1 #warning rr on MDL error handling (as specified in 04.08 / 04.06)
3 * (C) 2010 by Andreas Eversberg <jolly@eversberg.eu>
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License along
18 * with this program; if not, write to the Free Software Foundation, Inc.,
19 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 /* Very short description of some of the procedures:
25 * A radio ressource request causes sendig a channel request on RACH.
26 * After receiving of an immediate assignment the link will be establised.
27 * After the link is established, the dedicated mode is entered and confirmed.
29 * A Paging request also triggers the channel request as above...
30 * After the link is established, the dedicated mode is entered and indicated.
32 * During dedicated mode, messages are transferred.
34 * When an assignment command or a handover command is received, the current
35 * link is released. After release, the new channel is activated and the
36 * link is established again. After link is establised, pending messages from
37 * radio ressource are sent.
39 * When the assignment or handover fails, the old channel is activate and the
40 * link is established again. Also pending messages are sent.
49 #include <arpa/inet.h>
51 #include <osmocore/msgb.h>
52 #include <osmocore/utils.h>
53 #include <osmocore/rsl.h>
54 #include <osmocore/gsm48.h>
55 #include <osmocore/bitvec.h>
57 #include <osmocom/osmocom_data.h>
58 #include <osmocom/l1l2_interface.h>
59 #include <osmocom/logging.h>
60 #include <osmocom/networks.h>
61 #include <osmocom/l1ctl.h>
63 static int gsm48_rcv_rsl(struct osmocom_ms *ms, struct msgb *msg);
64 static int gsm48_rr_dl_est(struct osmocom_ms *ms);
70 #define MIN(a, b) ((a < b) ? a : b)
72 int gsm48_decode_lai(struct gsm48_loc_area_id *lai, uint16_t *mcc,
73 uint16_t *mnc, uint16_t *lac)
75 *mcc = ((lai->digits[0] & 0x0f) << 8)
76 | (lai->digits[0] & 0xf0)
77 | (lai->digits[1] & 0x0f);
78 *mnc = ((lai->digits[2] & 0x0f) << 8)
79 | (lai->digits[2] & 0xf0)
80 | ((lai->digits[1] & 0xf0) >> 4);
81 *lac = ntohs(lai->lac);
86 static int gsm48_encode_chan_h0(struct gsm48_chan_desc *cd, uint8_t tsc,
91 cd->h0.arfcn_low = arfcn & 0xff;
92 cd->h0.arfcn_high = arfcn >> 8;
97 static int gsm48_encode_chan_h1(struct gsm48_chan_desc *cd, uint8_t tsc,
98 uint8_t maio, uint8_t hsn)
102 cd->h1.maio_low = maio & 0x03;
103 cd->h1.maio_high = maio >> 2;
110 static int gsm48_decode_chan_h0(struct gsm48_chan_desc *cd, uint8_t *tsc,
114 *arfcn = cd->h0.arfcn_low | (cd->h0.arfcn_high << 8);
119 static int gsm48_decode_chan_h1(struct gsm48_chan_desc *cd, uint8_t *tsc,
120 uint8_t *maio, uint8_t *hsn)
123 *maio = cd->h1.maio_low | (cd->h1.maio_high << 2);
129 /* 10.5.2.38 decode Starting time IE */
130 static int gsm48_decode_start_time(struct gsm48_rr_cd *cd,
131 struct gsm48_start_time *st)
133 cd->start_t1 = st->t1;
134 cd->start_t2 = st->t2;
135 cd->start_t3 = (st->t3_high << 3) | st->t3_low;
140 /* decode "BA Range" (10.5.2.1a) */
141 static int gsm48_decode_ba_range(const uint8_t *ba, uint8_t ba_len,
142 uint32_t *range, uint8_t *ranges, int max_ranges)
144 /* ba = pointer to IE without IE type and length octets
145 * ba_len = number of octets
146 * range = pointer to store decoded range
147 * ranges = number of ranges decoded
148 * max_ranges = maximum number of decoded ranges that can be stored
150 uint16_t lower, higher;
151 int i, n, required_octets;
153 /* find out how much ba ranges will be decoded */
156 required_octets = 5 * (n >> 1) + 3 * (n & 1);
157 if (required_octets > ba_len) {
158 LOGP(DRR, LOGL_NOTICE, "BA range IE too short: %d ranges "
159 "require %d octets, but only %d octets remain.\n",
160 n, required_octets, ba_len);
165 LOGP(DRR, LOGL_NOTICE, "BA range %d exceed the maximum number "
166 "of ranges supported by this mobile (%d).\n",
171 for (i = 0; i < n; i++) {
173 /* decode even range number */
176 higher = (*ba++ & 0x3f) << 4;
179 lower = (*ba++ & 0x0f) << 6;
181 higher = (*ba++ & 0x03) << 8;
183 /* decode odd range number */
185 *range++ = (higher << 16) | lower;
196 const char *gsm48_rr_state_names[] = {
198 "connection pending",
203 static void new_rr_state(struct gsm48_rrlayer *rr, int state)
205 if (state < 0 || state >=
206 (sizeof(gsm48_rr_state_names) / sizeof(char *)))
209 LOGP(DRR, LOGL_INFO, "new state %s -> %s\n",
210 gsm48_rr_state_names[rr->state], gsm48_rr_state_names[state]);
214 if (state == GSM48_RR_ST_IDLE) {
215 struct msgb *msg, *nmsg;
217 /* release dedicated mode, if any */
218 // tx_ph_dm_rel_req(rr->ms);
219 l1ctl_tx_reset_req(rr->ms, L1CTL_RES_T_FULL);
220 /* free establish message, if any */
222 if (rr->rr_est_msg) {
223 msgb_free(rr->rr_est_msg);
224 rr->rr_est_msg = NULL;
226 /* free all pending messages */
227 while((msg = msgb_dequeue(&rr->downqueue)))
229 /* clear all descriptions of last channel */
230 memset(&rr->cd_now, 0, sizeof(rr->cd_now));
233 /* tell cell selection process to return to idle mode
234 * NOTE: this must be sent unbuffered, because it will
235 * leave camping state, so it locks against subsequent
236 * establishment of dedicated channel, before the
237 * cell selection process returned to camping state
238 * again. (after cell reselection)
240 nmsg = gsm322_msgb_alloc(GSM322_EVENT_RET_IDLE);
243 gsm322_c_event(rr->ms, nmsg);
245 /* reset any BA range */
254 /* names of RR-SAP */
255 static const struct value_string gsm48_rr_msg_names[] = {
256 { GSM48_RR_EST_REQ, "RR_EST_REQ" },
257 { GSM48_RR_EST_IND, "RR_EST_IND" },
258 { GSM48_RR_EST_CNF, "RR_EST_CNF" },
259 { GSM48_RR_REL_IND, "RR_REL_IND" },
260 { GSM48_RR_SYNC_IND, "RR_SYNC_IND" },
261 { GSM48_RR_DATA_REQ, "RR_DATA_REQ" },
262 { GSM48_RR_DATA_IND, "RR_DATA_IND" },
263 { GSM48_RR_UNIT_DATA_IND, "RR_UNIT_DATA_IND" },
264 { GSM48_RR_ABORT_REQ, "RR_ABORT_REQ" },
265 { GSM48_RR_ABORT_IND, "RR_ABORT_IND" },
266 { GSM48_RR_ACT_REQ, "RR_ACT_REQ" },
270 const char *get_rr_name(int value)
272 return get_value_string(gsm48_rr_msg_names, value);
275 /* allocate GSM 04.08 layer 3 message */
276 struct msgb *gsm48_l3_msgb_alloc(void)
280 msg = msgb_alloc_headroom(L3_ALLOC_SIZE+L3_ALLOC_HEADROOM,
281 L3_ALLOC_HEADROOM, "GSM 04.08 L3");
284 msg->l3h = msg->data;
289 /* allocate GSM 04.08 message (RR-SAP) */
290 struct msgb *gsm48_rr_msgb_alloc(int msg_type)
293 struct gsm48_rr_hdr *rrh;
295 msg = msgb_alloc_headroom(RR_ALLOC_SIZE+RR_ALLOC_HEADROOM,
296 RR_ALLOC_HEADROOM, "GSM 04.08 RR");
300 rrh = (struct gsm48_rr_hdr *) msgb_put(msg, sizeof(*rrh));
301 rrh->msg_type = msg_type;
306 /* queue message (RR-SAP) */
307 int gsm48_rr_upmsg(struct osmocom_ms *ms, struct msgb *msg)
309 struct gsm48_mmlayer *mm = &ms->mmlayer;
311 msgb_enqueue(&mm->rr_upqueue, msg);
316 /* push rsl header and send (RSL-SAP) */
317 static int gsm48_send_rsl(struct osmocom_ms *ms, uint8_t msg_type,
320 struct gsm48_rrlayer *rr = &ms->rrlayer;
326 rsl_rll_push_l3(msg, msg_type, rr->cd_now.chan_nr,
327 rr->cd_now.link_id, 1);
329 return rslms_recvmsg(msg, ms);
332 /* enqueue messages (RSL-SAP) */
333 static int gsm48_rx_rll(struct msgb *msg, struct osmocom_ms *ms)
335 struct gsm48_rrlayer *rr = &ms->rrlayer;
337 msgb_enqueue(&rr->rsl_upqueue, msg);
342 /* input function that L2 calls when sending messages up to L3 */
343 static int gsm48_rx_rsl(struct msgb *msg, struct osmocom_ms *ms)
345 struct abis_rsl_common_hdr *rslh = msgb_l2(msg);
348 switch (rslh->msg_discr & 0xfe) {
349 case ABIS_RSL_MDISC_RLL:
350 rc = gsm48_rx_rll(msg, ms);
353 /* FIXME: implement this */
354 LOGP(DRSL, LOGL_NOTICE, "unknown RSLms msg_discr 0x%02x\n",
364 /* dequeue messages (RSL-SAP) */
365 int gsm48_rsl_dequeue(struct osmocom_ms *ms)
367 struct gsm48_rrlayer *rr = &ms->rrlayer;
371 while ((msg = msgb_dequeue(&rr->rsl_upqueue))) {
372 /* msg is freed there */
373 gsm48_rcv_rsl(ms, msg);
374 work = 1; /* work done */
384 /* special timer to ensure that UA is sent before disconnecting channel */
385 static void timeout_rr_t_rel_wait(void *arg)
387 struct gsm48_rrlayer *rr = arg;
389 LOGP(DRR, LOGL_INFO, "L2 release timer has fired, done waiting\n");
391 /* return to idle now */
392 new_rr_state(rr, GSM48_RR_ST_IDLE);
395 /* 3.4.13.1.1: Timeout of T3110 */
396 static void timeout_rr_t3110(void *arg)
398 struct gsm48_rrlayer *rr = arg;
399 struct osmocom_ms *ms = rr->ms;
403 LOGP(DRR, LOGL_INFO, "timer T3110 has fired, release locally\n");
405 new_rr_state(rr, GSM48_RR_ST_REL_PEND);
407 /* disconnect the main signalling link */
408 nmsg = gsm48_l3_msgb_alloc();
411 mode = msgb_put(nmsg, 2);
412 mode[0] = RSL_IE_RELEASE_MODE;
413 mode[1] = 1; /* local release */
414 gsm48_send_rsl(ms, RSL_MT_REL_REQ, nmsg);
419 static void timeout_rr_t3122(void *arg)
421 LOGP(DRR, LOGL_INFO, "timer T3122 has fired\n");
424 static void timeout_rr_t3126(void *arg)
426 struct gsm48_rrlayer *rr = arg;
427 struct osmocom_ms *ms = rr->ms;
429 LOGP(DRR, LOGL_INFO, "timer T3126 has fired\n");
430 if (rr->rr_est_req) {
431 struct msgb *msg = gsm48_rr_msgb_alloc(GSM48_RR_REL_IND);
432 struct gsm48_rr_hdr *rrh;
434 LOGP(DSUM, LOGL_INFO, "Requesting channel failed\n");
437 rrh = (struct gsm48_rr_hdr *)msg->data;
438 rrh->cause = RR_REL_CAUSE_RA_FAILURE;
439 gsm48_rr_upmsg(ms, msg);
442 new_rr_state(rr, GSM48_RR_ST_IDLE);
445 static void start_rr_t_rel_wait(struct gsm48_rrlayer *rr, int sec, int micro)
447 LOGP(DRR, LOGL_INFO, "starting T_rel_wait with %d seconds\n", sec);
448 rr->t_rel_wait.cb = timeout_rr_t_rel_wait;
449 rr->t_rel_wait.data = rr;
450 bsc_schedule_timer(&rr->t_rel_wait, sec, micro);
453 static void start_rr_t3110(struct gsm48_rrlayer *rr, int sec, int micro)
455 LOGP(DRR, LOGL_INFO, "starting T3110 with %d seconds\n", sec);
456 rr->t3110.cb = timeout_rr_t3110;
458 bsc_schedule_timer(&rr->t3110, sec, micro);
461 static void start_rr_t3122(struct gsm48_rrlayer *rr, int sec, int micro)
463 LOGP(DRR, LOGL_INFO, "starting T3122 with %d seconds\n", sec);
464 rr->t3122.cb = timeout_rr_t3122;
466 bsc_schedule_timer(&rr->t3122, sec, micro);
469 static void start_rr_t3126(struct gsm48_rrlayer *rr, int sec, int micro)
471 LOGP(DRR, LOGL_INFO, "starting T3126 with %d seconds\n", sec);
472 rr->t3126.cb = timeout_rr_t3126;
474 bsc_schedule_timer(&rr->t3126, sec, micro);
477 static void stop_rr_t_rel_wait(struct gsm48_rrlayer *rr)
479 if (bsc_timer_pending(&rr->t_rel_wait)) {
480 LOGP(DRR, LOGL_INFO, "stopping pending timer T_rel_wait\n");
481 bsc_del_timer(&rr->t_rel_wait);
485 static void stop_rr_t3110(struct gsm48_rrlayer *rr)
487 if (bsc_timer_pending(&rr->t3110)) {
488 LOGP(DRR, LOGL_INFO, "stopping pending timer T3110\n");
489 bsc_del_timer(&rr->t3110);
493 static void stop_rr_t3122(struct gsm48_rrlayer *rr)
495 if (bsc_timer_pending(&rr->t3122)) {
496 LOGP(DRR, LOGL_INFO, "stopping pending timer T3122\n");
497 bsc_del_timer(&rr->t3122);
501 static void stop_rr_t3126(struct gsm48_rrlayer *rr)
503 if (bsc_timer_pending(&rr->t3126)) {
504 LOGP(DRR, LOGL_INFO, "stopping pending timer T3126\n");
505 bsc_del_timer(&rr->t3126);
513 /* send rr status request */
514 static int gsm48_rr_tx_rr_status(struct osmocom_ms *ms, uint8_t cause)
517 struct gsm48_hdr *gh;
518 struct gsm48_rr_status *st;
520 LOGP(DRR, LOGL_INFO, "RR STATUS (cause #%d)\n", cause);
522 nmsg = gsm48_l3_msgb_alloc();
525 gh = (struct gsm48_hdr *) msgb_put(nmsg, sizeof(*gh));
526 st = (struct gsm48_rr_status *) msgb_put(nmsg, sizeof(*st));
528 gh->proto_discr = GSM48_PDISC_RR;
529 gh->msg_type = GSM48_MT_RR_CIPH_M_COMPL;
532 st->rr_cause = cause;
534 return gsm48_send_rsl(ms, RSL_MT_DATA_REQ, nmsg);
541 /* send chiperhing mode complete */
542 static int gsm48_rr_tx_cip_mode_cpl(struct osmocom_ms *ms, uint8_t cr)
544 struct gsm_settings *set = &ms->settings;
546 struct gsm48_hdr *gh;
547 uint8_t buf[11], *tlv;
549 LOGP(DRR, LOGL_INFO, "CIPHERING MODE COMPLETE (cr %d)\n", cr);
551 nmsg = gsm48_l3_msgb_alloc();
554 gh = (struct gsm48_hdr *) msgb_put(nmsg, sizeof(*gh));
556 gh->proto_discr = GSM48_PDISC_RR;
557 gh->msg_type = GSM48_MT_RR_CIPH_M_COMPL;
561 gsm48_generate_mid_from_imsi(buf, set->imeisv);
562 tlv = msgb_put(nmsg, 2 + buf[1]);
563 memcpy(tlv, buf, 2 + buf[1]);
566 return gsm48_send_rsl(ms, RSL_MT_DATA_REQ, nmsg);
569 /* receive ciphering mode command */
570 static int gsm48_rr_rx_cip_mode_cmd(struct osmocom_ms *ms, struct msgb *msg)
572 struct gsm48_rrlayer *rr = &ms->rrlayer;
573 struct gsm_support *sup = &ms->support;
574 struct gsm48_hdr *gh = msgb_l3(msg);
575 struct gsm48_cip_mode_cmd *cm = (struct gsm48_cip_mode_cmd *)gh->data;
576 int payload_len = msgb_l3len(msg) - sizeof(*gh) - sizeof(*cm);
577 uint8_t sc, alg_id, cr;
579 if (payload_len < 0) {
580 LOGP(DRR, LOGL_NOTICE, "Short read of CIPHERING MODE COMMAND "
582 return gsm48_rr_tx_rr_status(ms,
583 GSM48_RR_CAUSE_PROT_ERROR_UNSPC);
586 /* cipher mode setting */
589 /* cipher mode response */
593 LOGP(DRR, LOGL_INFO, "CIPHERING MODE COMMAND (sc=%u, cr=%u)",
596 LOGP(DRR, LOGL_INFO, "CIPHERING MODE COMMAND (sc=%u, "
597 "algo=A5/%d cr=%u)", sc, alg_id + 1, cr);
600 if (rr->cipher_on && sc) {
601 LOGP(DRR, LOGL_INFO, "cipering already applied.\n");
602 return gsm48_rr_tx_rr_status(ms,
603 GSM48_RR_CAUSE_PROT_ERROR_UNSPC);
606 /* check if we actually support this cipher */
607 if ((alg_id == GSM_CIPHER_A5_1 && !sup->a5_1)
608 || (alg_id == GSM_CIPHER_A5_2 && !sup->a5_2)
609 || (alg_id == GSM_CIPHER_A5_3 && !sup->a5_3)
610 || (alg_id == GSM_CIPHER_A5_4 && !sup->a5_4)
611 || (alg_id == GSM_CIPHER_A5_5 && !sup->a5_5)
612 || (alg_id == GSM_CIPHER_A5_6 && !sup->a5_6)
613 || (alg_id == GSM_CIPHER_A5_7 && !sup->a5_7))
614 return gsm48_rr_tx_rr_status(ms,
615 GSM48_RR_CAUSE_CHAN_MODE_UNACCT);
617 /* change to ciphering */
619 rsl command to activate ciperhing
621 rr->cipher_on = sc, rr->cipher_type = alg_id;
624 return gsm48_rr_tx_cip_mode_cpl(ms, cr);
631 /* Encode "Classmark 3" (10.5.1.7) */
632 static int gsm48_rr_enc_cm3(struct osmocom_ms *ms, uint8_t *buf, uint8_t *len)
634 struct gsm_support *sup = &ms->support;
637 memset(&bv, 0, sizeof(bv));
642 bitvec_set_bit(&bv, 0);
643 /* band 3 supported */
645 bitvec_set_bit(&bv, ONE);
647 bitvec_set_bit(&bv, ZERO);
648 /* band 2 supported */
649 if (sup->e_gsm || sup->r_gsm)
650 bitvec_set_bit(&bv, ONE);
652 bitvec_set_bit(&bv, ZERO);
653 /* band 1 supported */
654 if (sup->p_gsm && !(sup->e_gsm || sup->r_gsm))
655 bitvec_set_bit(&bv, ONE);
657 bitvec_set_bit(&bv, ZERO);
660 bitvec_set_bit(&bv, ONE);
662 bitvec_set_bit(&bv, ZERO);
664 bitvec_set_bit(&bv, ONE);
666 bitvec_set_bit(&bv, ZERO);
668 bitvec_set_bit(&bv, ONE);
670 bitvec_set_bit(&bv, ZERO);
672 bitvec_set_bit(&bv, ONE);
674 bitvec_set_bit(&bv, ZERO);
675 /* radio capability */
676 if (sup->dcs_1800 && !sup->p_gsm && !(sup->e_gsm || sup->r_gsm)) {
678 bitvec_set_uint(&bv, 0, 4);
679 bitvec_set_uint(&bv, sup->dcs_capa, 4);
681 if (sup->dcs_1800 && (sup->p_gsm || (sup->e_gsm || sup->r_gsm))) {
683 bitvec_set_uint(&bv, sup->dcs_capa, 4);
685 bitvec_set_uint(&bv, sup->low_capa, 4);
688 bitvec_set_uint(&bv, 0, 4);
689 bitvec_set_uint(&bv, sup->low_capa, 4);
693 bitvec_set_bit(&bv, ONE);
694 bitvec_set_uint(&bv, sup->r_capa, 3);
696 bitvec_set_bit(&bv, ZERO);
698 /* multi slot support */
700 bitvec_set_bit(&bv, ONE);
701 bitvec_set_uint(&bv, sup->ms_sup, 5);
703 bitvec_set_bit(&bv, ZERO);
706 if (sup->ucs2_treat) {
707 bitvec_set_bit(&bv, ONE);
709 bitvec_set_bit(&bv, ZERO);
711 /* support extended measurements */
713 bitvec_set_bit(&bv, ONE);
715 bitvec_set_bit(&bv, ZERO);
717 /* support measurement capability */
719 bitvec_set_bit(&bv, ONE);
720 bitvec_set_uint(&bv, sup->sms_val, 4);
721 bitvec_set_uint(&bv, sup->sm_val, 4);
723 bitvec_set_bit(&bv, ZERO);
725 /* positioning method capability */
727 bitvec_set_bit(&bv, ONE);
728 bitvec_set_bit(&bv, sup->e_otd_ass == 1);
729 bitvec_set_bit(&bv, sup->e_otd_based == 1);
730 bitvec_set_bit(&bv, sup->gps_ass == 1);
731 bitvec_set_bit(&bv, sup->gps_based == 1);
732 bitvec_set_bit(&bv, sup->gps_conv == 1);
734 bitvec_set_bit(&bv, ZERO);
737 /* partitial bytes will be completed */
738 *len = (bv.cur_bit + 7) >> 3;
739 bitvec_spare_padding(&bv, (*len * 8) - 1);
744 /* encode classmark 2 */
745 int gsm48_rr_enc_cm2(struct osmocom_ms *ms, struct gsm48_classmark2 *cm)
747 struct gsm48_rrlayer *rr = &ms->rrlayer;
748 struct gsm_support *sup = &ms->support;
750 if (rr->cd_now.arfcn >= 512 && rr->cd_now.arfcn <= 885)
751 cm->pwr_lev = sup->pwr_lev_1800;
753 cm->pwr_lev = sup->pwr_lev_900;
754 cm->a5_1 = sup->a5_1;
755 cm->es_ind = sup->es_ind;
756 cm->rev_lev = sup->rev_lev;
757 cm->fc = (sup->r_gsm || sup->e_gsm);
758 cm->vgcs = sup->vgcs;
760 cm->sm_cap = sup->sms_ptp;
761 cm->ss_scr = sup->ss_ind;
762 cm->ps_cap = sup->ps_cap;
763 cm->a5_2 = sup->a5_2;
764 cm->a5_3 = sup->a5_3;
765 cm->cmsp = sup->cmsp;
766 cm->solsa = sup->solsa;
767 cm->lcsva_cap = sup->lcsva;
772 /* send classmark change */
773 static int gsm48_rr_tx_cm_change(struct osmocom_ms *ms)
775 struct gsm_support *sup = &ms->support;
777 struct gsm48_hdr *gh;
778 struct gsm48_cm_change *cc;
779 uint8_t cm3[14], *tlv;
781 LOGP(DRR, LOGL_INFO, "CLASSMARK CHANGE\n");
783 nmsg = gsm48_l3_msgb_alloc();
786 gh = (struct gsm48_hdr *) msgb_put(nmsg, sizeof(*gh));
787 cc = (struct gsm48_cm_change *) msgb_put(nmsg, sizeof(*cc));
789 gh->proto_discr = GSM48_PDISC_RR;
790 gh->msg_type = GSM48_MT_RR_CLSM_CHG;
793 cc->cm2_len = sizeof(cc->cm2);
794 gsm48_rr_enc_cm2(ms, &cc->cm2);
797 if (sup->dcs_1800 || sup->e_gsm || sup->r_gsm
798 || sup->a5_7 || sup->a5_6 || sup->a5_5 || sup->a5_4
801 || sup->ext_meas || sup->meas_cap
804 cm3[0] = GSM48_IE_CLASSMARK3;
805 gsm48_rr_enc_cm3(ms, cm3 + 2, &cm3[1]);
806 tlv = msgb_put(nmsg, 2 + cm3[1]);
807 memcpy(tlv, cm3, 2 + cm3[1]);
810 return gsm48_send_rsl(ms, RSL_MT_DATA_REQ, nmsg);
813 /* receiving classmark enquiry */
814 static int gsm48_rr_rx_cm_enq(struct osmocom_ms *ms, struct msgb *msg)
817 return gsm48_rr_tx_cm_change(ms);
824 /* temporary timer until we have time control over channnel request */
825 /* TODO: turn this into a channel activation timeout, later */
826 #define RSL_MT_CHAN_CNF 0x19
827 #include <osmocom/l1ctl.h>
828 static void temp_rach_to(void *arg)
830 struct gsm48_rrlayer *rr = arg;
831 struct osmocom_ms *ms = rr->ms;
832 struct msgb *msg = msgb_alloc_headroom(23+10, 10, "LAPDm RR");
833 struct abis_rsl_rll_hdr *rllh = (struct abis_rsl_rll_hdr *) msgb_put(msg, sizeof(*rllh));
835 rllh->c.msg_type = RSL_MT_CHAN_CNF;
836 msg->l2h = (unsigned char *)rllh;
837 gsm48_rcv_rsl(ms, msg);
842 int gsm48_rr_rach_conf(struct osmocom_ms *ms, uint32_t fn)
844 struct gsm48_rrlayer *rr = &ms->rrlayer;
846 LOGP(DRR, LOGL_INFO, "RACH confirm framenr=%u\n", fn);
847 rr->cr_hist[0].valid = 2;
848 rr->cr_hist[0].fn = fn;
853 /* start random access */
854 static int gsm48_rr_chan_req(struct osmocom_ms *ms, int cause, int paging)
856 struct gsm48_rrlayer *rr = &ms->rrlayer;
857 struct gsm322_cellsel *cs = &ms->cellsel;
858 struct gsm48_sysinfo *s = cs->si;
860 struct gsm48_rr_hdr *nrrh;
861 uint8_t chan_req_val, chan_req_mask;
864 LOGP(DSUM, LOGL_INFO, "Establish radio link due to %s request\n",
865 (paging) ? "paging" : "mobility management");
867 /* ignore paging, if not camping */
869 && (!cs->selected || (cs->state != GSM322_C3_CAMPED_NORMALLY
870 && cs->state != GSM322_C7_CAMPED_ANY_CELL))) {
871 LOGP(DRR, LOGL_INFO, "Paging, but not camping, ignore.\n");
875 /* tell cell selection process to leave idle mode
876 * NOTE: this must be sent unbuffered, because the state may not
877 * change until idle mode is left
879 nmsg = gsm322_msgb_alloc(GSM322_EVENT_LEAVE_IDLE);
882 rc = gsm322_c_event(ms, nmsg);
887 LOGP(DRR, LOGL_INFO, "Failed to leave IDLE mode.\n");
892 new_rr_state(rr, GSM48_RR_ST_CONN_PEND);
894 /* number of retransmissions (with first transmission) */
895 rr->n_chan_req = s->max_retrans + 1;
897 #warning HACK: always request SDCCH for test
898 cause = RR_EST_CAUSE_LOC_UPD;
899 /* generate CHAN REQ (9.1.8) */
901 case RR_EST_CAUSE_EMERGENCY:
903 chan_req_mask = 0x1f;
905 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x (Emergency call)\n",
908 case RR_EST_CAUSE_REESTAB_TCH_F:
909 chan_req_mask = 0x1f;
911 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x (re-establish "
912 "TCH/F)\n", chan_req_val);
914 case RR_EST_CAUSE_REESTAB_TCH_H:
916 chan_req_mask = 0x03;
918 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x "
919 "(re-establish TCH/H with NECI)\n",
922 chan_req_mask = 0x1f;
924 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x "
925 "(re-establish TCH/H no NECI)\n", chan_req_val);
928 case RR_EST_CAUSE_REESTAB_2_TCH_H:
930 chan_req_mask = 0x03;
932 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x "
933 "(re-establish TCH/H+TCH/H with NECI)\n",
936 chan_req_mask = 0x1f;
938 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x "
939 "(re-establish TCH/H+TCH/H no NECI)\n",
943 case RR_EST_CAUSE_ANS_PAG_ANY:
944 chan_req_mask = 0x1f;
946 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x (PAGING "
947 "Any channel)\n", chan_req_val);
949 case RR_EST_CAUSE_ANS_PAG_SDCCH:
950 chan_req_mask = 0x0f;
952 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x (PAGING SDCCH)\n",
955 case RR_EST_CAUSE_ANS_PAG_TCH_F:
956 /* ms supports no dual rate */
957 chan_req_mask = 0x1f;
959 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x (PAGING TCH/F)\n",
962 case RR_EST_CAUSE_ANS_PAG_TCH_ANY:
963 /* ms supports no dual rate */
964 chan_req_mask = 0x1f;
966 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x (PAGING TCH/H or "
967 "TCH/F)\n", chan_req_val);
969 case RR_EST_CAUSE_ORIG_TCHF:
970 /* ms supports no dual rate */
971 chan_req_mask = 0x1f;
973 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x (Orig TCH/F)\n",
976 case RR_EST_CAUSE_LOC_UPD:
978 chan_req_mask = 0x0f;
980 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x (Location "
981 "Update with NECI)\n", chan_req_val);
983 chan_req_mask = 0x1f;
985 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x (Location "
986 "Update no NECI)\n", chan_req_val);
989 case RR_EST_CAUSE_OTHER_SDCCH:
991 chan_req_mask = 0x0f;
993 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x (OHTER "
994 "with NECI)\n", chan_req_val);
996 chan_req_mask = 0x1f;
998 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x (OTHER "
999 "no NECI)\n", chan_req_val);
1003 if (!rr->rr_est_req) /* no request from MM */
1006 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: with unknown "
1007 "establishment cause: %d\n", cause);
1009 LOGP(DSUM, LOGL_INFO, "Requesting channel failed\n");
1011 nmsg = gsm48_rr_msgb_alloc(GSM48_RR_REL_IND);
1014 nrrh = (struct gsm48_rr_hdr *)nmsg->data;
1015 nrrh->cause = RR_REL_CAUSE_UNDEFINED;
1016 gsm48_rr_upmsg(ms, nmsg);
1017 new_rr_state(rr, GSM48_RR_ST_IDLE);
1021 // TODO: turn this into the channel activation timer
1022 rr->temp_rach_ti.cb = temp_rach_to;
1023 rr->temp_rach_ti.data = rr;
1024 bsc_schedule_timer(&rr->temp_rach_ti, ms->support.sync_to, 0);
1026 /* store value, mask and history */
1027 rr->chan_req_val = chan_req_val;
1028 rr->chan_req_mask = chan_req_mask;
1029 rr->cr_hist[2].valid = 0;
1030 rr->cr_hist[1].valid = 0;
1031 rr->cr_hist[0].valid = 0;
1033 /* if channel is already active somehow */
1034 if (cs->ccch_state == GSM322_CCCH_ST_DATA)
1035 return gsm48_rr_tx_rand_acc(ms, NULL);
1040 /* send first/next channel request in conn pend state */
1041 int gsm48_rr_tx_rand_acc(struct osmocom_ms *ms, struct msgb *msg)
1043 struct gsm48_rrlayer *rr = &ms->rrlayer;
1044 struct gsm322_cellsel *cs = &ms->cellsel;
1045 struct gsm48_sysinfo *s = &ms->cellsel.sel_si;
1047 struct l1ctl_info_ul *nul;
1048 struct l1ctl_rach_req *nra;
1052 if (cs->ccch_state != GSM322_CCCH_ST_DATA) {
1053 LOGP(DRR, LOGL_INFO, "CCCH channel activation failed.\n");
1055 if (rr->rr_est_req) {
1057 gsm48_rr_msgb_alloc(GSM48_RR_REL_IND);
1058 struct gsm48_rr_hdr *rrh;
1060 LOGP(DSUM, LOGL_INFO, "Requesting channel failed\n");
1063 rrh = (struct gsm48_rr_hdr *)msg->data;
1064 rrh->cause = RR_REL_CAUSE_RA_FAILURE;
1065 gsm48_rr_upmsg(ms, msg);
1068 new_rr_state(rr, GSM48_RR_ST_IDLE);
1073 if (rr->state == GSM48_RR_ST_IDLE) {
1074 LOGP(DRR, LOGL_INFO, "MM already released RR.\n");
1079 LOGP(DRR, LOGL_INFO, "RANDOM ACCESS (requests left %d)\n",
1082 if (!rr->n_chan_req) {
1083 LOGP(DRR, LOGL_INFO, "Done with sending RANDOM ACCESS "
1085 if (!bsc_timer_pending(&rr->t3126))
1086 start_rr_t3126(rr, 5, 0); /* TODO improve! */
1091 if (!rr->wait_assign) {
1092 /* first random acces, without delay of slots */
1094 rr->wait_assign = 1;
1096 /* subsequent random acces, with slots from table 3.1 */
1097 switch(s->tx_integer) {
1098 case 3: case 8: case 14: case 50:
1099 if (s->ccch_conf != 1) /* not combined CCCH */
1103 case 4: case 9: case 16:
1104 if (s->ccch_conf != 1)
1108 case 5: case 10: case 20:
1109 if (s->ccch_conf != 1)
1113 case 6: case 11: case 25:
1114 if (s->ccch_conf != 1)
1119 if (s->ccch_conf != 1)
1126 /* resend chan_req with new randiom */
1128 nmsg = gsm48_rsl_msgb_alloc();
1130 nmsg = msgb_alloc_headroom(64, 48, "RAND_ACC");
1131 struct l1ctl_hdr *l1h;
1132 nmsg->l1h = msgb_put(nmsg, sizeof(*l1h));
1133 l1h = (struct l1ctl_hdr *) nmsg->l1h;
1134 l1h->msg_type = L1CTL_RACH_REQ;
1137 nul = (struct l1ctl_info_ul *) msgb_put(nmsg, sizeof(*nul));
1139 nra = (struct l1ctl_rach_req *) msgb_put(nmsg, sizeof(*nra));
1140 chan_req = random();
1141 chan_req &= rr->chan_req_mask;
1142 chan_req |= rr->chan_req_val;
1145 at this point we require chan req to be sent at a given delay
1146 also we require a confirm from radio part
1147 nra->delay = (random() % s->tx_integer) + slots;
1149 LOGP(DRR, LOGL_INFO, "RANDOM ACCESS (ra 0x%02x delay %d)\n", nra->ra,
1152 rr->temp_rach_ti.cb = temp_rach_to;
1153 rr->temp_rach_ti.data = rr;
1154 bsc_schedule_timer(&rr->temp_rach_ti, 0, 900000);
1156 LOGP(DRR, LOGL_INFO, "RANDOM ACCESS (ra 0x%02x)\n", nra->ra);
1159 /* shift history and store */
1160 memcpy(&(rr->cr_hist[2]), &(rr->cr_hist[1]),
1161 sizeof(struct gsm48_cr_hist));
1162 memcpy(&(rr->cr_hist[1]), &(rr->cr_hist[0]),
1163 sizeof(struct gsm48_cr_hist));
1164 rr->cr_hist[0].valid = 1;
1165 rr->cr_hist[0].chan_req = chan_req;
1168 add layer 1 conrols to RSL...
1169 return gsm48_send_rsl(ms, RSL_MT_CHAN_REQ, nmsg);
1171 //#warning disabled!
1172 return osmo_send_l1(ms, nmsg);
1177 * system information
1180 /* decode "Cell Channel Description" (10.5.2.1b) and other frequency lists */
1181 static int gsm48_decode_freq_list(struct gsm_support *sup,
1182 struct gsm_sysinfo_freq *f, uint8_t *cd, uint8_t len, uint8_t mask,
1189 * The Range format uses "SMOD" computation.
1190 * e.g. "n SMOD m" equals "((n - 1) % m) + 1"
1191 * A cascade of multiple SMOD computations is simpified:
1192 * "(n SMOD m) SMOD o" equals "(((n - 1) % m) % o) + 1"
1194 * The Range format uses 16 octets of data in SYSTEM INFORMATION.
1195 * When used in dedicated messages, the length can be less.
1196 * In this case the ranges are decoded for all frequencies that
1197 * fit in the block of given length.
1201 for (i = 0; i < 1024; i++)
1205 if ((cd[0] & 0xc0 & mask) == 0x00) {
1206 /* Bit map 0 format */
1209 for (i = 1; i <= 124; i++)
1210 if ((cd[15 - ((i-1) >> 3)] & (1 << ((i-1) & 7))))
1216 /* only Bit map 0 format for P-GSM */
1217 if (sup->p_gsm && !sup->e_gsm && !sup->r_gsm && !sup->dcs_1800)
1221 if ((cd[0] & 0xc8 & mask) == 0x80) {
1222 /* Range 1024 format */
1223 uint16_t w[17]; /* 1..16 */
1224 struct gsm48_range_1024 *r = (struct gsm48_range_1024 *)cd;
1228 memset(w, 0, sizeof(w));
1231 w[1] = (r->w1_hi << 8) | r->w1_lo;
1233 w[2] = (r->w2_hi << 1) | r->w2_lo;
1235 w[3] = (r->w3_hi << 2) | r->w3_lo;
1237 w[4] = (r->w4_hi << 2) | r->w4_lo;
1239 w[5] = (r->w5_hi << 2) | r->w5_lo;
1241 w[6] = (r->w6_hi << 2) | r->w6_lo;
1243 w[7] = (r->w7_hi << 2) | r->w7_lo;
1245 w[8] = (r->w8_hi << 1) | r->w8_lo;
1251 w[11] = (r->w11_hi << 6) | r->w11_lo;
1253 w[12] = (r->w12_hi << 5) | r->w12_lo;
1255 w[13] = (r->w13_hi << 4) | r->w13_lo;
1257 w[14] = (r->w14_hi << 3) | r->w14_lo;
1259 w[15] = (r->w15_hi << 2) | r->w15_lo;
1263 f[w[1]].mask |= frqt;
1265 f[((w[1] - 512 + w[2] - 1) % 1023) + 1].mask |= frqt;
1267 f[((w[1] + w[3] - 1) % 1023) + 1].mask |= frqt;
1269 f[((w[1] - 512 + ((w[2] - 256 + w[4] - 1) % 511)) % 1023) + 1].mask |= frqt;
1271 f[((w[1] + ((w[3] - 256 - w[5] - 1) % 511)) % 1023) + 1].mask |= frqt;
1273 f[((w[1] - 512 + ((w[2] + w[6] - 1) % 511)) % 1023) + 1].mask |= frqt;
1275 f[((w[1] + ((w[3] + w[7] - 1) % 511)) % 1023) + 1].mask |= frqt;
1277 f[((w[1] - 512 + ((w[2] - 256 + ((w[4] - 128 + w[8] - 1) % 255)) % 511)) % 1023) + 1].mask |= frqt;
1279 f[((w[1] + ((w[3] - 256 + ((w[5] - 128 + w[9] - 1) % 255)) % 511)) % 1023) + 1].mask |= frqt;
1281 f[((w[1] - 512 + ((w[2] + ((w[6] - 128 + w[10] - 1) % 255)) % 511)) % 1023) + 1].mask |= frqt;
1283 f[((w[1] + ((w[3] + ((w[7] - 128 + w[11] - 1) % 255)) % 511)) % 1023) + 1].mask |= frqt;
1285 f[((w[1] - 512 + ((w[2] - 256 + ((w[4] + w[12] - 1) % 255)) % 511)) % 1023) + 1].mask |= frqt;
1287 f[((w[1] + ((w[3] - 256 + ((w[5] + w[13] - 1) % 255)) % 511)) % 1023) + 1].mask |= frqt;
1289 f[((w[1] - 512 + ((w[2] + ((w[6] + w[14] - 1) % 255)) % 511)) % 1023) + 1].mask |= frqt;
1291 f[((w[1] + ((w[3] + ((w[7] + w[15] - 1) % 255)) % 511)) % 1023) + 1].mask |= frqt;
1293 f[((w[1] - 512 + ((w[2] - 256 + ((w[4] - 128 + ((w[8] - 64 + w[16] - 1) % 127)) % 255)) % 511)) % 1023) + 1].mask |= frqt;
1298 if ((cd[0] & 0xce & mask) == 0x88) {
1299 /* Range 512 format */
1300 uint16_t w[18]; /* 1..17 */
1301 struct gsm48_range_512 *r = (struct gsm48_range_512 *)cd;
1305 memset(w, 0, sizeof(w));
1306 w[0] = (r->orig_arfcn_hi << 9) | (r->orig_arfcn_mid << 1) | r->orig_arfcn_lo;
1307 w[1] = (r->w1_hi << 2) | r->w1_lo;
1309 w[2] = (r->w2_hi << 2) | r->w2_lo;
1311 w[3] = (r->w3_hi << 2) | r->w3_lo;
1313 w[4] = (r->w4_hi << 1) | r->w4_lo;
1319 w[7] = (r->w7_hi << 6) | r->w7_lo;
1321 w[8] = (r->w8_hi << 4) | r->w8_lo;
1323 w[9] = (r->w9_hi << 2) | r->w9_lo;
1329 w[12] = (r->w12_hi << 4) | r->w12_lo;
1331 w[13] = (r->w13_hi << 2) | r->w13_lo;
1337 w[16] = (r->w16_hi << 3) | r->w16_lo;
1340 f[w[0]].mask |= frqt;
1342 f[(w[0] + w[1]) % 1024].mask |= frqt;
1344 f[(w[0] + ((w[1] - 256 + w[2] - 1) % 511) + 1) % 1024].mask |= frqt;
1346 f[(w[0] + ((w[1] + w[3] - 1) % 511) + 1) % 1024].mask |= frqt;
1348 f[(w[0] + ((w[1] - 256 + ((w[2] - 128 + w[4] - 1) % 255)) % 511) + 1) % 1024].mask |= frqt;
1350 f[(w[0] + ((w[1] + ((w[3] - 128 + w[5] - 1) % 255)) % 511) + 1) % 1024].mask |= frqt;
1352 f[(w[0] + ((w[1] - 256 + ((w[2] + w[6] - 1) % 255)) % 511) + 1) % 1024].mask |= frqt;
1354 f[(w[0] + ((w[1] + ((w[3] + w[7] - 1) % 255)) % 511) + 1) % 1024].mask |= frqt;
1356 f[(w[0] + ((w[1] - 256 + ((w[2] - 128 + ((w[4] - 64 + w[8] - 1) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
1358 f[(w[0] + ((w[1] + ((w[3] - 128 + ((w[5] - 64 + w[9] - 1) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
1360 f[(w[0] + ((w[1] - 256 + ((w[2] + ((w[6] - 64 + w[10] - 1) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
1362 f[(w[0] + ((w[1] + ((w[3] + ((w[7] - 64 + w[11] - 1) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
1364 f[(w[0] + ((w[1] - 256 + ((w[2] - 128 + ((w[4] + w[12] - 1) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
1366 f[(w[0] + ((w[1] + ((w[3] - 128 + ((w[5] + w[13] - 1) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
1368 f[(w[0] + ((w[1] - 256 + ((w[2] + ((w[6] + w[14] - 1) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
1370 f[(w[0] + ((w[1] + ((w[3] + ((w[7] + w[15] - 1) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
1372 f[(w[0] + ((w[1] - 256 + ((w[2] - 128 + ((w[4] - 64 + ((w[8] - 32 + w[16] - 1) % 63)) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
1374 f[(w[0] + ((w[1] + ((w[3] - 128 + ((w[5] - 64 + ((w[9] - 32 + w[17] - 1) % 63)) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
1379 if ((cd[0] & 0xce & mask) == 0x8a) {
1380 /* Range 256 format */
1381 uint16_t w[22]; /* 1..21 */
1382 struct gsm48_range_256 *r = (struct gsm48_range_256 *)cd;
1386 memset(w, 0, sizeof(w));
1387 w[0] = (r->orig_arfcn_hi << 9) | (r->orig_arfcn_mid << 1) | r->orig_arfcn_lo;
1388 w[1] = (r->w1_hi << 1) | r->w1_lo;
1394 w[4] = (r->w4_hi << 5) | r->w4_lo;
1396 w[5] = (r->w5_hi << 3) | r->w5_lo;
1398 w[6] = (r->w6_hi << 1) | r->w6_lo;
1402 w[8] = (r->w8_hi << 4) | r->w8_lo;
1404 w[9] = (r->w9_hi << 1) | r->w9_lo;
1408 w[11] = (r->w11_hi << 3) | r->w11_lo;
1416 w[15] = (r->w14_hi << 2) | r->w14_lo;
1418 w[16] = (r->w16_hi << 3) | r->w16_lo;
1424 w[19] = (r->w18_hi << 3) | r->w18_lo;
1426 w[20] = (r->w20_hi << 3) | r->w20_lo;
1429 f[w[0]].mask |= frqt;
1431 f[(w[0] + w[1]) % 1024].mask |= frqt;
1433 f[(w[0] + ((w[1] - 128 + w[2] - 1) % 255) + 1) % 1024].mask |= frqt;
1435 f[(w[0] + ((w[1] + w[3] - 1) % 255) + 1) % 1024].mask |= frqt;
1437 f[(w[0] + ((w[1] - 128 + ((w[2] - 64 + w[4] - 1) % 127)) % 255) + 1) % 1024].mask |= frqt;
1439 f[(w[0] + ((w[1] + ((w[3] - 64 + w[5] - 1) % 127)) % 255) + 1) % 1024].mask |= frqt;
1441 f[(w[0] + ((w[1] - 128 + ((w[2] + w[6] - 1) % 127)) % 255) + 1) % 1024].mask |= frqt;
1443 f[(w[0] + ((w[1] + ((w[3] + w[7] - 1) % 127)) % 255) + 1) % 1024].mask |= frqt;
1445 f[(w[0] + ((w[1] - 128 + ((w[2] - 64 + ((w[4] - 32 + w[8] - 1) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1447 f[(w[0] + ((w[1] + ((w[3] - 64 + ((w[5] - 32 + w[9] - 1) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1449 f[(w[0] + ((w[1] - 128 + ((w[2] + ((w[6] - 32 + w[10] - 1) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1451 f[(w[0] + ((w[1] + ((w[3] + ((w[7] - 32 + w[11] - 1) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1453 f[(w[0] + ((w[1] - 128 + ((w[2] - 64 + ((w[4] + w[12] - 1) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1455 f[(w[0] + ((w[1] + ((w[3] - 64 + ((w[5] + w[13] - 1) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1457 f[(w[0] + ((w[1] - 128 + ((w[2] + ((w[6] + w[14] - 1) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1459 f[(w[0] + ((w[1] + ((w[3] + ((w[7] + w[15] - 1) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1461 f[(w[0] + ((w[1] - 128 + ((w[2] - 64 + ((w[4] - 32 + ((w[8] - 16 + w[16] - 1) % 31)) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1463 f[(w[0] + ((w[1] + ((w[3] - 64 + ((w[5] - 32 + ((w[9] - 16 + w[17] - 1) % 31)) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1465 f[(w[0] + ((w[1] - 128 + ((w[2] + ((w[6] - 32 + ((w[10] - 16 + w[18] - 1) % 31)) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1467 f[(w[0] + ((w[1] + ((w[3] + ((w[7] - 32 + ((w[11] - 16 + w[19] - 1) % 31)) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1469 f[(w[0] + ((w[1] - 128 + ((w[2] - 64 + ((w[4] + ((w[12] - 16 + w[20] - 1) % 31)) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1471 f[(w[0] + ((w[1] + ((w[3] - 64 + ((w[5] + ((w[13] - 16 + w[21] - 1) % 31)) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1476 if ((cd[0] & 0xce & mask) == 0x8c) {
1477 /* Range 128 format */
1478 uint16_t w[29]; /* 1..28 */
1479 struct gsm48_range_128 *r = (struct gsm48_range_128 *)cd;
1483 memset(w, 0, sizeof(w));
1484 w[0] = (r->orig_arfcn_hi << 9) | (r->orig_arfcn_mid << 1) | r->orig_arfcn_lo;
1489 w[3] = (r->w3_hi << 4) | r->w3_lo;
1491 w[4] = (r->w4_hi << 1) | r->w4_lo;
1495 w[6] = (r->w6_hi << 3) | r->w6_lo;
1519 w[18] = (r->w18_hi << 1) | r->w18_lo;
1525 w[21] = (r->w21_hi << 2) | r->w21_lo;
1535 w[26] = (r->w26_hi << 1) | r->w26_lo;
1540 f[w[0]].mask |= frqt;
1542 f[(w[0] + w[1]) % 1024].mask |= frqt;
1544 f[(w[0] + ((w[1] - 64 + w[2] - 1) % 127) + 1) % 1024].mask |= frqt;
1546 f[(w[0] + ((w[1] + w[3] - 1) % 127) + 1) % 1024].mask |= frqt;
1548 f[(w[0] + ((w[1] - 64 + ((w[2] - 32 + w[4] - 1) % 63)) % 127) + 1) % 1024].mask |= frqt;
1550 f[(w[0] + ((w[1] + ((w[3] - 32 + w[5] - 1) % 63)) % 127) + 1) % 1024].mask |= frqt;
1552 f[(w[0] + ((w[1] - 64 + ((w[2] + w[6] - 1) % 63)) % 127) + 1) % 1024].mask |= frqt;
1554 f[(w[0] + ((w[1] + ((w[3] + w[7] - 1) % 63)) % 127) + 1) % 1024].mask |= frqt;
1556 f[(w[0] + ((w[1] - 64 + ((w[2] - 32 + ((w[4] - 16 + w[8] - 1) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1558 f[(w[0] + ((w[1] + ((w[3] - 32 + ((w[5] - 16 + w[9] - 1) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1560 f[(w[0] + ((w[1] - 64 + ((w[2] + ((w[6] - 16 + w[10] - 1) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1562 f[(w[0] + ((w[1] + ((w[3] + ((w[7] - 16 + w[11] - 1) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1564 f[(w[0] + ((w[1] - 64 + ((w[2] - 32 + ((w[4] + w[12] - 1) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1566 f[(w[0] + ((w[1] + ((w[3] - 32 + ((w[5] + w[13] - 1) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1568 f[(w[0] + ((w[1] - 64 + ((w[2] + ((w[6] + w[14] - 1) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1570 f[(w[0] + ((w[1] + ((w[3] + ((w[7] + w[15] - 1) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1572 f[(w[0] + ((w[1] - 64 + ((w[2] - 32 + ((w[4] - 16 + ((w[8] - 8 + w[16] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1574 f[(w[0] + ((w[1] + ((w[3] - 32 + ((w[5] - 16 + ((w[9] - 8 + w[17] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1576 f[(w[0] + ((w[1] - 64 + ((w[2] + ((w[6] - 16 + ((w[10] - 8 + w[18] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1578 f[(w[0] + ((w[1] + ((w[3] + ((w[7] - 16 + ((w[11] - 8 + w[19] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1580 f[(w[0] + ((w[1] - 64 + ((w[2] - 32 + ((w[4] + ((w[12] - 8 + w[20] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1582 f[(w[0] + ((w[1] + ((w[3] - 32 + ((w[5] + ((w[13] - 8 + w[21] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1584 f[(w[0] + ((w[1] - 64 + ((w[2] + ((w[6] + ((w[14] - 8 + w[22] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1586 f[(w[0] + ((w[1] + ((w[3] + ((w[7] + ((w[15] - 8 + w[23] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1588 f[(w[0] + ((w[1] - 64 + ((w[2] - 32 + ((w[4] - 16 + ((w[8] + w[24] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1590 f[(w[0] + ((w[1] + ((w[3] - 32 + ((w[5] - 16 + ((w[9] + w[25] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1592 f[(w[0] + ((w[1] - 64 + ((w[2] + ((w[6] - 16 + ((w[10] + w[26] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1594 f[(w[0] + ((w[1] + ((w[3] + ((w[7] - 16 + ((w[11] + w[27] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1596 f[(w[0] + ((w[1] - 64 + ((w[2] - 32 + ((w[4] + ((w[12] + w[28] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1601 if ((cd[0] & 0xce & mask) == 0x8e) {
1602 /* Variable bitmap format (can be any length >= 3) */
1604 struct gsm48_var_bit *r = (struct gsm48_var_bit *)cd;
1608 orig = (r->orig_arfcn_hi << 9) | (r->orig_arfcn_mid << 1) | r->orig_arfcn_lo;
1609 f[orig].mask |= frqt;
1610 for (i = 1; 2 + (i >> 3) < len; i++)
1611 if ((cd[2 + (i >> 3)] & (0x80 >> (i & 7))))
1612 f[(orig + i) % 1024].mask |= frqt;
1620 /* decode "Cell Selection Parameters" (10.5.2.4) */
1621 static int gsm48_decode_cell_sel_param(struct gsm48_sysinfo *s,
1622 struct gsm48_cell_sel_par *cs)
1625 convert ms_txpwr_max_ccch dependant on the current frequenc and support
1626 to the right powe level
1628 s->ms_txpwr_max_ccch = cs->ms_txpwr_max_ccch;
1629 s->cell_resel_hyst_db = cs->cell_resel_hyst * 2;
1630 s->rxlev_acc_min_db = cs->rxlev_acc_min - 110;
1637 /* decode "Cell Options (BCCH)" (10.5.2.3) */
1638 static int gsm48_decode_cellopt_bcch(struct gsm48_sysinfo *s,
1639 struct gsm48_cell_options *co)
1641 s->bcch_radio_link_timeout = (co->radio_link_timeout + 1) * 4;
1642 s->bcch_dtx = co->dtx;
1643 s->bcch_pwrc = co->pwrc;
1648 /* decode "Cell Options (SACCH)" (10.5.2.3a) */
1649 static int gsm48_decode_cellopt_sacch(struct gsm48_sysinfo *s,
1650 struct gsm48_cell_options *co)
1652 s->sacch_radio_link_timeout = (co->radio_link_timeout + 1) * 4;
1653 s->sacch_dtx = co->dtx;
1654 s->sacch_pwrc = co->pwrc;
1659 /* decode "Control Channel Description" (10.5.2.11) */
1660 static int gsm48_decode_ccd(struct gsm48_sysinfo *s,
1661 struct gsm48_control_channel_descr *cc)
1663 s->ccch_conf = cc->ccch_conf;
1664 s->bs_ag_blks_res = cc->bs_ag_blks_res;
1665 s->att_allowed = cc->att;
1666 s->pag_mf_periods = cc->bs_pa_mfrms + 2;
1667 s->t3212 = cc->t3212 * 360; /* convert deci-hours to seconds */
1672 /* decode "Mobile Allocation" (10.5.2.21) */
1673 static int gsm48_decode_mobile_alloc(struct gsm48_sysinfo *s,
1674 uint8_t *ma, uint8_t len)
1677 uint16_t f[len << 3];
1679 /* not more than 64 hopping indexes allowed in IE */
1685 for (i = 0; i < 1024; i++)
1686 s->freq[i].mask &= ~FREQ_TYPE_HOPP;
1688 /* generating list of all frequencies (1..1023,0) */
1689 for (i = 1; i <= 1024; i++) {
1690 if ((s->freq[i & 1023].mask & FREQ_TYPE_SERV)) {
1692 if (j == (len << 3))
1697 /* fill hopping table with frequency index given by IE
1698 * and set hopping type bits
1700 for (i = 0; i < (len << 3); i++) {
1701 /* if bit is set, this frequency index is used for hopping */
1702 if ((ma[len - 1 - (i >> 3)] & (1 << (i & 7)))) {
1703 /* index higher than entries in list ? */
1705 LOGP(DRR, LOGL_NOTICE, "Mobile Allocation "
1706 "hopping index %d exceeds maximum "
1707 "number of cell frequencies. (%d)\n",
1711 s->hopping[s->hopp_len++] = f[i];
1712 s->freq[f[i]].mask |= FREQ_TYPE_HOPP;
1719 /* Rach Control decode tables */
1720 static uint8_t gsm48_max_retrans[4] = {
1723 static uint8_t gsm48_tx_integer[16] = {
1724 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 16, 20, 25, 32, 50
1727 /* decode "RACH Control Parameter" (10.5.2.29) */
1728 static int gsm48_decode_rach_ctl_param(struct gsm48_sysinfo *s,
1729 struct gsm48_rach_control *rc)
1731 s->reest_denied = rc->re;
1732 s->cell_barr = rc->cell_bar;
1733 s->tx_integer = gsm48_tx_integer[rc->tx_integer];
1734 s->max_retrans = gsm48_max_retrans[rc->max_trans];
1735 s->class_barr = (rc->t2 << 8) | rc->t3;
1739 static int gsm48_decode_rach_ctl_neigh(struct gsm48_sysinfo *s,
1740 struct gsm48_rach_control *rc)
1742 s->nb_reest_denied = rc->re;
1743 s->nb_cell_barr = rc->cell_bar;
1744 s->nb_tx_integer = gsm48_tx_integer[rc->tx_integer];
1745 s->nb_max_retrans = gsm48_max_retrans[rc->max_trans];
1746 s->nb_class_barr = (rc->t2 << 8) | rc->t3;
1751 /* decode "SI 1 Rest Octets" (10.5.2.32) */
1752 static int gsm48_decode_si1_rest(struct gsm48_sysinfo *s, uint8_t *si,
1758 /* decode "SI 3 Rest Octets" (10.5.2.34) */
1759 static int gsm48_decode_si3_rest(struct gsm48_sysinfo *s, uint8_t *si,
1764 memset(&bv, 0, sizeof(bv));
1768 /* Optional Selection Parameters */
1769 if (bitvec_get_bit_high(&bv) == H) {
1771 s->sp_cbq = bitvec_get_uint(&bv, 1);
1772 s->sp_cro = bitvec_get_uint(&bv, 6);
1773 s->sp_to = bitvec_get_uint(&bv, 3);
1774 s->sp_pt = bitvec_get_uint(&bv, 5);
1776 /* Optional Power Offset */
1777 if (bitvec_get_bit_high(&bv) == H) {
1779 s->po_value = bitvec_get_uint(&bv, 3);
1781 /* System Onformation 2ter Indicator */
1782 if (bitvec_get_bit_high(&bv) == H)
1784 /* Early Classark Sending Control */
1785 if (bitvec_get_bit_high(&bv) == H)
1787 /* Scheduling if and where */
1788 if (bitvec_get_bit_high(&bv) == H) {
1790 s->sched_where = bitvec_get_uint(&bv, 3);
1792 /* GPRS Indicator */
1793 s->gi_ra_colour = bitvec_get_uint(&bv, 3);
1794 s->gi_si13_pos = bitvec_get_uint(&bv, 1);
1798 /* decode "SI 4 Rest Octets" (10.5.2.35) */
1799 static int gsm48_decode_si4_rest(struct gsm48_sysinfo *s, uint8_t *si,
1805 /* decode "SI 6 Rest Octets" (10.5.2.35a) */
1806 static int gsm48_decode_si6_rest(struct gsm48_sysinfo *s, uint8_t *si,
1812 /* send sysinfo event to other layers */
1813 static int gsm48_send_sysinfo(struct osmocom_ms *ms, uint8_t type)
1816 struct gsm322_msg *em;
1818 nmsg = gsm322_msgb_alloc(GSM322_EVENT_SYSINFO);
1821 em = (struct gsm322_msg *) nmsg->data;
1823 gsm322_cs_sendmsg(ms, nmsg);
1825 /* send timer info to location update process */
1826 nmsg = gsm48_mmevent_msgb_alloc(GSM48_MM_EVENT_SYSINFO);
1829 gsm48_mmevent_msg(ms, nmsg);
1834 /* receive "SYSTEM INFORMATION 1" message (9.1.31) */
1835 static int gsm48_rr_rx_sysinfo1(struct osmocom_ms *ms, struct msgb *msg)
1837 struct gsm48_system_information_type_1 *si = msgb_l3(msg);
1838 struct gsm48_sysinfo *s = ms->cellsel.si;
1839 int payload_len = msgb_l3len(msg) - sizeof(*si);
1842 LOGP(DRR, LOGL_INFO, "No cell selected, SYSTEM INFORMATION 1 "
1847 if (payload_len < 0) {
1848 LOGP(DRR, LOGL_NOTICE, "Short read of SYSTEM INFORMATION 1 "
1853 if (!memcmp(si, s->si1_msg, MIN(msgb_l3len(msg), sizeof(s->si1_msg))))
1855 memcpy(s->si1_msg, si, MIN(msgb_l3len(msg), sizeof(s->si1_msg)));
1857 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 1\n");
1859 /* Cell Channel Description */
1860 gsm48_decode_freq_list(&ms->support, s->freq,
1861 si->cell_channel_description,
1862 sizeof(si->cell_channel_description), 0xce, FREQ_TYPE_SERV);
1863 /* RACH Control Parameter */
1864 gsm48_decode_rach_ctl_param(s, &si->rach_control);
1865 /* SI 1 Rest Octets */
1867 gsm48_decode_si1_rest(s, si->rest_octets, payload_len);
1871 return gsm48_send_sysinfo(ms, si->header.system_information);
1874 /* receive "SYSTEM INFORMATION 2" message (9.1.32) */
1875 static int gsm48_rr_rx_sysinfo2(struct osmocom_ms *ms, struct msgb *msg)
1877 struct gsm48_system_information_type_2 *si = msgb_l3(msg);
1878 struct gsm48_sysinfo *s = ms->cellsel.si;
1879 int payload_len = msgb_l3len(msg) - sizeof(*si);
1882 LOGP(DRR, LOGL_INFO, "No cell selected, SYSTEM INFORMATION 2 "
1887 if (payload_len < 0) {
1888 LOGP(DRR, LOGL_NOTICE, "Short read of SYSTEM INFORMATION 2 "
1892 //printf("len = %d\n", MIN(msgb_l3len(msg), sizeof(s->si2_msg)));
1894 if (!memcmp(si, s->si2_msg, MIN(msgb_l3len(msg), sizeof(s->si2_msg))))
1896 memcpy(s->si2_msg, si, MIN(msgb_l3len(msg), sizeof(s->si2_msg)));
1898 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 2\n");
1900 /* Neighbor Cell Description */
1901 s->nb_ext_ind_si2 = (si->bcch_frequency_list[0] >> 6) & 1;
1902 s->nb_ba_ind_si2 = (si->bcch_frequency_list[0] >> 5) & 1;
1903 gsm48_decode_freq_list(&ms->support, s->freq, si->bcch_frequency_list,
1904 sizeof(si->bcch_frequency_list), 0xce, FREQ_TYPE_NCELL_2);
1906 s->nb_ncc_permitted = si->ncc_permitted;
1907 /* RACH Control Parameter */
1908 gsm48_decode_rach_ctl_neigh(s, &si->rach_control);
1912 return gsm48_send_sysinfo(ms, si->header.system_information);
1915 /* receive "SYSTEM INFORMATION 2bis" message (9.1.33) */
1916 static int gsm48_rr_rx_sysinfo2bis(struct osmocom_ms *ms, struct msgb *msg)
1918 struct gsm48_system_information_type_2bis *si = msgb_l3(msg);
1919 struct gsm48_sysinfo *s = ms->cellsel.si;
1920 int payload_len = msgb_l3len(msg) - sizeof(*si);
1923 LOGP(DRR, LOGL_INFO, "No cell selected, SYSTEM INFORMATION 2bis"
1928 if (payload_len < 0) {
1929 LOGP(DRR, LOGL_NOTICE, "Short read of SYSTEM INFORMATION 2bis "
1934 if (!memcmp(si, s->si2b_msg, MIN(msgb_l3len(msg),
1935 sizeof(s->si2b_msg))))
1937 memcpy(s->si2b_msg, si, MIN(msgb_l3len(msg), sizeof(s->si2b_msg)));
1939 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 2bis\n");
1941 /* Neighbor Cell Description */
1942 s->nb_ext_ind_si2bis = (si->bcch_frequency_list[0] >> 6) & 1;
1943 s->nb_ba_ind_si2bis = (si->bcch_frequency_list[0] >> 5) & 1;
1944 gsm48_decode_freq_list(&ms->support, s->freq,
1945 si->bcch_frequency_list,
1946 sizeof(si->bcch_frequency_list), 0x8e,
1947 FREQ_TYPE_NCELL_2bis);
1948 /* RACH Control Parameter */
1949 gsm48_decode_rach_ctl_neigh(s, &si->rach_control);
1953 return gsm48_send_sysinfo(ms, si->header.system_information);
1956 /* receive "SYSTEM INFORMATION 2ter" message (9.1.34) */
1957 static int gsm48_rr_rx_sysinfo2ter(struct osmocom_ms *ms, struct msgb *msg)
1959 struct gsm48_system_information_type_2ter *si = msgb_l3(msg);
1960 struct gsm48_sysinfo *s = ms->cellsel.si;
1961 int payload_len = msgb_l3len(msg) - sizeof(*si);
1964 LOGP(DRR, LOGL_INFO, "No cell selected, SYSTEM INFORMATION 2ter"
1969 if (payload_len < 0) {
1970 LOGP(DRR, LOGL_NOTICE, "Short read of SYSTEM INFORMATION 2ter "
1975 if (!memcmp(si, s->si2t_msg, MIN(msgb_l3len(msg),
1976 sizeof(s->si2t_msg))))
1978 memcpy(s->si2t_msg, si, MIN(msgb_l3len(msg), sizeof(s->si2t_msg)));
1980 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 2ter\n");
1982 /* Neighbor Cell Description 2 */
1983 s->nb_multi_rep_si2ter = (si->ext_bcch_frequency_list[0] >> 6) & 3;
1984 gsm48_decode_freq_list(&ms->support, s->freq,
1985 si->ext_bcch_frequency_list,
1986 sizeof(si->ext_bcch_frequency_list), 0x8e,
1987 FREQ_TYPE_NCELL_2ter);
1991 return gsm48_send_sysinfo(ms, si->header.system_information);
1994 /* receive "SYSTEM INFORMATION 3" message (9.1.35) */
1995 static int gsm48_rr_rx_sysinfo3(struct osmocom_ms *ms, struct msgb *msg)
1997 struct gsm48_system_information_type_3 *si = msgb_l3(msg);
1998 struct gsm48_sysinfo *s = ms->cellsel.si;
1999 int payload_len = msgb_l3len(msg) - sizeof(*si);
2002 LOGP(DRR, LOGL_INFO, "No cell selected, SYSTEM INFORMATION 3 "
2007 if (payload_len < 0) {
2008 LOGP(DRR, LOGL_NOTICE, "Short read of SYSTEM INFORMATION 3 "
2013 if (!memcmp(si, s->si3_msg, MIN(msgb_l3len(msg), sizeof(s->si3_msg))))
2015 memcpy(s->si3_msg, si, MIN(msgb_l3len(msg), sizeof(s->si3_msg)));
2018 s->cell_id = ntohs(si->cell_identity);
2020 gsm48_decode_lai(&si->lai, &s->mcc, &s->mnc, &s->lac);
2021 /* Control Channel Description */
2022 gsm48_decode_ccd(s, &si->control_channel_desc);
2023 /* Cell Options (BCCH) */
2024 gsm48_decode_cellopt_bcch(s, &si->cell_options);
2025 /* Cell Selection Parameters */
2026 gsm48_decode_cell_sel_param(s, &si->cell_sel_par);
2027 /* RACH Control Parameter */
2028 gsm48_decode_rach_ctl_param(s, &si->rach_control);
2029 /* SI 3 Rest Octets */
2030 if (payload_len >= 4)
2031 gsm48_decode_si3_rest(s, si->rest_octets, payload_len);
2033 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 3 (mcc %s mnc %s "
2034 "lac 0x%04x)\n", gsm_print_mcc(s->mcc),
2035 gsm_print_mnc(s->mnc), s->lac);
2039 return gsm48_send_sysinfo(ms, si->header.system_information);
2042 /* receive "SYSTEM INFORMATION 4" message (9.1.36) */
2043 static int gsm48_rr_rx_sysinfo4(struct osmocom_ms *ms, struct msgb *msg)
2045 /* NOTE: pseudo length is not in this structure, so we skip */
2046 struct gsm48_system_information_type_4 *si = msgb_l3(msg);
2047 struct gsm48_sysinfo *s = ms->cellsel.si;
2048 int payload_len = msgb_l3len(msg) - sizeof(*si);
2049 uint8_t *data = si->data;
2050 struct gsm48_chan_desc *cd;
2053 LOGP(DRR, LOGL_INFO, "No cell selected, SYSTEM INFORMATION 4 "
2058 if (payload_len < 0) {
2060 LOGP(DRR, LOGL_NOTICE, "Short read of SYSTEM INFORMATION 4 "
2065 if (!memcmp(si, s->si4_msg, MIN(msgb_l3len(msg), sizeof(s->si4_msg))))
2067 memcpy(s->si4_msg, si, MIN(msgb_l3len(msg), sizeof(s->si4_msg)));
2070 gsm48_decode_lai(&si->lai, &s->mcc, &s->mnc, &s->lac);
2071 /* Cell Selection Parameters */
2072 gsm48_decode_cell_sel_param(s, &si->cell_sel_par);
2073 /* RACH Control Parameter */
2074 gsm48_decode_rach_ctl_param(s, &si->rach_control);
2075 /* CBCH Channel Description */
2076 if (payload_len >= 1 && data[0] == GSM48_IE_CBCH_CHAN_DESC) {
2077 if (payload_len < 4)
2079 cd = (struct gsm48_chan_desc *) (data + 1);
2082 gsm48_decode_chan_h1(cd, &s->tsc, &s->maio, &s->hsn);
2085 gsm48_decode_chan_h0(cd, &s->tsc, &s->arfcn);
2090 /* CBCH Mobile Allocation */
2091 if (payload_len >= 1 && data[0] == GSM48_IE_CBCH_MOB_AL) {
2092 if (payload_len < 1 || payload_len < 2 + data[1])
2094 gsm48_decode_mobile_alloc(s, data + 2, si->data[1]);
2095 payload_len -= 2 + data[1];
2096 data += 2 + data[1];
2098 /* SI 4 Rest Octets */
2099 if (payload_len > 0)
2100 gsm48_decode_si4_rest(s, data, payload_len);
2102 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 4 (mcc %s mnc %s "
2103 "lac 0x%04x)\n", gsm_print_mcc(s->mcc),
2104 gsm_print_mnc(s->mnc), s->lac);
2108 return gsm48_send_sysinfo(ms, si->header.system_information);
2111 /* receive "SYSTEM INFORMATION 5" message (9.1.37) */
2112 static int gsm48_rr_rx_sysinfo5(struct osmocom_ms *ms, struct msgb *msg)
2114 /* NOTE: pseudo length is not in this structure, so we skip */
2115 struct gsm48_system_information_type_5 *si = msgb_l3(msg) + 1;
2116 struct gsm48_sysinfo *s = ms->cellsel.si;
2117 int payload_len = msgb_l3len(msg) - sizeof(*si) - 1;
2120 LOGP(DRR, LOGL_INFO, "No cell selected, SYSTEM INFORMATION 5 "
2125 if (payload_len < 0) {
2126 LOGP(DRR, LOGL_NOTICE, "Short read of SYSTEM INFORMATION 5 "
2131 if (!memcmp(si, s->si5_msg, MIN(msgb_l3len(msg), sizeof(s->si5_msg))))
2133 memcpy(s->si5_msg, si, MIN(msgb_l3len(msg), sizeof(s->si5_msg)));
2135 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 5\n");
2137 /* Neighbor Cell Description */
2138 s->nb_ext_ind_si5 = (si->bcch_frequency_list[0] >> 6) & 1;
2139 s->nb_ba_ind_si5 = (si->bcch_frequency_list[0] >> 5) & 1;
2140 gsm48_decode_freq_list(&ms->support, s->freq, si->bcch_frequency_list,
2141 sizeof(si->bcch_frequency_list), 0xce, FREQ_TYPE_REP_5);
2145 return gsm48_send_sysinfo(ms, si->system_information);
2148 /* receive "SYSTEM INFORMATION 5bis" message (9.1.38) */
2149 static int gsm48_rr_rx_sysinfo5bis(struct osmocom_ms *ms, struct msgb *msg)
2151 /* NOTE: pseudo length is not in this structure, so we skip */
2152 struct gsm48_system_information_type_5bis *si = msgb_l3(msg) + 1;
2153 struct gsm48_sysinfo *s = ms->cellsel.si;
2154 int payload_len = msgb_l3len(msg) - sizeof(*si) - 1;
2157 LOGP(DRR, LOGL_INFO, "No cell selected, SYSTEM INFORMATION 5bis"
2162 if (payload_len < 0) {
2163 LOGP(DRR, LOGL_NOTICE, "Short read of SYSTEM INFORMATION 5bis "
2168 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 5bis\n");
2170 if (!memcmp(si, s->si5b_msg, MIN(msgb_l3len(msg),
2171 sizeof(s->si5b_msg))))
2173 memcpy(s->si5b_msg, si, MIN(msgb_l3len(msg), sizeof(s->si5b_msg)));
2175 /* Neighbor Cell Description */
2176 s->nb_ext_ind_si5bis = (si->bcch_frequency_list[0] >> 6) & 1;
2177 s->nb_ba_ind_si5bis = (si->bcch_frequency_list[0] >> 5) & 1;
2178 gsm48_decode_freq_list(&ms->support, s->freq, si->bcch_frequency_list,
2179 sizeof(si->bcch_frequency_list), 0xce, FREQ_TYPE_REP_5bis);
2183 return gsm48_send_sysinfo(ms, si->system_information);
2186 /* receive "SYSTEM INFORMATION 5ter" message (9.1.39) */
2187 static int gsm48_rr_rx_sysinfo5ter(struct osmocom_ms *ms, struct msgb *msg)
2189 /* NOTE: pseudo length is not in this structure, so we skip */
2190 struct gsm48_system_information_type_5ter *si = msgb_l3(msg) + 1;
2191 struct gsm48_sysinfo *s = ms->cellsel.si;
2192 int payload_len = msgb_l3len(msg) - sizeof(*si) - 1;
2195 LOGP(DRR, LOGL_INFO, "No cell selected, SYSTEM INFORMATION 5ter"
2200 if (payload_len < 0) {
2201 LOGP(DRR, LOGL_NOTICE, "Short read of SYSTEM INFORMATION 5ter "
2206 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 5ter\n");
2208 if (!memcmp(si, s->si5t_msg, MIN(msgb_l3len(msg),
2209 sizeof(s->si5t_msg))))
2211 memcpy(s->si5t_msg, si, MIN(msgb_l3len(msg), sizeof(s->si5t_msg)));
2213 /* Neighbor Cell Description */
2214 gsm48_decode_freq_list(&ms->support, s->freq, si->bcch_frequency_list,
2215 sizeof(si->bcch_frequency_list), 0xce, FREQ_TYPE_REP_5ter);
2219 return gsm48_send_sysinfo(ms, si->system_information);
2222 /* receive "SYSTEM INFORMATION 6" message (9.1.39) */
2223 static int gsm48_rr_rx_sysinfo6(struct osmocom_ms *ms, struct msgb *msg)
2225 /* NOTE: pseudo length is not in this structure, so we skip */
2226 struct gsm48_system_information_type_6 *si = msgb_l3(msg) + 1;
2227 struct gsm48_sysinfo *s = ms->cellsel.si;
2228 int payload_len = msgb_l3len(msg) - sizeof(*si) - 1;
2231 LOGP(DRR, LOGL_INFO, "No cell selected, SYSTEM INFORMATION 6 "
2236 if (payload_len < 0) {
2237 LOGP(DRR, LOGL_NOTICE, "Short read of SYSTEM INFORMATION 6 "
2242 if (!memcmp(si, s->si6_msg, MIN(msgb_l3len(msg), sizeof(s->si6_msg))))
2244 memcpy(s->si6_msg, si, MIN(msgb_l3len(msg), sizeof(s->si6_msg)));
2247 if (s->si6 && s->cell_id != ntohs(si->cell_identity))
2248 LOGP(DRR, LOGL_INFO, "Cell ID on SI 6 differs from previous "
2250 s->cell_id = ntohs(si->cell_identity);
2252 gsm48_decode_lai(&si->lai, &s->mcc, &s->mnc, &s->lac);
2253 /* Cell Options (SACCH) */
2254 gsm48_decode_cellopt_sacch(s, &si->cell_options);
2256 s->nb_ncc_permitted = si->ncc_permitted;
2257 /* SI 6 Rest Octets */
2258 if (payload_len >= 4)
2259 gsm48_decode_si6_rest(s, si->rest_octets, payload_len);
2261 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 6 (mcc %s mnc %s "
2262 "lac 0x%04x)\n", gsm_print_mcc(s->mcc),
2263 gsm_print_mnc(s->mnc), s->lac);
2267 return gsm48_send_sysinfo(ms, si->system_information);
2274 /* paging channel request */
2275 static int gsm48_rr_chan2cause[4] = {
2276 RR_EST_CAUSE_ANS_PAG_ANY,
2277 RR_EST_CAUSE_ANS_PAG_SDCCH,
2278 RR_EST_CAUSE_ANS_PAG_TCH_F,
2279 RR_EST_CAUSE_ANS_PAG_TCH_ANY
2282 /* given LV of mobile identity is checked agains ms */
2283 static int gsm_match_mi(struct osmocom_ms *ms, uint8_t *mi)
2291 mi_type = mi[1] & GSM_MI_TYPE_MASK;
2293 case GSM_MI_TYPE_TMSI:
2296 memcpy(&tmsi, mi+2, 4);
2297 if (ms->subscr.tmsi == ntohl(tmsi)
2298 && ms->subscr.tmsi_valid) {
2299 LOGP(DPAG, LOGL_INFO, "TMSI %08x matches\n",
2304 LOGP(DPAG, LOGL_INFO, "TMSI %08x (not for us)\n",
2307 case GSM_MI_TYPE_IMSI:
2308 gsm48_mi_to_string(imsi, sizeof(imsi), mi + 1, mi[0]);
2309 if (!strcmp(imsi, ms->subscr.imsi)) {
2310 LOGP(DPAG, LOGL_INFO, "IMSI %s matches\n", imsi);
2314 LOGP(DPAG, LOGL_INFO, "IMSI %s (not for us)\n", imsi);
2317 LOGP(DPAG, LOGL_NOTICE, "Paging with unsupported MI type %d.\n",
2324 /* 9.1.22 PAGING REQUEST 1 message received */
2325 static int gsm48_rr_rx_pag_req_1(struct osmocom_ms *ms, struct msgb *msg)
2327 struct gsm48_rrlayer *rr = &ms->rrlayer;
2328 struct gsm322_cellsel *cs = &ms->cellsel;
2329 struct gsm48_paging1 *pa = msgb_l3(msg);
2330 int payload_len = msgb_l3len(msg) - sizeof(*pa);
2334 /* empty paging request */
2335 if (payload_len >= 2 && (pa->data[1] & GSM_MI_TYPE_MASK) == 0)
2338 /* 3.3.1.1.2: ignore paging while not camping on a cell */
2339 if (rr->state != GSM48_RR_ST_IDLE || !cs->selected
2340 || (cs->state != GSM322_C3_CAMPED_NORMALLY
2341 && cs->state != GSM322_C7_CAMPED_ANY_CELL)) {
2342 LOGP(DRR, LOGL_INFO, "PAGING ignored, we are not camping.\n");
2346 LOGP(DPAG, LOGL_INFO, "PAGING REQUEST 1\n");
2348 if (payload_len < 2) {
2350 LOGP(DRR, LOGL_NOTICE, "Short read of PAGING REQUEST 1 "
2356 /* channel needed */
2357 chan_1 = pa->cneed1;
2358 chan_2 = pa->cneed2;
2361 if (payload_len < mi[0] + 1)
2363 if (gsm_match_mi(ms, mi) > 0)
2364 return gsm48_rr_chan_req(ms, gsm48_rr_chan2cause[chan_1], 1);
2366 payload_len -= mi[0] + 1;
2367 mi = pa->data + mi[0] + 1;
2368 if (payload_len < 2)
2370 if (mi[0] != GSM48_IE_MOBILE_ID)
2372 if (payload_len < mi[1] + 2)
2374 if (gsm_match_mi(ms, mi + 1) > 0)
2375 return gsm48_rr_chan_req(ms, gsm48_rr_chan2cause[chan_2], 1);
2380 /* 9.1.23 PAGING REQUEST 2 message received */
2381 static int gsm48_rr_rx_pag_req_2(struct osmocom_ms *ms, struct msgb *msg)
2383 struct gsm48_rrlayer *rr = &ms->rrlayer;
2384 struct gsm322_cellsel *cs = &ms->cellsel;
2385 struct gsm48_paging2 *pa = msgb_l3(msg);
2386 int payload_len = msgb_l3len(msg) - sizeof(*pa);
2388 int chan_1, chan_2, chan_3;
2390 /* 3.3.1.1.2: ignore paging while not camping on a cell */
2391 if (rr->state != GSM48_RR_ST_IDLE || !cs->selected
2392 || (cs->state != GSM322_C3_CAMPED_NORMALLY
2393 && cs->state != GSM322_C7_CAMPED_ANY_CELL)) {
2394 LOGP(DRR, LOGL_INFO, "PAGING ignored, we are not camping.\n");
2398 LOGP(DPAG, LOGL_INFO, "PAGING REQUEST 2\n");
2400 if (payload_len < 0) {
2402 LOGP(DRR, LOGL_NOTICE, "Short read of PAGING REQUEST 2 "
2408 /* channel needed */
2409 chan_1 = pa->cneed1;
2410 chan_2 = pa->cneed2;
2412 if (ms->subscr.tmsi == ntohl(pa->tmsi1)
2413 && ms->subscr.tmsi_valid) {
2414 LOGP(DPAG, LOGL_INFO, "TMSI %08x matches\n", ntohl(pa->tmsi1));
2415 return gsm48_rr_chan_req(ms, gsm48_rr_chan2cause[chan_1], 1);
2417 LOGP(DPAG, LOGL_INFO, "TMSI %08x (not for us)\n",
2420 if (ms->subscr.tmsi == ntohl(pa->tmsi2)
2421 && ms->subscr.tmsi_valid) {
2422 LOGP(DPAG, LOGL_INFO, "TMSI %08x matches\n", ntohl(pa->tmsi2));
2423 return gsm48_rr_chan_req(ms, gsm48_rr_chan2cause[chan_2], 1);
2425 LOGP(DPAG, LOGL_INFO, "TMSI %08x (not for us)\n",
2429 if (payload_len < 2)
2431 if (mi[0] != GSM48_IE_MOBILE_ID)
2433 if (payload_len < mi[1] + 2 + 1) /* must include "channel needed" */
2435 chan_3 = mi[mi[1] + 2] & 0x03; /* channel needed */
2436 if (gsm_match_mi(ms, mi + 1) > 0)
2437 return gsm48_rr_chan_req(ms, gsm48_rr_chan2cause[chan_3], 1);
2442 /* 9.1.24 PAGING REQUEST 3 message received */
2443 static int gsm48_rr_rx_pag_req_3(struct osmocom_ms *ms, struct msgb *msg)
2445 struct gsm48_rrlayer *rr = &ms->rrlayer;
2446 struct gsm322_cellsel *cs = &ms->cellsel;
2447 struct gsm48_paging3 *pa = msgb_l3(msg);
2448 int payload_len = msgb_l3len(msg) - sizeof(*pa);
2449 int chan_1, chan_2, chan_3, chan_4;
2451 /* 3.3.1.1.2: ignore paging while not camping on a cell */
2452 if (rr->state != GSM48_RR_ST_IDLE || !cs->selected
2453 || (cs->state != GSM322_C3_CAMPED_NORMALLY
2454 && cs->state != GSM322_C7_CAMPED_ANY_CELL)) {
2455 LOGP(DRR, LOGL_INFO, "PAGING ignored, we are not camping.\n");
2459 LOGP(DPAG, LOGL_INFO, "PAGING REQUEST 3\n");
2461 if (payload_len < 0) { /* must include "channel needed", part of *pa */
2462 LOGP(DRR, LOGL_NOTICE, "Short read of PAGING REQUEST 3 "
2468 /* channel needed */
2469 chan_1 = pa->cneed1;
2470 chan_2 = pa->cneed2;
2471 chan_3 = pa->cneed3;
2472 chan_4 = pa->cneed4;
2474 if (ms->subscr.tmsi == ntohl(pa->tmsi1)
2475 && ms->subscr.tmsi_valid) {
2476 LOGP(DPAG, LOGL_INFO, "TMSI %08x matches\n", ntohl(pa->tmsi1));
2477 return gsm48_rr_chan_req(ms, gsm48_rr_chan2cause[chan_1], 1);
2479 LOGP(DPAG, LOGL_INFO, "TMSI %08x (not for us)\n",
2482 if (ms->subscr.tmsi == ntohl(pa->tmsi2)
2483 && ms->subscr.tmsi_valid) {
2484 LOGP(DPAG, LOGL_INFO, "TMSI %08x matches\n", ntohl(pa->tmsi2));
2485 return gsm48_rr_chan_req(ms, gsm48_rr_chan2cause[chan_2], 1);
2487 LOGP(DPAG, LOGL_INFO, "TMSI %08x (not for us)\n",
2490 if (ms->subscr.tmsi == ntohl(pa->tmsi3)
2491 && ms->subscr.tmsi_valid) {
2492 LOGP(DPAG, LOGL_INFO, "TMSI %08x matches\n", ntohl(pa->tmsi3));
2493 return gsm48_rr_chan_req(ms, gsm48_rr_chan2cause[chan_3], 1);
2495 LOGP(DPAG, LOGL_INFO, "TMSI %08x (not for us)\n",
2498 if (ms->subscr.tmsi == ntohl(pa->tmsi4)
2499 && ms->subscr.tmsi_valid) {
2500 LOGP(DPAG, LOGL_INFO, "TMSI %08x matches\n", ntohl(pa->tmsi4));
2501 return gsm48_rr_chan_req(ms, gsm48_rr_chan2cause[chan_4], 1);
2503 LOGP(DPAG, LOGL_INFO, "TMSI %08x (not for us)\n",
2510 * (immediate) assignment
2513 /* match request reference agains request history */
2514 static int gsm48_match_ra(struct osmocom_ms *ms, struct gsm48_req_ref *ref)
2516 struct gsm48_rrlayer *rr = &ms->rrlayer;
2519 uint8_t ia_t1, ia_t2, ia_t3;
2521 for (i = 0; i < 3; i++) {
2522 /* filter confirmed RACH requests only */
2523 if (rr->cr_hist[i].valid == 2
2524 && ref->ra == rr->cr_hist[i].chan_req) {
2527 ia_t3 = (ref->t3_high << 3) | ref->t3_low;
2528 gsm_fn2gsmtime(&tm, rr->cr_hist[i].fn);
2529 if (ia_t1 == (tm.t1 & 0x1f) && ia_t2 == tm.t2
2530 && ia_t3 == tm.t3) {
2531 LOGP(DRR, LOGL_INFO, "request %02x matches "
2532 "(fn=%d,%d,%d)\n", ref->ra, ia_t1,
2536 LOGP(DRR, LOGL_INFO, "request %02x matches "
2537 "but not frame number (IMM.ASS "
2538 "fn=%d,%d,%d != RACH fn=%d,%d,%d)\n",
2539 ref->ra, ia_t1, ia_t2, ia_t3,
2540 tm.t1 & 0x1f, tm.t2, tm.t3);
2547 /* 9.1.18 IMMEDIATE ASSIGNMENT is received */
2548 static int gsm48_rr_rx_imm_ass(struct osmocom_ms *ms, struct msgb *msg)
2550 struct gsm48_rrlayer *rr = &ms->rrlayer;
2551 struct gsm48_imm_ass *ia = msgb_l3(msg);
2552 int ma_len = msgb_l3len(msg) - sizeof(*ia);
2553 uint8_t ch_type, ch_subch, ch_ts;
2554 struct gsm48_rr_cd cd;
2555 uint8_t *st, st_len;
2557 memset(&cd, 0, sizeof(cd));
2559 if (ma_len < 0 /* mobile allocation IE must be included */
2560 || ia->mob_alloc_len > ma_len) { /* short read of IE */
2561 LOGP(DRR, LOGL_NOTICE, "Short read of IMMEDIATE ASSIGNMENT "
2565 if (ia->mob_alloc_len > 8) {
2566 LOGP(DRR, LOGL_NOTICE, "Moble allocation in IMMEDIATE "
2567 "ASSIGNMENT too large.\n");
2572 st_len = ma_len - ia->mob_alloc_len;
2573 st = ia->mob_alloc + ia->mob_alloc_len;
2574 if (st_len >= 3 && st[0] == GSM48_IE_START_TIME)
2575 gsm48_decode_start_time(&cd, (struct gsm48_start_time *)(st+1));
2577 /* decode channel description */
2578 LOGP(DRR, LOGL_INFO, "IMMEDIATE ASSIGNMENT:\n");
2579 cd.chan_nr = ia->chan_desc.chan_nr;
2580 rsl_dec_chan_nr(cd.chan_nr, &ch_type, &ch_subch, &ch_ts);
2581 if (ia->chan_desc.h0.h) {
2583 gsm48_decode_chan_h1(&ia->chan_desc, &cd.tsc, &cd.maio,
2585 LOGP(DRR, LOGL_INFO, " (ta %d/%dm ra 0x%02x chan_nr 0x%02x "
2586 "MAIO %u HSN %u TS %u SS %u TSC %u)\n",
2588 ia->timing_advance * GSM_TA_CM / 100,
2589 ia->req_ref.ra, ia->chan_desc.chan_nr, cd.maio,
2590 cd.hsn, ch_ts, ch_subch, cd.tsc);
2593 gsm48_decode_chan_h0(&ia->chan_desc, &cd.tsc, &cd.arfcn);
2594 LOGP(DRR, LOGL_INFO, " (ta %d/%dm ra 0x%02x chan_nr 0x%02x "
2595 "ARFCN %u TS %u SS %u TSC %u)\n",
2597 ia->timing_advance * GSM_TA_CM / 100,
2598 ia->req_ref.ra, ia->chan_desc.chan_nr, cd.arfcn,
2599 ch_ts, ch_subch, cd.tsc);
2602 /* 3.3.1.1.2: ignore assignment while idle */
2603 if (rr->state != GSM48_RR_ST_CONN_PEND || !rr->wait_assign) {
2604 LOGP(DRR, LOGL_INFO, "Not for us, no request.\n");
2609 if (gsm48_match_ra(ms, &ia->req_ref)) {
2610 /* channel description */
2611 memcpy(&rr->cd_now, &cd, sizeof(rr->cd_now));
2612 /* timing advance */
2613 rr->cd_now.ta = ia->timing_advance;
2614 /* mobile allocation */
2615 memcpy(&rr->cd_now.mob_alloc_lv, &ia->mob_alloc_len,
2616 ia->mob_alloc_len + 1);
2617 rr->wait_assign = 0;
2618 return gsm48_rr_dl_est(ms);
2620 LOGP(DRR, LOGL_INFO, "Request, but not for us.\n");
2625 /* 9.1.19 IMMEDIATE ASSIGNMENT EXTENDED is received */
2626 static int gsm48_rr_rx_imm_ass_ext(struct osmocom_ms *ms, struct msgb *msg)
2628 struct gsm48_rrlayer *rr = &ms->rrlayer;
2629 struct gsm48_imm_ass_ext *ia = msgb_l3(msg);
2630 int ma_len = msgb_l3len(msg) - sizeof(*ia);
2631 uint8_t ch_type, ch_subch, ch_ts;
2632 struct gsm48_rr_cd cd1, cd2;
2633 uint8_t *st, st_len;
2635 memset(&cd1, 0, sizeof(cd1));
2636 memset(&cd2, 0, sizeof(cd2));
2638 if (ma_len < 0 /* mobile allocation IE must be included */
2639 || ia->mob_alloc_len > ma_len) { /* short read of IE */
2640 LOGP(DRR, LOGL_NOTICE, "Short read of IMMEDIATE ASSIGNMENT "
2641 "EXTENDED message.\n");
2644 if (ia->mob_alloc_len > 4) {
2645 LOGP(DRR, LOGL_NOTICE, "Moble allocation in IMMEDIATE "
2646 "ASSIGNMENT EXTENDED too large.\n");
2651 st_len = ma_len - ia->mob_alloc_len;
2652 st = ia->mob_alloc + ia->mob_alloc_len;
2653 if (st_len >= 3 && st[0] == GSM48_IE_START_TIME) {
2654 gsm48_decode_start_time(&cd1,
2655 (struct gsm48_start_time *)(st+1));
2656 memcpy(&cd2, &cd1, sizeof(cd2));
2659 /* decode channel description */
2660 LOGP(DRR, LOGL_INFO, "IMMEDIATE ASSIGNMENT EXTENDED:\n");
2661 cd2.chan_nr = ia->chan_desc1.chan_nr;
2662 rsl_dec_chan_nr(cd1.chan_nr, &ch_type, &ch_subch, &ch_ts);
2663 if (ia->chan_desc1.h0.h) {
2665 gsm48_decode_chan_h1(&ia->chan_desc1, &cd1.tsc, &cd1.maio,
2667 LOGP(DRR, LOGL_INFO, " assignment 1 (ta %d/%dm ra 0x%02x "
2668 "chan_nr 0x%02x MAIO %u HSN %u TS %u SS %u TSC %u)\n",
2669 ia->timing_advance1,
2670 ia->timing_advance1 * GSM_TA_CM / 100,
2671 ia->req_ref1.ra, ia->chan_desc1.chan_nr, cd1.maio,
2672 cd1.hsn, ch_ts, ch_subch, cd1.tsc);
2675 gsm48_decode_chan_h0(&ia->chan_desc1, &cd1.tsc, &cd1.arfcn);
2676 LOGP(DRR, LOGL_INFO, " assignment 1 (ta %d/%dm ra 0x%02x "
2677 "chan_nr 0x%02x ARFCN %u TS %u SS %u TSC %u)\n",
2678 ia->timing_advance1,
2679 ia->timing_advance1 * GSM_TA_CM / 100,
2680 ia->req_ref1.ra, ia->chan_desc1.chan_nr, cd1.arfcn,
2681 ch_ts, ch_subch, cd1.tsc);
2683 cd2.chan_nr = ia->chan_desc2.chan_nr;
2684 rsl_dec_chan_nr(cd2.chan_nr, &ch_type, &ch_subch, &ch_ts);
2685 if (ia->chan_desc2.h0.h) {
2687 gsm48_decode_chan_h1(&ia->chan_desc2, &cd2.tsc, &cd2.maio,
2689 LOGP(DRR, LOGL_INFO, " assignment 2 (ta %d/%dm ra 0x%02x "
2690 "chan_nr 0x%02x MAIO %u HSN %u TS %u SS %u TSC %u)\n",
2691 ia->timing_advance2,
2692 ia->timing_advance2 * GSM_TA_CM / 100,
2693 ia->req_ref2.ra, ia->chan_desc2.chan_nr, cd2.maio,
2694 cd2.hsn, ch_ts, ch_subch, cd2.tsc);
2697 gsm48_decode_chan_h0(&ia->chan_desc2, &cd2.tsc, &cd2.arfcn);
2698 LOGP(DRR, LOGL_INFO, " assignment 2 (ta %d/%dm ra 0x%02x "
2699 "chan_nr 0x%02x ARFCN %u TS %u SS %u TSC %u)\n",
2700 ia->timing_advance2,
2701 ia->timing_advance2 * GSM_TA_CM / 100,
2702 ia->req_ref2.ra, ia->chan_desc2.chan_nr, cd2.arfcn,
2703 ch_ts, ch_subch, cd2.tsc);
2706 /* 3.3.1.1.2: ignore assignment while idle */
2707 if (rr->state != GSM48_RR_ST_CONN_PEND || !rr->wait_assign) {
2708 LOGP(DRR, LOGL_INFO, "Not for us, no request.\n");
2713 if (gsm48_match_ra(ms, &ia->req_ref1)) {
2714 /* channel description */
2715 memcpy(&rr->cd_now, &cd1, sizeof(rr->cd_now));
2716 /* timing advance */
2717 rr->cd_now.ta = ia->timing_advance1;
2718 /* mobile allocation */
2719 memcpy(&rr->cd_now.mob_alloc_lv, &ia->mob_alloc_len,
2720 ia->mob_alloc_len + 1);
2721 rr->wait_assign = 0;
2722 return gsm48_rr_dl_est(ms);
2725 if (gsm48_match_ra(ms, &ia->req_ref2)) {
2726 /* channel description */
2727 memcpy(&rr->cd_now, &cd2, sizeof(rr->cd_now));
2728 /* timing advance */
2729 rr->cd_now.ta = ia->timing_advance2;
2730 /* mobile allocation */
2731 memcpy(&rr->cd_now.mob_alloc_lv, &ia->mob_alloc_len,
2732 ia->mob_alloc_len + 1);
2733 rr->wait_assign = 0;
2734 return gsm48_rr_dl_est(ms);
2736 LOGP(DRR, LOGL_INFO, "Request, but not for us.\n");
2741 /* 9.1.20 IMMEDIATE ASSIGNMENT REJECT is received */
2742 static int gsm48_rr_rx_imm_ass_rej(struct osmocom_ms *ms, struct msgb *msg)
2744 struct gsm48_rrlayer *rr = &ms->rrlayer;
2745 struct gsm48_imm_ass_rej *ia = msgb_l3(msg);
2746 int payload_len = msgb_l3len(msg) - sizeof(*ia);
2748 struct gsm48_req_ref *req_ref;
2749 uint8_t t3122_value;
2751 /* 3.3.1.1.2: ignore assignment while idle */
2752 if (rr->state != GSM48_RR_ST_CONN_PEND || !rr->wait_assign)
2755 if (payload_len < 0) {
2756 LOGP(DRR, LOGL_NOTICE, "Short read of IMMEDIATE ASSIGNMENT "
2757 "REJECT message.\n");
2761 for (i = 0; i < 4; i++) {
2762 /* request reference */
2763 req_ref = (struct gsm48_req_ref *)
2764 (((uint8_t *)&ia->req_ref1) + i * 4);
2765 LOGP(DRR, LOGL_INFO, "IMMEDIATE ASSIGNMENT REJECT "
2766 "(ref 0x%02x)\n", req_ref->ra);
2767 if (gsm48_match_ra(ms, req_ref)) {
2768 /* wait indication */
2769 t3122_value = *(((uint8_t *)&ia->wait_ind1) + i * 4);
2771 start_rr_t3122(rr, t3122_value, 0);
2772 /* start timer 3126 if not already */
2773 if (!bsc_timer_pending(&rr->t3126))
2774 start_rr_t3126(rr, 5, 0); /* TODO improve! */
2775 /* stop assignmnet requests */
2778 /* wait until timer 3126 expires, then release
2779 * or wait for channel assignment */
2787 /* 9.1.1 ADDITIONAL ASSIGMENT is received */
2788 static int gsm48_rr_rx_add_ass(struct osmocom_ms *ms, struct msgb *msg)
2790 struct gsm48_hdr *gh = msgb_l3(msg);
2791 struct gsm48_add_ass *aa = (struct gsm48_add_ass *)gh->data;
2792 int payload_len = msgb_l3len(msg) - sizeof(*gh) - sizeof(*aa);
2793 struct tlv_parsed tp;
2795 if (payload_len < 0) {
2796 LOGP(DRR, LOGL_NOTICE, "Short read of ADDITIONAL ASSIGNMENT "
2798 return gsm48_rr_tx_rr_status(ms,
2799 GSM48_RR_CAUSE_PROT_ERROR_UNSPC);
2801 tlv_parse(&tp, &gsm48_rr_att_tlvdef, aa->data, payload_len, 0, 0);
2803 return gsm48_rr_tx_rr_status(ms, GSM48_RR_CAUSE_PROT_ERROR_UNSPC);
2807 * measturement reports
2810 static int gsm48_rr_tx_meas_rep(struct osmocom_ms *ms)
2812 struct gsm48_rrlayer *rr = &ms->rrlayer;
2813 struct gsm48_rr_meas *meas = &rr->meas;
2815 struct gsm48_hdr *gh;
2816 struct gsm48_meas_res *mr;
2818 nmsg = gsm48_l3_msgb_alloc();
2821 gh = (struct gsm48_hdr *) msgb_put(nmsg, sizeof(*gh));
2822 mr = (struct gsm48_meas_res *) msgb_put(nmsg, sizeof(*mr));
2824 gh->proto_discr = GSM48_PDISC_RR;
2825 gh->msg_type = GSM48_MT_RR_MEAS_REP;
2827 /* measurement results */
2828 mr->rxlev_full = meas->rxlev_full;
2829 mr->rxlev_sub = meas->rxlev_sub;
2830 mr->rxqual_full = meas->rxqual_full;
2831 mr->rxqual_sub = meas->rxqual_sub;
2832 mr->dtx_used = meas->dtx;
2833 mr->ba_used = meas->ba;
2834 mr->meas_valid = meas->meas_valid;
2835 if (meas->ncell_na) {
2836 /* no results for serving cells */
2840 mr->no_nc_n_hi = meas->count >> 2;
2841 mr->no_nc_n_lo = meas->count & 3;
2843 mr->rxlev_nc1 = meas->rxlev_nc[0];
2844 mr->rxlev_nc2_hi = meas->rxlev_nc[1] >> 1;
2845 mr->rxlev_nc2_lo = meas->rxlev_nc[1] & 1;
2846 mr->rxlev_nc3_hi = meas->rxlev_nc[2] >> 2;
2847 mr->rxlev_nc3_lo = meas->rxlev_nc[2] & 3;
2848 mr->rxlev_nc4_hi = meas->rxlev_nc[3] >> 3;
2849 mr->rxlev_nc4_lo = meas->rxlev_nc[3] & 7;
2850 mr->rxlev_nc5_hi = meas->rxlev_nc[4] >> 4;
2851 mr->rxlev_nc5_lo = meas->rxlev_nc[4] & 15;
2852 mr->rxlev_nc6_hi = meas->rxlev_nc[5] >> 5;
2853 mr->rxlev_nc6_lo = meas->rxlev_nc[5] & 31;
2854 mr->bsic_nc1_hi = meas->bsic_nc[0] >> 3;
2855 mr->bsic_nc1_lo = meas->bsic_nc[0] & 7;
2856 mr->bsic_nc2_hi = meas->bsic_nc[1] >> 4;
2857 mr->bsic_nc2_lo = meas->bsic_nc[1] & 15;
2858 mr->bsic_nc3_hi = meas->bsic_nc[2] >> 5;
2859 mr->bsic_nc3_lo = meas->bsic_nc[2] & 31;
2860 mr->bsic_nc4 = meas->bsic_nc[3];
2861 mr->bsic_nc5 = meas->bsic_nc[4];
2862 mr->bsic_nc6 = meas->bsic_nc[5];
2863 mr->bcch_f_nc1 = meas->bcch_f_nc[0];
2864 mr->bcch_f_nc2 = meas->bcch_f_nc[1];
2865 mr->bcch_f_nc3 = meas->bcch_f_nc[2];
2866 mr->bcch_f_nc4 = meas->bcch_f_nc[3];
2867 mr->bcch_f_nc5_hi = meas->bcch_f_nc[4] >> 1;
2868 mr->bcch_f_nc5_lo = meas->bcch_f_nc[4] & 1;
2869 mr->bcch_f_nc6_hi = meas->bcch_f_nc[5] >> 2;
2870 mr->bcch_f_nc6_lo = meas->bcch_f_nc[5] & 3;
2872 return gsm48_send_rsl(ms, RSL_MT_UNIT_DATA_REQ, nmsg);
2876 * link establishment and release
2879 /* process "Loss Of Signal" */
2880 int gsm48_rr_los(struct osmocom_ms *ms)
2882 struct gsm48_rrlayer *rr = &ms->rrlayer;
2885 struct gsm48_rr_hdr *nrrh;
2887 LOGP(DSUM, LOGL_INFO, "Radio link lost signal\n");
2889 /* stop T3211 if running */
2893 case GSM48_RR_ST_CONN_PEND:
2894 LOGP(DRR, LOGL_INFO, "LOS during RACH request\n");
2896 /* stop pending RACH timer */
2899 case GSM48_RR_ST_DEDICATED:
2900 LOGP(DRR, LOGL_INFO, "LOS during dedicated mode, release "
2903 new_rr_state(rr, GSM48_RR_ST_REL_PEND);
2905 /* release message */
2907 nmsg = gsm48_l3_msgb_alloc();
2910 mode = msgb_put(nmsg, 2);
2911 mode[0] = RSL_IE_RELEASE_MODE;
2912 mode[1] = 1; /* local release */
2914 return gsm48_send_rsl(ms, RSL_MT_REL_REQ, nmsg);
2915 case GSM48_RR_ST_REL_PEND:
2916 LOGP(DRR, LOGL_INFO, "LOS during RR release procedure, release "
2919 /* stop pending RACH timer */
2922 /* release locally */
2925 /* this should not happen */
2926 LOGP(DRR, LOGL_ERROR, "LOS in IDLE state, ignoring\n");
2930 /* send inication to upper layer */
2931 nmsg = gsm48_rr_msgb_alloc(GSM48_RR_REL_IND);
2934 nrrh = (struct gsm48_rr_hdr *)nmsg->data;
2935 nrrh->cause = RR_REL_CAUSE_LOST_SIGNAL;
2936 gsm48_rr_upmsg(ms, nmsg);
2939 new_rr_state(rr, GSM48_RR_ST_IDLE);
2943 /* activate link and send establish request */
2944 static int gsm48_rr_dl_est(struct osmocom_ms *ms)
2946 struct gsm48_rrlayer *rr = &ms->rrlayer;
2947 struct gsm_subscriber *subscr = &ms->subscr;
2949 struct gsm48_hdr *gh;
2950 struct gsm48_pag_rsp *pr;
2952 uint8_t ch_type, ch_subch, ch_ts;
2957 /* flush pending RACH requests */
2959 rr->n_chan_req = 0; // just to be safe
2960 nmsg = msgb_alloc_headroom(20, 16, "RAND_FLUSH");
2963 gsm48_send_rsl(ms, RSL_MT_RAND_ACC_FLSH, msg);
2965 if (bsc_timer_pending(&rr->temp_rach_ti))
2966 bsc_del_timer(&rr->temp_rach_ti);
2969 /* send DL_EST_REQ */
2970 if (rr->rr_est_msg) {
2971 /* use queued message */
2972 nmsg = rr->rr_est_msg;
2974 LOGP(DRR, LOGL_INFO, "sending establish message\n");
2976 /* create paging response */
2977 nmsg = gsm48_l3_msgb_alloc();
2980 gh = (struct gsm48_hdr *) msgb_put(nmsg, sizeof(*gh));
2981 pr = (struct gsm48_pag_rsp *) msgb_put(nmsg, sizeof(*pr));
2983 pr->key_seq = subscr->key_seq;
2985 pr->cm2_len = sizeof(pr->cm2);
2986 gsm48_rr_enc_cm2(ms, &pr->cm2);
2987 /* mobile identity */
2988 if (ms->subscr.tmsi_valid) {
2989 gsm48_generate_mid_from_tmsi(mi, subscr->tmsi);
2990 LOGP(DRR, LOGL_INFO, "sending paging response with "
2992 } else if (subscr->imsi[0]) {
2993 gsm48_generate_mid_from_imsi(mi, subscr->imsi);
2994 LOGP(DRR, LOGL_INFO, "sending paging response with "
2998 mi[2] = 0xf0 | GSM_MI_TYPE_NONE;
2999 LOGP(DRR, LOGL_INFO, "sending paging response without "
3002 msgb_put(nmsg, 1 + mi[1]);
3003 memcpy(pr->data, mi + 1, 1 + mi[1]);
3006 /* activate channel */
3008 RSL_MT_ to activate channel with all the cd_now informations
3011 printf("FIXME: Channel hopping not supported, exitting.\n");
3014 rsl_dec_chan_nr(rr->cd_now.chan_nr, &ch_type, &ch_subch, &ch_ts);
3015 if ((ch_type != RSL_CHAN_SDCCH8_ACCH
3016 && ch_type != RSL_CHAN_SDCCH4_ACCH) || ch_ts > 4) {
3017 printf("Channel type %d, subch %d, ts %d not supported, "
3018 "exitting.\n", ch_type, ch_subch, ch_ts);
3021 tx_ph_dm_est_req(ms, rr->cd_now.arfcn, rr->cd_now.chan_nr,
3025 /* start establishmnet */
3026 return gsm48_send_rsl(ms, RSL_MT_EST_REQ, nmsg);
3029 /* the link is established */
3030 static int gsm48_rr_estab_cnf(struct osmocom_ms *ms, struct msgb *msg)
3032 struct gsm48_rrlayer *rr = &ms->rrlayer;
3036 /* if MM has releases before confirm, we start release */
3037 if (rr->state == GSM48_RR_ST_REL_PEND) {
3038 LOGP(DRR, LOGL_INFO, "MM already released RR.\n");
3039 /* release message */
3040 nmsg = gsm48_l3_msgb_alloc();
3043 mode = msgb_put(nmsg, 2);
3044 mode[0] = RSL_IE_RELEASE_MODE;
3045 mode[1] = 0; /* normal release */
3047 return gsm48_send_rsl(ms, RSL_MT_REL_REQ, nmsg);
3051 new_rr_state(rr, GSM48_RR_ST_DEDICATED);
3053 /* send confirm to upper layer */
3054 nmsg = gsm48_rr_msgb_alloc(
3055 (rr->rr_est_req) ? GSM48_RR_EST_CNF : GSM48_RR_EST_IND);
3058 return gsm48_rr_upmsg(ms, nmsg);
3061 /* the link is released in pending state (by l2) */
3062 static int gsm48_rr_rel_ind(struct osmocom_ms *ms, struct msgb *msg)
3064 struct gsm48_rrlayer *rr = &ms->rrlayer;
3066 struct gsm48_rr_hdr *nrrh;
3068 LOGP(DSUM, LOGL_INFO, "Radio link is released\n");
3070 /* send inication to upper layer */
3071 nmsg = gsm48_rr_msgb_alloc(GSM48_RR_REL_IND);
3074 nrrh = (struct gsm48_rr_hdr *)nmsg->data;
3075 nrrh->cause = RR_REL_CAUSE_NORMAL;
3076 gsm48_rr_upmsg(ms, nmsg);
3078 /* start release timer, so UA will be transmitted */
3079 start_rr_t_rel_wait(rr, 1, 500000);
3081 /* pending release */
3082 new_rr_state(rr, GSM48_RR_ST_REL_PEND);
3087 /* 9.1.7 CHANNEL RELEASE is received */
3088 static int gsm48_rr_rx_chan_rel(struct osmocom_ms *ms, struct msgb *msg)
3090 struct gsm48_rrlayer *rr = &ms->rrlayer;
3091 struct gsm48_hdr *gh = msgb_l3(msg);
3092 struct gsm48_chan_rel *cr = (struct gsm48_chan_rel *)gh->data;
3093 int payload_len = msgb_l3len(msg) - sizeof(*gh) - sizeof(*cr);
3094 struct tlv_parsed tp;
3098 if (payload_len < 0) {
3099 LOGP(DRR, LOGL_NOTICE, "Short read of CHANNEL RELEASE "
3101 return gsm48_rr_tx_rr_status(ms,
3102 GSM48_RR_CAUSE_PROT_ERROR_UNSPC);
3104 tlv_parse(&tp, &gsm48_rr_att_tlvdef, cr->data, payload_len, 0, 0);
3106 LOGP(DRR, LOGL_INFO, "channel release request with cause 0x%02x)\n",
3110 if (TLVP_PRESENT(&tp, GSM48_IE_BA_RANGE)) {
3111 gsm48_decode_ba_range(TLVP_VAL(&tp, GSM48_IE_BA_RANGE),
3112 *(TLVP_VAL(&tp, GSM48_IE_BA_RANGE) - 1), rr->ba_range,
3114 sizeof(rr->ba_range) / sizeof(rr->ba_range[0]));
3115 /* NOTE: the ranges are kept until IDLE state is returned
3116 * (see new_rr_state)
3120 new_rr_state(rr, GSM48_RR_ST_REL_PEND);
3122 /* start T3110, so that two DISCs can be sent due to T200 timeout */
3123 start_rr_t3110(rr, 1, 500000);
3125 /* disconnect the main signalling link */
3126 nmsg = gsm48_l3_msgb_alloc();
3129 mode = msgb_put(nmsg, 2);
3130 mode[0] = RSL_IE_RELEASE_MODE;
3131 mode[1] = 0; /* normal release */
3132 return gsm48_send_rsl(ms, RSL_MT_REL_REQ, nmsg);
3136 * assignment and handover
3139 /* 9.1.3 sending ASSIGNMENT COMPLETE */
3140 static int gsm48_rr_tx_ass_cpl(struct osmocom_ms *ms, uint8_t cause)
3143 struct gsm48_hdr *gh;
3144 struct gsm48_ass_cpl *ac;
3146 LOGP(DRR, LOGL_INFO, "ASSIGNMENT COMPLETE (cause #%d)\n", cause);
3148 nmsg = gsm48_l3_msgb_alloc();
3151 gh = (struct gsm48_hdr *) msgb_put(nmsg, sizeof(*gh));
3152 ac = (struct gsm48_ass_cpl *) msgb_put(nmsg, sizeof(*ac));
3154 gh->proto_discr = GSM48_PDISC_RR;
3155 gh->msg_type = GSM48_MT_RR_ASS_COMPL;
3158 ac->rr_cause = cause;
3160 return gsm48_send_rsl(ms, RSL_MT_DATA_REQ, nmsg);
3163 /* 9.1.4 sending ASSIGNMENT FAILURE */
3164 static int gsm48_rr_tx_ass_fail(struct osmocom_ms *ms, uint8_t cause)
3167 struct gsm48_hdr *gh;
3168 struct gsm48_ass_fail *af;
3170 LOGP(DRR, LOGL_INFO, "ASSIGNMENT FAILURE (cause #%d)\n", cause);
3172 nmsg = gsm48_l3_msgb_alloc();
3175 gh = (struct gsm48_hdr *) msgb_put(nmsg, sizeof(*gh));
3176 af = (struct gsm48_ass_fail *) msgb_put(nmsg, sizeof(*af));
3178 gh->proto_discr = GSM48_PDISC_RR;
3179 gh->msg_type = GSM48_MT_RR_ASS_COMPL;
3182 af->rr_cause = cause;
3184 return gsm48_send_rsl(ms, RSL_MT_DATA_REQ, nmsg);
3187 /* 9.1.2 ASSIGNMENT COMMAND is received */
3188 static int gsm48_rr_rx_ass_cmd(struct osmocom_ms *ms, struct msgb *msg)
3190 // struct gsm48_rrlayer *rr = &ms->rrlayer;
3191 struct gsm48_hdr *gh = msgb_l3(msg);
3192 struct gsm48_ass_cmd *ac = (struct gsm48_ass_cmd *)gh->data;
3193 int payload_len = msgb_l3len(msg) - sizeof(*gh) - sizeof(*ac);
3194 struct tlv_parsed tp;
3195 struct gsm48_rr_cd cd;
3197 LOGP(DRR, LOGL_INFO, "ASSIGNMENT COMMAND\n");
3199 memset(&cd, 0, sizeof(cd));
3201 if (payload_len < 0) {
3202 LOGP(DRR, LOGL_NOTICE, "Short read of ASSIGNMENT COMMAND message.\n");
3203 return gsm48_rr_tx_rr_status(ms, GSM48_RR_CAUSE_PROT_ERROR_UNSPC);
3205 tlv_parse(&tp, &gsm48_rr_att_tlvdef, ac->data, payload_len, 0, 0);
3208 /* channel description */
3209 memcpy(&cd.chan_desc, &ac->chan_desc, sizeof(chan_desc));
3211 cd.power_command = ac->power_command;
3212 /* frequency list, after timer */
3213 tlv_copy(&cd.fl, sizeof(fl_after), &tp, GSM48_IE_FRQLIST_AFTER);
3214 /* cell channel description */
3215 tlv_copy(&cd.ccd, sizeof(ccd), &tp, GSM48_IE_CELL_CH_DESC);
3216 /* multislot allocation */
3217 tlv_copy(&cd.multia, sizeof(ma), &tp, GSM48_IE_MSLOT_DESC);
3219 tlv_copy(&cd.chanmode, sizeof(chanmode), &tp, GSM48_IE_CHANMODE_1);
3220 /* mobile allocation, after time */
3221 tlv_copy(&cd.moba_after, sizeof(moba_after), &tp, GSM48_IE_MOB_AL_AFTER);
3223 tlv_copy(&cd.start, sizeof(start), &tp, GSM_IE_START_TIME);
3224 /* frequency list, before time */
3225 tlv_copy(&cd.fl_before, sizeof(fl_before), &tp, GSM48_IE_FRQLIST_BEFORE);
3226 /* channel description, before time */
3227 tlv_copy(&cd.chan_desc_before, sizeof(cd_before), &tp, GSM48_IE_CHDES_1_BEFORE);
3228 /* frequency channel sequence, before time */
3229 tlv_copy(&cd.fcs_before, sizeof(fcs_before), &tp, GSM48_IE_FRQSEQ_BEFORE);
3230 /* mobile allocation, before time */
3231 tlv_copy(&cd.moba_before, sizeof(moba_before), &tp, GSM48_IE_MOB_AL_BEFORE);
3232 /* cipher mode setting */
3233 if (TLVP_PRESENT(&tp, GSM48_IE_CIP_MODE_SET))
3234 cd.cipher = *TLVP_VAL(&tp, GSM48_IE_CIP_MODE_SET);
3239 LOGP(DRR, LOGL_INFO, "No current cell allocation available.\n");
3240 return gsm48_rr_tx_ass_fail(ms, GSM48_GSM48_RR_CAUSE_NO_CELL_ALLOC_A);
3243 if (not supported) {
3244 LOGP(DRR, LOGL_INFO, "New channel is not supported.\n");
3245 return gsm48_rr_tx_ass_fail(ms, GSM48_RR_CAUSE_CHAN_MODE_UNACCEPT);
3248 if (freq not supported) {
3249 LOGP(DRR, LOGL_INFO, "New frequency is not supported.\n");
3250 return gsm48_rr_tx_ass_fail(ms, GSM48_RR_CAUSE_FREQ_NOT_IMPL);
3253 /* store current channel descriptions, to return in case of failure */
3254 memcpy(&rr->chan_last, &rr->chan_desc, sizeof(*cd));
3255 /* copy new description */
3256 memcpy(&rr->chan_desc, cd, sizeof(cd));
3258 /* start suspension of current link */
3259 nmsg = gsm48_l3_msgb_alloc();
3262 gsm48_send_rsl(ms, RSL_MT_SUSP_REQ, msg);
3264 /* change into special assignment suspension state */
3265 rr->assign_susp_state = 1;
3266 rr->resume_last_state = 0;
3268 return gsm48_rr_tx_ass_fail(ms, GSM48_RR_CAUSE_FREQ_NOT_IMPL);
3275 * radio ressource requests
3278 /* establish request for dedicated mode */
3279 static int gsm48_rr_est_req(struct osmocom_ms *ms, struct msgb *msg)
3281 struct gsm48_rrlayer *rr = &ms->rrlayer;
3282 struct gsm322_cellsel *cs = &ms->cellsel;
3283 struct gsm48_sysinfo *s = cs->si;
3284 struct gsm_subscriber *subscr = &ms->subscr;
3285 struct gsm48_rr_hdr *rrh = (struct gsm48_rr_hdr *) msg->data;
3286 struct gsm48_hdr *gh = msgb_l3(msg);
3289 struct gsm48_rr_hdr *nrrh;
3293 if (bsc_timer_pending(&rr->t3122)) {
3294 if (rrh->cause != RR_EST_CAUSE_EMERGENCY) {
3295 LOGP(DRR, LOGL_INFO, "T3122 running, rejecting!\n");
3296 cause = RR_REL_CAUSE_T3122;
3298 LOGP(DSUM, LOGL_INFO, "Establishing radio link not "
3300 nmsg = gsm48_rr_msgb_alloc(GSM48_RR_REL_IND);
3303 nrrh = (struct gsm48_rr_hdr *)nmsg->data;
3304 nrrh->cause = cause;
3305 return gsm48_rr_upmsg(ms, nmsg);
3307 LOGP(DRR, LOGL_INFO, "T3122 running, but emergency call\n");
3311 /* if state is not idle */
3312 if (rr->state != GSM48_RR_ST_IDLE) {
3313 LOGP(DRR, LOGL_INFO, "We are not IDLE yet, rejecting!\n");
3314 cause = RR_REL_CAUSE_TRY_LATER;
3319 if (!cs->selected) {
3320 LOGP(DRR, LOGL_INFO, "No cell selected, rejecting!\n");
3321 cause = RR_REL_CAUSE_TRY_LATER;
3325 /* check if camping */
3326 if (cs->state != GSM322_C3_CAMPED_NORMALLY
3327 && rrh->cause != RR_EST_CAUSE_EMERGENCY) {
3328 LOGP(DRR, LOGL_INFO, "Not camping normally, rejecting!\n");
3329 cause = RR_REL_CAUSE_EMERGENCY_ONLY;
3332 if (cs->state != GSM322_C3_CAMPED_NORMALLY
3333 && cs->state != GSM322_C7_CAMPED_ANY_CELL) {
3334 LOGP(DRR, LOGL_INFO, "Not camping, rejecting!\n");
3335 cause = RR_REL_CAUSE_TRY_LATER;
3339 /* check for relevant informations */
3341 LOGP(DRR, LOGL_INFO, "Not enough SI, rejecting!\n");
3342 cause = RR_REL_CAUSE_TRY_LATER;
3347 if (!subscr->acc_barr && s->cell_barr) {
3348 LOGP(DRR, LOGL_INFO, "Cell barred, rejecting!\n");
3349 cause = RR_REL_CAUSE_NOT_AUTHORIZED;
3352 if (rrh->cause == RR_EST_CAUSE_EMERGENCY)
3353 acc_class = subscr->acc_class | 0x0400;
3355 acc_class = subscr->acc_class & 0xfbff;
3356 if (!subscr->acc_barr && !(acc_class & (s->class_barr ^ 0xffff))) {
3357 LOGP(DRR, LOGL_INFO, "Cell barred for our access class (access "
3358 "%04x barred %04x)!\n", acc_class, s->class_barr);
3359 cause = RR_REL_CAUSE_NOT_AUTHORIZED;
3363 /* requested by RR */
3366 /* clone and store REQUEST message */
3368 LOGP(DRR, LOGL_ERROR, "Error, missing l3 message\n");
3371 rr->rr_est_msg = gsm48_l3_msgb_alloc();
3372 if (!rr->rr_est_msg)
3374 memcpy(msgb_put(rr->rr_est_msg, msgb_l3len(msg)),
3375 msgb_l3(msg), msgb_l3len(msg));
3377 /* request channel */
3378 return gsm48_rr_chan_req(ms, rrh->cause, 0);
3381 /* send all queued messages down to layer 2 */
3382 static int gsm48_rr_dequeue_down(struct osmocom_ms *ms)
3384 struct gsm48_rrlayer *rr = &ms->rrlayer;
3387 while((msg = msgb_dequeue(&rr->downqueue))) {
3388 LOGP(DRR, LOGL_INFO, "Sending queued message.\n");
3389 gsm48_send_rsl(ms, RSL_MT_DATA_REQ, msg);
3395 /* 3.4.2 transfer data in dedicated mode */
3396 static int gsm48_rr_data_req(struct osmocom_ms *ms, struct msgb *msg)
3398 struct gsm48_rrlayer *rr = &ms->rrlayer;
3400 if (rr->state != GSM48_RR_ST_DEDICATED) {
3405 /* pull RR header */
3406 msgb_pull(msg, sizeof(struct gsm48_rr_hdr));
3408 /* queue message, during handover or assignment procedure */
3409 if (rr->hando_susp_state || rr->assign_susp_state) {
3410 LOGP(DRR, LOGL_INFO, "Queueing message during suspend.\n");
3411 msgb_enqueue(&rr->downqueue, msg);
3415 /* forward message */
3416 return gsm48_send_rsl(ms, RSL_MT_DATA_REQ, msg);
3420 * data indications from data link
3423 /* 3.4.2 data from layer 2 to RR and upper layer*/
3424 static int gsm48_rr_data_ind(struct osmocom_ms *ms, struct msgb *msg)
3426 struct gsm48_hdr *gh = msgb_l3(msg);
3427 struct gsm48_rr_hdr *rrh;
3428 uint8_t pdisc = gh->proto_discr & 0x0f;
3430 if (pdisc == GSM48_PDISC_RR) {
3432 uint8_t skip_ind = (gh->proto_discr & 0xf0) >> 4;
3434 /* ignore if skip indicator is not B'0000' */
3438 switch(gh->msg_type) {
3439 case GSM48_MT_RR_ADD_ASS:
3440 rc = gsm48_rr_rx_add_ass(ms, msg);
3442 case GSM48_MT_RR_ASS_CMD:
3443 rc = gsm48_rr_rx_ass_cmd(ms, msg);
3446 case GSM48_MT_RR_CIP_MODE_CMD:
3447 rc = gsm48_rr_rx_cip_mode_cmd(ms, msg);
3450 case GSM48_MT_RR_CLSM_ENQ:
3451 rc = gsm48_rr_rx_cm_enq(ms, msg);
3454 case GSM48_MT_RR_HANDO_CMD:
3455 rc = gsm48_rr_rx_hando_cmd(ms, msg);
3457 case GSM48_MT_RR_FREQ_REDEF:
3458 rc = gsm48_rr_rx_freq_redef(ms, msg);
3461 case GSM48_MT_RR_CHAN_REL:
3462 rc = gsm48_rr_rx_chan_rel(ms, msg);
3465 LOGP(DRR, LOGL_NOTICE, "Message type 0x%02x unknown.\n",
3468 /* status message */
3469 gsm48_rr_tx_rr_status(ms, GSM48_RR_CAUSE_MSG_TYPE_N);
3476 /* pull off RSL header up to L3 message */
3477 msgb_pull(msg, (long)msgb_l3(msg) - (long)msg->data);
3479 /* push RR header */
3480 msgb_push(msg, sizeof(struct gsm48_rr_hdr));
3481 rrh = (struct gsm48_rr_hdr *)msg->data;
3482 rrh->msg_type = GSM48_RR_DATA_IND;
3484 return gsm48_rr_upmsg(ms, msg);
3487 /* receive BCCH at RR layer */
3488 static int gsm48_rr_rx_bcch(struct osmocom_ms *ms, struct msgb *msg)
3490 struct gsm48_system_information_type_header *sih = msgb_l3(msg);
3492 switch (sih->system_information) {
3493 case GSM48_MT_RR_SYSINFO_1:
3494 return gsm48_rr_rx_sysinfo1(ms, msg);
3495 case GSM48_MT_RR_SYSINFO_2:
3496 return gsm48_rr_rx_sysinfo2(ms, msg);
3497 case GSM48_MT_RR_SYSINFO_2bis:
3498 return gsm48_rr_rx_sysinfo2bis(ms, msg);
3499 case GSM48_MT_RR_SYSINFO_2ter:
3500 return gsm48_rr_rx_sysinfo2ter(ms, msg);
3501 case GSM48_MT_RR_SYSINFO_3:
3502 return gsm48_rr_rx_sysinfo3(ms, msg);
3503 case GSM48_MT_RR_SYSINFO_4:
3504 return gsm48_rr_rx_sysinfo4(ms, msg);
3507 LOGP(DRR, LOGL_NOTICE, "BCCH message type 0x%02x not sup.\n",
3508 sih->system_information);
3514 /* receive CCCH at RR layer */
3515 static int gsm48_rr_rx_pch_agch(struct osmocom_ms *ms, struct msgb *msg)
3517 struct gsm48_system_information_type_header *sih = msgb_l3(msg);
3519 switch (sih->system_information) {
3520 case GSM48_MT_RR_SYSINFO_5:
3521 return gsm48_rr_rx_sysinfo5(ms, msg);
3522 case GSM48_MT_RR_SYSINFO_5bis:
3523 return gsm48_rr_rx_sysinfo5bis(ms, msg);
3524 case GSM48_MT_RR_SYSINFO_5ter:
3525 return gsm48_rr_rx_sysinfo5ter(ms, msg);
3526 case GSM48_MT_RR_SYSINFO_6:
3527 return gsm48_rr_rx_sysinfo6(ms, msg);
3529 case GSM48_MT_RR_PAG_REQ_1:
3530 return gsm48_rr_rx_pag_req_1(ms, msg);
3531 case GSM48_MT_RR_PAG_REQ_2:
3532 return gsm48_rr_rx_pag_req_2(ms, msg);
3533 case GSM48_MT_RR_PAG_REQ_3:
3534 return gsm48_rr_rx_pag_req_3(ms, msg);
3536 case GSM48_MT_RR_IMM_ASS:
3537 return gsm48_rr_rx_imm_ass(ms, msg);
3538 case GSM48_MT_RR_IMM_ASS_EXT:
3539 return gsm48_rr_rx_imm_ass_ext(ms, msg);
3540 case GSM48_MT_RR_IMM_ASS_REJ:
3541 return gsm48_rr_rx_imm_ass_rej(ms, msg);
3544 LOGP(DRR, LOGL_NOTICE, "CCCH message type 0x%02x unknown.\n",
3545 sih->system_information);
3551 /* unit data from layer 2 to RR layer */
3552 static int gsm48_rr_unit_data_ind(struct osmocom_ms *ms, struct msgb *msg)
3554 struct gsm322_cellsel *cs = &ms->cellsel;
3555 struct abis_rsl_rll_hdr *rllh = msgb_l2(msg);
3556 struct tlv_parsed tv;
3558 DEBUGP(DRSL, "RSLms UNIT DATA IND chan_nr=0x%02x link_id=0x%02x\n",
3559 rllh->chan_nr, rllh->link_id);
3561 rsl_tlv_parse(&tv, rllh->data, msgb_l2len(msg)-sizeof(*rllh));
3562 if (!TLVP_PRESENT(&tv, RSL_IE_L3_INFO)) {
3563 DEBUGP(DRSL, "UNIT_DATA_IND without L3 INFO ?!?\n");
3566 msg->l3h = (uint8_t *) TLVP_VAL(&tv, RSL_IE_L3_INFO);
3568 if (cs->ccch_state != GSM322_CCCH_ST_SYNC
3569 && cs->ccch_state != GSM322_CCCH_ST_DATA)
3572 /* when camping, start/reset loss timer */
3573 if (cs->state == GSM322_C3_CAMPED_NORMALLY
3574 || cs->state == GSM322_C7_CAMPED_ANY_CELL) {
3575 struct gsm48_sysinfo *s = &ms->cellsel.sel_si;
3577 set radio link timeout on layer 1
3578 it is the number of subsequent BCCH blocks. (about 1/4 seconds)
3580 start_loss_timer(cs, s->bcch_radio_link_timeout / 4, 0);
3584 /* temporary moved here until confirm is fixed */
3585 if (cs->ccch_state != GSM322_CCCH_ST_DATA) {
3586 LOGP(DCS, LOGL_INFO, "Channel provides data.\n");
3587 cs->ccch_state = GSM322_CCCH_ST_DATA;
3589 /* in dedicated mode */
3590 if (ms->rrlayer.state == GSM48_RR_ST_CONN_PEND)
3591 return gsm48_rr_tx_rand_acc(ms, NULL);
3593 /* set timer for reading BCCH */
3594 if (cs->state == GSM322_C2_STORED_CELL_SEL
3595 || cs->state == GSM322_C1_NORMAL_CELL_SEL
3596 || cs->state == GSM322_C6_ANY_CELL_SEL
3597 || cs->state == GSM322_C4_NORMAL_CELL_RESEL
3598 || cs->state == GSM322_C8_ANY_CELL_RESEL
3599 || cs->state == GSM322_C5_CHOOSE_CELL
3600 || cs->state == GSM322_C9_CHOOSE_ANY_CELL
3601 || cs->state == GSM322_PLMN_SEARCH
3602 || cs->state == GSM322_HPLMN_SEARCH)
3603 start_cs_timer(cs, ms->support.scan_to, 0);
3604 // TODO: timer depends on BCCH config
3607 switch (rllh->chan_nr) {
3608 case RSL_CHAN_PCH_AGCH:
3609 return gsm48_rr_rx_pch_agch(ms, msg);
3612 #warning testing corrupt frames
3614 if (ms->cellsel.state == GSM322_C7_CAMPED_ANY_CELL)
3615 for(i=0;i<msgb_l3len(msg);i++)
3616 msg->l3h[i] = random();
3619 return gsm48_rr_rx_bcch(ms, msg);
3621 LOGP(DRSL, LOGL_NOTICE, "RSL with chan_nr 0x%02x unknown.\n",
3627 /* 3.4.13.3 RR abort in dedicated mode (also in conn. pending mode) */
3628 static int gsm48_rr_abort_req(struct osmocom_ms *ms, struct msgb *msg)
3630 struct gsm48_rrlayer *rr = &ms->rrlayer;
3633 /* stop pending RACH timer */
3636 /* release "normally" if we are in dedicated mode */
3637 if (rr->state == GSM48_RR_ST_DEDICATED) {
3640 LOGP(DRR, LOGL_INFO, "Abort in dedicated state, send release "
3643 new_rr_state(rr, GSM48_RR_ST_REL_PEND);
3645 /* release message */
3646 nmsg = gsm48_l3_msgb_alloc();
3649 mode = msgb_put(nmsg, 2);
3650 mode[0] = RSL_IE_RELEASE_MODE;
3651 mode[1] = 0; /* normal release */
3652 return gsm48_send_rsl(ms, RSL_MT_REL_REQ, nmsg);
3655 LOGP(DRR, LOGL_INFO, "Abort in connection pending state, return to "
3658 new_rr_state(rr, GSM48_RR_ST_REL_PEND);
3663 /* release confirm in dedicated mode */
3664 static int gsm48_rr_susp_cnf_dedicated(struct osmocom_ms *ms, struct msgb *msg)
3666 struct gsm48_rrlayer *rr = &ms->rrlayer;
3668 if (rr->hando_susp_state || rr->assign_susp_state) {
3671 /* change radio to new channel */
3672 tx_ph_dm_est_req(ms, rr->cd_now.arfcn, rr->cd_now.chan_nr,
3675 /* send DL-ESTABLISH REQUEST */
3676 nmsg = gsm48_l3_msgb_alloc();
3679 gsm48_send_rsl(ms, RSL_MT_EST_REQ, nmsg);
3683 if (rr->hando_susp_state) {
3684 gsm48_rr_tx_hando_access(ms);
3685 rr->hando_acc_left = 3;
3692 /* release confirm */
3693 static int gsm48_rr_rel_cnf(struct osmocom_ms *ms, struct msgb *msg)
3695 struct gsm48_rrlayer *rr = &ms->rrlayer;
3697 struct gsm48_rr_hdr *nrrh;
3699 LOGP(DSUM, LOGL_INFO, "Requesting channel aborted\n");
3701 /* stop T3211 if running */
3704 /* send release indication */
3705 nmsg = gsm48_rr_msgb_alloc(GSM48_RR_REL_IND);
3708 nrrh = (struct gsm48_rr_hdr *)nmsg->data;
3709 nrrh->cause = RR_REL_CAUSE_NORMAL;
3710 gsm48_rr_upmsg(ms, nmsg);
3713 new_rr_state(rr, GSM48_RR_ST_IDLE);
3721 /* state trasitions for link layer messages (lower layer) */
3722 static struct dldatastate {
3725 int (*rout) (struct osmocom_ms *ms, struct msgb *msg);
3726 } dldatastatelist[] = {
3728 {SBIT(GSM48_RR_ST_IDLE) |
3729 SBIT(GSM48_RR_ST_CONN_PEND) |
3730 SBIT(GSM48_RR_ST_DEDICATED) |
3731 SBIT(GSM48_RR_ST_REL_PEND),
3732 RSL_MT_UNIT_DATA_IND, gsm48_rr_unit_data_ind},
3734 {SBIT(GSM48_RR_ST_DEDICATED), /* 3.4.2 */
3735 RSL_MT_DATA_IND, gsm48_rr_data_ind},
3738 {SBIT(GSM48_RR_ST_CONN_PEND), /* 3.3.1.1.2 */
3739 RSL_MT_CHAN_CNF, gsm48_rr_tx_rand_acc},
3741 {SBIT(GSM48_RR_ST_IDLE) |
3742 SBIT(GSM48_RR_ST_CONN_PEND) |
3743 SBIT(GSM48_RR_ST_REL_PEND),
3744 RSL_MT_EST_CONF, gsm48_rr_estab_cnf},
3747 {SBIT(GSM48_RR_ST_DEDICATED),
3748 RSL_MT_EST_CONF, gsm48_rr_estab_cnf_dedicated},
3751 RSL_MT_CONNECT_CNF, gsm48_rr_connect_cnf},
3756 {SBIT(GSM48_RR_ST_CONN_PEND) |
3757 SBIT(GSM48_RR_ST_DEDICATED),
3758 RSL_MT_REL_IND, gsm48_rr_rel_ind},
3760 {SBIT(GSM48_RR_ST_REL_PEND),
3761 RSL_MT_REL_CONF, gsm48_rr_rel_cnf},
3764 {SBIT(GSM48_RR_ST_DEDICATED),
3765 RSL_MT_SUSP_CONF, gsm48_rr_susp_cnf_dedicated},
3768 {SBIT(GSM48_RR_ST_DEDICATED),
3769 RSL_MT_CHAN_CNF, gsm48_rr_rand_acc_cnf_dedicated},
3772 RSL_MT_MDL_ERROR_IND, gsm48_rr_mdl_error_ind},
3776 #define DLDATASLLEN \
3777 (sizeof(dldatastatelist) / sizeof(struct dldatastate))
3779 static int gsm48_rcv_rsl(struct osmocom_ms *ms, struct msgb *msg)
3781 struct gsm48_rrlayer *rr = &ms->rrlayer;
3782 struct abis_rsl_rll_hdr *rllh = msgb_l2(msg);
3783 int msg_type = rllh->c.msg_type;
3787 if (msg_type != RSL_MT_UNIT_DATA_IND) {
3788 LOGP(DRSL, LOGL_INFO, "(ms %s) Received '%s' from L2 in state "
3789 "%s\n", ms->name, get_rsl_name(msg_type),
3790 gsm48_rr_state_names[rr->state]);
3793 /* find function for current state and message */
3794 for (i = 0; i < DLDATASLLEN; i++)
3795 if ((msg_type == dldatastatelist[i].type)
3796 && ((1 << rr->state) & dldatastatelist[i].states))
3798 if (i == DLDATASLLEN) {
3799 LOGP(DRSL, LOGL_NOTICE, "RSLms message unhandled\n");
3804 rc = dldatastatelist[i].rout(ms, msg);
3806 /* free msgb unless it is forwarded */
3807 if (dldatastatelist[i].rout != gsm48_rr_data_ind)
3813 /* state trasitions for RR-SAP messages from up */
3814 static struct rrdownstate {
3817 int (*rout) (struct osmocom_ms *ms, struct msgb *msg);
3818 } rrdownstatelist[] = {
3819 /* NOTE: If not IDLE, it is rejected there. */
3820 {ALL_STATES, /* 3.3.1.1 */
3821 GSM48_RR_EST_REQ, gsm48_rr_est_req},
3823 {SBIT(GSM48_RR_ST_DEDICATED), /* 3.4.2 */
3824 GSM48_RR_DATA_REQ, gsm48_rr_data_req},
3826 {SBIT(GSM48_RR_ST_CONN_PEND) |
3827 SBIT(GSM48_RR_ST_DEDICATED), /* 3.4.13.3 */
3828 GSM48_RR_ABORT_REQ, gsm48_rr_abort_req},
3831 {SBIT(GSM48_RR_ST_DEDICATED),
3832 GSM48_RR_ACT_REQ, gsm48_rr_act_req},
3836 #define RRDOWNSLLEN \
3837 (sizeof(rrdownstatelist) / sizeof(struct rrdownstate))
3839 int gsm48_rr_downmsg(struct osmocom_ms *ms, struct msgb *msg)
3841 struct gsm48_rrlayer *rr = &ms->rrlayer;
3842 struct gsm48_rr_hdr *rrh = (struct gsm48_rr_hdr *) msg->data;
3843 int msg_type = rrh->msg_type;
3847 LOGP(DRR, LOGL_INFO, "(ms %s) Message '%s' received in state %s\n",
3848 ms->name, get_rr_name(msg_type),
3849 gsm48_rr_state_names[rr->state]);
3851 /* find function for current state and message */
3852 for (i = 0; i < RRDOWNSLLEN; i++)
3853 if ((msg_type == rrdownstatelist[i].type)
3854 && ((1 << rr->state) & rrdownstatelist[i].states))
3856 if (i == RRDOWNSLLEN) {
3857 LOGP(DRR, LOGL_NOTICE, "Message unhandled at this state.\n");
3862 rc = rrdownstatelist[i].rout(ms, msg);
3864 /* free msgb uless it is forwarded */
3865 if (rrdownstatelist[i].rout != gsm48_rr_data_req)
3875 int gsm48_rr_init(struct osmocom_ms *ms)
3877 struct gsm48_rrlayer *rr = &ms->rrlayer;
3879 memset(rr, 0, sizeof(*rr));
3882 LOGP(DRR, LOGL_INFO, "init Radio Ressource process\n");
3884 INIT_LLIST_HEAD(&rr->rsl_upqueue);
3885 INIT_LLIST_HEAD(&rr->downqueue);
3886 /* downqueue is handled here, so don't add_work */
3888 osmol2_register_handler(ms, &gsm48_rx_rsl);
3893 int gsm48_rr_exit(struct osmocom_ms *ms)
3895 struct gsm48_rrlayer *rr = &ms->rrlayer;
3898 LOGP(DRR, LOGL_INFO, "exit Radio Ressource process\n");
3901 while ((msg = msgb_dequeue(&rr->rsl_upqueue)))
3903 while ((msg = msgb_dequeue(&rr->downqueue)))
3906 if (rr->rr_est_msg) {
3907 msgb_free(rr->rr_est_msg);
3908 rr->rr_est_msg = NULL;
3911 stop_rr_t_rel_wait(rr);
3921 the process above is complete
3922 ------------------------------------------------------------------------------
3945 stop timers on abort
3946 wird beim abbruch immer der gepufferte cm-service-request entfernt, auch beim verschicken?:
3948 todo rr_sync_ind when receiving ciph, re ass, channel mode modify
3950 todo change procedures, release procedure
3952 static int gsm48_rr_act_req(struct osmocom_ms *ms, struct gsm48_rr *rrmsg)
3959 /* memcopy of LV of given IE from tlv_parsed structure */
3960 static int tlv_copy(void *dest, int dest_len, struct tlv_parsed *tp, uint8_t ie)
3969 if (!TLVP_PRESENT(tp, ie))
3972 len = TLVP_LEN(tp, ie);
3975 if (len + 1 > dest_len)
3978 memcpy(dest, TLVP_VAL(tp, ie) - 1, len + 1);
3983 /* decode "Cell Description" (10.5.2.2) */
3984 static int gsm48_decode_cell_desc(struct gsm48_cell_desc *cd, uint16_t *arfcn, uint8_t *ncc uint8_t *bcc)
3986 *arfcn = (cd->bcch_hi << 8) + cd->bcch_lo;
3991 /* decode "Power Command" (10.5.2.28) and (10.5.2.28a) */
3992 static int gsm48_decode_power_cmd_acc(struct gsm48_power_cmd *pc, uint8_t *power_level uint8_t *atc)
3994 *power_level = pc->power_level;
3995 if (atc) /* only in case of 10.5.2.28a */
3999 /* decode "Synchronization Indication" (10.5.2.39) */
4000 static int gsm48_decode_power_cmd_acc(struct gsm48_rrlayer *rr, struct gsm48_rr_sync_ind *si)
4002 rr->ho_sync_ind = si->si;
4003 rr->ho_rot = si->rot;
4004 rr->ho_nci = si->nci;
4007 /* receiving HANDOVER COMMAND message (9.1.15) */
4008 static int gsm48_rr_rx_hando_cmd(struct osmocom_ms *ms, struct msgb *msg)
4010 struct gsm48_rrlayer *rr = ms->rrlayer;
4011 struct gsm48_hdr *gh = msgb_l3(msg);
4012 struct gsm48_ho_cmd *ho = (struct gsm48_ho_cmd *)gh->data;
4013 int payload_len = msgb_l3len(msg) - sizeof(*gh) - wirklich sizeof(*ho);
4014 struct tlv_parsed tp;
4015 struct gsm48_rr_cd cd;
4018 memset(&cd, 0, sizeof(cd));
4020 if (payload_len < 0) {
4021 LOGP(DRR, LOGL_NOTICE, "Short read of HANDOVER COMMAND message.\n");
4022 return gsm48_rr_tx_rr_status(ms, GSM48_RR_CAUSE_PROT_ERROR_UNSPC);
4024 tlv_parse(&tp, &gsm48_rr_att_tlvdef, ho->data, payload_len, 0, 0);
4026 /* decode Cell Description */
4027 gsm_decode_cell_desc(&ho->cell_desc, &cd.bcch_arfcn, &cd.ncc, &cd.bcc);
4028 /* Channel Description */
4029 memcpy(&rr->chan_desc.chan_desc, ho->chan_desc, 3);
4030 /* Handover Reference */
4031 rr->hando_ref = ho->ho_ref;
4032 /* Power Command and access type */
4033 gsm_decode_power_cmd_acc((struct gsm48_power_cmd *)&ho->power_command,
4034 &cd.power_level, cd.atc);
4035 /* Synchronization Indication */
4036 if (TLVP_PRESENT(&tp, GSM48_IE_SYNC_IND))
4037 gsm48_decode_sync_ind(rr,
4038 TLVP_VAL(&tp, GSM48_IE_SYNC_IND)-1, &cd);
4039 /* Frequency Sort List */
4040 if (TLVP_PRESENT(&tp, GSM48_IE_FREQ_SHORT_LIST))
4041 gsm48_decode_freq_list(&ms->support, s->freq,
4042 TLVP_VAL(&tp, GSM48_IE_FREQ_SHORT_LIST),
4043 *(TLVP_VAL(&tp, GSM48_IE_FREQ_SHORT_LIST)-1),
4044 0xce, FREQ_TYPE_SERV);
4047 today: more IE parsing
4049 /* store current channel descriptions, to return in case of failure */
4050 memcpy(&rr->chan_last, &rr->chan_desc, sizeof(*cd));
4051 /* copy new description */
4052 memcpy(&rr->chan_desc, cd, sizeof(cd));
4054 /* start suspension of current link */
4055 nmsg = gsm48_l3_msgb_alloc();
4058 gsm48_send_rsl(ms, RSL_MT_SUSP_REQ, msg);
4060 /* change into special handover suspension state */
4061 rr->hando_susp_state = 1;
4062 rr->resume_last_state = 0;
4067 static int gsm48_rr_estab_cnf_dedicated(struct osmocom_ms *ms, struct msgb *msg)
4069 if (rr->hando_susp_state || rr->assign_susp_state) {
4070 if (rr->resume_last_state) {
4071 rr->resume_last_state = 0;
4072 gsm48_rr_tx_ass_cpl(ms, GSM48_RR_CAUSE_NORMAL);
4074 gsm48_rr_tx_ass_fail(ms, GSM48_RR_CAUSE_PROTO_ERR_UNSPEC);
4076 /* transmit queued frames during ho / ass transition */
4077 gsm48_rr_dequeue_down(ms);
4083 static int gsm48_rr_connect_cnf(struct osmocom_ms *ms, struct msgbl *msg)
4087 static int gsm48_rr_mdl_error_ind(struct osmocom_ms *ms, struct msgb *msg)
4089 struct gsm48_rrlayer *rr = ms->rrlayer;
4091 struct gsm_rr_hdr *nrrh;
4093 printing of the cause
4095 switch (msg->l3h[0]) {
4096 case RLL_CAUSE_SEQ_ERR:
4097 case RLL_CAUSE_UNSOL_DM_RESP_MF:
4098 einige muessen ignoriert werden
4099 andere gelten als release
4102 if (rr->hando_susp_state || rr->assign_susp_state) {
4103 if (!rr->resume_last_state) {
4104 rr->resume_last_state = 1;
4106 /* get old channel description */
4107 memcpy(&rr->chan_desc, &rr->chan_last, sizeof(*cd));
4109 /* change radio to old channel */
4110 tx_ph_dm_est_req(ms, rr->cd_now.arfcn,
4111 rr->cd_now.chan_nr, rr->cd_now.tsc);
4113 /* re-establish old link */
4114 nmsg = gsm48_l3_msgb_alloc();
4117 return gsm48_send_rsl(ms, RSL_MT_RECON_REQ, nmsg);
4119 rr->resume_last_state = 0;
4122 /* deactivate channel */
4123 tx_ph_dm_rel_req(ms, arfcn, rr->chan_desc.chan_desc.chan_nr);
4125 /* send abort ind to upper layer */
4126 nmsg = gsm48_mm_msgb_alloc();
4130 nrrh = (struct gsm_mm_hdr *)nmsg->data;
4131 nrrh->msg_type = RR_ABORT_IND;
4132 nrrh->cause = GSM_MM_CAUSE_LINK_FAILURE;
4133 return gsm48_rr_upmsg(ms, msg);
4136 static void timeout_rr_t3124(void *arg)
4138 struct gsm48_rrlayer *rr = arg;
4141 /* stop sending more access bursts when timer expired */
4144 /* get old channel description */
4145 memcpy(&rr->chan_desc, &rr->chan_last, sizeof(*cd));
4147 /* change radio to old channel */
4148 tx_ph_dm_est_req(ms, rr->cd_now.arfcn, rr->cd_now.chan_nr,
4151 /* re-establish old link */
4152 nmsg = gsm48_l3_msgb_alloc();
4155 return gsm48_send_rsl(ms, RSL_MT_REEST_REQ, nmsg);
4160 /* send HANDOVER ACCESS burst (9.1.14) */
4161 static int gsm48_rr_tx_hando_access(struct osmocom_ms *ms)
4163 nmsg = msgb_alloc_headroom(20, 16, "HAND_ACCESS");
4166 *msgb_put(nmsg, 1) = rr->hando_ref;
4168 return gsm48_send_rsl(ms, RSL_MT_RAND_ACC_REQ, nmsg);
4171 /* send next channel request in dedicated state */
4172 static int gsm48_rr_rand_acc_cnf_dedicated(struct osmocom_ms *ms, struct msgb *msg)
4174 struct gsm48_rrlayer *rr = &ms->rrlayer;
4178 if (!rr->hando_susp_state) {
4179 LOGP(DRR, LOGL_NOTICE, "Random acces confirm, but not in handover state.\n");
4183 /* send up to four handover access bursts */
4184 if (rr->hando_acc_left) {
4185 rr->hando_acc_left--;
4186 gsm48_rr_tx_hando_access(ms);
4190 /* start timer for sending next HANDOVER ACCESS bursts afterwards */
4191 if (!bsc_timer_pending(&rr->t3124)) {
4192 if (allocated channel is SDCCH)
4193 start_rr_t3124(rr, GSM_T3124_675);
4195 start_rr_t3124(rr, GSM_T3124_320);
4196 if (!rr->n_chan_req) {
4197 start_rr_t3126(rr, 5, 0); /* TODO improve! */
4202 /* wait for PHYSICAL INFORMATION message or T3124 timeout */
projects / osmocom-bb.git / blob