2 * (C) 2010 by Andreas Eversberg <jolly@eversberg.eu>
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License along
17 * with this program; if not, write to the Free Software Foundation, Inc.,
18 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
26 char *rr_state_names[] = {
32 static void new_rr_state(struct gsm_rrlayer *rr, int state)
34 if (state < 0 || state >= (sizeof(rr_state_names) / sizeof(char *)))
37 if (state == GSM_RRSTATE_IDLE) {
40 /* free establish message, if any */
43 msgb_free(rr->rr_est_msg);
44 rr->rr_est_msg = NULL;
46 /* free all pending messages */
47 while((msg = msgb_dequeue(&rr->downqueue)))
51 DEBUGP(DRR, "new state %s -> %s\n",
52 rr_state_names[rr->state], rr_state_names[state]);
61 static void start_rr_t3122(struct gsm_rrlayer *rr, int sec, int micro)
63 DEBUGP(DRR, "starting T3122 with %d seconds\n", current, sec);
64 rr->t3122.cb = timeout_rr_t3122;
66 bsc_schedule_timer(&rr->t3122, sec, micro);
69 static void start_rr_t3126(struct gsm_rrlayer *rr, int sec, int micro)
71 DEBUGP(DRR, "starting T3126 with %d seconds\n", current, sec);
72 rr->t3126.cb = timeout_rr_t3126;
74 bsc_schedule_timer(&rr->t3126, sec, micro);
77 static void stop_rr_t3122(struct gsm_rrlayer *rr)
79 if (timer_pending(rr->t3122)) {
80 DEBUGP(DRR, "stopping pending timer T3122\n");
81 bsc_del_timer(&rr->t3122);
83 rr->t3122_running = 0;
86 static void stop_rr_t3126(struct gsm_rrlayer *rr)
88 if (bsc_timer_pending(rr->t3126)) {
89 DEBUGP(DRR, "stopping pending timer T3126\n");
90 bsc_del_timer(&rr->t3126);
94 static void timeout_rr_t3122(void *arg)
98 static void timeout_rr_t3126(void *arg)
100 struct gsm_rrlayer *rr = arg;
102 if (rr->rr_est_req) {
103 struct msgb *msg = gsm48_mm_msgb_alloc();
104 struct gsm_mm_hdr *mmh;
108 mmh = (struct gsm_mm_hdr *)msg->data;
109 mmh->msg_type RR_REL_IND;
110 mmh->cause = GSM_MM_CAUSE_RA_FAILURE;
114 new_rr_state(rr, GSM_RRSTATE_IDLE);
121 /* send rr status request */
122 static int gsm_rr_tx_rr_status(struct osmocom_ms *ms, uint8_t cause)
124 struct gsm_rrlayer *rr = ms->rrlayer;
125 struct msgb *msg = gsm48_rr_msgb_alloc();
126 struct gsm48_hdr *gh;
127 struct gsm48_rr_status *st;
131 gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh));
132 st = (struct gsm48_rr_status *) msgb_put(msg, sizeof(*st));
134 gh->proto = GSM48_PDISC_RR;
135 gh->msg_type = GSM48_MT_RR_CIPH_M_COMPL;
138 st->rr_cause = cause;
140 return rslms_data_req(ms, msg, 0);
147 /* send chiperhing mode complete */
148 static int gsm_rr_tx_cip_mode_cpl(struct osmocom_ms *ms, uint8_t cr)
150 struct gsm_rrlayer *rr = ms->rrlayer;
151 struct gsm_subscriber *subcr = ms->subscr;
152 struct msgb *msg = gsm48_rr_msgb_alloc();
153 struct gsm48_hdr *gh;
154 u_int8_t buf[11], *ie;
158 gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh));
160 gh->proto = GSM48_PDISC_RR;
161 gh->msg_type = GSM48_MT_RR_CIPH_M_COMPL;
165 gsm48_generate_mid_from_imsi(ie, subscr->imei);
166 ie = msgb_put(msg, 1 + buf[1]);
167 memcpy(ie, buf + 1, 1 + buf[1]);
170 return rslms_data_req(ms, msg, 0);
173 /* receive ciphering mode command */
174 static int gsm_rr_rx_cip_mode_cmd(struct osmocom_ms *ms, struct msgb *msg)
176 struct gsm_rrlayer *rr = ms->rrlayer;
177 struct gsm48_hdr *gh = msgb_l3(msg);
178 struct gsm48_cip_mode_cmd *cm = (struct gsm48_cip_mode_cmd *)gh->data;
179 int payload_len = msgb_l3len(msg) - sizeof(*gh) - sizeof(*cm);
180 uint8_t sc, alg_id, cr;
182 if (payload_len < 0) {
183 DEBUGP(DRR, "Short read of CIPHERING MODE COMMAND message.\n");
184 return gsm_rr_tx_rr_status(ms, GSM48_RR_CAUSE_PROT_ERROR_UNSPC);
187 /* cipher mode setting */
190 /* cipher mode response */
195 return gsm_rr_tx_rr_status(ms, GSM48_RR_CAUSE_PROT_ERROR_UNSPC);
197 /* change to ciphering */
198 tx_ph_cipher_req(ms, sc, alg_id);
199 rr->sc = sc, rr->alg_id = alg_id;
202 return gsm_rr_tx_cip_mode_cpl(ms, cr);
209 /* encode classmark 3 */
216 buf[byte] |= ((a) << bit); \
220 static int gsm_rr_enc_cm3(struct osmocom_sm *ms, uint8_t *buf, uint8_t *len)
222 struct gsm_support *sup = ms->support;
223 uint8_t bit = 0, byte = 0;
227 /* band 3 supported */
232 /* band 2 supported */
233 if (sup->e_gsm || sup->r_gsm)
237 /* band 1 supported */
238 if (sup->p_gsm && !(sup->e_gsm || sup->r_gsm))
259 /* radio capability */
260 if (sup->dcs_1800 && !sup->p_gsm && !(sup->e_gsm || sup->r_gsm)) {
266 ADD_BIT((sup->dcs_capa >> 3) & 1)
267 ADD_BIT((sup->dcs_capa >> 2) & 1)
268 ADD_BIT((sup->dcs_capa >> 1) & 1)
269 ADD_BIT(sup->dcs_capa & 1)
271 if (sup->dcs_1800 && (sup->p_gsm || (sup->e_gsm || sup->r_gsm))) {
273 ADD_BIT((sup->dcs_capa >> 3) & 1)
274 ADD_BIT((sup->dcs_capa >> 2) & 1)
275 ADD_BIT((sup->dcs_capa >> 1) & 1)
276 ADD_BIT(sup->dcs_capa & 1)
278 ADD_BIT((sup->low_capa >> 3) & 1)
279 ADD_BIT((sup->low_capa >> 2) & 1)
280 ADD_BIT((sup->low_capa >> 1) & 1)
281 ADD_BIT(sup->low_capa & 1)
288 ADD_BIT((sup->low_capa >> 3) & 1)
289 ADD_BIT((sup->low_capa >> 2) & 1)
290 ADD_BIT((sup->low_capa >> 1) & 1)
291 ADD_BIT(sup->low_capa & 1)
296 ADD_BIT((sup->r_capa >> 2) & 1)
297 ADD_BIT((sup->r_capa >> 1) & 1)
298 ADD_BIT(sup->r_capa & 1)
302 /* multi slot support */
305 ADD_BIT((sup->ms_capa >> 4) & 1)
306 ADD_BIT((sup->ms_capa >> 3) & 1)
307 ADD_BIT((sup->ms_capa >> 2) & 1)
308 ADD_BIT((sup->ms_capa >> 1) & 1)
309 ADD_BIT(sup->ms_capa & 1)
314 if (sup->ucs2_treat) {
319 /* support extended measurements */
325 /* support measurement capability */
328 ADD_BIT((sup->sms_val >> 3) & 1)
329 ADD_BIT((sup->sms_val >> 2) & 1)
330 ADD_BIT((sup->sms_val >> 1) & 1)
331 ADD_BIT(sup->sms_val & 1)
332 ADD_BIT((sup->sm_val >> 3) & 1)
333 ADD_BIT((sup->sm_val >> 2) & 1)
334 ADD_BIT((sup->sm_val >> 1) & 1)
335 ADD_BIT(sup->sm_val & 1)
339 /* positioning method capability */
342 ADD_BIT(sup->e_otd_ass == 1)
343 ADD_BIT(sup->e_otd_based == 1)
344 ADD_BIT(sup->gps_ass == 1)
345 ADD_BIT(sup->gps_based == 1)
346 ADD_BIT(sup->gps_conv == 1)
351 /* partitial bytes will be completed */
359 /* encode classmark 2 */
360 static int gsm_rr_enc_cm2(struct osmocom_sm *ms, struct gsm48_classmark2 *cm)
362 struct gsm_support *sup = ms->support;
364 cm->pwr_lev = sup->pwr_lev;
365 cm->a5_1 = sup->a5_1;
366 cm->es_ind = sup->es_ind;
367 cm->rev_lev = sup->rev_lev;
368 cm->fc = (sup->r_gsm || sup->e_gsm);
369 cm->vgcs = sup->vgcs;
371 cm->sm = sup->sms_ptp;
372 cm->ss_ind = sup->ss_ind;
373 cm->ps_cap = sup->ps_cap;
374 cm->a5_2 = sup->a5_2;
375 cm->a5_3 = sup->a5_3;
376 cm->cmsp = sup->cmsp;
377 cm->solsa = sup->solsa;
378 cm->lcsva = sup->lcsva;
381 /* send classmark change */
382 static int gsm_rr_tx_cm_change(struct osmocom_ms *ms)
384 struct gsm_rrlayer *rr = ms->rrlayer;
385 struct gsm_support *sup = ms->support;
386 struct msgb *msg = gsm48_rr_msgb_alloc();
387 struct gsm48_hdr *gh;
388 struct gsm48_cm_change *cc;
394 gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh));
395 cc = (struct gsm48_cm_change *) msgb_put(msg, sizeof(*cc));
397 gh->proto = GSM48_PDISC_RR;
398 gh->msg_type = GSM48_MT_RR_CLSM_CHG;
401 cc->cm_len = sizeof(cm->cm2);
402 gsm_rr_enc_cm2(ms, &cc->cm2)
405 if (sup->dcs_1800 || sup->e_gsm || sup->r_gsm
406 || sup->a5_7 || sup->a5_6 || sup->a5_5 || sup->a5_4
409 || sup->ext_meas || sup->meas_cap
412 buf[0] = GSM48_IE_CLASSMARK2;
413 gsm_rr_enc_cm3(ms, buf + 1, &buf[0]);
416 return rslms_data_req(ms, msg, 0);
419 /* receiving classmark enquiry */
420 static int gsm_rr_rx_cm_enq(struct osmocom_ms *ms, struct msgb *msg)
422 struct gsm_rrlayer *rr = ms->rrlayer;
423 struct gsm48_hdr *gh = msgb_l3(msg);
424 int payload_len = msgb_l3len(msg) - sizeof(*gh);
427 return gsm_rr_tx_cm_change(ms);
434 /* send channel request burst message */
435 static int gsm_rr_tx_chan_req(struct osmocom_ms *ms, int cause)
437 struct gsm_rrlayer *rr = ms->rrlayer;
439 struct gsm_mm_hdr *mmh;
443 new_rr_state(rr, GSM_RRSTATE_CONN_PEND);
445 /* number of retransmissions (without first transmission) */
446 rr->n_chan_req = ms->si.max_retrans;
448 /* generate CHAN REQ (9.1.8) */
451 case RR_EST_CAUSE_EMERGENCY:
455 DEBUGP(DRR, "CHANNEL REQUEST: %02x (Emergency call)\n", chan_req);
457 case RR_EST_CAUSE_REESTAB_TCH_F:
460 DEBUGP(DRR, "CHANNEL REQUEST: %02x (re-establish TCH/F)\n", chan_req);
462 case RR_EST_CAUSE_REESTAB_TCH_H:
466 DEBUGP(DRR, "CHANNEL REQUEST: %02x (re-establish TCH/H with NECI)\n", chan_req);
470 DEBUGP(DRR, "CHANNEL REQUEST: %02x (re-establish TCH/H no NECI)\n", chan_req);
473 case RR_EST_CAUSE_REESTAB_2_TCH_H:
477 DEBUGP(DRR, "CHANNEL REQUEST: %02x (re-establish TCH/H+TCH/H with NECI)\n", chan_req);
481 DEBUGP(DRR, "CHANNEL REQUEST: %02x (re-establish TCH/H+TCH/H no NECI)\n", chan_req);
484 case RR_EST_CAUSE_ANS_PAG_ANY:
487 DEBUGP(DRR, "CHANNEL REQUEST: %02x (PAGING Any channel)\n", chan_req);
489 case RR_EST_CAUSE_ANS_PAG_SDCCH:
492 DEBUGP(DRR, "CHANNEL REQUEST: %02x (PAGING SDCCH)\n", chan_req);
494 case RR_EST_CAUSE_ANS_PAG_TCH_F:
495 /* ms supports no dual rate */
498 DEBUGP(DRR, "CHANNEL REQUEST: %02x (PAGING TCH/F)\n", chan_req);
500 case RR_EST_CAUSE_ANS_PAG_TCH_ANY:
501 /* ms supports no dual rate */
504 DEBUGP(DRR, "CHANNEL REQUEST: %02x (PAGING TCH/H or TCH/F)\n", chan_req);
506 case RR_EST_CAUSE_ORIG_TCHF:
507 /* ms supports no dual rate */
510 DEBUGP(DRR, "CHANNEL REQUEST: %02x (Orig TCH/F)\n", chan_req);
512 case RR_EST_CAUSE_LOC_UPD:
516 DEBUGP(DRR, "CHANNEL REQUEST: %02x (Location Update with NECI)\n", chan_req);
520 DEBUGP(DRR, "CHANNEL REQUEST: %02x (Location Update no NECI)\n", chan_req);
523 case RR_EST_CAUSE_OTHER_SDCCH:
527 DEBUGP(DRR, "CHANNEL REQUEST: %02x (OHTER with NECI)\n", chan_req);
531 DEBUGP(DRR, "CHANNEL REQUEST: %02x (OTHER no NECI)\n", chan_req);
535 if (!rr->rr_est_req) /* no request from MM */
538 DEBUGP(DRR, "CHANNEL REQUEST: with unknown establishment cause: %d\n", rrmsg->cause);
539 msg = gsm48_mm_msgb_alloc();
542 mmh = (struct gsm_mm_hdr *)msg->data;
543 mmh->msg_type RR_REL_IND;
544 mmh->cause = GSM_MM_CAUSE_UNDEFINED;
546 new_rr_state(rr, GSM_RRSTATE_IDLE);
552 /* create and send RACH msg */
553 msg = msgb_alloc_headroom(20, 16, "CHAN_REQ");
556 *msgb_put(msg, 1) = chan_req;
557 rr->chan_req = chan_req;
558 t = ms->si.tx_integer;
561 *msgb_put(msg, 1) = random() % t; /* delay */
564 rr->cr_hist[1] = chan_req;
566 return rslms_tx_rll_req_l3(ms, RSL_MT_RAND_ACC_REQ, chan_nr, 0, msg);
569 /* send next channel request in conn pend state */
570 static int gsm_rr_rand_acc_cnf(struct osmocom_ms *ms, struct msgb *msg)
572 struct gsm_rrlayer *rr = ms->rrlayer;
576 if (!rr->n_chan_req) {
577 if (!timer_pending(rr->t3126))
578 start_rr_t3126(rr, GSM_T3126_MS);
584 switch(ms->si.tx_integer) {
585 case 3: case 8: case 14: case 50:
586 if (ms->si.bcch_type == GSM_NON_COMBINED_CCCH)
590 case 4: case 9: case 16:
591 if (ms->si.bcch_type == GSM_NON_COMBINED_CCCH)
595 case 5: case 10: case 20:
596 if (ms->si.bcch_type == GSM_NON_COMBINED_CCCH)
600 case 6: case 11: case 25:
601 if (ms->si.bcch_type == GSM_NON_COMBINED_CCCH)
606 if (ms->si.bcch_type == GSM_NON_COMBINED_CCCH)
611 /* resend chan_req */
612 newmsg = msgb_alloc_headroom(20, 16, "CHAN_REQ");
615 *msgb_put(newmsg, 1) = rr->chan_req;
616 *msgb_put(newmsg, 1) = (random() % ms->si.tx_integer) + s; /* delay */
617 rr->cr_hist[3] = rr->cr_hist[2];
618 rr->cr_hist[2] = rr->cr_hist[1];
619 rr->cr_hist[1] = chan_req;
620 return rslms_tx_rll_req_l3(ms, RSL_MT_RAND_ACC_REQ, chan_nr, 0, newmsg);
627 /* paging channel request */
628 static int gsm_rr_chan2cause[4] = {
629 RR_EST_CAUSE_ANS_PAG_ANY,
630 RR_EST_CAUSE_ANS_PAG_SDCCH,
631 RR_EST_CAUSE_ANS_PAG_TCH_F,
632 RR_EST_CAUSE_ANS_PAG_TCH_ANY
635 /* given LV of mobile identity is checked agains ms */
636 static int gsm_match_mi(struct osmocom_ms *ms, u_int8_t mi)
643 mi_type = mi[1] & GSM_MI_TYPE_MASK;
645 case GSM_MI_TYPE_TMSI:
648 memcpy(&tmsi, mi+2, 4);
649 if (ms->subscr.tmsi == ntohl(tmsi)
650 && ms->subscr.tmsi_valid)
653 case GSM_MI_TYPE_IMSI:
654 gsm48_mi_to_string(imsi, sizeof(imsi), mi + 1, mi[0]);
655 if (!strcmp(imsi, ms->subscr.imsi))
659 DEBUGP(DRR, "paging with unsupported MI type %d.\n", mi_type);
665 /* paging request 1 message */
666 static int gsm_rr_rx_pag_req_1(struct osmocom_ms *ms, struct msgb *msg)
668 struct gsm_rrlayer *rr = ms->rrlayer;
669 struct gsm48_rr_paging1 *pa = msgb_l3(msg);
670 int payload_len = msgb_l3len(msg) - sizeof(*pa);
671 int chan_first, chan_second;
674 /* 3.3.1.1.2: ignore paging while establishing */
675 if (rr->state != GSM_RRSTATE_IDLE)
678 if (payload_len < 2) {
680 DEBUGP(DRR, "Short read of paging request 1 message .\n");
685 chan_first = pa->cneed1;
686 chan_second = pa->cneed2;
689 if (payload_len < mi[0] + 1)
691 if (gsm_match_mi(ms, mi) > 0)
692 return gsm_rr_tx_chan_req(ms, gsm_rr_chan2cause[chan_first]);
694 payload_len -= mi[0] + 1;
695 mi = pa->data + mi[0] + 1;
698 if (mi[0] != GSM48_IE_MOBILE_ID)
700 if (payload_len < mi[1] + 2)
702 if (gsm_match_mi(ms, mi + 1) > 0)
703 return gsm_rr_tx_chan_req(ms, gsm_rr_chan2cause[chan_second]);
708 /* paging request 2 message */
709 static int gsm_rr_rx_pag_req_2(struct osmocom_ms *ms, struct gsm_msgb *msg)
711 struct gsm_rrlayer *rr = ms->rrlayer;
712 struct gsm48_rr_paging2 *pa = msgb_l3(msg);
713 int payload_len = msgb_l3len(msg) - sizeof(*pa);
715 int chan_first, chan_second, chan_third;
717 /* 3.3.1.1.2: ignore paging while establishing */
718 if (rr->state != GSM_RRSTATE_IDLE)
721 if (payload_len < 0) {
723 DEBUGP(DRR, "Short read of paging request 2 message .\n");
728 chan_first = pa->cneed1;
729 chan_second = pa->cneed2;
731 if (ms->subscr.tmsi == ntohl(pa->tmsi1)
732 && ms->subscr.tmsi_valid)
733 return gsm_rr_tx_chan_req(ms, gsm_rr_chan2cause[chan_first]);
735 if (ms->subscr.tmsi == ntohl(pa->tmsi2)
736 && ms->subscr.tmsi_valid)
737 return gsm_rr_tx_chan_req(ms, gsm_rr_chan2cause[chan_second]);
742 if (mi[0] != GSM48_IE_MOBILE_ID)
744 if (payload_len < mi[1] + 2 + 1) /* must include "channel needed" */
746 chan_third = mi[mi[1] + 2] & 0x03; /* channel needed */
747 if (gsm_match_mi(ms, mi + 1) > 0)
748 return gsm_rr_tx_chan_req(ms, gsm_rr_chan2cause[chan_third]);
753 /* paging request 3 message */
754 static int gsm_rr_rx_pag_req_3(struct osmocom_ms *ms, struct gsm_msgb *msg)
756 struct gsm_rrlayer *rr = ms->rrlayer;
757 struct gsm48_rr_paging3 *pa = msgb_l3(msg);
758 int payload_len = msgb_l3len(msg) - sizeof(*pa);
760 int chan_first, chan_second, chan_third, chan_fourth;
762 /* 3.3.1.1.2: ignore paging while establishing */
763 if (rr->state != GSM_RRSTATE_IDLE)
766 if (payload_len < 0) { /* must include "channel needed", part of *pa */
768 DEBUGP(DRR, "Short read of paging request 3 message .\n");
773 chan_first = pa->cneed1;
774 chan_second = pa->cneed2;
775 chan_third = pa->cneed3;
776 chan_fourth = pa->cneed4;
778 if (ms->subscr.tmsi == ntohl(pa->tmsi1)
779 && ms->subscr.tmsi_valid)
780 return gsm_rr_tx_chan_req(ms, gsm_rr_chan2cause[chan_first]);
782 if (ms->subscr.tmsi == ntohl(pa->tmsi2)
783 && ms->subscr.tmsi_valid)
784 return gsm_rr_tx_chan_req(ms, gsm_rr_chan2cause[chan_second]);
786 if (ms->subscr.tmsi == ntohl(pa->tmsi3)
787 && ms->subscr.tmsi_valid)
788 return gsm_rr_tx_chan_req(ms, gsm_rr_chan2cause[chan_third]);
790 if (ms->subscr.tmsi == ntohl(pa->tmsi4)
791 && ms->subscr.tmsi_valid)
792 return gsm_rr_tx_chan_req(ms, gsm_rr_chan2cause[chan_fourth]);
798 * (immediate) assignment
801 /* match request reference agains request history */
802 static int gsm_match_ra(struct osmocom_ms *ms, struct gsm48_req_ref *req)
804 struct gsm_rrlayer *rr = ms->rrlayer;
807 for (i = 0; i < 3; i++) {
808 if (rr->cr_hist[i] >= 0
809 && ref->ra == rr->cr_hist[i]) {
810 // todo: match timeslot
818 /* transmit assignment complete after establishing link */
819 static int gsm_rr_tx_ass_cpl(struct osmocom_ms *ms, uint8_t cause)
821 struct gsm_rrlayer *rr = ms->rrlayer;
822 struct msgb *msg = gsm48_rr_msgb_alloc();
823 struct gsm48_hdr *gh;
824 struct gsm48_ass_cpl *ac;
828 gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh));
829 ac = (struct gsm48_ass_cpl *) msgb_put(msg, sizeof(*ac));
831 gh->proto = GSM48_PDISC_RR;
832 gh->msg_type = GSM48_MT_RR_ASS_COMPL;
835 ac->rr_cause = cause;
837 return rslms_data_req(ms, msg, 0);
840 /* transmit failure to old link */
841 static int gsm_rr_tx_ass_fail(struct osmocom_ms *ms, uint8_t cause)
843 struct gsm_rrlayer *rr = ms->rrlayer;
844 struct msgb *msg = gsm48_rr_msgb_alloc();
845 struct gsm48_hdr *gh;
846 struct gsm48_ass_fail *ac;
850 gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh));
851 af = (struct gsm48_ass_fail *) msgb_put(msg, sizeof(*af));
853 gh->proto = GSM48_PDISC_RR;
854 gh->msg_type = GSM48_MT_RR_ASS_COMPL;
857 af->rr_cause = cause;
859 return rslms_data_req(ms, msg, 0);
862 /* receive immediate assignment */
863 static int gsm_rr_rx_imm_ass(struct osmocom_ms *ms, struct gsm_msgb *msg)
865 struct gsm_rrlayer *rr = ms->rrlayer;
866 struct gsm48_imm_ass *ia = msgb_l3(msg);
867 int payload_len = msgb_l3len(msg) - sizeof(*ia);
869 /* 3.3.1.1.2: ignore assignment while idle */
870 if (rr->state != GSM_RRSTATE_CONN_PEND || !rr->wait_assign)
873 if (payload_len < 1 /* mobile allocation IE must be included */
874 || *gh->data + 1 > payload_len) { /* short read of IE */
875 DEBUGP(DRR, "Short read of immediate assignment message.\n");
879 DEBUGP(DRR, "moble allocation in immediate assignment too large.\n");
884 if (gsm_match_ra(ms, ia->req_ref)) {
885 /* channel description */
886 memset(&rr->chan_desc, 0, sizeof(cd));
887 memcpy(rr->chan_desc.chan_desc, ia->chan_desc, 3);
889 rr->timing_advance = ia->timing_advance;
890 /* mobile allocation */
891 memcpy(rr->mobile_alloc_lv, gh->data, *gh->data + 1);
893 return gsm_rr_dl_est(ms);
899 /* receive immediate assignment extended */
900 static int gsm_rr_rx_imm_ass_ext(struct osmocom_ms *ms, struct gsm_msgb *msg)
902 struct gsm_rrlayer *rr = ms->rrlayer;
903 struct gsm48_imm_ass_ext *ia = msgb_l3(msg);
904 int payload_len = msgb_l3len(msg) - sizeof(*ia);
906 /* 3.3.1.1.2: ignore assignment while idle */
907 if (rr->state != GSM_RRSTATE_CONN_PEND || !rr->wait_assign)
910 if (payload_len < 1 /* mobile allocation IE must be included */
911 || *gh->data + 1 > payload_len) { /* short read of IE */
912 DEBUGP(DRR, "Short read of immediate assignment extended message.\n");
916 DEBUGP(DRR, "moble allocation in immediate assignment extended too large.\n");
921 if (gsm_match_ra(ms, ia->req_ref1)) {
922 /* channel description */
923 memset(&rr->chan_desc, 0, sizeof(cd));
924 memcpy(rr->chan_desc.chan_desc, ia->chan_desc1, 3);
926 rr->timing_advance = ia->timing_advance1;
927 /* mobile allocation */
928 memcpy(rr->mobile_alloc_lv, gh->data, *gh->data + 1);
930 return gsm_rr_dl_est(ms);
933 if (gsm_match_ra(ms, ia->req_ref2)) {
934 /* channel description */
935 memset(&rr->chan_desc, 0, sizeof(cd));
936 memcpy(rr->chan_desc.chan_desc, ia->chan_desc2, 3);
938 rr->timing_advance = ia->timing_advance2;
939 /* mobile allocation */
940 memcpy(rr->mobile_alloc_lv, gh->data, *gh->data + 1);
942 return gsm_rr_dl_est(ms);
948 /* receive immediate assignment reject */
949 static int gsm_rr_rx_imm_ass_rej(struct osmocom_ms *ms, struct gsm_msgb *msg)
951 struct gsm_rrlayer *rr = ms->rrlayer;
952 struct gsm48_imm_ass_rej *ia = msgb_l3(msg);
953 int payload_len = msgb_l3len(msg) - sizeof(*ia);
955 struct gsm48_req_ref *req_ref;
958 /* 3.3.1.1.2: ignore assignment while idle */
959 if (rr->state != GSM_RRSTATE_CONN_PEND || !rr->wait_assign)
962 if (payload_len < 0) {
964 DEBUGP(DRR, "Short read of immediate assignment reject message.\n");
968 for (i = 0; i < 4; i++) {
969 /* request reference */
970 req_ref = (struct gsm48_req_ref *)(((uint8_t *)&ia->req_ref1) + i * 4);
971 if (gsm_match_ra(ms, req_ref)) {
972 /* wait indication */
973 t3122_value = ((uint8_t *)&ia->wait_ind1) + i * 4;
975 start_rr_t3122(rr, t3122_value, 0);
976 /* start timer 3126 if not already */
977 if (!timer_pending(rr->t3126))
978 start_rr_t3126(rr, GSM_T3126_MS);
979 /* stop assignmnet requests */
982 /* wait until timer 3126 expires, then release
983 * or wait for channel assignment */
991 /* receive additional assignment */
992 static int gsm_rr_rx_add_ass(struct osmocom_ms *ms, struct msgb *msg)
994 struct gsm_rrlayer *rr = ms->rrlayer;
995 struct gsm48_hdr *gh = msgb_l3(msg);
996 struct gsm48_add_ass *aa = (struct gsm48_add_ass *)gh->data;
997 int payload_len = msgb_l3len(msg) - sizeof(*gh) - sizeof(*aa);
999 if (payload_len < 0) {
1000 DEBUGP(DRR, "Short read of ADDITIONAL ASSIGNMENT message.\n");
1001 return gsm_rr_tx_rr_status(ms, GSM48_RR_CAUSE_PROT_ERROR_UNSPC);
1003 tlv_parse(&tp, &rsl_att_tlvdef, aa->data, payload_len, 0, 0);
1005 return gsm_rr_tx_rr_status(ms, GSM48_RR_CAUSE_PROT_ERROR_UNSPC);
1009 * measturement reports
1012 static int gsm_rr_tx_meas_rep(struct osmocom_ms *ms)
1014 struct gsm_rrlayer *rr = ms->rrlayer;
1015 struct gsm_rr_meas *meas = &rr->meas;
1016 struct msgb *msg = gsm48_rr_msgb_alloc();
1017 struct gsm48_hdr *gh;
1018 struct gsm48_meas_res *mr;
1022 gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh));
1023 mr = (struct gsm48_meas_res *) msgb_put(msg, sizeof(*mr));
1025 gh->proto = GSM48_PDISC_RR;
1026 gh->msg_type = GSM48_MT_RR_MEAS_RES;
1028 /* measurement results */
1029 mr->rxlev_full = meas->rxlev_full;
1030 mr->rxlev_sub = meas->rxlev_sub;
1031 mr->rxqual_full = meas->rxqual_full;
1032 mr->rxqual_sub = meas->rxqual_sub;
1033 mr->dtx = meas->dtx;
1035 mr->meas_valid = meas->meas_valid;
1036 if (meas->ncell_na) {
1037 /* no results for serving cells */
1041 mr->no_n_hi = meas->count >> 2;
1042 mr->no_n_lo = meas->count & 3;
1044 rxlev_nc1 = meas->rxlev_nc[0];
1045 rxlev_nc2_hi = meas->rxlev_nc[1] >> 1;
1046 rxlev_nc2_lo = meas->rxlev_nc[1] & 1;
1047 rxlev_nc3_hi = meas->rxlev_nc[2] >> 2;
1048 rxlev_nc3_lo = meas->rxlev_nc[2] & 3;
1049 rxlev_nc4_hi = meas->rxlev_nc[3] >> 3;
1050 rxlev_nc4_lo = meas->rxlev_nc[3] & 7;
1051 rxlev_nc5_hi = meas->rxlev_nc[4] >> 4;
1052 rxlev_nc5_lo = meas->rxlev_nc[4] & 15;
1053 rxlev_nc6_hi = meas->rxlev_nc[5] >> 5;
1054 rxlev_nc6_lo = meas->rxlev_nc[5] & 31;
1055 bsic_nc1_hi = meas->bsic_nc[0] >> 3;
1056 bsic_nc1_lo = meas->bsic_nc[0] & 7;
1057 bsic_nc2_hi = meas->bsic_nc[1] >> 4;
1058 bsic_nc2_lo = meas->bsic_nc[1] & 15;
1059 bsic_nc3_hi = meas->bsic_nc[2] >> 5;
1060 bsic_nc3_lo = meas->bsic_nc[2] & 31;
1061 bsic_nc4 = meas->bsic_nc[3];
1062 bsic_nc5 = meas->bsic_nc[4];
1063 bsic_nc6 = meas->bsic_nc[5];
1064 bcch_f_nc1 = meas->bcch_f_nc[0];
1065 bcch_f_nc2 = meas->bcch_f_nc[1];
1066 bcch_f_nc3 = meas->bcch_f_nc[2];
1067 bcch_f_nc4 = meas->bcch_f_nc[3];
1068 bcch_f_nc5_hi = meas->bcch_f_nc[4] >> 1;
1069 bcch_f_nc5_lo = meas->bcch_f_nc[4] & 1;
1070 bcch_f_nc6_hi = meas->bcch_f_nc[5] >> 2;
1071 bcch_f_nc6_lo = meas->bcch_f_nc[5] & 3;
1073 //todo return rslms_data_req(ms, msg, 0);
1077 * link establishment and release
1080 /* activate link and send establish request */
1081 static int gsm_rr_dl_est(struct osmocom_ms *ms)
1083 struct gsm_rrlayer *rr = ms->rrlayer;
1084 struct gsm_subscriber *subcr = ms->subscr;
1086 struct gsm48_hdr *gh;
1087 struct gsm48_pag_rsp *pa;
1092 /* flush pending RACH requests */
1093 rr->n_chan_req = 0; // just to be safe
1094 msg = msgb_alloc_headroom(20, 16, "RAND_FLUSH");
1097 rslms_tx_rll_req_l3(ms, RSL_MT_RAND_ACC_FLSH, chan_nr, 0, msg);
1099 /* send DL_EST_REQ */
1100 if (rr->rr_est_msg) {
1101 /* use queued message */
1102 msg = rr->rr_est_msg;
1107 /* create paging response */
1108 msg = gsm48_rr_msgb_alloc();
1111 gh = (struct gsm48_hdr *) msgb_put(msg, sizeof(*gh));
1112 pr = (struct gsm48_pag_rsp *) msgb_put(msg, sizeof(*pr));
1114 if (subscr->key_valid)
1115 pr->key_seq = subscr->key_seq;
1119 cc->cm_len = sizeof(cm->cm2);
1120 gsm_rr_enc_cm2(ms, &cc->cm2)
1121 /* mobile identity */
1122 if (ms->subscr.tmsi_valid) {
1123 gsm48_generate_mid_from_tmsi(mi, subscr->tmsi);
1124 } else if (subscr->imsi[0])
1125 gsm48_generate_mid_from_imsi(mi, subscr->imsi);
1128 mi[2] = 0xf0 | GSM_MI_TYPE_NONE;
1130 msgb_put(msg, 1 + mi[1]);
1131 memcpy(cm->data, mi + 1, 1 + mi[1]);
1134 /* activate channel */
1135 tx_ph_dm_est_req(ms, arfcn, rr->chan_desc.chan_desc.chan_nr);
1137 /* start establishmnet */
1138 return rslms_tx_rll_req_l3(ms, RSL_MT_EST_REQ, rr->chan_desc.chan_desc.chan_nr, 0, msg);
1141 /* the link is established */
1142 static int gsm_rr_estab_cnf(struct osmocom_ms *ms, struct msgb *msg)
1144 struct msgb *newmsg;
1145 struct gsm_mm_hdr *newmmh;
1147 /* if MM has releases before confirm, we start release */
1148 if (rr->state == GSM_RRSTATE_IDLE) {
1149 /* release message */
1150 newmsg = gsm48_rr_msgb_alloc();
1154 return rslms_tx_rll_req_l3(ms, RSL_MT_REL_REQ, 0, 0, newmsg);
1158 new_rr_state(rr, GSM_RRSTATE_DEDICATED);
1160 /* send confirm to upper layer */
1161 newmsg = gsm48_mm_msgb_alloc();
1164 newmmh = (struct gsm_mm_hdr *)newmsg->data;
1165 newmmh->msg_type = (rr->rr_est_req) ? RR_EST_CNF : RR_EST_IND;
1166 return rr_rcvmsg(ms, newmsg);
1169 /* the link is released */
1170 static int gsm_rr_rel_cnf(struct osmocom_ms *ms, struct gsm_dl *dlmsg)
1172 /* deactivate channel */
1173 tx_ph_dm_rel_req(ms, arfcn, rr->chan_desc.chan_desc.chan_nr);
1175 /* do nothing, because we aleady IDLE
1176 * or we received the rel cnf of the last connection
1177 * while already requesting a new one (CONN PEND)
1184 * radio ressource requests
1187 /* establish request for dedicated mode */
1188 static int gsm_rr_est_req(struct osmocom_ms *ms, struct msgb *msg)
1190 struct gsm_rrlayer *rr = ms->rrlayer;
1191 struct gsm_mm_hdr *mmh = msgb->data;
1192 struct gsm48_hdr *gh = msgb_l3(msg);
1195 if (timer_pending(rr->t3122)) {
1196 if (rrmsg->cause != RR_EST_CAUSE_EMERGENCY) {
1197 struct msgb *newmsg;
1198 struct gsm_mm_hdr *newmmh;
1200 newmsg = gsm48_mm_msgb_alloc();
1203 newmmh = (struct gsm_mm_hdr *)newmsg->data;
1204 newmmh->msg_type RR_REL_IND;
1205 newmmh->cause = GSM_MM_CAUSE_T3122_PEND;
1206 return rr_rcvmsg(ms, newmsg);
1212 if (rrmsg->cause != RR_EST_CAUSE_EMERGENCY) {
1213 if (!(ms->access_class & ms->si.access_class)) {
1215 if (!ms->opt.access_class_override) {
1216 struct msgb *newmsg;
1217 struct gsm_mm_hdr *newmmh;
1219 newmsg = gsm48_mm_msgb_alloc();
1222 newmmh = (struct gsm_mm_hdr *)newmsg->data;
1223 newmmh->msg_type RR_REL_IND;
1224 newmmh->cause = GSM_MM_CAUSE_NOT_AUTHORIZED;
1225 return rr_rcvmsg(ms, newmsg);
1229 if (!(ms->access_class & ms->si.access_class)
1230 && !ms->si.emergency)
1234 /* requested by RR */
1237 /* clone and store REQUEST message */
1239 printf("Error, missing l3 message\n");
1242 rr->rr_est_msg = msgb_alloc_headroom(256, 16, "EST_REQ");
1243 if (!rr->rr_est_msg)
1245 memcpy(msgb_put(rr_est_msg, msgb_l3len(msg)),
1246 msgb_l3(msg), msgb_l3len(msg));
1248 /* request channel */
1249 return gsm_rr_tx_chan_req(ms, mmh->cause);
1252 /* send all queued messages down to layer 2 */
1253 static int gsm_rr_dequeue_down(struct osmocom_ms *ms)
1255 struct gsm_rrlayer *rr = ms->rrlayer;
1258 while((msg = msgb_dequeue(&rr->downqueue))) {
1259 rslms_tx_rll_req_l3(ms, RSL_MT_DATA_REQ, chan_nr, 0, msg);
1265 /* 3.4.2 transfer data in dedicated mode */
1266 static int gsm_rr_data_req(struct osmocom_ms *ms, struct msgb *msg)
1268 struct gsm_rrlayer *rr = ms->rrlayer;
1270 if (rr->state != GSM_RRSTATE_DEDICATED) {
1276 msgb_pull(msg, sizeof(struct gsm_mm_hdr));
1278 /* queue message, during handover or assignment procedure */
1279 if (rr->hando_susp_state || rr->assign_susp_state) {
1280 msgb_enqueue(&rr->downqueue, msg);
1284 /* forward message */
1285 return rslms_tx_rll_req_l3(ms, RSL_MT_DATA_REQ, chan_nr, 0, msg);
1289 * data indications from data link
1292 /* 3.4.2 data from layer 2 to RR and upper layer*/
1293 static int gsm_rr_data_ind(struct osmocom_ms *ms, struct msbg *msg)
1295 struct gsm48_hdr *gh = msgb_l3(msg);
1296 u_int8_t pdisc = gh->proto_discr & 0x0f;
1298 if (pdisc == GSM48_PDISC_RR) {
1301 switch(gh->msg_type) {
1302 case GSM48_MT_RR_ADD_ASS:
1303 rc = gsm_rr_rx_add_ass(ms, msg);
1305 case GSM48_MT_RR_ASS_CMD:
1306 rc = gsm_rr_rx_ass_cmd(ms, msg);
1308 case GSM48_MT_RR_CIP_MODE_CMD:
1309 rc = gsm_rr_rx_cip_mode_cmd(ms, msg);
1311 case GSM48_MT_RR_CLSM_ENQ:
1312 rc = gsm_rr_rx_cm_enq(ms, msg);
1314 case GSM48_MT_RR_HANDO_CMD:
1315 rc = gsm_rr_rx_hando_cmd(ms, msg);
1317 case GSM48_MT_RR_FREQ_REDEF:
1318 rc = gsm_rr_rx_freq_redef(ms, msg);
1321 DEBUGP(DRR, "Message type 0x%02x unknown.\n", gh->msg_type);
1329 msgb_push(msg, sizeof(struct gsm_mm_hdr));
1330 mmh = (struct gsm_mm_hdr *)msg->data;
1331 mmh->msg_type = RR_DATA_IND;
1332 /* forward message */
1333 return rr_rcvmsg(ms, msg);
1336 /* unit data from layer 2 to RR layer */
1337 static int gsm_rr_unit_data_ind(struct osmocom_ms *ms, struct msgb *msg)
1339 struct gsm48_hdr *gh = msgb_l3(msg);
1341 switch (gh->msg_type) {
1342 case GSM48_MT_RR_PAG_REQ_1:
1343 return gsm_rr_rx_pag_req_1(ms, dlmsg->msg);
1344 case GSM48_MT_RR_PAG_REQ_2:
1345 return gsm_rr_rx_pag_req_2(ms, dlmsg->msg);
1346 case GSM48_MT_RR_PAG_REQ_3:
1347 return gsm_rr_rx_pag_req_3(ms, dlmsg->msg);
1348 case GSM48_MT_RR_IMM_ASS:
1349 return gsm_rr_rx_imm_ass(ms, dlmsg->msg);
1350 case GSM48_MT_RR_IMM_ASS_EXT:
1351 return gsm_rr_rx_imm_ass_ext(ms, dlmsg->msg);
1352 case GSM48_MT_RR_IMM_ASS_REJ:
1353 return gsm_rr_rx_imm_ass_rej(ms, dlmsg->msg);
1355 DEBUGP(DRR, "Message type 0x%02x unknown.\n", gh->msg_type);
1363 -------------------------------------------------------------------------------
1383 * system information
1386 /* decode "Cell Channel Description" (10.5.2.1b) and other frequency lists */
1387 static int gsm48_decode_freq_list(struct gsm_sysinfo_freq *f, uint8_t *cd, uint8_t len, uint8_t mask)
1393 * The Range format uses "SMOD" computation.
1394 * e.g. "n SMOD m" equals "((n - 1) % m) + 1"
1395 * A cascade of multiple SMOD computations is simpified:
1396 * "(n SMOD m) SMOD o" equals "(((n - 1) % m) % o) + 1"
1398 * The Range format uses 16 octets of data in SYSTEM INFORMATION.
1399 * When used in dedicated messages, the length can be less.
1400 * In this case the ranges are decoded for all frequencies that
1401 * fit in the block of given length.
1405 for (i = 0; i < 1024; i++)
1409 if ((cd[0] & 0xc0 & mask) == 0x00) {
1410 /* Bit map 0 format */
1413 for (i = 1; i <= 124; i++)
1414 if ((cd[15 - ((i-1) >> 3)] & (1 << ((i-1) & 7))))
1420 /* only Bit map 0 format for P-GSM */
1421 if (ms->support.p_gsm && !ms->support.e_gsm
1422 && !ms->support.r_gsm && !ms->support.dcs_1800)
1426 if ((cd[0] & 0xc8 & mask) == 0x80) {
1427 /* Range 1024 format */
1428 uint16_t w[17]; /* 1..16 */
1429 struct gsm_range_1024 *r = (struct gsm_range_1024 *)cd;
1433 memset(w, 0, sizeof(w));
1436 w[1] = (r->w1_hi << 8) | r->w1_lo;
1438 w[2] = (r->w2_hi << 1) | r->w2_lo;
1440 w[3] = (r->w3_hi << 2) | r->w3_lo;
1442 w[4] = (r->w4_hi << 2) | r->w4_lo;
1444 w[5] = (r->w5_hi << 2) | r->w5_lo;
1446 w[6] = (r->w6_hi << 2) | r->w6_lo;
1448 w[7] = (r->w7_hi << 2) | r->w7_lo;
1450 w[8] = (r->w8_hi << 1) | r->w8_lo;
1456 w[11] = (r->w11_hi << 6) | r->w11_lo;
1458 w[12] = (r->w12_hi << 5) | r->w12_lo;
1460 w[13] = (r->w13_hi << 4) | r->w13_lo;
1462 w[14] = (r->w14_hi << 3) | r->w14_lo;
1464 w[15] = (r->w15_hi << 2) | r->w15_lo;
1470 f[((w[1] - 512 + w[2] - 1) % 1023) + 1].used = 1;
1472 f[((w[1] + w[3] - 1) % 1023) + 1].used = 1;
1474 f[((w[1] - 512 + ((w[2] - 256 + w[4] - 1) % 511)) % 1023) + 1].used = 1;
1476 f[((w[1] + ((w[3] - 256 - w[5] - 1) % 511)) % 1023) + 1].used = 1;
1478 f[((w[1] - 512 + ((w[2] + w[6] - 1) % 511)) % 1023) + 1].used = 1;
1480 f[((w[1] + ((w[3] + w[7] - 1) % 511)) % 1023) + 1].used = 1;
1482 f[((w[1] - 512 + ((w[2] - 256 + ((w[4] - 128 + w[8] - 1) % 255)) % 511)) % 1023) + 1].used = 1;
1484 f[((w[1] + ((w[3] - 256 + ((w[5] - 128 + w[9] - 1) % 255)) % 511)) % 1023) + 1].used = 1;
1486 f[((w[1] - 512 + ((w[2] + ((w[6] - 128 + w[10] - 1) % 255)) % 511)) % 1023) + 1].used = 1;
1488 f[((w[1] + ((w[3] + ((w[7] - 128 + w[11] - 1) % 255)) % 511)) % 1023) + 1].used = 1;
1490 f[((w[1] - 512 + ((w[2] - 256 + ((w[4] + w[12] - 1) % 255)) % 511)) % 1023) + 1].used = 1;
1492 f[((w[1] + ((w[3] - 256 + ((w[5] + w[13] - 1) % 255)) % 511)) % 1023) + 1].used = 1;
1494 f[((w[1] - 512 + ((w[2] + ((w[6] + w[14] - 1) % 255)) % 511)) % 1023) + 1].used = 1;
1496 f[((w[1] + ((w[3] + ((w[7] + w[15] - 1) % 255)) % 511)) % 1023) + 1].used = 1;
1498 f[((w[1] - 512 + ((w[2] - 256 + ((w[4] - 128 + ((w[8] - 64 + w[16] - 1) % 127)) % 255)) % 511)) % 1023) + 1].used = 1;
1503 if ((cd[0] & 0xce & mask) == 0x88) {
1504 /* Range 512 format */
1505 uint16_t w[18]; /* 1..17 */
1506 struct gsm_range_512 *r = (struct gsm_range_512 *)cd;
1510 memset(w, 0, sizeof(w));
1511 w[0] = (r->orig_arfcn_hi << 9) || (r->orig_arfcn_mid << 1) || r->orig_arfcn_lo;
1512 w[1] = (r->w1_hi << 2) || r->w1_lo;
1514 w[2] = (r->w2_hi << 2) || r->w2_lo;
1516 w[3] = (r->w3_hi << 2) || r->w3_lo;
1518 w[4] = (r->w4_hi << 1) || r->w4_lo;
1524 w[7] = (r->w7_hi << 6) || r->w7_lo;
1526 w[8] = (r->w8_hi << 4) || r->w8_lo;
1528 w[9] = (r->w9_hi << 2) || r->w9_lo;
1534 w[12] = (r->w12_hi << 4) || r->w12_lo;
1536 w[13] = (r->w13_hi << 2) || r->w13_lo;
1542 w[16] = (r->w16_hi << 3) || r->w16_lo;
1548 f[(w[0] + w[1]) % 1024].used = 1;
1550 f[(w[0] + ((w[1] - 256 + w[2] - 1) % 511) + 1) % 1024].used = 1;
1552 f[(w[0] + ((w[1] + w[3] - 1) % 511) + 1) % 1024].used = 1;
1554 f[(w[0] + ((w[1] - 256 + ((w[2] - 128 + w[4] - 1) % 255)) % 511) + 1) % 1024].used = 1;
1556 f[(w[0] + ((w[1] + ((w[3] - 128 + w[5] - 1) % 255)) % 511) + 1) % 1024].used = 1;
1558 f[(w[0] + ((w[1] - 256 + ((w[2] + w[6] - 1) % 255)) % 511) + 1) % 1024].used = 1;
1560 f[(w[0] + ((w[1] + ((w[3] + w[7] - 1) % 255)) % 511) + 1) % 1024].used = 1;
1562 f[(w[0] + ((w[1] - 256 + ((w[2] - 128 + ((w[4] - 64 + w[8] - 1) % 127)) % 255)) % 511) + 1) % 1024].used = 1;
1564 f[(w[0] + ((w[1] + ((w[3] - 128 + ((w[5] - 64 + w[9] - 1) % 127)) % 255)) % 511) + 1) % 1024].used = 1;
1566 f[(w[0] + ((w[1] - 256 + ((w[2] + ((w[6] - 64 + w[10] - 1) % 127)) % 255)) % 511) + 1) % 1024].used = 1;
1568 f[(w[0] + ((w[1] + ((w[3] + ((w[7] - 64 + w[11] - 1) % 127)) % 255)) % 511) + 1) % 1024].used = 1;
1570 f[(w[0] + ((w[1] - 256 + ((w[2] - 128 + ((w[4] + w[12] - 1) % 127)) % 255)) % 511) + 1) % 1024].used = 1;
1572 f[(w[0] + ((w[1] + ((w[3] - 128 + ((w[5] + w[13] - 1) % 127)) % 255)) % 511) + 1) % 1024].used = 1;
1574 f[(w[0] + ((w[1] - 256 + ((w[2] + ((w[6] + w[14] - 1) % 127)) % 255)) % 511) + 1) % 1024].used = 1;
1576 f[(w[0] + ((w[1] + ((w[3] + ((w[7] + w[15] - 1) % 127)) % 255)) % 511) + 1) % 1024].used = 1;
1578 f[(w[0] + ((w[1] - 256 + ((w[2] - 128 + ((w[4] - 64 + ((w[8] - 32 + w[16] - 1) % 63)) % 127)) % 255)) % 511) + 1) % 1024].used = 1;
1580 f[(w[0] + ((w[1] + ((w[3] - 128 + ((w[5] - 64 + ((w[9] - 32 + w[17] - 1) % 63)) % 127)) % 255)) % 511) + 1) % 1024].used = 1;
1585 if ((cd[0] & & mask 0xce) == 0x8a) {
1586 /* Range 256 format */
1587 uint16_t w[22]; /* 1..21 */
1588 struct gsm_range_256 *r = (struct gsm_range_256 *)cd;
1592 memset(w, 0, sizeof(w));
1593 w[0] = (r->orig_arfcn_hi << 9) || (r->orig_arfcn_mid << 1) || r->orig_arfcn_lo;
1594 w[1] = (r->w1_hi << 1) || r->w1_lo;
1600 w[4] = (r->w4_hi << 5) || r->w4_lo;
1602 w[5] = (r->w5_hi << 3) || r->w5_lo;
1604 w[6] = (r->w6_hi << 1) || r->w6_lo;
1608 w[8] = (r->w8_hi << 4) || r->w8_lo;
1610 w[9] = (r->w9_hi << 1) || r->w9_lo;
1614 w[11] = (r->w11_hi << 3) || r->w11_lo;
1622 w[15] = (r->w14_hi << 2) || r->w14_lo;
1624 w[16] = (r->w16_hi << 3) || r->w16_lo;
1630 w[19] = (r->w18_hi << 3) || r->w18_lo;
1632 w[20] = (r->w20_hi << 3) || r->w20_lo;
1638 f[(w[0] + w[1]) % 1024].used = 1;
1640 f[(w[0] + ((w[1] - 128 + w[2] - 1) % 255) + 1) % 1024].used = 1;
1642 f[(w[0] + ((w[1] + w[3] - 1) % 255) + 1) % 1024].used = 1;
1644 f[(w[0] + ((w[1] - 128 + ((w[2] - 64 + w[4] - 1) % 127)) % 255) + 1) % 1024].used = 1;
1646 f[(w[0] + ((w[1] + ((w[3] - 64 + w[5] - 1) % 127)) % 255) + 1) % 1024].used = 1;
1648 f[(w[0] + ((w[1] - 128 + ((w[2] + w[6] - 1) % 127)) % 255) + 1) % 1024].used = 1;
1650 f[(w[0] + ((w[1] + ((w[3] + w[7] - 1) % 127)) % 255) + 1) % 1024].used = 1;
1652 f[(w[0] + ((w[1] - 128 + ((w[2] - 64 + ((w[4] - 32 + w[8] - 1) % 63)) % 127)) % 255) + 1) % 1024].used = 1;
1654 f[(w[0] + ((w[1] + ((w[3] - 64 + ((w[5] - 32 + w[9] - 1) % 63)) % 127)) % 255) + 1) % 1024].used = 1;
1656 f[(w[0] + ((w[1] - 128 + ((w[2] + ((w[6] - 32 + w[10] - 1) % 63)) % 127)) % 255) + 1) % 1024].used = 1;
1658 f[(w[0] + ((w[1] + ((w[3] + ((w[7] - 32 + w[11] - 1) % 63)) % 127)) % 255) + 1) % 1024].used = 1;
1660 f[(w[0] + ((w[1] - 128 + ((w[2] - 64 + ((w[4] + w[12] - 1) % 63)) % 127)) % 255) + 1) % 1024].used = 1;
1662 f[(w[0] + ((w[1] + ((w[3] - 64 + ((w[5] + w[13] - 1) % 63)) % 127)) % 255) + 1) % 1024].used = 1;
1664 f[(w[0] + ((w[1] - 128 + ((w[2] + ((w[6] + w[14] - 1) % 63)) % 127)) % 255) + 1) % 1024].used = 1;
1666 f[(w[0] + ((w[1] + ((w[3] + ((w[7] + w[15] - 1) % 63)) % 127)) % 255) + 1) % 1024].used = 1;
1668 f[(w[0] + ((w[1] - 128 + ((w[2] - 64 + ((w[4] - 32 + ((w[8] - 16 + w[16] - 1) % 31)) % 63)) % 127)) % 255) + 1) % 1024].used = 1;
1670 f[(w[0] + ((w[1] + ((w[3] - 64 + ((w[5] - 32 + ((w[9] - 16 + w[17] - 1) % 31)) % 63)) % 127)) % 255) + 1) % 1024].used = 1;
1672 f[(w[0] + ((w[1] - 128 + ((w[2] + ((w[6] - 32 + ((w[10] - 16 + w[18] - 1) % 31)) % 63)) % 127)) % 255) + 1) % 1024].used = 1;
1674 f[(w[0] + ((w[1] + ((w[3] + ((w[7] - 32 + ((w[11] - 16 + w[19] - 1) % 31)) % 63)) % 127)) % 255) + 1) % 1024].used = 1;
1676 f[(w[0] + ((w[1] - 128 + ((w[2] - 64 + ((w[4] + ((w[12] - 16 + w[20] - 1) % 31)) % 63)) % 127)) % 255) + 1) % 1024].used = 1;
1678 f[(w[0] + ((w[1] + ((w[3] - 64 + ((w[5] + ((w[13] - 16 + w[21] - 1) % 31)) % 63)) % 127)) % 255) + 1) % 1024].used = 1;
1683 if ((cd[0] & 0xce & mask) == 0x8c) {
1684 /* Range 128 format */
1685 uint16_t w[29]; /* 1..28 */
1686 struct gsm_range_128 *r = (struct gsm_range_128 *)cd;
1690 memset(w, 0, sizeof(w));
1691 w[0] = (r->orig_arfcn_hi << 9) || (r->orig_arfcn_mid << 1) || r->orig_arfcn_lo;
1696 w[3] = (r->w3_hi << 4) || r->w3_lo;
1698 w[4] = (r->w4_hi << 1) || r->w4_lo;
1702 w[6] = (r->w6_hi << 3) || r->w6_lo;
1726 w[18] = (r->w18_hi << 1) || r->w18_lo;
1732 w[21] = (r->w21_hi << 2) || r->w21_lo;
1742 w[26] = (r->w26_hi << 1) || r->w26_lo;
1750 f[(w[0] + w[1]) % 1024].used = 1;
1752 f[(w[0] + ((w[1] - 64 + w[2] - 1) % 127) + 1) % 1024].used = 1;
1754 f[(w[0] + ((w[1] + w[3] - 1) % 127) + 1) % 1024].used = 1;
1756 f[(w[0] + ((w[1] - 64 + ((w[2] - 32 + w[4] - 1) % 63)) % 127) + 1) % 1024].used = 1;
1758 f[(w[0] + ((w[1] + ((w[3] - 32 + w[5] - 1) % 63)) % 127) + 1) % 1024].used = 1;
1760 f[(w[0] + ((w[1] - 64 + ((w[2] + w[6] - 1) % 63)) % 127) + 1) % 1024].used = 1;
1762 f[(w[0] + ((w[1] + ((w[3] + w[7] - 1) % 63)) % 127) + 1) % 1024].used = 1;
1764 f[(w[0] + ((w[1] - 64 + ((w[2] - 32 + ((w[4] - 16 + w[8] - 1) % 31)) % 63)) % 127) + 1) % 1024].used = 1;
1766 f[(w[0] + ((w[1] + ((w[3] - 32 + ((w[5] - 16 + w[9] - 1) % 31)) % 63)) % 127) + 1) % 1024].used = 1;
1768 f[(w[0] + ((w[1] - 64 + ((w[2] + ((w[6] - 16 + w[10] - 1) % 31)) % 63)) % 127) + 1) % 1024].used = 1;
1770 f[(w[0] + ((w[1] + ((w[3] + ((w[7] - 16 + w[11] - 1) % 31)) % 63)) % 127) + 1) % 1024].used = 1;
1772 f[(w[0] + ((w[1] - 64 + ((w[2] - 32 + ((w[4] + w[12] - 1) % 31)) % 63)) % 127) + 1) % 1024].used = 1;
1774 f[(w[0] + ((w[1] + ((w[3] - 32 + ((w[5] + w[13] - 1) % 31)) % 63)) % 127) + 1) % 1024].used = 1;
1776 f[(w[0] + ((w[1] - 64 + ((w[2] + ((w[6] + w[14] - 1) % 31)) % 63)) % 127) + 1) % 1024].used = 1;
1778 f[(w[0] + ((w[1] + ((w[3] + ((w[7] + w[15] - 1) % 31)) % 63)) % 127) + 1) % 1024].used = 1;
1780 f[(w[0] + ((w[1] - 64 + ((w[2] - 32 + ((w[4] - 16 + ((w[8] - 8 + w[16] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].used = 1;
1782 f[(w[0] + ((w[1] + ((w[3] - 32 + ((w[5] - 16 + ((w[9] - 8 + w[17] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].used = 1;
1784 f[(w[0] + ((w[1] - 64 + ((w[2] + ((w[6] - 16 + ((w[10] - 8 + w[18] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].used = 1;
1786 f[(w[0] + ((w[1] + ((w[3] + ((w[7] - 16 + ((w[11] - 8 + w[19] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].used = 1;
1788 f[(w[0] + ((w[1] - 64 + ((w[2] - 32 + ((w[4] + ((w[12] - 8 + w[20] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].used = 1;
1790 f[(w[0] + ((w[1] + ((w[3] - 32 + ((w[5] + ((w[13] - 8 + w[21] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].used = 1;
1792 f[(w[0] + ((w[1] - 64 + ((w[2] + ((w[6] + ((w[14] - 8 + w[22] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].used = 1;
1794 f[(w[0] + ((w[1] + ((w[3] + ((w[7] + ((w[15] - 8 + w[23] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].used = 1;
1796 f[(w[0] + ((w[1] - 64 + ((w[2] - 32 + ((w[4] - 16 + ((w[8] + w[24] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].used = 1;
1798 f[(w[0] + ((w[1] + ((w[3] - 32 + ((w[5] - 16 + ((w[9] + w[25] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].used = 1;
1800 f[(w[0] + ((w[1] - 64 + ((w[2] + ((w[6] - 16 + ((w[10] + w[26] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].used = 1;
1802 f[(w[0] + ((w[1] + ((w[3] + ((w[7] - 16 + ((w[11] + w[27] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].used = 1;
1804 f[(w[0] + ((w[1] - 64 + ((w[2] - 32 + ((w[4] + ((w[12] + w[28] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].used = 1;
1809 if ((cd[0] & 0xce & mask) == 0x8e) {
1810 /* Variable bitmap format (can be any length >= 3) */
1812 struct gsm_var_bit *r = (struct gsm_var_bit *)cd;
1816 orig = (r->orig_arfcn_hi << 9) || (r->orig_arfcn_mid << 1) || r->orig_arfcn_lo;
1818 for (i = 1; 2 + (i >> 3) < len; i++)
1819 if ((cd[2 + (i >> 3)] & (0x80 >> (i & 7))))
1820 f[(orig + 1) % 1024].used = 1;
1827 /* decode "Cell Options (BCCH)" (10.5.2.3) */
1828 static int gsm48_decode_cell_sel_param(struct gsm48_sysinfo *s, struct gsm48_cell_sel_par *cs)
1830 s->radio_link_timeout = (cs->radio_link_timeout + 1) * 4;
1835 /* decode "Cell Options (BCCH)" (10.5.2.3) */
1836 static int gsm48_decode_cellopt(struct gsm48_sysinfo *s, struct gsm48_cell_options *co)
1838 s->ms_txpwr_max_ccch = co->ms_txpwr_max_ccch;
1839 s->cell_resel_hyst_db = co->cell_resel_hyst * 2;
1840 s->rxlev_acc_min_db = co->rxlev_acc_min - 110;
1845 /* decode "Cell Channel Description" (10.5.2.11) */
1846 static int gsm48_decode_ccd(struct gsm48_sysinfo *s, struct gsm48_control_channel_desc *cc)
1848 s->ccch_conf = cc->ccch_conf;
1849 s->bs_ag_blks_res = cc->bs_ag_blks_res;
1850 s->att_allowed = cc->att;
1851 s->pag_mf_periods = cc->bs_pa_mfrms + 2;
1852 s->t3212 = cc->t3212 * 360; /* convert deci-hours to seconds */
1855 /* Rach Control decode tables */
1856 static uint8_t gsm48_max_retrans[4] = {
1859 static uint8_t gsm48_tx_integer[16] = {
1860 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 16, 20, 25, 32, 50
1863 /* decode "RACH Control Parameter" (10.5.2.29) */
1864 static int gsm48_decode_rach_ctl_param(struct gsm48_sysinfo *s, struct gsm48_rach_ctl *rc)
1868 s->reest_denied = rc->re;
1869 s->cell_barred = rc->cell_barr;
1870 s->tx_integer = gsm48_tx_integer[rc->tx_int];
1871 s->max_retrans = gsm48_max_retrans[rc->max_retr];
1872 for (i = 0, i <= 15, i++)
1873 if ((rc->ac[1 - (i >> 3)] & (1 << (i & 7))))
1874 s->class_barr[i] = 1;
1876 s->class_barr[i] = 0;
1880 static int gsm48_decode_rach_ctl_neigh(struct gsm48_sysinfo *s, struct gsm48_rach_ctl *rc)
1884 s->nb_reest_denied = rc->re;
1885 s->nb_cell_barred = rc->cell_barr;
1886 s->nb_tx_integer = gsm48_tx_integer[rc->tx_int];
1887 s->nb_max_retrans = gsm48_max_retrans[rc->max_retr];
1888 for (i = 0, i <= 15, i++)
1889 if ((rc->ac[1 - (i >> 3)] & (1 << (i & 7))))
1890 s->nb_class_barr[i] = 1;
1892 s->nb_class_barr[i] = 0;
1897 /* decode "SI 1 Rest Octets" (10.5.2.32) */
1898 static int gsm48_decode_si1_rest(struct gsm48_sysinfo *s, uint8_t *si, uint8_t len)
1902 /* decode "SI 3 Rest Octets" (10.5.2.34) */
1903 static int gsm48_decode_si3_rest(struct gsm48_sysinfo *s, uint8_t *si, uint8_t len)
1908 todo: add to unit data ind switch-case state
1909 /* receive "SYSTEM INFORMATION 1" message (9.1.31) */
1910 static int gsm_rr_rx_sysinfo1(struct osmocom_ms *ms, struct msgb *msg)
1912 struct gsm48_system_information_type_1 *si = msgb_l3(msg);
1913 struct gsm48_sysinfo *s = ms->sysinfo;
1914 int payload_len = msgb_l3len(msg) - sizeof(*si);
1916 if (payload_len < 0) {
1917 DEBUGP(DRR, "Short read of SYSTEM INFORMATION 1 message.\n");
1920 /* Cell Channel Description */
1921 gsm48_decode_freq_list(s->freq, si->cell_channel_description,
1922 sizeof(si->cell_channel_description), 0xce);
1923 /* RACH Control Parameter */
1924 gsm48_decode_rach_ctl_param(s, si->rach_control);
1925 /* SI 1 Rest Octets */
1927 gsm48_decode_si1_rest(si->rest_octets, payload_len);
1933 todo: add to unit data ind switch-case state
1934 /* receive "SYSTEM INFORMATION 2" message (9.1.32) */
1935 static int gsm_rr_rx_sysinfo2(struct osmocom_ms *ms, struct msgb *msg)
1937 struct gsm48_system_information_type_2 *si = msgb_l3(msg);
1938 struct gsm48_sysinfo *s = ms->sysinfo;
1939 int payload_len = msgb_l3len(msg) - sizeof(*si);
1941 if (payload_len < 0) {
1942 DEBUGP(DRR, "Short read of SYSTEM INFORMATION 2 message.\n");
1945 /* Neighbor Cell Description */
1946 gsm48_decode_freq_list(s->nb_freq, si->bcch_frequency_list,
1947 sizeof(si->bcch_frequency_list), 0xce);
1949 s->ncc_permitted = si->ncc_permitted;
1950 /* RACH Control Parameter */
1951 gsm48_decode_rach_ctl_neigh(s, si->rach_control);
1957 todo: add to unit data ind switch-case state
1958 /* receive "SYSTEM INFORMATION 2bis" message (9.1.33) */
1959 static int gsm_rr_rx_sysinfo2bis(struct osmocom_ms *ms, struct msgb *msg)
1961 struct gsm48_system_information_type_2bis *si = msgb_l3(msg);
1962 struct gsm48_sysinfo *s = ms->sysinfo;
1963 int payload_len = msgb_l3len(msg) - sizeof(*si);
1965 if (payload_len < 0) {
1966 DEBUGP(DRR, "Short read of SYSTEM INFORMATION 2bis message.\n");
1969 /* Neighbor Cell Description */
1970 s->ext_ind = (si->bcch_frequency_list[0] >> 6) & 1;
1971 s->ba_ind = (si->bcch_frequency_list[0] >> 5) & 1;
1972 gsm48_decode_freq_list(s->nb_freq, si->ext_bcch_frequency_list,
1973 sizeof(si->ext_bcch_frequency_list), 0x8e);
1974 /* RACH Control Parameter */
1975 gsm48_decode_rach_ctl_neigh(s, si->rach_control);
1981 todo: add to unit data ind switch-case state
1982 /* receive "SYSTEM INFORMATION 2ter" message (9.1.34) */
1983 static int gsm_rr_rx_sysinfo2ter(struct osmocom_ms *ms, struct msgb *msg)
1985 struct gsm48_system_information_type_2ter *si = msgb_l3(msg);
1986 struct gsm48_sysinfo *s = ms->sysinfo;
1987 int payload_len = msgb_l3len(msg) - sizeof(*si);
1989 if (payload_len < 0) {
1990 DEBUGP(DRR, "Short read of SYSTEM INFORMATION 2ter message.\n");
1993 /* Neighbor Cell Description 2 */
1994 s->multi_rep = (si->bcch_frequency_list[0] >> 6) & 3;
1995 gsm48_decode_freq_list(s->nb_freq, si->ext_bcch_frequency_list,
1996 sizeof(si->ext_bcch_frequency_list), 0x8e);
2001 todo: add to unit data ind switch-case state
2002 /* receive "SYSTEM INFORMATION 3" message (9.1.35) */
2003 static int gsm_rr_rx_sysinfo3(struct osmocom_ms *ms, struct msgb *msg)
2005 struct gsm48_system_information_type_3 *si = msgb_l3(msg);
2006 struct gsm48_sysinfo *s = ms->sysinfo;
2007 int payload_len = msgb_l3len(msg) - sizeof(*si);
2009 if (payload_len < 0) {
2010 DEBUGP(DRR, "Short read of SYSTEM INFORMATION 3 message.\n");
2014 s->cell_identity = ntohl(si->cell_identity);
2016 gsm48_decode_lai(si->lai, s->mcc, s->mnc, s->lac);
2017 /* Control Channel Description */
2018 gsm48_decode_ccd(s, si->control_channel_desc);
2019 /* Cell Options (BCCH) */
2020 gsm48_decode_cellopt(s, si->control_channel_desc);
2021 /* Cell Selection Parameters */
2022 gsm48_decode_cell_sel_param(s, si->cell_sel_par);
2023 /* RACH Control Parameter */
2024 gsm48_decode_rach_ctl_param(s, si->rach_control);
2025 /* SI 1 Rest Octets */
2026 if (payload_len >= 4)
2027 gsm48_decode_si3_rest(si->rest_octets, payload_len);
2032 todo: add to unit data ind switch-case state
2033 /* receive "SYSTEM INFORMATION 4" message (9.1.36) */
2034 static int gsm_rr_rx_sysinfo4(struct osmocom_ms *ms, struct msgb *msg)
2036 struct gsm48_system_information_type_4 *si = msgb_l3(msg);
2037 struct gsm48_sysinfo *s = ms->sysinfo;
2038 int payload_len = msgb_l3len(msg) - sizeof(*si);
2040 if (payload_len < 0) {
2041 DEBUGP(DRR, "Short read of SYSTEM INFORMATION 4 message.\n");
2045 gsm48_decode_lai(si->lai, s->mcc, s->mnc, s->lac);
2046 /* Cell Selection Parameters */
2047 gsm48_decode_cell_sel_param(s, si->cell_sel_par);
2048 /* RACH Control Parameter */
2049 gsm48_decode_rach_ctl_param(s, si->rach_control);
2050 /* CBCH Channel Description */
2051 if (payload_len >= 4 && si->data[0] == GSM48_IE_CBCH_CHAN_DES) {
2052 memcpy(&s->chan_desc, si->data + 1, sizeof(s->chan_desc));
2053 /* CBCH Mobile Allocation */
2054 if (payload_len >= 6 && si->data[4] == GSM48_IE_CBCH_MOB_ALLOC)
2055 && payload_len >= 6 + si->data[5])
2056 gsm48_decode_mobile_alloc(&ma, si->data + 5);
2059 /* Cell Options (BCCH) */
2060 gsm48_decode_cellopt(s, si->control_channel_desc);
2061 /* SI 1 Rest Octets */
2062 if (payload_len >= 4)
2063 gsm48_decode_si3_rest(si->rest_octets, payload_len);
2068 today: decode mobile alloc 1-8 binary masks
2075 add support structure
2076 initialize support structure
2078 queue messages (rslms_data_req) if channel changes
2080 flush rach msg in all cases: during sending, after its done, and when aborted
2081 stop timers on abort
2082 debugging. (wenn dies todo erledigt ist, bitte in den anderen code moven)
2083 wird beim abbruch immer der gepufferte cm-service-request entfernt, auch beim verschicken?:
2085 todo rr_sync_ind when receiving ciph, re ass, channel mode modify
2087 todo change procedures, release procedure
2089 during procedures, like "channel assignment" or "handover", rr requests must be queued
2090 they must be dequeued when complete
2091 they queue must be flushed when rr fails
2093 #include <osmocore/protocol/gsm_04_08.h>
2094 #include <osmocore/msgb.h>
2095 #include <osmocore/gsm48.h>
2097 static struct rr_names {
2101 { "RR_EST_REQ", RR_EST_REQ },
2102 { "RR_EST_IND", RR_EST_IND },
2103 { "RR_EST_CNF", RR_EST_CNF },
2104 { "RR_REL_IND", RR_REL_IND },
2105 { "RR_SYNC_IND", RR_SYNC_IND },
2106 { "RR_DATA_REQ", RR_DATA_REQ },
2107 { "RR_DATA_IND", RR_DATA_IND },
2108 { "RR_UNIT_DATA_IND", RR_UNIT_DATA_IND },
2109 { "RR_ABORT_REQ", RR_ABORT_REQ },
2110 { "RR_ABORT_IND", RR_ABORT_IND },
2111 { "RR_ACT_REQ", RR_ACT_REQ },
2116 char *get_rr_name(int value)
2120 for (i = 0; rr_names[i].name; i++) {
2121 if (rr_names[i].value == value)
2122 return rr_names[i].name;
2125 return "RR_Unknown";
2128 static int rr_rcvmsg(struct osmocom_ms *ms,
2129 int msg_type, struct gsm_mncc *rrmsg)
2133 DEBUGP(DRR, "(MS %s) Sending '%s' to MM.\n", ms->name,
2134 get_rr_name(msg_type));
2136 rrmsg->msg_type = msg_type;
2138 msg = msgb_alloc(sizeof(struct gsm_rr), "RR");
2141 memcpy(msg->data, rrmsg, sizeof(struct gsm_rr));
2142 msgb_enqueue(&ms->rr.upqueue, msg);
2147 static int gsm_rr_abort_req(struct osmocom_ms *ms, struct gsm_rr *rrmsg)
2149 struct gsm_rrlayer *rr = ms->rrlayer;
2151 if (rr->state == GSM_RRSTATE_DEDICATED) {
2152 struct gsm_dl dlmsg;
2154 memset(&dlmsg, 0, sizeof(dlmsg));
2155 return gsm_send_dl(ms, DL_RELEASE_REQ, dlmsg);
2157 new_rr_state(rr, GSM_RRSTATE_IDLE);
2160 static int gsm_rr_act_req(struct osmocom_ms *ms, struct gsm_rr *rrmsg)
2164 /* state trasitions for radio ressource messages (upper layer) */
2165 static struct rrdownstate {
2168 int (*rout) (struct osmocom_ms *ms, struct gsm_dl *rrmsg);
2169 } rrdownstatelist[] = {
2170 {SBIT(GSM_RRSTATE_IDLE), /* 3.3.1.1 */
2171 RR_EST_REQ, gsm_rr_est_req},
2172 {SBIT(GSM_RRSTATE_DEDICATED), /* 3.4.2 */
2173 RR_DATA_REQ, gsm_rr_data_req},
2174 {SBIT(GSM_RRSTATE_CONN_PEND) | SBIT(GSM_RRSTATE_DEDICATED),
2175 RR_ABORT_REQ, gsm_rr_abort_req},
2176 {SBIT(GSM_RRSTATE_DEDICATED),
2177 RR_ACT_REQ, gsm_rr_act_req},
2180 #define RRDOWNSLLEN \
2181 (sizeof(rrdownstatelist) / sizeof(struct rrdownstate))
2183 static int gsm_send_rr(struct osmocom_ms *ms, struct gsm_rr *msg)
2185 struct gsm_mm_hdr *mmh = msgb->data;
2186 int msg_type = mmh->msg_type;
2188 DEBUGP(DRR, "(ms %s) Sending '%s' to DL in state %s\n", ms->name,
2189 gsm0408_rr_msg_names[msg_type], mm_state_names[mm->state]);
2191 /* find function for current state and message */
2192 for (i = 0; i < RRDOWNSLLEN; i++)
2193 if ((msg_type == rrdownstatelist[i].type)
2194 && ((1 << mm->state) & rrdownstatelist[i].states))
2196 if (i == RRDOWNSLLEN) {
2197 DEBUGP(DRR, "Message unhandled at this state.\n");
2201 rc = rrdownstatelist[i].rout(ms, dlmsg);
2203 /* free msgb uless it is forwarded */
2204 if (rrdownstatelist[i].rout != gsm_rr_data_req)
2211 /* channel description */
2212 rsl_dec_chan_nr(aa->chan_desc.chan_nr, &ch_type, &ch_subch, &ch_ts);
2213 h = aa->chan_desc.h0.h;
2215 rsl_dec_chan_h1(&aa->chan_desc, &tsc, &maio, &hsn);
2217 rsl_dec_chan_h0(&aa->chan_desc, &tsc, &arfcn);
2218 /* mobile allocation */
2220 if (!TLVP_PRESENT(&tp, GSM48_IE_MOBILE_ALLOC))
2221 return gsm_rr_tx_rr_status(ms, ...);
2222 gsm48_decode_mobile_alloc(&ma,
2223 TLVP_VAL(&tp, GSM48_IE_MOBILE_ALLOC)-1);
2226 if (TLVP_PRESENT(&tp, GSM48_IE_START_TIME)) {
2227 gsm48_decode_start_time(&frame,
2228 TLVP_VAL(&tp, GSM48_IE_START_TIME)-1);
2233 /* memcopy of LV of given IE from tlv_parsed structure */
2234 static int tlv_copy(void *dest, int dest_len, struct tlv_parsed *tp, uint8_t ie)
2243 if (!TLVP_PRESENT(tp, ie))
2246 len = TLVP_LEN(tp, ie);
2249 if (len + 1 > dest_len)
2252 memcpy(dest, TLVP_VAL(tp, ie) - 1, len + 1);
2256 - flush/send when leaving this state (or completion or if back on old channel)
2257 static int gsm_rr_rx_ass_cmd(struct osmocom_ms *ms, struct msgb *msg)
2259 struct gsm_rrlayer *rr = ms->rrlayer;
2260 struct gsm48_hdr *gh = msgb_l3(msg);
2261 struct gsm48_ass_cmd *ac = (struct gsm48_ass_cmd *)gh->data;
2262 int payload_len = msgb_l3len(msg) - sizeof(*gh) - sizeof(*ac);
2263 struct tlv_parsed tp;
2264 struct gsm_rr_chan_desc cd;
2266 memset(&cd, 0, sizeof(cd));
2268 if (payload_len < 0) {
2269 DEBUGP(DRR, "Short read of ASSIGNMENT COMMAND message.\n");
2270 return gsm_rr_tx_rr_status(ms, GSM48_RR_CAUSE_PROT_ERROR_UNSPC);
2272 tlv_parse(&tp, &rsl_att_tlvdef, ac->data, payload_len, 0, 0);
2274 /* channel description */
2275 memcpy(&cd.chan_desc, &ac->chan_desc, sizeof(chan_desc));
2277 cd.power_command = ac->power_command;
2278 /* frequency list, after timer */
2279 tlv_copy(&cd.fl, sizeof(fl_after), &tp, GSM48_IE_FRQLIST_AFTER);
2280 /* cell channel description */
2281 tlv_copy(&cd.ccd, sizeof(ccd), &tp, GSM48_IE_CELL_CH_DESC);
2282 /* multislot allocation */
2283 tlv_copy(&cd.multia, sizeof(ma), &tp, GSM48_IE_MSLOT_DESC);
2285 tlv_copy(&cd.chanmode, sizeof(chanmode), &tp, GSM48_IE_CHANMODE_1);
2286 /* mobile allocation, after time */
2287 tlv_copy(&cd.moba_after, sizeof(moba_after), &tp, GSM48_IE_MOB_AL_AFTER);
2289 tlv_copy(&cd.start, sizeof(start), &tp, GSM_IE_START_TIME);
2290 /* frequency list, before time */
2291 tlv_copy(&cd.fl_before, sizeof(fl_before), &tp, GSM48_IE_FRQLIST_BEFORE);
2292 /* channel description, before time */
2293 tlv_copy(&cd.chan_desc_before, sizeof(cd_before), &tp, GSM48_IE_CHDES_1_BEFORE);
2294 /* frequency channel sequence, before time */
2295 tlv_copy(&cd.fcs_before, sizeof(fcs_before), &tp, GSM48_IE_FRQSEQ_BEFORE);
2296 /* mobile allocation, before time */
2297 tlv_copy(&cd.moba_before, sizeof(moba_before), &tp, GSM48_IE_MOB_AL_BEFORE);
2298 /* cipher mode setting */
2299 if (TLVP_PRESENT(&tp, GSM48_IE_CIP_MODE_SET))
2300 cd.cipher = *TLVP_VAL(&tp, GSM48_IE_CIP_MODE_SET);
2305 DEBUGP(DRR, "No current cell allocation available.\n");
2306 return gsm_rr_tx_rr_status(ms, GSM48_RR_CAUSE_NO_CELL_ALLOC_A);
2309 if (not supported) {
2310 DEBUGP(DRR, "New channel is not supported.\n");
2311 return gsm_rr_tx_rr_status(ms, RR_CAUSE_CHAN_MODE_UNACCEPT);
2314 if (freq not supported) {
2315 DEBUGP(DRR, "New frequency is not supported.\n");
2316 return gsm_rr_tx_rr_status(ms, RR_CAUSE_FREQ_NOT_IMPLEMENTED);
2319 /* store current channel descriptions, to return in case of failure */
2320 memcpy(&rr->chan_last, &rr->chan_desc, sizeof(*cd));
2321 /* copy new description */
2322 memcpy(&rr->chan_desc, cd, sizeof(cd));
2324 /* start suspension of current link */
2325 newmsg = gsm48_rr_msgb_alloc();
2328 rslms_tx_rll_req_l3(ms, RSL_MT_SUSP_REQ, rr->chan_desc.chan_nr, 0, msg);
2330 /* change into special assignment suspension state */
2331 rr->assign_susp_state = 1;
2332 rr->resume_last_state = 0;
2337 - queue messages during this state
2338 - flush/send when leaving this state
2339 static int gsm_rr_rx_hando_cmd(struct osmocom_ms *ms, struct msgb *msg)
2341 struct gsm_rrlayer *rr = ms->rrlayer;
2342 struct gsm48_hdr *gh = msgb_l3(msg);
2343 int payload_len = msgb_l3len(msg) - sizeof(*gh);
2349 /* change into special handover suspension state */
2350 rr->hando_susp_state = 1;
2351 rr->resume_last_state = 0;
2354 static int gsm_rr_rx_hando_cmd(struct osmocom_ms *ms, struct msgb *msg)
2356 struct gsm_rrlayer *rr = ms->rrlayer;
2357 struct gsm48_hdr *gh = msgb_l3(msg);
2358 int payload_len = msgb_l3len(msg) - sizeof(*gh);
2360 static int gsm_rr_estab_cnf_dedicated(struct osmocom_ms *ms, struct msgb *msg)
2362 if (rr->hando_susp_state || rr->assign_susp_state) {
2363 if (rr->resume_last_state) {
2364 rr->resume_last_state = 0;
2365 gsm_rr_tx_ass_cpl(ms, cause);
2366 flush queued radio ressource messages
2370 gsm_rr_tx_ass_fail(ms, RR_CAUSE_PROTO_ERR_UNSPEC);
2376 static int gsm_rr_connect_cnf(struct osmocom_ms *ms, struct msgbl *msg)
2380 static int gsm_rr_rel_ind(struct osmocom_ms *ms, struct msgb *msg)
2384 static int gsm_rr_rel_cnf_dedicated(struct osmocom_ms *ms, struct msgb *msg)
2386 struct gsm_rrlayer *rr = ms->rrlayer;
2388 if (rr->hando_susp_state || rr->assign_susp_state) {
2391 /* change radio to new channel */
2392 tx_ph_dm_est_req(ms, arfcn, rr->chan_desc.chan_desc.chan_nr);
2394 newmsg = gsm48_rr_msgb_alloc();
2397 /* send DL-ESTABLISH REQUEST */
2398 rslms_tx_rll_req_l3(ms, RSL_MT_EST_REQ, rr->chan_desc.chan_desc.chan_nr, 0, newmsg);
2401 if (rr->hando_susp_state) {
2402 send HANDOVER ACCESS via DL_RANDOM_ACCESS_REQ
2403 rr->hando_acc_left = 3;
2408 static int gsm_rr_mdl_error_ind(struct osmocom_ms *ms, struct msgb *msg)
2410 struct gsm_rrlayer *rr = ms->rrlayer;
2411 struct msgb *newmsg;
2412 struct gsm_mm_hdr *newmmh;
2414 if (rr->hando_susp_state || rr->assign_susp_state) {
2415 if (!rr->resume_last_state) {
2416 rr->resume_last_state = 1;
2418 /* get old channel description */
2419 memcpy(&rr->chan_desc, &rr->chan_last, sizeof(*cd));
2421 /* change radio to old channel */
2422 tx_ph_dm_est_req(ms, arfcn, rr->chan_desc.chan_desc.chan_nr);
2426 rr->resume_last_state = 0;
2429 /* deactivate channel */
2430 tx_ph_dm_rel_req(ms, arfcn, rr->chan_desc.chan_desc.chan_nr);
2432 /* send abort ind to upper layer */
2433 newmsg = gsm48_mm_msgb_alloc();
2437 newmmh = (struct gsm_mm_hdr *)newmsg->data;
2438 newmmh->msg_type = RR_ABORT_IND;
2439 newmmh->cause = GSM_MM_CAUSE_LINK_FAILURE;
2440 return rr_rcvmsg(ms, msg);
2443 /* state trasitions for link layer messages (lower layer) */
2444 static struct dldatastate {
2447 int (*rout) (struct osmocom_ms *ms, struct gsm_dl *dlmsg);
2448 } dldatastatelist[] = {
2449 {SBIT(GSM_RRSTATE_IDLE) | SBIT(GSM_RRSTATE_CONN_PEND),
2450 DL_UNIT_DATA_IND, gsm_rr_unit_data_ind},
2451 {SBIT(GSM_RRSTATE_DEDICATED), /* 3.4.2 */
2452 DL_DATA_IND, gsm_rr_data_ind},
2453 {SBIT(GSM_RRSTATE_IDLE) | SBIT(GSM_RRSTATE_CONN_PEND),
2454 DL_ESTABLISH_CNF, gsm_rr_estab_cnf},
2455 {SBIT(GSM_RRSTATE_DEDICATED),
2456 DL_ESTABLISH_CNF, gsm_rr_estab_cnf_dedicated},
2458 DL_CONNECT_CNF, gsm_rr_connect_cnf},
2460 DL_RELEASE_IND, gsm_rr_rel_ind},
2461 {SBIT(GSM_RRSTATE_IDLE) | SBIT(GSM_RRSTATE_CONN_PENDING),
2462 DL_RELEASE_CNF, gsm_rr_rel_cnf},
2463 {SBIT(GSM_RRSTATE_DEDICATED),
2464 DL_RELEASE_CNF, gsm_rr_rel_cnf_dedicated},
2465 {SBIT(GSM_RRSTATE_CONN_PEND), /* 3.3.1.1.2 */
2466 DL_RANDOM_ACCESS_CNF, gsm_rr_rand_acc_cnf},
2467 {SBIT(GSM_RRSTATE_DEDICATED),
2468 DL_RANDOM_ACCESS_CNF, gsm_rr_rand_acc_cnf_dedicated},
2470 MDL_ERROR_IND, gsm_rr_mdl_error_ind},
2473 #define DLDATASLLEN \
2474 (sizeof(dldatastatelist) / sizeof(struct dldatastate))
2476 static int gsm_rcv_dl(struct osmocom_ms *ms, struct gsm_dl *dlmsg)
2478 int msg_type = dlmsg->msg_type;
2480 DEBUGP(DRR, "(ms %s) Received '%s' from DL in state %s\n", ms->name,
2481 gsm0408_dl_msg_names[msg_type], mm_state_names[mm->state]);
2483 /* find function for current state and message */
2484 for (i = 0; i < DLDATASLLEN; i++)
2485 if ((msg_type == dldatastatelist[i].type)
2486 && ((1 << mm->state) & dldatastatelist[i].states))
2488 if (i == DLDATASLLEN) {
2489 DEBUGP(DRR, "Message unhandled at this state.\n");
2493 rc = dldatastatelist[i].rout(ms, dlmsg);
2495 /* free msgb uless it is forwarded */
2496 if (dldatastatelist[i].rout != gsm_rr_data_ind)
2502 static void timeout_rr_t3124(void *arg)
2504 struct gsm_rrlayer *rr = arg;
2509 struct gsm_rrlayer *gsm_new_rr(struct osmocom_ms *ms)
2511 struct gsm_rrlayer *rr;
2513 rr = calloc(1, sizeof(struct gsm_rrlayer));
2525 void gsm_destroy_rr(struct gsm_rrlayer *rr)
2531 alle timer gestoppt?:
2532 todo stop t3122 when cell change
2534 memset(rr, 0, sizeof(struct gsm_rrlayer));
2540 /* send next channel request in dedicated state */
2541 static int gsm_rr_rand_acc_cnf_dedicated(struct osmocom_ms *ms, struct msgb *msg)
2543 struct gsm_rrlayer *rr = ms->rrlayer;
2544 struct msgb *newmsg;
2547 if (!rr->hando_susp_state) {
2548 DEBUGP(DRR, "Random acces confirm, but not in handover state.\n");
2552 /* send up to four handover access bursts */
2553 if (rr->hando_acc_left) {
2554 rr->hando_acc_left--;
2555 send HANDOVER ACCESS via DL_RANDOM_ACCESS_REQ;
2559 if (!timer 3124 running) {
2560 if (allocated channel is SDCCH)
2561 start_rr_t3124(rr, GSM_T3124_675);
2563 start_rr_t3124(rr, GSM_T3124_320);
2564 if (!rr->n_chan_req) {
2565 start_rr_t3126(rr, GSM_T3126_MS);
2571 switch(ms->si.tx_integer) {
2572 case 3: case 8: case 14: case 50:
2573 if (ms->si.bcch_type == GSM_NON_COMBINED_CCCH)
2577 case 4: case 9: case 16:
2578 if (ms->si.bcch_type == GSM_NON_COMBINED_CCCH)
2582 case 5: case 10: case 20:
2583 if (ms->si.bcch_type == GSM_NON_COMBINED_CCCH)
2587 case 6: case 11: case 25:
2588 if (ms->si.bcch_type == GSM_NON_COMBINED_CCCH)
2593 if (ms->si.bcch_type == GSM_NON_COMBINED_CCCH)
2598 /* resend chan_req */
2599 newmsg = msgb_alloc_headroom(20, 16, "CHAN_REQ");
2602 *msgb_put(newmsg, 1) = rr->chan_req;
2603 *msgb_put(newmsg, 1) = (random() % ms->si.tx_integer) + s; /* delay */
2604 rr->cr_hist[3] = rr->cr_hist[2];
2605 rr->cr_hist[2] = rr->cr_hist[1];
2606 rr->cr_hist[1] = chan_req;
2607 return rslms_tx_rll_req_l3(ms, RSL_MT_RAND_ACC_REQ, chan_nr, 0, newmsg);
projects / osmocom-bb.git / blob