ranap: Take into account RNC availability during paging

Avoid transmitting a RANAP paging message to an RNC if we already know
it's not currently available over SCCP.
Take into account that information when deciding/printing whether the
paging could be sent or not.

Take the chance to clean up the iu paging function helpers inherited
from osmo-iuh iu_client.c to better fit the data domain in osmo-sgsn
(iu_rnc).

Change-Id: I24e5446bcf4c958028577230b231960acea9e5b9

TODO-RELEASE

@@ -11,3 +11,5 @@ libgtp    >1.12.0   new field dir_tun_flags in struct pdp_t
 libgtp    >1.12.0 gtp_set_cb_update_context_ind(), gtp_update_context_resp()
 libosmocore >1.10.0  enum gsm48_gprs_ie_mm: GSM48_IE_GMM_UE_NET_CAP, GSM48_IE_GMM_VD_PREF_UE_USAGE
 libosmo-gsup-client >1.8.0  osmo_gsup_client_is_connected(), osmo_gsup_client_get_rem_addr(), osmo_gsup_client_get_rem_port()
+osmo-iuh >1.7.0 ranap multiple params are constified, see osmo-iuh Change-Id I667dc2ef377c1ceb5b11315458f00b282c143c81
+osmo-iuh >1.7.0 ranap_new_msg_error_ind()

include/osmocom/sgsn/Makefile.am

@@ -28,8 +28,11 @@ noinst_HEADERS = \
 	gtp_ggsn.h \
 	gtp_mme.h \
 	iu_client.h \
+	iu_rnc.h \
+	iu_rnc_fsm.h \
 	mmctx.h \
 	pdpctx.h \
+	sccp.h \
 	sgsn.h \
 	sgsn_rim.h \
 	signal.h \

include/osmocom/sgsn/gprs_ranap.h

@@ -1,30 +1,67 @@
 #pragma once
 
+#include "config.h"
+
 #include <osmocom/core/msgb.h>
 
 #ifdef BUILD_IU
 #include <osmocom/ranap/ranap_ies_defs.h>
 #include <osmocom/ranap/ranap_msg_factory.h>
 #include <osmocom/sgsn/iu_client.h>
+#include <osmocom/sgsn/sccp.h>
 
 struct sgsn_mm_ctx;
 struct sgsn_pdp_ctx;
 
-void activate_pdp_rabs(struct sgsn_mm_ctx *ctx);
+/* struct RANAP_GlobalRNC_ID with a coupled buffer where .buf points to.
+ * Used to easily generate a struct RANAP_GlobalRNC_ID to encode,
+ * see sgsn_ranap_iu_grnc_id_compose(). */
+struct iu_grnc_id {
+	uint8_t plmn_buf[3];
+	struct RANAP_GlobalRNC_ID grnc_id;
+};
+int sgsn_ranap_iu_grnc_id_compose(struct iu_grnc_id *dst, const struct osmo_rnc_id *src);
+
 int sgsn_ranap_iu_event(struct ranap_ue_conn_ctx *ctx, enum ranap_iu_event_type type, void *data);
-int iu_rab_act_ps(uint8_t rab_id, struct sgsn_pdp_ctx *pdp);
 
-/* free the Iu UE context */
-void sgsn_ranap_iu_free(struct sgsn_mm_ctx *ctx);
+int sgsn_ranap_iu_tx(struct msgb *msg, uint8_t sapi);
+int sgsn_ranap_iu_tx_rab_ps_ass_req(struct ranap_ue_conn_ctx *ue_ctx,
+				    uint8_t rab_id, uint32_t gtp_ip, uint32_t gtp_tei);
+int sgsn_ranap_iu_tx_sec_mode_cmd(struct ranap_ue_conn_ctx *uectx, struct osmo_auth_vector *vec,
+			     int send_ck, int new_key);
+int sgsn_ranap_iu_tx_common_id(struct ranap_ue_conn_ctx *ue_ctx, const char *imsi);
 
-/* send a Iu Release Command and free afterwards the UE context */
-void sgsn_ranap_iu_release_free(struct sgsn_mm_ctx *ctx,
-				const struct RANAP_Cause *cause);
+int sgsn_ranap_iu_tx_release(struct ranap_ue_conn_ctx *ctx, const struct RANAP_Cause *cause);
+/* Transmit a Iu Release Command and submit event RANAP_IU_EVENT_IU_RELEASE upon
+ * Release Complete or timeout. Caller is responsible to free the context and
+ * closing the SCCP connection (sgsn_ranap_iu_free_ue) upon recieval of the event. */
+void sgsn_ranap_iu_tx_release_free(struct ranap_ue_conn_ctx *ctx,
+			      const struct RANAP_Cause *cause,
+			      int timeout);
 
-#else /* ifndef BUILD_IU */
-inline static void sgsn_ranap_iu_free(void *ctx) {};
-inline static void sgsn_ranap_iu_release_free(void *ctx, void *cause) {};
-#endif /* BUILD_IU*/
+int sgsn_ranap_iu_tx_cl(struct sgsn_sccp_user_iups *scu_iups,
+			const struct osmo_sccp_addr *dst_addr,
+			struct msgb *msg);
+int sgsn_ranap_iu_tx_error_ind(struct sgsn_sccp_user_iups *scu_iups,
+			       const struct osmo_sccp_addr *dst_addr,
+			       const RANAP_Cause_t *cause);
+
+void sgsn_ranap_iu_handle_co_initial(struct ranap_iu_rnc *iu_rnc,
+				     uint32_t conn_id,
+				     const ranap_message *message);
+void sgsn_ranap_iu_handle_co(struct ranap_ue_conn_ctx *ue_ctx, const ranap_message *message);
+
+/* Entry points from rx SCCP: */
+int sgsn_ranap_iu_rx_cl_msg(struct sgsn_sccp_user_iups *scu_iups,
+			    const struct osmo_scu_unitdata_param *ud_prim,
+			    const uint8_t *data, size_t len);
+int sgsn_ranap_iu_rx_co_initial_msg(struct sgsn_sccp_user_iups *scu_iups,
+				    const struct osmo_sccp_addr *rem_sccp_addr,
+				    uint32_t conn_id,
+				    const uint8_t *data, size_t len);
+int sgsn_ranap_iu_rx_co_msg(struct ranap_ue_conn_ctx *ue_ctx, const uint8_t *data, size_t len);
+
+#endif /* ifdef BUILD_IU */
 
 struct ranap_ue_conn_ctx;
 /* On RANAP, Returns pointer to he associated ranap_ue_conn_ctx in msg, filled

include/osmocom/sgsn/iu_client.h

@@ -14,12 +14,11 @@ struct msgb;
 struct osmo_auth_vector;
 
 struct RANAP_RAB_SetupOrModifiedItemIEs_s;
-struct RANAP_Cause;
 
 struct ranap_iu_rnc;
 
 struct ranap_ue_conn_ctx {
-	struct llist_head list;
+	struct llist_head list; /* item in sgsn_sccp->ue_conn_ctx_list */
 	struct ranap_iu_rnc *rnc;
 	uint32_t conn_id;
 	int integrity_active;
@@ -70,10 +69,12 @@ typedef int (*ranap_iu_event_cb_t)(struct ranap_ue_conn_ctx *ue_ctx,
 typedef int (*ranap_iu_rab_ass_resp_cb_t)(struct ranap_ue_conn_ctx *ue_ctx, uint8_t rab_id,
 					  struct RANAP_RAB_SetupOrModifiedItemIEs_s *setup_ies);
 
-int ranap_iu_init(void *ctx, int log_subsystem, const char *sccp_user_name, struct osmo_sccp_instance *sccp,
-		  ranap_iu_recv_cb_t iu_recv_cb, ranap_iu_event_cb_t iu_event_cb);
+int global_iu_event(struct ranap_ue_conn_ctx *ue_ctx,
+		    enum ranap_iu_event_type type,
+		    void *data);
 
-int ranap_iu_tx(struct msgb *msg, uint8_t sapi);
+
+int ranap_iu_init(void *ctx);
 
 int ranap_iu_page_cs(const char *imsi, const uint32_t *tmsi, uint16_t lac)
 	OSMO_DEPRECATED("Use ranap_iu_page_cs2 instead");
@@ -84,20 +85,11 @@ int ranap_iu_page_ps(const char *imsi, const uint32_t *ptmsi, uint16_t lac, uint
 int ranap_iu_page_cs2(const char *imsi, const uint32_t *tmsi, const struct osmo_location_area_id *lai);
 int ranap_iu_page_ps2(const char *imsi, const uint32_t *ptmsi, const struct osmo_routing_area_id *rai);
 
-int ranap_iu_rab_act(struct ranap_ue_conn_ctx *ue_ctx, struct msgb *msg);
-int ranap_iu_rab_deact(struct ranap_ue_conn_ctx *ue_ctx, uint8_t rab_id);
-int ranap_iu_tx_sec_mode_cmd(struct ranap_ue_conn_ctx *uectx, struct osmo_auth_vector *vec,
-			     int send_ck, int new_key);
-int ranap_iu_tx_common_id(struct ranap_ue_conn_ctx *ue_ctx, const char *imsi);
-int ranap_iu_tx_release(struct ranap_ue_conn_ctx *ctx, const struct RANAP_Cause *cause);
 
-/* Transmit a Iu Release Command and submit event RANAP_IU_EVENT_IU_RELEASE upon
- * Release Complete or timeout. Caller is responsible to free the context and
- * closing the SCCP connection (ranap_iu_free_ue) upon recieval of the event. */
-void ranap_iu_tx_release_free(struct ranap_ue_conn_ctx *ctx,
-			      const struct RANAP_Cause *cause,
-			      int timeout);
+struct ranap_ue_conn_ctx *ue_conn_ctx_alloc(struct ranap_iu_rnc *rnc, uint32_t conn_id);
+
+void ue_conn_ctx_link_invalidated_free(struct ranap_ue_conn_ctx *ue);
 
 /* freeing the UE will release all resources
  * This will close the SCCP connection connected to the UE */
-void ranap_iu_free_ue(struct ranap_ue_conn_ctx *ue_ctx);
+void sgsn_ranap_iu_free_ue(struct ranap_ue_conn_ctx *ue_ctx);

include/osmocom/sgsn/iu_rnc.h

@@ -0,0 +1,57 @@
+#pragma once
+
+#include <stdbool.h>
+#include <stdint.h>
+
+#include <osmocom/core/defs.h>
+#include <osmocom/core/linuxlist.h>
+#include <osmocom/core/fsm.h>
+#include <osmocom/gsm/gsm48.h>
+#include <osmocom/iuh/common.h>
+#include <osmocom/sigtran/sccp_sap.h>
+
+struct iu_lac_rac_entry {
+	struct llist_head entry;
+	struct osmo_routing_area_id rai;
+};
+
+/* A remote RNC (Radio Network Controller, like BSC but for UMTS) that has
+ * called us and is currently reachable at the given osmo_sccp_addr. So, when we
+ * know a LAC for a subscriber, we can page it at the RNC matching that LAC or
+ * RAC. An HNB-GW typically presents itself as if it were a single RNC, even
+ * though it may have several RNCs in hNodeBs connected to it. Those will then
+ * share the same RNC id, which they actually receive and adopt from the HNB-GW
+ * in the HNBAP HNB REGISTER ACCEPT message. */
+struct ranap_iu_rnc {
+	struct llist_head entry;
+
+	struct osmo_rnc_id rnc_id;
+	struct sgsn_sccp_user_iups *scu_iups;
+	struct osmo_sccp_addr sccp_addr;
+	struct osmo_fsm_inst *fi;
+
+	/* A list of struct iu_lac_rac_entry */
+	struct llist_head lac_rac_list;
+};
+
+struct ranap_iu_rnc *iu_rnc_find_or_create(const struct osmo_rnc_id *rnc_id,
+					   struct sgsn_sccp_user_iups *scu_iups,
+					   const struct osmo_sccp_addr *addr);
+
+struct ranap_iu_rnc *iu_rnc_find_by_addr(const struct osmo_sccp_addr *rnc_sccp_addr);
+
+void iu_rnc_update_rai_seen(struct ranap_iu_rnc *rnc, const struct osmo_routing_area_id *rai);
+
+void iu_rnc_discard_all_ue_ctx(struct ranap_iu_rnc *rnc);
+
+int iu_rnc_tx_paging_cmd(struct ranap_iu_rnc *rnc,
+			 const char *imsi,
+			 const uint32_t *tmsi,
+			 bool is_ps,
+			 uint32_t paging_cause);
+
+#define LOG_RNC_CAT(IU_RNC, subsys, loglevel, fmt, args ...) \
+	LOGPFSMSL((IU_RNC)->fi, subsys, loglevel, fmt, ## args)
+
+#define LOG_RNC(IU_RNC, loglevel, fmt, args ...) \
+	LOG_RNC_CAT(IU_RNC, DRANAP, loglevel, fmt, ## args)

include/osmocom/sgsn/iu_rnc_fsm.h

@@ -0,0 +1,37 @@
+#include <stdint.h>
+
+#include <osmocom/core/fsm.h>
+
+#include <osmocom/ranap/ranap_ies_defs.h>
+
+struct ranap_iu_rnc;
+
+enum iu_rnc_state {
+	IU_RNC_ST_WAIT_RX_RESET = 0,
+	IU_RNC_ST_WAIT_RX_RESET_ACK,
+	IU_RNC_ST_READY,
+	IU_RNC_ST_DISCARDING,
+};
+
+struct iu_rnc_ev_msg_up_co_initial_ctx {
+	struct ranap_iu_rnc *rnc;
+	uint32_t conn_id;
+	ranap_message message;
+};
+
+struct iu_rnc_ev_msg_up_co_ctx {
+	struct ranap_ue_conn_ctx *ue_ctx;
+	ranap_message message;
+};
+
+enum iu_rnc_event {
+	IU_RNC_EV_MSG_UP_CO_INITIAL, /* struct iu_rnc_ev_msg_up_co_initial_ctx* */
+	IU_RNC_EV_MSG_UP_CO, /* struct iu_rnc_ev_msg_up_co_ctx* */
+	IU_RNC_EV_RX_RESET, /* no param */
+	IU_RNC_EV_RX_RESET_ACK, /* no param */
+	IU_RNC_EV_MSG_DOWN_CL, /* struct msgb* */
+	IU_RNC_EV_AVAILABLE,
+	IU_RNC_EV_UNAVAILABLE
+};
+
+extern struct osmo_fsm iu_rnc_fsm;

include/osmocom/sgsn/mmctx.h

@@ -1,5 +1,7 @@
 #pragma once
 
+#include "config.h"
+
 #include <stdint.h>
 #include <netinet/in.h>
 #include <inttypes.h>
@@ -289,3 +291,11 @@ uint32_t sgsn_alloc_ptmsi(void);
 
 /* Called on subscriber data updates */
 void sgsn_update_subscriber_data(struct sgsn_mm_ctx *mmctx);
+
+#ifdef BUILD_IU
+struct RANAP_Cause;
+void sgsn_mm_ctx_iu_activate_rabs(struct sgsn_mm_ctx *ctx);
+void sgsn_mm_ctx_iu_ranap_release_free(struct sgsn_mm_ctx *ctx,
+				       const struct RANAP_Cause *cause);
+void sgsn_mm_ctx_iu_ranap_free(struct sgsn_mm_ctx *ctx);
+#endif /* ifdef BUILD_IU */

include/osmocom/sgsn/pdpctx.h

@@ -1,5 +1,7 @@
 #pragma once
 
+#include "config.h"
+
 #include <stdint.h>
 #include <netinet/in.h>
 #include <inttypes.h>
@@ -94,5 +96,10 @@ struct sgsn_pdp_ctx *sgsn_pdp_ctx_alloc(struct sgsn_mm_ctx *mm,
 void sgsn_pdp_ctx_terminate(struct sgsn_pdp_ctx *pdp);
 void sgsn_pdp_ctx_free(struct sgsn_pdp_ctx *pdp);
 
+#ifdef BUILD_IU
+int sgsn_pdp_ctx_iu_rab_activate(struct sgsn_pdp_ctx *pdp, uint8_t rab_id);
+int sgsn_pdp_ctx_iu_rab_deactivate(struct sgsn_pdp_ctx *pdp, uint8_t rab_id);
+#endif /* ifdef BUILD_IU */
+
 char *gprs_pdpaddr2str(uint8_t *pdpa, uint8_t len, bool return_ipv6);
 

include/osmocom/sgsn/sccp.h

@@ -0,0 +1,46 @@
+/* SCCP Handling */
+/* (C) 2025 by sysmocom - s.f.m.c. GmbH <info@sysmocom.de>
+ * All Rights Reserved
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+#pragma once
+
+#include <stdint.h>
+
+#include <osmocom/sigtran/sccp_sap.h>
+
+struct sgsn_instance;
+struct ranap_ue_conn_ctx;
+
+struct sgsn_sccp_user_iups {
+	struct sgsn_instance *sgsn; /* backpointer */
+	struct osmo_sccp_instance *sccp; /* backpointer */
+	struct osmo_sccp_user *scu; /* IuPS */
+	struct osmo_sccp_addr local_sccp_addr;
+	struct llist_head ue_conn_ctx_list; /* list of "struct ranap_ue_conn_ctx" */
+	struct llist_head ue_conn_sccp_addr_list; /* list of "struct iu_new_ctx_entry" */
+};
+
+struct sgsn_sccp_user_iups *sgsn_scu_iups_inst_alloc(struct sgsn_instance *sgsn, struct osmo_sccp_instance *sccp);
+void sgsn_scu_iups_free(struct sgsn_sccp_user_iups *scu_iups);
+
+int sgsn_scu_iups_tx_data_req(struct sgsn_sccp_user_iups *scu_iups, uint32_t conn_id, struct msgb *ranap_msg);
+
+struct ranap_ue_conn_ctx *sgsn_scu_iups_ue_conn_ctx_find(struct sgsn_sccp_user_iups *scu_iups, uint32_t conn_id);
+
+int sgsn_sccp_init(struct sgsn_instance *sgsn);
+void sgsn_sccp_release(struct sgsn_instance *sgsn);
+

include/osmocom/sgsn/sgsn.h

@@ -1,9 +1,11 @@
 #ifndef _SGSN_H
 #define _SGSN_H
 
+#include "config.h"
 
 #include <osmocom/core/msgb.h>
 #include <osmocom/core/select.h>
+#include <osmocom/core/stat_item.h>
 #include <osmocom/crypt/gprs_cipher.h>
 #include <osmocom/gprs/gprs_ns2.h>
 #include <osmocom/gprs/gprs_bssgp.h>
@@ -14,9 +16,8 @@
 #include <osmocom/gsupclient/gsup_client.h>
 #include <osmocom/sgsn/common.h>
 
-#include "../../config.h"
-
 #if BUILD_IU
+#include <osmocom/sigtran/sccp_sap.h>
 #include <osmocom/sgsn/iu_client.h>
 #endif
 
@@ -27,6 +28,9 @@ struct hostent;
 
 #define SGSN_ERROR_CAUSE_NONE (-1)
 
+/* This rac will be used internally. RAC with 0xff will be rejected */
+#define OSMO_RESERVED_RAC 0xff
+
 enum sgsn_auth_policy {
 	SGSN_AUTH_POLICY_OPEN,
 	SGSN_AUTH_POLICY_CLOSED,
@@ -156,19 +160,47 @@ struct sgsn_instance {
 	struct sgsn_ra_global *routing_area;
 
 	struct rate_ctr_group *rate_ctrs;
+	struct osmo_stat_item_group *statg;
 
 	struct llist_head apn_list; /* list of struct sgsn_apn_ctx */
 	struct llist_head ggsn_list; /* list of struct sgsn_ggsn_ctx */
 	struct llist_head mme_list; /* list of struct sgsn_mme_ctx */
 	struct llist_head mm_list; /* list of struct sgsn_mm_ctx */
 	struct llist_head pdp_list; /* list of struct sgsn_pdp_ctx */
+#if BUILD_IU
+	struct llist_head rnc_list; /* list of struct ranap_iu_rnc */
+#endif /* if BUILD_IU */
 
 	struct ctrl_handle *ctrlh;
+
+#if BUILD_IU
+	/* SCCP (Iu) */
+	struct {
+		struct osmo_sccp_instance *sccp;
+		struct sgsn_sccp_user_iups *scu_iups;
+	} sccp;
+#endif /* if BUILD_IU */
 };
 
+extern struct osmo_tdef sgsn_T_defs[];
 extern struct sgsn_instance *sgsn;
 extern void *tall_sgsn_ctx;
 
+enum {
+	SGSN_STAT_IU_PEERS_TOTAL,
+	SGSN_STAT_IU_PEERS_ACTIVE,
+};
+static inline void sgsn_stat_inc(unsigned int idx, int32_t value)
+{
+	osmo_stat_item_inc(osmo_stat_item_group_get_item(sgsn->statg, idx), value);
+}
+
+static inline void sgsn_stat_dec(unsigned int idx, int32_t value)
+{
+	osmo_stat_item_dec(osmo_stat_item_group_get_item(sgsn->statg, idx), value);
+}
+
+
 /*
  * ctrl interface related work (sgsn_ctrl.c)
  */

src/sgsn/Makefile.am

@@ -97,6 +97,10 @@ osmo_sgsn_LDADD += \
 osmo_sgsn_SOURCES += \
 	gprs_mm_state_iu_fsm.c \
 	gprs_ranap.c \
-	iu_client.c
+	iu_client.c \
+	iu_rnc.c \
+	iu_rnc_fsm.c \
+	sccp.c \
+	$(NULL)
 
 endif

src/sgsn/gprs_gmm.c

@@ -123,13 +123,13 @@ int gsm48_gmm_sendmsg(struct msgb *msg, int command,
 		rate_ctr_inc(rate_ctr_group_get_ctr(mm->ctrg, GMM_CTR_PKTS_SIG_OUT));
 #ifdef BUILD_IU
 		if (mm->ran_type == MM_CTX_T_UTRAN_Iu)
-			return ranap_iu_tx(msg, GPRS_SAPI_GMM);
+			return sgsn_ranap_iu_tx(msg, GPRS_SAPI_GMM);
 #endif
 	}
 
 #ifdef BUILD_IU
 	if (MSG_IU_UE_CTX(msg))
-		return ranap_iu_tx(msg, GPRS_SAPI_GMM);
+		return sgsn_ranap_iu_tx(msg, GPRS_SAPI_GMM);
 #endif
 
 	/* caller needs to provide TLLI, BVCI and NSEI */
@@ -979,7 +979,7 @@ int gsm48_gmm_authorize(struct sgsn_mm_ctx *ctx)
 			  send_ck ? "sending" : "not sending", sgsn->cfg.uea_encryption_mask);
 		/* FIXME: we should send the set of allowed UEA, as in ranap_new_msg_sec_mod_cmd2(). However, this
 		 * is not possible in the iu_client API. See OS#5487. */
-		rc = ranap_iu_tx_sec_mode_cmd(ctx->iu.ue_ctx, &ctx->auth_triplet.vec, send_ck, ctx->iu.new_key);
+		rc = sgsn_ranap_iu_tx_sec_mode_cmd(ctx->iu.ue_ctx, &ctx->auth_triplet.vec, send_ck, ctx->iu.new_key);
 		ctx->iu.new_key = 0;
 		return rc;
 	}
@@ -1014,7 +1014,7 @@ int gsm48_gmm_authorize(struct sgsn_mm_ctx *ctx)
 		rc = gsm48_tx_gmm_service_ack(ctx);
 
 		if (ctx->iu.service.type != GPRS_SERVICE_T_SIGNALLING)
-			activate_pdp_rabs(ctx);
+			sgsn_mm_ctx_iu_activate_rabs(ctx);
 
 		return rc;
 #endif
@@ -1452,7 +1452,7 @@ static int gsm48_rx_gmm_att_compl(struct sgsn_mm_ctx *mmctx)
 
 #ifdef BUILD_IU
 	if (mmctx->iu.ue_ctx) {
-		ranap_iu_tx_release(mmctx->iu.ue_ctx, NULL);
+		sgsn_ranap_iu_tx_release(mmctx->iu.ue_ctx, NULL);
 	}
 #endif
 
@@ -1839,7 +1839,7 @@ rejected:
 #ifdef BUILD_IU
 	else if (MSG_IU_UE_CTX(msg)) {
 		unsigned long X1001 = osmo_tdef_get(sgsn->cfg.T_defs, -1001, OSMO_TDEF_S, -1);
-		ranap_iu_tx_release_free(MSG_IU_UE_CTX(msg), NULL, (int) X1001);
+		sgsn_ranap_iu_tx_release_free(MSG_IU_UE_CTX(msg), NULL, (int) X1001);
 	}
 #endif
 

src/sgsn/gprs_gmm_attach.c

@@ -1,3 +1,5 @@
+#include "config.h"
+
 #include <osmocom/core/tdef.h>
 #include <osmocom/crypt/utran_cipher.h>
 
@@ -7,6 +9,7 @@
 #include <osmocom/sgsn/debug.h>
 #include <osmocom/sgsn/gprs_gmm.h>
 #include <osmocom/sgsn/mmctx.h>
+#include <osmocom/sgsn/gprs_ranap.h>
 #include <osmocom/sgsn/sgsn.h>
 
 #define X(s) (1 << (s))
@@ -274,7 +277,7 @@ static void st_iu_security_cmd_on_enter(struct osmo_fsm_inst *fi, uint32_t prev_
 
 	/* FIXME: we should send the set of allowed UEA, as in ranap_new_msg_sec_mod_cmd2(). However, this
 	 * is not possible in the iu_client API. See OS#5487. */
-	ranap_iu_tx_sec_mode_cmd(ctx->iu.ue_ctx, &ctx->auth_triplet.vec, send_ck, ctx->iu.new_key);
+	sgsn_ranap_iu_tx_sec_mode_cmd(ctx->iu.ue_ctx, &ctx->auth_triplet.vec, send_ck, ctx->iu.new_key);
 	ctx->iu.new_key = 0;
 #endif
 }

src/sgsn/gprs_mm_state_iu_fsm.c

@@ -95,12 +95,12 @@ static void st_pmm_connected(struct osmo_fsm_inst *fi, uint32_t event, void *dat
 
 	switch(event) {
 	case E_PMM_PS_CONN_RELEASE:
-		sgsn_ranap_iu_free(ctx);
+		sgsn_mm_ctx_iu_ranap_free(ctx);
 		mm_state_iu_fsm_state_chg(fi, ST_PMM_IDLE);
 		mmctx_change_gtpu_endpoints_to_sgsn(ctx, NULL);
 		break;
 	case E_PMM_PS_DETACH:
-		sgsn_ranap_iu_release_free(ctx, NULL);
+		sgsn_mm_ctx_iu_ranap_release_free(ctx, NULL);
 		mm_state_iu_fsm_state_chg(fi, ST_PMM_DETACHED);
 		break;
 	case E_PMM_RA_UPDATE:
@@ -108,7 +108,7 @@ static void st_pmm_connected(struct osmo_fsm_inst *fi, uint32_t event, void *dat
 	case E_PMM_RX_GGSN_GTPU_DT_EI:
 		/* GTPU Direct Tunnel (RNC<->GGSN): GGSN Received Error Indication when transmitting DL data*/
 		pctx = (struct sgsn_pdp_ctx *)data;
-		sgsn_ranap_iu_free(ctx);
+		sgsn_mm_ctx_iu_ranap_free(ctx);
 		mm_state_iu_fsm_state_chg(fi, ST_PMM_IDLE);
 		mmctx_change_gtpu_endpoints_to_sgsn(ctx, pctx);
 		break;

src/sgsn/gprs_ranap.c

@@ -22,14 +22,22 @@
  */
 
 #include "config.h"
+
+#include <asn1c/asn1helpers.h>
+
 #include <osmocom/gtp/gtp.h>
 
 #include <osmocom/core/rate_ctr.h>
 #include <osmocom/core/tdef.h>
+#include <osmocom/gsm/gsm23003.h>
 #include <osmocom/gprs/gprs_msgb.h>
 
 #include <osmocom/ranap/ranap_common.h>
+#include <osmocom/ranap/ranap_common_cn.h>
+#include <osmocom/ranap/ranap_ies_defs.h>
+#include <osmocom/ranap/ranap_msg_factory.h>
 #include <osmocom/ranap/iu_helpers.h>
+#include <osmocom/sigtran/sccp_helpers.h>
 
 #include <osmocom/sgsn/gprs_gmm.h>
 #include <osmocom/sgsn/gprs_sm.h>
@@ -41,18 +49,35 @@
 #include <osmocom/sgsn/gprs_routing_area.h>
 #include <osmocom/sgsn/gtp_ggsn.h>
 #include <osmocom/sgsn/gtp.h>
+#include <osmocom/sgsn/iu_rnc.h>
+#include <osmocom/sgsn/iu_rnc_fsm.h>
 #include <osmocom/sgsn/pdpctx.h>
 #include <osmocom/sgsn/mmctx.h>
 
-/* Send RAB activation requests for all PDP contexts */
-void activate_pdp_rabs(struct sgsn_mm_ctx *ctx)
+/* Parsed global RNC id. See also struct RANAP_GlobalRNC_ID, and note that the
+ * PLMN identity is a BCD representation of the MCC and MNC.
+ * See iu_grnc_id_parse(). */
+static int iu_grnc_id_parse(struct osmo_rnc_id *dst, const struct RANAP_GlobalRNC_ID *src)
 {
-	struct sgsn_pdp_ctx *pdp;
-	if (ctx->ran_type != MM_CTX_T_UTRAN_Iu)
-		return;
-	llist_for_each_entry(pdp, &ctx->pdp_list, list) {
-		iu_rab_act_ps(pdp->nsapi, pdp);
+	/* The size is coming from arbitrary sender, check it gracefully */
+	if (src->pLMNidentity.size != 3) {
+		LOGP(DRANAP, LOGL_ERROR, "Invalid PLMN Identity size: should be 3, is %d\n",
+		     src->pLMNidentity.size);
+		return -1;
 	}
+	osmo_plmn_from_bcd(&src->pLMNidentity.buf[0], &dst->plmn);
+	dst->rnc_id = (uint16_t)src->rNC_ID;
+	return 0;
+}
+
+/* not used at present */
+int sgsn_ranap_iu_grnc_id_compose(struct iu_grnc_id *dst, const struct osmo_rnc_id *src)
+{
+	dst->grnc_id.pLMNidentity.buf = &dst->plmn_buf[0];
+	dst->grnc_id.pLMNidentity.size = 3;
+	osmo_plmn_to_bcd(dst->grnc_id.pLMNidentity.buf, &src->plmn);
+	dst->grnc_id.rNC_ID = src->rnc_id;
+	return 0;
 }
 
 /* Callback for RAB assignment response */
@@ -69,7 +94,7 @@ static int sgsn_ranap_rab_ass_resp(struct sgsn_mm_ctx *ctx, RANAP_RAB_SetupOrMod
 	pdp = sgsn_pdp_ctx_by_nsapi(ctx, rab_id);
 	if (!pdp) {
 		LOGP(DRANAP, LOGL_ERROR, "RAB Assignment Response for unknown RAB/NSAPI=%u\n", rab_id);
-		sgsn_ranap_iu_release_free(ctx, NULL);
+		sgsn_mm_ctx_iu_ranap_release_free(ctx, NULL);
 		return -1;
 	}
 
@@ -153,7 +178,7 @@ static int sgsn_ranap_iu_event_mmctx(struct ranap_ue_conn_ctx *ctx, enum ranap_i
 	if (!mm) {
 		LOGIUP(ctx, LOGL_NOTICE, "Cannot find mm ctx for IU event %s\n",
 		       iu_client_event_type_str(type));
-		ranap_iu_free_ue(ctx);
+		sgsn_ranap_iu_free_ue(ctx);
 		return rc;
 	}
 
@@ -168,7 +193,7 @@ static int sgsn_ranap_iu_event_mmctx(struct ranap_ue_conn_ctx *ctx, enum ranap_i
 		LOGMMCTXP(LOGL_INFO, mm, "IU release (cause=%s)\n", iu_client_event_type_str(type));
 		rc = osmo_fsm_inst_dispatch(mm->iu.mm_state_fsm, E_PMM_PS_CONN_RELEASE, NULL);
 		if (rc < 0)
-			sgsn_ranap_iu_free(mm);
+			sgsn_mm_ctx_iu_ranap_free(mm);
 
 		/* TODO: move this into FSM */
 		if (mm->ran_type == MM_CTX_T_UTRAN_Iu && mm->gmm_att_req.fsm->state != ST_INIT)
@@ -183,7 +208,7 @@ static int sgsn_ranap_iu_event_mmctx(struct ranap_ue_conn_ctx *ctx, enum ranap_i
 		 */
 		/* Continue authentication here */
 		mm->iu.ue_ctx->integrity_active = 1;
-		ranap_iu_tx_common_id(mm->iu.ue_ctx, mm->imsi);
+		sgsn_ranap_iu_tx_common_id(mm->iu.ue_ctx, mm->imsi);
 
 		/* FIXME: remove gmm_authorize */
 		if (mm->pending_req != GSM48_MT_GMM_ATTACH_REQ)
@@ -226,58 +251,584 @@ int sgsn_ranap_iu_event(struct ranap_ue_conn_ctx *ctx, enum ranap_iu_event_type
 	}
 }
 
-void sgsn_ranap_iu_free(struct sgsn_mm_ctx *ctx)
-{
-	if (!ctx)
-		return;
-
-	if (!ctx->iu.ue_ctx)
-		return;
-
-	ranap_iu_free_ue(ctx->iu.ue_ctx);
-	ctx->iu.ue_ctx = NULL;
-}
-
-void sgsn_ranap_iu_release_free(struct sgsn_mm_ctx *ctx,
-				const struct RANAP_Cause *cause)
-{
-	unsigned long X1001;
-
-	if (!ctx)
-		return;
-
-	if (!ctx->iu.ue_ctx)
-		return;
-
-	X1001 = osmo_tdef_get(sgsn->cfg.T_defs, -1001, OSMO_TDEF_S, -1);
-
-	ranap_iu_tx_release_free(ctx->iu.ue_ctx,
-				 cause,
-				 (int) X1001);
-	ctx->iu.ue_ctx = NULL;
-}
-
-int iu_rab_act_ps(uint8_t rab_id, struct sgsn_pdp_ctx *pdp)
+int sgsn_ranap_iu_tx_rab_ps_ass_req(struct ranap_ue_conn_ctx *ue_ctx,
+				    uint8_t rab_id, uint32_t gtp_ip, uint32_t gtp_tei)
 {
 	struct msgb *msg;
-	struct sgsn_mm_ctx *mm = pdp->mm;
-	struct ranap_ue_conn_ctx *uectx;
-	uint32_t ggsn_ip;
-	bool use_x213_nsap;
+	bool use_x213_nsap = (ue_ctx->rab_assign_addr_enc == RANAP_NSAP_ADDR_ENC_X213);
 
-	uectx = mm->iu.ue_ctx;
-	use_x213_nsap = (uectx->rab_assign_addr_enc == RANAP_NSAP_ADDR_ENC_X213);
+	LOGP(DRANAP, LOGL_DEBUG,
+	     "Assigning RAB: rab_id=%u, ggsn_ip=%x, teid_gn=%x, use_x213_nsap=%d\n",
+	     rab_id, gtp_ip, gtp_tei, use_x213_nsap);
 
-	/* Get the IP address for ggsn user plane */
-	memcpy(&ggsn_ip, pdp->lib->gsnru.v, pdp->lib->gsnru.l);
-	ggsn_ip = htonl(ggsn_ip);
-
-	LOGP(DRANAP, LOGL_DEBUG, "Assigning RAB: rab_id=%d, ggsn_ip=%x,"
-	     " teid_gn=%x, use_x213_nsap=%d\n",
-	     rab_id, ggsn_ip, pdp->lib->teid_gn, use_x213_nsap);
-
-	msg = ranap_new_msg_rab_assign_data(rab_id, ggsn_ip,
-					    pdp->lib->teid_gn, use_x213_nsap);
-	msg->l2h = msg->data;
-	return ranap_iu_rab_act(uectx, msg);
+	msg = ranap_new_msg_rab_assign_data(rab_id, gtp_ip, gtp_tei, use_x213_nsap);
+	return sgsn_scu_iups_tx_data_req(ue_ctx->rnc->scu_iups, ue_ctx->conn_id, msg);
+}
+
+int sgsn_ranap_iu_tx_sec_mode_cmd(struct ranap_ue_conn_ctx *uectx, struct osmo_auth_vector *vec,
+			     int send_ck, int new_key)
+{
+	struct msgb *msg;
+
+	/* create RANAP message */
+	msg = ranap_new_msg_sec_mod_cmd(vec->ik, send_ck ? vec->ck : NULL,
+			new_key ? RANAP_KeyStatus_new : RANAP_KeyStatus_old);
+	return sgsn_scu_iups_tx_data_req(uectx->rnc->scu_iups, uectx->conn_id, msg);
+}
+
+int sgsn_ranap_iu_tx_common_id(struct ranap_ue_conn_ctx *uectx, const char *imsi)
+{
+	struct msgb *msg;
+
+	LOGP(DRANAP, LOGL_INFO, "Transmitting RANAP CommonID (SCCP conn_id %u)\n",
+	     uectx->conn_id);
+
+	msg = ranap_new_msg_common_id(imsi);
+	return sgsn_scu_iups_tx_data_req(uectx->rnc->scu_iups, uectx->conn_id, msg);
+}
+
+int sgsn_ranap_iu_tx(struct msgb *msg_nas, uint8_t sapi)
+{
+	struct ranap_ue_conn_ctx *uectx = msg_nas->dst;
+	struct msgb *msg;
+
+	if (!uectx) {
+		LOGP(DRANAP, LOGL_ERROR,
+		     "Discarding to-be-transmitted L3 Message as RANAP DT with unset dst SCCP conn_id!\n");
+		return -ENOTCONN;
+	}
+
+	LOGP(DRANAP, LOGL_INFO, "Transmitting L3 Message as RANAP DT (SCCP conn_id %u)\n",
+	     uectx->conn_id);
+
+	msg = ranap_new_msg_dt(sapi, msg_nas->data, msgb_length(msg_nas));
+	msgb_free(msg_nas);
+
+	return sgsn_scu_iups_tx_data_req(uectx->rnc->scu_iups, uectx->conn_id, msg);
+}
+
+/* Send CL RANAP message over SCCP: */
+int sgsn_ranap_iu_tx_cl(struct sgsn_sccp_user_iups *scu_iups,
+			const struct osmo_sccp_addr *dst_addr,
+			struct msgb *msg)
+{
+	msg->l2h = msg->data;
+	return osmo_sccp_tx_unitdata_msg(scu_iups->scu, &scu_iups->local_sccp_addr, dst_addr, msg);
+}
+
+/* Send RANAP Error Indication */
+int sgsn_ranap_iu_tx_error_ind(struct sgsn_sccp_user_iups *scu_iups,
+			       const struct osmo_sccp_addr *dst_addr,
+			       const RANAP_Cause_t *cause)
+{
+	RANAP_CN_DomainIndicator_t domain = RANAP_CN_DomainIndicator_ps_domain;
+	struct msgb *ranap_msg;
+
+	ranap_msg = ranap_new_msg_error_ind(cause, NULL, &domain, NULL);
+	if (!ranap_msg)
+		return -ENOMEM;
+
+	return sgsn_ranap_iu_tx_cl(scu_iups, dst_addr, ranap_msg);
+}
+
+/* Send Iu Release for the given UE connection.
+ * If cause is NULL, Normal Release cause is sent, otherwise
+ * the provided cause. */
+int sgsn_ranap_iu_tx_release(struct ranap_ue_conn_ctx *uectx, const struct RANAP_Cause *cause)
+{
+	struct msgb *msg;
+	static const struct RANAP_Cause default_cause = {
+		.present = RANAP_Cause_PR_nAS,
+		.choice.radioNetwork = RANAP_CauseNAS_normal_release,
+	};
+
+	if (!cause)
+		cause = &default_cause;
+
+	msg = ranap_new_msg_iu_rel_cmd(cause);
+	return sgsn_scu_iups_tx_data_req(uectx->rnc->scu_iups, uectx->conn_id, msg);
+}
+
+void sgsn_ranap_iu_tx_release_free(struct ranap_ue_conn_ctx *ctx,
+				   const struct RANAP_Cause *cause,
+				   int timeout)
+{
+	ctx->notification = false;
+	ctx->free_on_release = true;
+	int ret = sgsn_ranap_iu_tx_release(ctx, cause);
+	/* On Tx failure, trigger timeout immediately, as the response will never arrive */
+	if (ret)
+		timeout = 0;
+
+	osmo_timer_schedule(&ctx->release_timeout, timeout, 0);
+}
+
+static int ranap_handle_co_initial_ue(struct ranap_iu_rnc *rnc,
+				      uint32_t conn_id,
+				      const RANAP_InitialUE_MessageIEs_t *ies)
+{
+	struct gprs_ra_id ra_id = {};
+	struct osmo_routing_area_id ra_id2 = {};
+	struct osmo_rnc_id rnc_id = {};
+	uint16_t sai;
+	struct ranap_ue_conn_ctx *ue;
+	struct msgb *msg = msgb_alloc(256, "RANAP->NAS");
+
+	if (ranap_parse_lai(&ra_id, &ies->lai) != 0) {
+		LOGP(DRANAP, LOGL_ERROR, "Failed to parse RANAP LAI IE\n");
+		return -1;
+	}
+
+	if (!(ies->presenceMask & INITIALUE_MESSAGEIES_RANAP_RAC_PRESENT)) {
+		LOGP(DRANAP, LOGL_ERROR, "Rejecting InitialUE msg without RAC IE\n");
+		return -1;
+	}
+
+	ra_id.rac = asn1str_to_u8(&ies->rac);
+	if (ra_id.rac == OSMO_RESERVED_RAC) {
+		LOGP(DRANAP, LOGL_ERROR,
+		     "Rejecting RNC with invalid/internally used RAC 0x%02x\n", ra_id.rac);
+		return -1;
+	}
+
+	if (iu_grnc_id_parse(&rnc_id, &ies->globalRNC_ID) != 0) {
+		LOGP(DRANAP, LOGL_ERROR,
+		     "Failed to parse RANAP Global-RNC-ID IE\n");
+		return -1;
+	}
+
+	sai = asn1str_to_u16(&ies->sai.sAC);
+	msgb_gmmh(msg) = msgb_put(msg, ies->nas_pdu.size);
+	memcpy(msgb_gmmh(msg), ies->nas_pdu.buf, ies->nas_pdu.size);
+
+	gprs_rai_to_osmo(&ra_id2, &ra_id);
+
+	/* Make sure we update LAC+RAC coming in on this connection. */
+	iu_rnc_update_rai_seen(rnc, &ra_id2);
+
+	ue = ue_conn_ctx_alloc(rnc, conn_id);
+	OSMO_ASSERT(ue);
+	ue->ra_id = ra_id;
+
+	/* Feed into the MM layer */
+	msg->dst = ue;
+	gsm0408_gprs_rcvmsg_iu(msg, &ra_id, &sai);
+
+	msgb_free(msg);
+
+	return 0;
+}
+
+void sgsn_ranap_iu_handle_co_initial(struct ranap_iu_rnc *iu_rnc,
+				     uint32_t conn_id,
+				     const ranap_message *message)
+{
+	int rc;
+
+	LOGP(DRANAP, LOGL_NOTICE, "handle_co_initial(dir=%u, proc=%u)\n", message->direction, message->procedureCode);
+
+	if (message->direction != RANAP_RANAP_PDU_PR_initiatingMessage
+	    || message->procedureCode != RANAP_ProcedureCode_id_InitialUE_Message) {
+		LOGP(DRANAP, LOGL_ERROR, "Expected direction 'InitiatingMessage',"
+		     " procedureCode 'InitialUE_Message', instead got %u and %u\n",
+		     message->direction, message->procedureCode);
+		rc = -1;
+	} else
+		rc = ranap_handle_co_initial_ue(iu_rnc, conn_id, &message->msg.initialUE_MessageIEs);
+
+	if (rc) {
+		LOGP(DRANAP, LOGL_ERROR, "Error in %s (%d)\n", __func__, rc);
+		/* TODO handling of the error? */
+	}
+}
+
+int sgsn_ranap_iu_rx_co_initial_msg(struct sgsn_sccp_user_iups *scu_iups,
+				    const struct osmo_sccp_addr *rem_sccp_addr,
+				    uint32_t conn_id,
+				    const uint8_t *data, size_t len)
+{
+	struct iu_rnc_ev_msg_up_co_initial_ctx ev_ctx = {
+		.conn_id = conn_id,
+	};
+	RANAP_Cause_t cause;
+	int rc;
+
+	rc = ranap_cn_rx_co_decode2(&ev_ctx.message, data, len);
+	if (rc != 0) {
+		LOGP(DRANAP, LOGL_ERROR, "Not calling cn_ranap_handle_co_initial() due to rc=%d\n", rc);
+		goto free_ret;
+	}
+
+	ev_ctx.rnc = iu_rnc_find_by_addr(rem_sccp_addr);
+	if (!ev_ctx.rnc)
+		goto tx_err_ind;
+
+	rc = osmo_fsm_inst_dispatch(ev_ctx.rnc->fi, IU_RNC_EV_MSG_UP_CO_INITIAL, &ev_ctx);
+	if (rc != 0)
+		goto tx_err_ind;
+
+	goto free_ret;
+
+tx_err_ind:
+	cause = (RANAP_Cause_t){
+		.present = RANAP_Cause_PR_protocol,
+		.choice.protocol = RANAP_CauseProtocol_message_not_compatible_with_receiver_state,
+	};
+	sgsn_ranap_iu_tx_error_ind(scu_iups, rem_sccp_addr, &cause);
+free_ret:
+	/* Free the asn1 structs in message */
+	ranap_cn_rx_co_free(&ev_ctx.message);
+	return rc;
+}
+
+static int ranap_handle_co_dt(struct ranap_ue_conn_ctx *ue_ctx, const RANAP_DirectTransferIEs_t *ies)
+{
+	struct gprs_ra_id _ra_id, *ra_id = NULL;
+	uint16_t _sai, *sai = NULL;
+	struct msgb *msg = msgb_alloc(256, "RANAP->NAS");
+
+	if (ies->presenceMask & DIRECTTRANSFERIES_RANAP_LAI_PRESENT) {
+		if (ranap_parse_lai(&_ra_id, &ies->lai) != 0) {
+			LOGP(DRANAP, LOGL_ERROR, "Failed to parse RANAP LAI IE\n");
+			return -1;
+		}
+		ra_id = &_ra_id;
+		if (ies->presenceMask & DIRECTTRANSFERIES_RANAP_RAC_PRESENT)
+			_ra_id.rac = asn1str_to_u8(&ies->rac);
+
+		if (ies->presenceMask & DIRECTTRANSFERIES_RANAP_SAI_PRESENT) {
+			_sai = asn1str_to_u16(&ies->sai.sAC);
+			sai = &_sai;
+		}
+	}
+
+	msgb_gmmh(msg) = msgb_put(msg, ies->nas_pdu.size);
+	memcpy(msgb_gmmh(msg), ies->nas_pdu.buf, ies->nas_pdu.size);
+
+	/* Feed into the MM/CC/SMS-CP layer */
+	msg->dst = ue_ctx;
+	gsm0408_gprs_rcvmsg_iu(msg, ra_id, sai);
+
+	msgb_free(msg);
+
+	return 0;
+}
+
+static int ranap_handle_co_err_ind(struct ranap_ue_conn_ctx *ue_ctx, const RANAP_ErrorIndicationIEs_t *ies)
+{
+	if (ies->presenceMask & ERRORINDICATIONIES_RANAP_CAUSE_PRESENT)
+		LOGP(DRANAP, LOGL_ERROR, "Rx Error Indication (%s)\n",
+		     ranap_cause_str(&ies->cause));
+	else
+		LOGP(DRANAP, LOGL_ERROR, "Rx Error Indication\n");
+
+	return 0;
+}
+
+static int ranap_handle_co_iu_rel_req(struct ranap_ue_conn_ctx *ue_ctx, const RANAP_Iu_ReleaseRequestIEs_t *ies)
+{
+	LOGP(DRANAP, LOGL_INFO, "Received Iu Release Request, Sending Release Command\n");
+	sgsn_ranap_iu_tx_release(ue_ctx, &ies->cause);
+	return 0;
+}
+
+static int ranap_handle_co_rab_ass_resp(struct ranap_ue_conn_ctx *ue_ctx, const RANAP_RAB_AssignmentResponseIEs_t *ies)
+{
+	int rc = -1;
+
+	LOGP(DRANAP, LOGL_INFO,
+	       "Rx RAB Assignment Response for UE conn_id %u\n", ue_ctx->conn_id);
+	if (ies->presenceMask & RAB_ASSIGNMENTRESPONSEIES_RANAP_RAB_SETUPORMODIFIEDLIST_PRESENT) {
+		/* TODO: Iterate over list of SetupOrModifiedList IEs and handle each one */
+		RANAP_IE_t *ranap_ie = ies->raB_SetupOrModifiedList.raB_SetupOrModifiedList_ies.list.array[0];
+		RANAP_RAB_SetupOrModifiedItemIEs_t setup_ies;
+
+		rc = ranap_decode_rab_setupormodifieditemies_fromlist(&setup_ies, &ranap_ie->value);
+		if (rc) {
+			LOGP(DRANAP, LOGL_ERROR, "Error in ranap_decode_rab_setupormodifieditemies()\n");
+			return rc;
+		}
+
+		rc = global_iu_event(ue_ctx, RANAP_IU_EVENT_RAB_ASSIGN, &setup_ies);
+
+		ranap_free_rab_setupormodifieditemies(&setup_ies);
+	}
+	/* FIXME: handle RAB Ass failure? */
+
+	return rc;
+}
+
+/* Entry point for connection-oriented RANAP message */
+void sgsn_ranap_iu_handle_co(struct ranap_ue_conn_ctx *ue_ctx, const ranap_message *message)
+{
+	int rc;
+
+	LOGP(DRANAP, LOGL_NOTICE, "handle_co(dir=%u, proc=%u)\n", message->direction, message->procedureCode);
+
+	switch (message->direction) {
+	case RANAP_RANAP_PDU_PR_initiatingMessage:
+		switch (message->procedureCode) {
+		case RANAP_ProcedureCode_id_InitialUE_Message:
+			LOGP(DRANAP, LOGL_ERROR, "Got InitialUE_Message but this is not a new conn\n");
+			rc = -1;
+			break;
+		case RANAP_ProcedureCode_id_DirectTransfer:
+			rc = ranap_handle_co_dt(ue_ctx, &message->msg.directTransferIEs);
+			break;
+		case RANAP_ProcedureCode_id_ErrorIndication:
+			rc = ranap_handle_co_err_ind(ue_ctx, &message->msg.errorIndicationIEs);
+			break;
+		case RANAP_ProcedureCode_id_Iu_ReleaseRequest:
+			/* Iu Release Request */
+			rc = ranap_handle_co_iu_rel_req(ue_ctx, &message->msg.iu_ReleaseRequestIEs);
+			break;
+		default:
+			LOGP(DRANAP, LOGL_ERROR, "Received Initiating Message: unknown Procedure Code %d\n",
+			       message->procedureCode);
+			rc = -1;
+			break;
+		}
+		break;
+	case RANAP_RANAP_PDU_PR_successfulOutcome:
+		switch (message->procedureCode) {
+		case RANAP_ProcedureCode_id_SecurityModeControl:
+			/* Security Mode Complete */
+			rc = global_iu_event(ue_ctx, RANAP_IU_EVENT_SECURITY_MODE_COMPLETE, NULL);
+			break;
+		case RANAP_ProcedureCode_id_Iu_Release:
+			/* Iu Release Complete */
+			rc = global_iu_event(ue_ctx, RANAP_IU_EVENT_IU_RELEASE, NULL);
+			if (rc) {
+				LOGP(DRANAP, LOGL_ERROR, "Iu Release event: Iu Event callback returned %d\n",
+				       rc);
+			}
+			break;
+		default:
+			LOGP(DRANAP, LOGL_ERROR, "Received Successful Outcome: unknown Procedure Code %d\n",
+			     message->procedureCode);
+			rc = -1;
+			break;
+		}
+		break;
+	case RANAP_RANAP_PDU_PR_outcome:
+		switch (message->procedureCode) {
+		case RANAP_ProcedureCode_id_RAB_Assignment:
+			/* RAB Assignment Response */
+			rc = ranap_handle_co_rab_ass_resp(ue_ctx, &message->msg.raB_AssignmentResponseIEs);
+			break;
+		default:
+			LOGP(DRANAP, LOGL_ERROR, "Received Outcome: unknown Procedure Code %d\n",
+			     message->procedureCode);
+			rc = -1;
+			break;
+		}
+		break;
+	case RANAP_RANAP_PDU_PR_unsuccessfulOutcome:
+	default:
+		LOGP(DRANAP, LOGL_ERROR, "Received Unsuccessful Outcome: Procedure Code %d\n",
+		     message->procedureCode);
+		rc = -1;
+		break;
+	}
+
+	if (rc) {
+		LOGP(DRANAP, LOGL_ERROR, "Error in %s (%d)\n", __func__, rc);
+		/* TODO handling of the error? */
+	}
+}
+
+int sgsn_ranap_iu_rx_co_msg(struct ranap_ue_conn_ctx *ue_ctx, const uint8_t *data, size_t len)
+{
+	struct iu_rnc_ev_msg_up_co_ctx ev_ctx = {
+		.ue_ctx = ue_ctx,
+	};
+	RANAP_Cause_t cause;
+	int rc;
+
+	rc = ranap_cn_rx_co_decode2(&ev_ctx.message, data, len);
+	if (rc != 0) {
+		LOGP(DRANAP, LOGL_ERROR, "Not calling cn_ranap_handle_co() due to rc=%d\n", rc);
+		goto free_ret;
+	}
+
+	rc = osmo_fsm_inst_dispatch(ue_ctx->rnc->fi, IU_RNC_EV_MSG_UP_CO, &ev_ctx);
+	if (rc != 0)
+		goto tx_err_ind;
+
+	goto free_ret;
+
+tx_err_ind:
+	cause = (RANAP_Cause_t){
+		.present = RANAP_Cause_PR_protocol,
+		.choice.protocol = RANAP_CauseProtocol_message_not_compatible_with_receiver_state,
+	};
+	sgsn_ranap_iu_tx_error_ind(ue_ctx->rnc->scu_iups, &ue_ctx->rnc->sccp_addr, &cause);
+
+free_ret:
+	/* Free the asn1 structs in message */
+	ranap_cn_rx_co_free(&ev_ctx.message);
+	return rc;
+}
+
+static int ranap_handle_cl_reset_req(struct sgsn_sccp_user_iups *scu_iups,
+				     const struct osmo_scu_unitdata_param *ud_prim,
+				     const RANAP_ResetIEs_t *ies)
+{
+	const RANAP_GlobalRNC_ID_t *grnc_id = NULL;
+	RANAP_Cause_t cause;
+	struct osmo_rnc_id rnc_id = {};
+	struct ranap_iu_rnc *rnc;
+	int rc;
+
+	if (ies->presenceMask & ERRORINDICATIONIES_RANAP_CN_DOMAININDICATOR_PRESENT) {
+		if (ies->cN_DomainIndicator != RANAP_CN_DomainIndicator_ps_domain) {
+			LOGP(DRANAP, LOGL_ERROR, "Rx RESET: Unexpected CN Domain Indicator %d\n",
+			     (int)ies->cN_DomainIndicator);
+			cause = (RANAP_Cause_t){
+				.present = RANAP_Cause_PR_protocol,
+				.choice.protocol = RANAP_CauseProtocol_semantic_error,
+			};
+			return sgsn_ranap_iu_tx_error_ind(scu_iups, &ud_prim->calling_addr, &cause);
+		}
+	} /* else: assume PS */
+
+	/* FIXME: support handling Extended RNC-ID instead of Global RNC-ID */
+
+	if (!(ies->presenceMask & RESETIES_RANAP_GLOBALRNC_ID_PRESENT)) {
+		LOGP(DRANAP, LOGL_ERROR,
+		     "Rx RESET: Missing RANAP Global-RNC-ID IE\n");
+		cause = (RANAP_Cause_t){
+			.present = RANAP_Cause_PR_protocol,
+			.choice.protocol = RANAP_CauseProtocol_transfer_syntax_error,
+		};
+		return sgsn_ranap_iu_tx_error_ind(scu_iups, &ud_prim->calling_addr, &cause);
+	}
+	grnc_id = &ies->globalRNC_ID;
+
+	if (iu_grnc_id_parse(&rnc_id, grnc_id) != 0) {
+		LOGP(DRANAP, LOGL_ERROR,
+		     "Rx RESET: Failed to parse RANAP Global-RNC-ID IE\n");
+		cause = (RANAP_Cause_t){
+			.present = RANAP_Cause_PR_protocol,
+			.choice.protocol = RANAP_CauseProtocol_transfer_syntax_error,
+		};
+		return sgsn_ranap_iu_tx_error_ind(scu_iups, &ud_prim->calling_addr, &cause);
+	}
+
+	rnc = iu_rnc_find_or_create(&rnc_id, scu_iups, &ud_prim->calling_addr);
+	OSMO_ASSERT(rnc);
+	rc = osmo_fsm_inst_dispatch(rnc->fi, IU_RNC_EV_RX_RESET, NULL);
+	if (rc != 0) {
+		cause = (RANAP_Cause_t){
+			.present = RANAP_Cause_PR_protocol,
+			.choice.protocol = RANAP_CauseProtocol_message_not_compatible_with_receiver_state,
+		};
+		return sgsn_ranap_iu_tx_error_ind(scu_iups, &ud_prim->calling_addr, &cause);
+	}
+	return 0;
+}
+
+static int ranap_handle_cl_reset_ack(struct sgsn_sccp_user_iups *scu_iups,
+				     const struct osmo_scu_unitdata_param *ud_prim,
+				     const RANAP_ResetAcknowledgeIEs_t *ies)
+{
+	struct ranap_iu_rnc *rnc;
+	RANAP_Cause_t cause;
+	int rc;
+
+	rnc = iu_rnc_find_by_addr(&ud_prim->calling_addr);
+	if (!rnc)
+		goto tx_err_ind;
+
+	rc = osmo_fsm_inst_dispatch(rnc->fi, IU_RNC_EV_RX_RESET_ACK, NULL);
+	if (rc != 0)
+		goto tx_err_ind;
+
+	return 0;
+
+tx_err_ind:
+	cause = (RANAP_Cause_t){
+		.present = RANAP_Cause_PR_protocol,
+		.choice.protocol = RANAP_CauseProtocol_message_not_compatible_with_receiver_state,
+	};
+	return sgsn_ranap_iu_tx_error_ind(scu_iups, &ud_prim->calling_addr, &cause);
+}
+
+static int ranap_handle_cl_err_ind(struct sgsn_sccp_user_iups *scu_iups,
+				   const struct osmo_scu_unitdata_param *ud_prim,
+				   const RANAP_ErrorIndicationIEs_t *ies)
+{
+	if (ies->presenceMask & ERRORINDICATIONIES_RANAP_CAUSE_PRESENT)
+		LOGP(DRANAP, LOGL_ERROR, "Rx Error Indication (%s)\n",
+		     ranap_cause_str(&ies->cause));
+	else
+		LOGP(DRANAP, LOGL_ERROR, "Rx Error Indication\n");
+
+	return 0;
+}
+
+/* Entry point for connection-less RANAP message */
+static void cn_ranap_handle_cl(struct sgsn_sccp_user_iups *scu_iups,
+			       const struct osmo_scu_unitdata_param *ud_prim,
+			       const ranap_message *message)
+{
+	int rc;
+
+	switch (message->direction) {
+	case RANAP_RANAP_PDU_PR_initiatingMessage:
+		switch (message->procedureCode) {
+		case RANAP_ProcedureCode_id_Reset:
+			/* received reset.req, send reset.resp */
+			rc = ranap_handle_cl_reset_req(scu_iups, ud_prim, &message->msg.resetIEs);
+			break;
+		case RANAP_ProcedureCode_id_ErrorIndication:
+			rc = ranap_handle_cl_err_ind(scu_iups, ud_prim, &message->msg.errorIndicationIEs);
+			break;
+		default:
+			rc = -1;
+			break;
+		}
+		break;
+	case RANAP_RANAP_PDU_PR_successfulOutcome:
+		switch (message->procedureCode) {
+		case RANAP_ProcedureCode_id_Reset:
+			rc = ranap_handle_cl_reset_ack(scu_iups, ud_prim, &message->msg.resetAcknowledgeIEs);
+			break;
+		default:
+			rc = -1;
+			break;
+		}
+		break;
+	case RANAP_RANAP_PDU_PR_unsuccessfulOutcome:
+	case RANAP_RANAP_PDU_PR_outcome:
+	default:
+		rc = -1;
+		break;
+	}
+
+	if (rc) {
+		LOGP(DRANAP, LOGL_ERROR, "Error in %s (%d)\n", __func__, rc);
+		/* TODO handling of the error? */
+	}
+}
+
+int sgsn_ranap_iu_rx_cl_msg(struct sgsn_sccp_user_iups *scu_iups,
+			    const struct osmo_scu_unitdata_param *ud_prim,
+			    const uint8_t *data, size_t len)
+{
+	ranap_message message;
+	int rc;
+
+	rc = ranap_cn_rx_cl_decode2(&message, data, len);
+	if (rc != 0) {
+		LOGP(DRANAP, LOGL_ERROR, "Not calling cn_ranap_handle_cl() due to rc=%d\n", rc);
+		goto free_ret;
+	}
+
+	cn_ranap_handle_cl(scu_iups, ud_prim, &message);
+
+free_ret:
+	/* Free the asn1 structs in message */
+	ranap_cn_rx_cl_free(&message);
+	return rc;
 }

src/sgsn/iu_rnc.c

@@ -0,0 +1,255 @@
+/* A remote RNC (Radio Network Controller), connected over IuPS */
+
+/* (C) 2016-2017 by sysmocom s.f.m.c. GmbH <info@sysmocom.de>
+ * All Rights Reserved
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#include "config.h"
+
+#include <stdint.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdbool.h>
+
+#include <osmocom/gsm/protocol/gsm_04_08_gprs.h>
+
+#include <osmocom/core/logging.h>
+#include <osmocom/crypt/auth.h>
+#include <osmocom/gprs/gprs_msgb.h>
+#include <osmocom/sigtran/sccp_sap.h>
+#include <osmocom/sigtran/sccp_helpers.h>
+#include <osmocom/sccp/sccp_types.h>
+
+#include <osmocom/sgsn/debug.h>
+#include <osmocom/sgsn/gprs_ranap.h>
+#include <osmocom/sgsn/iu_client.h>
+#include <osmocom/sgsn/iu_rnc.h>
+#include <osmocom/sgsn/iu_rnc_fsm.h>
+#include <osmocom/sgsn/sccp.h>
+#include <osmocom/sgsn/sgsn.h>
+
+static struct ranap_iu_rnc *iu_rnc_alloc(const struct osmo_rnc_id *rnc_id,
+					 struct sgsn_sccp_user_iups *scu_iups,
+					 const struct osmo_sccp_addr *rnc_sccp_addr)
+{
+	struct ranap_iu_rnc *rnc;
+	char *addr_str, *pos;
+
+	rnc = talloc_zero(sgsn, struct ranap_iu_rnc);
+	OSMO_ASSERT(rnc);
+
+	INIT_LLIST_HEAD(&rnc->lac_rac_list);
+
+	rnc->rnc_id = *rnc_id;
+	rnc->scu_iups = scu_iups;
+	rnc->sccp_addr = *rnc_sccp_addr;
+
+	rnc->fi = osmo_fsm_inst_alloc(&iu_rnc_fsm, rnc, rnc, LOGL_INFO, NULL);
+	OSMO_ASSERT(rnc->fi);
+
+	/* Unfortunately, osmo_sccp_inst_addr_name() returns "RI=SSN_PC,PC=0.24.1,SSN=BSSAP" but neither commas nor
+	 * full-stops are allowed as FSM inst id. Make it "RI-SSN_PC:PC-0-24-1:SSN-BSSAP". */
+	addr_str = osmo_sccp_addr_dump(rnc_sccp_addr);
+	for (pos = addr_str; *pos; pos++) {
+		if (*pos == ',')
+			*pos = ':';
+		else if (*pos == '.' || *pos == '=')
+			*pos = '-';
+	}
+	osmo_fsm_inst_update_id_f(rnc->fi, "RNC_ID-%s:%s",
+				  osmo_rnc_id_name(rnc_id), addr_str);
+
+	llist_add(&rnc->entry, &sgsn->rnc_list);
+	sgsn_stat_inc(SGSN_STAT_IU_PEERS_TOTAL, 1);
+
+	LOGP(DRANAP, LOGL_NOTICE, "New RNC %s at %s\n",
+	     osmo_rnc_id_name(&rnc->rnc_id), osmo_sccp_addr_dump(rnc_sccp_addr));
+
+	return rnc;
+}
+
+static struct ranap_iu_rnc *iu_rnc_find_by_id(const struct osmo_rnc_id *rnc_id)
+{
+	struct ranap_iu_rnc *rnc;
+	llist_for_each_entry(rnc, &sgsn->rnc_list, entry) {
+		if (!osmo_rnc_id_cmp(&rnc->rnc_id, rnc_id))
+			return rnc;
+	}
+	return NULL;
+}
+
+struct ranap_iu_rnc *iu_rnc_find_by_addr(const struct osmo_sccp_addr *rnc_sccp_addr)
+{
+	struct ranap_iu_rnc *rnc;
+	llist_for_each_entry(rnc, &sgsn->rnc_list, entry) {
+		if (osmo_sccp_addr_ri_cmp(rnc_sccp_addr, &rnc->sccp_addr))
+			continue;
+		return rnc;
+	}
+	return NULL;
+}
+
+struct ranap_iu_rnc *iu_rnc_find_or_create(const struct osmo_rnc_id *rnc_id,
+					   struct sgsn_sccp_user_iups *scu_iups,
+					   const struct osmo_sccp_addr *addr)
+{
+	struct ranap_iu_rnc *rnc;
+
+	/* Make sure we know this rnc_id and that this SCCP address is in our records */
+	rnc = iu_rnc_find_by_id(rnc_id);
+	if (rnc) {
+		if (!osmo_sccp_addr_ri_cmp(&rnc->sccp_addr, addr)) {
+			LOGP(DRANAP, LOGL_NOTICE, "RNC %s changed its SCCP addr to %s\n",
+			     osmo_rnc_id_name(&rnc->rnc_id), osmo_sccp_addr_dump(addr));
+			rnc->sccp_addr = *addr;
+		}
+	} else {
+		rnc = iu_rnc_alloc(rnc_id, scu_iups, addr);
+	}
+	return rnc;
+}
+
+/* Find a match for the given LAC (and RAC). For CS, pass rac as 0.
+ * If rnc and lre pointers are not NULL, *rnc / *lre are set to NULL if no match is found, or to the
+ * match if a match is found.  Return true if a match is found. */
+static bool iu_rnc_lac_rac_find(struct ranap_iu_rnc **rnc, struct iu_lac_rac_entry **lre,
+				const struct osmo_routing_area_id *ra_id)
+{
+	struct ranap_iu_rnc *r;
+	struct iu_lac_rac_entry *e;
+
+	if (rnc)
+		*rnc = NULL;
+	if (lre)
+		*lre = NULL;
+
+	llist_for_each_entry(r, &sgsn->rnc_list, entry) {
+		llist_for_each_entry(e, &r->lac_rac_list, entry) {
+			if (!osmo_rai_cmp(&e->rai, ra_id)) {
+				if (rnc)
+					*rnc = r;
+				if (lre)
+					*lre = e;
+				return true;
+			}
+		}
+	}
+	return false;
+}
+
+static void global_iu_event_new_area(const struct osmo_rnc_id *rnc_id, const struct osmo_routing_area_id *rai)
+{
+	struct ranap_iu_event_new_area new_area = (struct ranap_iu_event_new_area) {
+	    .rnc_id = rnc_id,
+	    .cell_type = RANAP_IU_NEW_RAC
+	};
+
+	if (rai->rac == OSMO_RESERVED_RAC) {
+		new_area.cell_type = RANAP_IU_NEW_LAC;
+		new_area.u.lai = &rai->lac;
+	} else {
+		new_area.cell_type = RANAP_IU_NEW_RAC;
+		new_area.u.rai = rai;
+	}
+
+	global_iu_event(NULL, RANAP_IU_EVENT_NEW_AREA, &new_area);
+}
+
+
+void iu_rnc_update_rai_seen(struct ranap_iu_rnc *rnc, const struct osmo_routing_area_id *rai)
+{
+	struct ranap_iu_rnc *old_rnc;
+	struct iu_lac_rac_entry *lre;
+
+	/* Detect whether the LAC,RAC is already recorded in another RNC */
+	iu_rnc_lac_rac_find(&old_rnc, &lre, rai);
+
+	if (old_rnc && old_rnc != rnc) {
+		/* LAC, RAC already exists in a different RNC */
+		LOGP(DRANAP, LOGL_NOTICE, "LAC/RAC %s moved from RNC %s %s",
+		     osmo_rai_name2(rai),
+		     osmo_rnc_id_name(&old_rnc->rnc_id), osmo_sccp_addr_dump(&old_rnc->sccp_addr));
+		LOGPC(DRANAP, LOGL_NOTICE, " to RNC %s %s\n",
+		      osmo_rnc_id_name(&rnc->rnc_id), osmo_sccp_addr_dump(&rnc->sccp_addr));
+
+		llist_del(&lre->entry);
+		llist_add(&lre->entry, &rnc->lac_rac_list);
+		global_iu_event_new_area(&rnc->rnc_id, rai);
+	} else if (!old_rnc) {
+		/* LAC, RAC not recorded yet */
+		LOGP(DRANAP, LOGL_NOTICE, "RNC %s: new LAC/RAC %s\n",
+		     osmo_rnc_id_name(&rnc->rnc_id), osmo_rai_name2(rai));
+		lre = talloc_zero(rnc, struct iu_lac_rac_entry);
+		lre->rai = *rai;
+		llist_add(&lre->entry, &rnc->lac_rac_list);
+		global_iu_event_new_area(&rnc->rnc_id, rai);
+	}
+	/* else, LAC,RAC already recorded with the current RNC. */
+}
+
+void iu_rnc_discard_all_ue_ctx(struct ranap_iu_rnc *rnc)
+{
+	struct ranap_ue_conn_ctx *ue_ctx, *ue_ctx_tmp;
+
+	llist_for_each_entry_safe(ue_ctx, ue_ctx_tmp, &sgsn->sccp.scu_iups->ue_conn_ctx_list, list) {
+		if (ue_ctx->rnc != rnc)
+			continue;
+		ue_conn_ctx_link_invalidated_free(ue_ctx);
+	}
+}
+
+/* Send a paging command down a given SCCP User. tmsi_or_ptmsi and paging_cause are
+ * optional and may be passed NULL and 0, respectively, to disable their use.
+ * See enum RANAP_PagingCause.
+ *
+ * If tmsi_or_ptmsi is given, the imsi is not sent over the air interface.
+ * Nevertheless, the IMSI is still required for resolution in the HNB-GW
+ * and/or(?) RNC.
+ *
+ * returns negative if paging couldn't be sent (eg. because RNC is currently
+ * unreachable in lower layers).
+ **/
+int iu_rnc_tx_paging_cmd(struct ranap_iu_rnc *rnc,
+			 const char *imsi,
+			 const uint32_t *tmsi_or_ptmsi,
+			 bool is_ps,
+			 uint32_t paging_cause)
+{
+	struct msgb *ranap_msg;
+	int rc;
+
+	/* rnc is not ready for paging (link not ready). */
+	if (rnc->fi->state != IU_RNC_ST_READY)
+		return -ENOLINK;
+
+	LOG_RNC(rnc, LOGL_DEBUG, "Paging %s for %s=%08x IMSI=%s\n",
+		is_ps ? "PS" : "CS",
+		is_ps ? "P-TMSI" : "TMSI",
+		tmsi_or_ptmsi ? *tmsi_or_ptmsi : GSM_RESERVED_TMSI,
+		imsi);
+
+	ranap_msg = ranap_new_msg_paging_cmd(imsi, tmsi_or_ptmsi, is_ps ? 1 : 0, paging_cause);
+	if (!ranap_msg)
+		return -EINVAL;
+
+	rc = osmo_fsm_inst_dispatch(rnc->fi, IU_RNC_EV_MSG_DOWN_CL, ranap_msg);
+	if (rc != 0)
+		msgb_free(ranap_msg);
+	return rc;
+}

src/sgsn/iu_rnc_fsm.c

@@ -0,0 +1,374 @@
+/* A remote RNC (Radio Network Controller) FSM */
+
+/* (C) 2025 by sysmocom s.f.m.c. GmbH <info@sysmocom.de>
+ * All Rights Reserved
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#include "config.h"
+
+#include <stdint.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdbool.h>
+
+#include <osmocom/core/logging.h>
+#include <osmocom/core/fsm.h>
+#include <osmocom/core/tdef.h>
+
+#include <osmocom/sigtran/sccp_helpers.h>
+
+#include <osmocom/sgsn/debug.h>
+#include <osmocom/sgsn/gprs_ranap.h>
+#include <osmocom/sgsn/iu_rnc_fsm.h>
+#include <osmocom/sgsn/iu_rnc.h>
+#include <osmocom/sgsn/sgsn.h>
+
+#define S(x)	(1 << (x))
+
+struct osmo_fsm iu_rnc_fsm;
+
+
+static const struct osmo_tdef_state_timeout iu_rnc_fsm_timeouts[32] = {
+	[IU_RNC_ST_WAIT_RX_RESET_ACK] = { .T = -1002 },
+	[IU_RNC_ST_DISCARDING] = { .T = -1002 },
+};
+
+#define iu_rnc_state_chg(iu_rnc, next_st) \
+	osmo_tdef_fsm_inst_state_chg((iu_rnc)->fi, next_st, iu_rnc_fsm_timeouts, sgsn_T_defs, 5)
+
+static const struct value_string iu_rnc_fsm_event_names[] = {
+	OSMO_VALUE_STRING(IU_RNC_EV_MSG_UP_CO_INITIAL),
+	OSMO_VALUE_STRING(IU_RNC_EV_MSG_UP_CO),
+	OSMO_VALUE_STRING(IU_RNC_EV_RX_RESET),
+	OSMO_VALUE_STRING(IU_RNC_EV_RX_RESET_ACK),
+	OSMO_VALUE_STRING(IU_RNC_EV_MSG_DOWN_CL),
+	OSMO_VALUE_STRING(IU_RNC_EV_AVAILABLE),
+	OSMO_VALUE_STRING(IU_RNC_EV_UNAVAILABLE),
+	{}
+};
+
+/* Drop all SCCP connections for this iu_rnc, respond with RESET ACKNOWLEDGE and move to READY state. */
+static void iu_rnc_rx_reset(struct ranap_iu_rnc *rnc)
+{
+	struct msgb *reset_ack;
+	struct iu_grnc_id grnc_id;
+	sgsn_ranap_iu_grnc_id_compose(&grnc_id, &rnc->rnc_id);
+
+	iu_rnc_discard_all_ue_ctx(rnc);
+
+	reset_ack = ranap_new_msg_reset_ack(RANAP_CN_DomainIndicator_ps_domain, &grnc_id.grnc_id);
+	if (!reset_ack) {
+		LOG_RNC(rnc, LOGL_ERROR, "Failed to compose RESET ACKNOWLEDGE message\n");
+		iu_rnc_state_chg(rnc, IU_RNC_ST_WAIT_RX_RESET);
+		return;
+	}
+	if (sgsn_ranap_iu_tx_cl(rnc->scu_iups, &rnc->sccp_addr, reset_ack) < 0) {
+		LOG_RNC(rnc, LOGL_ERROR, "Failed to send RESET ACKNOWLEDGE message\n");
+		iu_rnc_state_chg(rnc, IU_RNC_ST_WAIT_RX_RESET);
+		return;
+	}
+
+	LOG_RNC(rnc, LOGL_INFO, "Sent RESET ACKNOWLEDGE\n");
+	iu_rnc_state_chg(rnc, IU_RNC_ST_READY);
+}
+
+static void iu_rnc_reset(struct ranap_iu_rnc *rnc)
+{
+	struct msgb *reset;
+	const RANAP_Cause_t cause = {
+		.present = RANAP_Cause_PR_protocol,
+		.choice = {
+			.protocol = RANAP_CauseProtocol_message_not_compatible_with_receiver_state,
+		},
+	};
+
+	iu_rnc_state_chg(rnc, IU_RNC_ST_WAIT_RX_RESET_ACK);
+	iu_rnc_discard_all_ue_ctx(rnc);
+
+	reset = ranap_new_msg_reset(RANAP_CN_DomainIndicator_ps_domain, &cause);
+	if (!reset) {
+		LOG_RNC(rnc, LOGL_ERROR, "Failed to compose RESET message\n");
+		iu_rnc_state_chg(rnc, IU_RNC_ST_WAIT_RX_RESET);
+		return;
+	}
+
+	if (sgsn_ranap_iu_tx_cl(rnc->scu_iups, &rnc->sccp_addr, reset) < 0) {
+		LOG_RNC(rnc, LOGL_ERROR, "Failed to send RESET message\n");
+		iu_rnc_state_chg(rnc, IU_RNC_ST_WAIT_RX_RESET);
+		return;
+	}
+}
+
+static void iu_rnc_st_wait_rx_reset(struct osmo_fsm_inst *fi, uint32_t event, void *data)
+{
+	struct ranap_iu_rnc *rnc = fi->priv;
+	switch (event) {
+
+	case IU_RNC_EV_MSG_UP_CO:
+	case IU_RNC_EV_MSG_UP_CO_INITIAL:
+		OSMO_ASSERT(data);
+
+#define LEGACY_BEHAVIOR
+#ifdef LEGACY_BEHAVIOR
+		LOG_RNC(rnc, LOGL_ERROR, "Receiving CO message on RAN peer that has not done a proper RESET yet."
+			" Accepting RAN peer implicitly (legacy compat)\n");
+		iu_rnc_state_chg(rnc, IU_RNC_ST_READY);
+		osmo_fsm_inst_dispatch(rnc->fi, event, data);
+		return;
+#else
+		LOG_RNC(rnc, LOGL_ERROR, "Receiving CO message on RAN peer that has not done a proper RESET yet."
+			     " Disconnecting on incoming message, sending RESET to RAN peer.\n");
+		/* No valid RESET procedure has happened here yet. Usually, we're expecting the RAN peer (BSC,
+		 * RNC) to first send a RESET message before sending Connection Oriented messages. So if we're
+		 * getting a CO message, likely we've just restarted or something. Send a RESET to the peer. */
+
+		/* Make sure the MS / UE properly disconnects. */
+		clear_and_disconnect(rnc, ctx->conn_id);
+
+		iu_rnc_reset(rnc);
+		return;
+#endif
+
+	case IU_RNC_EV_RX_RESET:
+		iu_rnc_rx_reset(rnc);
+		return;
+
+	case IU_RNC_EV_AVAILABLE:
+		/* Send a RESET to the peer. */
+		iu_rnc_reset(rnc);
+		return;
+
+	case IU_RNC_EV_UNAVAILABLE:
+		/* Do nothing, wait for peer to come up again. */
+		return;
+
+	default:
+		LOG_RNC(rnc, LOGL_ERROR, "Unhandled event: %s\n", osmo_fsm_event_name(&iu_rnc_fsm, event));
+		return;
+	}
+}
+
+static void iu_rnc_st_wait_rx_reset_ack(struct osmo_fsm_inst *fi, uint32_t event, void *data)
+{
+	struct ranap_iu_rnc *rnc = fi->priv;
+	struct iu_rnc_ev_msg_up_co_initial_ctx *ev_msg_up_co_initial_ctx;
+	struct iu_rnc_ev_msg_up_co_ctx *ev_msg_up_co_ctx;
+
+	switch (event) {
+
+	case IU_RNC_EV_RX_RESET_ACK:
+		iu_rnc_state_chg(rnc, IU_RNC_ST_READY);
+		return;
+
+
+	case IU_RNC_EV_MSG_UP_CO_INITIAL:
+		ev_msg_up_co_initial_ctx = data;
+		OSMO_ASSERT(ev_msg_up_co_initial_ctx);
+		LOG_RNC(rnc, LOGL_ERROR, "Receiving CO Initial message on RAN peer that has not done a proper RESET yet."
+			     " Disconnecting on incoming message, sending RESET to RAN peer.\n");
+		osmo_sccp_tx_disconn(ev_msg_up_co_initial_ctx->rnc->scu_iups->scu,
+				     ev_msg_up_co_initial_ctx->conn_id, NULL, 0);
+		/* No valid RESET procedure has happened here yet. */
+		iu_rnc_reset(rnc);
+		return;
+		return;
+	case IU_RNC_EV_MSG_UP_CO:
+		ev_msg_up_co_ctx = data;
+		OSMO_ASSERT(ev_msg_up_co_ctx);
+		LOG_RNC(rnc, LOGL_ERROR, "Receiving CO message on RAN peer that has not done a proper RESET yet."
+			     " Disconnecting on incoming message, sending RESET to RAN peer.\n");
+		ue_conn_ctx_link_invalidated_free(ev_msg_up_co_ctx->ue_ctx);
+		/* No valid RESET procedure has happened here yet. */
+		iu_rnc_reset(rnc);
+		return;
+
+	case IU_RNC_EV_RX_RESET:
+		iu_rnc_rx_reset(rnc);
+		return;
+
+	case IU_RNC_EV_AVAILABLE:
+		/* Send a RESET to the peer. */
+		iu_rnc_reset(rnc);
+		return;
+
+	case IU_RNC_EV_UNAVAILABLE:
+		iu_rnc_state_chg(rnc, IU_RNC_ST_WAIT_RX_RESET);
+		return;
+
+	default:
+		LOG_RNC(rnc, LOGL_ERROR, "Unhandled event: %s\n", osmo_fsm_event_name(&iu_rnc_fsm, event));
+		return;
+	}
+}
+
+static void iu_rnc_st_ready_onenter(struct osmo_fsm_inst *fi, uint32_t prev_state)
+{
+	if (prev_state != IU_RNC_ST_READY)
+		sgsn_stat_inc(SGSN_STAT_IU_PEERS_ACTIVE, 1);
+}
+
+static void iu_rnc_st_ready(struct osmo_fsm_inst *fi, uint32_t event, void *data)
+{
+	struct ranap_iu_rnc *rnc = fi->priv;
+	struct iu_rnc_ev_msg_up_co_initial_ctx *ev_msg_up_co_initial_ctx;
+	struct iu_rnc_ev_msg_up_co_ctx *ev_msg_up_co_ctx;
+
+	switch (event) {
+
+	case IU_RNC_EV_MSG_UP_CO_INITIAL:
+		ev_msg_up_co_initial_ctx = data;
+		OSMO_ASSERT(ev_msg_up_co_initial_ctx);
+		OSMO_ASSERT(ev_msg_up_co_initial_ctx->rnc);
+
+		sgsn_ranap_iu_handle_co_initial(ev_msg_up_co_initial_ctx->rnc,
+						      ev_msg_up_co_initial_ctx->conn_id,
+						      &ev_msg_up_co_initial_ctx->message);
+		return;
+
+	case IU_RNC_EV_MSG_UP_CO:
+		ev_msg_up_co_ctx = data;
+		OSMO_ASSERT(ev_msg_up_co_ctx);
+		OSMO_ASSERT(ev_msg_up_co_ctx->ue_ctx);
+
+		sgsn_ranap_iu_handle_co(ev_msg_up_co_ctx->ue_ctx, &ev_msg_up_co_ctx->message);
+		return;
+
+	case IU_RNC_EV_RX_RESET:
+		iu_rnc_rx_reset(rnc);
+		return;
+
+	case IU_RNC_EV_MSG_DOWN_CL:
+		OSMO_ASSERT(data);
+		sgsn_ranap_iu_tx_cl(rnc->scu_iups, &rnc->sccp_addr, (struct msgb *)data);
+		return;
+
+	case IU_RNC_EV_AVAILABLE:
+		/* Do nothing, we were already up. */
+		return;
+
+	case IU_RNC_EV_UNAVAILABLE:
+		iu_rnc_discard_all_ue_ctx(rnc);
+		iu_rnc_state_chg(rnc, IU_RNC_ST_WAIT_RX_RESET);
+		return;
+
+	default:
+		LOG_RNC(rnc, LOGL_ERROR, "Unhandled event: %s\n", osmo_fsm_event_name(&iu_rnc_fsm, event));
+		return;
+	}
+}
+
+static void iu_rnc_st_ready_onleave(struct osmo_fsm_inst *fi, uint32_t next_state)
+{
+	if (next_state != IU_RNC_ST_READY)
+		sgsn_stat_dec(SGSN_STAT_IU_PEERS_ACTIVE, 1);
+}
+
+static int iu_rnc_fsm_timer_cb(struct osmo_fsm_inst *fi)
+{
+	struct ranap_iu_rnc *rnc = fi->priv;
+	iu_rnc_state_chg(rnc, IU_RNC_ST_WAIT_RX_RESET);
+	return 0;
+}
+
+static void iu_rnc_fsm_cleanup(struct osmo_fsm_inst *fi, enum osmo_fsm_term_cause cause)
+{
+	struct ranap_iu_rnc *rnc = fi->priv;
+
+	iu_rnc_discard_all_ue_ctx(rnc);
+
+	if (rnc->fi->state == IU_RNC_ST_READY)
+		sgsn_stat_dec(SGSN_STAT_IU_PEERS_ACTIVE, 1);
+	sgsn_stat_dec(SGSN_STAT_IU_PEERS_TOTAL, 1);
+}
+
+static const struct osmo_fsm_state iu_rnc_fsm_states[] = {
+	[IU_RNC_ST_WAIT_RX_RESET] = {
+		.name = "WAIT_RX_RESET",
+		.action = iu_rnc_st_wait_rx_reset,
+		.in_event_mask = 0
+			| S(IU_RNC_EV_RX_RESET)
+			| S(IU_RNC_EV_MSG_UP_CO_INITIAL)
+			| S(IU_RNC_EV_MSG_UP_CO)
+			| S(IU_RNC_EV_AVAILABLE)
+			| S(IU_RNC_EV_UNAVAILABLE)
+			,
+		.out_state_mask = 0
+			| S(IU_RNC_ST_WAIT_RX_RESET)
+			| S(IU_RNC_ST_WAIT_RX_RESET_ACK)
+			| S(IU_RNC_ST_READY)
+			| S(IU_RNC_ST_DISCARDING)
+			,
+	},
+	[IU_RNC_ST_WAIT_RX_RESET_ACK] = {
+		.name = "WAIT_RX_RESET_ACK",
+		.action = iu_rnc_st_wait_rx_reset_ack,
+		.in_event_mask = 0
+			| S(IU_RNC_EV_RX_RESET)
+			| S(IU_RNC_EV_RX_RESET_ACK)
+			| S(IU_RNC_EV_MSG_UP_CO_INITIAL)
+			| S(IU_RNC_EV_MSG_UP_CO)
+			| S(IU_RNC_EV_AVAILABLE)
+			| S(IU_RNC_EV_UNAVAILABLE)
+			,
+		.out_state_mask = 0
+			| S(IU_RNC_ST_WAIT_RX_RESET)
+			| S(IU_RNC_ST_WAIT_RX_RESET_ACK)
+			| S(IU_RNC_ST_READY)
+			| S(IU_RNC_ST_DISCARDING)
+			,
+	},
+	[IU_RNC_ST_READY] = {
+		.name = "READY",
+		.action = iu_rnc_st_ready,
+		.onenter = iu_rnc_st_ready_onenter,
+		.onleave = iu_rnc_st_ready_onleave,
+		.in_event_mask = 0
+			| S(IU_RNC_EV_RX_RESET)
+			| S(IU_RNC_EV_MSG_UP_CO_INITIAL)
+			| S(IU_RNC_EV_MSG_UP_CO)
+			| S(IU_RNC_EV_MSG_DOWN_CL)
+			| S(IU_RNC_EV_AVAILABLE)
+			| S(IU_RNC_EV_UNAVAILABLE)
+			,
+		.out_state_mask = 0
+			| S(IU_RNC_ST_WAIT_RX_RESET)
+			| S(IU_RNC_ST_WAIT_RX_RESET_ACK)
+			| S(IU_RNC_ST_READY)
+			| S(IU_RNC_ST_DISCARDING)
+			,
+	},
+	[IU_RNC_ST_DISCARDING] = {
+		.name = "DISCARDING",
+	},
+};
+
+struct osmo_fsm iu_rnc_fsm = {
+	.name = "iu_rnc",
+	.states = iu_rnc_fsm_states,
+	.num_states = ARRAY_SIZE(iu_rnc_fsm_states),
+	.log_subsys = DRANAP,
+	.event_names = iu_rnc_fsm_event_names,
+	.timer_cb = iu_rnc_fsm_timer_cb,
+	.cleanup = iu_rnc_fsm_cleanup,
+};
+
+static __attribute__((constructor)) void iu_rnc_init(void)
+{
+	OSMO_ASSERT(osmo_fsm_register(&iu_rnc_fsm) == 0);
+}

src/sgsn/mmctx.c

@@ -19,6 +19,8 @@
  *
  */
 
+#include "config.h"
+
 #include <stdint.h>
 
 #include <osmocom/core/linuxlist.h>
@@ -51,6 +53,7 @@
 #include <osmocom/sgsn/gprs_mm_state_iu_fsm.h>
 #include <osmocom/sgsn/gprs_gmm_fsm.h>
 #include <osmocom/sgsn/gprs_llc.h>
+#include <osmocom/sgsn/gprs_ranap.h>
 #include <osmocom/sgsn/gprs_sndcp.h>
 #include <osmocom/sgsn/gtp_ggsn.h>
 #include <osmocom/sgsn/gtp.h>
@@ -58,8 +61,6 @@
 
 #include <time.h>
 
-#include "../../config.h"
-
 const struct value_string sgsn_ran_type_names[] = {
 	{ MM_CTX_T_GERAN_Gb, "GPRS/EDGE via Gb" },
 	{ MM_CTX_T_UTRAN_Iu, "UMTS via Iu" },
@@ -608,3 +609,46 @@ bool sgsn_mm_ctx_is_r99(const struct sgsn_mm_ctx *mm)
 		return true;
 	return false;
 }
+
+#if BUILD_IU
+/* Send RAB activation requests for all PDP contexts */
+void sgsn_mm_ctx_iu_activate_rabs(struct sgsn_mm_ctx *ctx)
+{
+	struct sgsn_pdp_ctx *pdp;
+	OSMO_ASSERT(ctx->ran_type == MM_CTX_T_UTRAN_Iu);
+
+	llist_for_each_entry(pdp, &ctx->pdp_list, list)
+		sgsn_pdp_ctx_iu_rab_activate(pdp, pdp->nsapi);
+}
+
+/* send a Iu Release Command and free afterwards the UE context */
+void sgsn_mm_ctx_iu_ranap_release_free(struct sgsn_mm_ctx *mmctx,
+				       const struct RANAP_Cause *cause)
+{
+	unsigned long X1001;
+
+	if (!mmctx)
+		return;
+
+	if (!mmctx->iu.ue_ctx)
+		return;
+
+	X1001 = osmo_tdef_get(sgsn->cfg.T_defs, -1001, OSMO_TDEF_S, -1);
+
+	sgsn_ranap_iu_tx_release_free(mmctx->iu.ue_ctx, cause, (int) X1001);
+	mmctx->iu.ue_ctx = NULL;
+}
+
+/* free the Iu UE context */
+void sgsn_mm_ctx_iu_ranap_free(struct sgsn_mm_ctx *mmctx)
+{
+	if (!mmctx)
+		return;
+
+	if (!mmctx->iu.ue_ctx)
+		return;
+
+	sgsn_ranap_iu_free_ue(mmctx->iu.ue_ctx);
+	mmctx->iu.ue_ctx = NULL;
+}
+#endif

src/sgsn/pdpctx.c

@@ -19,6 +19,8 @@
  *
  */
 
+#include "config.h"
+
 #include <stdint.h>
 
 #include <osmocom/core/linuxlist.h>
@@ -36,6 +38,7 @@
 #include <osmocom/sgsn/gprs_llc_xid.h>
 #include <osmocom/sgsn/gprs_sndcp.h>
 #include <osmocom/sgsn/gprs_llc.h>
+#include <osmocom/sgsn/gprs_ranap.h>
 #include <osmocom/sgsn/gprs_sm.h>
 #include <osmocom/sgsn/gtp.h>
 
@@ -156,3 +159,36 @@ void sgsn_pdp_ctx_free(struct sgsn_pdp_ctx *pdp)
 
 	talloc_free(pdp);
 }
+
+#ifdef BUILD_IU
+int sgsn_pdp_ctx_iu_rab_activate(struct sgsn_pdp_ctx *pdp, uint8_t rab_id)
+{
+	struct sgsn_mm_ctx *mm = pdp->mm;
+	struct ranap_ue_conn_ctx *ue_ctx;
+	uint32_t ggsn_ip;
+
+	OSMO_ASSERT(mm->ran_type == MM_CTX_T_UTRAN_Iu);
+	ue_ctx = mm->iu.ue_ctx;
+
+	/* Get the IP address for ggsn user plane */
+	memcpy(&ggsn_ip, pdp->lib->gsnru.v, pdp->lib->gsnru.l);
+	ggsn_ip = htonl(ggsn_ip);
+
+	LOGPDPCTXP(LOGL_INFO, pdp, "Activate RAB: rab_id=%u, ggsn_ip=%x, teid_gn=%x\n",
+		   rab_id, ggsn_ip, pdp->lib->teid_gn);
+
+	return sgsn_ranap_iu_tx_rab_ps_ass_req(ue_ctx, rab_id, ggsn_ip, pdp->lib->teid_gn);
+}
+
+int sgsn_pdp_ctx_iu_rab_deactivate(struct sgsn_pdp_ctx *pdp, uint8_t rab_id)
+{
+	struct sgsn_mm_ctx *mm = pdp->mm;
+
+	OSMO_ASSERT(mm->ran_type == MM_CTX_T_UTRAN_Iu);
+
+	LOGPDPCTXP(LOGL_NOTICE, pdp, "Release RAB: rab_id=%u not supported!\n", rab_id);
+	//struct ranap_ue_conn_ctx *ue_ctx = mm->iu.ue_ctx;
+	// TODO: add new function similar to sgsn_ranap_iu_tx_rab_ps_ass_req() but requesting relese of RAB.
+	return -ENOTSUP;
+}
+#endif /* ifdef BUILD_IU */

src/sgsn/sccp.c

@@ -0,0 +1,424 @@
+/* SCCP Handling */
+/* (C) 2025 by sysmocom - s.f.m.c. GmbH <info@sysmocom.de>
+ * All Rights Reserved
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#include "config.h"
+
+#include <stdint.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdbool.h>
+
+#include <osmocom/sigtran/sccp_sap.h>
+#include <osmocom/sigtran/sccp_helpers.h>
+#include <osmocom/sccp/sccp_types.h>
+
+#include <osmocom/sgsn/debug.h>
+#include <osmocom/sgsn/iu_client.h>
+#include <osmocom/sgsn/iu_rnc.h>
+#include <osmocom/sgsn/iu_rnc_fsm.h>
+#include <osmocom/sgsn/gprs_ranap.h>
+#include <osmocom/sgsn/sccp.h>
+#include <osmocom/sgsn/sgsn.h>
+
+/* Entry to cache conn_id <-> sccp_addr mapping in case we receive an empty CR */
+struct iu_new_ctx_entry {
+	struct llist_head list;
+
+	uint32_t conn_id;
+	struct osmo_sccp_addr sccp_addr;
+};
+
+static int sccp_sap_up(struct osmo_prim_hdr *oph, void *_scu);
+
+struct sgsn_sccp_user_iups *sgsn_scu_iups_inst_alloc(struct sgsn_instance *sgsn, struct osmo_sccp_instance *sccp)
+{
+	struct sgsn_sccp_user_iups *scu_iups;
+
+	scu_iups = talloc_zero(sgsn, struct sgsn_sccp_user_iups);
+	OSMO_ASSERT(scu_iups);
+
+	scu_iups->sgsn = sgsn;
+	scu_iups->sccp = sccp;
+
+	INIT_LLIST_HEAD(&scu_iups->ue_conn_ctx_list);
+	INIT_LLIST_HEAD(&scu_iups->ue_conn_sccp_addr_list);
+
+	osmo_sccp_local_addr_by_instance(&scu_iups->local_sccp_addr, scu_iups->sccp, OSMO_SCCP_SSN_RANAP);
+	scu_iups->scu = osmo_sccp_user_bind(scu_iups->sccp, "OsmoSGSN-IuPS", sccp_sap_up, OSMO_SCCP_SSN_RANAP);
+	osmo_sccp_user_set_priv(scu_iups->scu, scu_iups);
+
+	return scu_iups;
+}
+
+void sgsn_scu_iups_free(struct sgsn_sccp_user_iups *scu_iups)
+{
+	if (!scu_iups)
+		return;
+
+	if (scu_iups->scu)
+		osmo_sccp_user_unbind(scu_iups->scu);
+	talloc_free(scu_iups);
+}
+
+/* wrap RANAP message in SCCP N-DATA.req
+ * ranap_msg becomes owned by the callee. */
+int sgsn_scu_iups_tx_data_req(struct sgsn_sccp_user_iups *scu_iups, uint32_t conn_id, struct msgb *ranap_msg)
+{
+	struct osmo_scu_prim *prim;
+	int rc;
+
+	if (!scu_iups) {
+		LOGP(DSUA, LOGL_ERROR, "Failed to send SCCP N-DATA.req(%u): no SCCP User\n", conn_id);
+		return -1;
+	}
+
+	ranap_msg->l2h = ranap_msg->data;
+	prim = (struct osmo_scu_prim *)msgb_push(ranap_msg, sizeof(*prim));
+	osmo_prim_init(&prim->oph, SCCP_SAP_USER, OSMO_SCU_PRIM_N_DATA, PRIM_OP_REQUEST, ranap_msg);
+	prim->u.data.conn_id = conn_id;
+
+	rc = osmo_sccp_user_sap_down(scu_iups->scu, &prim->oph);
+	if (rc)
+		LOGP(DSUA, LOGL_ERROR, "Failed to send SCCP N-DATA.req(%u)\n", conn_id);
+	return rc;
+}
+
+struct ranap_ue_conn_ctx *sgsn_scu_iups_ue_conn_ctx_find(struct sgsn_sccp_user_iups *scu_iups, uint32_t conn_id)
+{
+	struct ranap_ue_conn_ctx *ctx;
+
+	llist_for_each_entry(ctx, &scu_iups->ue_conn_ctx_list, list) {
+		if (ctx->conn_id == conn_id)
+			return ctx;
+	}
+	return NULL;
+}
+
+static void ue_conn_sccp_addr_add(struct sgsn_sccp_user_iups *scu_iups, uint32_t conn_id, const struct osmo_sccp_addr *calling_addr)
+{
+	struct iu_new_ctx_entry *entry = talloc_zero(scu_iups, struct iu_new_ctx_entry);
+
+	entry->conn_id = conn_id;
+	entry->sccp_addr = *calling_addr;
+
+	llist_add(&entry->list, &scu_iups->ue_conn_sccp_addr_list);
+}
+
+static const struct osmo_sccp_addr *ue_conn_sccp_addr_find(struct sgsn_sccp_user_iups *scu_iups, uint32_t conn_id)
+{
+	struct iu_new_ctx_entry *entry;
+	llist_for_each_entry(entry, &scu_iups->ue_conn_sccp_addr_list, list) {
+		if (entry->conn_id == conn_id)
+			return &entry->sccp_addr;
+	}
+	return NULL;
+}
+
+static void ue_conn_sccp_addr_del(struct sgsn_sccp_user_iups *scu_iups, uint32_t conn_id)
+{
+	struct iu_new_ctx_entry *entry;
+	llist_for_each_entry(entry, &scu_iups->ue_conn_sccp_addr_list, list) {
+		if (entry->conn_id == conn_id) {
+			llist_del(&entry->list);
+			talloc_free(entry);
+			return;
+		}
+	}
+}
+
+static void handle_notice_ind(struct sgsn_sccp_user_iups *scu_iups, const struct osmo_scu_notice_param *ni)
+{
+	struct ranap_iu_rnc *rnc;
+
+	rnc = iu_rnc_find_by_addr(&ni->calling_addr);
+
+	if (!rnc) {
+		LOGP(DSUA, LOGL_DEBUG,
+		     "(calling_addr=%s) N-NOTICE.ind cause=%u='%s' importance=%u didn't match any RNC, ignoring\n",
+		     osmo_sccp_addr_dump(&ni->calling_addr),
+		     ni->cause, osmo_sccp_return_cause_name(ni->cause),
+		     ni->importance);
+		return;
+	}
+
+	LOG_RNC(rnc, LOGL_NOTICE,
+		"N-NOTICE.ind cause=%u='%s' importance=%u\n",
+		ni->cause, osmo_sccp_return_cause_name(ni->cause),
+		ni->importance);
+
+	switch (ni->cause) {
+	case SCCP_RETURN_CAUSE_SUBSYSTEM_CONGESTION:
+	case SCCP_RETURN_CAUSE_NETWORK_CONGESTION:
+		/* Transient failures (hopefully), keep going. */
+		return;
+	default:
+		break;
+	}
+
+	/* Messages are not arriving to rnc. Signal it is unavailable to update local state. */
+	osmo_fsm_inst_dispatch(rnc->fi, IU_RNC_EV_UNAVAILABLE, NULL);
+}
+
+static void handle_pcstate_ind(struct sgsn_sccp_user_iups *scu_iups, const struct osmo_scu_pcstate_param *pcst)
+{
+	struct osmo_ss7_instance *cs7 = osmo_sccp_get_ss7(scu_iups->sccp);
+	struct osmo_sccp_addr rem_addr;
+	struct ranap_iu_rnc *rnc;
+	bool connected;
+	bool disconnected;
+
+	LOGP(DSUA, LOGL_DEBUG, "N-PCSTATE ind: affected_pc=%u=%s sp_status=%s remote_sccp_status=%s\n",
+	     pcst->affected_pc, osmo_ss7_pointcode_print(cs7, pcst->affected_pc),
+	     osmo_sccp_sp_status_name(pcst->sp_status),
+	     osmo_sccp_rem_sccp_status_name(pcst->remote_sccp_status));
+
+	osmo_sccp_make_addr_pc_ssn(&rem_addr, pcst->affected_pc, OSMO_SCCP_SSN_RANAP);
+
+	rnc = iu_rnc_find_by_addr(&rem_addr);
+	if (!rnc) {
+		LOGP(DSUA, LOGL_DEBUG, "No RNC found under pc=%u=s%s\n",
+		     pcst->affected_pc, osmo_ss7_pointcode_print(cs7, pcst->affected_pc));
+		return;
+	}
+
+	/* See if this marks the point code to have become available, or to have been lost.
+	 *
+	 * I want to detect two events:
+	 * - connection event (both indicators say PC is reachable).
+	 * - disconnection event (at least one indicator says the PC is not reachable).
+	 *
+	 * There are two separate incoming indicators with various possible values -- the incoming events can be:
+	 *
+	 * - neither connection nor disconnection indicated -- just indicating congestion
+	 *   connected == false, disconnected == false --> do nothing.
+	 * - both incoming values indicate that we are connected
+	 *   --> trigger connected
+	 * - both indicate we are disconnected
+	 *   --> trigger disconnected
+	 * - one value indicates 'connected', the other indicates 'disconnected'
+	 *   --> trigger disconnected
+	 *
+	 * Congestion could imply that we're connected, but it does not indicate
+	 * that a PC's reachability changed, so no need to trigger on that.
+	 */
+	connected = false;
+	disconnected = false;
+
+	switch (pcst->sp_status) {
+	case OSMO_SCCP_SP_S_ACCESSIBLE:
+		connected = true;
+		break;
+	case OSMO_SCCP_SP_S_INACCESSIBLE:
+		disconnected = true;
+		break;
+	default:
+	case OSMO_SCCP_SP_S_CONGESTED:
+		/* Neither connecting nor disconnecting */
+		break;
+	}
+
+	switch (pcst->remote_sccp_status) {
+	case OSMO_SCCP_REM_SCCP_S_AVAILABLE:
+		if (!disconnected)
+			connected = true;
+		break;
+	case OSMO_SCCP_REM_SCCP_S_UNAVAILABLE_UNKNOWN:
+	case OSMO_SCCP_REM_SCCP_S_UNEQUIPPED:
+	case OSMO_SCCP_REM_SCCP_S_INACCESSIBLE:
+		disconnected = true;
+		connected = false;
+		break;
+	default:
+	case OSMO_SCCP_REM_SCCP_S_CONGESTED:
+		/* Neither connecting nor disconnecting */
+		break;
+	}
+
+	if (disconnected) {
+		LOG_RNC(rnc, LOGL_NOTICE,
+			"now unreachable: N-PCSTATE ind: pc=%u=%s sp_status=%s remote_sccp_status=%s\n",
+			pcst->affected_pc, osmo_ss7_pointcode_print(cs7, pcst->affected_pc),
+			osmo_sccp_sp_status_name(pcst->sp_status),
+			osmo_sccp_rem_sccp_status_name(pcst->remote_sccp_status));
+		osmo_fsm_inst_dispatch(rnc->fi, IU_RNC_EV_UNAVAILABLE, NULL);
+	} else if (connected) {
+		LOG_RNC(rnc, LOGL_NOTICE,
+			"now available: N-PCSTATE ind: pc=%u=%s sp_status=%s remote_sccp_status=%s\n",
+			pcst->affected_pc, osmo_ss7_pointcode_print(cs7, pcst->affected_pc),
+			osmo_sccp_sp_status_name(pcst->sp_status),
+			osmo_sccp_rem_sccp_status_name(pcst->remote_sccp_status));
+		osmo_fsm_inst_dispatch(rnc->fi, IU_RNC_EV_AVAILABLE, NULL);
+	}
+}
+
+static struct osmo_prim_hdr *make_conn_resp(struct osmo_scu_connect_param *param)
+{
+	struct msgb *msg = msgb_alloc(1024, "conn_resp");
+	struct osmo_scu_prim *prim;
+
+	prim = (struct osmo_scu_prim *) msgb_put(msg, sizeof(*prim));
+	osmo_prim_init(&prim->oph, SCCP_SAP_USER,
+			OSMO_SCU_PRIM_N_CONNECT,
+			PRIM_OP_RESPONSE, msg);
+	memcpy(&prim->u.connect, param, sizeof(prim->u.connect));
+	return &prim->oph;
+}
+
+static int sccp_sap_up(struct osmo_prim_hdr *oph, void *_scu)
+{
+	struct osmo_sccp_user *scu = _scu;
+	struct osmo_scu_prim *prim = (struct osmo_scu_prim *) oph;
+	struct sgsn_sccp_user_iups *scu_iups = osmo_sccp_user_get_priv(scu);
+	struct osmo_prim_hdr *resp = NULL;
+	int rc = -1;
+	struct ranap_ue_conn_ctx *ue;
+	uint32_t conn_id;
+
+	LOGP(DSUA, LOGL_DEBUG, "sccp_sap_up(%s)\n", osmo_scu_prim_name(oph));
+
+	switch (OSMO_PRIM_HDR(oph)) {
+	case OSMO_PRIM(OSMO_SCU_PRIM_N_CONNECT, PRIM_OP_CONFIRM):
+		/* confirmation of outbound connection */
+		break;
+	case OSMO_PRIM(OSMO_SCU_PRIM_N_CONNECT, PRIM_OP_INDICATION):
+		/* indication of new inbound connection request*/
+		conn_id = prim->u.connect.conn_id;
+		LOGP(DSUA, LOGL_DEBUG, "N-CONNECT.ind(X->%u)\n", conn_id);
+
+		/* first ensure the local SCCP socket is ACTIVE */
+		resp = make_conn_resp(&prim->u.connect);
+		osmo_sccp_user_sap_down(scu, resp);
+		/* then handle the RANAP payload */
+		if (/*  prim->u.connect.called_addr.ssn != OSMO_SCCP_SSN_RANAP || */
+		    !msgb_l2(oph->msg) || msgb_l2len(oph->msg) == 0) {
+			LOGP(DSUA, LOGL_DEBUG,
+			     "Received N-CONNECT.ind without data\n");
+			ue_conn_sccp_addr_add(scu_iups, conn_id, &prim->u.connect.calling_addr);
+		} else {
+			rc = sgsn_ranap_iu_rx_co_initial_msg(scu_iups, &prim->u.connect.calling_addr,
+							     conn_id,
+							     msgb_l2(oph->msg), msgb_l2len(oph->msg));
+		}
+		break;
+	case OSMO_PRIM(OSMO_SCU_PRIM_N_DISCONNECT, PRIM_OP_INDICATION):
+		/* indication of disconnect */
+		conn_id = prim->u.disconnect.conn_id;
+		LOGP(DSUA, LOGL_DEBUG, "N-DISCONNECT.ind(%u)\n", conn_id);
+
+		ue_conn_sccp_addr_del(scu_iups, conn_id);
+		ue = sgsn_scu_iups_ue_conn_ctx_find(scu_iups, conn_id);
+		if (!ue)
+			break;
+
+		rc = 0;
+		if (msgb_l2len(oph->msg) > 0)
+			rc = sgsn_ranap_iu_rx_co_msg(ue, msgb_l2(oph->msg), msgb_l2len(oph->msg));
+
+		/* A Iu Release event might be used to free the UE in cn_ranap_handle_co(). */
+		ue = sgsn_scu_iups_ue_conn_ctx_find(scu_iups, conn_id);
+		if (!ue)
+			break;
+		ue_conn_ctx_link_invalidated_free(ue);
+		break;
+	case OSMO_PRIM(OSMO_SCU_PRIM_N_DATA, PRIM_OP_INDICATION):
+		/* connection-oriented data received */
+		conn_id = prim->u.data.conn_id;
+		LOGP(DSUA, LOGL_DEBUG, "N-DATA.ind(%u, %s)\n", conn_id,
+		     osmo_hexdump(msgb_l2(oph->msg), msgb_l2len(oph->msg)));
+
+		/* resolve UE context */
+		ue = sgsn_scu_iups_ue_conn_ctx_find(scu_iups, conn_id);
+		if (!ue) {
+			/* Could be an InitialUE-Message after an empty CR, recreate new_ctx */
+			const struct osmo_sccp_addr *sccp_addr = ue_conn_sccp_addr_find(scu_iups, conn_id);
+			if (!sccp_addr) {
+				LOGP(DSUA, LOGL_NOTICE,
+				     "N-DATA.ind for unknown conn_id (%u)\n", conn_id);
+				break;
+			}
+			/* Hold copy of address before deleting it: */
+			struct osmo_sccp_addr rem_sccp_addr = *sccp_addr;
+			ue_conn_sccp_addr_del(scu_iups, conn_id);
+			rc = sgsn_ranap_iu_rx_co_initial_msg(scu_iups, &rem_sccp_addr, conn_id,
+							     msgb_l2(oph->msg), msgb_l2len(oph->msg));
+			break;
+		}
+		rc = sgsn_ranap_iu_rx_co_msg(ue, msgb_l2(oph->msg), msgb_l2len(oph->msg));
+		break;
+	case OSMO_PRIM(OSMO_SCU_PRIM_N_UNITDATA, PRIM_OP_INDICATION):
+		/* connection-less data received */
+		LOGP(DSUA, LOGL_DEBUG, "N-UNITDATA.ind(%s)\n",
+		     osmo_hexdump(msgb_l2(oph->msg), msgb_l2len(oph->msg)));
+		rc = sgsn_ranap_iu_rx_cl_msg(scu_iups, &prim->u.unitdata, msgb_l2(oph->msg), msgb_l2len(oph->msg));
+		break;
+	case OSMO_PRIM(OSMO_SCU_PRIM_N_NOTICE, PRIM_OP_INDICATION):
+		LOGP(DSUA, LOGL_DEBUG, "N-NOTICE.ind(%s)\n",
+		     osmo_hexdump(msgb_l2(oph->msg), msgb_l2len(oph->msg)));
+		handle_notice_ind(scu_iups, &prim->u.notice);
+		break;
+	case OSMO_PRIM(OSMO_SCU_PRIM_N_PCSTATE, PRIM_OP_INDICATION):
+		handle_pcstate_ind(scu_iups, &prim->u.pcstate);
+		break;
+	case OSMO_PRIM(OSMO_SCU_PRIM_N_STATE, PRIM_OP_INDICATION):
+		LOGP(DSUA, LOGL_DEBUG, "SCCP-User-SAP: Ignoring %s.%s\n",
+		     osmo_scu_prim_type_name(oph->primitive),
+		     get_value_string(osmo_prim_op_names, oph->operation));
+		break;
+	default:
+		break;
+	}
+
+	msgb_free(oph->msg);
+	return rc;
+}
+
+int sgsn_sccp_init(struct sgsn_instance *sgi)
+{
+	/* Note that these are mostly defaults and can be overridden from the VTY */
+	sgi->sccp.sccp = osmo_sccp_simple_client_on_ss7_id(tall_sgsn_ctx,
+							   sgi->cfg.iu.cs7_instance,
+							   "OsmoSGSN",
+							   (23 << 3) + 4,
+							   OSMO_SS7_ASP_PROT_M3UA,
+							   0, "localhost",
+							   0, "localhost");
+	if (!sgi->sccp.sccp) {
+		LOGP(DGPRS, LOGL_ERROR, "Setting up SCCP instance on cs7 instance %d failed!\n",
+		     sgi->cfg.iu.cs7_instance);
+		return -EINVAL;
+	}
+	osmo_sccp_set_priv(sgi->sccp.sccp, sgsn);
+
+	sgi->sccp.scu_iups = sgsn_scu_iups_inst_alloc(sgsn, sgi->sccp.sccp);
+	OSMO_ASSERT(sgi->sccp.scu_iups);
+
+	return 0;
+}
+
+void sgsn_sccp_release(struct sgsn_instance *sgi)
+{
+	sgsn_scu_iups_free(sgi->sccp.scu_iups);
+	sgi->sccp.scu_iups = NULL;
+	if (sgi->sccp.sccp) {
+		osmo_sccp_instance_destroy(sgi->sccp.sccp);
+		sgi->sccp.sccp = NULL;
+	}
+}

src/sgsn/sgsn.c

@@ -21,6 +21,8 @@
 
 #include <stdint.h>
 
+#include "config.h"
+
 #include <osmocom/core/linuxlist.h>
 #include <osmocom/core/talloc.h>
 #include <osmocom/core/timer.h>
@@ -58,13 +60,15 @@
 #include <osmocom/sgsn/gtp.h>
 #include <osmocom/sgsn/pdpctx.h>
 #include <osmocom/sgsn/gprs_routing_area.h>
+#if BUILD_IU
+#include <osmocom/sgsn/iu_rnc_fsm.h>
+#include <osmocom/sgsn/sccp.h>
+#endif /* #if BUILD_IU */
 
 #include <time.h>
 
 #define GPRS_LLME_CHECK_TICK 30
 
-extern struct osmo_tdef sgsn_T_defs[];
-
 static const struct rate_ctr_desc sgsn_ctr_description[] = {
 	{ "llc:dl_bytes", "Count sent LLC bytes before giving it to the bssgp layer" },
 	{ "llc:ul_bytes", "Count successful received LLC bytes (encrypt & fcs correct)" },
@@ -99,6 +103,20 @@ static const struct rate_ctr_group_desc sgsn_ctrg_desc = {
 	sgsn_ctr_description,
 };
 
+
+static const struct osmo_stat_item_desc sgsn_stat_item_description[] = {
+	[SGSN_STAT_IU_PEERS_TOTAL]	= { "iu_peers:total", "Total Iu peers (RNC, HNBGW) seen since startup", OSMO_STAT_ITEM_NO_UNIT, 4, 0},
+	[SGSN_STAT_IU_PEERS_ACTIVE]	= { "iu_peers:active", "Currently active Iu peers (RANAP ready)", OSMO_STAT_ITEM_NO_UNIT, 4, 0},
+};
+
+static const struct osmo_stat_item_group_desc sgsn_statg_desc = {
+	"sgsn",
+	"serving GPRS support node statistics",
+	OSMO_STATS_CLASS_GLOBAL,
+	ARRAY_SIZE(sgsn_stat_item_description),
+	sgsn_stat_item_description,
+};
+
 static void sgsn_llme_cleanup_free(struct gprs_llc_llme *llme)
 {
 	struct sgsn_mm_ctx *mmctx = NULL;
@@ -152,8 +170,12 @@ static void sgsn_llme_check_cb(void *data_)
 static int sgsn_instance_talloc_destructor(struct sgsn_instance *sgi)
 {
 	sgsn_cdr_release(sgi);
+#if BUILD_IU
+	sgsn_sccp_release(sgi);
+#endif /* #if BUILD_IU */
 	osmo_timer_del(&sgi->llme_timer);
 	rate_ctr_group_free(sgi->rate_ctrs);
+	osmo_stat_item_group_free(sgi->statg);
 	return 0;
 }
 
@@ -178,12 +200,17 @@ struct sgsn_instance *sgsn_instance_alloc(void *talloc_ctx)
 
 	inst->rate_ctrs = rate_ctr_group_alloc(inst, &sgsn_ctrg_desc, 0);
 	OSMO_ASSERT(inst->rate_ctrs);
+	inst->statg = osmo_stat_item_group_alloc(inst, &sgsn_statg_desc, 0);
+	OSMO_ASSERT(inst->statg);
 
 	INIT_LLIST_HEAD(&inst->apn_list);
 	INIT_LLIST_HEAD(&inst->ggsn_list);
 	INIT_LLIST_HEAD(&inst->mme_list);
 	INIT_LLIST_HEAD(&inst->mm_list);
 	INIT_LLIST_HEAD(&inst->pdp_list);
+#if BUILD_IU
+	INIT_LLIST_HEAD(&inst->rnc_list);
+#endif /* #if BUILD_IU */
 
 	osmo_timer_setup(&inst->llme_timer, sgsn_llme_check_cb, NULL);
 	osmo_timer_schedule(&inst->llme_timer, GPRS_LLME_CHECK_TICK, 0);
@@ -218,5 +245,13 @@ int sgsn_inst_init(struct sgsn_instance *sgsn)
 		LOGP(DGPRS, LOGL_FATAL, "Cannot set up SGSN\n");
 		return rc;
 	}
+
+#if BUILD_IU
+	rc = sgsn_sccp_init(sgsn);
+	if (rc < 0) {
+		LOGP(DGPRS, LOGL_FATAL, "Cannot set up SGSN SCCP layer\n");
+		return rc;
+	}
+#endif /* #if BUILD_IU */
 	return 0;
 }

src/sgsn/sgsn_libgtp.c

@@ -439,7 +439,7 @@ static int create_pdp_conf(struct pdp_t *pdp, void *cbp, int cause)
 	} else if (pctx->mm->ran_type == MM_CTX_T_UTRAN_Iu) {
 #ifdef BUILD_IU
 		/* Activate a radio bearer */
-		iu_rab_act_ps(pdp->nsapi, pctx);
+		sgsn_pdp_ctx_iu_rab_activate(pctx, pdp->nsapi);
 		return 0;
 #else
 		return -ENOTSUP;
@@ -564,7 +564,7 @@ static int delete_pdp_conf(struct pdp_t *pdp, void *cbp, int cause)
 		} else {
 #ifdef BUILD_IU
 			/* Deactivate radio bearer */
-			ranap_iu_rab_deact(pctx->mm->iu.ue_ctx, 1);
+			sgsn_pdp_ctx_iu_rab_deactivate(pctx, 1);
 #else
 			return -ENOTSUP;
 #endif

src/sgsn/sgsn_main.c

@@ -372,9 +372,6 @@ static bool file_exists(const char *path)
 int main(int argc, char **argv)
 {
 	int rc;
-#if BUILD_IU
-	struct osmo_sccp_instance *sccp;
-#endif
 
 	srand(time(NULL));
 	tall_sgsn_ctx = talloc_named_const(NULL, 0, "osmo_sgsn");
@@ -477,20 +474,7 @@ int main(int argc, char **argv)
 	}
 
 #if BUILD_IU
-	/* Note that these are mostly defaults and can be overriden from the VTY */
-	sccp = osmo_sccp_simple_client_on_ss7_id(tall_sgsn_ctx,
-						 sgsn->cfg.iu.cs7_instance,
-						 "OsmoSGSN",
-						 (23 << 3) + 4,
-						 OSMO_SS7_ASP_PROT_M3UA,
-						 0, "localhost",
-						 0, "localhost");
-	if (!sccp) {
-		printf("Setting up SCCP client failed.\n");
-		return 8;
-	}
-
-	ranap_iu_init(tall_sgsn_ctx, DRANAP, "OsmoSGSN-IuPS", sccp, gsm0408_gprs_rcvmsg_iu, sgsn_ranap_iu_event);
+	ranap_iu_init(tall_sgsn_ctx);
 #endif
 
 	if (daemonize) {

src/sgsn/sgsn_vty.c

@@ -98,7 +98,7 @@ const struct value_string sgsn_auth_pol_strs[] = {
 
 /* Non spec timer */
 #define NONSPEC_X1001_SECS     5       /* wait for a RANAP Release Complete */
-
+#define RANAP_TRafR_SECS       5       /* wait for a RANAP Release Complete */
 
 struct osmo_tdef sgsn_T_defs[] = {
 	{ .T=3312, .default_val=GSM0408_T3312_SECS, .desc="Periodic RA Update timer (s)" },
@@ -116,6 +116,7 @@ struct osmo_tdef sgsn_T_defs[] = {
 	/* non spec timers */
 	{ .T=-1001, .default_val=NONSPEC_X1001_SECS, .desc="RANAP Release timeout. Wait for RANAP Release Complete."
 							   "On expiry release Iu connection (s)" },
+	{ .T=-1002, .default_val=RANAP_TRafR_SECS, .desc="TRafR, Maximum time for Reset procedure in the CN (s)" },
 	{}
 };
 

tests/gprs_routing_area/Makefile.am

@@ -88,6 +88,9 @@ gprs_routing_area_test_LDADD += \
 	$(top_builddir)/src/sgsn/gprs_ranap.o \
 	$(top_builddir)/src/sgsn/gprs_mm_state_iu_fsm.o \
 	$(top_builddir)/src/sgsn/iu_client.o \
+	$(top_builddir)/src/sgsn/iu_rnc.o \
+	$(top_builddir)/src/sgsn/iu_rnc_fsm.o \
+	$(top_builddir)/src/sgsn/sccp.o \
 	$(LIBOSMORANAP_LIBS) \
 	$(LIBOSMOSIGTRAN_LIBS) \
 	$(LIBASN1C_LIBS) \

tests/osmo-sgsn_test-nodes.vty

@@ -13,6 +13,7 @@ T3386 = 8 s	Wait for MODIFY PDP CTX ACK timer (s) (default: 8 s)
 T3395 = 8 s	Wait for DEACT PDP CTX ACK timer (s) (default: 8 s)
 T3397 = 8 s	Wait for DEACT AA PDP CTX ACK timer (s) (default: 8 s)
 X1001 = 5 s	RANAP Release timeout. Wait for RANAP Release Complete.On expiry release Iu connection (s) (default: 5 s)
+X1002 = 5 s	TRafR, Maximum time for Reset procedure in the CN (s) (default: 5 s)
 OsmoSGSN# configure terminal
 OsmoSGSN(config)# list
 ...

tests/sgsn/Makefile.am

@@ -102,6 +102,9 @@ sgsn_test_LDADD += \
 	$(top_builddir)/src/sgsn/gprs_ranap.o \
 	$(top_builddir)/src/sgsn/gprs_mm_state_iu_fsm.o \
 	$(top_builddir)/src/sgsn/iu_client.o \
+	$(top_builddir)/src/sgsn/iu_rnc.o \
+	$(top_builddir)/src/sgsn/iu_rnc_fsm.o \
+	$(top_builddir)/src/sgsn/sccp.o \
 	$(LIBOSMORANAP_LIBS) \
 	$(LIBOSMOSIGTRAN_LIBS) \
 	$(LIBASN1C_LIBS) \