osmo-pcu/src/gprs_bssgp_pcu.c

1365 lines
40 KiB
C
Raw Normal View History

/* gprs_bssgp_pcu.cpp
*
* Copyright (C) 2012 Ivan Klyuchnikov
* Copyright (C) 2013 by Holger Hans Peter Freyther
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#include <gprs_rlcmac.h>
#include <gprs_bssgp_pcu.h>
#include <gprs_bssgp_rim.h>
#include <pcu_l1_if.h>
#include <gprs_debug.h>
#include <bts.h>
#include <tbf.h>
#include <coding_scheme.h>
#include <pdch.h>
#include <decoding.h>
#include <osmocom/gprs/gprs_ns2.h>
#include <osmocom/gsm/protocol/gsm_23_003.h>
#include <osmocom/gprs/protocol/gsm_08_16.h>
#include <osmocom/core/utils.h>
#include <osmocom/core/stats.h>
#include <osmocom/gsm/gsm48.h>
#include "coding_scheme.h"
#include "tbf_dl.h"
#include "llc.h"
#include "gprs_rlcmac.h"
#include "bts_pch_timer.h"
/* Tuning parameters for BSSGP flow control */
#define FC_DEFAULT_LIFE_TIME_SECS 10 /* experimental value, 10s */
#define FC_MS_BUCKET_SIZE_BY_BMAX(bmax) ((bmax) / 2 + 500) /* experimental */
#define FC_FALLBACK_BVC_BUCKET_SIZE 2000 /* e.g. on R = 0, value taken from PCAP files */
#define FC_MS_MAX_RX_SLOTS 4 /* limit MS default R to 4 TS per MS */
/* Constants for BSSGP flow control */
#define FC_MAX_BUCKET_LEAK_RATE (6553500 / 8) /* Byte/s */
#define FC_MAX_BUCKET_SIZE 6553500 /* Octets */
extern void *tall_pcu_ctx;
extern uint16_t spoof_mcc, spoof_mnc;
extern bool spoof_mnc_3_digits;
static const struct rate_ctr_desc sgsn_ctr_description[] = {
[SGSN_CTR_RX_PAGING_CS] = { "rx_paging_cs", "Amount of paging CS requests received" },
[SGSN_CTR_RX_PAGING_PS] = { "rx_paging_ps", "Amount of paging PS requests received" },
};
static const struct rate_ctr_group_desc sgsn_ctrg_desc = {
.group_name_prefix = "pcu:sgsn",
.group_description = "SGSN Statistics",
.class_id = OSMO_STATS_CLASS_SUBSCRIBER,
.num_ctr = ARRAY_SIZE(sgsn_ctr_description),
.ctr_desc = sgsn_ctr_description,
};
static void bvc_timeout(void *_priv);
static int parse_ra_cap(struct tlv_parsed *tp, MS_Radio_Access_capability_t *rac)
{
struct bitvec *block;
uint8_t cap_len;
uint8_t *cap;
memset(rac, 0, sizeof(*rac));
if (!TLVP_PRESENT(tp, BSSGP_IE_MS_RADIO_ACCESS_CAP))
return -EINVAL;
cap_len = TLVP_LEN(tp, BSSGP_IE_MS_RADIO_ACCESS_CAP);
cap = (uint8_t *) TLVP_VAL(tp, BSSGP_IE_MS_RADIO_ACCESS_CAP);
LOGP(DBSSGP, LOGL_DEBUG, "Got BSSGP RA Capability of size %d\n", cap_len);
block = bitvec_alloc(cap_len, tall_pcu_ctx);
bitvec_unpack(block, cap);
/* TS 24.008, 10.5.5.12a */
decode_gsm_ra_cap(block, rac);
bitvec_free(block);
return 0;
}
static int gprs_bssgp_pcu_rx_dl_ud(struct msgb *msg, struct tlv_parsed *tp)
{
struct bssgp_ud_hdr *budh;
uint32_t tlli;
uint32_t tlli_old = GSM_RESERVED_TMSI;
uint8_t *data;
uint16_t len;
uint8_t ms_class = 0;
uint8_t egprs_ms_class = 0;
int rc;
MS_Radio_Access_capability_t rac;
/* TODO: is it really necessary to initialize this as a "000" IMSI? It seems, the function should just return an
* error if no IMSI IE was found. */
struct osmo_mobile_identity mi_imsi = {
.type = GSM_MI_TYPE_TMSI,
};
OSMO_STRLCPY_ARRAY(mi_imsi.imsi, "000");
budh = (struct bssgp_ud_hdr *)msgb_bssgph(msg);
tlli = ntohl(budh->tlli);
/* LLC_PDU is mandatory IE */
if (!TLVP_PRESENT(tp, BSSGP_IE_LLC_PDU))
{
LOGP(DBSSGP, LOGL_NOTICE, "BSSGP TLLI=0x%08x Rx UL-UD missing mandatory IE\n", tlli);
return bssgp_tx_status(BSSGP_CAUSE_MISSING_MAND_IE, NULL, msg);
}
data = (uint8_t *) TLVP_VAL(tp, BSSGP_IE_LLC_PDU);
len = TLVP_LEN(tp, BSSGP_IE_LLC_PDU);
if (len > LLC_MAX_LEN)
{
LOGP(DBSSGP, LOGL_NOTICE, "BSSGP TLLI=0x%08x Rx UL-UD IE_LLC_PDU too large\n", tlli);
return bssgp_tx_status(BSSGP_CAUSE_COND_IE_ERR, NULL, msg);
}
/* read IMSI. if no IMSI exists, use first paging block (any paging),
* because during attachment the IMSI might not be known, so the MS
* will listen to all paging blocks. */
if (TLVP_PRESENT(tp, BSSGP_IE_IMSI))
{
rc = osmo_mobile_identity_decode(&mi_imsi, TLVP_VAL(tp, BSSGP_IE_IMSI), TLVP_LEN(tp, BSSGP_IE_IMSI),
true);
if (rc < 0 || mi_imsi.type != GSM_MI_TYPE_IMSI) {
LOGP(DBSSGP, LOGL_NOTICE, "Failed to parse IMSI IE (rc=%d)\n", rc);
return bssgp_tx_status(BSSGP_CAUSE_COND_IE_ERR, NULL, msg);
}
}
/* parse ms radio access capability */
if (parse_ra_cap(tp, &rac) >= 0) {
/* Get the EGPRS class from the RA capability */
ms_class = get_ms_class_by_capability(&rac);
egprs_ms_class = get_egprs_ms_class_by_capability(&rac);
LOGP(DBSSGP, LOGL_DEBUG, "Got downlink MS class %d/%d\n",
ms_class, egprs_ms_class);
}
/* get lifetime */
uint16_t delay_csec = 0xffff;
if (TLVP_PRESENT(tp, BSSGP_IE_PDU_LIFETIME))
{
uint8_t lt_len = TLVP_LEN(tp, BSSGP_IE_PDU_LIFETIME);
if (lt_len == 2)
delay_csec = tlvp_val16be(tp, BSSGP_IE_PDU_LIFETIME);
else
LOGP(DBSSGP, LOGL_NOTICE, "BSSGP invalid length of "
"PDU_LIFETIME IE\n");
} else
LOGP(DBSSGP, LOGL_NOTICE, "BSSGP missing mandatory "
"PDU_LIFETIME IE\n");
/* get optional TLLI old */
if (TLVP_PRESENT(tp, BSSGP_IE_TLLI))
{
uint8_t tlli_len = TLVP_LEN(tp, BSSGP_IE_PDU_LIFETIME);
if (tlli_len == 2)
tlli_old = tlvp_val16be(tp, BSSGP_IE_TLLI);
else
LOGP(DBSSGP, LOGL_NOTICE, "BSSGP invalid length of "
"TLLI (old) IE\n");
}
LOGP(DBSSGP, LOGL_INFO, "LLC [SGSN -> PCU] = TLLI: 0x%08x IMSI: %s len: %d\n", tlli, mi_imsi.imsi, len);
return dl_tbf_handle(the_pcu->bssgp.bts, tlli, tlli_old, mi_imsi.imsi,
ms_class, egprs_ms_class, delay_csec, data, len);
}
Optimize PAGING-CS PDCH set selection when target MS is known Before this patch, when a PAGING-GS was received in PCU from SGSN, it would always forward the paging request to all PDCHs in all TRXs of all BTS (well, it did some heuristics to avoid sending it in some PDCHs where onyl repeated TBFs would be listening). The previous behavior, didn't make much sense in the case where the PCU is asked to page an MS which it knows (ie in which PDCHs is listening to). Hence, in that case it makes sense to simply send the paging request on 1 PDCH where the MS is listening, instead of sending it in a big set of different PDCHs. This commit also splits the old get_paging_mi() helper which was erroneously created to parseboth CS/PS-PAGING requesst, since they actually use a different set of target subscriber information (for instance, CS-PAGING provides optionally a TLLI, and one provides P-TMSI while the other provides TMSI). In this patch, the handling of CS paging request is split into 2 parts: 1- A new helper "struct paging_req_cs" is introduced, where incoming CS-PAGING requests (from both SGSN over BSSGP and BTS/BSC over PCUIF) are parsed and information stored. Then, from available information, it tries to find a target MS if avaialable 2- bts_add_paging() is called from both BSSGP and PCUIF paths with the helper struct and the target MS (NULL if not found). If MS exists, paging is forwarding only on 1 PDCH that MS is attached to. If no MS exists, then the old heursitics are used to forward the request to all MS. Change-Id: Iea46d5321a29d800813b1aa2bf4ce175ce45e2cf
2021-05-13 15:44:51 +00:00
/* 3GPP TS 48.018 Table 10.3.2. Returns 0 on success, suggested BSSGP cause otherwise */
static unsigned int get_paging_cs_mi(struct paging_req_cs *req, const struct tlv_parsed *tp)
{
int rc;
req->chan_needed = tlvp_val8(tp, BSSGP_IE_CHAN_NEEDED, 0);
if (!TLVP_PRESENT(tp, BSSGP_IE_IMSI)) {
LOGP(DBSSGP, LOGL_ERROR, "IMSI Mobile Identity mandatory IE not found\n");
return BSSGP_CAUSE_MISSING_MAND_IE;
}
rc = osmo_mobile_identity_decode(&req->mi_imsi, TLVP_VAL(tp, BSSGP_IE_IMSI),
TLVP_LEN(tp, BSSGP_IE_IMSI), true);
if (rc < 0 || req->mi_imsi.type != GSM_MI_TYPE_IMSI) {
LOGP(DBSSGP, LOGL_ERROR, "Invalid IMSI Mobile Identity\n");
return BSSGP_CAUSE_INV_MAND_INF;
}
req->mi_imsi_present = true;
/* TMSI is optional */
Optimize PAGING-CS PDCH set selection when target MS is known Before this patch, when a PAGING-GS was received in PCU from SGSN, it would always forward the paging request to all PDCHs in all TRXs of all BTS (well, it did some heuristics to avoid sending it in some PDCHs where onyl repeated TBFs would be listening). The previous behavior, didn't make much sense in the case where the PCU is asked to page an MS which it knows (ie in which PDCHs is listening to). Hence, in that case it makes sense to simply send the paging request on 1 PDCH where the MS is listening, instead of sending it in a big set of different PDCHs. This commit also splits the old get_paging_mi() helper which was erroneously created to parseboth CS/PS-PAGING requesst, since they actually use a different set of target subscriber information (for instance, CS-PAGING provides optionally a TLLI, and one provides P-TMSI while the other provides TMSI). In this patch, the handling of CS paging request is split into 2 parts: 1- A new helper "struct paging_req_cs" is introduced, where incoming CS-PAGING requests (from both SGSN over BSSGP and BTS/BSC over PCUIF) are parsed and information stored. Then, from available information, it tries to find a target MS if avaialable 2- bts_add_paging() is called from both BSSGP and PCUIF paths with the helper struct and the target MS (NULL if not found). If MS exists, paging is forwarding only on 1 PDCH that MS is attached to. If no MS exists, then the old heursitics are used to forward the request to all MS. Change-Id: Iea46d5321a29d800813b1aa2bf4ce175ce45e2cf
2021-05-13 15:44:51 +00:00
req->mi_tmsi_present = false;
if (TLVP_PRESENT(tp, BSSGP_IE_TMSI)) {
/* Be safe against an evil SGSN - check the length */
if (TLVP_LEN(tp, BSSGP_IE_TMSI) != GSM23003_TMSI_NUM_BYTES) {
LOGP(DBSSGP, LOGL_NOTICE, "TMSI IE has odd length (!= 4)\n");
return BSSGP_CAUSE_COND_IE_ERR;
}
/* NOTE: TMSI (unlike IMSI) IE comes without MI type header */
req->mi_tmsi = (struct osmo_mobile_identity){
.type = GSM_MI_TYPE_TMSI,
};
req->mi_tmsi.tmsi = osmo_load32be(TLVP_VAL(tp, BSSGP_IE_TMSI));
req->mi_tmsi_present = true;
}
if (TLVP_PRESENT(tp, BSSGP_IE_TLLI))
req->tlli = osmo_load32be(TLVP_VAL(tp, BSSGP_IE_TLLI));
else
req->tlli = GSM_RESERVED_TMSI;
return 0;
}
static int gprs_bssgp_pcu_rx_paging_cs(struct msgb *msg, const struct tlv_parsed *tp)
{
struct paging_req_cs req;
struct gprs_rlcmac_bts *bts;
struct GprsMs *ms;
int rc;
rate_ctr_inc(rate_ctr_group_get_ctr(the_pcu->bssgp.ctrs, SGSN_CTR_RX_PAGING_CS));
Optimize PAGING-CS PDCH set selection when target MS is known Before this patch, when a PAGING-GS was received in PCU from SGSN, it would always forward the paging request to all PDCHs in all TRXs of all BTS (well, it did some heuristics to avoid sending it in some PDCHs where onyl repeated TBFs would be listening). The previous behavior, didn't make much sense in the case where the PCU is asked to page an MS which it knows (ie in which PDCHs is listening to). Hence, in that case it makes sense to simply send the paging request on 1 PDCH where the MS is listening, instead of sending it in a big set of different PDCHs. This commit also splits the old get_paging_mi() helper which was erroneously created to parseboth CS/PS-PAGING requesst, since they actually use a different set of target subscriber information (for instance, CS-PAGING provides optionally a TLLI, and one provides P-TMSI while the other provides TMSI). In this patch, the handling of CS paging request is split into 2 parts: 1- A new helper "struct paging_req_cs" is introduced, where incoming CS-PAGING requests (from both SGSN over BSSGP and BTS/BSC over PCUIF) are parsed and information stored. Then, from available information, it tries to find a target MS if avaialable 2- bts_add_paging() is called from both BSSGP and PCUIF paths with the helper struct and the target MS (NULL if not found). If MS exists, paging is forwarding only on 1 PDCH that MS is attached to. If no MS exists, then the old heursitics are used to forward the request to all MS. Change-Id: Iea46d5321a29d800813b1aa2bf4ce175ce45e2cf
2021-05-13 15:44:51 +00:00
if ((rc = get_paging_cs_mi(&req, tp)) > 0)
return bssgp_tx_status((enum gprs_bssgp_cause) rc, NULL, msg);
/* We need to page all BTSs since even if a BTS has a matching MS, it
* may have already moved to a newer BTS. On Each BTS, if the MS is
* known, then bts_add_paging() can optimize and page only on PDCHs the
* target MS is using. */
llist_for_each_entry(bts, &the_pcu->bts_list, list) {
/* TODO: Match by TMSI before IMSI if present?! */
ms = bts_ms_by_tlli(bts, req.tlli, req.tlli);
if (!ms && req.mi_imsi_present)
ms = bts_ms_by_imsi(bts, req.mi_imsi.imsi);
bts_add_paging(bts, &req, ms);
}
return 0;
}
/* Returns 0 on success, suggested BSSGP cause otherwise */
Optimize PAGING-CS PDCH set selection when target MS is known Before this patch, when a PAGING-GS was received in PCU from SGSN, it would always forward the paging request to all PDCHs in all TRXs of all BTS (well, it did some heuristics to avoid sending it in some PDCHs where onyl repeated TBFs would be listening). The previous behavior, didn't make much sense in the case where the PCU is asked to page an MS which it knows (ie in which PDCHs is listening to). Hence, in that case it makes sense to simply send the paging request on 1 PDCH where the MS is listening, instead of sending it in a big set of different PDCHs. This commit also splits the old get_paging_mi() helper which was erroneously created to parseboth CS/PS-PAGING requesst, since they actually use a different set of target subscriber information (for instance, CS-PAGING provides optionally a TLLI, and one provides P-TMSI while the other provides TMSI). In this patch, the handling of CS paging request is split into 2 parts: 1- A new helper "struct paging_req_cs" is introduced, where incoming CS-PAGING requests (from both SGSN over BSSGP and BTS/BSC over PCUIF) are parsed and information stored. Then, from available information, it tries to find a target MS if avaialable 2- bts_add_paging() is called from both BSSGP and PCUIF paths with the helper struct and the target MS (NULL if not found). If MS exists, paging is forwarding only on 1 PDCH that MS is attached to. If no MS exists, then the old heursitics are used to forward the request to all MS. Change-Id: Iea46d5321a29d800813b1aa2bf4ce175ce45e2cf
2021-05-13 15:44:51 +00:00
static unsigned int get_paging_ps_mi(struct osmo_mobile_identity *mi, const struct tlv_parsed *tp)
{
/* Use TMSI (if present) or IMSI */
if (TLVP_PRESENT(tp, BSSGP_IE_TMSI)) {
/* Be safe against an evil SGSN - check the length */
if (TLVP_LEN(tp, BSSGP_IE_TMSI) != GSM23003_TMSI_NUM_BYTES) {
LOGP(DBSSGP, LOGL_NOTICE, "TMSI IE has odd length (!= 4)\n");
return BSSGP_CAUSE_COND_IE_ERR;
}
/* NOTE: TMSI (unlike IMSI) IE comes without MI type header */
*mi = (struct osmo_mobile_identity){
.type = GSM_MI_TYPE_TMSI,
};
mi->tmsi = osmo_load32be(TLVP_VAL(tp, BSSGP_IE_TMSI));
} else if (TLVP_PRESENT(tp, BSSGP_IE_IMSI)) {
int rc = osmo_mobile_identity_decode(mi, TLVP_VAL(tp, BSSGP_IE_IMSI), TLVP_LEN(tp, BSSGP_IE_IMSI),
true);
if (rc < 0 || mi->type != GSM_MI_TYPE_IMSI) {
LOGP(DBSSGP, LOGL_ERROR, "Invalid IMSI Mobile Identity\n");
return BSSGP_CAUSE_COND_IE_ERR;
}
} else {
LOGP(DBSSGP, LOGL_ERROR, "Neither TMSI IE nor IMSI IE is present\n");
return BSSGP_CAUSE_MISSING_COND_IE;
}
return 0;
}
static int gprs_bssgp_pcu_rx_paging_ps(struct msgb *msg, const struct tlv_parsed *tp)
{
struct osmo_mobile_identity mi_imsi;
struct osmo_mobile_identity paging_mi;
struct gprs_rlcmac_bts *bts;
uint16_t pgroup;
int rc;
rate_ctr_inc(rate_ctr_group_get_ctr(the_pcu->bssgp.ctrs, SGSN_CTR_RX_PAGING_PS));
if (!TLVP_PRESENT(tp, BSSGP_IE_IMSI)) {
LOGP(DBSSGP, LOGL_ERROR, "No IMSI\n");
return bssgp_tx_status(BSSGP_CAUSE_MISSING_MAND_IE, NULL, msg);
}
rc = osmo_mobile_identity_decode(&mi_imsi, TLVP_VAL(tp, BSSGP_IE_IMSI), TLVP_LEN(tp, BSSGP_IE_IMSI), true);
if (rc < 0 || mi_imsi.type != GSM_MI_TYPE_IMSI) {
LOGP(DBSSGP, LOGL_NOTICE, "Failed to parse IMSI IE (rc=%d)\n", rc);
return bssgp_tx_status(BSSGP_CAUSE_INV_MAND_INF, NULL, msg);
}
pgroup = imsi2paging_group(mi_imsi.imsi);
if (pgroup > 999) {
LOGP(DBSSGP, LOGL_NOTICE, "Failed to compute IMSI %s paging group\n", mi_imsi.imsi);
return bssgp_tx_status(BSSGP_CAUSE_INV_MAND_INF, NULL, msg);
}
Optimize PAGING-CS PDCH set selection when target MS is known Before this patch, when a PAGING-GS was received in PCU from SGSN, it would always forward the paging request to all PDCHs in all TRXs of all BTS (well, it did some heuristics to avoid sending it in some PDCHs where onyl repeated TBFs would be listening). The previous behavior, didn't make much sense in the case where the PCU is asked to page an MS which it knows (ie in which PDCHs is listening to). Hence, in that case it makes sense to simply send the paging request on 1 PDCH where the MS is listening, instead of sending it in a big set of different PDCHs. This commit also splits the old get_paging_mi() helper which was erroneously created to parseboth CS/PS-PAGING requesst, since they actually use a different set of target subscriber information (for instance, CS-PAGING provides optionally a TLLI, and one provides P-TMSI while the other provides TMSI). In this patch, the handling of CS paging request is split into 2 parts: 1- A new helper "struct paging_req_cs" is introduced, where incoming CS-PAGING requests (from both SGSN over BSSGP and BTS/BSC over PCUIF) are parsed and information stored. Then, from available information, it tries to find a target MS if avaialable 2- bts_add_paging() is called from both BSSGP and PCUIF paths with the helper struct and the target MS (NULL if not found). If MS exists, paging is forwarding only on 1 PDCH that MS is attached to. If no MS exists, then the old heursitics are used to forward the request to all MS. Change-Id: Iea46d5321a29d800813b1aa2bf4ce175ce45e2cf
2021-05-13 15:44:51 +00:00
if ((rc = get_paging_ps_mi(&paging_mi, tp)) > 0)
return bssgp_tx_status((enum gprs_bssgp_cause) rc, NULL, msg);
/* FIXME: look if MS is attached a specific BTS and then only page on that one? */
llist_for_each_entry(bts, &the_pcu->bts_list, list) {
if (bts_pch_timer_get_by_imsi(bts, mi_imsi.imsi)) {
LOGP(DBSSGP, LOGL_INFO, "PS-Paging request already pending for IMSI=%s\n", mi_imsi.imsi);
bts_do_rate_ctr_inc(bts, CTR_PCH_REQUESTS_ALREADY);
continue;
}
if (gprs_rlcmac_paging_request(bts, &paging_mi, pgroup) < 0)
continue;
bts_pch_timer_start(bts, &paging_mi, mi_imsi.imsi);
}
return 0;
}
/* Receive a BSSGP PDU from a BSS on a PTP BVCI */
static int gprs_bssgp_pcu_rx_ptp(struct msgb *msg, struct tlv_parsed *tp, struct bssgp_bvc_ctx *bctx)
{
struct bssgp_normal_hdr *bgph = (struct bssgp_normal_hdr *) msgb_bssgph(msg);
enum bssgp_pdu_type pdu_type = (enum bssgp_pdu_type) bgph->pdu_type;
int bvci = bctx ? bctx->bvci : -1;
unsigned rc = 0;
if (!bctx)
return -EINVAL;
/* If traffic is received on a BVC that is marked as blocked, the
* received PDU shall not be accepted and a STATUS PDU (Cause value:
* BVC Blocked) shall be sent to the peer entity on the signalling BVC */
if (bctx->state & BVC_S_BLOCKED && pdu_type != BSSGP_PDUT_STATUS)
{
uint16_t bvci = msgb_bvci(msg);
LOGP(DBSSGP, LOGL_NOTICE, "rx BVC_S_BLOCKED\n");
return bssgp_tx_status(BSSGP_CAUSE_BVCI_BLOCKED, &bvci, msg);
}
switch (pdu_type) {
case BSSGP_PDUT_STATUS:
/* already handled in libosmogb */
OSMO_ASSERT(0);
break;
case BSSGP_PDUT_DL_UNITDATA:
LOGP(DBSSGP, LOGL_DEBUG, "Rx BSSGP BVCI=%d (PTP) DL_UNITDATA\n", bvci);
if (the_pcu->bssgp.on_dl_unit_data)
the_pcu->bssgp.on_dl_unit_data(&the_pcu->bssgp, msg, tp);
gprs_bssgp_pcu_rx_dl_ud(msg, tp);
break;
case BSSGP_PDUT_FLOW_CONTROL_BVC_ACK:
case BSSGP_PDUT_FLOW_CONTROL_MS_ACK:
LOGP(DBSSGP, LOGL_DEBUG, "Rx BSSGP BVCI=%d (PTP) %s\n",
bvci, bssgp_pdu_str(pdu_type));
break;
case BSSGP_PDUT_PAGING_CS:
gprs_bssgp_pcu_rx_paging_cs(msg, tp);
break;
case BSSGP_PDUT_PAGING_PS:
gprs_bssgp_pcu_rx_paging_ps(msg, tp);
break;
case BSSGP_PDUT_RA_CAPABILITY:
case BSSGP_PDUT_RA_CAPA_UPDATE_ACK:
LOGP(DBSSGP, LOGL_INFO, "Rx BSSGP BVCI=%d (PTP) PDU type %s not implemented\n",
bvci, bssgp_pdu_str(pdu_type));
break;
/* See TS 08.18 5.4.1 */
case BSSGP_PDUT_SUSPEND:
case BSSGP_PDUT_SUSPEND_ACK:
case BSSGP_PDUT_SUSPEND_NACK:
case BSSGP_PDUT_RESUME:
case BSSGP_PDUT_RESUME_ACK:
case BSSGP_PDUT_RESUME_NACK:
case BSSGP_PDUT_FLUSH_LL:
case BSSGP_PDUT_FLUSH_LL_ACK:
case BSSGP_PDUT_LLC_DISCARD:
case BSSGP_PDUT_BVC_BLOCK:
case BSSGP_PDUT_BVC_BLOCK_ACK:
case BSSGP_PDUT_BVC_UNBLOCK:
case BSSGP_PDUT_BVC_UNBLOCK_ACK:
case BSSGP_PDUT_BVC_RESET:
case BSSGP_PDUT_BVC_RESET_ACK:
case BSSGP_PDUT_SGSN_INVOKE_TRACE:
LOGP(DBSSGP, LOGL_NOTICE, "Rx BSSGP BVCI=%u (PTP) PDU type %s unexpected at PTP\n",
bctx->bvci, bssgp_pdu_str(pdu_type));
rc = bssgp_tx_status(BSSGP_CAUSE_PROTO_ERR_UNSPEC, NULL, msg);
break;
default:
LOGP(DBSSGP, LOGL_NOTICE, "Rx BSSGP BVCI=%u (PTP) PDU type %s unknown\n",
bctx->bvci, bssgp_pdu_str(pdu_type));
rc = bssgp_tx_status(BSSGP_CAUSE_PROTO_ERR_UNSPEC, NULL, msg);
break;
}
return rc;
}
/* Receive a BSSGP PDU from a SGSN on a SIGNALLING BVCI */
static int gprs_bssgp_pcu_rx_sign(struct msgb *msg, struct tlv_parsed *tp, struct bssgp_bvc_ctx *bctx)
{
struct bssgp_normal_hdr *bgph = (struct bssgp_normal_hdr *) msgb_bssgph(msg);
enum bssgp_pdu_type pdu_type = (enum bssgp_pdu_type) bgph->pdu_type;
int rc = 0;
int bvci = bctx ? bctx->bvci : msgb_bvci(msg);
switch (pdu_type) {
case BSSGP_PDUT_STATUS:
/* already handled in libosmogb */
OSMO_ASSERT(0);
break;
case BSSGP_PDUT_SUSPEND_ACK:
case BSSGP_PDUT_RESUME_ACK:
case BSSGP_PDUT_BVC_BLOCK_ACK:
LOGP(DBSSGP, LOGL_DEBUG, "Rx BSSGP BVCI=%d (SIGN) %s\n",
bvci, bssgp_pdu_str(pdu_type));
break;
case BSSGP_PDUT_BVC_RESET_ACK:
LOGP(DBSSGP, LOGL_NOTICE, "Rx BSSGP BVCI=%d (SIGN) BVC_RESET_ACK\n", bvci);
if (!the_pcu->bssgp.bvc_sig_reset)
the_pcu->bssgp.bvc_sig_reset = 1;
else
the_pcu->bssgp.bvc_reset = 1;
bvc_timeout(NULL);
break;
case BSSGP_PDUT_PAGING_CS:
gprs_bssgp_pcu_rx_paging_cs(msg, tp);
break;
case BSSGP_PDUT_PAGING_PS:
gprs_bssgp_pcu_rx_paging_ps(msg, tp);
break;
case BSSGP_PDUT_BVC_UNBLOCK_ACK:
LOGP(DBSSGP, LOGL_NOTICE, "Rx BSSGP BVCI=%d (SIGN) BVC_UNBLOCK_ACK\n", bvci);
the_pcu->bssgp.bvc_unblocked = 1;
if (the_pcu->bssgp.on_unblock_ack)
the_pcu->bssgp.on_unblock_ack(&the_pcu->bssgp);
bvc_timeout(NULL);
break;
case BSSGP_PDUT_SUSPEND_NACK:
case BSSGP_PDUT_RESUME_NACK:
case BSSGP_PDUT_FLUSH_LL:
case BSSGP_PDUT_SGSN_INVOKE_TRACE:
LOGP(DBSSGP, LOGL_INFO, "Rx BSSGP BVCI=%d (SIGN) PDU type %s not implemented\n",
bvci, bssgp_pdu_str(pdu_type));
break;
/* See TS 08.18 5.4.1 */
case BSSGP_PDUT_UL_UNITDATA:
case BSSGP_PDUT_DL_UNITDATA:
case BSSGP_PDUT_RA_CAPABILITY:
case BSSGP_PDUT_PTM_UNITDATA:
case BSSGP_PDUT_RA_CAPA_UDPATE:
case BSSGP_PDUT_RA_CAPA_UPDATE_ACK:
case BSSGP_PDUT_RADIO_STATUS:
case BSSGP_PDUT_FLOW_CONTROL_BVC:
case BSSGP_PDUT_FLOW_CONTROL_BVC_ACK:
case BSSGP_PDUT_FLOW_CONTROL_MS:
case BSSGP_PDUT_FLOW_CONTROL_MS_ACK:
case BSSGP_PDUT_DOWNLOAD_BSS_PFC:
case BSSGP_PDUT_CREATE_BSS_PFC:
case BSSGP_PDUT_CREATE_BSS_PFC_ACK:
case BSSGP_PDUT_CREATE_BSS_PFC_NACK:
case BSSGP_PDUT_MODIFY_BSS_PFC:
case BSSGP_PDUT_MODIFY_BSS_PFC_ACK:
case BSSGP_PDUT_DELETE_BSS_PFC:
case BSSGP_PDUT_DELETE_BSS_PFC_ACK:
LOGP(DBSSGP, LOGL_NOTICE, "Rx BSSGP BVCI=%d (SIGN) PDU type %s unexpected at SIGN\n",
bvci, bssgp_pdu_str(pdu_type));
break;
default:
LOGP(DBSSGP, LOGL_NOTICE, "Rx BSSGP BVCI=%d (SIGN) PDU type %s unknown\n",
bvci, bssgp_pdu_str(pdu_type));
rc = bssgp_tx_status(BSSGP_CAUSE_PROTO_ERR_UNSPEC, NULL, msg);
break;
}
return rc;
}
static int gprs_bssgp_pcu_rcvmsg(struct msgb *msg)
{
struct bssgp_normal_hdr *bgph = (struct bssgp_normal_hdr *) msgb_bssgph(msg);
struct bssgp_ud_hdr *budh = (struct bssgp_ud_hdr *) msgb_bssgph(msg);
struct tlv_parsed tp;
enum bssgp_pdu_type pdu_type = (enum bssgp_pdu_type) bgph->pdu_type;
uint16_t ns_bvci = msgb_bvci(msg), nsei = msgb_nsei(msg);
uint16_t bvci;
int data_len;
int rc = 0;
struct bssgp_bvc_ctx *bctx;
switch (pdu_type) {
case BSSGP_PDUT_STATUS:
/* Pass the message to the generic BSSGP parser, which handles
* STATUS and RESET messages in either direction. */
case BSSGP_PDUT_RAN_INFO:
case BSSGP_PDUT_RAN_INFO_REQ:
case BSSGP_PDUT_RAN_INFO_ACK:
case BSSGP_PDUT_RAN_INFO_ERROR:
case BSSGP_PDUT_RAN_INFO_APP_ERROR:
/* Also pass all RIM related messages to the generic BSSGP
* parser so that it can deliver primitive to the RIM SAP
* (SAP_BSSGP_RIM) */
return bssgp_rcvmsg(msg);
default:
break;
}
/* Identifiers from DOWN: NSEI, BVCI (both in msg->cb) */
/* UNITDATA BSSGP headers have TLLI in front */
if (pdu_type != BSSGP_PDUT_UL_UNITDATA && pdu_type != BSSGP_PDUT_DL_UNITDATA)
{
data_len = msgb_bssgp_len(msg) - sizeof(*bgph);
rc = bssgp_tlv_parse(&tp, bgph->data, data_len);
}
else
{
data_len = msgb_bssgp_len(msg) - sizeof(*budh);
rc = bssgp_tlv_parse(&tp, budh->data, data_len);
}
if (rc < 0) {
LOGP(DBSSGP, LOGL_ERROR, "Failed to parse BSSGP %s message. Invalid message was: %s\n",
bssgp_pdu_str(pdu_type), msgb_hexdump(msg));
return bssgp_tx_status(BSSGP_CAUSE_INV_MAND_INF, NULL, msg);
}
if (pdu_type == BSSGP_PDUT_BVC_RESET) {
if (ns_bvci != BVCI_SIGNALLING || !TLVP_PRESENT(&tp, BSSGP_IE_BVCI)) {
LOGP(DBSSGP, LOGL_ERROR, "Rx an invalid BVC-RESET %s\n", msgb_hexdump(msg));
return bssgp_tx_status(BSSGP_CAUSE_INV_MAND_INF, NULL, msg);
}
bvci = tlvp_val16be(&tp, BSSGP_IE_BVCI);
if (bvci != BVCI_SIGNALLING && bvci != the_pcu->bssgp.bctx->bvci) {
LOGP(DBSSGP, LOGL_ERROR, "Rx BVC-RESET for an unknown BVCI %d\n", bvci);
return bssgp_tx_status(BSSGP_CAUSE_UNKNOWN_BVCI, &bvci, msg);
}
return bssgp_rcvmsg(msg);
}
/* look-up or create the BTS context for this BVC */
bctx = btsctx_by_bvci_nsei(ns_bvci, msgb_nsei(msg));
if (!bctx && ns_bvci != BVCI_SIGNALLING)
{
LOGP(DBSSGP, LOGL_NOTICE, "NSEI=%u/BVCI=%u Rejecting PDU type %s for unknown BVCI\n",
nsei, ns_bvci, bssgp_pdu_str(pdu_type));
return bssgp_tx_status(BSSGP_CAUSE_UNKNOWN_BVCI, NULL, msg);
}
if (bctx)
{
log_set_context(LOG_CTX_GB_BVC, bctx);
rate_ctr_inc(rate_ctr_group_get_ctr(bctx->ctrg, BSSGP_CTR_PKTS_IN));
rate_ctr_add(rate_ctr_group_get_ctr(bctx->ctrg, BSSGP_CTR_BYTES_IN), msgb_bssgp_len(msg));
}
if (ns_bvci == BVCI_SIGNALLING)
{
LOGP(DBSSGP, LOGL_DEBUG, "rx BVCI_SIGNALLING gprs_bssgp_rx_sign\n");
rc = gprs_bssgp_pcu_rx_sign(msg, &tp, bctx);
}
else if (ns_bvci == BVCI_PTM)
{
LOGP(DBSSGP, LOGL_DEBUG, "rx BVCI_PTM bssgp_tx_status\n");
rc = bssgp_tx_status(BSSGP_CAUSE_PDU_INCOMP_FEAT, NULL, msg);
}
else
{
LOGP(DBSSGP, LOGL_DEBUG, "rx BVCI_PTP=%u gprs_bssgp_rx_ptp\n", ns_bvci);
rc = gprs_bssgp_pcu_rx_ptp(msg, &tp, bctx);
}
return rc;
}
static void handle_nm_status(struct osmo_bssgp_prim *bp)
{
enum gprs_bssgp_cause cause;
LOGP(DPCU, LOGL_DEBUG,
"Got NM-STATUS.ind, BVCI=%d, NSEI=%d\n",
bp->bvci, bp->nsei);
if (!TLVP_PRESENT(bp->tp, BSSGP_IE_CAUSE))
return;
cause = (enum gprs_bssgp_cause)*TLVP_VAL(bp->tp, BSSGP_IE_CAUSE);
if (cause != BSSGP_CAUSE_BVCI_BLOCKED &&
cause != BSSGP_CAUSE_UNKNOWN_BVCI)
return;
if (!TLVP_PRESENT(bp->tp, BSSGP_IE_BVCI))
return;
if (the_pcu->bssgp.bctx->bvci != bp->bvci) {
LOGP(DPCU, LOGL_NOTICE,
"Received BSSGP STATUS message for an unknown BVCI (%d), "
"ignored\n",
bp->bvci);
return;
}
switch (cause) {
case BSSGP_CAUSE_BVCI_BLOCKED:
if (the_pcu->bssgp.bvc_unblocked) {
the_pcu->bssgp.bvc_unblocked = 0;
bvc_timeout(NULL);
}
break;
case BSSGP_CAUSE_UNKNOWN_BVCI:
if (the_pcu->bssgp.bvc_reset) {
the_pcu->bssgp.bvc_reset = 0;
bvc_timeout(NULL);
}
break;
default:
break;
}
}