2 * (C) 2010 by Andreas Eversberg <jolly@eversberg.eu>
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License along
17 * with this program; if not, write to the Free Software Foundation, Inc.,
18 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
26 const char *rr_state_names[] = {
32 static void new_rr_state(struct gsm_rrlayer *rr, int state)
34 if (state < 0 || state >= (sizeof(rr_state_names) / sizeof(char *)))
37 if (state == GSM_RRSTATE_IDLE) {
40 /* free establish message, if any */
43 msgb_free(rr->rr_est_msg);
44 rr->rr_est_msg = NULL;
46 /* free all pending messages */
47 while((msg = msgb_dequeue(&rr->downqueue)))
51 DEBUGP(DRR, "new state %s -> %s\n",
52 rr_state_names[rr->state], rr_state_names[state]);
61 static void start_rr_t3122(struct gsm_rrlayer *rr, int sec, int micro)
63 DEBUGP(DRR, "starting T3122 with %d seconds\n", current, sec);
64 rr->t3122.cb = timeout_rr_t3122;
66 bsc_schedule_timer(&rr->t3122, sec, micro);
69 static void start_rr_t3126(struct gsm_rrlayer *rr, int sec, int micro)
71 DEBUGP(DRR, "starting T3126 with %d seconds\n", current, sec);
72 rr->t3126.cb = timeout_rr_t3126;
74 bsc_schedule_timer(&rr->t3126, sec, micro);
77 static void stop_rr_t3122(struct gsm_rrlayer *rr)
79 if (timer_pending(rr->t3122)) {
80 DEBUGP(DRR, "stopping pending timer T3122\n");
81 bsc_del_timer(&rr->t3122);
83 rr->t3122_running = 0;
86 static void stop_rr_t3126(struct gsm_rrlayer *rr)
88 if (bsc_timer_pending(rr->t3126)) {
89 DEBUGP(DRR, "stopping pending timer T3126\n");
90 bsc_del_timer(&rr->t3126);
94 static void timeout_rr_t3122(void *arg)
98 static void timeout_rr_t3126(void *arg)
100 struct gsm_rrlayer *rr = arg;
102 if (rr->rr_est_req) {
103 struct msgb *msg = gsm48_mm_msgb_alloc();
104 struct gsm_mm_hdr *mmh;
108 mmh = (struct gsm_mm_hdr *)msg->data;
109 mmh->msg_type RR_REL_IND;
110 mmh->cause = GSM_MM_CAUSE_RA_FAILURE;
114 new_rr_state(rr, GSM_RRSTATE_IDLE);
121 /* send rr status request */
122 static int gsm_rr_tx_rr_status(struct osmocom_ms *ms, uint8_t cause)
124 struct gsm_rrlayer *rr = ms->rrlayer;
125 struct msgb *msg = gsm48_rr_msgb_alloc();
126 struct gsm48_hdr *gh;
127 struct gsm48_rr_status *st;
131 gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh));
132 st = (struct gsm48_rr_status *) msgb_put(msg, sizeof(*st));
134 gh->proto = GSM48_PDISC_RR;
135 gh->msg_type = GSM48_MT_RR_CIPH_M_COMPL;
138 st->rr_cause = cause;
140 return rslms_data_req(ms, msg, 0);
147 /* send chiperhing mode complete */
148 static int gsm_rr_tx_cip_mode_cpl(struct osmocom_ms *ms, uint8_t cr)
150 struct gsm_rrlayer *rr = ms->rrlayer;
151 struct gsm_subscriber *subcr = ms->subscr;
152 struct msgb *msg = gsm48_rr_msgb_alloc();
153 struct gsm48_hdr *gh;
154 u_int8_t buf[11], *ie;
158 gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh));
160 gh->proto = GSM48_PDISC_RR;
161 gh->msg_type = GSM48_MT_RR_CIPH_M_COMPL;
165 gsm48_generate_mid_from_imsi(ie, subscr->imei);
166 ie = msgb_put(msg, 1 + buf[1]);
167 memcpy(ie, buf + 1, 1 + buf[1]);
170 return rslms_data_req(ms, msg, 0);
173 /* receive ciphering mode command */
174 static int gsm_rr_rx_cip_mode_cmd(struct osmocom_ms *ms, struct msgb *msg)
176 struct gsm_rrlayer *rr = ms->rrlayer;
177 struct gsm48_hdr *gh = msgb_l3(msg);
178 struct gsm48_cip_mode_cmd *cm = (struct gsm48_cip_mode_cmd *)gh->data;
179 int payload_len = msgb_l3len(msg) - sizeof(*gh) - sizeof(*cm);
180 uint8_t sc, alg_id, cr;
182 if (payload_len < 0) {
183 DEBUGP(DRR, "Short read of CIPHERING MODE COMMAND message.\n");
184 return gsm_rr_tx_rr_status(ms, GSM48_RR_CAUSE_PROT_ERROR_UNSPC);
187 /* cipher mode setting */
190 /* cipher mode response */
195 return gsm_rr_tx_rr_status(ms, GSM48_RR_CAUSE_PROT_ERROR_UNSPC);
197 /* change to ciphering */
198 tx_ph_cipher_req(ms, sc, alg_id);
199 rr->sc = sc, rr->alg_id = alg_id;
202 return gsm_rr_tx_cip_mode_cpl(ms, cr);
209 /* Encode "Classmark 3" (10.5.2.20) */
210 static int gsm_rr_enc_cm3(struct osmocom_sm *ms, uint8_t *buf, uint8_t *len)
212 struct gsm_support *sup = ms->support;
215 memset(&bv, 0, sizeof(bv));
220 bitvec_set_bit(&bv, 0);
221 /* band 3 supported */
223 bitvec_set_bit(&bv, ONE);
225 bitvec_set_bit(&bv, ZERO);
226 /* band 2 supported */
227 if (sup->e_gsm || sup->r_gsm)
228 bitvec_set_bit(&bv, ONE);
230 bitvec_set_bit(&bv, ZERO);
231 /* band 1 supported */
232 if (sup->p_gsm && !(sup->e_gsm || sup->r_gsm))
233 bitvec_set_bit(&bv, ONE);
235 bitvec_set_bit(&bv, ZERO);
238 bitvec_set_bit(&bv, ONE);
240 bitvec_set_bit(&bv, ZERO);
242 bitvec_set_bit(&bv, ONE);
244 bitvec_set_bit(&bv, ZERO);
246 bitvec_set_bit(&bv, ONE);
248 bitvec_set_bit(&bv, ZERO);
250 bitvec_set_bit(&bv, ONE);
252 bitvec_set_bit(&bv, ZERO);
253 /* radio capability */
254 if (sup->dcs_1800 && !sup->p_gsm && !(sup->e_gsm || sup->r_gsm)) {
256 bitvec_set_uint(&bv, 0, 4);
257 bitvec_set_uint(&bv, sup->dcs_capa, 4);
259 if (sup->dcs_1800 && (sup->p_gsm || (sup->e_gsm || sup->r_gsm))) {
261 bitvec_set_uint(&bv, sup->dcs_capa, 4);
263 bitvec_set_uint(&bv, sup->low_capa, 4);
266 bitvec_set_uint(&bv, 0, 4);
267 bitvec_set_uint(&bv, sup->low_capa, 4);
271 bitvec_set_bit(&bv, ONE);
272 bitvec_set_uint(&bv, sup->r_capa, 3);
274 bitvec_set_bit(&bv, ZERO);
276 /* multi slot support */
278 bitvec_set_bit(&bv, ONE);
279 bitvec_set_uint(&bv, sup->ms_capa, 5);
281 bitvec_set_bit(&bv, ZERO);
284 if (sup->ucs2_treat) {
285 bitvec_set_bit(&bv, ONE);
287 bitvec_set_bit(&bv, ZERO);
289 /* support extended measurements */
291 bitvec_set_bit(&bv, ONE);
293 bitvec_set_bit(&bv, ZERO);
295 /* support measurement capability */
297 bitvec_set_bit(&bv, ONE);
298 bitvec_set_uint(&bv, sup->sms_val, 4);
299 bitvec_set_uint(&bv, sup->sm_val, 4);
301 bitvec_set_bit(&bv, ZERO);
303 /* positioning method capability */
305 bitvec_set_bit(&bv, ONE);
306 bitvec_set_bit(&bv, sup->e_otd_ass == 1);
307 bitvec_set_bit(&bv, sup->e_otd_based == 1);
308 bitvec_set_bit(&bv, sup->gps_ass == 1);
309 bitvec_set_bit(&bv, sup->gps_based == 1);
310 bitvec_set_bit(&bv, sup->gps_conv == 1);
312 bitvec_set_bit(&bv, ZERO);
315 /* partitial bytes will be completed */
316 *len = (bv.cur_bit + 7) >> 3;
317 bitvec_spare_padding(&bv, (*len * 8) - 1);
322 /* encode classmark 2 */
323 static int gsm_rr_enc_cm2(struct osmocom_sm *ms, struct gsm48_classmark2 *cm)
325 struct gsm_support *sup = ms->support;
327 cm->pwr_lev = sup->pwr_lev;
328 cm->a5_1 = sup->a5_1;
329 cm->es_ind = sup->es_ind;
330 cm->rev_lev = sup->rev_lev;
331 cm->fc = (sup->r_gsm || sup->e_gsm);
332 cm->vgcs = sup->vgcs;
334 cm->sm = sup->sms_ptp;
335 cm->ss_ind = sup->ss_ind;
336 cm->ps_cap = sup->ps_cap;
337 cm->a5_2 = sup->a5_2;
338 cm->a5_3 = sup->a5_3;
339 cm->cmsp = sup->cmsp;
340 cm->solsa = sup->solsa;
341 cm->lcsva = sup->lcsva;
344 /* send classmark change */
345 static int gsm_rr_tx_cm_change(struct osmocom_ms *ms)
347 struct gsm_rrlayer *rr = ms->rrlayer;
348 struct gsm_support *sup = ms->support;
349 struct msgb *msg = gsm48_rr_msgb_alloc();
350 struct gsm48_hdr *gh;
351 struct gsm48_cm_change *cc;
357 gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh));
358 cc = (struct gsm48_cm_change *) msgb_put(msg, sizeof(*cc));
360 gh->proto = GSM48_PDISC_RR;
361 gh->msg_type = GSM48_MT_RR_CLSM_CHG;
364 cc->cm_len = sizeof(cm->cm2);
365 gsm_rr_enc_cm2(ms, &cc->cm2)
368 if (sup->dcs_1800 || sup->e_gsm || sup->r_gsm
369 || sup->a5_7 || sup->a5_6 || sup->a5_5 || sup->a5_4
372 || sup->ext_meas || sup->meas_cap
375 buf[0] = GSM48_IE_CLASSMARK2;
376 gsm_rr_enc_cm3(ms, buf + 2, &buf[1]);
379 return rslms_data_req(ms, msg, 0);
382 /* receiving classmark enquiry */
383 static int gsm_rr_rx_cm_enq(struct osmocom_ms *ms, struct msgb *msg)
385 struct gsm_rrlayer *rr = ms->rrlayer;
386 struct gsm48_hdr *gh = msgb_l3(msg);
387 int payload_len = msgb_l3len(msg) - sizeof(*gh);
390 return gsm_rr_tx_cm_change(ms);
397 /* send channel request burst message */
398 static int gsm_rr_tx_chan_req(struct osmocom_ms *ms, int cause)
400 struct gsm_rrlayer *rr = ms->rrlayer;
402 struct gsm_mm_hdr *mmh;
406 new_rr_state(rr, GSM_RRSTATE_CONN_PEND);
408 /* number of retransmissions (without first transmission) */
409 rr->n_chan_req = ms->si.max_retrans;
411 /* generate CHAN REQ (9.1.8) */
414 case RR_EST_CAUSE_EMERGENCY:
418 DEBUGP(DRR, "CHANNEL REQUEST: %02x (Emergency call)\n", chan_req);
420 case RR_EST_CAUSE_REESTAB_TCH_F:
423 DEBUGP(DRR, "CHANNEL REQUEST: %02x (re-establish TCH/F)\n", chan_req);
425 case RR_EST_CAUSE_REESTAB_TCH_H:
429 DEBUGP(DRR, "CHANNEL REQUEST: %02x (re-establish TCH/H with NECI)\n", chan_req);
433 DEBUGP(DRR, "CHANNEL REQUEST: %02x (re-establish TCH/H no NECI)\n", chan_req);
436 case RR_EST_CAUSE_REESTAB_2_TCH_H:
440 DEBUGP(DRR, "CHANNEL REQUEST: %02x (re-establish TCH/H+TCH/H with NECI)\n", chan_req);
444 DEBUGP(DRR, "CHANNEL REQUEST: %02x (re-establish TCH/H+TCH/H no NECI)\n", chan_req);
447 case RR_EST_CAUSE_ANS_PAG_ANY:
450 DEBUGP(DRR, "CHANNEL REQUEST: %02x (PAGING Any channel)\n", chan_req);
452 case RR_EST_CAUSE_ANS_PAG_SDCCH:
455 DEBUGP(DRR, "CHANNEL REQUEST: %02x (PAGING SDCCH)\n", chan_req);
457 case RR_EST_CAUSE_ANS_PAG_TCH_F:
458 /* ms supports no dual rate */
461 DEBUGP(DRR, "CHANNEL REQUEST: %02x (PAGING TCH/F)\n", chan_req);
463 case RR_EST_CAUSE_ANS_PAG_TCH_ANY:
464 /* ms supports no dual rate */
467 DEBUGP(DRR, "CHANNEL REQUEST: %02x (PAGING TCH/H or TCH/F)\n", chan_req);
469 case RR_EST_CAUSE_ORIG_TCHF:
470 /* ms supports no dual rate */
473 DEBUGP(DRR, "CHANNEL REQUEST: %02x (Orig TCH/F)\n", chan_req);
475 case RR_EST_CAUSE_LOC_UPD:
479 DEBUGP(DRR, "CHANNEL REQUEST: %02x (Location Update with NECI)\n", chan_req);
483 DEBUGP(DRR, "CHANNEL REQUEST: %02x (Location Update no NECI)\n", chan_req);
486 case RR_EST_CAUSE_OTHER_SDCCH:
490 DEBUGP(DRR, "CHANNEL REQUEST: %02x (OHTER with NECI)\n", chan_req);
494 DEBUGP(DRR, "CHANNEL REQUEST: %02x (OTHER no NECI)\n", chan_req);
498 if (!rr->rr_est_req) /* no request from MM */
501 DEBUGP(DRR, "CHANNEL REQUEST: with unknown establishment cause: %d\n", rrmsg->cause);
502 msg = gsm48_mm_msgb_alloc();
505 mmh = (struct gsm_mm_hdr *)msg->data;
506 mmh->msg_type RR_REL_IND;
507 mmh->cause = GSM_MM_CAUSE_UNDEFINED;
509 new_rr_state(rr, GSM_RRSTATE_IDLE);
515 /* create and send RACH msg */
516 msg = msgb_alloc_headroom(20, 16, "CHAN_REQ");
519 *msgb_put(msg, 1) = chan_req;
520 rr->chan_req = chan_req;
521 t = ms->si.tx_integer;
524 *msgb_put(msg, 1) = random() % t; /* delay */
527 rr->cr_hist[1] = chan_req;
529 return rslms_tx_rll_req_l3(ms, RSL_MT_RAND_ACC_REQ, chan_nr, 0, msg);
532 /* send next channel request in conn pend state */
533 static int gsm_rr_rand_acc_cnf(struct osmocom_ms *ms, struct msgb *msg)
535 struct gsm_rrlayer *rr = ms->rrlayer;
539 if (!rr->n_chan_req) {
540 if (!timer_pending(rr->t3126))
541 start_rr_t3126(rr, GSM_T3126_MS);
547 switch(ms->si.tx_integer) {
548 case 3: case 8: case 14: case 50:
549 if (ms->si.bcch_type == GSM_NON_COMBINED_CCCH)
553 case 4: case 9: case 16:
554 if (ms->si.bcch_type == GSM_NON_COMBINED_CCCH)
558 case 5: case 10: case 20:
559 if (ms->si.bcch_type == GSM_NON_COMBINED_CCCH)
563 case 6: case 11: case 25:
564 if (ms->si.bcch_type == GSM_NON_COMBINED_CCCH)
569 if (ms->si.bcch_type == GSM_NON_COMBINED_CCCH)
574 /* resend chan_req */
575 newmsg = msgb_alloc_headroom(20, 16, "CHAN_REQ");
578 *msgb_put(newmsg, 1) = rr->chan_req;
579 *msgb_put(newmsg, 1) = (random() % ms->si.tx_integer) + s; /* delay */
580 rr->cr_hist[3] = rr->cr_hist[2];
581 rr->cr_hist[2] = rr->cr_hist[1];
582 rr->cr_hist[1] = chan_req;
583 return rslms_tx_rll_req_l3(ms, RSL_MT_RAND_ACC_REQ, chan_nr, 0, newmsg);
590 /* decode "Cell Channel Description" (10.5.2.1b) and other frequency lists */
591 static int gsm48_decode_freq_list(struct gsm_sysinfo_freq *f, uint8_t *cd, uint8_t len, uint8_t mask, uint8_t frqt)
597 * The Range format uses "SMOD" computation.
598 * e.g. "n SMOD m" equals "((n - 1) % m) + 1"
599 * A cascade of multiple SMOD computations is simpified:
600 * "(n SMOD m) SMOD o" equals "(((n - 1) % m) % o) + 1"
602 * The Range format uses 16 octets of data in SYSTEM INFORMATION.
603 * When used in dedicated messages, the length can be less.
604 * In this case the ranges are decoded for all frequencies that
605 * fit in the block of given length.
609 for (i = 0; i < 1024; i++)
613 if ((cd[0] & 0xc0 & mask) == 0x00) {
614 /* Bit map 0 format */
617 for (i = 1; i <= 124; i++)
618 if ((cd[15 - ((i-1) >> 3)] & (1 << ((i-1) & 7))))
624 /* only Bit map 0 format for P-GSM */
625 if (ms->support.p_gsm && !ms->support.e_gsm
626 && !ms->support.r_gsm && !ms->support.dcs_1800)
630 if ((cd[0] & 0xc8 & mask) == 0x80) {
631 /* Range 1024 format */
632 uint16_t w[17]; /* 1..16 */
633 struct gsm_range_1024 *r = (struct gsm_range_1024 *)cd;
637 memset(w, 0, sizeof(w));
640 w[1] = (r->w1_hi << 8) | r->w1_lo;
642 w[2] = (r->w2_hi << 1) | r->w2_lo;
644 w[3] = (r->w3_hi << 2) | r->w3_lo;
646 w[4] = (r->w4_hi << 2) | r->w4_lo;
648 w[5] = (r->w5_hi << 2) | r->w5_lo;
650 w[6] = (r->w6_hi << 2) | r->w6_lo;
652 w[7] = (r->w7_hi << 2) | r->w7_lo;
654 w[8] = (r->w8_hi << 1) | r->w8_lo;
660 w[11] = (r->w11_hi << 6) | r->w11_lo;
662 w[12] = (r->w12_hi << 5) | r->w12_lo;
664 w[13] = (r->w13_hi << 4) | r->w13_lo;
666 w[14] = (r->w14_hi << 3) | r->w14_lo;
668 w[15] = (r->w15_hi << 2) | r->w15_lo;
672 f[w[1]].mask |= frqt;
674 f[((w[1] - 512 + w[2] - 1) % 1023) + 1].mask |= frqt;
676 f[((w[1] + w[3] - 1) % 1023) + 1].mask |= frqt;
678 f[((w[1] - 512 + ((w[2] - 256 + w[4] - 1) % 511)) % 1023) + 1].mask |= frqt;
680 f[((w[1] + ((w[3] - 256 - w[5] - 1) % 511)) % 1023) + 1].mask |= frqt;
682 f[((w[1] - 512 + ((w[2] + w[6] - 1) % 511)) % 1023) + 1].mask |= frqt;
684 f[((w[1] + ((w[3] + w[7] - 1) % 511)) % 1023) + 1].mask |= frqt;
686 f[((w[1] - 512 + ((w[2] - 256 + ((w[4] - 128 + w[8] - 1) % 255)) % 511)) % 1023) + 1].mask |= frqt;
688 f[((w[1] + ((w[3] - 256 + ((w[5] - 128 + w[9] - 1) % 255)) % 511)) % 1023) + 1].mask |= frqt;
690 f[((w[1] - 512 + ((w[2] + ((w[6] - 128 + w[10] - 1) % 255)) % 511)) % 1023) + 1].mask |= frqt;
692 f[((w[1] + ((w[3] + ((w[7] - 128 + w[11] - 1) % 255)) % 511)) % 1023) + 1].mask |= frqt;
694 f[((w[1] - 512 + ((w[2] - 256 + ((w[4] + w[12] - 1) % 255)) % 511)) % 1023) + 1].mask |= frqt;
696 f[((w[1] + ((w[3] - 256 + ((w[5] + w[13] - 1) % 255)) % 511)) % 1023) + 1].mask |= frqt;
698 f[((w[1] - 512 + ((w[2] + ((w[6] + w[14] - 1) % 255)) % 511)) % 1023) + 1].mask |= frqt;
700 f[((w[1] + ((w[3] + ((w[7] + w[15] - 1) % 255)) % 511)) % 1023) + 1].mask |= frqt;
702 f[((w[1] - 512 + ((w[2] - 256 + ((w[4] - 128 + ((w[8] - 64 + w[16] - 1) % 127)) % 255)) % 511)) % 1023) + 1].mask |= frqt;
707 if ((cd[0] & 0xce & mask) == 0x88) {
708 /* Range 512 format */
709 uint16_t w[18]; /* 1..17 */
710 struct gsm_range_512 *r = (struct gsm_range_512 *)cd;
714 memset(w, 0, sizeof(w));
715 w[0] = (r->orig_arfcn_hi << 9) || (r->orig_arfcn_mid << 1) || r->orig_arfcn_lo;
716 w[1] = (r->w1_hi << 2) || r->w1_lo;
718 w[2] = (r->w2_hi << 2) || r->w2_lo;
720 w[3] = (r->w3_hi << 2) || r->w3_lo;
722 w[4] = (r->w4_hi << 1) || r->w4_lo;
728 w[7] = (r->w7_hi << 6) || r->w7_lo;
730 w[8] = (r->w8_hi << 4) || r->w8_lo;
732 w[9] = (r->w9_hi << 2) || r->w9_lo;
738 w[12] = (r->w12_hi << 4) || r->w12_lo;
740 w[13] = (r->w13_hi << 2) || r->w13_lo;
746 w[16] = (r->w16_hi << 3) || r->w16_lo;
750 f[w[0]].mask |= frqt;
752 f[(w[0] + w[1]) % 1024].mask |= frqt;
754 f[(w[0] + ((w[1] - 256 + w[2] - 1) % 511) + 1) % 1024].mask |= frqt;
756 f[(w[0] + ((w[1] + w[3] - 1) % 511) + 1) % 1024].mask |= frqt;
758 f[(w[0] + ((w[1] - 256 + ((w[2] - 128 + w[4] - 1) % 255)) % 511) + 1) % 1024].mask |= frqt;
760 f[(w[0] + ((w[1] + ((w[3] - 128 + w[5] - 1) % 255)) % 511) + 1) % 1024].mask |= frqt;
762 f[(w[0] + ((w[1] - 256 + ((w[2] + w[6] - 1) % 255)) % 511) + 1) % 1024].mask |= frqt;
764 f[(w[0] + ((w[1] + ((w[3] + w[7] - 1) % 255)) % 511) + 1) % 1024].mask |= frqt;
766 f[(w[0] + ((w[1] - 256 + ((w[2] - 128 + ((w[4] - 64 + w[8] - 1) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
768 f[(w[0] + ((w[1] + ((w[3] - 128 + ((w[5] - 64 + w[9] - 1) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
770 f[(w[0] + ((w[1] - 256 + ((w[2] + ((w[6] - 64 + w[10] - 1) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
772 f[(w[0] + ((w[1] + ((w[3] + ((w[7] - 64 + w[11] - 1) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
774 f[(w[0] + ((w[1] - 256 + ((w[2] - 128 + ((w[4] + w[12] - 1) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
776 f[(w[0] + ((w[1] + ((w[3] - 128 + ((w[5] + w[13] - 1) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
778 f[(w[0] + ((w[1] - 256 + ((w[2] + ((w[6] + w[14] - 1) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
780 f[(w[0] + ((w[1] + ((w[3] + ((w[7] + w[15] - 1) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
782 f[(w[0] + ((w[1] - 256 + ((w[2] - 128 + ((w[4] - 64 + ((w[8] - 32 + w[16] - 1) % 63)) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
784 f[(w[0] + ((w[1] + ((w[3] - 128 + ((w[5] - 64 + ((w[9] - 32 + w[17] - 1) % 63)) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
789 if ((cd[0] & & mask 0xce) == 0x8a) {
790 /* Range 256 format */
791 uint16_t w[22]; /* 1..21 */
792 struct gsm_range_256 *r = (struct gsm_range_256 *)cd;
796 memset(w, 0, sizeof(w));
797 w[0] = (r->orig_arfcn_hi << 9) || (r->orig_arfcn_mid << 1) || r->orig_arfcn_lo;
798 w[1] = (r->w1_hi << 1) || r->w1_lo;
804 w[4] = (r->w4_hi << 5) || r->w4_lo;
806 w[5] = (r->w5_hi << 3) || r->w5_lo;
808 w[6] = (r->w6_hi << 1) || r->w6_lo;
812 w[8] = (r->w8_hi << 4) || r->w8_lo;
814 w[9] = (r->w9_hi << 1) || r->w9_lo;
818 w[11] = (r->w11_hi << 3) || r->w11_lo;
826 w[15] = (r->w14_hi << 2) || r->w14_lo;
828 w[16] = (r->w16_hi << 3) || r->w16_lo;
834 w[19] = (r->w18_hi << 3) || r->w18_lo;
836 w[20] = (r->w20_hi << 3) || r->w20_lo;
840 f[w[0]].mask |= frqt;
842 f[(w[0] + w[1]) % 1024].mask |= frqt;
844 f[(w[0] + ((w[1] - 128 + w[2] - 1) % 255) + 1) % 1024].mask |= frqt;
846 f[(w[0] + ((w[1] + w[3] - 1) % 255) + 1) % 1024].mask |= frqt;
848 f[(w[0] + ((w[1] - 128 + ((w[2] - 64 + w[4] - 1) % 127)) % 255) + 1) % 1024].mask |= frqt;
850 f[(w[0] + ((w[1] + ((w[3] - 64 + w[5] - 1) % 127)) % 255) + 1) % 1024].mask |= frqt;
852 f[(w[0] + ((w[1] - 128 + ((w[2] + w[6] - 1) % 127)) % 255) + 1) % 1024].mask |= frqt;
854 f[(w[0] + ((w[1] + ((w[3] + w[7] - 1) % 127)) % 255) + 1) % 1024].mask |= frqt;
856 f[(w[0] + ((w[1] - 128 + ((w[2] - 64 + ((w[4] - 32 + w[8] - 1) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
858 f[(w[0] + ((w[1] + ((w[3] - 64 + ((w[5] - 32 + w[9] - 1) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
860 f[(w[0] + ((w[1] - 128 + ((w[2] + ((w[6] - 32 + w[10] - 1) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
862 f[(w[0] + ((w[1] + ((w[3] + ((w[7] - 32 + w[11] - 1) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
864 f[(w[0] + ((w[1] - 128 + ((w[2] - 64 + ((w[4] + w[12] - 1) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
866 f[(w[0] + ((w[1] + ((w[3] - 64 + ((w[5] + w[13] - 1) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
868 f[(w[0] + ((w[1] - 128 + ((w[2] + ((w[6] + w[14] - 1) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
870 f[(w[0] + ((w[1] + ((w[3] + ((w[7] + w[15] - 1) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
872 f[(w[0] + ((w[1] - 128 + ((w[2] - 64 + ((w[4] - 32 + ((w[8] - 16 + w[16] - 1) % 31)) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
874 f[(w[0] + ((w[1] + ((w[3] - 64 + ((w[5] - 32 + ((w[9] - 16 + w[17] - 1) % 31)) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
876 f[(w[0] + ((w[1] - 128 + ((w[2] + ((w[6] - 32 + ((w[10] - 16 + w[18] - 1) % 31)) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
878 f[(w[0] + ((w[1] + ((w[3] + ((w[7] - 32 + ((w[11] - 16 + w[19] - 1) % 31)) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
880 f[(w[0] + ((w[1] - 128 + ((w[2] - 64 + ((w[4] + ((w[12] - 16 + w[20] - 1) % 31)) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
882 f[(w[0] + ((w[1] + ((w[3] - 64 + ((w[5] + ((w[13] - 16 + w[21] - 1) % 31)) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
887 if ((cd[0] & 0xce & mask) == 0x8c) {
888 /* Range 128 format */
889 uint16_t w[29]; /* 1..28 */
890 struct gsm_range_128 *r = (struct gsm_range_128 *)cd;
894 memset(w, 0, sizeof(w));
895 w[0] = (r->orig_arfcn_hi << 9) || (r->orig_arfcn_mid << 1) || r->orig_arfcn_lo;
900 w[3] = (r->w3_hi << 4) || r->w3_lo;
902 w[4] = (r->w4_hi << 1) || r->w4_lo;
906 w[6] = (r->w6_hi << 3) || r->w6_lo;
930 w[18] = (r->w18_hi << 1) || r->w18_lo;
936 w[21] = (r->w21_hi << 2) || r->w21_lo;
946 w[26] = (r->w26_hi << 1) || r->w26_lo;
952 f[w[0]].mask |= frqt;
954 f[(w[0] + w[1]) % 1024].mask |= frqt;
956 f[(w[0] + ((w[1] - 64 + w[2] - 1) % 127) + 1) % 1024].mask |= frqt;
958 f[(w[0] + ((w[1] + w[3] - 1) % 127) + 1) % 1024].mask |= frqt;
960 f[(w[0] + ((w[1] - 64 + ((w[2] - 32 + w[4] - 1) % 63)) % 127) + 1) % 1024].mask |= frqt;
962 f[(w[0] + ((w[1] + ((w[3] - 32 + w[5] - 1) % 63)) % 127) + 1) % 1024].mask |= frqt;
964 f[(w[0] + ((w[1] - 64 + ((w[2] + w[6] - 1) % 63)) % 127) + 1) % 1024].mask |= frqt;
966 f[(w[0] + ((w[1] + ((w[3] + w[7] - 1) % 63)) % 127) + 1) % 1024].mask |= frqt;
968 f[(w[0] + ((w[1] - 64 + ((w[2] - 32 + ((w[4] - 16 + w[8] - 1) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
970 f[(w[0] + ((w[1] + ((w[3] - 32 + ((w[5] - 16 + w[9] - 1) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
972 f[(w[0] + ((w[1] - 64 + ((w[2] + ((w[6] - 16 + w[10] - 1) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
974 f[(w[0] + ((w[1] + ((w[3] + ((w[7] - 16 + w[11] - 1) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
976 f[(w[0] + ((w[1] - 64 + ((w[2] - 32 + ((w[4] + w[12] - 1) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
978 f[(w[0] + ((w[1] + ((w[3] - 32 + ((w[5] + w[13] - 1) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
980 f[(w[0] + ((w[1] - 64 + ((w[2] + ((w[6] + w[14] - 1) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
982 f[(w[0] + ((w[1] + ((w[3] + ((w[7] + w[15] - 1) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
984 f[(w[0] + ((w[1] - 64 + ((w[2] - 32 + ((w[4] - 16 + ((w[8] - 8 + w[16] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
986 f[(w[0] + ((w[1] + ((w[3] - 32 + ((w[5] - 16 + ((w[9] - 8 + w[17] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
988 f[(w[0] + ((w[1] - 64 + ((w[2] + ((w[6] - 16 + ((w[10] - 8 + w[18] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
990 f[(w[0] + ((w[1] + ((w[3] + ((w[7] - 16 + ((w[11] - 8 + w[19] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
992 f[(w[0] + ((w[1] - 64 + ((w[2] - 32 + ((w[4] + ((w[12] - 8 + w[20] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
994 f[(w[0] + ((w[1] + ((w[3] - 32 + ((w[5] + ((w[13] - 8 + w[21] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
996 f[(w[0] + ((w[1] - 64 + ((w[2] + ((w[6] + ((w[14] - 8 + w[22] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
998 f[(w[0] + ((w[1] + ((w[3] + ((w[7] + ((w[15] - 8 + w[23] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1000 f[(w[0] + ((w[1] - 64 + ((w[2] - 32 + ((w[4] - 16 + ((w[8] + w[24] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1002 f[(w[0] + ((w[1] + ((w[3] - 32 + ((w[5] - 16 + ((w[9] + w[25] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1004 f[(w[0] + ((w[1] - 64 + ((w[2] + ((w[6] - 16 + ((w[10] + w[26] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1006 f[(w[0] + ((w[1] + ((w[3] + ((w[7] - 16 + ((w[11] + w[27] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1008 f[(w[0] + ((w[1] - 64 + ((w[2] - 32 + ((w[4] + ((w[12] + w[28] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1013 if ((cd[0] & 0xce & mask) == 0x8e) {
1014 /* Variable bitmap format (can be any length >= 3) */
1016 struct gsm_var_bit *r = (struct gsm_var_bit *)cd;
1020 orig = (r->orig_arfcn_hi << 9) || (r->orig_arfcn_mid << 1) || r->orig_arfcn_lo;
1021 f[orig].mask |= frqt;
1022 for (i = 1; 2 + (i >> 3) < len; i++)
1023 if ((cd[2 + (i >> 3)] & (0x80 >> (i & 7))))
1024 f[(orig + 1) % 1024].mask |= frqt;
1031 /* decode "Cell Options (BCCH)" (10.5.2.3) */
1032 static int gsm48_decode_cell_sel_param(struct gsm48_sysinfo *s, struct gsm48_cell_sel_par *cs)
1034 s->ms_txpwr_max_ccch = cs->ms_txpwr_max_ccch;
1035 s->cell_resel_hyst_db = cs->cell_resel_hyst * 2;
1036 s->rxlev_acc_min_db = cs->rxlev_acc_min - 110;
1041 /* decode "Cell Options (BCCH)" (10.5.2.3) */
1042 static int gsm48_decode_cellopt_bcch(struct gsm48_sysinfo *s, struct gsm48_cell_options *co)
1044 s->bcch_radio_link_timeout = (co->radio_link_timeout + 1) * 4;
1045 s->bcch_dtx = co->dtx;
1046 s->bcch_pwrc = co->pwrc;
1049 /* decode "Cell Options (SACCH)" (10.5.2.3a) */
1050 static int gsm48_decode_cellopt_sacch(struct gsm48_sysinfo *s, struct gsm48_cell_options *co)
1052 s->sacch_radio_link_timeout = (co->radio_link_timeout + 1) * 4;
1053 s->sacch_dtx = co->dtx;
1054 s->sacch_pwrc = co->pwrc;
1057 /* decode "Cell Channel Description" (10.5.2.11) */
1058 static int gsm48_decode_ccd(struct gsm48_sysinfo *s, struct gsm48_control_channel_desc *cc)
1060 s->ccch_conf = cc->ccch_conf;
1061 s->bs_ag_blks_res = cc->bs_ag_blks_res;
1062 s->att_allowed = cc->att;
1063 s->pag_mf_periods = cc->bs_pa_mfrms + 2;
1064 s->t3212 = cc->t3212 * 360; /* convert deci-hours to seconds */
1067 /* decode "Mobile Allocation" (10.5.2.21) */
1068 static int gsm48_decode_mobile_alloc(struct gsm48_sysinfo *s, uint8_t *ma, uint8_t len)
1071 uint16_t f[len << 3];
1073 /* not more than 64 hopping indexes allowed in IE */
1079 for (i = 0; i < 1024; i++)
1080 s->freq[i] &= ~FREQ_TYPE_HOPP;
1082 /* generating list of all frequencies (1..1023,0) */
1083 for (i = 1; i <= 1024; i++) {
1084 if ((s->freq[i & 1023] & FREQ_TYPE_SERV)) {
1086 if (j == (len << 3))
1091 /* fill hopping table with frequency index given by IE
1092 * and set hopping type bits
1094 for (i = 0, i < (len << 3), i++) {
1095 /* if bit is set, this frequency index is used for hopping */
1096 if ((ma[len - 1 - (i >> 3)] & (1 << (i & 7)))) {
1097 /* index higher than entries in list ? */
1099 DEBUGP(DRR, "Mobile Allocation hopping index "
1100 "%d exceeds maximum number of cell "
1101 "frequencies. (%d)\n", i + 1, j);
1104 hopping[s->hopp_len++] = f[i];
1105 s->freq[f[i]] |= FREQ_TYPE_HOPP;
1112 /* Rach Control decode tables */
1113 static uint8_t gsm48_max_retrans[4] = {
1116 static uint8_t gsm48_tx_integer[16] = {
1117 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 16, 20, 25, 32, 50
1120 /* decode "RACH Control Parameter" (10.5.2.29) */
1121 static int gsm48_decode_rach_ctl_param(struct gsm48_sysinfo *s, struct gsm48_rach_ctl *rc)
1125 s->reest_denied = rc->re;
1126 s->cell_barred = rc->cell_barr;
1127 s->tx_integer = gsm48_tx_integer[rc->tx_int];
1128 s->max_retrans = gsm48_max_retrans[rc->max_retr];
1129 for (i = 0, i <= 15, i++)
1130 if ((rc->ac[1 - (i >> 3)] & (1 << (i & 7))))
1131 s->class_barr[i] = 1;
1133 s->class_barr[i] = 0;
1137 static int gsm48_decode_rach_ctl_neigh(struct gsm48_sysinfo *s, struct gsm48_rach_ctl *rc)
1141 s->nb_reest_denied = rc->re;
1142 s->nb_cell_barred = rc->cell_barr;
1143 s->nb_tx_integer = gsm48_tx_integer[rc->tx_int];
1144 s->nb_max_retrans = gsm48_max_retrans[rc->max_retr];
1145 for (i = 0, i <= 15, i++)
1146 if ((rc->ac[1 - (i >> 3)] & (1 << (i & 7))))
1147 s->nb_class_barr[i] = 1;
1149 s->nb_class_barr[i] = 0;
1154 /* decode "SI 1 Rest Octets" (10.5.2.32) */
1155 static int gsm48_decode_si1_rest(struct gsm48_sysinfo *s, uint8_t *si, uint8_t len)
1159 /* decode "SI 3 Rest Octets" (10.5.2.34) */
1160 static int gsm48_decode_si3_rest(struct gsm48_sysinfo *s, uint8_t *si, uint8_t len)
1164 /* decode "SI 4 Rest Octets" (10.5.2.35) */
1165 static int gsm48_decode_si4_rest(struct gsm48_sysinfo *s, uint8_t *si, uint8_t len)
1169 /* decode "SI 6 Rest Octets" (10.5.2.35a) */
1170 static int gsm48_decode_si6_rest(struct gsm48_sysinfo *s, uint8_t *si, uint8_t len)
1174 /* receive "SYSTEM INFORMATION 1" message (9.1.31) */
1175 static int gsm_rr_rx_sysinfo1(struct osmocom_ms *ms, struct msgb *msg)
1177 struct gsm48_system_information_type_1 *si = msgb_l3(msg);
1178 struct gsm48_sysinfo *s = ms->sysinfo;
1179 int payload_len = msgb_l3len(msg) - sizeof(*si);
1181 if (payload_len < 0) {
1182 DEBUGP(DRR, "Short read of SYSTEM INFORMATION 1 message.\n");
1185 /* Cell Channel Description */
1186 gsm48_decode_freq_list(s->freq, si->cell_channel_description,
1187 sizeof(si->cell_channel_description), 0xce, FREQ_TYPE_SERV);
1188 /* RACH Control Parameter */
1189 gsm48_decode_rach_ctl_param(s, si->rach_control);
1190 /* SI 1 Rest Octets */
1192 gsm48_decode_si1_rest(si->rest_octets, payload_len);
1197 /* receive "SYSTEM INFORMATION 2" message (9.1.32) */
1198 static int gsm_rr_rx_sysinfo2(struct osmocom_ms *ms, struct msgb *msg)
1200 struct gsm48_system_information_type_2 *si = msgb_l3(msg);
1201 struct gsm48_sysinfo *s = ms->sysinfo;
1202 int payload_len = msgb_l3len(msg) - sizeof(*si);
1204 if (payload_len < 0) {
1205 DEBUGP(DRR, "Short read of SYSTEM INFORMATION 2 message.\n");
1208 /* Neighbor Cell Description */
1209 gsm48_decode_freq_list(s->freq, si->bcch_frequency_list,
1210 sizeof(si->bcch_frequency_list), 0xce, FREQ_TYPE_NCELL_2);
1212 s->nb_ncc_permitted = si->ncc_permitted;
1213 /* RACH Control Parameter */
1214 gsm48_decode_rach_ctl_neigh(s, si->rach_control);
1219 /* receive "SYSTEM INFORMATION 2bis" message (9.1.33) */
1220 static int gsm_rr_rx_sysinfo2bis(struct osmocom_ms *ms, struct msgb *msg)
1222 struct gsm48_system_information_type_2bis *si = msgb_l3(msg);
1223 struct gsm48_sysinfo *s = ms->sysinfo;
1224 int payload_len = msgb_l3len(msg) - sizeof(*si);
1226 if (payload_len < 0) {
1227 DEBUGP(DRR, "Short read of SYSTEM INFORMATION 2bis message.\n");
1230 /* Neighbor Cell Description */
1231 s->nb_ext_ind = (si->bcch_frequency_list[0] >> 6) & 1;
1232 s->nb_ba_ind = (si->bcch_frequency_list[0] >> 5) & 1;
1233 gsm48_decode_freq_list(s->freq, si->ext_bcch_frequency_list,
1234 sizeof(si->ext_bcch_frequency_list), 0x8e, FREQ_TYPE_NCELL_2bis);
1235 /* RACH Control Parameter */
1236 gsm48_decode_rach_ctl_neigh(s, si->rach_control);
1241 /* receive "SYSTEM INFORMATION 2ter" message (9.1.34) */
1242 static int gsm_rr_rx_sysinfo2ter(struct osmocom_ms *ms, struct msgb *msg)
1244 struct gsm48_system_information_type_2ter *si = msgb_l3(msg);
1245 struct gsm48_sysinfo *s = ms->sysinfo;
1246 int payload_len = msgb_l3len(msg) - sizeof(*si);
1248 if (payload_len < 0) {
1249 DEBUGP(DRR, "Short read of SYSTEM INFORMATION 2ter message.\n");
1252 /* Neighbor Cell Description 2 */
1253 s->nb_multi_rep = (si->bcch_frequency_list[0] >> 6) & 3;
1254 gsm48_decode_freq_list(s->freq, si->ext_bcch_frequency_list,
1255 sizeof(si->ext_bcch_frequency_list), 0x8e, FREQ_TYPE_NCELL_2ter);
1260 /* receive "SYSTEM INFORMATION 3" message (9.1.35) */
1261 static int gsm_rr_rx_sysinfo3(struct osmocom_ms *ms, struct msgb *msg)
1263 struct gsm48_system_information_type_3 *si = msgb_l3(msg);
1264 struct gsm48_sysinfo *s = ms->sysinfo;
1265 int payload_len = msgb_l3len(msg) - sizeof(*si);
1267 if (payload_len < 0) {
1268 DEBUGP(DRR, "Short read of SYSTEM INFORMATION 3 message.\n");
1272 s->cell_identity = ntohl(si->cell_identity);
1274 gsm48_decode_lai(si->lai, s->mcc, s->mnc, s->lac);
1275 /* Control Channel Description */
1276 gsm48_decode_ccd(s, si->control_channel_desc);
1277 /* Cell Options (BCCH) */
1278 gsm48_decode_cellopt_bcch(s, si->control_channel_desc);
1279 /* Cell Selection Parameters */
1280 gsm48_decode_cell_sel_param(s, si->cell_sel_par);
1281 /* RACH Control Parameter */
1282 gsm48_decode_rach_ctl_param(s, si->rach_control);
1283 /* SI 3 Rest Octets */
1284 if (payload_len >= 4)
1285 gsm48_decode_si3_rest(si->rest_octets, payload_len);
1290 /* receive "SYSTEM INFORMATION 4" message (9.1.36) */
1291 static int gsm_rr_rx_sysinfo4(struct osmocom_ms *ms, struct msgb *msg)
1293 struct gsm48_system_information_type_4 *si = msgb_l3(msg);
1294 struct gsm48_sysinfo *s = ms->sysinfo;
1295 int payload_len = msgb_l3len(msg) - sizeof(*si);
1296 uint8_t *data = si->data;
1297 todo: si has different header in structures
1299 if (payload_len < 0) {
1301 DEBUGP(DRR, "Short read of SYSTEM INFORMATION 4 message.\n");
1305 gsm48_decode_lai(si->lai, s->mcc, s->mnc, s->lac);
1306 /* Cell Selection Parameters */
1307 gsm48_decode_cell_sel_param(s, si->cell_sel_par);
1308 /* RACH Control Parameter */
1309 gsm48_decode_rach_ctl_param(s, si->rach_control);
1310 /* CBCH Channel Description */
1311 if (payload_len >= 1 && data[0] == GSM48_IE_CBCH_CHAN_DES) {
1312 if (payload_len < 4)
1314 memcpy(&s->chan_desc, data + 1, sizeof(s->chan_desc));
1318 /* CBCH Mobile Allocation */
1319 if (payload_len >= 1 && data[0] == GSM48_IE_CBCH_MOB_ALLOC) {
1320 if (payload_len < 1 || payload_len < 2 + data[1])
1322 gsm48_decode_mobile_alloc(&s, data + 2, si->data[1]);
1323 payload_len -= 2 + data[1];
1324 data += 2 + data[1];
1326 /* SI 4 Rest Octets */
1327 if (payload_len > 0)
1328 gsm48_decode_si3_rest(data, payload_len);
1333 /* receive "SYSTEM INFORMATION 5" message (9.1.37) */
1334 static int gsm_rr_rx_sysinfo5(struct osmocom_ms *ms, struct msgb *msg)
1336 struct gsm48_system_information_type_5 *si = msgb_l3(msg);
1337 struct gsm48_sysinfo *s = ms->sysinfo;
1338 int payload_len = msgb_l3len(msg) - sizeof(*si);
1340 if (payload_len < 0) {
1341 DEBUGP(DRR, "Short read of SYSTEM INFORMATION 5 message.\n");
1344 /* Neighbor Cell Description */
1345 gsm48_decode_freq_list(s->freq, si->bcch_frequency_list,
1346 sizeof(si->bcch_frequency_list), 0xce, FREQ_TYPE_REP_5);
1351 /* receive "SYSTEM INFORMATION 5bis" message (9.1.38) */
1352 static int gsm_rr_rx_sysinfo5bis(struct osmocom_ms *ms, struct msgb *msg)
1354 struct gsm48_system_information_type_5bis *si = msgb_l3(msg);
1355 struct gsm48_sysinfo *s = ms->sysinfo;
1356 int payload_len = msgb_l3len(msg) - sizeof(*si);
1358 if (payload_len < 0) {
1359 DEBUGP(DRR, "Short read of SYSTEM INFORMATION 5bis message.\n");
1362 /* Neighbor Cell Description */
1363 gsm48_decode_freq_list(s->freq, si->bcch_frequency_list,
1364 sizeof(si->bcch_frequency_list), 0xce, FREQ_TYPE_REP_5bis);
1369 /* receive "SYSTEM INFORMATION 5ter" message (9.1.39) */
1370 static int gsm_rr_rx_sysinfo5ter(struct osmocom_ms *ms, struct msgb *msg)
1372 struct gsm48_system_information_type_5ter *si = msgb_l3(msg);
1373 struct gsm48_sysinfo *s = ms->sysinfo;
1374 int payload_len = msgb_l3len(msg) - sizeof(*si);
1376 if (payload_len < 0) {
1377 DEBUGP(DRR, "Short read of SYSTEM INFORMATION 5ter message.\n");
1380 /* Neighbor Cell Description */
1381 gsm48_decode_freq_list(s->freq, si->bcch_frequency_list,
1382 sizeof(si->bcch_frequency_list), 0xce, FREQ_TYPE_REP_5ter);
1387 /* receive "SYSTEM INFORMATION 6" message (9.1.39) */
1388 static int gsm_rr_rx_sysinfo6(struct osmocom_ms *ms, struct msgb *msg)
1390 struct gsm48_system_information_type_6 *si = msgb_l3(msg);
1391 struct gsm48_sysinfo *s = ms->sysinfo;
1392 int payload_len = msgb_l3len(msg) - sizeof(*si);
1394 if (payload_len < 0) {
1395 DEBUGP(DRR, "Short read of SYSTEM INFORMATION 6 message.\n");
1399 s->cell_identity = ntohl(si->cell_identity);
1401 gsm48_decode_lai(si->lai, s->mcc, s->mnc, s->lac);
1402 /* Cell Options (SACCH) */
1403 gsm48_decode_cellopt_sacch(s, si->control_channel_desc);
1405 s->nb_ncc_permitted = si->ncc_permitted;
1406 /* SI 6 Rest Octets */
1407 if (payload_len >= 4)
1408 gsm48_decode_si6_rest(si->rest_octets, payload_len);
1417 /* paging channel request */
1418 static int gsm_rr_chan2cause[4] = {
1419 RR_EST_CAUSE_ANS_PAG_ANY,
1420 RR_EST_CAUSE_ANS_PAG_SDCCH,
1421 RR_EST_CAUSE_ANS_PAG_TCH_F,
1422 RR_EST_CAUSE_ANS_PAG_TCH_ANY
1425 /* given LV of mobile identity is checked agains ms */
1426 static int gsm_match_mi(struct osmocom_ms *ms, u_int8_t mi)
1433 mi_type = mi[1] & GSM_MI_TYPE_MASK;
1435 case GSM_MI_TYPE_TMSI:
1438 memcpy(&tmsi, mi+2, 4);
1439 if (ms->subscr.tmsi == ntohl(tmsi)
1440 && ms->subscr.tmsi_valid)
1443 case GSM_MI_TYPE_IMSI:
1444 gsm48_mi_to_string(imsi, sizeof(imsi), mi + 1, mi[0]);
1445 if (!strcmp(imsi, ms->subscr.imsi))
1449 DEBUGP(DRR, "paging with unsupported MI type %d.\n", mi_type);
1455 /* paging request 1 message */
1456 static int gsm_rr_rx_pag_req_1(struct osmocom_ms *ms, struct msgb *msg)
1458 struct gsm_rrlayer *rr = ms->rrlayer;
1459 struct gsm48_rr_paging1 *pa = msgb_l3(msg);
1460 int payload_len = msgb_l3len(msg) - sizeof(*pa);
1461 int chan_first, chan_second;
1464 /* 3.3.1.1.2: ignore paging while establishing */
1465 if (rr->state != GSM_RRSTATE_IDLE)
1468 if (payload_len < 2) {
1470 DEBUGP(DRR, "Short read of paging request 1 message .\n");
1474 /* channel needed */
1475 chan_first = pa->cneed1;
1476 chan_second = pa->cneed2;
1479 if (payload_len < mi[0] + 1)
1481 if (gsm_match_mi(ms, mi) > 0)
1482 return gsm_rr_tx_chan_req(ms, gsm_rr_chan2cause[chan_first]);
1484 payload_len -= mi[0] + 1;
1485 mi = pa->data + mi[0] + 1;
1486 if (payload_len < 2)
1488 if (mi[0] != GSM48_IE_MOBILE_ID)
1490 if (payload_len < mi[1] + 2)
1492 if (gsm_match_mi(ms, mi + 1) > 0)
1493 return gsm_rr_tx_chan_req(ms, gsm_rr_chan2cause[chan_second]);
1498 /* paging request 2 message */
1499 static int gsm_rr_rx_pag_req_2(struct osmocom_ms *ms, struct gsm_msgb *msg)
1501 struct gsm_rrlayer *rr = ms->rrlayer;
1502 struct gsm48_rr_paging2 *pa = msgb_l3(msg);
1503 int payload_len = msgb_l3len(msg) - sizeof(*pa);
1505 int chan_first, chan_second, chan_third;
1507 /* 3.3.1.1.2: ignore paging while establishing */
1508 if (rr->state != GSM_RRSTATE_IDLE)
1511 if (payload_len < 0) {
1513 DEBUGP(DRR, "Short read of paging request 2 message .\n");
1517 /* channel needed */
1518 chan_first = pa->cneed1;
1519 chan_second = pa->cneed2;
1521 if (ms->subscr.tmsi == ntohl(pa->tmsi1)
1522 && ms->subscr.tmsi_valid)
1523 return gsm_rr_tx_chan_req(ms, gsm_rr_chan2cause[chan_first]);
1525 if (ms->subscr.tmsi == ntohl(pa->tmsi2)
1526 && ms->subscr.tmsi_valid)
1527 return gsm_rr_tx_chan_req(ms, gsm_rr_chan2cause[chan_second]);
1530 if (payload_len < 2)
1532 if (mi[0] != GSM48_IE_MOBILE_ID)
1534 if (payload_len < mi[1] + 2 + 1) /* must include "channel needed" */
1536 chan_third = mi[mi[1] + 2] & 0x03; /* channel needed */
1537 if (gsm_match_mi(ms, mi + 1) > 0)
1538 return gsm_rr_tx_chan_req(ms, gsm_rr_chan2cause[chan_third]);
1543 /* paging request 3 message */
1544 static int gsm_rr_rx_pag_req_3(struct osmocom_ms *ms, struct gsm_msgb *msg)
1546 struct gsm_rrlayer *rr = ms->rrlayer;
1547 struct gsm48_rr_paging3 *pa = msgb_l3(msg);
1548 int payload_len = msgb_l3len(msg) - sizeof(*pa);
1550 int chan_first, chan_second, chan_third, chan_fourth;
1552 /* 3.3.1.1.2: ignore paging while establishing */
1553 if (rr->state != GSM_RRSTATE_IDLE)
1556 if (payload_len < 0) { /* must include "channel needed", part of *pa */
1558 DEBUGP(DRR, "Short read of paging request 3 message .\n");
1562 /* channel needed */
1563 chan_first = pa->cneed1;
1564 chan_second = pa->cneed2;
1565 chan_third = pa->cneed3;
1566 chan_fourth = pa->cneed4;
1568 if (ms->subscr.tmsi == ntohl(pa->tmsi1)
1569 && ms->subscr.tmsi_valid)
1570 return gsm_rr_tx_chan_req(ms, gsm_rr_chan2cause[chan_first]);
1572 if (ms->subscr.tmsi == ntohl(pa->tmsi2)
1573 && ms->subscr.tmsi_valid)
1574 return gsm_rr_tx_chan_req(ms, gsm_rr_chan2cause[chan_second]);
1576 if (ms->subscr.tmsi == ntohl(pa->tmsi3)
1577 && ms->subscr.tmsi_valid)
1578 return gsm_rr_tx_chan_req(ms, gsm_rr_chan2cause[chan_third]);
1580 if (ms->subscr.tmsi == ntohl(pa->tmsi4)
1581 && ms->subscr.tmsi_valid)
1582 return gsm_rr_tx_chan_req(ms, gsm_rr_chan2cause[chan_fourth]);
1588 * (immediate) assignment
1591 /* match request reference agains request history */
1592 static int gsm_match_ra(struct osmocom_ms *ms, struct gsm48_req_ref *req)
1594 struct gsm_rrlayer *rr = ms->rrlayer;
1597 for (i = 0; i < 3; i++) {
1598 if (rr->cr_hist[i] >= 0
1599 && ref->ra == rr->cr_hist[i]) {
1600 // todo: match timeslot
1608 /* transmit assignment complete after establishing link */
1609 static int gsm_rr_tx_ass_cpl(struct osmocom_ms *ms, uint8_t cause)
1611 struct gsm_rrlayer *rr = ms->rrlayer;
1612 struct msgb *msg = gsm48_rr_msgb_alloc();
1613 struct gsm48_hdr *gh;
1614 struct gsm48_ass_cpl *ac;
1618 gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh));
1619 ac = (struct gsm48_ass_cpl *) msgb_put(msg, sizeof(*ac));
1621 gh->proto = GSM48_PDISC_RR;
1622 gh->msg_type = GSM48_MT_RR_ASS_COMPL;
1625 ac->rr_cause = cause;
1627 return rslms_data_req(ms, msg, 0);
1630 /* transmit failure to old link */
1631 static int gsm_rr_tx_ass_fail(struct osmocom_ms *ms, uint8_t cause)
1633 struct gsm_rrlayer *rr = ms->rrlayer;
1634 struct msgb *msg = gsm48_rr_msgb_alloc();
1635 struct gsm48_hdr *gh;
1636 struct gsm48_ass_fail *ac;
1640 gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh));
1641 af = (struct gsm48_ass_fail *) msgb_put(msg, sizeof(*af));
1643 gh->proto = GSM48_PDISC_RR;
1644 gh->msg_type = GSM48_MT_RR_ASS_COMPL;
1647 af->rr_cause = cause;
1649 return rslms_data_req(ms, msg, 0);
1652 /* receive immediate assignment */
1653 static int gsm_rr_rx_imm_ass(struct osmocom_ms *ms, struct gsm_msgb *msg)
1655 struct gsm_rrlayer *rr = ms->rrlayer;
1656 struct gsm48_imm_ass *ia = msgb_l3(msg);
1657 int payload_len = msgb_l3len(msg) - sizeof(*ia);
1659 /* 3.3.1.1.2: ignore assignment while idle */
1660 if (rr->state != GSM_RRSTATE_CONN_PEND || !rr->wait_assign)
1663 if (payload_len < 1 /* mobile allocation IE must be included */
1664 || *gh->data + 1 > payload_len) { /* short read of IE */
1665 DEBUGP(DRR, "Short read of immediate assignment message.\n");
1668 if (*gh->data > 8) {
1669 DEBUGP(DRR, "moble allocation in immediate assignment too large.\n");
1674 if (gsm_match_ra(ms, ia->req_ref)) {
1675 /* channel description */
1676 memset(&rr->chan_desc, 0, sizeof(cd));
1677 memcpy(rr->chan_desc.chan_desc, ia->chan_desc, 3);
1678 /* timing advance */
1679 rr->timing_advance = ia->timing_advance;
1680 /* mobile allocation */
1681 memcpy(rr->mobile_alloc_lv, gh->data, *gh->data + 1);
1682 rr->wait_assing = 0;
1683 return gsm_rr_dl_est(ms);
1689 /* receive immediate assignment extended */
1690 static int gsm_rr_rx_imm_ass_ext(struct osmocom_ms *ms, struct gsm_msgb *msg)
1692 struct gsm_rrlayer *rr = ms->rrlayer;
1693 struct gsm48_imm_ass_ext *ia = msgb_l3(msg);
1694 int payload_len = msgb_l3len(msg) - sizeof(*ia);
1696 /* 3.3.1.1.2: ignore assignment while idle */
1697 if (rr->state != GSM_RRSTATE_CONN_PEND || !rr->wait_assign)
1700 if (payload_len < 1 /* mobile allocation IE must be included */
1701 || *gh->data + 1 > payload_len) { /* short read of IE */
1702 DEBUGP(DRR, "Short read of immediate assignment extended message.\n");
1705 if (*gh->data > 4) {
1706 DEBUGP(DRR, "moble allocation in immediate assignment extended too large.\n");
1711 if (gsm_match_ra(ms, ia->req_ref1)) {
1712 /* channel description */
1713 memset(&rr->chan_desc, 0, sizeof(cd));
1714 memcpy(rr->chan_desc.chan_desc, ia->chan_desc1, 3);
1715 /* timing advance */
1716 rr->timing_advance = ia->timing_advance1;
1717 /* mobile allocation */
1718 memcpy(rr->mobile_alloc_lv, gh->data, *gh->data + 1);
1719 rr->wait_assing = 0;
1720 return gsm_rr_dl_est(ms);
1723 if (gsm_match_ra(ms, ia->req_ref2)) {
1724 /* channel description */
1725 memset(&rr->chan_desc, 0, sizeof(cd));
1726 memcpy(rr->chan_desc.chan_desc, ia->chan_desc2, 3);
1727 /* timing advance */
1728 rr->timing_advance = ia->timing_advance2;
1729 /* mobile allocation */
1730 memcpy(rr->mobile_alloc_lv, gh->data, *gh->data + 1);
1731 rr->wait_assing = 0;
1732 return gsm_rr_dl_est(ms);
1738 /* receive immediate assignment reject */
1739 static int gsm_rr_rx_imm_ass_rej(struct osmocom_ms *ms, struct gsm_msgb *msg)
1741 struct gsm_rrlayer *rr = ms->rrlayer;
1742 struct gsm48_imm_ass_rej *ia = msgb_l3(msg);
1743 int payload_len = msgb_l3len(msg) - sizeof(*ia);
1745 struct gsm48_req_ref *req_ref;
1746 uint8_t t3122_value;
1748 /* 3.3.1.1.2: ignore assignment while idle */
1749 if (rr->state != GSM_RRSTATE_CONN_PEND || !rr->wait_assign)
1752 if (payload_len < 0) {
1754 DEBUGP(DRR, "Short read of immediate assignment reject message.\n");
1758 for (i = 0; i < 4; i++) {
1759 /* request reference */
1760 req_ref = (struct gsm48_req_ref *)(((uint8_t *)&ia->req_ref1) + i * 4);
1761 if (gsm_match_ra(ms, req_ref)) {
1762 /* wait indication */
1763 t3122_value = ((uint8_t *)&ia->wait_ind1) + i * 4;
1765 start_rr_t3122(rr, t3122_value, 0);
1766 /* start timer 3126 if not already */
1767 if (!timer_pending(rr->t3126))
1768 start_rr_t3126(rr, GSM_T3126_MS);
1769 /* stop assignmnet requests */
1772 /* wait until timer 3126 expires, then release
1773 * or wait for channel assignment */
1781 /* receive additional assignment */
1782 static int gsm_rr_rx_add_ass(struct osmocom_ms *ms, struct msgb *msg)
1784 struct gsm_rrlayer *rr = ms->rrlayer;
1785 struct gsm48_hdr *gh = msgb_l3(msg);
1786 struct gsm48_add_ass *aa = (struct gsm48_add_ass *)gh->data;
1787 int payload_len = msgb_l3len(msg) - sizeof(*gh) - sizeof(*aa);
1789 if (payload_len < 0) {
1790 DEBUGP(DRR, "Short read of ADDITIONAL ASSIGNMENT message.\n");
1791 return gsm_rr_tx_rr_status(ms, GSM48_RR_CAUSE_PROT_ERROR_UNSPC);
1793 tlv_parse(&tp, &rsl_att_tlvdef, aa->data, payload_len, 0, 0);
1795 return gsm_rr_tx_rr_status(ms, GSM48_RR_CAUSE_PROT_ERROR_UNSPC);
1799 * measturement reports
1802 static int gsm_rr_tx_meas_rep(struct osmocom_ms *ms)
1804 struct gsm_rrlayer *rr = ms->rrlayer;
1805 struct gsm_rr_meas *meas = &rr->meas;
1806 struct msgb *msg = gsm48_rr_msgb_alloc();
1807 struct gsm48_hdr *gh;
1808 struct gsm48_meas_res *mr;
1812 gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh));
1813 mr = (struct gsm48_meas_res *) msgb_put(msg, sizeof(*mr));
1815 gh->proto = GSM48_PDISC_RR;
1816 gh->msg_type = GSM48_MT_RR_MEAS_RES;
1818 /* measurement results */
1819 mr->rxlev_full = meas->rxlev_full;
1820 mr->rxlev_sub = meas->rxlev_sub;
1821 mr->rxqual_full = meas->rxqual_full;
1822 mr->rxqual_sub = meas->rxqual_sub;
1823 mr->dtx = meas->dtx;
1825 mr->meas_valid = meas->meas_valid;
1826 if (meas->ncell_na) {
1827 /* no results for serving cells */
1831 mr->no_n_hi = meas->count >> 2;
1832 mr->no_n_lo = meas->count & 3;
1834 rxlev_nc1 = meas->rxlev_nc[0];
1835 rxlev_nc2_hi = meas->rxlev_nc[1] >> 1;
1836 rxlev_nc2_lo = meas->rxlev_nc[1] & 1;
1837 rxlev_nc3_hi = meas->rxlev_nc[2] >> 2;
1838 rxlev_nc3_lo = meas->rxlev_nc[2] & 3;
1839 rxlev_nc4_hi = meas->rxlev_nc[3] >> 3;
1840 rxlev_nc4_lo = meas->rxlev_nc[3] & 7;
1841 rxlev_nc5_hi = meas->rxlev_nc[4] >> 4;
1842 rxlev_nc5_lo = meas->rxlev_nc[4] & 15;
1843 rxlev_nc6_hi = meas->rxlev_nc[5] >> 5;
1844 rxlev_nc6_lo = meas->rxlev_nc[5] & 31;
1845 bsic_nc1_hi = meas->bsic_nc[0] >> 3;
1846 bsic_nc1_lo = meas->bsic_nc[0] & 7;
1847 bsic_nc2_hi = meas->bsic_nc[1] >> 4;
1848 bsic_nc2_lo = meas->bsic_nc[1] & 15;
1849 bsic_nc3_hi = meas->bsic_nc[2] >> 5;
1850 bsic_nc3_lo = meas->bsic_nc[2] & 31;
1851 bsic_nc4 = meas->bsic_nc[3];
1852 bsic_nc5 = meas->bsic_nc[4];
1853 bsic_nc6 = meas->bsic_nc[5];
1854 bcch_f_nc1 = meas->bcch_f_nc[0];
1855 bcch_f_nc2 = meas->bcch_f_nc[1];
1856 bcch_f_nc3 = meas->bcch_f_nc[2];
1857 bcch_f_nc4 = meas->bcch_f_nc[3];
1858 bcch_f_nc5_hi = meas->bcch_f_nc[4] >> 1;
1859 bcch_f_nc5_lo = meas->bcch_f_nc[4] & 1;
1860 bcch_f_nc6_hi = meas->bcch_f_nc[5] >> 2;
1861 bcch_f_nc6_lo = meas->bcch_f_nc[5] & 3;
1863 //todo return rslms_data_req(ms, msg, 0);
1867 * link establishment and release
1870 /* activate link and send establish request */
1871 static int gsm_rr_dl_est(struct osmocom_ms *ms)
1873 struct gsm_rrlayer *rr = ms->rrlayer;
1874 struct gsm_subscriber *subcr = ms->subscr;
1876 struct gsm48_hdr *gh;
1877 struct gsm48_pag_rsp *pa;
1882 /* flush pending RACH requests */
1883 rr->n_chan_req = 0; // just to be safe
1884 msg = msgb_alloc_headroom(20, 16, "RAND_FLUSH");
1887 rslms_tx_rll_req_l3(ms, RSL_MT_RAND_ACC_FLSH, chan_nr, 0, msg);
1889 /* send DL_EST_REQ */
1890 if (rr->rr_est_msg) {
1891 /* use queued message */
1892 msg = rr->rr_est_msg;
1897 /* create paging response */
1898 msg = gsm48_rr_msgb_alloc();
1901 gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh));
1902 pr = (struct gsm48_pag_rsp *) msgb_put(msg, sizeof(*pr));
1904 if (subscr->key_valid)
1905 pr->key_seq = subscr->key_seq;
1909 cc->cm_len = sizeof(cm->cm2);
1910 gsm_rr_enc_cm2(ms, &cc->cm2)
1911 /* mobile identity */
1912 if (ms->subscr.tmsi_valid) {
1913 gsm48_generate_mid_from_tmsi(mi, subscr->tmsi);
1914 } else if (subscr->imsi[0])
1915 gsm48_generate_mid_from_imsi(mi, subscr->imsi);
1918 mi[2] = 0xf0 | GSM_MI_TYPE_NONE;
1920 msgb_put(msg, 1 + mi[1]);
1921 memcpy(cm->data, mi + 1, 1 + mi[1]);
1924 /* activate channel */
1925 tx_ph_dm_est_req(ms, arfcn, rr->chan_desc.chan_desc.chan_nr);
1927 /* start establishmnet */
1928 return rslms_tx_rll_req_l3(ms, RSL_MT_EST_REQ, rr->chan_desc.chan_desc.chan_nr, 0, msg);
1931 /* the link is established */
1932 static int gsm_rr_estab_cnf(struct osmocom_ms *ms, struct msgb *msg)
1934 struct msgb *newmsg;
1935 struct gsm_mm_hdr *newmmh;
1937 /* if MM has releases before confirm, we start release */
1938 if (rr->state == GSM_RRSTATE_IDLE) {
1939 /* release message */
1940 newmsg = gsm48_rr_msgb_alloc();
1944 return rslms_tx_rll_req_l3(ms, RSL_MT_REL_REQ, 0, 0, newmsg);
1948 new_rr_state(rr, GSM_RRSTATE_DEDICATED);
1950 /* send confirm to upper layer */
1951 newmsg = gsm48_mm_msgb_alloc();
1954 newmmh = (struct gsm_mm_hdr *)newmsg->data;
1955 newmmh->msg_type = (rr->rr_est_req) ? RR_EST_CNF : RR_EST_IND;
1956 return rr_rcvmsg(ms, newmsg);
1959 /* the link is released */
1960 static int gsm_rr_rel_cnf(struct osmocom_ms *ms, struct gsm_dl *dlmsg)
1962 /* deactivate channel */
1963 tx_ph_dm_rel_req(ms, arfcn, rr->chan_desc.chan_desc.chan_nr);
1965 /* do nothing, because we aleady IDLE
1966 * or we received the rel cnf of the last connection
1967 * while already requesting a new one (CONN PEND)
1974 * radio ressource requests
1977 /* establish request for dedicated mode */
1978 static int gsm_rr_est_req(struct osmocom_ms *ms, struct msgb *msg)
1980 struct gsm_rrlayer *rr = ms->rrlayer;
1981 struct gsm_mm_hdr *mmh = msgb->data;
1982 struct gsm48_hdr *gh = msgb_l3(msg);
1985 if (timer_pending(rr->t3122)) {
1986 if (rrmsg->cause != RR_EST_CAUSE_EMERGENCY) {
1987 struct msgb *newmsg;
1988 struct gsm_mm_hdr *newmmh;
1990 newmsg = gsm48_mm_msgb_alloc();
1993 newmmh = (struct gsm_mm_hdr *)newmsg->data;
1994 newmmh->msg_type RR_REL_IND;
1995 newmmh->cause = GSM_MM_CAUSE_T3122_PEND;
1996 return rr_rcvmsg(ms, newmsg);
2002 if (rrmsg->cause != RR_EST_CAUSE_EMERGENCY) {
2003 if (!(ms->access_class & ms->si.access_class)) {
2005 if (!ms->opt.access_class_override) {
2006 struct msgb *newmsg;
2007 struct gsm_mm_hdr *newmmh;
2009 newmsg = gsm48_mm_msgb_alloc();
2012 newmmh = (struct gsm_mm_hdr *)newmsg->data;
2013 newmmh->msg_type RR_REL_IND;
2014 newmmh->cause = GSM_MM_CAUSE_NOT_AUTHORIZED;
2015 return rr_rcvmsg(ms, newmsg);
2019 if (!(ms->access_class & ms->si.access_class)
2020 && !ms->si.emergency)
2024 /* requested by RR */
2027 /* clone and store REQUEST message */
2029 printf("Error, missing l3 message\n");
2032 rr->rr_est_msg = msgb_alloc_headroom(256, 16, "EST_REQ");
2033 if (!rr->rr_est_msg)
2035 memcpy(msgb_put(rr_est_msg, msgb_l3len(msg)),
2036 msgb_l3(msg), msgb_l3len(msg));
2038 /* request channel */
2039 return gsm_rr_tx_chan_req(ms, mmh->cause);
2042 /* send all queued messages down to layer 2 */
2043 static int gsm_rr_dequeue_down(struct osmocom_ms *ms)
2045 struct gsm_rrlayer *rr = ms->rrlayer;
2048 while((msg = msgb_dequeue(&rr->downqueue))) {
2049 rslms_tx_rll_req_l3(ms, RSL_MT_DATA_REQ, chan_nr, 0, msg);
2055 /* 3.4.2 transfer data in dedicated mode */
2056 static int gsm_rr_data_req(struct osmocom_ms *ms, struct msgb *msg)
2058 struct gsm_rrlayer *rr = ms->rrlayer;
2060 if (rr->state != GSM_RRSTATE_DEDICATED) {
2066 msgb_pull(msg, sizeof(struct gsm_mm_hdr));
2068 /* queue message, during handover or assignment procedure */
2069 if (rr->hando_susp_state || rr->assign_susp_state) {
2070 msgb_enqueue(&rr->downqueue, msg);
2074 /* forward message */
2075 return rslms_tx_rll_req_l3(ms, RSL_MT_DATA_REQ, chan_nr, 0, msg);
2079 * data indications from data link
2082 /* 3.4.2 data from layer 2 to RR and upper layer*/
2083 static int gsm_rr_data_ind(struct osmocom_ms *ms, struct msbg *msg)
2085 struct gsm48_hdr *gh = msgb_l3(msg);
2086 u_int8_t pdisc = gh->proto_discr & 0x0f;
2088 if (pdisc == GSM48_PDISC_RR) {
2091 switch(gh->msg_type) {
2092 case GSM48_MT_RR_ADD_ASS:
2093 rc = gsm_rr_rx_add_ass(ms, msg);
2095 case GSM48_MT_RR_ASS_CMD:
2096 rc = gsm_rr_rx_ass_cmd(ms, msg);
2098 case GSM48_MT_RR_CIP_MODE_CMD:
2099 rc = gsm_rr_rx_cip_mode_cmd(ms, msg);
2101 case GSM48_MT_RR_CLSM_ENQ:
2102 rc = gsm_rr_rx_cm_enq(ms, msg);
2104 case GSM48_MT_RR_HANDO_CMD:
2105 rc = gsm_rr_rx_hando_cmd(ms, msg);
2107 case GSM48_MT_RR_FREQ_REDEF:
2108 rc = gsm_rr_rx_freq_redef(ms, msg);
2111 DEBUGP(DRR, "Message type 0x%02x unknown.\n", gh->msg_type);
2119 msgb_push(msg, sizeof(struct gsm_mm_hdr));
2120 mmh = (struct gsm_mm_hdr *)msg->data;
2121 mmh->msg_type = RR_DATA_IND;
2122 /* forward message */
2123 return rr_rcvmsg(ms, msg);
2126 /* unit data from layer 2 to RR layer */
2127 static int gsm_rr_unit_data_ind(struct osmocom_ms *ms, struct msgb *msg)
2129 struct gsm48_hdr *gh = msgb_l3(msg);
2131 switch (gh->msg_type) {
2132 case GSM48_MT_RR_SYSINFO_1:
2133 return gsm_rr_rx_sysinfo1(ms, dlmsg->msg);
2134 case GSM48_MT_RR_SYSINFO_2:
2135 return gsm_rr_rx_sysinfo2(ms, dlmsg->msg);
2136 case GSM48_MT_RR_SYSINFO_2bis:
2137 return gsm_rr_rx_sysinfo2bis(ms, dlmsg->msg);
2138 case GSM48_MT_RR_SYSINFO_2ter:
2139 return gsm_rr_rx_sysinfo2ter(ms, dlmsg->msg);
2140 case GSM48_MT_RR_SYSINFO_3:
2141 return gsm_rr_rx_sysinfo3(ms, dlmsg->msg);
2142 case GSM48_MT_RR_SYSINFO_4:
2143 return gsm_rr_rx_sysinfo4(ms, dlmsg->msg);
2144 case GSM48_MT_RR_SYSINFO_5:
2145 return gsm_rr_rx_sysinfo5(ms, dlmsg->msg);
2146 case GSM48_MT_RR_SYSINFO_5bis:
2147 return gsm_rr_rx_sysinfo5bis(ms, dlmsg->msg);
2148 case GSM48_MT_RR_SYSINFO_5ter:
2149 return gsm_rr_rx_sysinfo5ter(ms, dlmsg->msg);
2150 case GSM48_MT_RR_SYSINFO_6:
2151 return gsm_rr_rx_sysinfo6(ms, dlmsg->msg);
2152 case GSM48_MT_RR_PAG_REQ_1:
2153 return gsm_rr_rx_pag_req_1(ms, dlmsg->msg);
2154 case GSM48_MT_RR_PAG_REQ_2:
2155 return gsm_rr_rx_pag_req_2(ms, dlmsg->msg);
2156 case GSM48_MT_RR_PAG_REQ_3:
2157 return gsm_rr_rx_pag_req_3(ms, dlmsg->msg);
2158 case GSM48_MT_RR_IMM_ASS:
2159 return gsm_rr_rx_imm_ass(ms, dlmsg->msg);
2160 case GSM48_MT_RR_IMM_ASS_EXT:
2161 return gsm_rr_rx_imm_ass_ext(ms, dlmsg->msg);
2162 case GSM48_MT_RR_IMM_ASS_REJ:
2163 return gsm_rr_rx_imm_ass_rej(ms, dlmsg->msg);
2165 DEBUGP(DRR, "Message type 0x%02x unknown.\n", gh->msg_type);
2173 -------------------------------------------------------------------------------
2197 add support structure
2198 initialize support structure
2200 queue messages (rslms_data_req) if channel changes
2202 flush rach msg in all cases: during sending, after its done, and when aborted
2203 stop timers on abort
2204 debugging. (wenn dies todo erledigt ist, bitte in den anderen code moven)
2205 wird beim abbruch immer der gepufferte cm-service-request entfernt, auch beim verschicken?:
2207 todo rr_sync_ind when receiving ciph, re ass, channel mode modify
2209 todo change procedures, release procedure
2211 during procedures, like "channel assignment" or "handover", rr requests must be queued
2212 they must be dequeued when complete
2213 they queue must be flushed when rr fails
2215 #include <osmocore/protocol/gsm_04_08.h>
2216 #include <osmocore/msgb.h>
2217 #include <osmocore/gsm48.h>
2219 static struct rr_names {
2223 { "RR_EST_REQ", RR_EST_REQ },
2224 { "RR_EST_IND", RR_EST_IND },
2225 { "RR_EST_CNF", RR_EST_CNF },
2226 { "RR_REL_IND", RR_REL_IND },
2227 { "RR_SYNC_IND", RR_SYNC_IND },
2228 { "RR_DATA_REQ", RR_DATA_REQ },
2229 { "RR_DATA_IND", RR_DATA_IND },
2230 { "RR_UNIT_DATA_IND", RR_UNIT_DATA_IND },
2231 { "RR_ABORT_REQ", RR_ABORT_REQ },
2232 { "RR_ABORT_IND", RR_ABORT_IND },
2233 { "RR_ACT_REQ", RR_ACT_REQ },
2238 char *get_rr_name(int value)
2242 for (i = 0; rr_names[i].name; i++) {
2243 if (rr_names[i].value == value)
2244 return rr_names[i].name;
2247 return "RR_Unknown";
2250 static int rr_rcvmsg(struct osmocom_ms *ms,
2251 int msg_type, struct gsm_mncc *rrmsg)
2255 DEBUGP(DRR, "(MS %s) Sending '%s' to MM.\n", ms->name,
2256 get_rr_name(msg_type));
2258 rrmsg->msg_type = msg_type;
2260 msg = msgb_alloc(sizeof(struct gsm_rr), "RR");
2263 memcpy(msg->data, rrmsg, sizeof(struct gsm_rr));
2264 msgb_enqueue(&ms->rr.upqueue, msg);
2269 static int gsm_rr_abort_req(struct osmocom_ms *ms, struct gsm_rr *rrmsg)
2271 struct gsm_rrlayer *rr = ms->rrlayer;
2273 if (rr->state == GSM_RRSTATE_DEDICATED) {
2274 struct gsm_dl dlmsg;
2276 memset(&dlmsg, 0, sizeof(dlmsg));
2277 return gsm_send_dl(ms, DL_RELEASE_REQ, dlmsg);
2279 new_rr_state(rr, GSM_RRSTATE_IDLE);
2282 static int gsm_rr_act_req(struct osmocom_ms *ms, struct gsm_rr *rrmsg)
2286 /* state trasitions for radio ressource messages (upper layer) */
2287 static struct rrdownstate {
2290 int (*rout) (struct osmocom_ms *ms, struct gsm_dl *rrmsg);
2291 } rrdownstatelist[] = {
2292 {SBIT(GSM_RRSTATE_IDLE), /* 3.3.1.1 */
2293 RR_EST_REQ, gsm_rr_est_req},
2294 {SBIT(GSM_RRSTATE_DEDICATED), /* 3.4.2 */
2295 RR_DATA_REQ, gsm_rr_data_req},
2296 {SBIT(GSM_RRSTATE_CONN_PEND) | SBIT(GSM_RRSTATE_DEDICATED),
2297 RR_ABORT_REQ, gsm_rr_abort_req},
2298 {SBIT(GSM_RRSTATE_DEDICATED),
2299 RR_ACT_REQ, gsm_rr_act_req},
2302 #define RRDOWNSLLEN \
2303 (sizeof(rrdownstatelist) / sizeof(struct rrdownstate))
2305 static int gsm_send_rr(struct osmocom_ms *ms, struct gsm_rr *msg)
2307 struct gsm_mm_hdr *mmh = msgb->data;
2308 int msg_type = mmh->msg_type;
2310 DEBUGP(DRR, "(ms %s) Sending '%s' to DL in state %s\n", ms->name,
2311 gsm0408_rr_msg_names[msg_type], mm_state_names[mm->state]);
2313 /* find function for current state and message */
2314 for (i = 0; i < RRDOWNSLLEN; i++)
2315 if ((msg_type == rrdownstatelist[i].type)
2316 && ((1 << mm->state) & rrdownstatelist[i].states))
2318 if (i == RRDOWNSLLEN) {
2319 DEBUGP(DRR, "Message unhandled at this state.\n");
2323 rc = rrdownstatelist[i].rout(ms, dlmsg);
2325 /* free msgb uless it is forwarded */
2326 if (rrdownstatelist[i].rout != gsm_rr_data_req)
2333 /* channel description */
2334 rsl_dec_chan_nr(aa->chan_desc.chan_nr, &ch_type, &ch_subch, &ch_ts);
2335 h = aa->chan_desc.h0.h;
2337 rsl_dec_chan_h1(&aa->chan_desc, &tsc, &maio, &hsn);
2339 rsl_dec_chan_h0(&aa->chan_desc, &tsc, &arfcn);
2340 /* mobile allocation */
2342 if (!TLVP_PRESENT(&tp, GSM48_IE_MOBILE_ALLOC))
2343 return gsm_rr_tx_rr_status(ms, ...);
2344 gsm48_decode_mobile_alloc(&ma,
2345 TLVP_VAL(&tp, GSM48_IE_MOBILE_ALLOC)-1);
2348 if (TLVP_PRESENT(&tp, GSM48_IE_START_TIME)) {
2349 gsm48_decode_start_time(&frame,
2350 TLVP_VAL(&tp, GSM48_IE_START_TIME)-1);
2355 /* memcopy of LV of given IE from tlv_parsed structure */
2356 static int tlv_copy(void *dest, int dest_len, struct tlv_parsed *tp, uint8_t ie)
2365 if (!TLVP_PRESENT(tp, ie))
2368 len = TLVP_LEN(tp, ie);
2371 if (len + 1 > dest_len)
2374 memcpy(dest, TLVP_VAL(tp, ie) - 1, len + 1);
2378 static int gsm_rr_rx_ass_cmd(struct osmocom_ms *ms, struct msgb *msg)
2380 struct gsm_rrlayer *rr = ms->rrlayer;
2381 struct gsm48_hdr *gh = msgb_l3(msg);
2382 struct gsm48_ass_cmd *ac = (struct gsm48_ass_cmd *)gh->data;
2383 int payload_len = msgb_l3len(msg) - sizeof(*gh) - sizeof(*ac);
2384 struct tlv_parsed tp;
2385 struct gsm_rr_chan_desc cd;
2387 memset(&cd, 0, sizeof(cd));
2389 if (payload_len < 0) {
2390 DEBUGP(DRR, "Short read of ASSIGNMENT COMMAND message.\n");
2391 return gsm_rr_tx_rr_status(ms, GSM48_RR_CAUSE_PROT_ERROR_UNSPC);
2393 tlv_parse(&tp, &rsl_att_tlvdef, ac->data, payload_len, 0, 0);
2395 /* channel description */
2396 memcpy(&cd.chan_desc, &ac->chan_desc, sizeof(chan_desc));
2398 cd.power_command = ac->power_command;
2399 /* frequency list, after timer */
2400 tlv_copy(&cd.fl, sizeof(fl_after), &tp, GSM48_IE_FRQLIST_AFTER);
2401 /* cell channel description */
2402 tlv_copy(&cd.ccd, sizeof(ccd), &tp, GSM48_IE_CELL_CH_DESC);
2403 /* multislot allocation */
2404 tlv_copy(&cd.multia, sizeof(ma), &tp, GSM48_IE_MSLOT_DESC);
2406 tlv_copy(&cd.chanmode, sizeof(chanmode), &tp, GSM48_IE_CHANMODE_1);
2407 /* mobile allocation, after time */
2408 tlv_copy(&cd.moba_after, sizeof(moba_after), &tp, GSM48_IE_MOB_AL_AFTER);
2410 tlv_copy(&cd.start, sizeof(start), &tp, GSM_IE_START_TIME);
2411 /* frequency list, before time */
2412 tlv_copy(&cd.fl_before, sizeof(fl_before), &tp, GSM48_IE_FRQLIST_BEFORE);
2413 /* channel description, before time */
2414 tlv_copy(&cd.chan_desc_before, sizeof(cd_before), &tp, GSM48_IE_CHDES_1_BEFORE);
2415 /* frequency channel sequence, before time */
2416 tlv_copy(&cd.fcs_before, sizeof(fcs_before), &tp, GSM48_IE_FRQSEQ_BEFORE);
2417 /* mobile allocation, before time */
2418 tlv_copy(&cd.moba_before, sizeof(moba_before), &tp, GSM48_IE_MOB_AL_BEFORE);
2419 /* cipher mode setting */
2420 if (TLVP_PRESENT(&tp, GSM48_IE_CIP_MODE_SET))
2421 cd.cipher = *TLVP_VAL(&tp, GSM48_IE_CIP_MODE_SET);
2426 DEBUGP(DRR, "No current cell allocation available.\n");
2427 return gsm_rr_tx_rr_status(ms, GSM48_RR_CAUSE_NO_CELL_ALLOC_A);
2430 if (not supported) {
2431 DEBUGP(DRR, "New channel is not supported.\n");
2432 return gsm_rr_tx_rr_status(ms, RR_CAUSE_CHAN_MODE_UNACCEPT);
2435 if (freq not supported) {
2436 DEBUGP(DRR, "New frequency is not supported.\n");
2437 return gsm_rr_tx_rr_status(ms, RR_CAUSE_FREQ_NOT_IMPLEMENTED);
2440 /* store current channel descriptions, to return in case of failure */
2441 memcpy(&rr->chan_last, &rr->chan_desc, sizeof(*cd));
2442 /* copy new description */
2443 memcpy(&rr->chan_desc, cd, sizeof(cd));
2445 /* start suspension of current link */
2446 newmsg = gsm48_rr_msgb_alloc();
2449 rslms_tx_rll_req_l3(ms, RSL_MT_SUSP_REQ, rr->chan_desc.chan_nr, 0, msg);
2451 /* change into special assignment suspension state */
2452 rr->assign_susp_state = 1;
2453 rr->resume_last_state = 0;
2458 /* receiving HANDOVER COMMAND message (9.1.15) */
2459 static int gsm_rr_rx_hando_cmd(struct osmocom_ms *ms, struct msgb *msg)
2461 struct gsm_rrlayer *rr = ms->rrlayer;
2462 struct gsm48_hdr *gh = msgb_l3(msg);
2463 struct gsm48_ho_cmd *ho = (struct gsm48_ho_cmd *)gh->data;
2464 int payload_len = msgb_l3len(msg) - sizeof(*gh) - sizeof(*ho);
2465 struct tlv_parsed tp;
2466 struct gsm_rr_chan_desc cd;
2468 memset(&cd, 0, sizeof(cd));
2470 if (payload_len < 0) {
2471 DEBUGP(DRR, "Short read of HANDOVER COMMAND message.\n");
2472 return gsm_rr_tx_rr_status(ms, GSM48_RR_CAUSE_PROT_ERROR_UNSPC);
2474 tlv_parse(&tp, &rsl_att_tlvdef, ho->data, payload_len, 0, 0);
2480 today: more IE parsing
2482 /* store current channel descriptions, to return in case of failure */
2483 memcpy(&rr->chan_last, &rr->chan_desc, sizeof(*cd));
2484 /* copy new description */
2485 memcpy(&rr->chan_desc, cd, sizeof(cd));
2487 /* start suspension of current link */
2488 newmsg = gsm48_rr_msgb_alloc();
2491 rslms_tx_rll_req_l3(ms, RSL_MT_SUSP_REQ, rr->chan_desc.chan_nr, 0, msg);
2493 /* change into special handover suspension state */
2494 rr->hando_susp_state = 1;
2495 rr->resume_last_state = 0;
2500 static int gsm_rr_rx_hando_cmd(struct osmocom_ms *ms, struct msgb *msg)
2502 struct gsm_rrlayer *rr = ms->rrlayer;
2503 struct gsm48_hdr *gh = msgb_l3(msg);
2504 int payload_len = msgb_l3len(msg) - sizeof(*gh);
2506 static int gsm_rr_estab_cnf_dedicated(struct osmocom_ms *ms, struct msgb *msg)
2508 if (rr->hando_susp_state || rr->assign_susp_state) {
2509 if (rr->resume_last_state) {
2510 rr->resume_last_state = 0;
2511 gsm_rr_tx_ass_cpl(ms, GSM48_RR_CAUSE_NORMAL);
2513 gsm_rr_tx_ass_fail(ms, RR_CAUSE_PROTO_ERR_UNSPEC);
2515 /* transmit queued frames during ho / ass transition */
2516 gsm_rr_dequeue_down(ms);
2522 static int gsm_rr_connect_cnf(struct osmocom_ms *ms, struct msgbl *msg)
2526 static int gsm_rr_rel_ind(struct osmocom_ms *ms, struct msgb *msg)
2530 static int gsm_rr_rel_cnf_dedicated(struct osmocom_ms *ms, struct msgb *msg)
2532 struct gsm_rrlayer *rr = ms->rrlayer;
2534 if (rr->hando_susp_state || rr->assign_susp_state) {
2537 /* change radio to new channel */
2538 tx_ph_dm_est_req(ms, arfcn, rr->chan_desc.chan_desc.chan_nr);
2540 newmsg = gsm48_rr_msgb_alloc();
2543 /* send DL-ESTABLISH REQUEST */
2544 rslms_tx_rll_req_l3(ms, RSL_MT_EST_REQ, rr->chan_desc.chan_desc.chan_nr, 0, newmsg);
2547 if (rr->hando_susp_state) {
2548 gsm_rr_tx_hando_access(ms);
2549 rr->hando_acc_left = 3;
2554 static int gsm_rr_mdl_error_ind(struct osmocom_ms *ms, struct msgb *msg)
2556 struct gsm_rrlayer *rr = ms->rrlayer;
2557 struct msgb *newmsg;
2558 struct gsm_mm_hdr *newmmh;
2560 if (rr->hando_susp_state || rr->assign_susp_state) {
2561 if (!rr->resume_last_state) {
2562 rr->resume_last_state = 1;
2564 /* get old channel description */
2565 memcpy(&rr->chan_desc, &rr->chan_last, sizeof(*cd));
2567 /* change radio to old channel */
2568 tx_ph_dm_est_req(ms, arfcn, rr->chan_desc.chan_desc.chan_nr);
2570 /* re-establish old link */
2571 newmsg = gsm48_rr_msgb_alloc();
2574 return rslms_tx_rll_req_l3(ms, RSL_MT_EST_REQ, rr->chan_desc.chan_desc.chan_nr, 0, newmsg);
2576 rr->resume_last_state = 0;
2579 /* deactivate channel */
2580 tx_ph_dm_rel_req(ms, arfcn, rr->chan_desc.chan_desc.chan_nr);
2582 /* send abort ind to upper layer */
2583 newmsg = gsm48_mm_msgb_alloc();
2587 newmmh = (struct gsm_mm_hdr *)newmsg->data;
2588 newmmh->msg_type = RR_ABORT_IND;
2589 newmmh->cause = GSM_MM_CAUSE_LINK_FAILURE;
2590 return rr_rcvmsg(ms, msg);
2593 /* state trasitions for link layer messages (lower layer) */
2594 static struct dldatastate {
2597 int (*rout) (struct osmocom_ms *ms, struct gsm_dl *dlmsg);
2598 } dldatastatelist[] = {
2599 {SBIT(GSM_RRSTATE_IDLE) | SBIT(GSM_RRSTATE_CONN_PEND),
2600 DL_UNIT_DATA_IND, gsm_rr_unit_data_ind},
2601 {SBIT(GSM_RRSTATE_DEDICATED), /* 3.4.2 */
2602 DL_DATA_IND, gsm_rr_data_ind},
2603 {SBIT(GSM_RRSTATE_IDLE) | SBIT(GSM_RRSTATE_CONN_PEND),
2604 DL_ESTABLISH_CNF, gsm_rr_estab_cnf},
2605 {SBIT(GSM_RRSTATE_DEDICATED),
2606 DL_ESTABLISH_CNF, gsm_rr_estab_cnf_dedicated},
2608 DL_CONNECT_CNF, gsm_rr_connect_cnf},
2610 DL_RELEASE_IND, gsm_rr_rel_ind},
2611 {SBIT(GSM_RRSTATE_IDLE) | SBIT(GSM_RRSTATE_CONN_PENDING),
2612 DL_RELEASE_CNF, gsm_rr_rel_cnf},
2613 {SBIT(GSM_RRSTATE_DEDICATED),
2614 DL_RELEASE_CNF, gsm_rr_rel_cnf_dedicated},
2615 {SBIT(GSM_RRSTATE_CONN_PEND), /* 3.3.1.1.2 */
2616 DL_RANDOM_ACCESS_CNF, gsm_rr_rand_acc_cnf},
2617 {SBIT(GSM_RRSTATE_DEDICATED),
2618 DL_RANDOM_ACCESS_CNF, gsm_rr_rand_acc_cnf_dedicated},
2620 MDL_ERROR_IND, gsm_rr_mdl_error_ind},
2623 #define DLDATASLLEN \
2624 (sizeof(dldatastatelist) / sizeof(struct dldatastate))
2626 static int gsm_rcv_dl(struct osmocom_ms *ms, struct gsm_dl *dlmsg)
2628 int msg_type = dlmsg->msg_type;
2630 DEBUGP(DRR, "(ms %s) Received '%s' from DL in state %s\n", ms->name,
2631 gsm0408_dl_msg_names[msg_type], mm_state_names[mm->state]);
2633 /* find function for current state and message */
2634 for (i = 0; i < DLDATASLLEN; i++)
2635 if ((msg_type == dldatastatelist[i].type)
2636 && ((1 << mm->state) & dldatastatelist[i].states))
2638 if (i == DLDATASLLEN) {
2639 DEBUGP(DRR, "Message unhandled at this state.\n");
2643 rc = dldatastatelist[i].rout(ms, dlmsg);
2645 /* free msgb uless it is forwarded */
2646 if (dldatastatelist[i].rout != gsm_rr_data_ind)
2652 static void timeout_rr_t3124(void *arg)
2654 struct gsm_rrlayer *rr = arg;
2656 /* stop sending more access bursts when timer expired */
2659 /* get old channel description */
2660 memcpy(&rr->chan_desc, &rr->chan_last, sizeof(*cd));
2662 /* change radio to old channel */
2663 tx_ph_dm_est_req(ms, arfcn, rr->chan_desc.chan_desc.chan_nr);
2665 /* re-establish old link */
2666 msg = gsm48_rr_msgb_alloc();
2669 return rslms_tx_rll_req_l3(ms, RSL_MT_EST_REQ, rr->chan_desc.chan_desc.chan_nr, 0, msg);
2674 struct gsm_rrlayer *gsm_new_rr(struct osmocom_ms *ms)
2676 struct gsm_rrlayer *rr;
2678 rr = calloc(1, sizeof(struct gsm_rrlayer));
2690 void gsm_destroy_rr(struct gsm_rrlayer *rr)
2696 alle timer gestoppt?:
2697 todo stop t3122 when cell change
2699 memset(rr, 0, sizeof(struct gsm_rrlayer));
2705 /* send HANDOVER ACCESS burst (9.1.14) */
2706 static int gsm_rr_tx_hando_access(struct osmocom_ms *ms)
2708 newmsg = msgb_alloc_headroom(20, 16, "HAND_ACCESS");
2711 *msgb_put(newmsg, 1) = rr->hando_ref;
2712 return rslms_tx_rll_req_l3(ms, RSL_MT_RAND_ACC_REQ, chan_nr, 0, newmsg);
2714 /* send next channel request in dedicated state */
2715 static int gsm_rr_rand_acc_cnf_dedicated(struct osmocom_ms *ms, struct msgb *msg)
2717 struct gsm_rrlayer *rr = ms->rrlayer;
2718 struct msgb *newmsg;
2721 if (!rr->hando_susp_state) {
2722 DEBUGP(DRR, "Random acces confirm, but not in handover state.\n");
2726 /* send up to four handover access bursts */
2727 if (rr->hando_acc_left) {
2728 rr->hando_acc_left--;
2729 gsm_rr_tx_hando_access(ms);
2733 /* start timer for sending next HANDOVER ACCESS bursts afterwards */
2734 if (!timer_pending(&rr->t3124)) {
2735 if (allocated channel is SDCCH)
2736 start_rr_t3124(rr, GSM_T3124_675);
2738 start_rr_t3124(rr, GSM_T3124_320);
2739 if (!rr->n_chan_req) {
2740 start_rr_t3126(rr, GSM_T3126_MS);
2745 /* wait for PHYSICAL INFORMATION message or T3124 timeout */
projects / osmocom-bb.git / blob