1 /* GSM LAPDm (TS 04.06) implementation */
3 /* (C) 2010-2011 by Harald Welte <laforge@gnumonks.org>
4 * (C) 2010 by Andreas Eversberg <jolly@eversberg.eu>
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License along
19 * with this program; if not, write to the Free Software Foundation, Inc.,
20 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 /* Notes on Buffering: rcv_buffer, tx_queue, tx_hist, send_buffer, send_queue
26 * RX data is stored in the rcv_buffer (pointer). If the message is complete, it
27 * is removed from rcv_buffer pointer and forwarded to L3. If the RX data is
28 * received while there is an incomplete rcv_buffer, it is appended to it.
30 * TX data is stored in the send_queue first. When transmitting a frame,
31 * the first message in the send_queue is moved to the send_buffer. There it
32 * resides until all fragments are acknowledged. Fragments to be sent by I
33 * frames are stored in the tx_hist buffer for resend, if required. Also the
34 * current fragment is copied into the tx_queue. There it resides until it is
35 * forwarded to layer 1.
37 * In case we have SAPI 0, we only have a window size of 1, so the unack-
38 * nowledged message resides always in the send_buffer. In case of a suspend,
39 * it can be written back to the first position of the send_queue.
41 * The layer 1 normally sends a PH-READY-TO-SEND. But because we use
42 * asynchronous transfer between layer 1 and layer 2 (serial link), we must
43 * send a frame before layer 1 reaches the right timeslot to send it. So we
44 * move the tx_queue to layer 1 when there is not already a pending frame, and
45 * wait until acknowledge after the frame has been sent. If we receive an
46 * acknowledge, we can send the next frame from the buffer, if any.
48 * The moving of tx_queue to layer 1 may also trigger T200, if desired. Also it
49 * will trigger next I frame, if possible.
57 #include <arpa/inet.h>
59 #include <osmocom/core/logging.h>
60 #include <osmocom/core/timer.h>
61 #include <osmocom/core/msgb.h>
62 #include <osmocom/gsm/tlv.h>
63 #include <osmocom/core/utils.h>
64 #include <osmocom/gsm/rsl.h>
65 #include <osmocom/gsm/protocol/gsm_04_08.h>
66 #include <osmocom/gsm/protocol/gsm_08_58.h>
68 #include <osmocom/bb/common/osmocom_data.h>
69 #include <osmocom/bb/common/lapdm.h>
70 #include <osmocom/bb/common/logging.h>
72 /* TS 04.06 Figure 4 / Section 3.2 */
73 #define LAPDm_LPD_NORMAL 0
74 #define LAPDm_LPD_SMSCB 1
75 #define LAPDm_SAPI_NORMAL 0
76 #define LAPDm_SAPI_SMS 3
77 #define LAPDm_ADDR(lpd, sapi, cr) ((((lpd) & 0x3) << 5) | (((sapi) & 0x7) << 2) | (((cr) & 0x1) << 1) | 0x1)
79 #define LAPDm_ADDR_SAPI(addr) (((addr) >> 2) & 0x7)
80 #define LAPDm_ADDR_CR(addr) (((addr) >> 1) & 0x1)
81 #define LAPDm_ADDR_EA(addr) ((addr) & 0x1)
83 /* TS 04.06 Table 3 / Section 3.4.3 */
84 #define LAPDm_CTRL_I(nr, ns, p) ((((nr) & 0x7) << 5) | (((p) & 0x1) << 4) | (((ns) & 0x7) << 1))
85 #define LAPDm_CTRL_S(nr, s, p) ((((nr) & 0x7) << 5) | (((p) & 0x1) << 4) | (((s) & 0x3) << 2) | 0x1)
86 #define LAPDm_CTRL_U(u, p) ((((u) & 0x1c) << (5-2)) | (((p) & 0x1) << 4) | (((u) & 0x3) << 2) | 0x3)
88 #define LAPDm_CTRL_is_I(ctrl) (((ctrl) & 0x1) == 0)
89 #define LAPDm_CTRL_is_S(ctrl) (((ctrl) & 0x3) == 1)
90 #define LAPDm_CTRL_is_U(ctrl) (((ctrl) & 0x3) == 3)
92 #define LAPDm_CTRL_U_BITS(ctrl) ((((ctrl) & 0xC) >> 2) | ((ctrl) & 0xE0) >> 3)
93 #define LAPDm_CTRL_PF_BIT(ctrl) (((ctrl) >> 4) & 0x1)
95 #define LAPDm_CTRL_S_BITS(ctrl) (((ctrl) & 0xC) >> 2)
97 #define LAPDm_CTRL_I_Ns(ctrl) (((ctrl) & 0xE) >> 1)
98 #define LAPDm_CTRL_Nr(ctrl) (((ctrl) & 0xE0) >> 5)
100 /* TS 04.06 Table 4 / Section 3.8.1 */
101 #define LAPDm_U_SABM 0x7
102 #define LAPDm_U_DM 0x3
103 #define LAPDm_U_UI 0x0
104 #define LAPDm_U_DISC 0x8
105 #define LAPDm_U_UA 0xC
107 #define LAPDm_S_RR 0x0
108 #define LAPDm_S_RNR 0x1
109 #define LAPDm_S_REJ 0x2
111 #define LAPDm_LEN(len) ((len << 2) | 0x1)
112 #define LAPDm_MORE 0x2
114 /* TS 04.06 Section 5.8.3 */
115 #define N201_AB_SACCH 18
116 #define N201_AB_SDCCH 20
117 #define N201_AB_FACCH 20
119 #define N201_Bter_SACCH 21
120 #define N201_Bter_SDCCH 23
121 #define N201_Bter_FACCH 23
124 /* 5.8.2.1 N200 during establish and release */
125 #define N200_EST_REL 5
126 /* 5.8.2.1 N200 during timer recovery state */
127 #define N200_TR_SACCH 5
128 #define N200_TR_SDCCH 23
129 #define N200_TR_FACCH_FR 34
130 #define N200_TR_EFACCH_FR 48
131 #define N200_TR_FACCH_HR 29
132 /* FIXME: this depends on chan type */
133 #define N200 N200_TR_SACCH
135 #define CR_MS2BS_CMD 0
136 #define CR_MS2BS_RESP 1
137 #define CR_BS2MS_CMD 1
138 #define CR_BS2MS_RESP 0
140 /* Set T200 to 1 Second (OpenBTS uses 900ms) */
143 /* k value for each SAPI */
144 static uint8_t k_sapi[] = {1, 1, 1, 1, 1, 1, 1, 1};
154 static void lapdm_t200_cb(void *data);
155 static int rslms_send_i(struct lapdm_msg_ctx *mctx, int line);
157 /* UTILITY FUNCTIONS */
159 static inline uint8_t inc_mod8(uint8_t x)
164 static inline uint8_t add_mod8(uint8_t x, uint8_t y)
169 static inline uint8_t sub_mod8(uint8_t x, uint8_t y)
171 return (x - y) & 7; /* handle negative results correctly */
174 static void lapdm_dl_init(struct lapdm_datalink *dl,
175 struct lapdm_entity *entity)
177 memset(dl, 0, sizeof(*dl));
178 INIT_LLIST_HEAD(&dl->send_queue);
179 INIT_LLIST_HEAD(&dl->tx_queue);
180 dl->state = LAPDm_STATE_IDLE;
182 dl->t200.cb = &lapdm_t200_cb;
186 void lapdm_entity_init(struct lapdm_entity *le)
190 for (i = 0; i < ARRAY_SIZE(le->datalink); i++)
191 lapdm_dl_init(&le->datalink[i], le);
194 void lapdm_channel_init(struct lapdm_channel *lc)
196 lapdm_entity_init(&lc->lapdm_acch);
197 lapdm_entity_init(&lc->lapdm_dcch);
201 static void lapdm_dl_flush_send(struct lapdm_datalink *dl)
205 /* Flush send-queue */
206 while ((msg = msgb_dequeue(&dl->send_queue)))
209 /* Clear send-buffer */
210 if (dl->send_buffer) {
211 msgb_free(dl->send_buffer);
212 dl->send_buffer = NULL;
216 static void lapdm_dl_flush_tx(struct lapdm_datalink *dl)
221 while ((msg = msgb_dequeue(&dl->tx_queue)))
223 for (i = 0; i < 8; i++)
224 dl->tx_length[i] = 0;
227 void lapdm_entity_exit(struct lapdm_entity *le)
230 struct lapdm_datalink *dl;
232 for (i = 0; i < ARRAY_SIZE(le->datalink); i++) {
233 dl = &le->datalink[i];
234 lapdm_dl_flush_tx(dl);
235 lapdm_dl_flush_send(dl);
237 msgb_free(dl->rcv_buffer);
241 void lapdm_channel_exit(struct lapdm_channel *lc)
243 lapdm_entity_exit(&lc->lapdm_acch);
244 lapdm_entity_exit(&lc->lapdm_dcch);
247 static void lapdm_dl_newstate(struct lapdm_datalink *dl, uint32_t state)
249 LOGP(DLAPDM, LOGL_INFO, "new state %s -> %s\n",
250 lapdm_state_names[dl->state], lapdm_state_names[state]);
255 static struct lapdm_datalink *datalink_for_sapi(struct lapdm_entity *le, uint8_t sapi)
258 case LAPDm_SAPI_NORMAL:
259 return &le->datalink[0];
261 return &le->datalink[1];
267 /* remove the L2 header from a MSGB */
268 static inline unsigned char *msgb_pull_l2h(struct msgb *msg)
270 unsigned char *ret = msgb_pull(msg, msg->l3h - msg->l2h);
275 /* Append padding (if required) */
276 static void lapdm_pad_msgb(struct msgb *msg, uint8_t n201)
278 int pad_len = n201 - msgb_l2len(msg);
282 LOGP(DLAPDM, LOGL_ERROR,
283 "cannot pad message that is already too big!\n");
287 data = msgb_put(msg, pad_len);
288 memset(data, 0x2B, pad_len);
291 /* input function that L2 calls when sending messages up to L3 */
292 static int rslms_sendmsg(struct msgb *msg, struct lapdm_entity *le)
299 /* call the layer2 message handler that is registered */
300 return le->l3_cb(msg, le, le->l3_ctx);
303 /* write a frame into the tx queue */
304 static int tx_ph_data_enqueue(struct lapdm_datalink *dl, struct msgb *msg,
305 uint8_t chan_nr, uint8_t link_id, uint8_t n201)
307 struct lapdm_entity *le = dl->entity;
309 /* if there is a pending message, queue it */
310 if (le->tx_pending) {
311 *msgb_push(msg, 1) = n201;
312 *msgb_push(msg, 1) = link_id;
313 *msgb_push(msg, 1) = chan_nr;
314 msgb_enqueue(&dl->tx_queue, msg);
318 /* send the frame now */
319 le->tx_pending = 0; /* disabled flow control */
320 lapdm_pad_msgb(msg, n201);
321 return l1ctl_tx_data_req(le->l1_ctx, msg, chan_nr, link_id);
324 /* get next frame from the tx queue. because the ms has multiple datalinks,
325 * each datalink's queue is read round-robin.
327 int l2_ph_data_conf(struct msgb *msg, struct lapdm_entity *le)
329 struct lapdm_datalink *dl;
330 int last = le->last_tx_dequeue;
331 int i = last, n = ARRAY_SIZE(le->datalink);
332 uint8_t chan_nr, link_id, n201;
334 /* we may send again */
337 /* free confirm message */
340 /* round-robin dequeue */
344 dl = &le->datalink[i];
345 if ((msg = msgb_dequeue(&dl->tx_queue)))
349 /* no message in all queues */
353 /* Pull chan_nr and link_id */
354 chan_nr = *msg->data;
356 link_id = *msg->data;
361 /* Set last dequeue position */
362 le->last_tx_dequeue = i;
364 /* Pad the frame, we can transmit now */
366 lapdm_pad_msgb(msg, n201);
367 return l1ctl_tx_data_req(le->l1_ctx, msg, chan_nr, link_id);
370 /* Create RSLms various RSLms messages */
371 static int send_rslms_rll_l3(uint8_t msg_type, struct lapdm_msg_ctx *mctx,
374 /* Add the RSL + RLL header */
375 rsl_rll_push_l3(msg, msg_type, mctx->chan_nr, mctx->link_id, 1);
377 /* send off the RSLms message to L3 */
378 return rslms_sendmsg(msg, mctx->dl->entity);
381 /* Take a B4 format message from L1 and create RSLms UNIT DATA IND */
382 static int send_rslms_rll_l3_ui(struct lapdm_msg_ctx *mctx, struct msgb *msg)
384 uint8_t l3_len = msg->tail - (uint8_t *)msgb_l3(msg);
385 struct abis_rsl_rll_hdr *rllh;
387 /* Add the RSL + RLL header */
388 msgb_tv16_push(msg, RSL_IE_L3_INFO, l3_len);
389 msgb_push(msg, 2 + 2);
390 rsl_rll_push_hdr(msg, RSL_MT_UNIT_DATA_IND, mctx->chan_nr,
392 rllh = (struct abis_rsl_rll_hdr *)msgb_l2(msg);
394 rllh->data[0] = RSL_IE_TIMING_ADVANCE;
395 rllh->data[1] = mctx->ta_ind;
397 rllh->data[2] = RSL_IE_MS_POWER;
398 rllh->data[3] = mctx->tx_power_ind;
400 return rslms_sendmsg(msg, mctx->dl->entity);
403 static int send_rll_simple(uint8_t msg_type, struct lapdm_msg_ctx *mctx)
407 msg = rsl_rll_simple(msg_type, mctx->chan_nr, mctx->link_id, 1);
409 /* send off the RSLms message to L3 */
410 return rslms_sendmsg(msg, mctx->dl->entity);
413 static int rsl_rll_error(uint8_t cause, struct lapdm_msg_ctx *mctx)
418 LOGP(DLAPDM, LOGL_NOTICE, "sending MDL-ERROR-IND %d\n", cause);
419 msg = rsl_rll_simple(RSL_MT_ERROR_IND, mctx->chan_nr, mctx->link_id, 1);
420 msg->l2h = msgb_put(msg, sizeof(struct abis_rsl_rll_hdr) + 3);
421 tlv = msg->l2h + sizeof(struct abis_rsl_rll_hdr);
422 tlv[0] = RSL_IE_RLM_CAUSE;
425 return rslms_sendmsg(msg, mctx->dl->entity);
428 static int check_length_ind(struct lapdm_msg_ctx *mctx, uint8_t length_ind)
430 if (!(length_ind & 0x01)) {
431 /* G.4.1 If the EL bit is set to "0", an MDL-ERROR-INDICATION
432 * primitive with cause "frame not implemented" is sent to the
433 * mobile management entity. */
434 LOGP(DLAPDM, LOGL_NOTICE,
435 "we don't support multi-octet length\n");
436 rsl_rll_error(RLL_CAUSE_FRM_UNIMPL, mctx);
442 static int lapdm_send_resend(struct lapdm_datalink *dl)
444 struct msgb *msg = msgb_alloc_headroom(23+10, 10, "LAPDm resend");
447 /* Resend SABM/DISC from tx_hist */
448 length = dl->tx_length[0];
449 msg->l2h = msgb_put(msg, length);
450 memcpy(msg->l2h, dl->tx_hist[dl->V_send], length);
452 return tx_ph_data_enqueue(dl, msg, dl->mctx.chan_nr, dl->mctx.link_id,
456 static int lapdm_send_ua(struct lapdm_msg_ctx *mctx, uint8_t len, uint8_t *data)
458 uint8_t sapi = mctx->link_id & 7;
459 uint8_t f_bit = LAPDm_CTRL_PF_BIT(mctx->ctrl);
460 struct msgb *msg = msgb_alloc_headroom(23+10, 10, "LAPDm UA");
461 msg->l2h = msgb_put(msg, 3 + len);
463 msg->l2h[0] = LAPDm_ADDR(LAPDm_LPD_NORMAL, sapi, CR_MS2BS_RESP);
464 msg->l2h[1] = LAPDm_CTRL_U(LAPDm_U_UA, f_bit);
465 msg->l2h[2] = LAPDm_LEN(len);
467 memcpy(msg->l2h + 3, data, len);
469 return tx_ph_data_enqueue(mctx->dl, msg, mctx->chan_nr, mctx->link_id,
473 static int lapdm_send_dm(struct lapdm_msg_ctx *mctx)
475 uint8_t sapi = mctx->link_id & 7;
476 uint8_t f_bit = LAPDm_CTRL_PF_BIT(mctx->ctrl);
477 struct msgb *msg = msgb_alloc_headroom(23+10, 10, "LAPDm DM");
478 msg->l2h = msgb_put(msg, 3);
480 msg->l2h[0] = LAPDm_ADDR(LAPDm_LPD_NORMAL, sapi, CR_MS2BS_RESP);
481 msg->l2h[1] = LAPDm_CTRL_U(LAPDm_U_DM, f_bit);
484 return tx_ph_data_enqueue(mctx->dl, msg, mctx->chan_nr, mctx->link_id,
488 static int lapdm_send_rr(struct lapdm_msg_ctx *mctx, uint8_t f_bit)
490 uint8_t sapi = mctx->link_id & 7;
491 struct msgb *msg = msgb_alloc_headroom(23+10, 10, "LAPDm RR");
492 msg->l2h = msgb_put(msg, 3);
494 msg->l2h[0] = LAPDm_ADDR(LAPDm_LPD_NORMAL, sapi, CR_MS2BS_RESP);
495 msg->l2h[1] = LAPDm_CTRL_S(mctx->dl->V_recv, LAPDm_S_RR, f_bit);
496 msg->l2h[2] = LAPDm_LEN(0);
498 return tx_ph_data_enqueue(mctx->dl, msg, mctx->chan_nr, mctx->link_id,
502 static int lapdm_send_rnr(struct lapdm_msg_ctx *mctx, uint8_t f_bit)
504 uint8_t sapi = mctx->link_id & 7;
505 struct msgb *msg = msgb_alloc_headroom(23+10, 10, "LAPDm RNR");
506 msg->l2h = msgb_put(msg, 3);
508 msg->l2h[0] = LAPDm_ADDR(LAPDm_LPD_NORMAL, sapi, CR_MS2BS_RESP);
509 msg->l2h[1] = LAPDm_CTRL_S(mctx->dl->V_recv, LAPDm_S_RNR, f_bit);
510 msg->l2h[2] = LAPDm_LEN(0);
512 return tx_ph_data_enqueue(mctx->dl, msg, mctx->chan_nr, mctx->link_id,
516 static int lapdm_send_rej(struct lapdm_msg_ctx *mctx, uint8_t f_bit)
518 uint8_t sapi = mctx->link_id & 7;
519 struct msgb *msg = msgb_alloc_headroom(23+10, 10, "LAPDm REJ");
520 msg->l2h = msgb_put(msg, 3);
522 msg->l2h[0] = LAPDm_ADDR(LAPDm_LPD_NORMAL, sapi, CR_MS2BS_RESP);
523 msg->l2h[1] = LAPDm_CTRL_S(mctx->dl->V_recv, LAPDm_S_REJ, f_bit);
524 msg->l2h[2] = LAPDm_LEN(0);
526 return tx_ph_data_enqueue(mctx->dl, msg, mctx->chan_nr, mctx->link_id,
530 /* Timer callback on T200 expiry */
531 static void lapdm_t200_cb(void *data)
533 struct lapdm_datalink *dl = data;
535 LOGP(DLAPDM, LOGL_INFO, "lapdm_t200_cb(%p) state=%u\n", dl, dl->state);
538 case LAPDm_STATE_SABM_SENT:
540 if (dl->retrans_ctr + 1 >= N200_EST_REL + 1) {
541 /* send RELEASE INDICATION to L3 */
542 send_rll_simple(RSL_MT_REL_IND, &dl->mctx);
543 /* send MDL ERROR INIDCATION to L3 */
544 rsl_rll_error(RLL_CAUSE_T200_EXPIRED, &dl->mctx);
545 /* flush tx buffers */
546 lapdm_dl_flush_tx(dl);
547 /* go back to idle state */
548 lapdm_dl_newstate(dl, LAPDm_STATE_IDLE);
549 /* NOTE: we must not change any other states or buffers
550 * and queues, since we may reconnect after handover
551 * failure. the buffered messages is replaced there */
554 /* retransmit SABM command */
555 lapdm_send_resend(dl);
556 /* increment re-transmission counter */
558 /* restart T200 (PH-READY-TO-SEND) */
559 osmo_timer_schedule(&dl->t200, T200);
561 case LAPDm_STATE_DISC_SENT:
563 if (dl->retrans_ctr + 1 >= N200_EST_REL + 1) {
564 /* send RELEASE INDICATION to L3 */
565 send_rll_simple(RSL_MT_REL_CONF, &dl->mctx);
566 /* send MDL ERROR INIDCATION to L3 */
567 rsl_rll_error(RLL_CAUSE_T200_EXPIRED, &dl->mctx);
569 lapdm_dl_flush_tx(dl);
570 lapdm_dl_flush_send(dl);
571 /* go back to idle state */
572 lapdm_dl_newstate(dl, LAPDm_STATE_IDLE);
573 /* NOTE: we must not change any other states or buffers
574 * and queues, since we may reconnect after handover
575 * failure. the buffered messages is replaced there */
578 /* retransmit DISC command */
579 lapdm_send_resend(dl);
580 /* increment re-transmission counter */
582 /* restart T200 (PH-READY-TO-SEND) */
583 osmo_timer_schedule(&dl->t200, T200);
585 case LAPDm_STATE_MF_EST:
588 lapdm_dl_newstate(dl, LAPDm_STATE_TIMER_RECOV);
590 case LAPDm_STATE_TIMER_RECOV:
592 if (dl->retrans_ctr < N200) {
593 /* retransmit I frame (V_s-1) with P=1, if any */
594 if (dl->tx_length[sub_mod8(dl->V_send, 1)]) {
598 LOGP(DLAPDM, LOGL_INFO, "retransmit last frame "
599 "V(S)=%d\n", sub_mod8(dl->V_send, 1));
600 /* Create I frame (segment) from tx_hist */
601 length = dl->tx_length[sub_mod8(dl->V_send, 1)];
602 msg = msgb_alloc_headroom(23+10, 10, "LAPDm I");
603 msg->l2h = msgb_put(msg, length);
605 dl->tx_hist[sub_mod8(dl->V_send, 1)],
607 msg->l2h[1] = LAPDm_CTRL_I(dl->V_recv,
608 sub_mod8(dl->V_send, 1), 1); /* P=1 */
609 tx_ph_data_enqueue(dl, msg, dl->mctx.chan_nr,
610 dl->mctx.link_id, dl->mctx.n201);
612 /* OR send appropriate supervision frame with P=1 */
613 if (!dl->own_busy && !dl->seq_err_cond) {
614 lapdm_send_rr(&dl->mctx, 1);
615 /* NOTE: In case of sequence error
616 * condition, the REJ frame has been
617 * transmitted when entering the
618 * condition, so it has not be done
621 } else if (dl->own_busy) {
622 lapdm_send_rnr(&dl->mctx, 1);
624 LOGP(DLAPDM, LOGL_INFO, "unhandled, "
628 /* restart T200 (PH-READY-TO-SEND) */
629 osmo_timer_schedule(&dl->t200, T200);
631 /* send MDL ERROR INIDCATION to L3 */
632 rsl_rll_error(RLL_CAUSE_T200_EXPIRED, &dl->mctx);
636 LOGP(DLAPDM, LOGL_INFO, "T200 expired in unexpected "
637 "dl->state %u\n", dl->state);
641 /* 5.5.3.1: Common function to acknowlege frames up to the given N(R) value */
642 static void lapdm_acknowledge(struct lapdm_msg_ctx *mctx)
644 struct lapdm_datalink *dl = mctx->dl;
645 uint8_t nr = LAPDm_CTRL_Nr(mctx->ctrl);
646 int s = 0, rej = 0, t200_reset = 0;
649 /* supervisory frame ? */
650 if (LAPDm_CTRL_is_S(mctx->ctrl))
653 if (s && LAPDm_CTRL_S_BITS(mctx->ctrl) == LAPDm_S_REJ)
656 /* Flush all transmit buffers of acknowledged frames */
657 for (i = dl->V_ack; i != nr; i = inc_mod8(i)) {
658 if (dl->tx_length[i]) {
659 dl->tx_length[i] = 0;
660 LOGP(DLAPDM, LOGL_INFO, "ack frame %d\n", i);
664 if (dl->state != LAPDm_STATE_TIMER_RECOV) {
665 /* When not in the timer recovery condition, the data
666 * link layer entity shall reset the timer T200 on
667 * receipt of a valid I frame with N(R) higher than V(A),
668 * or an REJ with an N(R) equal to V(A). */
669 if ((!rej && nr != dl->V_ack)
670 || (rej && nr == dl->V_ack)) {
671 LOGP(DLAPDM, LOGL_INFO, "reset t200\n");
673 osmo_timer_del(&dl->t200);
674 /* 5.5.3.1 Note 1 + 2 imply timer recovery cond. */
676 /* 5.7.4: N(R) sequence error
677 * N(R) is called valid, if and only if
678 * (N(R)-V(A)) mod 8 <= (V(S)-V(A)) mod 8.
680 if (sub_mod8(nr, dl->V_ack) > sub_mod8(dl->V_send, dl->V_ack)) {
681 LOGP(DLAPDM, LOGL_NOTICE, "N(R) sequence error\n");
682 rsl_rll_error(RLL_CAUSE_SEQ_ERR, mctx);
686 /* V(A) shall be set to the value of N(R) */
689 /* If T200 has been reset by the receipt of an I, RR or RNR frame,
690 * and if there are outstanding I frames, restart T200 */
691 if (t200_reset && !rej) {
692 if (dl->tx_length[dl->V_send - 1]) {
693 LOGP(DLAPDM, LOGL_INFO, "start T200, due to unacked I "
695 osmo_timer_schedule(&dl->t200, T200);
702 /* Receive a LAPDm U (Unnumbered) message from L1 */
703 static int lapdm_rx_u(struct msgb *msg, struct lapdm_msg_ctx *mctx)
705 struct lapdm_datalink *dl = mctx->dl;
710 switch (LAPDm_CTRL_U_BITS(mctx->ctrl)) {
712 rsl_msg = RSL_MT_EST_IND;
714 LOGP(DLAPDM, LOGL_INFO, "SABM received\n");
716 dl->seq_err_cond = 0;
717 /* G.2.2 Wrong value of the C/R bit */
718 if (LAPDm_ADDR_CR(mctx->addr) == CR_BS2MS_RESP) {
719 LOGP(DLAPDM, LOGL_NOTICE, "SABM response error\n");
721 rsl_rll_error(RLL_CAUSE_FRM_UNIMPL, mctx);
725 length = msg->l2h[2] >> 2;
726 /* G.4.5 If SABM is received with L>N201 or with M bit
727 * set, AN MDL-ERROR-INDICATION is sent to MM.
729 if ((msg->l2h[2] & LAPDm_MORE) || length + 3 > mctx->n201) {
730 LOGP(DLAPDM, LOGL_NOTICE, "SABM too large error\n");
732 rsl_rll_error(RLL_CAUSE_UFRM_INC_PARAM, mctx);
736 /* Must be Format B */
737 rc = check_length_ind(mctx, msg->l2h[2]);
743 case LAPDm_STATE_IDLE:
744 /* Set chan_nr and link_id for established connection */
745 memset(&dl->mctx, 0, sizeof(dl->mctx));
747 dl->mctx.chan_nr = mctx->chan_nr;
748 dl->mctx.link_id = mctx->link_id;
750 case LAPDm_STATE_MF_EST:
752 rsl_msg = RSL_MT_EST_CONF;
755 LOGP(DLAPDM, LOGL_INFO, "SABM command, multiple "
756 "frame established state\n");
757 /* check for contention resoultion */
758 if (dl->tx_hist[0][2] >> 2) {
759 LOGP(DLAPDM, LOGL_NOTICE, "SABM not allowed "
760 "during contention resolution\n");
761 rsl_rll_error(RLL_CAUSE_SABM_INFO_NOTALL, mctx);
765 case LAPDm_STATE_DISC_SENT:
766 /* 5.4.6.2 send DM with F=P */
768 /* reset Timer T200 */
769 osmo_timer_del(&dl->t200);
771 return send_rll_simple(RSL_MT_REL_CONF, mctx);
773 lapdm_send_ua(mctx, length, msg->l2h + 3);
777 /* send UA response */
778 lapdm_send_ua(mctx, length, msg->l2h + 3);
779 /* set Vs, Vr and Va to 0 */
780 dl->V_send = dl->V_recv = dl->V_ack = 0;
782 dl->tx_length[0] = 0;
783 /* enter multiple-frame-established state */
784 lapdm_dl_newstate(dl, LAPDm_STATE_MF_EST);
785 /* send notification to L3 */
787 /* 5.4.1.2 Normal establishment procedures */
788 rc = send_rll_simple(rsl_msg, mctx);
791 /* 5.4.1.4 Contention resolution establishment */
792 msg->l3h = msg->l2h + 3;
794 rc = send_rslms_rll_l3(rsl_msg, mctx, msg);
798 LOGP(DLAPDM, LOGL_INFO, "DM received\n");
799 /* G.2.2 Wrong value of the C/R bit */
800 if (LAPDm_ADDR_CR(mctx->addr) == CR_BS2MS_CMD) {
801 LOGP(DLAPDM, LOGL_NOTICE, "DM command error\n");
803 rsl_rll_error(RLL_CAUSE_FRM_UNIMPL, mctx);
806 if (!LAPDm_CTRL_PF_BIT(mctx->ctrl)) {
807 /* 5.4.1.2 DM responses with the F bit set to "0"
814 case LAPDm_STATE_SABM_SENT:
816 case LAPDm_STATE_MF_EST:
817 if (LAPDm_CTRL_PF_BIT(mctx->ctrl) == 1) {
818 LOGP(DLAPDM, LOGL_INFO, "unsolicited DM "
820 rsl_rll_error(RLL_CAUSE_UNSOL_DM_RESP, mctx);
822 LOGP(DLAPDM, LOGL_INFO, "unsolicited DM "
823 "response, multiple frame established "
825 rsl_rll_error(RLL_CAUSE_UNSOL_DM_RESP_MF, mctx);
829 case LAPDm_STATE_TIMER_RECOV:
830 /* DM is normal in case PF = 1 */
831 if (LAPDm_CTRL_PF_BIT(mctx->ctrl) == 0) {
832 LOGP(DLAPDM, LOGL_INFO, "unsolicited DM "
833 "response, multiple frame established "
835 rsl_rll_error(RLL_CAUSE_UNSOL_DM_RESP_MF, mctx);
840 case LAPDm_STATE_DISC_SENT:
841 /* reset Timer T200 */
842 osmo_timer_del(&dl->t200);
843 /* go to idle state */
844 lapdm_dl_newstate(dl, LAPDm_STATE_IDLE);
845 rc = send_rll_simple(RSL_MT_REL_CONF, mctx);
848 case LAPDm_STATE_IDLE:
849 /* 5.4.5 all other frame types shall be discarded */
851 LOGP(DLAPDM, LOGL_INFO, "unsolicited DM response! "
857 osmo_timer_del(&dl->t200);
858 rc = send_rll_simple(RSL_MT_REL_IND, mctx);
862 LOGP(DLAPDM, LOGL_INFO, "UI received\n");
863 /* G.2.2 Wrong value of the C/R bit */
864 if (LAPDm_ADDR_CR(mctx->addr) == CR_BS2MS_RESP) {
865 LOGP(DLAPDM, LOGL_NOTICE, "UI indicates response "
868 rsl_rll_error(RLL_CAUSE_FRM_UNIMPL, mctx);
872 length = msg->l2h[2] >> 2;
873 /* FIXME: G.4.5 If UI is received with L>N201 or with M bit
874 * set, AN MDL-ERROR-INDICATION is sent to MM.
877 if (mctx->lapdm_fmt == LAPDm_FMT_B4) {
879 msg->l3h = msg->l2h + 2;
881 rc = check_length_ind(mctx, msg->l2h[2]);
886 length = msg->l2h[2] >> 2;
887 msg->l3h = msg->l2h + 3;
889 /* do some length checks */
891 /* 5.3.3 UI frames received with the length indicator
892 * set to "0" shall be ignored
894 LOGP(DLAPDM, LOGL_INFO, "length=0 (discarding)\n");
898 switch (LAPDm_ADDR_SAPI(mctx->addr)) {
899 case LAPDm_SAPI_NORMAL:
903 /* 5.3.3 UI frames with invalid SAPI values shall be
906 LOGP(DLAPDM, LOGL_INFO, "sapi=%u (discarding)\n",
907 LAPDm_ADDR_SAPI(mctx->addr));
912 rc = send_rslms_rll_l3_ui(mctx, msg);
915 rsl_msg = RSL_MT_REL_IND;
917 LOGP(DLAPDM, LOGL_INFO, "DISC received\n");
919 lapdm_dl_flush_tx(dl);
920 lapdm_dl_flush_send(dl);
922 dl->seq_err_cond = 0;
923 /* G.2.2 Wrong value of the C/R bit */
924 if (LAPDm_ADDR_CR(mctx->addr) == CR_BS2MS_RESP) {
925 LOGP(DLAPDM, LOGL_NOTICE, "DISC response error\n");
927 rsl_rll_error(RLL_CAUSE_FRM_UNIMPL, mctx);
930 length = msg->l2h[2] >> 2;
931 if (length > 0 || msg->l2h[2] & 0x02) {
932 /* G.4.4 If a DISC or DM frame is received with L>0 or
933 * with the M bit set to "1", an MDL-ERROR-INDICATION
934 * primitive with cause "U frame with incorrect
935 * parameters" is sent to the mobile management entity.
937 LOGP(DLAPDM, LOGL_NOTICE,
938 "U frame iwth incorrect parameters ");
940 rsl_rll_error(RLL_CAUSE_UFRM_INC_PARAM, mctx);
945 case LAPDm_STATE_IDLE:
946 LOGP(DLAPDM, LOGL_INFO, "DISC in idle state\n");
947 /* send DM with F=P */
948 return lapdm_send_dm(mctx);
949 case LAPDm_STATE_SABM_SENT:
950 LOGP(DLAPDM, LOGL_INFO, "DISC in SABM state\n");
951 /* 5.4.6.2 send DM with F=P */
953 /* reset Timer T200 */
954 osmo_timer_del(&dl->t200);
955 return send_rll_simple(RSL_MT_REL_IND, mctx);
956 case LAPDm_STATE_MF_EST:
957 case LAPDm_STATE_TIMER_RECOV:
958 LOGP(DLAPDM, LOGL_INFO, "DISC in est state\n");
960 case LAPDm_STATE_DISC_SENT:
961 LOGP(DLAPDM, LOGL_INFO, "DISC in disc state\n");
962 rsl_msg = RSL_MT_REL_CONF;
965 lapdm_send_ua(mctx, length, msg->l2h + 3);
968 /* send UA response */
969 lapdm_send_ua(mctx, length, msg->l2h + 3);
970 /* reset Timer T200 */
971 osmo_timer_del(&dl->t200);
972 /* enter idle state */
973 lapdm_dl_newstate(dl, LAPDm_STATE_IDLE);
974 /* send notification to L3 */
975 rc = send_rll_simple(rsl_msg, mctx);
978 LOGP(DLAPDM, LOGL_INFO, "UA received\n");
979 /* G.2.2 Wrong value of the C/R bit */
980 if (LAPDm_ADDR_CR(mctx->addr) == CR_BS2MS_CMD) {
981 LOGP(DLAPDM, LOGL_NOTICE, "UA indicates command "
984 rsl_rll_error(RLL_CAUSE_FRM_UNIMPL, mctx);
988 length = msg->l2h[2] >> 2;
989 /* G.4.5 If UA is received with L>N201 or with M bit
990 * set, AN MDL-ERROR-INDICATION is sent to MM.
992 if ((msg->l2h[2] & LAPDm_MORE) || length + 3 > mctx->n201) {
993 LOGP(DLAPDM, LOGL_NOTICE, "UA too large error\n");
995 rsl_rll_error(RLL_CAUSE_UFRM_INC_PARAM, mctx);
999 if (!LAPDm_CTRL_PF_BIT(mctx->ctrl)) {
1000 /* 5.4.1.2 A UA response with the F bit set to "0"
1003 LOGP(DLAPDM, LOGL_INFO, "F=0 (discarding)\n");
1007 switch (dl->state) {
1008 case LAPDm_STATE_SABM_SENT:
1010 case LAPDm_STATE_MF_EST:
1011 case LAPDm_STATE_TIMER_RECOV:
1012 LOGP(DLAPDM, LOGL_INFO, "unsolicited UA response! "
1014 rsl_rll_error(RLL_CAUSE_UNSOL_UA_RESP, mctx);
1017 case LAPDm_STATE_DISC_SENT:
1018 LOGP(DLAPDM, LOGL_INFO, "UA in disconnect state\n");
1019 /* reset Timer T200 */
1020 osmo_timer_del(&dl->t200);
1021 /* go to idle state */
1022 lapdm_dl_newstate(dl, LAPDm_STATE_IDLE);
1023 rc = send_rll_simple(RSL_MT_REL_CONF, mctx);
1026 case LAPDm_STATE_IDLE:
1027 /* 5.4.5 all other frame types shall be discarded */
1029 LOGP(DLAPDM, LOGL_INFO, "unsolicited UA response! "
1034 LOGP(DLAPDM, LOGL_INFO, "UA in SABM state\n");
1035 /* reset Timer T200 */
1036 osmo_timer_del(&dl->t200);
1037 /* compare UA with SABME if contention resolution is applied */
1038 if (dl->tx_hist[0][2] >> 2) {
1039 rc = check_length_ind(mctx, msg->l2h[2]);
1041 rc = send_rll_simple(RSL_MT_REL_IND, mctx);
1043 /* go to idle state */
1044 lapdm_dl_newstate(dl, LAPDm_STATE_IDLE);
1047 length = msg->l2h[2] >> 2;
1048 if (length != (dl->tx_hist[0][2] >> 2)
1049 || !!memcmp(dl->tx_hist[0] + 3, msg->l2h + 3,
1051 LOGP(DLAPDM, LOGL_INFO, "**** UA response "
1052 "mismatches ****\n");
1053 rc = send_rll_simple(RSL_MT_REL_IND, mctx);
1055 /* go to idle state */
1056 lapdm_dl_newstate(dl, LAPDm_STATE_IDLE);
1060 /* set Vs, Vr and Va to 0 */
1061 dl->V_send = dl->V_recv = dl->V_ack = 0;
1063 dl->tx_length[0] = 0;
1064 /* enter multiple-frame-established state */
1065 lapdm_dl_newstate(dl, LAPDm_STATE_MF_EST);
1066 /* send outstanding frames, if any (resume / reconnect) */
1067 rslms_send_i(mctx, __LINE__);
1068 /* send notification to L3 */
1069 rc = send_rll_simple(RSL_MT_EST_CONF, mctx);
1074 LOGP(DLAPDM, LOGL_NOTICE, "Unnumbered frame not allowed.\n");
1076 rsl_rll_error(RLL_CAUSE_FRM_UNIMPL, mctx);
1082 /* Receive a LAPDm S (Supervisory) message from L1 */
1083 static int lapdm_rx_s(struct msgb *msg, struct lapdm_msg_ctx *mctx)
1085 struct lapdm_datalink *dl = mctx->dl;
1088 length = msg->l2h[2] >> 2;
1089 if (length > 0 || msg->l2h[2] & 0x02) {
1090 /* G.4.3 If a supervisory frame is received with L>0 or
1091 * with the M bit set to "1", an MDL-ERROR-INDICATION
1092 * primitive with cause "S frame with incorrect
1093 * parameters" is sent to the mobile management entity. */
1094 LOGP(DLAPDM, LOGL_NOTICE,
1095 "S frame with incorrect parameters\n");
1097 rsl_rll_error(RLL_CAUSE_SFRM_INC_PARAM, mctx);
1101 if (LAPDm_ADDR_CR(mctx->addr) == CR_BS2MS_RESP
1102 && LAPDm_CTRL_PF_BIT(mctx->ctrl)
1103 && dl->state != LAPDm_STATE_TIMER_RECOV) {
1104 /* 5.4.2.2: Inidcate error on supervisory reponse F=1 */
1105 LOGP(DLAPDM, LOGL_NOTICE, "S frame response with F=1 error\n");
1106 rsl_rll_error(RLL_CAUSE_UNSOL_SPRV_RESP, mctx);
1109 switch (dl->state) {
1110 case LAPDm_STATE_IDLE:
1111 /* if P=1, respond DM with F=1 (5.2.2) */
1112 /* 5.4.5 all other frame types shall be discarded */
1113 if (LAPDm_CTRL_PF_BIT(mctx->ctrl))
1114 lapdm_send_dm(mctx); /* F=P */
1116 case LAPDm_STATE_SABM_SENT:
1117 case LAPDm_STATE_DISC_SENT:
1118 LOGP(DLAPDM, LOGL_NOTICE, "S frame ignored in this state\n");
1122 switch (LAPDm_CTRL_S_BITS(mctx->ctrl)) {
1124 LOGP(DLAPDM, LOGL_INFO, "RR received\n");
1125 /* 5.5.3.1: Acknowlege all tx frames up the the N(R)-1 */
1126 lapdm_acknowledge(mctx);
1129 if (LAPDm_ADDR_CR(mctx->addr) == CR_BS2MS_CMD
1130 && LAPDm_CTRL_PF_BIT(mctx->ctrl)) {
1131 if (!dl->own_busy && !dl->seq_err_cond) {
1132 LOGP(DLAPDM, LOGL_NOTICE, "RR frame command "
1133 "with polling bit set and we are not "
1134 "busy, so we reply with RR frame\n");
1135 lapdm_send_rr(mctx, 1);
1136 /* NOTE: In case of sequence error condition,
1137 * the REJ frame has been transmitted when
1138 * entering the condition, so it has not be
1141 } else if (dl->own_busy) {
1142 LOGP(DLAPDM, LOGL_NOTICE, "RR frame command "
1143 "with polling bit set and we are busy, "
1144 "so we reply with RR frame\n");
1145 lapdm_send_rnr(mctx, 1);
1147 } else if (LAPDm_ADDR_CR(mctx->addr) == CR_BS2MS_RESP
1148 && LAPDm_CTRL_PF_BIT(mctx->ctrl)
1149 && dl->state == LAPDm_STATE_TIMER_RECOV) {
1150 LOGP(DLAPDM, LOGL_INFO, "RR response with F==1, "
1151 "and we are in timer recovery state, so "
1152 "we leave that state\n");
1153 /* V(S) to the N(R) in the RR frame */
1154 dl->V_send = LAPDm_CTRL_Nr(mctx->ctrl);
1155 /* reset Timer T200 */
1156 osmo_timer_del(&dl->t200);
1157 /* 5.5.7 Clear timer recovery condition */
1158 lapdm_dl_newstate(dl, LAPDm_STATE_MF_EST);
1160 /* Send message, if possible due to acknowledged data */
1161 rslms_send_i(mctx, __LINE__);
1165 LOGP(DLAPDM, LOGL_INFO, "RNR received\n");
1166 /* 5.5.3.1: Acknowlege all tx frames up the the N(R)-1 */
1167 lapdm_acknowledge(mctx);
1170 /* Set peer receiver busy condition */
1173 if (LAPDm_CTRL_PF_BIT(mctx->ctrl)) {
1174 if (LAPDm_ADDR_CR(mctx->addr) == CR_BS2MS_CMD) {
1175 if (!dl->own_busy) {
1176 LOGP(DLAPDM, LOGL_INFO, "RNR poll "
1177 "command and we are not busy, "
1178 "so we reply with RR final "
1180 /* Send RR with F=1 */
1181 lapdm_send_rr(mctx, 1);
1183 LOGP(DLAPDM, LOGL_INFO, "RNR poll "
1184 "command and we are busy, so "
1185 "we reply with RNR final "
1187 /* Send RNR with F=1 */
1188 lapdm_send_rnr(mctx, 1);
1190 } else if (dl->state == LAPDm_STATE_TIMER_RECOV) {
1191 LOGP(DLAPDM, LOGL_INFO, "RNR poll response "
1192 "and we in timer recovery state, so "
1193 "we leave that state\n");
1194 /* 5.5.7 Clear timer recovery condition */
1195 lapdm_dl_newstate(dl, LAPDm_STATE_MF_EST);
1196 /* V(S) to the N(R) in the RNR frame */
1197 dl->V_send = LAPDm_CTRL_Nr(mctx->ctrl);
1200 LOGP(DLAPDM, LOGL_INFO, "RNR not polling/final state "
1203 /* Send message, if possible due to acknowledged data */
1204 rslms_send_i(mctx, __LINE__);
1208 LOGP(DLAPDM, LOGL_INFO, "REJ received\n");
1209 /* 5.5.3.1: Acknowlege all tx frames up the the N(R)-1 */
1210 lapdm_acknowledge(mctx);
1213 if (dl->state != LAPDm_STATE_TIMER_RECOV) {
1214 /* Clear an existing peer receiver busy condition */
1216 /* V(S) and V(A) to the N(R) in the REJ frame */
1217 dl->V_send = dl->V_ack = LAPDm_CTRL_Nr(mctx->ctrl);
1218 /* reset Timer T200 */
1219 osmo_timer_del(&dl->t200);
1221 if (LAPDm_ADDR_CR(mctx->addr) == CR_BS2MS_CMD
1222 && LAPDm_CTRL_PF_BIT(mctx->ctrl)) {
1223 if (!dl->own_busy && !dl->seq_err_cond) {
1224 LOGP(DLAPDM, LOGL_INFO, "REJ poll "
1225 "command not in timer recovery "
1226 "state and not in own busy "
1227 "condition received, so we "
1228 "respond with RR final "
1230 lapdm_send_rr(mctx, 1);
1231 /* NOTE: In case of sequence error
1232 * condition, the REJ frame has been
1233 * transmitted when entering the
1234 * condition, so it has not be done
1237 } else if (dl->own_busy) {
1238 LOGP(DLAPDM, LOGL_INFO, "REJ poll "
1239 "command not in timer recovery "
1240 "state and in own busy "
1241 "condition received, so we "
1242 "respond with RNR final "
1244 lapdm_send_rnr(mctx, 1);
1247 LOGP(DLAPDM, LOGL_INFO, "REJ response or not "
1248 "polling command not in timer recovery "
1249 "state received\n");
1250 /* send MDL ERROR INIDCATION to L3 */
1251 if (LAPDm_ADDR_CR(mctx->addr) == CR_BS2MS_RESP
1252 && LAPDm_CTRL_PF_BIT(mctx->ctrl)) {
1253 rsl_rll_error(RLL_CAUSE_UNSOL_SPRV_RESP, mctx);
1256 } else if (LAPDm_ADDR_CR(mctx->addr) == CR_BS2MS_RESP
1257 && LAPDm_CTRL_PF_BIT(mctx->ctrl)) {
1258 LOGP(DLAPDM, LOGL_INFO, "REJ poll response in timer "
1259 "recovery state received\n");
1260 /* Clear an existing peer receiver busy condition */
1262 /* 5.5.7 Clear timer recovery condition */
1263 lapdm_dl_newstate(dl, LAPDm_STATE_MF_EST);
1264 /* V(S) and V(A) to the N(R) in the REJ frame */
1265 dl->V_send = dl->V_ack = LAPDm_CTRL_Nr(mctx->ctrl);
1266 /* reset Timer T200 */
1267 osmo_timer_del(&dl->t200);
1269 /* Clear an existing peer receiver busy condition */
1271 /* V(S) and V(A) to the N(R) in the REJ frame */
1272 dl->V_send = dl->V_ack = LAPDm_CTRL_Nr(mctx->ctrl);
1274 if (LAPDm_ADDR_CR(mctx->addr) == CR_BS2MS_CMD
1275 && LAPDm_CTRL_PF_BIT(mctx->ctrl)) {
1276 if (!dl->own_busy && !dl->seq_err_cond) {
1277 LOGP(DLAPDM, LOGL_INFO, "REJ poll "
1278 "command in timer recovery "
1279 "state and not in own busy "
1280 "condition received, so we "
1281 "respond with RR final "
1283 lapdm_send_rr(mctx, 1);
1284 /* NOTE: In case of sequence error
1285 * condition, the REJ frame has been
1286 * transmitted when entering the
1287 * condition, so it has not be done
1290 } else if (dl->own_busy) {
1291 LOGP(DLAPDM, LOGL_INFO, "REJ poll "
1292 "command in timer recovery "
1293 "state and in own busy "
1294 "condition received, so we "
1295 "respond with RNR final "
1297 lapdm_send_rnr(mctx, 1);
1300 LOGP(DLAPDM, LOGL_INFO, "REJ response or not "
1301 "polling command in timer recovery "
1302 "state received\n");
1305 /* FIXME: 5.5.4.2 2) */
1307 /* Send message, if possible due to acknowledged data */
1308 rslms_send_i(mctx, __LINE__);
1313 LOGP(DLAPDM, LOGL_NOTICE, "Supervisory frame not allowed.\n");
1315 rsl_rll_error(RLL_CAUSE_FRM_UNIMPL, mctx);
1322 /* Receive a LAPDm I (Information) message from L1 */
1323 static int lapdm_rx_i(struct msgb *msg, struct lapdm_msg_ctx *mctx)
1325 struct lapdm_datalink *dl = mctx->dl;
1326 //uint8_t nr = LAPDm_CTRL_Nr(mctx->ctrl);
1327 uint8_t ns = LAPDm_CTRL_I_Ns(mctx->ctrl);
1331 LOGP(DLAPDM, LOGL_NOTICE, "I received\n");
1333 /* G.2.2 Wrong value of the C/R bit */
1334 if (LAPDm_ADDR_CR(mctx->addr) == CR_BS2MS_RESP) {
1335 LOGP(DLAPDM, LOGL_NOTICE, "I frame response not allowed\n");
1337 rsl_rll_error(RLL_CAUSE_FRM_UNIMPL, mctx);
1341 length = msg->l2h[2] >> 2;
1342 if (length == 0 || length + 3 > mctx->n201) {
1343 /* G.4.2 If the length indicator of an I frame is set
1344 * to a numerical value L>N201 or L=0, an MDL-ERROR-INDICATION
1345 * primitive with cause "I frame with incorrect length"
1346 * is sent to the mobile management entity. */
1347 LOGP(DLAPDM, LOGL_NOTICE, "I frame length not allowed\n");
1349 rsl_rll_error(RLL_CAUSE_IFRM_INC_LEN, mctx);
1353 /* G.4.2 If the numerical value of L is L<N201 and the M
1354 * bit is set to "1", then an MDL-ERROR-INDICATION primitive with
1355 * cause "I frame with incorrect use of M bit" is sent to the
1356 * mobile management entity. */
1357 if ((msg->l2h[2] & LAPDm_MORE) && length + 3 < mctx->n201) {
1358 LOGP(DLAPDM, LOGL_NOTICE, "I frame with M bit too short\n");
1360 rsl_rll_error(RLL_CAUSE_IFRM_INC_MBITS, mctx);
1364 switch (dl->state) {
1365 case LAPDm_STATE_IDLE:
1366 /* if P=1, respond DM with F=1 (5.2.2) */
1367 /* 5.4.5 all other frame types shall be discarded */
1368 if (LAPDm_CTRL_PF_BIT(mctx->ctrl))
1369 lapdm_send_dm(mctx); /* F=P */
1371 case LAPDm_STATE_SABM_SENT:
1372 case LAPDm_STATE_DISC_SENT:
1373 LOGP(DLAPDM, LOGL_NOTICE, "I frame ignored in this state\n");
1378 /* 5.7.1: N(s) sequence error */
1379 if (ns != dl->V_recv) {
1380 LOGP(DLAPDM, LOGL_NOTICE, "N(S) sequence error: N(S)=%u, "
1381 "V(R)=%u\n", ns, dl->V_recv);
1384 if (!dl->seq_err_cond) {
1385 /* FIXME: help me understand what exactly todo here
1386 dl->seq_err_cond = 1;
1388 lapdm_send_rej(mctx, LAPDm_CTRL_PF_BIT(mctx->ctrl));
1393 dl->seq_err_cond = 0;
1395 /* Increment receiver state */
1396 dl->V_recv = inc_mod8(dl->V_recv);
1397 LOGP(DLAPDM, LOGL_NOTICE, "incrementing V(R) to %u\n", dl->V_recv);
1399 /* 5.5.3.1: Acknowlege all transmitted frames up the the N(R)-1 */
1400 lapdm_acknowledge(mctx); /* V(A) is also set here */
1402 /* Only if we are not in own receiver busy condition */
1403 if (!dl->own_busy) {
1404 /* if the frame carries a complete segment */
1405 if (!(msg->l2h[2] & LAPDm_MORE)
1406 && !dl->rcv_buffer) {
1407 LOGP(DLAPDM, LOGL_INFO, "message in single I frame\n");
1408 /* send a DATA INDICATION to L3 */
1409 msg->l3h = msg->l2h + 3;
1412 msg->tail = msg->data + length;
1413 rc = send_rslms_rll_l3(RSL_MT_DATA_IND, mctx, msg);
1415 /* create rcv_buffer */
1416 if (!dl->rcv_buffer) {
1417 LOGP(DLAPDM, LOGL_INFO, "message in multiple I "
1418 "frames (first message)\n");
1419 dl->rcv_buffer = msgb_alloc_headroom(200+56, 56,
1421 dl->rcv_buffer->l3h = dl->rcv_buffer->data;
1423 /* concat. rcv_buffer */
1424 if (msgb_l3len(dl->rcv_buffer) + length > 200) {
1425 LOGP(DLAPDM, LOGL_NOTICE, "Received frame "
1428 memcpy(msgb_put(dl->rcv_buffer, length),
1429 msg->l2h + 3, length);
1431 /* if the last segment was received */
1432 if (!(msg->l2h[2] & LAPDm_MORE)) {
1433 LOGP(DLAPDM, LOGL_INFO, "message in multiple I "
1434 "frames (last message)\n");
1435 rc = send_rslms_rll_l3(RSL_MT_DATA_IND, mctx,
1437 dl->rcv_buffer = NULL;
1439 LOGP(DLAPDM, LOGL_INFO, "message in multiple I "
1440 "frames (next message)\n");
1445 LOGP(DLAPDM, LOGL_INFO, "I frame ignored during own receiver "
1446 "busy condition\n");
1448 /* Check for P bit */
1449 if (LAPDm_CTRL_PF_BIT(mctx->ctrl)) {
1451 /* check if we are not in own receiver busy */
1452 if (!dl->own_busy) {
1453 LOGP(DLAPDM, LOGL_INFO, "we are not busy, send RR\n");
1454 /* Send RR with F=1 */
1455 rc = lapdm_send_rr(mctx, 1);
1457 LOGP(DLAPDM, LOGL_INFO, "we are busy, send RNR\n");
1458 /* Send RNR with F=1 */
1459 rc = lapdm_send_rnr(mctx, 1);
1463 /* check if we are not in own receiver busy */
1464 if (!dl->own_busy) {
1465 /* NOTE: V(R) is already set above */
1466 rc = rslms_send_i(mctx, __LINE__);
1468 LOGP(DLAPDM, LOGL_INFO, "we are not busy and "
1469 "have no pending data, send RR\n");
1470 /* Send RR with F=0 */
1471 return lapdm_send_rr(mctx, 0);
1473 /* all I or one RR is sent, we are done */
1476 LOGP(DLAPDM, LOGL_INFO, "we are busy, send RNR\n");
1477 /* Send RNR with F=0 */
1478 rc = lapdm_send_rnr(mctx, 0);
1482 /* Send message, if possible due to acknowledged data */
1483 rslms_send_i(mctx, __LINE__);
1488 /* Receive a LAPDm message from L1 */
1489 static int lapdm_ph_data_ind(struct msgb *msg, struct lapdm_msg_ctx *mctx)
1493 /* G.2.3 EA bit set to "0" is not allowed in GSM */
1494 if (!LAPDm_ADDR_EA(mctx->addr)) {
1495 LOGP(DLAPDM, LOGL_NOTICE, "EA bit 0 is not allowed in GSM\n");
1497 rsl_rll_error(RLL_CAUSE_FRM_UNIMPL, mctx);
1501 if (LAPDm_CTRL_is_U(mctx->ctrl))
1502 rc = lapdm_rx_u(msg, mctx);
1503 else if (LAPDm_CTRL_is_S(mctx->ctrl))
1504 rc = lapdm_rx_s(msg, mctx);
1505 else if (LAPDm_CTRL_is_I(mctx->ctrl))
1506 rc = lapdm_rx_i(msg, mctx);
1508 LOGP(DLAPDM, LOGL_NOTICE, "unknown LAPDm format\n");
1515 /* input into layer2 (from layer 1) */
1516 int l2_ph_data_ind(struct msgb *msg, struct lapdm_entity *le, uint8_t chan_nr, uint8_t link_id)
1518 uint8_t cbits = chan_nr >> 3;
1519 uint8_t sapi = link_id & 7;
1520 struct lapdm_msg_ctx mctx;
1523 /* when we reach here, we have a msgb with l2h pointing to the raw
1524 * 23byte mac block. The l1h has already been purged. */
1526 mctx.dl = datalink_for_sapi(le, sapi);
1527 mctx.chan_nr = chan_nr;
1528 mctx.link_id = link_id;
1529 mctx.addr = mctx.ctrl = 0;
1531 /* G.2.1 No action schall be taken on frames containing an unallocated
1535 LOGP(DLAPDM, LOGL_NOTICE, "Received frame for unsupported "
1536 "SAPI %d!\n", sapi);
1542 /* check for L1 chan_nr/link_id and determine LAPDm hdr format */
1543 if (cbits == 0x10 || cbits == 0x12) {
1544 /* Format Bbis is used on BCCH and CCCH(PCH, NCH and AGCH) */
1545 mctx.lapdm_fmt = LAPDm_FMT_Bbis;
1546 mctx.n201 = N201_Bbis;
1548 if (mctx.link_id & 0x40) {
1549 /* It was received from network on SACCH, thus
1550 * lapdm_fmt must be B4 */
1551 mctx.lapdm_fmt = LAPDm_FMT_B4;
1552 mctx.n201 = N201_B4;
1553 LOGP(DLAPDM, LOGL_INFO, "fmt=B4\n");
1554 /* SACCH frames have a two-byte L1 header that
1555 * OsmocomBB L1 doesn't strip */
1556 mctx.tx_power_ind = msg->l2h[0] & 0x1f;
1557 mctx.ta_ind = msg->l2h[1];
1561 mctx.lapdm_fmt = LAPDm_FMT_B;
1562 LOGP(DLAPDM, LOGL_INFO, "fmt=B\n");
1563 mctx.n201 = 23; // FIXME: select correct size by chan.
1567 switch (mctx.lapdm_fmt) {
1571 mctx.addr = msg->l2h[0];
1572 if (!(mctx.addr & 0x01)) {
1573 LOGP(DLAPDM, LOGL_ERROR, "we don't support "
1574 "multibyte addresses (discarding)\n");
1578 mctx.ctrl = msg->l2h[1];
1579 /* obtain SAPI from address field */
1580 mctx.link_id |= LAPDm_ADDR_SAPI(mctx.addr);
1581 rc = lapdm_ph_data_ind(msg, &mctx);
1583 case LAPDm_FMT_Bter:
1587 case LAPDm_FMT_Bbis:
1588 /* directly pass up to layer3 */
1589 LOGP(DLAPDM, LOGL_INFO, "fmt=Bbis UI\n");
1590 msg->l3h = msg->l2h;
1592 rc = send_rslms_rll_l3(RSL_MT_UNIT_DATA_IND, &mctx, msg);
1601 /* L3 -> L2 / RSLMS -> LAPDm */
1603 /* L3 requests establishment of data link */
1604 static int rslms_rx_rll_est_req(struct msgb *msg, struct lapdm_datalink *dl)
1606 struct abis_rsl_rll_hdr *rllh = msgb_l2(msg);
1607 uint8_t chan_nr = rllh->chan_nr;
1608 uint8_t link_id = rllh->link_id;
1609 uint8_t sapi = rllh->link_id & 7;
1610 struct tlv_parsed tv;
1612 uint8_t n201 = 23; //FIXME
1614 /* Set chan_nr and link_id for established connection */
1615 memset(&dl->mctx, 0, sizeof(dl->mctx));
1617 dl->mctx.n201 = n201;
1618 dl->mctx.chan_nr = chan_nr;
1619 dl->mctx.link_id = link_id;
1621 rsl_tlv_parse(&tv, rllh->data, msgb_l2len(msg)-sizeof(*rllh));
1622 if (TLVP_PRESENT(&tv, RSL_IE_L3_INFO)) {
1623 /* contention resolution establishment procedure */
1625 /* According to clause 6, the contention resolution
1626 * procedure is only permitted with SAPI value 0 */
1627 LOGP(DLAPDM, LOGL_ERROR, "SAPI != 0 but contention"
1628 "resolution (discarding)\n");
1630 return send_rll_simple(RSL_MT_REL_IND, &dl->mctx);
1632 /* transmit a SABM command with the P bit set to "1". The SABM
1633 * command shall contain the layer 3 message unit */
1634 length = TLVP_LEN(&tv, RSL_IE_L3_INFO);
1635 LOGP(DLAPDM, LOGL_INFO, "perform establishment with content "
1638 /* normal establishment procedure */
1640 LOGP(DLAPDM, LOGL_INFO, "perform normal establishm. (SABM)\n");
1643 /* check if the layer3 message length exceeds N201 */
1644 if (length + 3 > 21) { /* FIXME: do we know the channel N201? */
1645 LOGP(DLAPDM, LOGL_ERROR, "frame too large: %d > N201(%d) "
1646 "(discarding)\n", length + 3, 21);
1648 return send_rll_simple(RSL_MT_REL_IND, &dl->mctx);
1651 /* Flush send-queue */
1652 /* Clear send-buffer */
1653 lapdm_dl_flush_send(dl);
1655 /* Discard partly received L3 message */
1656 if (dl->rcv_buffer) {
1657 msgb_free(dl->rcv_buffer);
1658 dl->rcv_buffer = NULL;
1661 /* Remove RLL header from msgb */
1664 /* Push LAPDm header on msgb */
1665 msg->l2h = msgb_push(msg, 3);
1666 msg->l2h[0] = LAPDm_ADDR(LAPDm_LPD_NORMAL, sapi, CR_MS2BS_CMD);
1667 msg->l2h[1] = LAPDm_CTRL_U(LAPDm_U_SABM, 1);
1668 msg->l2h[2] = LAPDm_LEN(length);
1669 /* Transmit-buffer carries exactly one segment */
1670 memcpy(dl->tx_hist[0], msg->l2h, 3 + length);
1671 dl->tx_length[0] = 3 + length;
1672 /* set Vs to 0, because it is used as index when resending SABM */
1676 dl->own_busy = dl->peer_busy = 0;
1677 dl->retrans_ctr = 0;
1678 lapdm_dl_newstate(dl, LAPDm_STATE_SABM_SENT);
1680 /* Tramsmit and start T200 */
1681 osmo_timer_schedule(&dl->t200, T200);
1682 return tx_ph_data_enqueue(dl, msg, chan_nr, link_id, n201);
1685 /* L3 requests transfer of unnumbered information */
1686 static int rslms_rx_rll_udata_req(struct msgb *msg, struct lapdm_datalink *dl)
1688 struct abis_rsl_rll_hdr *rllh = msgb_l2(msg);
1689 uint8_t chan_nr = rllh->chan_nr;
1690 uint8_t link_id = rllh->link_id;
1691 uint8_t sapi = link_id & 7;
1692 struct tlv_parsed tv;
1694 uint8_t n201 = 23; //FIXME
1695 uint8_t ta = 0, tx_power = 0;
1697 /* check if the layer3 message length exceeds N201 */
1699 rsl_tlv_parse(&tv, rllh->data, msgb_l2len(msg)-sizeof(*rllh));
1701 if (TLVP_PRESENT(&tv, RSL_IE_TIMING_ADVANCE)) {
1702 ta = *TLVP_VAL(&tv, RSL_IE_TIMING_ADVANCE);
1704 if (TLVP_PRESENT(&tv, RSL_IE_MS_POWER)) {
1705 tx_power = *TLVP_VAL(&tv, RSL_IE_MS_POWER);
1707 if (!TLVP_PRESENT(&tv, RSL_IE_L3_INFO)) {
1708 LOGP(DLAPDM, LOGL_ERROR, "unit data request without message "
1713 length = TLVP_LEN(&tv, RSL_IE_L3_INFO);
1714 /* check if the layer3 message length exceeds N201 */
1715 if (length + 5 > 23) { /* FIXME: do we know the channel N201? */
1716 LOGP(DLAPDM, LOGL_ERROR, "frame too large: %d > N201(%d) "
1717 "(discarding)\n", length + 5, 23);
1722 LOGP(DLAPDM, LOGL_INFO, "sending unit data (tx_power=%d, ta=%d)\n",
1725 /* Remove RLL header from msgb */
1728 /* Push L1 + LAPDm header on msgb */
1729 msg->l2h = msgb_push(msg, 2 + 3);
1730 msg->l2h[0] = tx_power;
1732 msg->l2h[2] = LAPDm_ADDR(LAPDm_LPD_NORMAL, sapi, CR_MS2BS_CMD);
1733 msg->l2h[3] = LAPDm_CTRL_U(LAPDm_U_UI, 0);
1734 msg->l2h[4] = LAPDm_LEN(length);
1735 // FIXME: short L2 header support
1738 return tx_ph_data_enqueue(dl, msg, chan_nr, link_id, n201);
1741 /* L3 requests transfer of acknowledged information */
1742 static int rslms_rx_rll_data_req(struct msgb *msg, struct lapdm_datalink *dl)
1744 struct abis_rsl_rll_hdr *rllh = msgb_l2(msg);
1745 struct tlv_parsed tv;
1747 rsl_tlv_parse(&tv, rllh->data, msgb_l2len(msg)-sizeof(*rllh));
1748 if (!TLVP_PRESENT(&tv, RSL_IE_L3_INFO)) {
1749 LOGP(DLAPDM, LOGL_ERROR, "data request without message "
1755 LOGP(DLAPDM, LOGL_INFO, "writing message to send-queue\n");
1757 /* Remove the RSL/RLL header */
1760 /* Write data into the send queue */
1761 msgb_enqueue(&dl->send_queue, msg);
1763 /* Send message, if possible */
1764 rslms_send_i(&dl->mctx, __LINE__);
1768 /* Send next I frame from queued/buffered data */
1769 static int rslms_send_i(struct lapdm_msg_ctx *mctx, int line)
1771 struct lapdm_datalink *dl = mctx->dl;
1772 uint8_t chan_nr = mctx->chan_nr;
1773 uint8_t link_id = mctx->link_id;
1774 uint8_t sapi = link_id & 7;
1775 int k = k_sapi[sapi];
1778 int rc = - 1; /* we sent nothing */
1780 LOGP(DLAPDM, LOGL_INFO, "%s() called from line %d\n", __func__, line);
1784 if (dl->peer_busy) {
1785 LOGP(DLAPDM, LOGL_INFO, "peer busy, not sending\n");
1789 if (dl->state == LAPDm_STATE_TIMER_RECOV) {
1790 LOGP(DLAPDM, LOGL_INFO, "timer recovery, not sending\n");
1794 /* If the send state variable V(S) is equal to V(A) plus k
1795 * (where k is the maximum number of outstanding I frames - see
1796 * subclause 5.8.4), the data link layer entity shall not transmit any
1797 * new I frames, but shall retransmit an I frame as a result
1798 * of the error recovery procedures as described in subclauses 5.5.4 and
1800 if (dl->V_send == add_mod8(dl->V_ack, k)) {
1801 LOGP(DLAPDM, LOGL_INFO, "k frames outstanding, not sending "
1802 "more (k=%u V(S)=%u V(A)=%u)\n", k, dl->V_send,
1807 /* if we have no tx_hist yet, we create it */
1808 if (!dl->tx_length[dl->V_send]) {
1809 /* Get next message into send-buffer, if any */
1810 if (!dl->send_buffer) {
1813 dl->send_buffer = msgb_dequeue(&dl->send_queue);
1814 /* No more data to be sent */
1815 if (!dl->send_buffer)
1817 LOGP(DLAPDM, LOGL_INFO, "get message from "
1821 /* How much is left in the send-buffer? */
1822 left = msgb_l3len(dl->send_buffer) - dl->send_out;
1823 /* Segment, if data exceeds N201 */
1825 if (length > mctx->n201 - 3)
1826 length = mctx->n201 - 3;
1827 LOGP(DLAPDM, LOGL_INFO, "msg-len %d sent %d left %d N201 %d "
1828 "length %d first byte %02x\n",
1829 msgb_l3len(dl->send_buffer), dl->send_out, left,
1830 mctx->n201, length, dl->send_buffer->l3h[0]);
1831 /* If message in send-buffer is completely sent */
1833 msgb_free(dl->send_buffer);
1834 dl->send_buffer = NULL;
1838 LOGP(DLAPDM, LOGL_INFO, "send I frame %sV(S)=%d\n",
1839 (left > length) ? "segment " : "", dl->V_send);
1841 /* Create I frame (segment) and transmit-buffer content */
1842 msg = msgb_alloc_headroom(23+10, 10, "LAPDm I");
1843 msg->l2h = msgb_put(msg, 3 + length);
1844 msg->l2h[0] = LAPDm_ADDR(LAPDm_LPD_NORMAL, sapi, CR_MS2BS_CMD);
1845 msg->l2h[1] = LAPDm_CTRL_I(dl->V_recv, dl->V_send, 0);
1846 msg->l2h[2] = LAPDm_LEN(length);
1848 msg->l2h[2] |= LAPDm_MORE;
1849 memcpy(msg->l2h + 3, dl->send_buffer->l3h + dl->send_out,
1851 memcpy(dl->tx_hist[dl->V_send], msg->l2h, 3 + length);
1852 dl->tx_length[dl->V_send] = 3 + length;
1853 /* Add length to track how much is already in the tx buffer */
1854 dl->send_out += length;
1856 LOGP(DLAPDM, LOGL_INFO, "resend I frame from tx buffer "
1857 "V(S)=%d\n", dl->V_send);
1859 /* Create I frame (segment) from tx_hist */
1860 length = dl->tx_length[dl->V_send];
1861 msg = msgb_alloc_headroom(23+10, 10, "LAPDm I");
1862 msg->l2h = msgb_put(msg, length);
1863 memcpy(msg->l2h, dl->tx_hist[dl->V_send], length);
1864 msg->l2h[1] = LAPDm_CTRL_I(dl->V_recv, dl->V_send, 0);
1867 /* The value of the send state variable V(S) shall be incremented by 1
1868 * at the end of the transmission of the I frame */
1869 dl->V_send = inc_mod8(dl->V_send);
1871 /* If timer T200 is not running at the time right before transmitting a
1872 * frame, when the PH-READY-TO-SEND primitive is received from the
1873 * physical layer., it shall be set. */
1874 if (!osmo_timer_pending(&dl->t200))
1875 osmo_timer_schedule(&dl->t200, T200);
1877 tx_ph_data_enqueue(dl, msg, chan_nr, link_id, mctx->n201);
1879 rc = 0; /* we sent something */
1883 /* L3 requests suspension of data link */
1884 static int rslms_rx_rll_susp_req(struct msgb *msg, struct lapdm_datalink *dl)
1886 struct abis_rsl_rll_hdr *rllh = msgb_l2(msg);
1887 uint8_t sapi = rllh->link_id & 7;
1890 LOGP(DLAPDM, LOGL_ERROR, "SAPI != 0 while suspending\n");
1895 LOGP(DLAPDM, LOGL_INFO, "perform suspension\n");
1897 /* put back the send-buffer to the send-queue (first position) */
1898 if (dl->send_buffer) {
1899 LOGP(DLAPDM, LOGL_INFO, "put frame in sendbuffer back to "
1901 llist_add(&dl->send_buffer->list, &dl->send_queue);
1902 dl->send_buffer = NULL;
1904 LOGP(DLAPDM, LOGL_INFO, "no frame in sendbuffer\n");
1906 /* Clear transmit buffer, but keep send buffer */
1907 lapdm_dl_flush_tx(dl);
1911 return send_rll_simple(RSL_MT_SUSP_CONF, &dl->mctx);
1914 /* L3 requests resume of data link */
1915 static int rslms_rx_rll_res_req(struct msgb *msg, struct lapdm_datalink *dl)
1917 struct abis_rsl_rll_hdr *rllh = msgb_l2(msg);
1918 uint8_t chan_nr = rllh->chan_nr;
1919 uint8_t link_id = rllh->link_id;
1920 uint8_t sapi = rllh->link_id & 7;
1921 struct tlv_parsed tv;
1923 uint8_t n201 = 23; //FIXME
1925 /* Set chan_nr and link_id for established connection */
1926 memset(&dl->mctx, 0, sizeof(dl->mctx));
1928 dl->mctx.n201 = n201;
1929 dl->mctx.chan_nr = chan_nr;
1930 dl->mctx.link_id = link_id;
1932 rsl_tlv_parse(&tv, rllh->data, msgb_l2len(msg)-sizeof(*rllh));
1933 if (!TLVP_PRESENT(&tv, RSL_IE_L3_INFO)) {
1934 LOGP(DLAPDM, LOGL_ERROR, "resume without message error\n");
1936 return send_rll_simple(RSL_MT_REL_IND, &dl->mctx);
1938 length = TLVP_LEN(&tv, RSL_IE_L3_INFO);
1940 LOGP(DLAPDM, LOGL_INFO, "perform re-establishment (SABM) length=%d\n",
1943 /* Replace message in the send-buffer (reconnect) */
1944 if (dl->send_buffer)
1945 msgb_free(dl->send_buffer);
1948 /* Remove the RSL/RLL header */
1950 /* Write data into the send buffer, to be sent first */
1951 dl->send_buffer = msg;
1954 /* Discard partly received L3 message */
1955 if (dl->rcv_buffer) {
1956 msgb_free(dl->rcv_buffer);
1957 dl->rcv_buffer = NULL;
1960 /* Create new msgb (old one is now free) */
1961 msg = msgb_alloc_headroom(23+10, 10, "LAPDm SABM");
1962 msg->l2h = msgb_put(msg, 3);
1963 msg->l2h[0] = LAPDm_ADDR(LAPDm_LPD_NORMAL, sapi, CR_MS2BS_CMD);
1964 msg->l2h[1] = LAPDm_CTRL_U(LAPDm_U_SABM, 1);
1965 msg->l2h[2] = LAPDm_LEN(0);
1966 /* Transmit-buffer carries exactly one segment */
1967 memcpy(dl->tx_hist[0], msg->l2h, 3);
1968 dl->tx_length[0] = 3;
1969 /* set Vs to 0, because it is used as index when resending SABM */
1973 dl->own_busy = dl->peer_busy = 0;
1974 dl->retrans_ctr = 0;
1975 lapdm_dl_newstate(dl, LAPDm_STATE_SABM_SENT);
1977 /* Tramsmit and start T200 */
1978 osmo_timer_schedule(&dl->t200, T200);
1979 return tx_ph_data_enqueue(dl, msg, chan_nr, link_id, n201);
1982 /* L3 requests release of data link */
1983 static int rslms_rx_rll_rel_req(struct msgb *msg, struct lapdm_datalink *dl)
1985 struct abis_rsl_rll_hdr *rllh = msgb_l2(msg);
1986 uint8_t chan_nr = rllh->chan_nr;
1987 uint8_t link_id = rllh->link_id;
1988 uint8_t sapi = rllh->link_id & 7;
1991 /* get release mode */
1992 if (rllh->data[0] == RSL_IE_RELEASE_MODE)
1993 mode = rllh->data[1] & 1;
1997 LOGP(DLAPDM, LOGL_INFO, "perform local release\n");
1999 /* reset Timer T200 */
2000 osmo_timer_del(&dl->t200);
2001 /* enter idle state */
2002 lapdm_dl_newstate(dl, LAPDm_STATE_IDLE);
2004 lapdm_dl_flush_tx(dl);
2005 lapdm_dl_flush_send(dl);
2006 /* send notification to L3 */
2007 return send_rll_simple(RSL_MT_REL_CONF, &dl->mctx);
2010 /* in case we are already disconnecting */
2011 if (dl->state == LAPDm_STATE_DISC_SENT)
2014 LOGP(DLAPDM, LOGL_INFO, "perform normal release (DISC)\n");
2017 msgb_pull(msg, msg->tail - msg->l2h);
2019 /* Push LAPDm header on msgb */
2020 msg->l2h = msgb_push(msg, 3);
2021 msg->l2h[0] = LAPDm_ADDR(LAPDm_LPD_NORMAL, sapi, CR_MS2BS_CMD);
2022 msg->l2h[1] = LAPDm_CTRL_U(LAPDm_U_DISC, 1);
2023 msg->l2h[2] = LAPDm_LEN(0);
2024 /* Transmit-buffer carries exactly one segment */
2025 memcpy(dl->tx_hist[0], msg->l2h, 3);
2026 dl->tx_length[0] = 3;
2029 dl->own_busy = dl->peer_busy = 0;
2030 dl->retrans_ctr = 0;
2031 lapdm_dl_newstate(dl, LAPDm_STATE_DISC_SENT);
2033 /* Tramsmit and start T200 */
2034 osmo_timer_schedule(&dl->t200, T200);
2035 return tx_ph_data_enqueue(dl, msg, chan_nr, link_id, dl->mctx.n201);
2038 /* L3 requests release in idle state */
2039 static int rslms_rx_rll_rel_req_idle(struct msgb *msg, struct lapdm_datalink *dl)
2043 /* send notification to L3 */
2044 return send_rll_simple(RSL_MT_REL_CONF, &dl->mctx);
2047 /* L3 requests channel in idle state */
2048 static int rslms_rx_chan_rqd(struct lapdm_channel *lc, struct msgb *msg)
2050 struct abis_rsl_cchan_hdr *cch = msgb_l2(msg);
2051 void *l1ctx = lc->lapdm_dcch.l1_ctx;
2054 if (msgb_l2len(msg) < sizeof(*cch) + 4 + 2 + 2) {
2055 LOGP(DRSL, LOGL_ERROR, "Message too short for CHAN RQD!\n");
2058 if (cch->data[0] != RSL_IE_REQ_REFERENCE) {
2059 LOGP(DRSL, LOGL_ERROR, "Missing REQ REFERENCE IE\n");
2062 if (cch->data[4] != RSL_IE_ACCESS_DELAY) {
2063 LOGP(DRSL, LOGL_ERROR, "Missing ACCESS_DELAY IE\n");
2066 if (cch->data[6] != RSL_IE_MS_POWER) {
2067 LOGP(DRSL, LOGL_ERROR, "Missing MS POWER IE\n");
2071 /* TA = 0 - delay */
2072 rc = l1ctl_tx_param_req(l1ctx, 0 - cch->data[5], cch->data[7]);
2074 rc = l1ctl_tx_rach_req(l1ctx, cch->data[1],
2075 ((cch->data[2] & 0x7f) << 8) | cch->data[3], cch->data[2] >> 7);
2082 /* L1 confirms channel request */
2083 int l2_ph_chan_conf(struct msgb *msg, struct osmocom_ms *ms,
2084 struct l1ctl_info_dl *dl)
2086 struct abis_rsl_cchan_hdr *ch;
2088 struct gsm48_req_ref *ref;
2090 gsm_fn2gsmtime(&tm, htonl(dl->frame_nr));
2093 msg->l2h = msgb_push(msg, sizeof(*ch) + sizeof(*ref));
2094 ch = (struct abis_rsl_cchan_hdr *)msg->l2h;
2095 rsl_init_cchan_hdr(ch, RSL_MT_CHAN_CONF);
2096 ch->chan_nr = RSL_CHAN_RACH;
2097 ch->data[0] = RSL_IE_REQ_REFERENCE;
2098 ref = (struct gsm48_req_ref *) (ch->data + 1);
2101 ref->t3_low = tm.t3 & 0x7;
2102 ref->t3_high = tm.t3 >> 3;
2104 return rslms_sendmsg(msg, &ms->lapdm_channel.lapdm_dcch);
2107 /* Names for Radio Link Layer Management */
2108 static const struct value_string rsl_msg_names[] = {
2109 { RSL_MT_DATA_REQ, "RSL_MT_DATA_REQ" },
2110 { RSL_MT_DATA_IND, "RSL_MT_DATA_IND" },
2111 { RSL_MT_ERROR_IND, "RSL_MT_ERROR_IND" },
2112 { RSL_MT_EST_REQ, "RSL_MT_EST_REQ" },
2113 { RSL_MT_EST_CONF, "RSL_MT_EST_CONF" },
2114 { RSL_MT_EST_IND, "RSL_MT_EST_IND" },
2115 { RSL_MT_EST_IND, "RSL_MT_REL_REQ" },
2116 { RSL_MT_REL_REQ, "RSL_MT_REL_REQ" },
2117 { RSL_MT_REL_CONF, "RSL_MT_REL_CONF" },
2118 { RSL_MT_REL_IND, "RSL_MT_REL_IND" },
2119 { RSL_MT_UNIT_DATA_REQ, "RSL_MT_UNIT_DATA_REQ" },
2120 { RSL_MT_UNIT_DATA_IND, "RSL_MT_UNIT_DATA_IND" },
2121 { RSL_MT_SUSP_REQ, "RSL_MT_SUSP_REQ" },
2122 { RSL_MT_SUSP_CONF, "RSL_MT_SUSP_CONF" },
2123 { RSL_MT_RES_REQ, "RSL_MT_RES_REQ" },
2124 { RSL_MT_RECON_REQ, "RSL_MT_RECON_REQ" },
2125 { RSL_MT_CHAN_RQD, "RSL_MT_CHAN_RQD" },
2126 { RSL_MT_CHAN_CONF, "RSL_MT_CHAN_CONF" },
2130 const char *get_rsl_name(int value)
2132 return get_value_string(rsl_msg_names, value);
2135 const char *lapdm_state_names[] = {
2138 "LAPDm_STATE_SABM_SENT",
2139 "LAPDm_STATE_MF_EST",
2140 "LAPDm_STATE_TIMER_RECOV",
2141 "LAPDm_STATE_DISC_SENT",
2144 /* statefull handling for RSLms RLL messages from L3 */
2145 static struct l2downstate {
2148 int (*rout) (struct msgb *msg, struct lapdm_datalink *dl);
2149 } l2downstatelist[] = {
2150 /* create and send UI command */
2152 RSL_MT_UNIT_DATA_REQ, rslms_rx_rll_udata_req},
2154 /* create and send SABM command */
2155 {SBIT(LAPDm_STATE_IDLE),
2156 RSL_MT_EST_REQ, rslms_rx_rll_est_req},
2158 /* create and send I command */
2159 {SBIT(LAPDm_STATE_MF_EST) |
2160 SBIT(LAPDm_STATE_TIMER_RECOV),
2161 RSL_MT_DATA_REQ, rslms_rx_rll_data_req},
2163 /* suspend datalink */
2164 {SBIT(LAPDm_STATE_MF_EST) |
2165 SBIT(LAPDm_STATE_TIMER_RECOV),
2166 RSL_MT_SUSP_REQ, rslms_rx_rll_susp_req},
2168 /* create and send SABM command (resume) */
2169 {SBIT(LAPDm_STATE_MF_EST) |
2170 SBIT(LAPDm_STATE_TIMER_RECOV),
2171 RSL_MT_RES_REQ, rslms_rx_rll_res_req},
2173 /* create and send SABM command (reconnect) */
2174 {SBIT(LAPDm_STATE_IDLE) |
2175 SBIT(LAPDm_STATE_MF_EST) |
2176 SBIT(LAPDm_STATE_TIMER_RECOV),
2177 RSL_MT_RECON_REQ, rslms_rx_rll_res_req},
2179 /* create and send DISC command */
2180 {SBIT(LAPDm_STATE_SABM_SENT) |
2181 SBIT(LAPDm_STATE_MF_EST) |
2182 SBIT(LAPDm_STATE_TIMER_RECOV) |
2183 SBIT(LAPDm_STATE_DISC_SENT),
2184 RSL_MT_REL_REQ, rslms_rx_rll_rel_req},
2186 /* release in idle state */
2187 {SBIT(LAPDm_STATE_IDLE),
2188 RSL_MT_REL_REQ, rslms_rx_rll_rel_req_idle},
2191 #define L2DOWNSLLEN \
2192 (sizeof(l2downstatelist) / sizeof(struct l2downstate))
2194 /* incoming RSLms RLL message from L3 */
2195 static int rslms_rx_rll(struct msgb *msg, struct lapdm_channel *lc)
2197 struct abis_rsl_rll_hdr *rllh = msgb_l2(msg);
2198 int msg_type = rllh->c.msg_type;
2199 uint8_t sapi = rllh->link_id & 7;
2200 struct lapdm_entity *le;
2201 struct lapdm_datalink *dl;
2202 int i, supported = 0;
2205 if (msgb_l2len(msg) < sizeof(*rllh)) {
2206 LOGP(DRSL, LOGL_ERROR, "Message too short for RLL hdr!\n");
2210 if (rllh->link_id & 0x40)
2211 le = &lc->lapdm_acch;
2213 le = &lc->lapdm_dcch;
2215 /* G.2.1 No action schall be taken on frames containing an unallocated
2218 dl = datalink_for_sapi(le, sapi);
2220 LOGP(DRSL, LOGL_ERROR, "No instance for SAPI %d!\n", sapi);
2224 LOGP(DRSL, LOGL_INFO, "(%p) RLL Message '%s' received in state %s\n",
2225 lc->name, get_rsl_name(msg_type), lapdm_state_names[dl->state]);
2227 /* find function for current state and message */
2228 for (i = 0; i < L2DOWNSLLEN; i++) {
2229 if (msg_type == l2downstatelist[i].type)
2231 if ((msg_type == l2downstatelist[i].type)
2232 && ((1 << dl->state) & l2downstatelist[i].states))
2236 LOGP(DRSL, LOGL_NOTICE, "Message unsupported.\n");
2240 if (i == L2DOWNSLLEN) {
2241 LOGP(DRSL, LOGL_NOTICE, "Message unhandled at this state.\n");
2246 rc = l2downstatelist[i].rout(msg, dl);
2251 /* incoming RSLms COMMON CHANNEL message from L3 */
2252 static int rslms_rx_com_chan(struct msgb *msg, struct lapdm_channel *lc)
2254 struct abis_rsl_cchan_hdr *cch = msgb_l2(msg);
2255 int msg_type = cch->c.msg_type;
2258 if (msgb_l2len(msg) < sizeof(*cch)) {
2259 LOGP(DRSL, LOGL_ERROR, "Message too short for COM CHAN hdr!\n");
2264 case RSL_MT_CHAN_RQD:
2265 /* create and send RACH request */
2266 rc = rslms_rx_chan_rqd(lc, msg);
2269 LOGP(DRSL, LOGL_NOTICE, "Unknown COMMON CHANNEL msg %d!\n",
2278 /* input into layer2 (from layer 3) */
2279 int lapdm_rslms_recvmsg(struct msgb *msg, struct lapdm_channel *lc)
2281 struct abis_rsl_common_hdr *rslh = msgb_l2(msg);
2284 if (msgb_l2len(msg) < sizeof(*rslh)) {
2285 LOGP(DRSL, LOGL_ERROR, "Message too short RSL hdr!\n");
2289 switch (rslh->msg_discr & 0xfe) {
2290 case ABIS_RSL_MDISC_RLL:
2291 rc = rslms_rx_rll(msg, lc);
2293 case ABIS_RSL_MDISC_COM_CHAN:
2294 rc = rslms_rx_com_chan(msg, lc);
2297 LOGP(DRSL, LOGL_ERROR, "unknown RSLms message "
2298 "discriminator 0x%02x", rslh->msg_discr);
2306 int osmol2_register_handler(struct osmocom_ms *ms, lapdm_cb_t cb)
2308 ms->lapdm_channel.lapdm_acch.l3_cb = cb;
2309 ms->lapdm_channel.lapdm_dcch.l3_cb = cb;
2310 ms->lapdm_channel.lapdm_acch.l3_ctx = ms;
2311 ms->lapdm_channel.lapdm_dcch.l3_ctx = ms;
projects / osmocom-bb.git / blob