmoNITB
to OsmoMSC in the first place, let's remove it.

Change-Id: I0d57ac214e574e267fa9752daf76566197b9aa64
2018-01-24 14:04:46 +00:00
Max a263bb215b VLR: log subscriber update
* move log helpers to generic header
* log subscriber update

It's handy for troubleshooting issues with subscriber update via GSUP
from HLR.

Change-Id: I1958aeeb3ea99831c7e2c5ee9a6b59834baf4520
2017-12-31 11:01:46 +00:00
Max 753c15de2f Migrate from OpenSSL to osmo_get_rand_id()
This avoids potential licensing incompatibility and makes integration of
Debian packaging patches easier.

Related: OS#1694
Change-Id: I71cd631704a4dc155c6c752fee2a42cd6e2fa336
2017-12-27 11:11:14 +00:00
Neels Hofmeyr facd57ac56 fix: properly cancel all Paging on IMSI Detach
It's not clear cut which code is responsible for canceling pending requests,
since the requests list is kept in vlr_subscr, but sending out Paging does
certainly not belong in the VLR. Place the requests cleanup in gsm_04_08.c.

Add to test_ms_timeout_paging() in msc_vlr_test_ms_timeout.c to verify that a
pending paging is canceled on IMSI Detach.

Change-Id: Ib8874a9d92f02b0826525b55518332f6899688fd
2017-12-20 23:07:10 +01:00
Neels Hofmeyr 2ff5bcdc38 fix paging: add timeout to discard unsuccessful paging
Currently, if there is no reply from the BSS / RNC, a subscriber will remain as
"already paged" forever, and is never going to be paged again. Even on IMSI
Detach, the pending request will keep a ref count on the vlr_subscr.

Add a paging timeout, as gsm_network->paging_timeout and in the VTY on the
'msc' node as 'paging timeout (default|<1-65535>'. (There is a 'network' /
'T3113' in OsmoBSC, but to not confuse the two, give this a different name.)

Add test_ms_timeout_paging() test to verify the timeout works.

I hit this while testing Paging across multiple hNodeB, when a UE lost
connection to the hNodeB. I noticed that no matter how long I wait, no Paging
is sent out anymore, and found this embarrassing issue. Good grief...

The choice of 10 seconds is taken from

Change-Id: I2db6f1e2ad341cf9c2cc7a21ec2fca0bae5b2db5
2017-12-20 23:07:10 +01:00
Neels Hofmeyr 2ef2da54ab cosmetic prep: tell vlr_ops.set_ciph_mode() whether UMTS AKA is used
In case of UMTS AKA, the Kc for ciphering must be derived from the 3G auth
tokens. tuple->vec.kc was calculated from the GSM algorithm and is not
necessarily a match for the UMTS AKA tokens.

To decide (in an upcoming patch) whether to use UMTS AKA derived Kc or the Kc
from the auth vector, the set_ciph_mode() from vlr_ops needs to know whether
UMTS AKA is being used. This could possibly derived from the msc_conn_ref, but
all flags are already available in the vlr_lu_fsm and vlr_access_req_fsm. Hence
add a umts_aka flag to the set_ciph_mode() callback invocation. The VLR FSMs
thus decide whether UMTS AKA or GSM AKA is to be used during Ciphering Mode
Command, which makes more sense than re-implementing the same decision process
in the MSC.

I considered placing the Kc derivation in vlr_set_ciph_mode() and only tell the
MSC's set_ciph_mode() implementation the precise keys it should use, but the
RAN particulars, and whether a Kc is used at all, rather belong with the MSC.

Related: OS#2745
Prepares: If04e405426c55a81341747a9b450a69188525d5c
Change-Id: I983c48347faf4ee1b405d8174b4e006c904157cf
2017-12-18 05:18:11 +01:00
Neels Hofmeyr 4cf4fddf28 vlr: debug log: log Ciphering Mode details
Change-Id: Ib19dfd7255bda01ebace62386df4ec89697d9d14
2017-12-18 03:48:24 +01:00
Neels Hofmeyr 3f5b7808f5 cosmetic: msc_vlr_tests: log SMS details when invoked with -v
DLSMS logs SMS pointers, so is not suitable for logging them always. Allow
logging for manual invocation, though.

Change-Id: I1b7d2fd3fb38bf50eeabd6f7ef736d70a17de7a6
2017-12-18 03:48:24 +01:00
Max 60383a1f7f Remove unneeded .py scripts
The has been moved to osmo-python-tests as osmo_ipa - use it for
vty and ctrl tests instead of local copy. The and
are not MSC-specific: leftovers from repository split which are now
available in osmo-python-tests as well.

Change-Id: Ia3ab77846c9beae7eca32a81079a4a9bfa4dcc75
2017-12-03 21:14:10 +00:00
Max abb24a2725 Add basic CTRL test
All the CTRL tests were skipped automatically because they were
inherited from before repo split time. This means that MSC CTRL
interface was not tested at all. Add trivial test which uses generic
rate counter introspection so we at least check that MSC's CTRL
interface is not completely broken.

Change-Id: I784feece666b00752a81f2c126e6f255505445be
2017-11-29 15:11:59 +01:00
Neels Hofmeyr 82be67de2b fix use after free: missing conn_get on CC paging response
Adjust test expectations accordingly.

The error was:

  ==16084==ERROR: AddressSanitizer: heap-use-after-free on address 0x61500000f5f4 at pc 0x561be639ac2b bp 0x7ffc0aabbe40 sp 0x7ffc0aabbe38
  READ of size 4 at 0x61500000f5f4 thread T0
      #0 0x561be639ac2a in _msc_subscr_conn_put ../../../../src/osmo-msc/src/libmsc/osmo_msc.c:384
      #1 0x561be636070b in rx_from_ms ../../../../src/osmo-msc/tests/msc_vlr/msc_vlr_tests.c:204
      #2 0x561be6360b21 in ms_sends_msg ../../../../src/osmo-msc/tests/msc_vlr/msc_vlr_tests.c:217
      #3 0x561be635b40a in test_call_mt ../../../../src/osmo-msc/tests/msc_vlr/msc_vlr_test_call.c:328
      #4 0x561be6363bb7 in run_tests ../../../../src/osmo-msc/tests/msc_vlr/msc_vlr_tests.c:802
      #5 0x561be63524ea in main ../../../../src/osmo-msc/tests/msc_vlr/msc_vlr_tests.c:849
      #6 0x7f6eebb3e2b0 in __libc_start_main (/lib/x86_64-linux-gnu/
      #7 0x561be6352fb9 in _start (/n/s/osmo/make-3G/osmo-msc/tests/msc_vlr/msc_vlr_test_call+0xdafb9)

Related: OS#2672
Change-Id: If0659a878deb383ed0300217e2c41c8c79b2b6a5
2017-11-27 15:40:01 +01:00
Neels Hofmeyr a99b42709a add msc_vlr_test_call to reproduce a sanitizer error
On MT call, there is a bug in CC conn use which leads to an early free and

Add msc_vlr_test_call to show both MO and MT call legs separately and reproduce
the failure. It is visible in a sanitizer build (on debian 9).

A subsequent patch will fix the bug: If0659a878deb383ed0300217e2c41c8c79b2b6a5

Related: OS#2672
Change-Id: I6c3ca0c660388b1e2c82df17ec540c846201b0c7
2017-11-27 15:40:01 +01:00
Neels Hofmeyr 6166f29412 subscr_conn: introduce usage tokens for ref error tracking
When hunting a conn use count bug, it was very hard to figure out who's (not)
using the conn. To ease tracking down this bug and future bugs, explicitly name
what a conn is being reserved for, and track in a bit mask.

Show in the DREF logs what uses and un-uses a conn. See the test expectation
updates, which nicely show how that clarifies the state of the conn in the

On errors, log them, but don't fail hard: if one conn use/un-use fails, we
don't want to crash the entire MSC before we have to.

Change-Id: I259aa0eec41efebb4c8221275219433eafaa549b
2017-11-27 15:40:01 +01:00
Neels Hofmeyr 8a656eb3a5 msc_vlr_tests: set a valid lac for fake conns
Change-Id: Ie647d93a54aefad5bde8a9411d983cd60714b83d
2017-11-22 14:40:37 +01:00
Neels Hofmeyr 9c848b5d82 msc_vlr_tests: fix test nr arg: clear errno before strtol()
Change-Id: I8e9376f20a44f6348bcb85f0ff27a429dc90e1b8
2017-11-22 02:57:08 +01:00
Neels Hofmeyr 0442ea22b8 sms_queue_test: sanitize: clean up talloc contexts when done
To avoid sanitizer build failures, ensure that the talloc contexts are empty
when done and free them.

Separate the msgb context from the overall talloc context for clarity: if
nested, the outer one would contain two blocks.

Change the "sms_queue_test" context from 1 byte to 0 in order to get a size of
zero in the end.

Change-Id: If08ba48ab9c28bf3c2db4014837c1304cec04aaf
2017-11-22 02:57:07 +01:00
Neels Hofmeyr 2c46e04ccc cosmetic: msc_vlr_tests: add comment to show expected tallocs
If something changed the talloc landscape, it is hard to find out what the test
actually expected when it was written. Add the expectations in an inline

Change-Id: If92a18bb3dc24c2cf6498aa2da29266267488240
2017-11-20 13:49:32 +00:00
Neels Hofmeyr 3bae836310 vlr_subscr_conn_timeout(): don't fire events to discarded fi
Terminating one of the FSM instances may effect termination and deallocation of
the others, as well as the vlr_subscr itself. So, reserve the vlr_subscr
locally, and then dispatch events to exactly those FSM instances that exist.

The changes in expected output in the msc_vlr_tests shows that the subscriber
was deallocated from the first FSM termination, and now sticks around until
we've checked both FSMs are gone.

Change-Id: I56551ecc10f5295fe75944bdde4b583b1b621811
2017-11-20 13:49:32 +00:00
Neels Hofmeyr 3ddd7422ea subscr_conn: don't close after conn timeout
If dispatching a conn timeout, the conn fsm will already have been discarded,
and we cannot fire any more events to it.

The expected test output changes illustrate that we are now omitting event
dispatches that happen *after* the same FSM was already deallocated.

Change-Id: I25af3e5a1b04e3a5c9f41956cbcbbdd8439c6457
2017-11-20 13:49:32 +00:00
Neels Hofmeyr 7b1418e6fc tests: add msc_vlr_test_authen_reuse
Change-Id: I185a2cbff6241a27722f1c37ae609f0fcc59a71e
2017-10-31 02:02:43 +01:00
Neels Hofmeyr 33f534136c cosmetic: vlr: rename auth_tuple_max_use_count to _reuse_
The name auth_tuple_max_use_count suggests that if I want to use each auth
tuple exactly once, I need to set it to 1. Curiously, so far you need to set
to intended uses - 1.

Reflect this in its name by renaming to auth_tuple_max_reuse_count.

I first considered to not rename but change the if-conditions so that == 1
means each tuple is used once, and upon struct vlr allocation, set the default
to 1. That would also logically entail that setting to 0 means to re-use
vectors infinitely often, like now a value < 0 does. That means, when
allocating a vlr struct zeroed out, we would by default have the most
dangerous/unsafe configuration. It's no problem to set a default to 1 upon
allocation, but by renaming the variable instead, we get safer alloc-zero
behavior and don't need to change any conditionals in the code (even though the
patch ends up considerably larger from all the renaming).

Change-Id: I0b036cae1536d5d6fb2304f837ed1a6c3713be55
2017-10-31 02:02:43 +01:00
Neels Hofmeyr 96748ca790 msc_vlr_tests: fix rebuild: rebuild when src/ libs were rebuilt
Before this, a code change in libvlr or libmsc would not cause a rebuild of the

You'd have thought 'AM_LDADD' were the right name for the variable, but
apparently it is just 'LDADD' instead. Tested that it works as intended.

Change-Id: Icbdedc1581fa23abe9ed99cef3918592b25f30b3
2017-10-30 08:45:15 +00:00
Harald Welte 8f042b9000 osmo-msc: Don't link against libasn1c
osmo-msc doesn't use any API/symbols of libasn1c directlry.  Rather,
we use libosmo-ranap which in turn uses libasn1c.  Let the linker
work out that dependency.

This fixes the following dpkg-shlibdeps warning:

Change-Id: I2f840884d8f1cc542de1e26acd3d4215bd2fd899
dpkg-shlibdeps: warning: package could avoid a useless dependency if debian/osmo-msc/usr/bin/osmo-msc was not linked against (it uses none of the library's symbols)
2017-10-28 15:17:53 +02:00
Neels Hofmeyr 834f94a2cb fix memory leak: vlr: vlr_gsupc_read_cb() must msgb_free()
Add required msgb_free() to vlr_gsupc_read_cb().

Adjust msc_vlr_tests.c gsup_rx() to *not* free the msgb again after
vlr_gsupc_read_cb() did.

Related: OS#2476
Change-Id: I347c53f57a7fa79921aed3f6e42599841acf27c0
2017-10-03 20:30:17 +00:00
Harald Welte 5c76e0aa1a remove further files and autotest/autoconf bits irrelevant to osmo-msc
Change-Id: I68e879e7474cbd3dd053f23bc4d5d22dc2748c5b
2017-10-03 09:44:23 +08:00
Max 43b01b0514 Remove rest_octets.h
The MSC should not fiddle with low-level SI details like rest octets
anyway. Unfortunately simply removing the header is impossible as it
causes massive fallout due to missing includes. Fixed it as well.

The only other parameter which required removal is cell_ro_sel_par which
is not referenced anywhere in the code anyway.

Change-Id: Ibff77330de056fad4288cd4c48d016aad8105354
2017-09-15 11:31:03 +02:00
Neels Hofmeyr 6c8afe148b use separated libosmo-mgcp-client, apply rename to mgcp_client_*
After osmo-mgw changes I8e0b2d2a399b77086a36606f5e427271c6242df1 and
I99f7faab637cfcc22ece64a1dbcbe590f2042187, apply linking of new
libosmo-mgcp-client and renames to drop the "gw" from mgcp_client_*.

Also rename the gsm_network.mgcpgw to mgw, to indicate that the MGCP client is
used to contact the MGW (Media Gateway).

Depends: I8e0b2d2a399b77086a36606f5e427271c6242df1 (osmo-mgw)
         I99f7faab637cfcc22ece64a1dbcbe590f2042187 (osmo-mgw)
Change-Id: I093ad02ca0e532f659447c785e09678b3e6f220d
2017-09-08 23:47:37 +00:00
Neels Hofmeyr 9084396467 rename include/openbsc to include/osmocom/msc
Change-Id: I1f96a1285bbd1b4607614856bca935d5c26e2da9
2017-09-06 16:41:25 +02:00
Neels Hofmeyr f7251c3aa1 am: msc_vlr_tests: use AM_LDFLAGS instead of COMMON vars
It was a n00b mistake to define COMMON_LDFLAGS and COMMON_LDADD to pass the
same linker options to each test binary. Instead, use AM_LDFLAGS and remove the
autoreconf warning.

    tests/msc_vlr/ warning: variable 'COMMON_LDFLAGS' is defined but no program or
    tests/msc_vlr/ library has 'COMMON' as canonical name (possible typo)

Related: OS#2448
Change-Id: I6efae6e192b22de2c1d706edd55385135142532b
2017-08-30 14:28:00 +02:00
Neels Hofmeyr bac227653a split off osmo-msc: remove files, apply build, rename
Change-Id: Icf025e5ea8d180613b3114282951c9afa67af9a7
2017-08-29 12:51:19 +00:00
Neels Hofmeyr 34d33bdef8 msc_vlr tests: add IMEISV tests
Change-Id: I752afef2ae3ce04e813c7e9fea0e883e607c0e14
2017-08-29 12:51:19 +00:00
Neels Hofmeyr 979cd26f35 move to osmo-mgw.git: osmo-bsc_mgcp and libmgcp as libosmo-legacy-mgcp
Rewire build and includes to libosmo-legacy-mgcp.

Drop osmo-bsc_mgcp and related python tests, now found in osmo-mgw.git.

libosmo-legacy-mgcp is installed from osmo-mgw, hence add the dependency to (so far using the pre_release branch).

Change-Id: Ic99d681759edce11564da62500c2aac5cf5fffe2
2017-08-29 12:51:19 +00:00
Neels Hofmeyr 97668a2623 cosmetic: msc_vlr_tests: drop unused var
Change-Id: I584c0dfffe005597563dbd72fad8a087c554ba3d
2017-08-29 12:51:19 +00:00
Neels Hofmeyr 00e82d61ab move libiu to osmo-iuh/libosmo-ranap
Remove libiu here, use the functions from libosmo-ranap instead, by applying
the ranap_ / RANAP_ prefix.

Corresponding change-id in osmo-iuh.git is I6a3f7ad15be03fb94689b4af6ccfa828c25f45c0

To be able to run the msc_vlr tests for RAN_UTRAN_IU without Iu client headers
available, add iu_dummy.h, containing mere function signatures that match
iu_dummy.c and a mostly empty struct ranap_ue_conn_ctx.

Make sure we can build with and without --enable-iu: include osmo-iuh headers
only with --enable-iu.

Change-Id: Ib8c4fcdb4766c5e575618b95ce16dce51063206b
2017-08-29 12:51:18 +00:00
Philipp Maier fbf6610dc1 Implement AoIP, port to M3UA SIGTRAN (large addition and refactoring)
This was originally a long series of commits converging to the final result
seen in this patch. It does not make much sense to review the smaller steps'
trial and error, we need to review this entire change as a whole.

Implement AoIP in osmo-msc and osmo-bsc.

Change over to the new libosmo-sigtran API with support for proper
SCCP/M3UA/SCTP stacking, as mandated by 3GPP specifications for the IuCS and
IuPS interfaces.

From here on, a separate osmo-stp process is required for SCCP routing between
OsmoBSC / OsmoHNBGW <-> OsmoMSC / OsmoSGSN build from libosmo-sccp and osmo-iuh master branches now for new

Patch-by: pmaier, nhofmeyr, laforge
Change-Id: I5ae4e05ee7c57cad341ea5e86af37c1f6b0ffa77
2017-08-29 12:51:18 +00:00
Pau Espin f5816f6f5b sgsn_test: Fix wrong definition of wrap func
Commit 058cd573d8 added 2 new pointer parameters to
gprs_subscr_request_auth_info, but forgot to update wraps of the
function in sgsn_test.

I catched this today because openbsc build test sgsn_test was failing.
Closed look up to the logs showed:
Assert failed (auts != NULL) == (auts_rand != NULL) openbsc/openbsc/src/gprs/gprs_subscriber.c:791

Change-Id: Ie9e4af6da0339536fb20ca0b7bbcf6f485bd522c
2017-08-27 02:33:49 +02:00
Harald Welte 586e6819eb Migrate from gprs_apn_to_str() to libosmocore osmo_apn_to_str()
In 2015, Jacob moved/copied related functions to libosmocore, but
for some reason didn't remove the copies here.  Let's follow-up on
that and remove duplicated code.

The libosmocore commit introducing osmo_apn_to_str() was

Change-Id: I7315ffcbed8a54cca2056f313bb7783ad82d0ee9
2017-08-27 02:33:49 +02:00
Alexander Chemeris 3d18dda61a libcommon: Fix log output for bts>0.
Fixes regression probably introduced in c696cc28.

For bts>0 logging doesn't show bts number correctly when printing lchan
identification string - it will always show it as "bts=0". The reason for
this is that the identification string is cached before bts->nr value is
set to a proper value.

This patch sets bts->nr as part of the first step of the bts structure
initialization, before caching happens thus making sure the cached
identification string is cached with the correct values.

Change-Id: I61c18a7f021fcb1ec00d34a745f4e3ab03416c2d
2017-08-27 02:33:49 +02:00
Pablo Neira Ayuso 9891dae131 libmsc: update database to accomodate SMS status-report fields
SMPP DELIVER_SM messages with esm_class = Delivery Receipt need to send
this message reference (that the mobile phone allocates) to the ESME.
Thus, the ESME propagates it via SUBMIT_SM with esm_class = Delivery
Acknoledgment so that the SMSC sends the GSM 03.40 status-report to the
origin including this. Given this field is useful for status-reports, we
need to store it in the HLR database.

Moreover, we need a new field that specifies if the entry represents a
SMS status-report, to do the right handling from the gsm411_send_sms() -
such new handling comes in a follow up patch entitled "libmsc: handle
delivery ack via SMPP SUBMIT SM / send GSM 03.40 status report".

This patch includes the migration routines to the new database schema
revision 5, it's quite a bit of dbi boilerplate code - copied-pasted and

Change-Id: I7276d356d805a83ebeec72b02c8563b7135ea0b6
2017-08-27 02:33:49 +02:00
Daniel Willmann 8dc8ea435f examples/sgsn: Use osmo-hlr with auth-policy remote by default
For the vty tests, add osmo-sgsn-accept-all.cfg (that does not need an HLR) and
use in, otherwise the 'show sgsn' command will reply that it
could not connect to the HLR, failing the vty test which expects empty.

Change-Id: Ie3b2013198d3e2b780a4e31c36b89b58129dcacd
2017-08-24 16:47:42 +02:00
Neels Hofmeyr 78ada64be7 04.08: log protocol discriminators and message types by name
On incoming 04.08 messages, we log only the protocol discriminator in
decimal. Enhance: log pdisc and message type in hex, and also log the
protocol and message type as human readable string.

Also adjust the msc_vlr tests' log statements for wrapped rx/tx functions
of dtap from/to the MS.

Adjust the expected output of msc_vlr_tests.

Change-Id: Ida205d217e304337d816b14fd15e2ee435e7397d
Depends: libosmocore change-id I0fca8e95ed5c2148b1a7440eff3fc9c7583898df
2017-08-23 14:35:31 +02:00
Neels Hofmeyr 05230eac4a fix msc_vlr tests after libosmocore uses localtime for SMS
libosmocore change-id I4efdb1eaae43aced33961b64d4f14b0040321c10 changes the
gsm340_gen_scts() from gmtime to localtime, meaning that by feeding a mere zero
as timestamp, we get different results depending on the local machine's
timezone setting. Instead of calling gsm340_gen_scts() with zero, simply write
a bunch of bytes as time so that the tests get identical SMS bytes every time.

Change-Id: I8a50e8963dce80609749571b61fc6ffe1c54660c
2017-08-22 18:13:54 +02:00
Neels Hofmeyr 84da6b1edb Implement IuCS (large refactoring and addition)
osmo-nitb becomes osmo-msc
add DIUCS debug log constant
add iucs.[hc]
add msc vty, remove nitb vty
add libiudummy, to avoid linking Iu deps in tests
Use new msc_tx_dtap() instead of gsm0808_submit_dtap()
libmgcp: add mgcpgw client API
bridge calls via mgcpgw

Enable MSC specific CTRL commands, bsc_base_ctrl_cmds_install() still needs to
be split up.

Change-Id: I5b5b6a9678b458affa86800afb1ec726e66eed88
2017-08-08 19:17:53 +02:00
Neels Hofmeyr e2f24d53e4 mscsplit: various preparations to separate MSC from BSC
Disable large parts of the code that depend on BSC presence. The code sections
disabled by #if BEFORE_MSCSPLIT shall be modified or dropped in the course of
adding the A-interface.

Don't set msg->lchan nor msg->dst.
Don't use lchan in libmsc.
Decouple lac from bts.

Prepare entry/exit point for MSC -> BSC and MSC -> RNC communication:
Add msc_ifaces.[hc], a_iface.c, with a general msc_tx_dtap() to redirect to
different interfaces depending on the actual subscriber connection.
While iu_tx() is going to be functional fairly soon, the a_tx() is going to be
just a dummy for some time (see comment).
Add Iu specific fields in gsm_subscriber_connection: the UE connection pointer
and an indicator for the Integrity Protection status on Iu (to be fully
implemented in later commits).
Add lac member to gsm_subscriber_connection, to allow decoupling from
bts->location_area_code. The conn->lac will actually be set in iu.c in an
upcoming commit ("add iucs.[hc]").

move to libcommon-cs: gsm48_extract_mi(), gsm48_paging_extract_mi().

libmsc: duplicate gsm0808 / gsm48 functions (towards BSC).
In osmo-nitb, libmsc would directly call the functions on the BSC level, not
always via the bsc_api. When separating libmsc from libbsc, some functions are
missing from the linkage.
Hence duplicate these functions to libmsc, add an msc_ prefix for clarity, also
add a _tx to gsm0808_cipher_mode():
* add msc_gsm0808_tx_cipher_mode() (dummy/stub)
* add msc_gsm48_tx_mm_serv_ack()
* add msc_gsm48_tx_mm_serv_rej()
Call these from libmsc instead of
* gsm0808_cipher_mode()
* gsm48_tx_mm_serv_ack()
* gsm48_tx_mm_serv_rej()
Also add a comment related to msc_gsm0808_tx_cipher_mode() in two places.

Remove internal RTP streaming code; OsmoNITB supported that, but for OsmoMSC,
this will be done with an external MGCP gateway.

Remove LCHAN_MODIFY from internal MNCC state machine.

Temporarily disable all paging to be able to link libmsc without libbsc.
Skip the paging part of channel_test because the paging is now disabled.
Employ fake paging shims in order for msc_vlr_tests to still work.

msc_compl_l3(): publish in .h, tweak return value.  Use new libmsc enum values
for return val, to avoid dependency on libbsc headers.  Make callable from
other scopes: publish in osmo_msc.h and remove 'static' in osmo_msc.c

add gsm_encr to subscr_conn
move subscr_request to gsm_subscriber.h
subscr_request_channel() -> subscr_request_conn()
move to libmsc: osmo_stats_vty_add_cmds()
gsm_04_08: remove apply_codec_restrictions()
gsm0408_test: use NULL for root ctx
move to libbsc: gsm_bts_neighbor()
move to libbsc: lchan_next_meas_rep()
move vty config for t3212 to network level (periodic lu)
remove unneccessary linking from some tests
remove handle_abisip_signal()
abis_rsl.c: don't use libvlr from libbsc

gsm_subscriber_connection: put the LAC here, so that it is available without
accessing conn->bts. In bsc_api.c, place this lac in conn for the sake of
transition: Iu and A will use this new field to pass the LAC around, but in a
completely separate OsmoBSC this is not actually needed. It can be removed
again from osmo-bsc.git when the time has come.

Siemens MRPCI: completely drop sending the MRPCI messages for now, they shall
be added in osmo-bsc once the A-Interface code has settled. See OS#2389.

Related: OS#1845 OS#2257 OS#2389
Change-Id: Id3705236350d5f69e447046b0a764bbabc3d493c
2017-08-08 19:17:53 +02:00
Neels Hofmeyr 54a706cf92 vlr: LU FSM: enable Retrieve_IMEISV_If_Required
Change-Id: I121b95ad6d5ecb7603815eece2b43008de487a8a
2017-08-07 16:52:25 +02:00
Neels Hofmeyr 853883d1f6 osmo-nitb: change default db name to sms.db
libvlr now delegates subscriber management to osmo-hlr, so the database no
longer represents a HLR. It basically only stores SMS, so reflect that fact in
the default database name.

Change-Id: I3289d68d3eb63aff940b48a25b584d5e83cd0197
2017-07-23 04:30:44 +02:00
Neels Hofmeyr 6a29d326e0 Add msc_vlr test suite for MSC+VLR end-to-end tests
Change-Id: If0e7cf20b9d1eac12126955b2f5f02bd8f1192cd
2017-07-23 04:30:05 +02:00
Harald Welte 2483f1b050 Use libvlr in libmsc (large refactoring)
Original libvlr code is by Harald Welte <>,
polished and tweaked by Neels Hofmeyr <>.

This is a long series of trial-and-error development collapsed in one patch.
This may be split in smaller commits if reviewers prefer that. If we can keep
it as one, we have saved ourselves the additional separation work.


The SQL based lookup of SMS for attached subscribers no longer works since the
SQL database no longer has the subscriber data. Replace with a round-robin on
the SMS recipient MSISDNs paired with a VLR subscriber RAM lookup whether the
subscriber is currently attached.

If there are many SMS for not-attached subscribers in the SMS database, this
will become inefficient: a DB hit returns a pending SMS, the RAM lookup will
reveal that the subscriber is not attached, after which the DB is hit for the
next SMS. It would become more efficient e.g. by having an MSISDN based hash
list for the VLR subscribers and by marking non-attached SMS recipients in the
SMS database so that they can be excluded with the SQL query already.

There is a sanity limit to do at most 100 db hits per attempt to find a pending
SMS. So if there are more than 100 stored SMS waiting for their recipients to
actually attach to the MSC, it may take more than one SMS queue trigger to
deliver SMS for subscribers that are actually attached.

This is not very beautiful, but is merely intended to carry us over to a time
when we have a proper separate SMSC entity.

Introduce gsm_subscriber_connection ref-counting in libmsc.

Remove/Disable VTY and CTRL commands to create subscribers, which is now a task
of the OsmoHLR. Adjust the python tests accordingly.

Remove VTY cmd subscriber-keep-in-ram.

Use OSMO_GSUP_PORT = 4222 instead of 2222. See

So far use the LAC from conn->bts, will be replaced by conn->lac in

Related: OS#1592 OS#1974
Change-Id: I639544a6cdda77a3aafc4e3446a55393f60e4050
2017-07-23 04:08:43 +02:00
Neels Hofmeyr 625e05a6b2 fix make distcheck with python tests
- bscs.config needed by the vty tests was not picked up as a dist file, because
  its suffix is not 'cfg'. Rename to *.cfg. Apply this rename in and osmo-bsc_nat.cfg.
- Remove restart counters after external tests, otherwise distcheck complains
  about uncleaned files.
- Add contrib/ to EXTRA_DIST, hence add a to contrib/.
  Otherwise the python tests cannot find that dependency.

Change-Id: I42b55cb1125099afc3a8e3f87c0e398426b2e2a9
2017-07-21 03:39:38 +02:00
Neels Hofmeyr 29b9206e80 move openbsc/* to repos root
This is the first step in creating this repository from the legacy openbsc.git.

Like all other Osmocom repositories, keep the autoconf and automake files in
the repository root. openbsc.git has been the sole exception, which ends now.

Change-Id: I9c6f2a448d9cb1cc088cf1cf6918b69d7e69b4e7
2017-07-12 23:17:10 +00:00
Harald Welte 13e10daa33 move openbsc into its own subdirectory 2009-06-10 05:40:52 +08:00
Holger Freyther c7b86f9011 Revert "[db] Keep track of the current gsm_network"
This was a stupid decision. We will have to assign the
network at some other place. The problem will be a problem
when we have two gsm_networks in one process and the same
subscriber is traveling in both networks.
2009-06-06 13:54:20 +00:00
Holger Freyther 535abf2f40 [tests] Do no free objects that are allocated on the stack
gcc4.4 warns about these kind of objects. Fix that.
2009-06-06 13:54:02 +00:00
Harald Welte 04d3c9224f An application that has own events and file descriptors, must poll
select function ob libbsc. A "polling" flag is used to enable polling.
In this case select() will not sleep until file descriptor events occurr
or nearest timer expires. Also a return value will indicate if there was
an event that has been handled. If there was an event, the application
decides to poll again and don't wait.

In case for bsc_hack, the polling flag is not set. select will sleep as

(Andreas Eversberg)
2009-05-23 06:07:04 +00:00
Harald Welte ff117a8d11 * rename the timer functions to avoid name collisions with libmisdn.
* the return value of bsc_update_timers() is required for applications to find out if a timer was fired
(Andreas Eversberg)
2009-05-23 05:22:08 +00:00
Harald Welte 12247c6713 Fix compilation issues on OS X - mainly #include file changes (Lars Immisch) 2009-05-21 07:23:02 +00:00
Holger Freyther 36650b872f [db] Keep track of the current gsm_network 2009-04-19 06:35:16 +00:00
Holger Freyther bab9cd9a27 [tests] Change the db_test to link to the libopenbsc.a
This should keep the test compiling in the future. It will
link to the libopenbsc.a to get all symbols. We do this in
the other tests too.
2009-04-12 05:37:07 +00:00
Harald Welte 7e310b12ff Store incoming SMS into SQL database
* gsm_util now uses caller-allocated data (rather than callee-allocated)
* correctly parse destination address
* parse (but not transcode) non-default encodings of SMS
* reject SMS to unknown destination number
* resolve target subscriber id and store incoming SMS (without header) in 'sms' table

What we're now missing is the sending part, i.e. a regular task iterating over
all pending SMS and trying to deliver them.  Also, check for pending SMS once
2009-03-30 20:56:32 +00:00
Holger Freyther 59da07bd0e [sms] Add test case for the 7-bit coding/decoding...
we don't pass it yet.
2009-02-23 00:50:38 +00:00
Holger Freyther 73e61c4cd6 [sms] Remove hardcoded size and use the SIZE_OF trick.. 2009-02-23 00:50:34 +00:00
Holger Freyther 3281f6e233 [build] Create a libbsc.a as noinst_LIBRARY, link bsc_hack and tests against it
Link the tests against the libbsc.a to avoid most of the breakage
when creating new symbols.
2009-02-20 18:33:00 +00:00
Holger Freyther 0df0f87740 [misc] Another set of build fixes...
We should compile the src into an archive file and
then link to it.
2009-02-11 00:33:51 +00:00
Holger Freyther a6cd26cdae [tests] Fix building... add another stub... 2009-02-10 23:36:57 +00:00
Holger Freyther 72b250b779 [tests] Fix the tests... link again 2009-02-06 22:16:52 +00:00
Holger Freyther fde3114fb5 [tests] build fix 2009-01-27 19:09:38 +00:00
Holger Freyther 5f234e4f3a Add test case that is not registering the timer again
yesterday's crash with the llist_del instead of using del_timer
was due this kind of bug. Add a test case.
2009-01-04 03:45:13 +00:00
Holger Freyther 12aa50d5a2 Change the subscriber and database backend
gsm_subscriber is now refcounted, the db backend is leaking
a lot less, db_get_subscriber will allocate the subscr record
now, subscr_* will look up a subscriber in the list of currently
active subscribers and add an ref to this one.

The db test cases pass, more testing will be when next to the bts
2009-01-01 18:02:05 +00:00
Holger Freyther 67b4b9a017 Do not call rsl_chan_release directly but use the use_count of the lchan
Call use_lchan early in allocate_loc_updating_req, do not directly call
rsl_chan_release but go through channel alloc to take the use_count into
2009-01-01 03:46:11 +00:00
Holger Freyther dbede4e414 Move the db_test.c to a specific test directory 2008-12-31 23:25:05 +00:00
Holger Freyther 6dbca34bd3 Make the test compile again 2008-12-31 23:24:37 +00:00
Daniel Willmann 6fe997e9dd Implement sending SMS and send one on network registration 2008-12-29 04:20:41 +00:00
Daniel Willmann 471712b133 ACK sms-submit 2008-12-29 01:54:02 +00:00
Holger Freyther aa0fb362c0 Add stubs to test gsm0408 functionality including LAI 2008-12-28 21:55:40 +00:00
Daniel Willmann 6e6143e292 Add second test SMS 2008-12-28 21:38:26 +00:00
Harald Welte 255539c742 working state up to location update and classmark inquiry 2008-12-28 02:26:27 +00:00
Daniel Willmann fdd0a6c157 Add SMS (GSM 04.11) testing program 2008-12-28 01:51:14 +00:00
Daniel Willmann 8b3390effd Start implementing GSM 04.11 (short message service) 2008-12-28 00:31:09 +00:00
Daniel Willmann f3c8e11336 sms.txt: Analyze CP-DATA, RP-DATA, TPDU 2008-12-27 23:37:16 +00:00
Harald Welte a6eb9f0213 sms 2008-12-27 21:46:23 +00:00
Holger Freyther 5ee72eeeb1 Prefix debug symbols with debug_ to reduce the namesapce pollution 2008-12-27 12:46:49 +00:00
Holger Freyther d546e31628 Add code to parse a debug category string
Use strdup to be able to use strtok on the category string and add
a test case. Also safe some more information to be able to use color
in the print statement.
2008-12-27 12:03:07 +00:00
Holger Freyther 42f50bb3ee Make the test timer a noinst program 2008-12-27 12:03:04 +00:00
Holger Freyther 5f75598c28 Introduce a simple timer API....
One can use add_timer or schedule_timer to add a timer. After
the timeout time has been reached the callback will be called.
One can call add_time/schedule_timer and del_timer from within
the callback.
2008-12-27 09:42:59 +00:00