Don't call msc_subscr_con_free() directly, instead use
gsm0408_clear_request(), which properly cleans up all pending operations
before freeing the connection.
By having conn->in_release == 1, calling msc_release_connection() has no
effect and thus never frees the conn. So, after all pending requests have
been discarded, also discard and free the unused connection.
In gsm04_08_clear_request(), in_release == 1 anyway and
msc_release_connection() would exit immediately without any effect. Don't
confuse the reader by passing release=1 arg.
Subscriber conn stuff doesn't really belong in gsm_subscriber.c.
(I moved because I thought it would call some static functions in gsm_04_08.c,
which ended up not being the case; anyway, it makes more sense to stay in
gsm_04_08.c.)
In NITB, the paging timeout would be handled from the BSC side. In IuCS, we
need to invalidate the paging request from libmsc alone, so add a paging timer
to gsm_subscriber.
Possibly, the HNB-GW should respond with a paging failure and libmsc could
trigger on that, nevertheless libmsc should not rely on a failure message to
expire pending pagings.
Make sure that subscr and conn are valid:
* a subscr must always be present.
* on success, a conn must be present and the subscr must match the conn's
subscr.
Also check the hooknum.
This reverts commit 6f4e83beb0, but note:
this is not a 1:1 revert since the subscr_paging_sec_cb() semantics have changed.
In subscr_paging_dispatch(), the separate subscr parameter is needed in cases
where paging expired and there is no conn available.
For subscr_paging_sec_cb(), a conn must always be available. Hence it avoids
any duplicity by only passing the conn and deriving the subscr from that.
Callers of subscr_paging_sec_cb() pass NULL as param, so pass conn->subscr when
calling subscr_paging_dispatch() from subscr_paging_sec_cb().
During peliminary paging response testing, I introduced some code duplication.
Remove that and instead call the code that was there before 63b99ced83
("add preliminary paging response handling, incomplete").
By calling the gsm_subscriber API, the connection is also secured and hence
Integrity Protection is enabled for IuCS.
Before this, any paging response would be accepted by the CN, without
checking the database whether the subscriber is in fact authorized.
The probability that a subscriber would be able to take unauthorized action
is slim, nevertheless checking authorization status with the database should
happen before we accept a connection.
Remove one layer of callback indirection in paging. When a paging response
arrives, we always want to first secure the connection, thus a fixed
subscr_rx_paging_response() function is more appropriate and avoids having
to store a cbfn. The actual actions to be taken upon successful paging are
of course still in callback functions stored with each subscriber.
It doesn't really hurt to see whether we have paging responses queued for
a given subscriber. Possibly a subscriber replied with a paging response
later than we assumed the paging to be valid.
Rename subscr_request_channel() to _conn() and remove the channel_type arg.
The "channel" is a term from closely tied MSC+BSC code, after separation we
shall call it a "connection", i.e. over IuCS or A.
The channel_type arg is already unused from a previous MSCSPLIT commit.
Add function subscr_authorized(), absorbing the guts of static
authorize_subscriber() from gsm_04_08.c, except the parts specific to Location
Updating.
subscr_authorized() is a check that is to be added to validation of a paging
response.
Remove legacy code from the original NITB version -- the SMPP init functions
have since been refactored in 1b0e5540db.
Add SMPP initialization in the refactored version: call the alloc_init
before reading config file, and call start with the global network struct
after config is read.
There are different Iu dialects in terms of encoding the
transport layer address inside RAB Assignment req + resp.
Let's be liberal in what we accept, and simply use the length
as an indicator of the format. Wireshark uses similar heuristics.
When the RNC confirms the RAB Assignment, it can each time indicate a
new TEID for the GTP-U endpoint on the RNC side. We need to update our
information about the PDP context and include that in the UPDATE PDP
CONTEXT that we're sending towards the GGSN. This is similar to
updating the RNC-side IP address of the GTP endpoint.
When we send the RAB Assignment Request to the RNC, we need
to tell it the GGSN-side TEI for data, not "our" (SGSN side)
TEID.
In the RAB-Assignment.req we inform the RNC of the TEID on the GGSN
side, and in the RAB-Assignment.resp the RNC informs us of the TEID
on the RNC side.
When receiving an RAB-Assignment response from the RNC,
we should use the RAB ID (=NSAPI) to resolve the PDP context.
We cannot use the TEID, as the TEID chosen by the RNC for this RAB has
no relationship to the TEID we were using for the RAB-Assignment
request. TEIDs are local to each of the peer, like UDP port numbers.
When starting with empty config file, saving it by 'write file',
and then re-starting osmo-cscn, it would complain:
Error occurred during reading below line:
long name Osmocom Circuit-Switched Core Network
The problem is that the vty parser is configured to expect a single
token and not a list of tokens here, but we initialize the default value
with multiple words (which are treated as separate token).
In handle_paging_response(), don't check conn against NULL after using it all
the time anyway.
To ensure beyond doubt that it is actually never NULL, assert conn further up
in the call stack, i.e. in gsm0408_dispatch(), the main entry point for
receiving data from the BSC/RNC level. Also assert msg while at it.
Fixes: CID#93769
In gsm_04_08.c, add a static handle_paging_resp() to take over from the libbsc
function gsm48_handle_paging_resp(). Use the subscr->requests listing to handle
a Paging Response and call the pending cbfn.
In NITB, this used to be done via BTS, and I haven't entirely resolved yet how
exactly to rewire this in standalone libmsc. So far, this "works for me", but
is worth another visit.
Still missing: enable Integrity Protection.
Factor out hardcoded-Ki and auth tuple creation into a static function.
Add generation of fresh random bytes and generate a valid auth tuple so that
the authentication token is different for every MM Auth.
