2 * (C) 2010 by Andreas Eversberg <jolly@eversberg.eu>
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License along
17 * with this program; if not, write to the Free Software Foundation, Inc.,
18 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22 /* Very short description of some of the procedures:
24 * A radio ressource request causes sendig a channel request on RACH.
25 * After receiving of an immediate assignment the link will be establised.
26 * After the link is established, the dedicated mode is entered and confirmed.
28 * A Paging request also triggers the channel request as above...
29 * After the link is established, the dedicated mode is entered and indicated.
31 * During dedicated mode, messages are transferred.
33 * When an assignment command or a handover command is received, the current
34 * link is released. After release, the new channel is activated and the
35 * link is established again. After link is establised, pending messages from
36 * radio ressource are sent.
38 * When the assignment or handover fails, the old channel is activate and the
39 * link is established again. Also pending messages are sent.
48 #include <arpa/inet.h>
50 #include <osmocore/msgb.h>
51 #include <osmocore/utils.h>
52 #include <osmocore/rsl.h>
53 #include <osmocore/gsm48.h>
54 #include <osmocore/bitvec.h>
56 #include <osmocom/logging.h>
57 #include <osmocom/osmocom_data.h>
59 static int gsm48_rcv_rsl(struct osmocom_ms *ms, struct msgb *msg);
60 static int gsm48_rr_dl_est(struct osmocom_ms *ms);
66 #define MIN(a, b) ((a < b) ? a : b)
68 int gsm48_decode_lai(struct gsm48_loc_area_id *lai, uint16_t *mcc,
69 uint16_t *mnc, uint16_t *lac)
71 *mcc = (lai->digits[0] & 0x0f) * 100
72 + (lai->digits[0] >> 4) * 10
73 + (lai->digits[1] & 0x0f);
74 *mnc = (lai->digits[2] & 0x0f) * 10
75 + (lai->digits[2] >> 4);
76 if ((lai->digits[1] >> 4) != 0xf) /* 3 digits MNC */
77 *mnc += (lai->digits[1] >> 4) * 100;
78 *lac = ntohs(lai->lac);
83 static int gsm48_encode_chan_h0(struct gsm48_chan_desc *cd, uint8_t tsc,
88 cd->h0.arfcn_low = arfcn & 0xff;
89 cd->h0.arfcn_high = arfcn >> 8;
94 static int gsm48_encode_chan_h1(struct gsm48_chan_desc *cd, uint8_t tsc,
95 uint8_t maio, uint8_t hsn)
99 cd->h1.maio_low = maio & 0x03;
100 cd->h1.maio_high = maio >> 2;
107 static int gsm48_decode_chan_h0(struct gsm48_chan_desc *cd, uint8_t *tsc,
111 *arfcn = cd->h0.arfcn_low | (cd->h0.arfcn_high << 8);
116 static int gsm48_decode_chan_h1(struct gsm48_chan_desc *cd, uint8_t *tsc,
117 uint8_t *maio, uint8_t *hsn)
120 *maio = cd->h1.maio_low | (cd->h1.maio_high << 2);
126 /* 10.5.2.38 decode Starting time IE */
127 static int gsm48_decode_start_time(struct gsm48_rr_cd *cd,
128 struct gsm48_start_time *st)
130 cd->start_t1 = st->t1;
131 cd->start_t2 = st->t2;
132 cd->start_t3 = (st->t3_high << 3) | st->t3_low;
141 static const char *gsm48_rr_state_names[] = {
147 static void new_rr_state(struct gsm48_rrlayer *rr, int state)
149 if (state < 0 || state >=
150 (sizeof(gsm48_rr_state_names) / sizeof(char *)))
153 if (state == GSM48_RR_ST_IDLE) {
154 struct msgb *msg, *nmsg;
156 /* free establish message, if any */
158 if (rr->rr_est_msg) {
159 msgb_free(rr->rr_est_msg);
160 rr->rr_est_msg = NULL;
162 /* free all pending messages */
163 while((msg = msgb_dequeue(&rr->downqueue)))
165 /* clear all descriptions of last channel */
166 memset(&rr->cd_now, 0, sizeof(rr->cd_now));
169 /* tell cell selection process to return to idle mode
170 * NOTE: this must be sent unbuffered, because it will
171 * leave camping state, so it locks against subsequent
172 * establishment of dedicated channel, before the
173 * cell selection process returned to camping state
176 nmsg = gsm322_msgb_alloc(GSM322_EVENT_LEAVE_IDLE);
179 gsm322_c_event(rr->ms, nmsg);
183 LOGP(DRR, LOGL_INFO, "new state %s -> %s\n",
184 gsm48_rr_state_names[rr->state], gsm48_rr_state_names[state]);
193 /* names of RR-SAP */
194 static const struct value_string gsm48_rr_msg_names[] = {
195 { GSM48_RR_EST_REQ, "RR_EST_REQ" },
196 { GSM48_RR_EST_IND, "RR_EST_IND" },
197 { GSM48_RR_EST_CNF, "RR_EST_CNF" },
198 { GSM48_RR_REL_IND, "RR_REL_IND" },
199 { GSM48_RR_SYNC_IND, "RR_SYNC_IND" },
200 { GSM48_RR_DATA_REQ, "RR_DATA_REQ" },
201 { GSM48_RR_DATA_IND, "RR_DATA_IND" },
202 { GSM48_RR_UNIT_DATA_IND, "RR_UNIT_DATA_IND" },
203 { GSM48_RR_ABORT_REQ, "RR_ABORT_REQ" },
204 { GSM48_RR_ABORT_IND, "RR_ABORT_IND" },
205 { GSM48_RR_ACT_REQ, "RR_ACT_REQ" },
209 const char *get_rr_name(int value)
211 return get_value_string(gsm48_rr_msg_names, value);
214 /* allocate GSM 04.08 layer 3 message */
215 struct msgb *gsm48_l3_msgb_alloc(void)
219 msg = msgb_alloc_headroom(L3_ALLOC_SIZE+L3_ALLOC_HEADROOM,
220 L3_ALLOC_HEADROOM, "GSM 04.08 L3");
223 msg->l3h = msg->data;
228 /* allocate GSM 04.08 message (RR-SAP) */
229 struct msgb *gsm48_rr_msgb_alloc(int msg_type)
232 struct gsm48_rr_hdr *rrh;
234 msg = msgb_alloc_headroom(RR_ALLOC_SIZE+RR_ALLOC_HEADROOM,
235 RR_ALLOC_HEADROOM, "GSM 04.08 RR");
239 rrh = (struct gsm48_rr_hdr *) msgb_put(msg, sizeof(*rrh));
240 rrh->msg_type = msg_type;
245 /* queue message (RR-SAP) */
246 int gsm48_rr_upmsg(struct osmocom_ms *ms, struct msgb *msg)
248 struct gsm48_mmlayer *mm = &ms->mmlayer;
250 msgb_enqueue(&mm->rr_upqueue, msg);
255 /* push rsl header and send (RSL-SAP) */
256 static int gsm48_send_rsl(struct osmocom_ms *ms, uint8_t msg_type,
259 struct gsm48_rrlayer *rr = &ms->rrlayer;
261 rsl_rll_push_l3(msg, msg_type, rr->cd_now.chan_nr,
262 rr->cd_now.link_id, 1);
264 return rslms_recvmsg(msg, ms);
267 /* enqueue messages (RSL-SAP) */
268 static int gsm48_rx_rll(struct msgb *msg, struct osmocom_ms *ms)
270 struct gsm48_rrlayer *rr = &ms->rrlayer;
273 return gsm48_rcv_rsl(ms, msg);
274 msgb_enqueue(&rr->rsl_upqueue, msg);
279 /* input function that L2 calls when sending messages up to L3 */
280 static int gsm48_rx_rsl(struct msgb *msg, struct osmocom_ms *ms)
282 struct abis_rsl_common_hdr *rslh = msgb_l2(msg);
285 switch (rslh->msg_discr & 0xfe) {
286 case ABIS_RSL_MDISC_RLL:
287 rc = gsm48_rx_rll(msg, ms);
290 /* FIXME: implement this */
291 LOGP(DRSL, LOGL_NOTICE, "unknown RSLms msg_discr 0x%02x\n",
300 /* dequeue messages (RSL-SAP) */
301 int gsm48_rsl_dequeue(struct osmocom_ms *ms)
303 struct gsm48_rrlayer *rr = &ms->rrlayer;
307 while ((msg = msgb_dequeue(&rr->rsl_upqueue))) {
308 /* msg is freed there */
309 gsm48_rcv_rsl(ms, msg);
310 work = 1; /* work done */
320 static void timeout_rr_t3122(void *arg)
322 LOGP(DRR, LOGL_INFO, "timer T3122 has fired\n");
325 static void timeout_rr_t3126(void *arg)
327 struct gsm48_rrlayer *rr = arg;
328 struct osmocom_ms *ms = rr->ms;
330 LOGP(DRR, LOGL_INFO, "timer T3126 has fired\n");
331 if (rr->rr_est_req) {
332 struct msgb *msg = gsm48_rr_msgb_alloc(GSM48_RR_REL_IND);
333 struct gsm48_rr_hdr *rrh;
337 rrh = (struct gsm48_rr_hdr *)msg->data;
338 rrh->cause = RR_REL_CAUSE_RA_FAILURE;
339 gsm48_rr_upmsg(ms, msg);
342 new_rr_state(rr, GSM48_RR_ST_IDLE);
345 static void start_rr_t3122(struct gsm48_rrlayer *rr, int sec, int micro)
347 LOGP(DRR, LOGL_INFO, "starting T3122 with %d seconds\n", sec);
348 rr->t3122.cb = timeout_rr_t3122;
350 bsc_schedule_timer(&rr->t3122, sec, micro);
353 static void start_rr_t3126(struct gsm48_rrlayer *rr, int sec, int micro)
355 LOGP(DRR, LOGL_INFO, "starting T3126 with %d seconds\n", sec);
356 rr->t3126.cb = timeout_rr_t3126;
358 bsc_schedule_timer(&rr->t3126, sec, micro);
361 static void stop_rr_t3122(struct gsm48_rrlayer *rr)
363 if (bsc_timer_pending(&rr->t3122)) {
364 LOGP(DRR, LOGL_INFO, "stopping pending timer T3122\n");
365 bsc_del_timer(&rr->t3122);
369 static void stop_rr_t3126(struct gsm48_rrlayer *rr)
371 if (bsc_timer_pending(&rr->t3126)) {
372 LOGP(DRR, LOGL_INFO, "stopping pending timer T3126\n");
373 bsc_del_timer(&rr->t3126);
381 /* send rr status request */
382 static int gsm48_rr_tx_rr_status(struct osmocom_ms *ms, uint8_t cause)
385 struct gsm48_hdr *gh;
386 struct gsm48_rr_status *st;
388 LOGP(DRR, LOGL_INFO, "RR STATUS (cause #%d)\n", cause);
390 nmsg = gsm48_l3_msgb_alloc();
393 gh = (struct gsm48_hdr *) msgb_put(nmsg, sizeof(*gh));
394 st = (struct gsm48_rr_status *) msgb_put(nmsg, sizeof(*st));
396 gh->proto_discr = GSM48_PDISC_RR;
397 gh->msg_type = GSM48_MT_RR_CIPH_M_COMPL;
400 st->rr_cause = cause;
402 return gsm48_send_rsl(ms, RSL_MT_DATA_REQ, nmsg);
409 /* send chiperhing mode complete */
410 static int gsm48_rr_tx_cip_mode_cpl(struct osmocom_ms *ms, uint8_t cr)
412 struct gsm_support *sup = &ms->support;
414 struct gsm48_hdr *gh;
415 uint8_t buf[11], *tlv;
417 LOGP(DRR, LOGL_INFO, "CIPHERING MODE COMPLETE (cr %d)\n", cr);
419 nmsg = gsm48_l3_msgb_alloc();
422 gh = (struct gsm48_hdr *) msgb_put(nmsg, sizeof(*gh));
424 gh->proto_discr = GSM48_PDISC_RR;
425 gh->msg_type = GSM48_MT_RR_CIPH_M_COMPL;
429 gsm48_generate_mid_from_imsi(buf, sup->imeisv);
430 tlv = msgb_put(nmsg, 2 + buf[1]);
431 memcpy(tlv, buf, 2 + buf[1]);
434 return gsm48_send_rsl(ms, RSL_MT_DATA_REQ, nmsg);
437 /* receive ciphering mode command */
438 static int gsm48_rr_rx_cip_mode_cmd(struct osmocom_ms *ms, struct msgb *msg)
440 struct gsm48_rrlayer *rr = &ms->rrlayer;
441 struct gsm_support *sup = &ms->support;
442 struct gsm48_hdr *gh = msgb_l3(msg);
443 struct gsm48_cip_mode_cmd *cm = (struct gsm48_cip_mode_cmd *)gh->data;
444 int payload_len = msgb_l3len(msg) - sizeof(*gh) - sizeof(*cm);
445 uint8_t sc, alg_id, cr;
447 if (payload_len < 0) {
448 LOGP(DRR, LOGL_NOTICE, "Short read of CIPHERING MODE COMMAND "
450 return gsm48_rr_tx_rr_status(ms,
451 GSM48_RR_CAUSE_PROT_ERROR_UNSPC);
454 /* cipher mode setting */
457 /* cipher mode response */
461 LOGP(DRR, LOGL_INFO, "CIPHERING MODE COMMAND (sc=%u, cr=%u)",
464 LOGP(DRR, LOGL_INFO, "CIPHERING MODE COMMAND (sc=%u, "
465 "algo=A5/%d cr=%u)", sc, alg_id + 1, cr);
468 if (rr->cipher_on && sc) {
469 LOGP(DRR, LOGL_INFO, "cipering already applied.\n");
470 return gsm48_rr_tx_rr_status(ms,
471 GSM48_RR_CAUSE_PROT_ERROR_UNSPC);
474 /* check if we actually support this cipher */
475 if ((alg_id == GSM_CIPHER_A5_1 && !sup->a5_1)
476 || (alg_id == GSM_CIPHER_A5_2 && !sup->a5_2)
477 || (alg_id == GSM_CIPHER_A5_3 && !sup->a5_3)
478 || (alg_id == GSM_CIPHER_A5_4 && !sup->a5_4)
479 || (alg_id == GSM_CIPHER_A5_5 && !sup->a5_5)
480 || (alg_id == GSM_CIPHER_A5_6 && !sup->a5_6)
481 || (alg_id == GSM_CIPHER_A5_7 && !sup->a5_7))
482 return gsm48_rr_tx_rr_status(ms,
483 GSM48_RR_CAUSE_CHAN_MODE_UNACCT);
485 /* change to ciphering */
487 rsl command to activate ciperhing
489 rr->cipher_on = sc, rr->cipher_type = alg_id;
492 return gsm48_rr_tx_cip_mode_cpl(ms, cr);
499 /* Encode "Classmark 3" (10.5.1.7) */
500 static int gsm48_rr_enc_cm3(struct osmocom_ms *ms, uint8_t *buf, uint8_t *len)
502 struct gsm_support *sup = &ms->support;
505 memset(&bv, 0, sizeof(bv));
510 bitvec_set_bit(&bv, 0);
511 /* band 3 supported */
513 bitvec_set_bit(&bv, ONE);
515 bitvec_set_bit(&bv, ZERO);
516 /* band 2 supported */
517 if (sup->e_gsm || sup->r_gsm)
518 bitvec_set_bit(&bv, ONE);
520 bitvec_set_bit(&bv, ZERO);
521 /* band 1 supported */
522 if (sup->p_gsm && !(sup->e_gsm || sup->r_gsm))
523 bitvec_set_bit(&bv, ONE);
525 bitvec_set_bit(&bv, ZERO);
528 bitvec_set_bit(&bv, ONE);
530 bitvec_set_bit(&bv, ZERO);
532 bitvec_set_bit(&bv, ONE);
534 bitvec_set_bit(&bv, ZERO);
536 bitvec_set_bit(&bv, ONE);
538 bitvec_set_bit(&bv, ZERO);
540 bitvec_set_bit(&bv, ONE);
542 bitvec_set_bit(&bv, ZERO);
543 /* radio capability */
544 if (sup->dcs_1800 && !sup->p_gsm && !(sup->e_gsm || sup->r_gsm)) {
546 bitvec_set_uint(&bv, 0, 4);
547 bitvec_set_uint(&bv, sup->dcs_capa, 4);
549 if (sup->dcs_1800 && (sup->p_gsm || (sup->e_gsm || sup->r_gsm))) {
551 bitvec_set_uint(&bv, sup->dcs_capa, 4);
553 bitvec_set_uint(&bv, sup->low_capa, 4);
556 bitvec_set_uint(&bv, 0, 4);
557 bitvec_set_uint(&bv, sup->low_capa, 4);
561 bitvec_set_bit(&bv, ONE);
562 bitvec_set_uint(&bv, sup->r_capa, 3);
564 bitvec_set_bit(&bv, ZERO);
566 /* multi slot support */
568 bitvec_set_bit(&bv, ONE);
569 bitvec_set_uint(&bv, sup->ms_sup, 5);
571 bitvec_set_bit(&bv, ZERO);
574 if (sup->ucs2_treat) {
575 bitvec_set_bit(&bv, ONE);
577 bitvec_set_bit(&bv, ZERO);
579 /* support extended measurements */
581 bitvec_set_bit(&bv, ONE);
583 bitvec_set_bit(&bv, ZERO);
585 /* support measurement capability */
587 bitvec_set_bit(&bv, ONE);
588 bitvec_set_uint(&bv, sup->sms_val, 4);
589 bitvec_set_uint(&bv, sup->sm_val, 4);
591 bitvec_set_bit(&bv, ZERO);
593 /* positioning method capability */
595 bitvec_set_bit(&bv, ONE);
596 bitvec_set_bit(&bv, sup->e_otd_ass == 1);
597 bitvec_set_bit(&bv, sup->e_otd_based == 1);
598 bitvec_set_bit(&bv, sup->gps_ass == 1);
599 bitvec_set_bit(&bv, sup->gps_based == 1);
600 bitvec_set_bit(&bv, sup->gps_conv == 1);
602 bitvec_set_bit(&bv, ZERO);
605 /* partitial bytes will be completed */
606 *len = (bv.cur_bit + 7) >> 3;
607 bitvec_spare_padding(&bv, (*len * 8) - 1);
612 /* encode classmark 2 */
613 int gsm48_rr_enc_cm2(struct osmocom_ms *ms, struct gsm48_classmark2 *cm)
615 struct gsm48_rrlayer *rr = &ms->rrlayer;
616 struct gsm_support *sup = &ms->support;
618 if (rr->arfcn >= 512 && rr->arfcn <= 885)
619 cm->pwr_lev = sup->pwr_lev_1800;
621 cm->pwr_lev = sup->pwr_lev_900;
622 cm->a5_1 = sup->a5_1;
623 cm->es_ind = sup->es_ind;
624 cm->rev_lev = sup->rev_lev;
625 cm->fc = (sup->r_gsm || sup->e_gsm);
626 cm->vgcs = sup->vgcs;
628 cm->sm_cap = sup->sms_ptp;
629 cm->ss_scr = sup->ss_ind;
630 cm->ps_cap = sup->ps_cap;
631 cm->a5_2 = sup->a5_2;
632 cm->a5_3 = sup->a5_3;
633 cm->cmsp = sup->cmsp;
634 cm->solsa = sup->solsa;
635 cm->lcsva_cap = sup->lcsva;
640 /* send classmark change */
641 static int gsm48_rr_tx_cm_change(struct osmocom_ms *ms)
643 struct gsm_support *sup = &ms->support;
645 struct gsm48_hdr *gh;
646 struct gsm48_cm_change *cc;
647 uint8_t cm3[14], *tlv;
649 LOGP(DRR, LOGL_INFO, "CLASSMARK CHANGE\n");
651 nmsg = gsm48_l3_msgb_alloc();
654 gh = (struct gsm48_hdr *) msgb_put(nmsg, sizeof(*gh));
655 cc = (struct gsm48_cm_change *) msgb_put(nmsg, sizeof(*cc));
657 gh->proto_discr = GSM48_PDISC_RR;
658 gh->msg_type = GSM48_MT_RR_CLSM_CHG;
661 cc->cm2_len = sizeof(cc->cm2);
662 gsm48_rr_enc_cm2(ms, &cc->cm2);
665 if (sup->dcs_1800 || sup->e_gsm || sup->r_gsm
666 || sup->a5_7 || sup->a5_6 || sup->a5_5 || sup->a5_4
669 || sup->ext_meas || sup->meas_cap
672 cm3[0] = GSM48_IE_CLASSMARK3;
673 gsm48_rr_enc_cm3(ms, cm3 + 2, &cm3[1]);
674 tlv = msgb_put(nmsg, 2 + cm3[1]);
675 memcpy(tlv, cm3, 2 + cm3[1]);
678 return gsm48_send_rsl(ms, RSL_MT_DATA_REQ, nmsg);
681 /* receiving classmark enquiry */
682 static int gsm48_rr_rx_cm_enq(struct osmocom_ms *ms, struct msgb *msg)
685 return gsm48_rr_tx_cm_change(ms);
692 /* temporary timer until we have time control over channnel request */
693 #define RSL_MT_CHAN_CNF 0x19
694 #include <osmocom/l1ctl.h>
695 static void temp_rach_to(void *arg)
697 struct gsm48_rrlayer *rr = arg;
698 struct osmocom_ms *ms = rr->ms;
699 struct msgb *msg = msgb_alloc_headroom(23+10, 10, "LAPDm RR");
700 struct abis_rsl_rll_hdr *rllh = (struct abis_rsl_rll_hdr *) msgb_put(msg, sizeof(*rllh));
702 rllh->c.msg_type = RSL_MT_CHAN_CNF;
703 gsm48_rcv_rsl(ms, msg);
708 /* send channel request burst message */
709 static int gsm48_rr_tx_chan_req(struct osmocom_ms *ms, int cause, int paging)
711 struct gsm48_rrlayer *rr = &ms->rrlayer;
712 struct gsm322_cellsel *cs = &ms->cellsel;
713 struct gsm48_sysinfo *s = &ms->sysinfo;
715 struct l1ctl_info_ul *nul;
716 struct l1ctl_rach_req *nra;
717 struct gsm48_rr_hdr *nrrh;
718 uint8_t chan_req, chan_req_val, chan_req_mask;
721 /* ignore paging, if not camping */
722 if (paging && cs->state != GSM322_C3_CAMPED_NORMALLY) {
726 /* tell cell selection process to leave idle mode
727 * NOTE: this must be sent unbuffered, because the state may not
728 * change until idle mode is left
730 nmsg = gsm322_msgb_alloc(GSM322_EVENT_LEAVE_IDLE);
733 gsm322_c_event(ms, nmsg);
737 new_rr_state(rr, GSM48_RR_ST_CONN_PEND);
739 /* number of retransmissions (without first transmission) */
740 rr->n_chan_req = s->max_retrans;
742 /* generate CHAN REQ (9.1.8) */
744 case RR_EST_CAUSE_EMERGENCY:
746 chan_req_mask = 0x1f;
748 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x (Emergency call)\n",
751 case RR_EST_CAUSE_REESTAB_TCH_F:
752 chan_req_mask = 0x1f;
754 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x (re-establish "
755 "TCH/F)\n", chan_req_val);
757 case RR_EST_CAUSE_REESTAB_TCH_H:
759 chan_req_mask = 0x03;
761 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x "
762 "(re-establish TCH/H with NECI)\n",
765 chan_req_mask = 0x1f;
767 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x "
768 "(re-establish TCH/H no NECI)\n", chan_req_val);
771 case RR_EST_CAUSE_REESTAB_2_TCH_H:
773 chan_req_mask = 0x03;
775 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x "
776 "(re-establish TCH/H+TCH/H with NECI)\n",
779 chan_req_mask = 0x1f;
781 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x "
782 "(re-establish TCH/H+TCH/H no NECI)\n",
786 case RR_EST_CAUSE_ANS_PAG_ANY:
787 chan_req_mask = 0x1f;
789 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x (PAGING "
790 "Any channel)\n", chan_req_val);
792 case RR_EST_CAUSE_ANS_PAG_SDCCH:
793 chan_req_mask = 0x0f;
795 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x (PAGING SDCCH)\n",
798 case RR_EST_CAUSE_ANS_PAG_TCH_F:
799 /* ms supports no dual rate */
800 chan_req_mask = 0x1f;
802 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x (PAGING TCH/F)\n",
805 case RR_EST_CAUSE_ANS_PAG_TCH_ANY:
806 /* ms supports no dual rate */
807 chan_req_mask = 0x1f;
809 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x (PAGING TCH/H or "
810 "TCH/F)\n", chan_req_val);
812 case RR_EST_CAUSE_ORIG_TCHF:
813 /* ms supports no dual rate */
814 chan_req_mask = 0x1f;
816 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x (Orig TCH/F)\n",
819 case RR_EST_CAUSE_LOC_UPD:
821 chan_req_mask = 0x0f;
823 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x (Location "
824 "Update with NECI)\n", chan_req_val);
826 chan_req_mask = 0x1f;
828 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x (Location "
829 "Update no NECI)\n", chan_req_val);
832 case RR_EST_CAUSE_OTHER_SDCCH:
834 chan_req_mask = 0x0f;
836 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x (OHTER "
837 "with NECI)\n", chan_req_val);
839 chan_req_mask = 0x1f;
841 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x (OTHER "
842 "no NECI)\n", chan_req_val);
846 if (!rr->rr_est_req) /* no request from MM */
849 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: with unknown "
850 "establishment cause: %d\n", cause);
851 nmsg = gsm48_rr_msgb_alloc(GSM48_RR_REL_IND);
854 nrrh = (struct gsm48_rr_hdr *)nmsg->data;
855 nrrh->cause = RR_REL_CAUSE_UNDEFINED;
856 gsm48_rr_upmsg(ms, nmsg);
857 new_rr_state(rr, GSM48_RR_ST_IDLE);
863 /* create and send RACH msg */
865 nmsg = gsm48_rsl_msgb_alloc();
867 nmsg = msgb_alloc_headroom(64, 48, "RAND_ACC");
868 struct l1ctl_hdr *l1h;
869 nmsg->l1h = msgb_put(nmsg, sizeof(*l1h));
870 l1h = (struct l1ctl_hdr *) nmsg->l1h;
871 l1h->msg_type = L1CTL_RACH_REQ;
874 nul = (struct l1ctl_info_ul *) msgb_put(nmsg, sizeof(*nul));
876 nra = (struct l1ctl_rach_req *) msgb_put(nmsg, sizeof(*nra));
879 chan_req &= chan_req_mask;
880 chan_req |= chan_req_val;
886 at this point we require chan req to be sent at a given delay
887 also we require a confirm from radio part
888 nra->delay = random() % t;
890 rr->temp_rach_ti.cb = temp_rach_to;
891 rr->temp_rach_ti.data = rr;
892 bsc_schedule_timer(&rr->temp_rach_ti, 0, 900000);
896 rr->chan_req_val = chan_req_val;
897 rr->chan_req_mask = chan_req_mask;
900 rr->cr_hist[1] = chan_req;
903 add layer 1 conrols to RSL...
904 return gsm48_send_rsl(ms, RSL_MT_CHAN_REQ, nmsg);
906 return osmo_send_l1(ms, nmsg);
910 /* send next channel request in conn pend state */
911 static int gsm48_rr_rand_acc_cnf(struct osmocom_ms *ms, struct msgb *msg)
913 struct gsm48_rrlayer *rr = &ms->rrlayer;
914 struct gsm48_sysinfo *s = &ms->sysinfo;
916 struct l1ctl_info_ul *nul;
917 struct l1ctl_rach_req *nra;
921 LOGP(DRR, LOGL_INFO, "RANDOM ACCESS confirm (requests left %d)\n",
924 if (!rr->n_chan_req) {
925 LOGP(DRR, LOGL_INFO, "Done with sending RANDOM ACCESS "
927 if (!bsc_timer_pending(&rr->t3126))
928 start_rr_t3126(rr, 5, 0); /* TODO improve! */
934 switch(s->tx_integer) {
935 case 3: case 8: case 14: case 50:
936 if (s->ccch_conf != 1) /* not combined CCCH */
940 case 4: case 9: case 16:
941 if (s->ccch_conf != 1)
945 case 5: case 10: case 20:
946 if (s->ccch_conf != 1)
950 case 6: case 11: case 25:
951 if (s->ccch_conf != 1)
956 if (s->ccch_conf != 1)
962 /* resend chan_req with new randiom */
964 nmsg = gsm48_rsl_msgb_alloc();
966 nmsg = msgb_alloc_headroom(64, 48, "RAND_ACC");
967 struct l1ctl_hdr *l1h;
968 nmsg->l1h = msgb_put(nmsg, sizeof(*l1h));
969 l1h = (struct l1ctl_hdr *) nmsg->l1h;
970 l1h->msg_type = L1CTL_RACH_REQ;
973 nul = (struct l1ctl_info_ul *) msgb_put(nmsg, sizeof(*nul));
975 nra = (struct l1ctl_rach_req *) msgb_put(nmsg, sizeof(*nra));
977 chan_req &= rr->chan_req_mask;
978 chan_req |= rr->chan_req_val;
981 at this point we require chan req to be sent at a given delay
982 also we require a confirm from radio part
983 nra->delay = (random() % s->tx_integer) + slots;
985 LOGP(DRR, LOGL_INFO, "RANDOM ACCESS (ra 0x%02x delay %d)\n", nra->ra,
988 rr->temp_rach_ti.cb = temp_rach_to;
989 rr->temp_rach_ti.data = rr;
990 bsc_schedule_timer(&rr->temp_rach_ti, 0, 900000);
992 LOGP(DRR, LOGL_INFO, "RANDOM ACCESS (ra 0x%02x)\n", nra->ra);
995 /* shift history and store */
996 rr->cr_hist[3] = rr->cr_hist[2];
997 rr->cr_hist[2] = rr->cr_hist[1];
998 rr->cr_hist[1] = chan_req;
1001 add layer 1 conrols to RSL...
1002 return gsm48_send_rsl(ms, RSL_MT_CHAN_REQ, nmsg);
1004 return osmo_send_l1(ms, nmsg);
1009 * system information
1012 /* decode "Cell Channel Description" (10.5.2.1b) and other frequency lists */
1013 static int gsm48_decode_freq_list(struct gsm_support *sup,
1014 struct gsm_sysinfo_freq *f, uint8_t *cd, uint8_t len, uint8_t mask,
1021 * The Range format uses "SMOD" computation.
1022 * e.g. "n SMOD m" equals "((n - 1) % m) + 1"
1023 * A cascade of multiple SMOD computations is simpified:
1024 * "(n SMOD m) SMOD o" equals "(((n - 1) % m) % o) + 1"
1026 * The Range format uses 16 octets of data in SYSTEM INFORMATION.
1027 * When used in dedicated messages, the length can be less.
1028 * In this case the ranges are decoded for all frequencies that
1029 * fit in the block of given length.
1033 for (i = 0; i < 1024; i++)
1037 if ((cd[0] & 0xc0 & mask) == 0x00) {
1038 /* Bit map 0 format */
1041 for (i = 1; i <= 124; i++)
1042 if ((cd[15 - ((i-1) >> 3)] & (1 << ((i-1) & 7))))
1048 /* only Bit map 0 format for P-GSM */
1049 if (sup->p_gsm && !sup->e_gsm && !sup->r_gsm && !sup->dcs_1800)
1053 if ((cd[0] & 0xc8 & mask) == 0x80) {
1054 /* Range 1024 format */
1055 uint16_t w[17]; /* 1..16 */
1056 struct gsm48_range_1024 *r = (struct gsm48_range_1024 *)cd;
1060 memset(w, 0, sizeof(w));
1063 w[1] = (r->w1_hi << 8) | r->w1_lo;
1065 w[2] = (r->w2_hi << 1) | r->w2_lo;
1067 w[3] = (r->w3_hi << 2) | r->w3_lo;
1069 w[4] = (r->w4_hi << 2) | r->w4_lo;
1071 w[5] = (r->w5_hi << 2) | r->w5_lo;
1073 w[6] = (r->w6_hi << 2) | r->w6_lo;
1075 w[7] = (r->w7_hi << 2) | r->w7_lo;
1077 w[8] = (r->w8_hi << 1) | r->w8_lo;
1083 w[11] = (r->w11_hi << 6) | r->w11_lo;
1085 w[12] = (r->w12_hi << 5) | r->w12_lo;
1087 w[13] = (r->w13_hi << 4) | r->w13_lo;
1089 w[14] = (r->w14_hi << 3) | r->w14_lo;
1091 w[15] = (r->w15_hi << 2) | r->w15_lo;
1095 f[w[1]].mask |= frqt;
1097 f[((w[1] - 512 + w[2] - 1) % 1023) + 1].mask |= frqt;
1099 f[((w[1] + w[3] - 1) % 1023) + 1].mask |= frqt;
1101 f[((w[1] - 512 + ((w[2] - 256 + w[4] - 1) % 511)) % 1023) + 1].mask |= frqt;
1103 f[((w[1] + ((w[3] - 256 - w[5] - 1) % 511)) % 1023) + 1].mask |= frqt;
1105 f[((w[1] - 512 + ((w[2] + w[6] - 1) % 511)) % 1023) + 1].mask |= frqt;
1107 f[((w[1] + ((w[3] + w[7] - 1) % 511)) % 1023) + 1].mask |= frqt;
1109 f[((w[1] - 512 + ((w[2] - 256 + ((w[4] - 128 + w[8] - 1) % 255)) % 511)) % 1023) + 1].mask |= frqt;
1111 f[((w[1] + ((w[3] - 256 + ((w[5] - 128 + w[9] - 1) % 255)) % 511)) % 1023) + 1].mask |= frqt;
1113 f[((w[1] - 512 + ((w[2] + ((w[6] - 128 + w[10] - 1) % 255)) % 511)) % 1023) + 1].mask |= frqt;
1115 f[((w[1] + ((w[3] + ((w[7] - 128 + w[11] - 1) % 255)) % 511)) % 1023) + 1].mask |= frqt;
1117 f[((w[1] - 512 + ((w[2] - 256 + ((w[4] + w[12] - 1) % 255)) % 511)) % 1023) + 1].mask |= frqt;
1119 f[((w[1] + ((w[3] - 256 + ((w[5] + w[13] - 1) % 255)) % 511)) % 1023) + 1].mask |= frqt;
1121 f[((w[1] - 512 + ((w[2] + ((w[6] + w[14] - 1) % 255)) % 511)) % 1023) + 1].mask |= frqt;
1123 f[((w[1] + ((w[3] + ((w[7] + w[15] - 1) % 255)) % 511)) % 1023) + 1].mask |= frqt;
1125 f[((w[1] - 512 + ((w[2] - 256 + ((w[4] - 128 + ((w[8] - 64 + w[16] - 1) % 127)) % 255)) % 511)) % 1023) + 1].mask |= frqt;
1130 if ((cd[0] & 0xce & mask) == 0x88) {
1131 /* Range 512 format */
1132 uint16_t w[18]; /* 1..17 */
1133 struct gsm48_range_512 *r = (struct gsm48_range_512 *)cd;
1137 memset(w, 0, sizeof(w));
1138 w[0] = (r->orig_arfcn_hi << 9) | (r->orig_arfcn_mid << 1) | r->orig_arfcn_lo;
1139 w[1] = (r->w1_hi << 2) | r->w1_lo;
1141 w[2] = (r->w2_hi << 2) | r->w2_lo;
1143 w[3] = (r->w3_hi << 2) | r->w3_lo;
1145 w[4] = (r->w4_hi << 1) | r->w4_lo;
1151 w[7] = (r->w7_hi << 6) | r->w7_lo;
1153 w[8] = (r->w8_hi << 4) | r->w8_lo;
1155 w[9] = (r->w9_hi << 2) | r->w9_lo;
1161 w[12] = (r->w12_hi << 4) | r->w12_lo;
1163 w[13] = (r->w13_hi << 2) | r->w13_lo;
1169 w[16] = (r->w16_hi << 3) | r->w16_lo;
1172 f[w[0]].mask |= frqt;
1174 f[(w[0] + w[1]) % 1024].mask |= frqt;
1176 f[(w[0] + ((w[1] - 256 + w[2] - 1) % 511) + 1) % 1024].mask |= frqt;
1178 f[(w[0] + ((w[1] + w[3] - 1) % 511) + 1) % 1024].mask |= frqt;
1180 f[(w[0] + ((w[1] - 256 + ((w[2] - 128 + w[4] - 1) % 255)) % 511) + 1) % 1024].mask |= frqt;
1182 f[(w[0] + ((w[1] + ((w[3] - 128 + w[5] - 1) % 255)) % 511) + 1) % 1024].mask |= frqt;
1184 f[(w[0] + ((w[1] - 256 + ((w[2] + w[6] - 1) % 255)) % 511) + 1) % 1024].mask |= frqt;
1186 f[(w[0] + ((w[1] + ((w[3] + w[7] - 1) % 255)) % 511) + 1) % 1024].mask |= frqt;
1188 f[(w[0] + ((w[1] - 256 + ((w[2] - 128 + ((w[4] - 64 + w[8] - 1) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
1190 f[(w[0] + ((w[1] + ((w[3] - 128 + ((w[5] - 64 + w[9] - 1) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
1192 f[(w[0] + ((w[1] - 256 + ((w[2] + ((w[6] - 64 + w[10] - 1) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
1194 f[(w[0] + ((w[1] + ((w[3] + ((w[7] - 64 + w[11] - 1) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
1196 f[(w[0] + ((w[1] - 256 + ((w[2] - 128 + ((w[4] + w[12] - 1) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
1198 f[(w[0] + ((w[1] + ((w[3] - 128 + ((w[5] + w[13] - 1) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
1200 f[(w[0] + ((w[1] - 256 + ((w[2] + ((w[6] + w[14] - 1) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
1202 f[(w[0] + ((w[1] + ((w[3] + ((w[7] + w[15] - 1) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
1204 f[(w[0] + ((w[1] - 256 + ((w[2] - 128 + ((w[4] - 64 + ((w[8] - 32 + w[16] - 1) % 63)) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
1206 f[(w[0] + ((w[1] + ((w[3] - 128 + ((w[5] - 64 + ((w[9] - 32 + w[17] - 1) % 63)) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
1211 if ((cd[0] & 0xce & mask) == 0x8a) {
1212 /* Range 256 format */
1213 uint16_t w[22]; /* 1..21 */
1214 struct gsm48_range_256 *r = (struct gsm48_range_256 *)cd;
1218 memset(w, 0, sizeof(w));
1219 w[0] = (r->orig_arfcn_hi << 9) | (r->orig_arfcn_mid << 1) | r->orig_arfcn_lo;
1220 w[1] = (r->w1_hi << 1) | r->w1_lo;
1226 w[4] = (r->w4_hi << 5) | r->w4_lo;
1228 w[5] = (r->w5_hi << 3) | r->w5_lo;
1230 w[6] = (r->w6_hi << 1) | r->w6_lo;
1234 w[8] = (r->w8_hi << 4) | r->w8_lo;
1236 w[9] = (r->w9_hi << 1) | r->w9_lo;
1240 w[11] = (r->w11_hi << 3) | r->w11_lo;
1248 w[15] = (r->w14_hi << 2) | r->w14_lo;
1250 w[16] = (r->w16_hi << 3) | r->w16_lo;
1256 w[19] = (r->w18_hi << 3) | r->w18_lo;
1258 w[20] = (r->w20_hi << 3) | r->w20_lo;
1261 f[w[0]].mask |= frqt;
1263 f[(w[0] + w[1]) % 1024].mask |= frqt;
1265 f[(w[0] + ((w[1] - 128 + w[2] - 1) % 255) + 1) % 1024].mask |= frqt;
1267 f[(w[0] + ((w[1] + w[3] - 1) % 255) + 1) % 1024].mask |= frqt;
1269 f[(w[0] + ((w[1] - 128 + ((w[2] - 64 + w[4] - 1) % 127)) % 255) + 1) % 1024].mask |= frqt;
1271 f[(w[0] + ((w[1] + ((w[3] - 64 + w[5] - 1) % 127)) % 255) + 1) % 1024].mask |= frqt;
1273 f[(w[0] + ((w[1] - 128 + ((w[2] + w[6] - 1) % 127)) % 255) + 1) % 1024].mask |= frqt;
1275 f[(w[0] + ((w[1] + ((w[3] + w[7] - 1) % 127)) % 255) + 1) % 1024].mask |= frqt;
1277 f[(w[0] + ((w[1] - 128 + ((w[2] - 64 + ((w[4] - 32 + w[8] - 1) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1279 f[(w[0] + ((w[1] + ((w[3] - 64 + ((w[5] - 32 + w[9] - 1) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1281 f[(w[0] + ((w[1] - 128 + ((w[2] + ((w[6] - 32 + w[10] - 1) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1283 f[(w[0] + ((w[1] + ((w[3] + ((w[7] - 32 + w[11] - 1) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1285 f[(w[0] + ((w[1] - 128 + ((w[2] - 64 + ((w[4] + w[12] - 1) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1287 f[(w[0] + ((w[1] + ((w[3] - 64 + ((w[5] + w[13] - 1) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1289 f[(w[0] + ((w[1] - 128 + ((w[2] + ((w[6] + w[14] - 1) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1291 f[(w[0] + ((w[1] + ((w[3] + ((w[7] + w[15] - 1) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1293 f[(w[0] + ((w[1] - 128 + ((w[2] - 64 + ((w[4] - 32 + ((w[8] - 16 + w[16] - 1) % 31)) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1295 f[(w[0] + ((w[1] + ((w[3] - 64 + ((w[5] - 32 + ((w[9] - 16 + w[17] - 1) % 31)) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1297 f[(w[0] + ((w[1] - 128 + ((w[2] + ((w[6] - 32 + ((w[10] - 16 + w[18] - 1) % 31)) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1299 f[(w[0] + ((w[1] + ((w[3] + ((w[7] - 32 + ((w[11] - 16 + w[19] - 1) % 31)) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1301 f[(w[0] + ((w[1] - 128 + ((w[2] - 64 + ((w[4] + ((w[12] - 16 + w[20] - 1) % 31)) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1303 f[(w[0] + ((w[1] + ((w[3] - 64 + ((w[5] + ((w[13] - 16 + w[21] - 1) % 31)) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1308 if ((cd[0] & 0xce & mask) == 0x8c) {
1309 /* Range 128 format */
1310 uint16_t w[29]; /* 1..28 */
1311 struct gsm48_range_128 *r = (struct gsm48_range_128 *)cd;
1315 memset(w, 0, sizeof(w));
1316 w[0] = (r->orig_arfcn_hi << 9) | (r->orig_arfcn_mid << 1) | r->orig_arfcn_lo;
1321 w[3] = (r->w3_hi << 4) | r->w3_lo;
1323 w[4] = (r->w4_hi << 1) | r->w4_lo;
1327 w[6] = (r->w6_hi << 3) | r->w6_lo;
1351 w[18] = (r->w18_hi << 1) | r->w18_lo;
1357 w[21] = (r->w21_hi << 2) | r->w21_lo;
1367 w[26] = (r->w26_hi << 1) | r->w26_lo;
1372 f[w[0]].mask |= frqt;
1374 f[(w[0] + w[1]) % 1024].mask |= frqt;
1376 f[(w[0] + ((w[1] - 64 + w[2] - 1) % 127) + 1) % 1024].mask |= frqt;
1378 f[(w[0] + ((w[1] + w[3] - 1) % 127) + 1) % 1024].mask |= frqt;
1380 f[(w[0] + ((w[1] - 64 + ((w[2] - 32 + w[4] - 1) % 63)) % 127) + 1) % 1024].mask |= frqt;
1382 f[(w[0] + ((w[1] + ((w[3] - 32 + w[5] - 1) % 63)) % 127) + 1) % 1024].mask |= frqt;
1384 f[(w[0] + ((w[1] - 64 + ((w[2] + w[6] - 1) % 63)) % 127) + 1) % 1024].mask |= frqt;
1386 f[(w[0] + ((w[1] + ((w[3] + w[7] - 1) % 63)) % 127) + 1) % 1024].mask |= frqt;
1388 f[(w[0] + ((w[1] - 64 + ((w[2] - 32 + ((w[4] - 16 + w[8] - 1) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1390 f[(w[0] + ((w[1] + ((w[3] - 32 + ((w[5] - 16 + w[9] - 1) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1392 f[(w[0] + ((w[1] - 64 + ((w[2] + ((w[6] - 16 + w[10] - 1) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1394 f[(w[0] + ((w[1] + ((w[3] + ((w[7] - 16 + w[11] - 1) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1396 f[(w[0] + ((w[1] - 64 + ((w[2] - 32 + ((w[4] + w[12] - 1) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1398 f[(w[0] + ((w[1] + ((w[3] - 32 + ((w[5] + w[13] - 1) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1400 f[(w[0] + ((w[1] - 64 + ((w[2] + ((w[6] + w[14] - 1) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1402 f[(w[0] + ((w[1] + ((w[3] + ((w[7] + w[15] - 1) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1404 f[(w[0] + ((w[1] - 64 + ((w[2] - 32 + ((w[4] - 16 + ((w[8] - 8 + w[16] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1406 f[(w[0] + ((w[1] + ((w[3] - 32 + ((w[5] - 16 + ((w[9] - 8 + w[17] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1408 f[(w[0] + ((w[1] - 64 + ((w[2] + ((w[6] - 16 + ((w[10] - 8 + w[18] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1410 f[(w[0] + ((w[1] + ((w[3] + ((w[7] - 16 + ((w[11] - 8 + w[19] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1412 f[(w[0] + ((w[1] - 64 + ((w[2] - 32 + ((w[4] + ((w[12] - 8 + w[20] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1414 f[(w[0] + ((w[1] + ((w[3] - 32 + ((w[5] + ((w[13] - 8 + w[21] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1416 f[(w[0] + ((w[1] - 64 + ((w[2] + ((w[6] + ((w[14] - 8 + w[22] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1418 f[(w[0] + ((w[1] + ((w[3] + ((w[7] + ((w[15] - 8 + w[23] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1420 f[(w[0] + ((w[1] - 64 + ((w[2] - 32 + ((w[4] - 16 + ((w[8] + w[24] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1422 f[(w[0] + ((w[1] + ((w[3] - 32 + ((w[5] - 16 + ((w[9] + w[25] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1424 f[(w[0] + ((w[1] - 64 + ((w[2] + ((w[6] - 16 + ((w[10] + w[26] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1426 f[(w[0] + ((w[1] + ((w[3] + ((w[7] - 16 + ((w[11] + w[27] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1428 f[(w[0] + ((w[1] - 64 + ((w[2] - 32 + ((w[4] + ((w[12] + w[28] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1433 if ((cd[0] & 0xce & mask) == 0x8e) {
1434 /* Variable bitmap format (can be any length >= 3) */
1436 struct gsm48_var_bit *r = (struct gsm48_var_bit *)cd;
1440 orig = (r->orig_arfcn_hi << 9) | (r->orig_arfcn_mid << 1) | r->orig_arfcn_lo;
1441 f[orig].mask |= frqt;
1442 for (i = 1; 2 + (i >> 3) < len; i++)
1443 if ((cd[2 + (i >> 3)] & (0x80 >> (i & 7))))
1444 f[(orig + i) % 1024].mask |= frqt;
1452 /* decode "Cell Selection Parameters" (10.5.2.4) */
1453 static int gsm48_decode_cell_sel_param(struct gsm48_sysinfo *s,
1454 struct gsm48_cell_sel_par *cs)
1457 convert ms_txpwr_max_ccch dependant on the current frequenc and support
1458 to the right powe level
1460 s->ms_txpwr_max_ccch = cs->ms_txpwr_max_ccch;
1461 s->cell_resel_hyst_db = cs->cell_resel_hyst * 2;
1462 s->rxlev_acc_min_db = cs->rxlev_acc_min - 110;
1469 /* decode "Cell Options (BCCH)" (10.5.2.3) */
1470 static int gsm48_decode_cellopt_bcch(struct gsm48_sysinfo *s,
1471 struct gsm48_cell_options *co)
1473 s->bcch_radio_link_timeout = (co->radio_link_timeout + 1) * 4;
1474 s->bcch_dtx = co->dtx;
1475 s->bcch_pwrc = co->pwrc;
1480 /* decode "Cell Options (SACCH)" (10.5.2.3a) */
1481 static int gsm48_decode_cellopt_sacch(struct gsm48_sysinfo *s,
1482 struct gsm48_cell_options *co)
1484 s->sacch_radio_link_timeout = (co->radio_link_timeout + 1) * 4;
1485 s->sacch_dtx = co->dtx;
1486 s->sacch_pwrc = co->pwrc;
1491 /* decode "Control Channel Description" (10.5.2.11) */
1492 static int gsm48_decode_ccd(struct gsm48_sysinfo *s,
1493 struct gsm48_control_channel_descr *cc)
1495 s->ccch_conf = cc->ccch_conf;
1496 s->bs_ag_blks_res = cc->bs_ag_blks_res;
1497 s->att_allowed = cc->att;
1498 s->pag_mf_periods = cc->bs_pa_mfrms + 2;
1499 s->t3212 = cc->t3212 * 360; /* convert deci-hours to seconds */
1504 /* decode "Mobile Allocation" (10.5.2.21) */
1505 static int gsm48_decode_mobile_alloc(struct gsm48_sysinfo *s,
1506 uint8_t *ma, uint8_t len)
1509 uint16_t f[len << 3];
1511 /* not more than 64 hopping indexes allowed in IE */
1517 for (i = 0; i < 1024; i++)
1518 s->freq[i].mask &= ~FREQ_TYPE_HOPP;
1520 /* generating list of all frequencies (1..1023,0) */
1521 for (i = 1; i <= 1024; i++) {
1522 if ((s->freq[i & 1023].mask & FREQ_TYPE_SERV)) {
1524 if (j == (len << 3))
1529 /* fill hopping table with frequency index given by IE
1530 * and set hopping type bits
1532 for (i = 0; i < (len << 3); i++) {
1533 /* if bit is set, this frequency index is used for hopping */
1534 if ((ma[len - 1 - (i >> 3)] & (1 << (i & 7)))) {
1535 /* index higher than entries in list ? */
1537 LOGP(DRR, LOGL_NOTICE, "Mobile Allocation "
1538 "hopping index %d exceeds maximum "
1539 "number of cell frequencies. (%d)\n",
1543 s->hopping[s->hopp_len++] = f[i];
1544 s->freq[f[i]].mask |= FREQ_TYPE_HOPP;
1551 /* Rach Control decode tables */
1552 static uint8_t gsm48_max_retrans[4] = {
1555 static uint8_t gsm48_tx_integer[16] = {
1556 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 16, 20, 25, 32, 50
1559 /* decode "RACH Control Parameter" (10.5.2.29) */
1560 static int gsm48_decode_rach_ctl_param(struct gsm48_sysinfo *s,
1561 struct gsm48_rach_control *rc)
1563 s->reest_denied = rc->re;
1564 s->cell_barr = rc->cell_bar;
1565 s->tx_integer = gsm48_tx_integer[rc->tx_integer];
1566 s->max_retrans = gsm48_max_retrans[rc->max_trans];
1567 s->class_barr = (rc->t2 << 8) | rc->t3;
1571 static int gsm48_decode_rach_ctl_neigh(struct gsm48_sysinfo *s,
1572 struct gsm48_rach_control *rc)
1574 s->nb_reest_denied = rc->re;
1575 s->nb_cell_barr = rc->cell_bar;
1576 s->nb_tx_integer = gsm48_tx_integer[rc->tx_integer];
1577 s->nb_max_retrans = gsm48_max_retrans[rc->max_trans];
1578 s->nb_class_barr = (rc->t2 << 8) | rc->t3;
1583 /* decode "SI 1 Rest Octets" (10.5.2.32) */
1584 static int gsm48_decode_si1_rest(struct gsm48_sysinfo *s, uint8_t *si,
1590 /* decode "SI 3 Rest Octets" (10.5.2.34) */
1591 static int gsm48_decode_si3_rest(struct gsm48_sysinfo *s, uint8_t *si,
1597 /* decode "SI 4 Rest Octets" (10.5.2.35) */
1598 static int gsm48_decode_si4_rest(struct gsm48_sysinfo *s, uint8_t *si,
1604 /* decode "SI 6 Rest Octets" (10.5.2.35a) */
1605 static int gsm48_decode_si6_rest(struct gsm48_sysinfo *s, uint8_t *si,
1611 /* send sysinfo event to other layers */
1612 static int gsm48_send_sysinfo(struct osmocom_ms *ms, uint8_t type)
1615 struct gsm322_msg *em;
1617 nmsg = gsm322_msgb_alloc(GSM322_EVENT_SYSINFO);
1620 em = (struct gsm322_msg *) nmsg->data;
1622 gsm322_cs_sendmsg(ms, nmsg);
1624 /* send timer info to location update process */
1625 nmsg = gsm48_mmevent_msgb_alloc(GSM48_MM_EVENT_SYSINFO);
1628 gsm48_mmevent_msg(ms, nmsg);
1633 /* receive "SYSTEM INFORMATION 1" message (9.1.31) */
1634 static int gsm48_rr_rx_sysinfo1(struct osmocom_ms *ms, struct msgb *msg)
1636 struct gsm48_system_information_type_1 *si = msgb_l3(msg);
1637 struct gsm48_sysinfo *s = &ms->sysinfo;
1638 int payload_len = msgb_l3len(msg) - sizeof(*si);
1640 if (payload_len < 0) {
1641 LOGP(DRR, LOGL_NOTICE, "Short read of SYSTEM INFORMATION 1 "
1646 if (!memcmp(si, s->si1_msg, MIN(msgb_l3len(msg), sizeof(s->si1_msg))))
1648 memcpy(s->si1_msg, si, MIN(msgb_l3len(msg), sizeof(s->si1_msg)));
1650 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 1\n");
1652 /* Cell Channel Description */
1653 gsm48_decode_freq_list(&ms->support, s->freq,
1654 si->cell_channel_description,
1655 sizeof(si->cell_channel_description), 0xce, FREQ_TYPE_SERV);
1656 /* RACH Control Parameter */
1657 gsm48_decode_rach_ctl_param(s, &si->rach_control);
1658 /* SI 1 Rest Octets */
1660 gsm48_decode_si1_rest(s, si->rest_octets, payload_len);
1664 return gsm48_send_sysinfo(ms, si->header.system_information);
1667 /* receive "SYSTEM INFORMATION 2" message (9.1.32) */
1668 static int gsm48_rr_rx_sysinfo2(struct osmocom_ms *ms, struct msgb *msg)
1670 struct gsm48_system_information_type_2 *si = msgb_l3(msg);
1671 struct gsm48_sysinfo *s = &ms->sysinfo;
1672 int payload_len = msgb_l3len(msg) - sizeof(*si);
1674 if (payload_len < 0) {
1675 LOGP(DRR, LOGL_NOTICE, "Short read of SYSTEM INFORMATION 2 "
1679 //printf("len = %d\n", MIN(msgb_l3len(msg), sizeof(s->si2_msg)));
1681 if (!memcmp(si, s->si2_msg, MIN(msgb_l3len(msg), sizeof(s->si2_msg))))
1683 memcpy(s->si2_msg, si, MIN(msgb_l3len(msg), sizeof(s->si2_msg)));
1685 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 2\n");
1687 /* Neighbor Cell Description */
1688 s->nb_ext_ind_si2 = (si->bcch_frequency_list[0] >> 6) & 1;
1689 s->nb_ba_ind_si2 = (si->bcch_frequency_list[0] >> 5) & 1;
1690 gsm48_decode_freq_list(&ms->support, s->freq, si->bcch_frequency_list,
1691 sizeof(si->bcch_frequency_list), 0xce, FREQ_TYPE_NCELL_2);
1693 s->nb_ncc_permitted = si->ncc_permitted;
1694 /* RACH Control Parameter */
1695 gsm48_decode_rach_ctl_neigh(s, &si->rach_control);
1699 return gsm48_send_sysinfo(ms, si->header.system_information);
1702 /* receive "SYSTEM INFORMATION 2bis" message (9.1.33) */
1703 static int gsm48_rr_rx_sysinfo2bis(struct osmocom_ms *ms, struct msgb *msg)
1705 struct gsm48_system_information_type_2bis *si = msgb_l3(msg);
1706 struct gsm48_sysinfo *s = &ms->sysinfo;
1707 int payload_len = msgb_l3len(msg) - sizeof(*si);
1709 if (payload_len < 0) {
1710 LOGP(DRR, LOGL_NOTICE, "Short read of SYSTEM INFORMATION 2bis "
1715 if (!memcmp(si, s->si2b_msg, MIN(msgb_l3len(msg),
1716 sizeof(s->si2b_msg))))
1718 memcpy(s->si2b_msg, si, MIN(msgb_l3len(msg), sizeof(s->si2b_msg)));
1720 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 2bis\n");
1722 /* Neighbor Cell Description */
1723 s->nb_ext_ind_si2bis = (si->bcch_frequency_list[0] >> 6) & 1;
1724 s->nb_ba_ind_si2bis = (si->bcch_frequency_list[0] >> 5) & 1;
1725 gsm48_decode_freq_list(&ms->support, s->freq,
1726 si->bcch_frequency_list,
1727 sizeof(si->bcch_frequency_list), 0x8e,
1728 FREQ_TYPE_NCELL_2bis);
1729 /* RACH Control Parameter */
1730 gsm48_decode_rach_ctl_neigh(s, &si->rach_control);
1734 return gsm48_send_sysinfo(ms, si->header.system_information);
1737 /* receive "SYSTEM INFORMATION 2ter" message (9.1.34) */
1738 static int gsm48_rr_rx_sysinfo2ter(struct osmocom_ms *ms, struct msgb *msg)
1740 struct gsm48_system_information_type_2ter *si = msgb_l3(msg);
1741 struct gsm48_sysinfo *s = &ms->sysinfo;
1742 int payload_len = msgb_l3len(msg) - sizeof(*si);
1744 if (payload_len < 0) {
1745 LOGP(DRR, LOGL_NOTICE, "Short read of SYSTEM INFORMATION 2ter "
1750 if (!memcmp(si, s->si2t_msg, MIN(msgb_l3len(msg),
1751 sizeof(s->si2t_msg))))
1753 memcpy(s->si2t_msg, si, MIN(msgb_l3len(msg), sizeof(s->si2t_msg)));
1755 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 2ter\n");
1757 /* Neighbor Cell Description 2 */
1758 s->nb_multi_rep_si2ter = (si->ext_bcch_frequency_list[0] >> 6) & 3;
1759 gsm48_decode_freq_list(&ms->support, s->freq,
1760 si->ext_bcch_frequency_list,
1761 sizeof(si->ext_bcch_frequency_list), 0x8e,
1762 FREQ_TYPE_NCELL_2ter);
1766 return gsm48_send_sysinfo(ms, si->header.system_information);
1769 /* receive "SYSTEM INFORMATION 3" message (9.1.35) */
1770 static int gsm48_rr_rx_sysinfo3(struct osmocom_ms *ms, struct msgb *msg)
1772 struct gsm48_system_information_type_3 *si = msgb_l3(msg);
1773 struct gsm48_sysinfo *s = &ms->sysinfo;
1774 int payload_len = msgb_l3len(msg) - sizeof(*si);
1776 if (payload_len < 0) {
1777 LOGP(DRR, LOGL_NOTICE, "Short read of SYSTEM INFORMATION 3 "
1782 if (!memcmp(si, s->si3_msg, MIN(msgb_l3len(msg), sizeof(s->si3_msg))))
1784 memcpy(s->si3_msg, si, MIN(msgb_l3len(msg), sizeof(s->si3_msg)));
1787 s->cell_id = ntohs(si->cell_identity);
1789 gsm48_decode_lai(&si->lai, &s->mcc, &s->mnc, &s->lac);
1790 /* Control Channel Description */
1791 gsm48_decode_ccd(s, &si->control_channel_desc);
1792 /* Cell Options (BCCH) */
1793 gsm48_decode_cellopt_bcch(s, &si->cell_options);
1794 /* Cell Selection Parameters */
1795 gsm48_decode_cell_sel_param(s, &si->cell_sel_par);
1796 /* RACH Control Parameter */
1797 gsm48_decode_rach_ctl_param(s, &si->rach_control);
1798 /* SI 3 Rest Octets */
1799 if (payload_len >= 4)
1800 gsm48_decode_si3_rest(s, si->rest_octets, payload_len);
1802 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 3 (mcc %03d mnc %02d "
1803 "lac 0x%04x)\n", s->mcc, s->mnc, s->lac);
1807 return gsm48_send_sysinfo(ms, si->header.system_information);
1810 /* receive "SYSTEM INFORMATION 4" message (9.1.36) */
1811 static int gsm48_rr_rx_sysinfo4(struct osmocom_ms *ms, struct msgb *msg)
1813 /* NOTE: pseudo length is not in this structure, so we skip */
1814 struct gsm48_system_information_type_4 *si = msgb_l3(msg);
1815 struct gsm48_sysinfo *s = &ms->sysinfo;
1816 int payload_len = msgb_l3len(msg) - sizeof(*si);
1817 uint8_t *data = si->data;
1818 struct gsm48_chan_desc *cd;
1820 if (payload_len < 0) {
1822 LOGP(DRR, LOGL_NOTICE, "Short read of SYSTEM INFORMATION 4 "
1827 if (!memcmp(si, s->si4_msg, MIN(msgb_l3len(msg), sizeof(s->si4_msg))))
1829 memcpy(s->si4_msg, si, MIN(msgb_l3len(msg), sizeof(s->si4_msg)));
1832 gsm48_decode_lai(&si->lai, &s->mcc, &s->mnc, &s->lac);
1833 /* Cell Selection Parameters */
1834 gsm48_decode_cell_sel_param(s, &si->cell_sel_par);
1835 /* RACH Control Parameter */
1836 gsm48_decode_rach_ctl_param(s, &si->rach_control);
1837 /* CBCH Channel Description */
1838 if (payload_len >= 1 && data[0] == GSM48_IE_CBCH_CHAN_DESC) {
1839 if (payload_len < 4)
1841 cd = (struct gsm48_chan_desc *) (data + 1);
1844 gsm48_decode_chan_h1(cd, &s->tsc, &s->maio, &s->hsn);
1847 gsm48_decode_chan_h0(cd, &s->tsc, &s->arfcn);
1852 /* CBCH Mobile Allocation */
1853 if (payload_len >= 1 && data[0] == GSM48_IE_CBCH_MOB_AL) {
1854 if (payload_len < 1 || payload_len < 2 + data[1])
1856 gsm48_decode_mobile_alloc(s, data + 2, si->data[1]);
1857 payload_len -= 2 + data[1];
1858 data += 2 + data[1];
1860 /* SI 4 Rest Octets */
1861 if (payload_len > 0)
1862 gsm48_decode_si4_rest(s, data, payload_len);
1864 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 4 (mcc %03d mnc %02d "
1865 "lac 0x%04x)\n", s->mcc, s->mnc, s->lac);
1869 return gsm48_send_sysinfo(ms, si->header.system_information);
1872 /* receive "SYSTEM INFORMATION 5" message (9.1.37) */
1873 static int gsm48_rr_rx_sysinfo5(struct osmocom_ms *ms, struct msgb *msg)
1875 /* NOTE: pseudo length is not in this structure, so we skip */
1876 struct gsm48_system_information_type_5 *si = msgb_l3(msg) + 1;
1877 struct gsm48_sysinfo *s = &ms->sysinfo;
1878 int payload_len = msgb_l3len(msg) - sizeof(*si) - 1;
1880 if (payload_len < 0) {
1881 LOGP(DRR, LOGL_NOTICE, "Short read of SYSTEM INFORMATION 5 "
1886 if (!memcmp(si, s->si5_msg, MIN(msgb_l3len(msg), sizeof(s->si5_msg))))
1888 memcpy(s->si5_msg, si, MIN(msgb_l3len(msg), sizeof(s->si5_msg)));
1890 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 5\n");
1892 /* Neighbor Cell Description */
1893 s->nb_ext_ind_si5 = (si->bcch_frequency_list[0] >> 6) & 1;
1894 s->nb_ba_ind_si5 = (si->bcch_frequency_list[0] >> 5) & 1;
1895 gsm48_decode_freq_list(&ms->support, s->freq, si->bcch_frequency_list,
1896 sizeof(si->bcch_frequency_list), 0xce, FREQ_TYPE_REP_5);
1900 return gsm48_send_sysinfo(ms, si->system_information);
1903 /* receive "SYSTEM INFORMATION 5bis" message (9.1.38) */
1904 static int gsm48_rr_rx_sysinfo5bis(struct osmocom_ms *ms, struct msgb *msg)
1906 /* NOTE: pseudo length is not in this structure, so we skip */
1907 struct gsm48_system_information_type_5bis *si = msgb_l3(msg) + 1;
1908 struct gsm48_sysinfo *s = &ms->sysinfo;
1909 int payload_len = msgb_l3len(msg) - sizeof(*si) - 1;
1911 if (payload_len < 0) {
1912 LOGP(DRR, LOGL_NOTICE, "Short read of SYSTEM INFORMATION 5bis "
1917 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 5bis\n");
1919 if (!memcmp(si, s->si5b_msg, MIN(msgb_l3len(msg),
1920 sizeof(s->si5b_msg))))
1922 memcpy(s->si5b_msg, si, MIN(msgb_l3len(msg), sizeof(s->si5b_msg)));
1924 /* Neighbor Cell Description */
1925 s->nb_ext_ind_si5bis = (si->bcch_frequency_list[0] >> 6) & 1;
1926 s->nb_ba_ind_si5bis = (si->bcch_frequency_list[0] >> 5) & 1;
1927 gsm48_decode_freq_list(&ms->support, s->freq, si->bcch_frequency_list,
1928 sizeof(si->bcch_frequency_list), 0xce, FREQ_TYPE_REP_5bis);
1932 return gsm48_send_sysinfo(ms, si->system_information);
1935 /* receive "SYSTEM INFORMATION 5ter" message (9.1.39) */
1936 static int gsm48_rr_rx_sysinfo5ter(struct osmocom_ms *ms, struct msgb *msg)
1938 /* NOTE: pseudo length is not in this structure, so we skip */
1939 struct gsm48_system_information_type_5ter *si = msgb_l3(msg) + 1;
1940 struct gsm48_sysinfo *s = &ms->sysinfo;
1941 int payload_len = msgb_l3len(msg) - sizeof(*si) - 1;
1943 if (payload_len < 0) {
1944 LOGP(DRR, LOGL_NOTICE, "Short read of SYSTEM INFORMATION 5ter "
1949 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 5ter\n");
1951 if (!memcmp(si, s->si5t_msg, MIN(msgb_l3len(msg),
1952 sizeof(s->si5t_msg))))
1954 memcpy(s->si5t_msg, si, MIN(msgb_l3len(msg), sizeof(s->si5t_msg)));
1956 /* Neighbor Cell Description */
1957 gsm48_decode_freq_list(&ms->support, s->freq, si->bcch_frequency_list,
1958 sizeof(si->bcch_frequency_list), 0xce, FREQ_TYPE_REP_5ter);
1962 return gsm48_send_sysinfo(ms, si->system_information);
1965 /* receive "SYSTEM INFORMATION 6" message (9.1.39) */
1966 static int gsm48_rr_rx_sysinfo6(struct osmocom_ms *ms, struct msgb *msg)
1968 /* NOTE: pseudo length is not in this structure, so we skip */
1969 struct gsm48_system_information_type_6 *si = msgb_l3(msg) + 1;
1970 struct gsm48_sysinfo *s = &ms->sysinfo;
1971 int payload_len = msgb_l3len(msg) - sizeof(*si) - 1;
1973 if (payload_len < 0) {
1974 LOGP(DRR, LOGL_NOTICE, "Short read of SYSTEM INFORMATION 6 "
1979 if (!memcmp(si, s->si6_msg, MIN(msgb_l3len(msg), sizeof(s->si6_msg))))
1981 memcpy(s->si6_msg, si, MIN(msgb_l3len(msg), sizeof(s->si6_msg)));
1984 if (s->si6 && s->cell_id != ntohs(si->cell_identity))
1985 LOGP(DRR, LOGL_INFO, "Cell ID on SI 6 differs from previous "
1987 s->cell_id = ntohs(si->cell_identity);
1989 gsm48_decode_lai(&si->lai, &s->mcc, &s->mnc, &s->lac);
1990 /* Cell Options (SACCH) */
1991 gsm48_decode_cellopt_sacch(s, &si->cell_options);
1993 s->nb_ncc_permitted = si->ncc_permitted;
1994 /* SI 6 Rest Octets */
1995 if (payload_len >= 4)
1996 gsm48_decode_si6_rest(s, si->rest_octets, payload_len);
1998 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 6 (mcc %03d mnc %02d "
1999 "lac 0x%04x)\n", s->mcc, s->mnc, s->lac);
2003 return gsm48_send_sysinfo(ms, si->system_information);
2010 /* paging channel request */
2011 static int gsm48_rr_chan2cause[4] = {
2012 RR_EST_CAUSE_ANS_PAG_ANY,
2013 RR_EST_CAUSE_ANS_PAG_SDCCH,
2014 RR_EST_CAUSE_ANS_PAG_TCH_F,
2015 RR_EST_CAUSE_ANS_PAG_TCH_ANY
2018 /* given LV of mobile identity is checked agains ms */
2019 static int gsm_match_mi(struct osmocom_ms *ms, uint8_t *mi)
2027 mi_type = mi[1] & GSM_MI_TYPE_MASK;
2029 case GSM_MI_TYPE_TMSI:
2032 memcpy(&tmsi, mi+2, 4);
2033 if (ms->subscr.tmsi == ntohl(tmsi)
2034 && ms->subscr.tmsi_valid) {
2035 LOGP(DRR, LOGL_INFO, "TMSI %08x matches\n", ntohl(tmsi));
2039 LOGP(DRR, LOGL_INFO, "TMSI %08x (not for us)\n",
2042 case GSM_MI_TYPE_IMSI:
2043 gsm48_mi_to_string(imsi, sizeof(imsi), mi + 1, mi[0]);
2044 if (!strcmp(imsi, ms->subscr.imsi)) {
2045 LOGP(DRR, LOGL_INFO, "IMSI %s matches\n", imsi);
2049 LOGP(DRR, LOGL_INFO, "IMSI %s (not for us)\n", imsi);
2052 LOGP(DRR, LOGL_NOTICE, "Paging with unsupported MI type %d.\n",
2059 /* 9.1.22 PAGING REQUEST 1 message received */
2060 static int gsm48_rr_rx_pag_req_1(struct osmocom_ms *ms, struct msgb *msg)
2062 struct gsm48_rrlayer *rr = &ms->rrlayer;
2063 struct gsm322_cellsel *cs = &ms->cellsel;
2064 struct gsm48_paging1 *pa = msgb_l3(msg);
2065 int payload_len = msgb_l3len(msg) - sizeof(*pa);
2069 /* 3.3.1.1.2: ignore paging while not camping on a cell */
2070 if (rr->state != GSM48_RR_ST_IDLE
2071 && cs->state != GSM322_C3_CAMPED_NORMALLY) {
2072 LOGP(DRR, LOGL_INFO, "PAGING ignored, we are not camping "
2077 if (payload_len < 2) {
2079 LOGP(DRR, LOGL_NOTICE, "Short read of PAGING REQUEST 1 "
2084 /* channel needed */
2085 chan_1 = pa->cneed1;
2086 chan_2 = pa->cneed2;
2089 if (payload_len < mi[0] + 1)
2091 if (gsm_match_mi(ms, mi) > 0)
2092 return gsm48_rr_tx_chan_req(ms, gsm48_rr_chan2cause[chan_1], 1);
2094 payload_len -= mi[0] + 1;
2095 mi = pa->data + mi[0] + 1;
2096 if (payload_len < 2)
2098 if (mi[0] != GSM48_IE_MOBILE_ID)
2100 if (payload_len < mi[1] + 2)
2102 if (gsm_match_mi(ms, mi + 1) > 0)
2103 return gsm48_rr_tx_chan_req(ms, gsm48_rr_chan2cause[chan_2], 1);
2108 /* 9.1.23 PAGING REQUEST 2 message received */
2109 static int gsm48_rr_rx_pag_req_2(struct osmocom_ms *ms, struct msgb *msg)
2111 struct gsm48_rrlayer *rr = &ms->rrlayer;
2112 struct gsm322_cellsel *cs = &ms->cellsel;
2113 struct gsm48_paging2 *pa = msgb_l3(msg);
2114 int payload_len = msgb_l3len(msg) - sizeof(*pa);
2116 int chan_1, chan_2, chan_3;
2118 /* 3.3.1.1.2: ignore paging while not camping on a cell */
2119 if (rr->state != GSM48_RR_ST_IDLE
2120 && cs->state != GSM322_C3_CAMPED_NORMALLY) {
2121 LOGP(DRR, LOGL_INFO, "PAGING ignored, we are not camping "
2126 if (payload_len < 0) {
2128 LOGP(DRR, LOGL_NOTICE, "Short read of PAGING REQUEST 2 "
2133 /* channel needed */
2134 chan_1 = pa->cneed1;
2135 chan_2 = pa->cneed2;
2137 if (ms->subscr.tmsi == ntohl(pa->tmsi1)
2138 && ms->subscr.tmsi_valid)
2139 return gsm48_rr_tx_chan_req(ms, gsm48_rr_chan2cause[chan_1], 1);
2141 if (ms->subscr.tmsi == ntohl(pa->tmsi2)
2142 && ms->subscr.tmsi_valid)
2143 return gsm48_rr_tx_chan_req(ms, gsm48_rr_chan2cause[chan_2], 1);
2146 if (payload_len < 2)
2148 if (mi[0] != GSM48_IE_MOBILE_ID)
2150 if (payload_len < mi[1] + 2 + 1) /* must include "channel needed" */
2152 chan_3 = mi[mi[1] + 2] & 0x03; /* channel needed */
2153 if (gsm_match_mi(ms, mi + 1) > 0)
2154 return gsm48_rr_tx_chan_req(ms, gsm48_rr_chan2cause[chan_3], 1);
2159 /* 9.1.24 PAGING REQUEST 3 message received */
2160 static int gsm48_rr_rx_pag_req_3(struct osmocom_ms *ms, struct msgb *msg)
2162 struct gsm48_rrlayer *rr = &ms->rrlayer;
2163 struct gsm322_cellsel *cs = &ms->cellsel;
2164 struct gsm48_paging3 *pa = msgb_l3(msg);
2165 int payload_len = msgb_l3len(msg) - sizeof(*pa);
2166 int chan_1, chan_2, chan_3, chan_4;
2168 /* 3.3.1.1.2: ignore paging while not camping on a cell */
2169 if (rr->state != GSM48_RR_ST_IDLE
2170 && cs->state != GSM322_C3_CAMPED_NORMALLY) {
2171 LOGP(DRR, LOGL_INFO, "PAGING ignored, we are not camping "
2176 if (payload_len < 0) { /* must include "channel needed", part of *pa */
2177 LOGP(DRR, LOGL_NOTICE, "Short read of PAGING REQUEST 3 "
2182 /* channel needed */
2183 chan_1 = pa->cneed1;
2184 chan_2 = pa->cneed2;
2185 chan_3 = pa->cneed3;
2186 chan_4 = pa->cneed4;
2188 if (ms->subscr.tmsi == ntohl(pa->tmsi1)
2189 && ms->subscr.tmsi_valid)
2190 return gsm48_rr_tx_chan_req(ms, gsm48_rr_chan2cause[chan_1], 1);
2192 if (ms->subscr.tmsi == ntohl(pa->tmsi2)
2193 && ms->subscr.tmsi_valid)
2194 return gsm48_rr_tx_chan_req(ms, gsm48_rr_chan2cause[chan_2], 1);
2196 if (ms->subscr.tmsi == ntohl(pa->tmsi3)
2197 && ms->subscr.tmsi_valid)
2198 return gsm48_rr_tx_chan_req(ms, gsm48_rr_chan2cause[chan_3], 1);
2200 if (ms->subscr.tmsi == ntohl(pa->tmsi4)
2201 && ms->subscr.tmsi_valid)
2202 return gsm48_rr_tx_chan_req(ms, gsm48_rr_chan2cause[chan_4], 1);
2208 * (immediate) assignment
2211 /* match request reference agains request history */
2212 static int gsm48_match_ra(struct osmocom_ms *ms, struct gsm48_req_ref *ref)
2214 struct gsm48_rrlayer *rr = &ms->rrlayer;
2217 for (i = 0; i < 3; i++) {
2218 if (rr->cr_hist[i] >= 0
2219 && ref->ra == rr->cr_hist[i]) {
2220 LOGP(DRR, LOGL_INFO, "request %02x matches\n", ref->ra);
2221 // todo: match timeslot
2229 /* 9.1.3 sending ASSIGNMENT COMPLETE */
2230 static int gsm48_rr_tx_ass_cpl(struct osmocom_ms *ms, uint8_t cause)
2233 struct gsm48_hdr *gh;
2234 struct gsm48_ass_cpl *ac;
2236 LOGP(DRR, LOGL_INFO, "ASSIGNMENT COMPLETE (cause #%d)\n", cause);
2238 nmsg = gsm48_l3_msgb_alloc();
2241 gh = (struct gsm48_hdr *) msgb_put(nmsg, sizeof(*gh));
2242 ac = (struct gsm48_ass_cpl *) msgb_put(nmsg, sizeof(*ac));
2244 gh->proto_discr = GSM48_PDISC_RR;
2245 gh->msg_type = GSM48_MT_RR_ASS_COMPL;
2248 ac->rr_cause = cause;
2250 return gsm48_send_rsl(ms, RSL_MT_DATA_REQ, nmsg);
2253 /* 9.1.4 sending ASSIGNMENT FAILURE */
2254 static int gsm48_rr_tx_ass_fail(struct osmocom_ms *ms, uint8_t cause)
2257 struct gsm48_hdr *gh;
2258 struct gsm48_ass_fail *af;
2260 LOGP(DRR, LOGL_INFO, "ASSIGNMENT FAILURE (cause #%d)\n", cause);
2262 nmsg = gsm48_l3_msgb_alloc();
2265 gh = (struct gsm48_hdr *) msgb_put(nmsg, sizeof(*gh));
2266 af = (struct gsm48_ass_fail *) msgb_put(nmsg, sizeof(*af));
2268 gh->proto_discr = GSM48_PDISC_RR;
2269 gh->msg_type = GSM48_MT_RR_ASS_COMPL;
2272 af->rr_cause = cause;
2274 return gsm48_send_rsl(ms, RSL_MT_DATA_REQ, nmsg);
2277 /* 9.1.18 IMMEDIATE ASSIGNMENT is received */
2278 static int gsm48_rr_rx_imm_ass(struct osmocom_ms *ms, struct msgb *msg)
2280 struct gsm48_rrlayer *rr = &ms->rrlayer;
2281 struct gsm48_imm_ass *ia = msgb_l3(msg);
2282 int ma_len = msgb_l3len(msg) - sizeof(*ia);
2283 uint8_t ch_type, ch_subch, ch_ts;
2284 struct gsm48_rr_cd cd;
2285 uint8_t *st, st_len;
2287 memset(&cd, 0, sizeof(cd));
2289 if (ma_len < 0 /* mobile allocation IE must be included */
2290 || ia->mob_alloc_len > ma_len) { /* short read of IE */
2291 LOGP(DRR, LOGL_NOTICE, "Short read of IMMEDIATE ASSIGNMENT "
2295 if (ia->mob_alloc_len > 8) {
2296 LOGP(DRR, LOGL_NOTICE, "Moble allocation in IMMEDIATE "
2297 "ASSIGNMENT too large.\n");
2302 st_len = ma_len - ia->mob_alloc_len;
2303 st = ia->mob_alloc + ia->mob_alloc_len;
2304 if (st_len >= 3 && st[0] == GSM48_IE_START_TIME)
2305 gsm48_decode_start_time(&cd, (struct gsm48_start_time *)(st+1));
2307 /* decode channel description */
2308 rsl_dec_chan_nr(ia->chan_desc.chan_nr, &ch_type, &ch_subch, &ch_ts);
2309 if (ia->chan_desc.h0.h) {
2311 gsm48_decode_chan_h1(&ia->chan_desc, &cd.tsc, &cd.maio,
2313 LOGP(DRR, LOGL_INFO, "IMMEDIATE ASSIGNMENT (ra=0x%02x, "
2314 "chan_nr=0x%02x, MAIO=%u, HSN=%u, TS=%u, SS=%u, "
2315 "TSC=%u)\n", ia->req_ref.ra, ia->chan_desc.chan_nr,
2316 cd.maio, cd.hsn, ch_ts, ch_subch, cd.tsc);
2319 gsm48_decode_chan_h0(&ia->chan_desc, &cd.tsc, &cd.arfcn);
2320 LOGP(DRR, LOGL_INFO, "IMMEDIATE ASSIGNMENT (ra=0x%02x, "
2321 "chan_nr=0x%02x, ARFCN=%u, TS=%u, SS=%u, TSC=%u)\n",
2322 ia->req_ref.ra, ia->chan_desc.chan_nr, cd.arfcn,
2323 ch_ts, ch_subch, cd.tsc);
2326 /* 3.3.1.1.2: ignore assignment while idle */
2327 if (rr->state != GSM48_RR_ST_CONN_PEND || !rr->wait_assign) {
2328 LOGP(DRR, LOGL_INFO, "no previous request\n");
2333 if (gsm48_match_ra(ms, &ia->req_ref)) {
2334 /* channel description */
2335 memcpy(&rr->cd_now, &cd, sizeof(rr->cd_now));
2336 /* timing advance */
2337 rr->cd_now.ta = ia->timing_advance;
2338 /* mobile allocation */
2339 memcpy(&rr->cd_now.mob_alloc_lv, &ia->mob_alloc_len,
2340 ia->mob_alloc_len + 1);
2341 rr->wait_assign = 0;
2342 return gsm48_rr_dl_est(ms);
2344 LOGP(DRR, LOGL_INFO, "does not match our request\n");
2349 /* 9.1.19 IMMEDIATE ASSIGNMENT EXTENDED is received */
2350 static int gsm48_rr_rx_imm_ass_ext(struct osmocom_ms *ms, struct msgb *msg)
2352 struct gsm48_rrlayer *rr = &ms->rrlayer;
2353 struct gsm48_imm_ass_ext *ia = msgb_l3(msg);
2354 int ma_len = msgb_l3len(msg) - sizeof(*ia);
2355 uint8_t ch_type, ch_subch, ch_ts;
2356 struct gsm48_rr_cd cd1, cd2;
2357 uint8_t *st, st_len;
2359 memset(&cd1, 0, sizeof(cd1));
2360 memset(&cd2, 0, sizeof(cd2));
2362 if (ma_len < 0 /* mobile allocation IE must be included */
2363 || ia->mob_alloc_len > ma_len) { /* short read of IE */
2364 LOGP(DRR, LOGL_NOTICE, "Short read of IMMEDIATE ASSIGNMENT "
2365 "EXTENDED message.\n");
2368 if (ia->mob_alloc_len > 4) {
2369 LOGP(DRR, LOGL_NOTICE, "Moble allocation in IMMEDIATE "
2370 "ASSIGNMENT EXTENDED too large.\n");
2375 st_len = ma_len - ia->mob_alloc_len;
2376 st = ia->mob_alloc + ia->mob_alloc_len;
2377 if (st_len >= 3 && st[0] == GSM48_IE_START_TIME) {
2378 gsm48_decode_start_time(&cd1,
2379 (struct gsm48_start_time *)(st+1));
2380 memcpy(&cd2, &cd1, sizeof(cd2));
2383 /* decode channel description */
2384 LOGP(DRR, LOGL_INFO, "IMMEDIATE ASSIGNMENT ");
2385 rsl_dec_chan_nr(ia->chan_desc1.chan_nr, &ch_type, &ch_subch, &ch_ts);
2386 if (ia->chan_desc1.h0.h) {
2388 gsm48_decode_chan_h1(&ia->chan_desc1, &cd1.tsc, &cd1.maio,
2390 LOGP(DRR, LOGL_INFO, "1(ra=0x%02x, "
2391 "chan_nr=0x%02x, MAIO=%u, HSN=%u, TS=%u, SS=%u, "
2392 "TSC=%u)\n", ia->req_ref1.ra, ia->chan_desc1.chan_nr,
2393 cd1.maio, cd1.hsn, ch_ts, ch_subch, cd1.tsc);
2396 gsm48_decode_chan_h0(&ia->chan_desc1, &cd1.tsc, &cd1.arfcn);
2397 LOGP(DRR, LOGL_INFO, "1(ra=0x%02x, "
2398 "chan_nr=0x%02x, ARFCN=%u, TS=%u, SS=%u, TSC=%u)\n",
2399 ia->req_ref1.ra, ia->chan_desc1.chan_nr, cd1.arfcn,
2400 ch_ts, ch_subch, cd1.tsc);
2402 rsl_dec_chan_nr(ia->chan_desc2.chan_nr, &ch_type, &ch_subch, &ch_ts);
2403 if (ia->chan_desc2.h0.h) {
2405 gsm48_decode_chan_h1(&ia->chan_desc2, &cd1.tsc, &cd1.maio,
2407 LOGP(DRR, LOGL_INFO, "2(ra=0x%02x, "
2408 "chan_nr=0x%02x, MAIO=%u, HSN=%u, TS=%u, SS=%u, "
2409 "TSC=%u)\n", ia->req_ref2.ra, ia->chan_desc2.chan_nr,
2410 cd2.maio, cd2.hsn, ch_ts, ch_subch, cd2.tsc);
2413 gsm48_decode_chan_h0(&ia->chan_desc2, &cd2.tsc, &cd2.arfcn);
2414 LOGP(DRR, LOGL_INFO, "2(ra=0x%02x, "
2415 "chan_nr=0x%02x, ARFCN=%u, TS=%u, SS=%u, TSC=%u)\n",
2416 ia->req_ref2.ra, ia->chan_desc2.chan_nr, cd2.arfcn,
2417 ch_ts, ch_subch, cd2.tsc);
2420 /* 3.3.1.1.2: ignore assignment while idle */
2421 if (rr->state != GSM48_RR_ST_CONN_PEND || !rr->wait_assign) {
2422 LOGP(DRR, LOGL_INFO, "no previous request\n");
2427 if (gsm48_match_ra(ms, &ia->req_ref1)) {
2428 /* channel description */
2429 memcpy(&rr->cd_now, &cd1, sizeof(rr->cd_now));
2430 /* timing advance */
2431 rr->cd_now.ta = ia->timing_advance1;
2432 /* mobile allocation */
2433 memcpy(&rr->cd_now.mob_alloc_lv, &ia->mob_alloc_len,
2434 ia->mob_alloc_len + 1);
2435 rr->wait_assign = 0;
2436 return gsm48_rr_dl_est(ms);
2439 if (gsm48_match_ra(ms, &ia->req_ref2)) {
2440 /* channel description */
2441 memcpy(&rr->cd_now, &cd2, sizeof(rr->cd_now));
2442 /* timing advance */
2443 rr->cd_now.ta = ia->timing_advance2;
2444 /* mobile allocation */
2445 memcpy(&rr->cd_now.mob_alloc_lv, &ia->mob_alloc_len,
2446 ia->mob_alloc_len + 1);
2447 rr->wait_assign = 0;
2448 return gsm48_rr_dl_est(ms);
2450 LOGP(DRR, LOGL_INFO, "does not match our request\n");
2455 /* 9.1.20 IMMEDIATE ASSIGNMENT REJECT is received */
2456 static int gsm48_rr_rx_imm_ass_rej(struct osmocom_ms *ms, struct msgb *msg)
2458 struct gsm48_rrlayer *rr = &ms->rrlayer;
2459 struct gsm48_imm_ass_rej *ia = msgb_l3(msg);
2460 int payload_len = msgb_l3len(msg) - sizeof(*ia);
2462 struct gsm48_req_ref *req_ref;
2463 uint8_t t3122_value;
2465 /* 3.3.1.1.2: ignore assignment while idle */
2466 if (rr->state != GSM48_RR_ST_CONN_PEND || !rr->wait_assign)
2469 if (payload_len < 0) {
2470 LOGP(DRR, LOGL_NOTICE, "Short read of IMMEDIATE ASSIGNMENT "
2471 "REJECT message.\n");
2475 for (i = 0; i < 4; i++) {
2476 /* request reference */
2477 req_ref = (struct gsm48_req_ref *)
2478 (((uint8_t *)&ia->req_ref1) + i * 4);
2479 LOGP(DRR, LOGL_INFO, "IMMEDIATE ASSIGNMENT REJECT "
2480 "(ref 0x%02x)\n", req_ref->ra);
2481 if (gsm48_match_ra(ms, req_ref)) {
2482 /* wait indication */
2483 t3122_value = *(((uint8_t *)&ia->wait_ind1) + i * 4);
2485 start_rr_t3122(rr, t3122_value, 0);
2486 /* start timer 3126 if not already */
2487 if (!bsc_timer_pending(&rr->t3126))
2488 start_rr_t3126(rr, 5, 0); /* TODO improve! */
2489 /* stop assignmnet requests */
2492 /* wait until timer 3126 expires, then release
2493 * or wait for channel assignment */
2501 /* 9.1.1 ADDITIONAL ASSIGMENT is received */
2502 static int gsm48_rr_rx_add_ass(struct osmocom_ms *ms, struct msgb *msg)
2504 struct gsm48_hdr *gh = msgb_l3(msg);
2505 struct gsm48_add_ass *aa = (struct gsm48_add_ass *)gh->data;
2506 int payload_len = msgb_l3len(msg) - sizeof(*gh) - sizeof(*aa);
2507 struct tlv_parsed tp;
2509 if (payload_len < 0) {
2510 LOGP(DRR, LOGL_NOTICE, "Short read of ADDITIONAL ASSIGNMENT "
2512 return gsm48_rr_tx_rr_status(ms,
2513 GSM48_RR_CAUSE_PROT_ERROR_UNSPC);
2515 tlv_parse(&tp, &gsm48_rr_att_tlvdef, aa->data, payload_len, 0, 0);
2517 return gsm48_rr_tx_rr_status(ms, GSM48_RR_CAUSE_PROT_ERROR_UNSPC);
2521 * measturement reports
2524 static int gsm48_rr_tx_meas_rep(struct osmocom_ms *ms)
2526 struct gsm48_rrlayer *rr = &ms->rrlayer;
2527 struct gsm48_rr_meas *meas = &rr->meas;
2529 struct gsm48_hdr *gh;
2530 struct gsm48_meas_res *mr;
2532 nmsg = gsm48_l3_msgb_alloc();
2535 gh = (struct gsm48_hdr *) msgb_put(nmsg, sizeof(*gh));
2536 mr = (struct gsm48_meas_res *) msgb_put(nmsg, sizeof(*mr));
2538 gh->proto_discr = GSM48_PDISC_RR;
2539 gh->msg_type = GSM48_MT_RR_MEAS_REP;
2541 /* measurement results */
2542 mr->rxlev_full = meas->rxlev_full;
2543 mr->rxlev_sub = meas->rxlev_sub;
2544 mr->rxqual_full = meas->rxqual_full;
2545 mr->rxqual_sub = meas->rxqual_sub;
2546 mr->dtx_used = meas->dtx;
2547 mr->ba_used = meas->ba;
2548 mr->meas_valid = meas->meas_valid;
2549 if (meas->ncell_na) {
2550 /* no results for serving cells */
2554 mr->no_nc_n_hi = meas->count >> 2;
2555 mr->no_nc_n_lo = meas->count & 3;
2557 mr->rxlev_nc1 = meas->rxlev_nc[0];
2558 mr->rxlev_nc2_hi = meas->rxlev_nc[1] >> 1;
2559 mr->rxlev_nc2_lo = meas->rxlev_nc[1] & 1;
2560 mr->rxlev_nc3_hi = meas->rxlev_nc[2] >> 2;
2561 mr->rxlev_nc3_lo = meas->rxlev_nc[2] & 3;
2562 mr->rxlev_nc4_hi = meas->rxlev_nc[3] >> 3;
2563 mr->rxlev_nc4_lo = meas->rxlev_nc[3] & 7;
2564 mr->rxlev_nc5_hi = meas->rxlev_nc[4] >> 4;
2565 mr->rxlev_nc5_lo = meas->rxlev_nc[4] & 15;
2566 mr->rxlev_nc6_hi = meas->rxlev_nc[5] >> 5;
2567 mr->rxlev_nc6_lo = meas->rxlev_nc[5] & 31;
2568 mr->bsic_nc1_hi = meas->bsic_nc[0] >> 3;
2569 mr->bsic_nc1_lo = meas->bsic_nc[0] & 7;
2570 mr->bsic_nc2_hi = meas->bsic_nc[1] >> 4;
2571 mr->bsic_nc2_lo = meas->bsic_nc[1] & 15;
2572 mr->bsic_nc3_hi = meas->bsic_nc[2] >> 5;
2573 mr->bsic_nc3_lo = meas->bsic_nc[2] & 31;
2574 mr->bsic_nc4 = meas->bsic_nc[3];
2575 mr->bsic_nc5 = meas->bsic_nc[4];
2576 mr->bsic_nc6 = meas->bsic_nc[5];
2577 mr->bcch_f_nc1 = meas->bcch_f_nc[0];
2578 mr->bcch_f_nc2 = meas->bcch_f_nc[1];
2579 mr->bcch_f_nc3 = meas->bcch_f_nc[2];
2580 mr->bcch_f_nc4 = meas->bcch_f_nc[3];
2581 mr->bcch_f_nc5_hi = meas->bcch_f_nc[4] >> 1;
2582 mr->bcch_f_nc5_lo = meas->bcch_f_nc[4] & 1;
2583 mr->bcch_f_nc6_hi = meas->bcch_f_nc[5] >> 2;
2584 mr->bcch_f_nc6_lo = meas->bcch_f_nc[5] & 3;
2586 return gsm48_send_rsl(ms, RSL_MT_UNIT_DATA_REQ, nmsg);
2590 * link establishment and release
2593 /* activate link and send establish request */
2594 static int gsm48_rr_dl_est(struct osmocom_ms *ms)
2596 struct gsm48_rrlayer *rr = &ms->rrlayer;
2597 struct gsm_subscriber *subscr = &ms->subscr;
2599 struct gsm48_hdr *gh;
2600 struct gsm48_pag_rsp *pr;
2606 /* flush pending RACH requests */
2608 rr->n_chan_req = 0; // just to be safe
2609 nmsg = msgb_alloc_headroom(20, 16, "RAND_FLUSH");
2612 gsm48_send_rsl(ms, RSL_MT_RAND_ACC_FLSH, msg);
2614 if (bsc_timer_pending(&rr->temp_rach_ti))
2615 bsc_del_timer(&rr->temp_rach_ti);
2618 /* send DL_EST_REQ */
2619 if (rr->rr_est_msg) {
2620 /* use queued message */
2621 nmsg = rr->rr_est_msg;
2623 LOGP(DRR, LOGL_INFO, "sending establish message\n");
2625 /* create paging response */
2626 nmsg = gsm48_l3_msgb_alloc();
2629 gh = (struct gsm48_hdr *) msgb_put(nmsg, sizeof(*gh));
2630 pr = (struct gsm48_pag_rsp *) msgb_put(nmsg, sizeof(*pr));
2632 pr->key_seq = subscr->key_seq;
2634 pr->cm2_len = sizeof(pr->cm2);
2635 gsm48_rr_enc_cm2(ms, &pr->cm2);
2636 /* mobile identity */
2637 if (ms->subscr.tmsi_valid) {
2638 gsm48_generate_mid_from_tmsi(mi, subscr->tmsi);
2639 LOGP(DRR, LOGL_INFO, "sending paging response with "
2641 } else if (subscr->imsi[0]) {
2642 gsm48_generate_mid_from_imsi(mi, subscr->imsi);
2643 LOGP(DRR, LOGL_INFO, "sending paging response with "
2647 mi[2] = 0xf0 | GSM_MI_TYPE_NONE;
2648 LOGP(DRR, LOGL_INFO, "sending paging response without "
2651 msgb_put(nmsg, 1 + mi[1]);
2652 memcpy(pr->data, mi + 1, 1 + mi[1]);
2655 /* activate channel */
2657 RSL_MT_ to activate channel with all the cd_now informations
2659 rr->arfcn = rr->cd_now.chan_nr;
2660 tx_ph_dm_est_req(ms, rr->cd_now.arfcn, rr->arfcn);
2663 /* start establishmnet */
2664 return gsm48_send_rsl(ms, RSL_MT_EST_REQ, nmsg);
2667 /* the link is established */
2668 static int gsm48_rr_estab_cnf(struct osmocom_ms *ms, struct msgb *msg)
2670 struct gsm48_rrlayer *rr = &ms->rrlayer;
2673 /* if MM has releases before confirm, we start release */
2674 if (rr->state == GSM48_RR_ST_IDLE) {
2675 LOGP(DRR, LOGL_INFO, "MM already released RR.\n");
2676 /* release message */
2677 nmsg = gsm48_l3_msgb_alloc();
2681 return gsm48_send_rsl(ms, RSL_MT_REL_REQ, nmsg);
2685 new_rr_state(rr, GSM48_RR_ST_DEDICATED);
2687 /* send confirm to upper layer */
2688 nmsg = gsm48_rr_msgb_alloc(
2689 (rr->rr_est_req) ? GSM48_RR_EST_CNF : GSM48_RR_EST_IND);
2692 return gsm48_rr_upmsg(ms, nmsg);
2695 /* the link is released */
2696 static int gsm48_rr_rel_cnf(struct osmocom_ms *ms, struct msgb *msg)
2698 struct gsm48_rrlayer *rr = &ms->rrlayer;
2700 /* deactivate channel */
2701 LOGP(DRR, LOGL_INFO, "deactivating channel (arfcn %d)\n", rr->arfcn);
2703 release and give new arfcn
2704 tx_ph_dm_rel_req(ms, arfcn, rr->chan_desc.chan_desc.chan_nr);
2706 l1ctl_tx_ccch_req(ms, rr->arfcn);
2709 /* do nothing, because we aleady IDLE
2710 * or we received the rel cnf of the last connection
2711 * while already requesting a new one (CONN PEND)
2718 * radio ressource requests
2721 /* establish request for dedicated mode */
2722 static int gsm48_rr_est_req(struct osmocom_ms *ms, struct msgb *msg)
2724 struct gsm48_rrlayer *rr = &ms->rrlayer;
2725 struct gsm322_cellsel *cs = &ms->cellsel;
2726 struct gsm48_sysinfo *s = &ms->sysinfo;
2727 struct gsm_subscriber *subscr = &ms->subscr;
2728 struct gsm48_rr_hdr *rrh = (struct gsm48_rr_hdr *) msg->data;
2729 struct gsm48_hdr *gh = msgb_l3(msg);
2732 struct gsm48_rr_hdr *nrrh;
2736 if (bsc_timer_pending(&rr->t3122)) {
2737 if (rrh->cause != RR_EST_CAUSE_EMERGENCY) {
2738 LOGP(DRR, LOGL_INFO, "T3122 running, rejecting!\n");
2739 cause = RR_REL_CAUSE_T3122;
2741 nmsg = gsm48_rr_msgb_alloc(GSM48_RR_REL_IND);
2744 nrrh = (struct gsm48_rr_hdr *)nmsg->data;
2745 nrrh->cause = cause;
2746 return gsm48_rr_upmsg(ms, nmsg);
2748 LOGP(DRR, LOGL_INFO, "T3122 running, but emergency call\n");
2752 /* check if camping */
2753 if (cs->state != GSM322_C3_CAMPED_NORMALLY
2754 && rrh->cause != RR_EST_CAUSE_EMERGENCY) {
2755 LOGP(DRR, LOGL_INFO, "Not camping normally, rejecting!\n");
2756 cause = RR_REL_CAUSE_EMERGENCY_ONLY;
2759 if (cs->state != GSM322_C3_CAMPED_NORMALLY
2760 && cs->state != GSM322_C7_CAMPED_ANY_CELL) {
2761 LOGP(DRR, LOGL_INFO, "Not camping, rejecting!\n");
2762 cause = RR_REL_CAUSE_TRY_LATER;
2766 /* check for relevant informations */
2768 LOGP(DRR, LOGL_INFO, "Not enough SI, rejecting!\n");
2769 cause = RR_REL_CAUSE_TRY_LATER;
2774 if (!subscr->acc_barr && s->cell_barr) {
2775 LOGP(DRR, LOGL_INFO, "Cell barred, rejecting!\n");
2776 cause = RR_REL_CAUSE_NOT_AUTHORIZED;
2779 if (rrh->cause == RR_EST_CAUSE_EMERGENCY)
2780 acc_class = subscr->acc_class | 0x0400;
2782 acc_class = subscr->acc_class & 0xfbff;
2783 if (!subscr->acc_barr && !(acc_class & (s->class_barr ^ 0xffff))) {
2784 LOGP(DRR, LOGL_INFO, "Cell barred for our access class (access "
2785 "%04x barred %04x)!\n", acc_class, s->class_barr);
2786 cause = RR_REL_CAUSE_NOT_AUTHORIZED;
2790 /* requested by RR */
2793 /* clone and store REQUEST message */
2795 LOGP(DRR, LOGL_ERROR, "Error, missing l3 message\n");
2798 rr->rr_est_msg = msgb_alloc_headroom(256, 16, "EST_REQ");
2799 if (!rr->rr_est_msg)
2801 memcpy(msgb_put(rr->rr_est_msg, msgb_l3len(msg)),
2802 msgb_l3(msg), msgb_l3len(msg));
2804 /* request channel */
2805 return gsm48_rr_tx_chan_req(ms, rrh->cause, 0);
2808 /* send all queued messages down to layer 2 */
2809 static int gsm48_rr_dequeue_down(struct osmocom_ms *ms)
2811 struct gsm48_rrlayer *rr = &ms->rrlayer;
2814 while((msg = msgb_dequeue(&rr->downqueue))) {
2815 LOGP(DRR, LOGL_INFO, "Sending queued message.\n");
2816 gsm48_send_rsl(ms, RSL_MT_DATA_REQ, msg);
2822 /* 3.4.2 transfer data in dedicated mode */
2823 static int gsm48_rr_data_req(struct osmocom_ms *ms, struct msgb *msg)
2825 struct gsm48_rrlayer *rr = &ms->rrlayer;
2827 if (rr->state != GSM48_RR_ST_DEDICATED) {
2832 /* pull RR header */
2833 msgb_pull(msg, sizeof(struct gsm48_rr_hdr));
2835 /* queue message, during handover or assignment procedure */
2836 if (rr->hando_susp_state || rr->assign_susp_state) {
2837 LOGP(DRR, LOGL_INFO, "Queueing message during suspend.\n");
2838 msgb_enqueue(&rr->downqueue, msg);
2842 /* forward message */
2843 return gsm48_send_rsl(ms, RSL_MT_DATA_REQ, msg);
2847 * data indications from data link
2850 /* 3.4.2 data from layer 2 to RR and upper layer*/
2851 static int gsm48_rr_data_ind(struct osmocom_ms *ms, struct msgb *msg)
2853 struct gsm48_hdr *gh = msgb_l3(msg);
2854 struct gsm48_rr_hdr *rrh;
2855 uint8_t pdisc = gh->proto_discr & 0x0f;
2857 if (pdisc == GSM48_PDISC_RR) {
2859 uint8_t skip_ind = (gh->proto_discr & 0xf0) >> 4;
2861 /* ignore if skip indicator is not B'0000' */
2865 switch(gh->msg_type) {
2866 case GSM48_MT_RR_ADD_ASS:
2867 rc = gsm48_rr_rx_add_ass(ms, msg);
2870 case GSM48_MT_RR_ASS_CMD:
2871 rc = gsm48_rr_rx_ass_cmd(ms, msg);
2873 case GSM48_MT_RR_CIP_MODE_CMD:
2874 rc = gsm48_rr_rx_cip_mode_cmd(ms, msg);
2877 case GSM48_MT_RR_CLSM_ENQ:
2878 rc = gsm48_rr_rx_cm_enq(ms, msg);
2881 case GSM48_MT_RR_HANDO_CMD:
2882 rc = gsm48_rr_rx_hando_cmd(ms, msg);
2884 case GSM48_MT_RR_FREQ_REDEF:
2885 rc = gsm48_rr_rx_freq_redef(ms, msg);
2889 LOGP(DRR, LOGL_NOTICE, "Message type 0x%02x unknown.\n",
2892 /* status message */
2893 gsm48_rr_tx_rr_status(ms, GSM48_RR_CAUSE_MSG_TYPE_N);
2900 /* pull off RSL header up to L3 message */
2901 msgb_pull(msg, (long)msgb_l3(msg) - (long)msg->data);
2903 /* push RR header */
2904 msgb_push(msg, sizeof(struct gsm48_rr_hdr));
2905 rrh = (struct gsm48_rr_hdr *)msg->data;
2906 rrh->msg_type = GSM48_RR_DATA_IND;
2908 return gsm48_rr_upmsg(ms, msg);
2911 /* receive BCCH at RR layer */
2912 static int gsm48_rr_rx_bcch(struct osmocom_ms *ms, struct msgb *msg)
2914 struct gsm48_system_information_type_header *sih = msgb_l3(msg);
2916 switch (sih->system_information) {
2917 case GSM48_MT_RR_SYSINFO_1:
2918 return gsm48_rr_rx_sysinfo1(ms, msg);
2919 case GSM48_MT_RR_SYSINFO_2:
2920 return gsm48_rr_rx_sysinfo2(ms, msg);
2921 case GSM48_MT_RR_SYSINFO_2bis:
2922 return gsm48_rr_rx_sysinfo2bis(ms, msg);
2923 case GSM48_MT_RR_SYSINFO_2ter:
2924 return gsm48_rr_rx_sysinfo2ter(ms, msg);
2925 case GSM48_MT_RR_SYSINFO_3:
2926 return gsm48_rr_rx_sysinfo3(ms, msg);
2927 case GSM48_MT_RR_SYSINFO_4:
2928 return gsm48_rr_rx_sysinfo4(ms, msg);
2930 LOGP(DRR, LOGL_NOTICE, "BCCH message type 0x%02x unknown.\n",
2931 sih->system_information);
2936 /* receive CCCH at RR layer */
2937 static int gsm48_rr_rx_ccch(struct osmocom_ms *ms, struct msgb *msg)
2939 struct gsm48_system_information_type_header *sih = msgb_l3(msg);
2940 struct gsm322_cellsel *cs = &ms->cellsel;
2942 /* when changing/deactivating ccch, ignore pending messages */
2943 if (!cs->ccch_active)
2946 switch (sih->system_information) {
2947 case GSM48_MT_RR_SYSINFO_5:
2948 return gsm48_rr_rx_sysinfo5(ms, msg);
2949 case GSM48_MT_RR_SYSINFO_5bis:
2950 return gsm48_rr_rx_sysinfo5bis(ms, msg);
2951 case GSM48_MT_RR_SYSINFO_5ter:
2952 return gsm48_rr_rx_sysinfo5ter(ms, msg);
2953 case GSM48_MT_RR_SYSINFO_6:
2954 return gsm48_rr_rx_sysinfo6(ms, msg);
2956 case GSM48_MT_RR_PAG_REQ_1:
2957 return gsm48_rr_rx_pag_req_1(ms, msg);
2958 case GSM48_MT_RR_PAG_REQ_2:
2959 return gsm48_rr_rx_pag_req_2(ms, msg);
2960 case GSM48_MT_RR_PAG_REQ_3:
2961 return gsm48_rr_rx_pag_req_3(ms, msg);
2962 case GSM48_MT_RR_IMM_ASS:
2963 return gsm48_rr_rx_imm_ass(ms, msg);
2964 case GSM48_MT_RR_IMM_ASS_EXT:
2965 return gsm48_rr_rx_imm_ass_ext(ms, msg);
2966 case GSM48_MT_RR_IMM_ASS_REJ:
2967 return gsm48_rr_rx_imm_ass_rej(ms, msg);
2969 LOGP(DRR, LOGL_NOTICE, "CCCH message type 0x%02x unknown.\n",
2970 sih->system_information);
2975 /* unit data from layer 2 to RR layer */
2976 static int gsm48_rr_unit_data_ind(struct osmocom_ms *ms, struct msgb *msg)
2978 struct abis_rsl_rll_hdr *rllh = msgb_l2(msg);
2979 struct tlv_parsed tv;
2981 DEBUGP(DRSL, "RSLms UNIT DATA IND chan_nr=0x%02x link_id=0x%02x\n",
2982 rllh->chan_nr, rllh->link_id);
2984 rsl_tlv_parse(&tv, rllh->data, msgb_l2len(msg)-sizeof(*rllh));
2985 if (!TLVP_PRESENT(&tv, RSL_IE_L3_INFO)) {
2986 DEBUGP(DRSL, "UNIT_DATA_IND without L3 INFO ?!?\n");
2989 msg->l3h = (uint8_t *) TLVP_VAL(&tv, RSL_IE_L3_INFO);
2991 switch (rllh->chan_nr) {
2992 case RSL_CHAN_PCH_AGCH:
2993 return gsm48_rr_rx_ccch(ms, msg);
2995 return gsm48_rr_rx_bcch(ms, msg);
2997 LOGP(DRSL, LOGL_NOTICE, "RSL with chan_nr 0x%02x unknown.\n",
3007 /* state trasitions for link layer messages (lower layer) */
3008 static struct dldatastate {
3011 const char *type_name;
3012 int (*rout) (struct osmocom_ms *ms, struct msgb *msg);
3013 } dldatastatelist[] = {
3014 {SBIT(GSM48_RR_ST_IDLE) | SBIT(GSM48_RR_ST_CONN_PEND),
3015 RSL_MT_UNIT_DATA_IND, "UNIT_DATA_IND", gsm48_rr_unit_data_ind},
3016 {SBIT(GSM48_RR_ST_DEDICATED), /* 3.4.2 */
3017 RSL_MT_DATA_IND, "DATA_IND", gsm48_rr_data_ind},
3018 {SBIT(GSM48_RR_ST_IDLE) | SBIT(GSM48_RR_ST_CONN_PEND),
3019 RSL_MT_EST_CONF, "EST_CONF", gsm48_rr_estab_cnf},
3021 {SBIT(GSM48_RR_ST_DEDICATED),
3022 RSL_MT_EST_CONF, "EST_CONF", gsm48_rr_estab_cnf_dedicated},
3024 RSL_MT_CONNECT_CNF, "CONNECT_CNF", gsm48_rr_connect_cnf},
3026 RSL_MT_RELEASE_IND, "REL_IND", gsm48_rr_rel_ind},
3028 {SBIT(GSM48_RR_ST_IDLE) | SBIT(GSM48_RR_ST_CONN_PEND),
3029 RSL_MT_REL_CONF, "REL_CONF", gsm48_rr_rel_cnf},
3031 {SBIT(GSM48_RR_ST_DEDICATED),
3032 RSL_MT_REL_CONF, "REL_CONF", gsm48_rr_rel_cnf_dedicated},
3034 {SBIT(GSM48_RR_ST_CONN_PEND), /* 3.3.1.1.2 */
3035 RSL_MT_CHAN_CNF, "CHAN_CNF", gsm48_rr_rand_acc_cnf},
3037 {SBIT(GSM48_RR_ST_DEDICATED),
3038 RSL_MT_CHAN_CNF, "CHAN_CNF", gsm48_rr_rand_acc_cnf_dedicated},
3040 RSL_MT_MDL_ERROR_IND, "MDL_ERROR_IND", gsm48_rr_mdl_error_ind},
3044 #define DLDATASLLEN \
3045 (sizeof(dldatastatelist) / sizeof(struct dldatastate))
3047 static int gsm48_rcv_rsl(struct osmocom_ms *ms, struct msgb *msg)
3049 struct gsm48_rrlayer *rr = &ms->rrlayer;
3050 struct abis_rsl_rll_hdr *rllh = msgb_l2(msg);
3051 int msg_type = rllh->c.msg_type;
3055 /* find function for current state and message */
3056 for (i = 0; i < DLDATASLLEN; i++)
3057 if ((msg_type == dldatastatelist[i].type)
3058 && ((1 << rr->state) & dldatastatelist[i].states))
3060 if (i == DLDATASLLEN) {
3061 LOGP(DRSL, LOGL_NOTICE, "RSLms message 0x%02x unhandled at "
3062 "state %s.\n", msg_type, gsm48_rr_state_names[rr->state]);
3066 LOGP(DRSL, LOGL_INFO, "(ms %s) Received 'RSL_MT_%s' from RSL in state "
3067 "%s\n", ms->name, dldatastatelist[i].type_name,
3068 gsm48_rr_state_names[rr->state]);
3070 rc = dldatastatelist[i].rout(ms, msg);
3072 /* free msgb unless it is forwarded */
3073 if (dldatastatelist[i].rout != gsm48_rr_data_ind)
3081 /* state trasitions for RR-SAP messages from up */
3082 static struct rrdownstate {
3085 int (*rout) (struct osmocom_ms *ms, struct msgb *msg);
3086 } rrdownstatelist[] = {
3087 {SBIT(GSM48_RR_ST_IDLE), /* 3.3.1.1 */
3088 GSM48_RR_EST_REQ, gsm48_rr_est_req},
3089 {SBIT(GSM48_RR_ST_DEDICATED), /* 3.4.2 */
3090 GSM48_RR_DATA_REQ, gsm48_rr_data_req},
3092 {SBIT(GSM48_RR_ST_CONN_PEND) | SBIT(GSM48_RR_ST_DEDICATED),
3093 GSM48_RR_ABORT_REQ, gsm48_rr_abort_req},
3094 {SBIT(GSM48_RR_ST_DEDICATED),
3095 GSM48_RR_ACT_REQ, gsm48_rr_act_req},
3099 #define RRDOWNSLLEN \
3100 (sizeof(rrdownstatelist) / sizeof(struct rrdownstate))
3102 int gsm48_rr_downmsg(struct osmocom_ms *ms, struct msgb *msg)
3104 struct gsm48_rrlayer *rr = &ms->rrlayer;
3105 struct gsm48_rr_hdr *rrh = (struct gsm48_rr_hdr *) msg->data;
3106 int msg_type = rrh->msg_type;
3110 LOGP(DRR, LOGL_INFO, "(ms %s) Message '%s' received in state %s\n",
3111 ms->name, get_rr_name(msg_type),
3112 gsm48_rr_state_names[rr->state]);
3114 /* find function for current state and message */
3115 for (i = 0; i < RRDOWNSLLEN; i++)
3116 if ((msg_type == rrdownstatelist[i].type)
3117 && ((1 << rr->state) & rrdownstatelist[i].states))
3119 if (i == RRDOWNSLLEN) {
3120 LOGP(DRR, LOGL_NOTICE, "Message unhandled at this state.\n");
3125 rc = rrdownstatelist[i].rout(ms, msg);
3127 /* free msgb uless it is forwarded */
3128 if (rrdownstatelist[i].rout != gsm48_rr_data_req)
3138 int gsm48_rr_init(struct osmocom_ms *ms)
3140 struct gsm48_rrlayer *rr = &ms->rrlayer;
3142 memset(rr, 0, sizeof(*rr));
3145 LOGP(DRR, LOGL_INFO, "init Radio Ressource process\n");
3147 INIT_LLIST_HEAD(&rr->rsl_upqueue);
3148 INIT_LLIST_HEAD(&rr->downqueue);
3149 /* downqueue is handled here, so don't add_work */
3151 osmol2_register_handler(ms, &gsm48_rx_rsl);
3156 int gsm48_rr_exit(struct osmocom_ms *ms)
3158 struct gsm48_rrlayer *rr = &ms->rrlayer;
3161 LOGP(DRR, LOGL_INFO, "exit Radio Ressource process\n");
3164 while ((msg = msgb_dequeue(&rr->rsl_upqueue)))
3166 while ((msg = msgb_dequeue(&rr->downqueue)))
3169 if (rr->rr_est_msg) {
3170 msgb_free(rr->rr_est_msg);
3171 rr->rr_est_msg = NULL;
3182 the process above is complete
3183 ------------------------------------------------------------------------------
3206 add support structure
3207 initialize support structure
3209 queue messages (rslms_data_req) if channel changes
3211 flush rach msg in all cases: during sending, after its done, and when aborted
3212 stop timers on abort
3213 debugging. (wenn dies todo erledigt ist, bitte in den anderen code moven)
3214 wird beim abbruch immer der gepufferte cm-service-request entfernt, auch beim verschicken?:
3216 todo rr_sync_ind when receiving ciph, re ass, channel mode modify
3218 todo change procedures, release procedure
3220 during procedures, like "channel assignment" or "handover", rr requests must be queued
3221 they must be dequeued when complete
3222 they queue must be flushed when rr fails
3224 #include <osmocore/protocol/gsm_04_08.h>
3225 #include <osmocore/msgb.h>
3226 #include <osmocore/utils.h>
3227 #include <osmocore/gsm48.h>
3229 static int gsm48_rr_abort_req(struct osmocom_ms *ms, struct gsm48_rr *rrmsg)
3231 struct gsm48_rrlayer *rr = ms->rrlayer;
3233 if (rr->state == GSM48_RR_ST_DEDICATED) {
3234 struct gsm_dl dlmsg;
3236 memset(&dlmsg, 0, sizeof(dlmsg));
3237 return gsm48_send_rsl(ms, RSL_MT_REL_REQ, nmsg);
3239 new_rr_state(rr, GSM48_RR_ST_IDLE);
3242 static int gsm48_rr_act_req(struct osmocom_ms *ms, struct gsm48_rr *rrmsg)
3249 /* memcopy of LV of given IE from tlv_parsed structure */
3250 static int tlv_copy(void *dest, int dest_len, struct tlv_parsed *tp, uint8_t ie)
3259 if (!TLVP_PRESENT(tp, ie))
3262 len = TLVP_LEN(tp, ie);
3265 if (len + 1 > dest_len)
3268 memcpy(dest, TLVP_VAL(tp, ie) - 1, len + 1);
3272 static int gsm48_rr_rx_ass_cmd(struct osmocom_ms *ms, struct msgb *msg)
3274 struct gsm48_rrlayer *rr = ms->rrlayer;
3275 struct gsm48_hdr *gh = msgb_l3(msg);
3276 struct gsm48_ass_cmd *ac = (struct gsm48_ass_cmd *)gh->data;
3277 int payload_len = msgb_l3len(msg) - sizeof(*gh) - sizeof(*ac);
3278 struct tlv_parsed tp;
3279 struct gsm48_rr_chan_desc cd;
3282 memset(&cd, 0, sizeof(cd));
3284 if (payload_len < 0) {
3285 LOGP(DRR, LOGL_NOTICE, "Short read of ASSIGNMENT COMMAND message.\n");
3286 return gsm48_rr_tx_rr_status(ms, GSM48_RR_CAUSE_PROT_ERROR_UNSPC);
3288 tlv_parse(&tp, &gsm48_rr_att_tlvdef, ac->data, payload_len, 0, 0);
3290 /* channel description */
3291 memcpy(&cd.chan_desc, &ac->chan_desc, sizeof(chan_desc));
3293 cd.power_command = ac->power_command;
3294 /* frequency list, after timer */
3295 tlv_copy(&cd.fl, sizeof(fl_after), &tp, GSM48_IE_FRQLIST_AFTER);
3296 /* cell channel description */
3297 tlv_copy(&cd.ccd, sizeof(ccd), &tp, GSM48_IE_CELL_CH_DESC);
3298 /* multislot allocation */
3299 tlv_copy(&cd.multia, sizeof(ma), &tp, GSM48_IE_MSLOT_DESC);
3301 tlv_copy(&cd.chanmode, sizeof(chanmode), &tp, GSM48_IE_CHANMODE_1);
3302 /* mobile allocation, after time */
3303 tlv_copy(&cd.moba_after, sizeof(moba_after), &tp, GSM48_IE_MOB_AL_AFTER);
3305 tlv_copy(&cd.start, sizeof(start), &tp, GSM_IE_START_TIME);
3306 /* frequency list, before time */
3307 tlv_copy(&cd.fl_before, sizeof(fl_before), &tp, GSM48_IE_FRQLIST_BEFORE);
3308 /* channel description, before time */
3309 tlv_copy(&cd.chan_desc_before, sizeof(cd_before), &tp, GSM48_IE_CHDES_1_BEFORE);
3310 /* frequency channel sequence, before time */
3311 tlv_copy(&cd.fcs_before, sizeof(fcs_before), &tp, GSM48_IE_FRQSEQ_BEFORE);
3312 /* mobile allocation, before time */
3313 tlv_copy(&cd.moba_before, sizeof(moba_before), &tp, GSM48_IE_MOB_AL_BEFORE);
3314 /* cipher mode setting */
3315 if (TLVP_PRESENT(&tp, GSM48_IE_CIP_MODE_SET))
3316 cd.cipher = *TLVP_VAL(&tp, GSM48_IE_CIP_MODE_SET);
3321 LOGP(DRR, LOGL_INFO, "No current cell allocation available.\n");
3322 return gsm48_rr_tx_rr_status(ms, GSM48_RR_CAUSE_NO_CELL_ALLOC_A);
3325 if (not supported) {
3326 LOGP(DRR, LOGL_INFO, "New channel is not supported.\n");
3327 return gsm48_rr_tx_rr_status(ms, RR_CAUSE_CHAN_MODE_UNACCEPT);
3330 if (freq not supported) {
3331 LOGP(DRR, LOGL_INFO, "New frequency is not supported.\n");
3332 return gsm48_rr_tx_rr_status(ms, RR_CAUSE_FREQ_NOT_IMPLEMENTED);
3335 /* store current channel descriptions, to return in case of failure */
3336 memcpy(&rr->chan_last, &rr->chan_desc, sizeof(*cd));
3337 /* copy new description */
3338 memcpy(&rr->chan_desc, cd, sizeof(cd));
3340 /* start suspension of current link */
3341 nmsg = gsm48_l3_msgb_alloc();
3344 gsm48_send_rsl(ms, RSL_MT_SUSP_REQ, msg);
3346 /* change into special assignment suspension state */
3347 rr->assign_susp_state = 1;
3348 rr->resume_last_state = 0;
3353 /* decode "BA Range" (10.5.2.1a) */
3354 static int gsm48_decode_ba_range(uint8_t *ba, uint8_t, ba_len, uint32_t *range,
3355 uint8_t *ranges, int max_ranges)
3357 /* ba = pointer to IE without IE type and length octets
3358 * ba_len = number of octets
3359 * range = pointer to store decoded range
3360 * ranges = number of ranges decoded
3361 * max_ranges = maximum number of decoded ranges that can be stored
3363 uint16_t lower, higher;
3364 int i, n, required_octets;
3366 /* find out how much ba ranges will be decoded */
3369 required_octets = 5 * (n >> 1) + 3 * (n & 1);
3370 if (required_octets > n) {
3378 for (i = 0; i < n; i++) {
3380 /* decode even range number */
3382 lower |= (*ba >> 6);
3383 higher = (*ba++ & 0x3f) << 4;
3386 lower = (*ba++ & 0x0f) << 6;
3388 higher = (*ba++ & 0x03) << 8;
3390 /* decode odd range number */
3392 *range++ = (higher << 16) | lower;
3400 /* decode "Cell Description" (10.5.2.2) */
3401 static int gsm48_decode_cell_desc(struct gsm48_cell_desc *cd, uint16_t *arfcn, uint8_t *ncc uint8_t *bcc)
3403 *arfcn = (cd->bcch_hi << 8) + cd->bcch_lo;
3408 /* decode "Power Command" (10.5.2.28) and (10.5.2.28a) */
3409 static int gsm48_decode_power_cmd_acc(struct gsm48_power_cmd *pc, uint8_t *power_level uint8_t *atc)
3411 *power_level = pc->power_level;
3412 if (atc) /* only in case of 10.5.2.28a */
3416 /* decode "Synchronization Indication" (10.5.2.39) */
3417 static int gsm48_decode_power_cmd_acc(struct gsm48_rrlayer *rr, struct gsm48_rr_sync_ind *si)
3419 rr->ho_sync_ind = si->si;
3420 rr->ho_rot = si->rot;
3421 rr->ho_nci = si->nci;
3424 /* receiving HANDOVER COMMAND message (9.1.15) */
3425 static int gsm48_rr_rx_hando_cmd(struct osmocom_ms *ms, struct msgb *msg)
3427 struct gsm48_rrlayer *rr = ms->rrlayer;
3428 struct gsm48_hdr *gh = msgb_l3(msg);
3429 struct gsm48_ho_cmd *ho = (struct gsm48_ho_cmd *)gh->data;
3430 int payload_len = msgb_l3len(msg) - sizeof(*gh) - wirklich sizeof(*ho);
3431 struct tlv_parsed tp;
3432 struct gsm48_rr_chan_desc cd;
3435 memset(&cd, 0, sizeof(cd));
3437 if (payload_len < 0) {
3438 LOGP(DRR, LOGL_NOTICE, "Short read of HANDOVER COMMAND message.\n");
3439 return gsm48_rr_tx_rr_status(ms, GSM48_RR_CAUSE_PROT_ERROR_UNSPC);
3441 tlv_parse(&tp, &gsm48_rr_att_tlvdef, ho->data, payload_len, 0, 0);
3443 /* decode Cell Description */
3444 gsm_decode_cell_desc(&ho->cell_desc, &cd.bcch_arfcn, &cd.ncc, &cd.bcc);
3445 /* Channel Description */
3446 memcpy(&rr->chan_desc.chan_desc, ho->chan_desc, 3);
3447 /* Handover Reference */
3448 rr->hando_ref = ho->ho_ref;
3449 /* Power Command and access type */
3450 gsm_decode_power_cmd_acc((struct gsm48_power_cmd *)&ho->power_command,
3451 &cd.power_level, cd.atc);
3452 /* Synchronization Indication */
3453 if (TLVP_PRESENT(&tp, GSM48_IE_SYNC_IND))
3454 gsm48_decode_sync_ind(rr,
3455 TLVP_VAL(&tp, GSM48_IE_MOBILE_ALLOC)-1, &cd);
3456 /* Frequency Sort List */
3457 if (TLVP_PRESENT(&tp, GSM48_IE_FREQ_SHORT_LIST))
3458 gsm48_decode_freq_list(&ms->support, s->freq,
3459 TLVP_VAL(&tp, GSM48_IE_MOBILE_ALLOC),
3460 *(TLVP_VAL(&tp, GSM48_IE_MOBILE_ALLOC)-1),
3461 0xce, FREQ_TYPE_SERV);
3464 today: more IE parsing
3466 /* store current channel descriptions, to return in case of failure */
3467 memcpy(&rr->chan_last, &rr->chan_desc, sizeof(*cd));
3468 /* copy new description */
3469 memcpy(&rr->chan_desc, cd, sizeof(cd));
3471 /* start suspension of current link */
3472 nmsg = gsm48_l3_msgb_alloc();
3475 gsm48_send_rsl(ms, RSL_MT_SUSP_REQ, msg);
3477 /* change into special handover suspension state */
3478 rr->hando_susp_state = 1;
3479 rr->resume_last_state = 0;
3484 static int gsm48_rr_estab_cnf_dedicated(struct osmocom_ms *ms, struct msgb *msg)
3486 if (rr->hando_susp_state || rr->assign_susp_state) {
3487 if (rr->resume_last_state) {
3488 rr->resume_last_state = 0;
3489 gsm48_rr_tx_ass_cpl(ms, GSM48_RR_CAUSE_NORMAL);
3491 gsm48_rr_tx_ass_fail(ms, RR_CAUSE_PROTO_ERR_UNSPEC);
3493 /* transmit queued frames during ho / ass transition */
3494 gsm48_rr_dequeue_down(ms);
3500 static int gsm48_rr_connect_cnf(struct osmocom_ms *ms, struct msgbl *msg)
3504 static int gsm48_rr_rel_ind(struct osmocom_ms *ms, struct msgb *msg)
3508 static int gsm48_rr_rel_cnf_dedicated(struct osmocom_ms *ms, struct msgb *msg)
3510 struct gsm48_rrlayer *rr = ms->rrlayer;
3513 if (rr->hando_susp_state || rr->assign_susp_state) {
3516 /* change radio to new channel */
3517 rr->arfcn = rr->chan_desc.chan_desc.chan_nr;
3518 tx_ph_dm_est_req(ms, arfcn, rr->arfcn);
3520 nmsg = gsm48_l3_msgb_alloc();
3523 /* send DL-ESTABLISH REQUEST */
3524 gsm48_send_rsl(ms, RSL_MT_EST_REQ, nmsg);
3527 if (rr->hando_susp_state) {
3528 gsm48_rr_tx_hando_access(ms);
3529 rr->hando_acc_left = 3;
3534 static int gsm48_rr_mdl_error_ind(struct osmocom_ms *ms, struct msgb *msg)
3536 struct gsm48_rrlayer *rr = ms->rrlayer;
3538 struct gsm_rr_hdr *nrrh;
3540 if (rr->hando_susp_state || rr->assign_susp_state) {
3541 if (!rr->resume_last_state) {
3542 rr->resume_last_state = 1;
3544 /* get old channel description */
3545 memcpy(&rr->chan_desc, &rr->chan_last, sizeof(*cd));
3547 /* change radio to old channel */
3548 rr->arfcn = rr->chan_desc.chan_desc.chan_nr;
3549 tx_ph_dm_est_req(ms, arfcn, rr->arfcn);
3551 /* re-establish old link */
3552 nmsg = gsm48_l3_msgb_alloc();
3555 return gsm48_send_rsl(ms, RSL_MT_EST_REQ, nmsg);
3557 rr->resume_last_state = 0;
3560 /* deactivate channel */
3561 tx_ph_dm_rel_req(ms, arfcn, rr->chan_desc.chan_desc.chan_nr);
3563 /* send abort ind to upper layer */
3564 nmsg = gsm48_mm_msgb_alloc();
3568 nrrh = (struct gsm_mm_hdr *)nmsg->data;
3569 nrrh->msg_type = RR_ABORT_IND;
3570 nrrh->cause = GSM_MM_CAUSE_LINK_FAILURE;
3571 return gsm48_rr_upmsg(ms, msg);
3574 static void timeout_rr_t3124(void *arg)
3576 struct gsm48_rrlayer *rr = arg;
3579 /* stop sending more access bursts when timer expired */
3582 /* get old channel description */
3583 memcpy(&rr->chan_desc, &rr->chan_last, sizeof(*cd));
3585 /* change radio to old channel */
3586 rr->arfcn = rr->chan_desc.chan_desc.chan_nr;
3587 tx_ph_dm_est_req(ms, arfcn, rr->arfcn);
3589 /* re-establish old link */
3590 nmsg = gsm48_l3_msgb_alloc();
3593 return gsm48_send_rsl(ms, RSL_MT_EST_REQ, nmsg);
3598 /* send HANDOVER ACCESS burst (9.1.14) */
3599 static int gsm48_rr_tx_hando_access(struct osmocom_ms *ms)
3601 nmsg = msgb_alloc_headroom(20, 16, "HAND_ACCESS");
3604 *msgb_put(nmsg, 1) = rr->hando_ref;
3606 return gsm48_send_rsl(ms, RSL_MT_RAND_ACC_REQ, nmsg);
3609 /* send next channel request in dedicated state */
3610 static int gsm48_rr_rand_acc_cnf_dedicated(struct osmocom_ms *ms, struct msgb *msg)
3612 struct gsm48_rrlayer *rr = &ms->rrlayer;
3616 if (!rr->hando_susp_state) {
3617 LOGP(DRR, LOGL_NOTICE, "Random acces confirm, but not in handover state.\n");
3621 /* send up to four handover access bursts */
3622 if (rr->hando_acc_left) {
3623 rr->hando_acc_left--;
3624 gsm48_rr_tx_hando_access(ms);
3628 /* start timer for sending next HANDOVER ACCESS bursts afterwards */
3629 if (!bsc_timer_pending(&rr->t3124)) {
3630 if (allocated channel is SDCCH)
3631 start_rr_t3124(rr, GSM_T3124_675);
3633 start_rr_t3124(rr, GSM_T3124_320);
3634 if (!rr->n_chan_req) {
3635 start_rr_t3126(rr, 5, 0); /* TODO improve! */
3640 /* wait for PHYSICAL INFORMATION message or T3124 timeout */
projects / osmocom-bb.git / blob