2 * (C) 2010 by Andreas Eversberg <jolly@eversberg.eu>
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License along
17 * with this program; if not, write to the Free Software Foundation, Inc.,
18 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22 /* Very short description of some of the procedures:
24 * A radio ressource request causes sendig a channel request on RACH.
25 * After receiving of an immediate assignment the link will be establised.
26 * After the link is established, the dedicated mode is entered and confirmed.
28 * A Paging request also triggers the channel request as above...
29 * After the link is established, the dedicated mode is entered and indicated.
31 * During dedicated mode, messages are transferred.
33 * When an assignment command or a handover command is received, the current
34 * link is released. After release, the new channel is activated and the
35 * link is established again. After link is establised, pending messages from
36 * radio ressource are sent.
38 * When the assignment or handover fails, the old channel is activate and the
39 * link is established again. Also pending messages are sent.
48 #include <arpa/inet.h>
50 #include <osmocore/msgb.h>
51 #include <osmocore/utils.h>
52 #include <osmocore/rsl.h>
53 #include <osmocore/gsm48.h>
54 #include <osmocore/bitvec.h>
56 #include <osmocom/logging.h>
57 #include <osmocom/osmocom_data.h>
59 static int gsm48_rcv_rsl(struct osmocom_ms *ms, struct msgb *msg);
60 static int gsm48_rr_dl_est(struct osmocom_ms *ms);
66 #define MIN(a, b) ((a < b) ? a : b)
68 int gsm48_decode_lai(struct gsm48_loc_area_id *lai, uint16_t *mcc,
69 uint16_t *mnc, uint16_t *lac)
71 *mcc = (lai->digits[0] & 0x0f) * 100
72 + (lai->digits[0] >> 4) * 10
73 + (lai->digits[1] & 0x0f);
74 *mnc = (lai->digits[2] & 0x0f) * 10
75 + (lai->digits[2] >> 4);
76 if ((lai->digits[1] >> 4) != 0xf) /* 3 digits MNC */
77 *mnc += (lai->digits[1] >> 4) * 100;
78 *lac = ntohs(lai->lac);
83 static int gsm48_encode_chan_h0(struct gsm48_chan_desc *cd, uint8_t tsc,
88 cd->h0.arfcn_low = arfcn & 0xff;
89 cd->h0.arfcn_high = arfcn >> 8;
94 static int gsm48_encode_chan_h1(struct gsm48_chan_desc *cd, uint8_t tsc,
95 uint8_t maio, uint8_t hsn)
99 cd->h1.maio_low = maio & 0x03;
100 cd->h1.maio_high = maio >> 2;
107 static int gsm48_decode_chan_h0(struct gsm48_chan_desc *cd, uint8_t *tsc,
111 *arfcn = cd->h0.arfcn_low | (cd->h0.arfcn_high << 8);
116 static int gsm48_decode_chan_h1(struct gsm48_chan_desc *cd, uint8_t *tsc,
117 uint8_t *maio, uint8_t *hsn)
120 *maio = cd->h1.maio_low | (cd->h1.maio_high << 2);
126 /* 10.5.2.38 decode Starting time IE */
127 static int gsm48_decode_start_time(struct gsm48_rr_cd *cd,
128 struct gsm48_start_time *st)
130 cd->start_t1 = st->t1;
131 cd->start_t2 = st->t2;
132 cd->start_t3 = (st->t3_high << 3) | st->t3_low;
141 static const char *gsm48_rr_state_names[] = {
147 static void new_rr_state(struct gsm48_rrlayer *rr, int state)
149 if (state < 0 || state >=
150 (sizeof(gsm48_rr_state_names) / sizeof(char *)))
153 if (state == GSM48_RR_ST_IDLE) {
154 struct msgb *msg, *nmsg;
156 /* free establish message, if any */
158 if (rr->rr_est_msg) {
159 msgb_free(rr->rr_est_msg);
160 rr->rr_est_msg = NULL;
162 /* free all pending messages */
163 while((msg = msgb_dequeue(&rr->downqueue)))
165 /* clear all descriptions of last channel */
166 memset(&rr->cd_now, 0, sizeof(rr->cd_now));
169 /* tell cell selection process to return to idle mode
170 * NOTE: this must be sent unbuffered, because it will
171 * leave camping state, so it locks against subsequent
172 * establishment of dedicated channel, before the
173 * cell selection process returned to camping state
176 nmsg = gsm322_msgb_alloc(GSM322_EVENT_LEAVE_IDLE);
179 gsm322_c_event(rr->ms, nmsg);
183 LOGP(DRR, LOGL_INFO, "new state %s -> %s\n",
184 gsm48_rr_state_names[rr->state], gsm48_rr_state_names[state]);
193 /* names of RR-SAP */
194 static const struct value_string gsm48_rr_msg_names[] = {
195 { GSM48_RR_EST_REQ, "RR_EST_REQ" },
196 { GSM48_RR_EST_IND, "RR_EST_IND" },
197 { GSM48_RR_EST_CNF, "RR_EST_CNF" },
198 { GSM48_RR_REL_IND, "RR_REL_IND" },
199 { GSM48_RR_SYNC_IND, "RR_SYNC_IND" },
200 { GSM48_RR_DATA_REQ, "RR_DATA_REQ" },
201 { GSM48_RR_DATA_IND, "RR_DATA_IND" },
202 { GSM48_RR_UNIT_DATA_IND, "RR_UNIT_DATA_IND" },
203 { GSM48_RR_ABORT_REQ, "RR_ABORT_REQ" },
204 { GSM48_RR_ABORT_IND, "RR_ABORT_IND" },
205 { GSM48_RR_ACT_REQ, "RR_ACT_REQ" },
209 const char *get_rr_name(int value)
211 return get_value_string(gsm48_rr_msg_names, value);
214 /* allocate GSM 04.08 layer 3 message */
215 struct msgb *gsm48_l3_msgb_alloc(void)
219 msg = msgb_alloc_headroom(L3_ALLOC_SIZE+L3_ALLOC_HEADROOM,
220 L3_ALLOC_HEADROOM, "GSM 04.08 L3");
223 msg->l3h = msg->data;
228 /* allocate GSM 04.08 message (RR-SAP) */
229 struct msgb *gsm48_rr_msgb_alloc(int msg_type)
232 struct gsm48_rr_hdr *rrh;
234 msg = msgb_alloc_headroom(RR_ALLOC_SIZE+RR_ALLOC_HEADROOM,
235 RR_ALLOC_HEADROOM, "GSM 04.08 RR");
239 rrh = (struct gsm48_rr_hdr *) msgb_put(msg, sizeof(*rrh));
240 rrh->msg_type = msg_type;
245 /* queue message (RR-SAP) */
246 int gsm48_rr_upmsg(struct osmocom_ms *ms, struct msgb *msg)
248 struct gsm48_mmlayer *mm = &ms->mmlayer;
250 msgb_enqueue(&mm->rr_upqueue, msg);
255 /* push rsl header and send (RSL-SAP) */
256 static int gsm48_send_rsl(struct osmocom_ms *ms, uint8_t msg_type,
259 struct gsm48_rrlayer *rr = &ms->rrlayer;
261 rsl_rll_push_l3(msg, msg_type, rr->cd_now.chan_nr,
262 rr->cd_now.link_id, 1);
264 return rslms_recvmsg(msg, ms);
267 /* enqueue messages (RSL-SAP) */
268 static int gsm48_rx_rll(struct msgb *msg, struct osmocom_ms *ms)
270 struct gsm48_rrlayer *rr = &ms->rrlayer;
273 return gsm48_rcv_rsl(ms, msg);
274 msgb_enqueue(&rr->rsl_upqueue, msg);
279 /* input function that L2 calls when sending messages up to L3 */
280 static int gsm48_rx_rsl(struct msgb *msg, struct osmocom_ms *ms)
282 struct abis_rsl_common_hdr *rslh = msgb_l2(msg);
285 switch (rslh->msg_discr & 0xfe) {
286 case ABIS_RSL_MDISC_RLL:
287 rc = gsm48_rx_rll(msg, ms);
290 /* FIXME: implement this */
291 LOGP(DRSL, LOGL_NOTICE, "unknown RSLms msg_discr 0x%02x\n",
300 /* dequeue messages (RSL-SAP) */
301 int gsm48_rsl_dequeue(struct osmocom_ms *ms)
303 struct gsm48_rrlayer *rr = &ms->rrlayer;
307 while ((msg = msgb_dequeue(&rr->rsl_upqueue))) {
308 /* msg is freed there */
309 gsm48_rcv_rsl(ms, msg);
310 work = 1; /* work done */
320 static void timeout_rr_t3122(void *arg)
322 LOGP(DRR, LOGL_INFO, "timer T3122 has fired\n");
325 static void timeout_rr_t3126(void *arg)
327 struct gsm48_rrlayer *rr = arg;
328 struct osmocom_ms *ms = rr->ms;
330 LOGP(DRR, LOGL_INFO, "timer T3126 has fired\n");
331 if (rr->rr_est_req) {
332 struct msgb *msg = gsm48_rr_msgb_alloc(GSM48_RR_REL_IND);
333 struct gsm48_rr_hdr *rrh;
337 rrh = (struct gsm48_rr_hdr *)msg->data;
338 rrh->cause = RR_REL_CAUSE_RA_FAILURE;
339 gsm48_rr_upmsg(ms, msg);
342 new_rr_state(rr, GSM48_RR_ST_IDLE);
345 static void start_rr_t3122(struct gsm48_rrlayer *rr, int sec, int micro)
347 LOGP(DRR, LOGL_INFO, "starting T3122 with %d seconds\n", sec);
348 rr->t3122.cb = timeout_rr_t3122;
350 bsc_schedule_timer(&rr->t3122, sec, micro);
353 static void start_rr_t3126(struct gsm48_rrlayer *rr, int sec, int micro)
355 LOGP(DRR, LOGL_INFO, "starting T3126 with %d seconds\n", sec);
356 rr->t3126.cb = timeout_rr_t3126;
358 bsc_schedule_timer(&rr->t3126, sec, micro);
361 static void stop_rr_t3122(struct gsm48_rrlayer *rr)
363 if (bsc_timer_pending(&rr->t3122)) {
364 LOGP(DRR, LOGL_INFO, "stopping pending timer T3122\n");
365 bsc_del_timer(&rr->t3122);
369 static void stop_rr_t3126(struct gsm48_rrlayer *rr)
371 if (bsc_timer_pending(&rr->t3126)) {
372 LOGP(DRR, LOGL_INFO, "stopping pending timer T3126\n");
373 bsc_del_timer(&rr->t3126);
381 /* send rr status request */
382 static int gsm48_rr_tx_rr_status(struct osmocom_ms *ms, uint8_t cause)
385 struct gsm48_hdr *gh;
386 struct gsm48_rr_status *st;
388 LOGP(DRR, LOGL_INFO, "RR STATUS (cause #%d)\n", cause);
390 nmsg = gsm48_l3_msgb_alloc();
393 gh = (struct gsm48_hdr *) msgb_put(nmsg, sizeof(*gh));
394 st = (struct gsm48_rr_status *) msgb_put(nmsg, sizeof(*st));
396 gh->proto_discr = GSM48_PDISC_RR;
397 gh->msg_type = GSM48_MT_RR_CIPH_M_COMPL;
400 st->rr_cause = cause;
402 return gsm48_send_rsl(ms, RSL_MT_DATA_REQ, nmsg);
409 /* send chiperhing mode complete */
410 static int gsm48_rr_tx_cip_mode_cpl(struct osmocom_ms *ms, uint8_t cr)
412 struct gsm_support *sup = &ms->support;
414 struct gsm48_hdr *gh;
415 uint8_t buf[11], *tlv;
417 LOGP(DRR, LOGL_INFO, "CIPHERING MODE COMPLETE (cr %d)\n", cr);
419 nmsg = gsm48_l3_msgb_alloc();
422 gh = (struct gsm48_hdr *) msgb_put(nmsg, sizeof(*gh));
424 gh->proto_discr = GSM48_PDISC_RR;
425 gh->msg_type = GSM48_MT_RR_CIPH_M_COMPL;
429 gsm48_generate_mid_from_imsi(buf, sup->imeisv);
430 tlv = msgb_put(nmsg, 2 + buf[1]);
431 memcpy(tlv, buf, 2 + buf[1]);
434 return gsm48_send_rsl(ms, RSL_MT_DATA_REQ, nmsg);
437 /* receive ciphering mode command */
438 static int gsm48_rr_rx_cip_mode_cmd(struct osmocom_ms *ms, struct msgb *msg)
440 struct gsm48_rrlayer *rr = &ms->rrlayer;
441 struct gsm_support *sup = &ms->support;
442 struct gsm48_hdr *gh = msgb_l3(msg);
443 struct gsm48_cip_mode_cmd *cm = (struct gsm48_cip_mode_cmd *)gh->data;
444 int payload_len = msgb_l3len(msg) - sizeof(*gh) - sizeof(*cm);
445 uint8_t sc, alg_id, cr;
447 if (payload_len < 0) {
448 LOGP(DRR, LOGL_NOTICE, "Short read of CIPHERING MODE COMMAND "
450 return gsm48_rr_tx_rr_status(ms,
451 GSM48_RR_CAUSE_PROT_ERROR_UNSPC);
454 /* cipher mode setting */
457 /* cipher mode response */
461 LOGP(DRR, LOGL_INFO, "CIPHERING MODE COMMAND (sc=%u, cr=%u)",
464 LOGP(DRR, LOGL_INFO, "CIPHERING MODE COMMAND (sc=%u, "
465 "algo=A5/%d cr=%u)", sc, alg_id + 1, cr);
468 if (rr->cipher_on && sc) {
469 LOGP(DRR, LOGL_INFO, "cipering already applied.\n");
470 return gsm48_rr_tx_rr_status(ms,
471 GSM48_RR_CAUSE_PROT_ERROR_UNSPC);
474 /* check if we actually support this cipher */
475 if ((alg_id == GSM_CIPHER_A5_1 && !sup->a5_1)
476 || (alg_id == GSM_CIPHER_A5_2 && !sup->a5_2)
477 || (alg_id == GSM_CIPHER_A5_3 && !sup->a5_3)
478 || (alg_id == GSM_CIPHER_A5_4 && !sup->a5_4)
479 || (alg_id == GSM_CIPHER_A5_5 && !sup->a5_5)
480 || (alg_id == GSM_CIPHER_A5_6 && !sup->a5_6)
481 || (alg_id == GSM_CIPHER_A5_7 && !sup->a5_7))
482 return gsm48_rr_tx_rr_status(ms,
483 GSM48_RR_CAUSE_CHAN_MODE_UNACCT);
485 /* change to ciphering */
487 rsl command to activate ciperhing
489 rr->cipher_on = sc, rr->cipher_type = alg_id;
492 return gsm48_rr_tx_cip_mode_cpl(ms, cr);
499 /* Encode "Classmark 3" (10.5.1.7) */
500 static int gsm48_rr_enc_cm3(struct osmocom_ms *ms, uint8_t *buf, uint8_t *len)
502 struct gsm_support *sup = &ms->support;
505 memset(&bv, 0, sizeof(bv));
510 bitvec_set_bit(&bv, 0);
511 /* band 3 supported */
513 bitvec_set_bit(&bv, ONE);
515 bitvec_set_bit(&bv, ZERO);
516 /* band 2 supported */
517 if (sup->e_gsm || sup->r_gsm)
518 bitvec_set_bit(&bv, ONE);
520 bitvec_set_bit(&bv, ZERO);
521 /* band 1 supported */
522 if (sup->p_gsm && !(sup->e_gsm || sup->r_gsm))
523 bitvec_set_bit(&bv, ONE);
525 bitvec_set_bit(&bv, ZERO);
528 bitvec_set_bit(&bv, ONE);
530 bitvec_set_bit(&bv, ZERO);
532 bitvec_set_bit(&bv, ONE);
534 bitvec_set_bit(&bv, ZERO);
536 bitvec_set_bit(&bv, ONE);
538 bitvec_set_bit(&bv, ZERO);
540 bitvec_set_bit(&bv, ONE);
542 bitvec_set_bit(&bv, ZERO);
543 /* radio capability */
544 if (sup->dcs_1800 && !sup->p_gsm && !(sup->e_gsm || sup->r_gsm)) {
546 bitvec_set_uint(&bv, 0, 4);
547 bitvec_set_uint(&bv, sup->dcs_capa, 4);
549 if (sup->dcs_1800 && (sup->p_gsm || (sup->e_gsm || sup->r_gsm))) {
551 bitvec_set_uint(&bv, sup->dcs_capa, 4);
553 bitvec_set_uint(&bv, sup->low_capa, 4);
556 bitvec_set_uint(&bv, 0, 4);
557 bitvec_set_uint(&bv, sup->low_capa, 4);
561 bitvec_set_bit(&bv, ONE);
562 bitvec_set_uint(&bv, sup->r_capa, 3);
564 bitvec_set_bit(&bv, ZERO);
566 /* multi slot support */
568 bitvec_set_bit(&bv, ONE);
569 bitvec_set_uint(&bv, sup->ms_sup, 5);
571 bitvec_set_bit(&bv, ZERO);
574 if (sup->ucs2_treat) {
575 bitvec_set_bit(&bv, ONE);
577 bitvec_set_bit(&bv, ZERO);
579 /* support extended measurements */
581 bitvec_set_bit(&bv, ONE);
583 bitvec_set_bit(&bv, ZERO);
585 /* support measurement capability */
587 bitvec_set_bit(&bv, ONE);
588 bitvec_set_uint(&bv, sup->sms_val, 4);
589 bitvec_set_uint(&bv, sup->sm_val, 4);
591 bitvec_set_bit(&bv, ZERO);
593 /* positioning method capability */
595 bitvec_set_bit(&bv, ONE);
596 bitvec_set_bit(&bv, sup->e_otd_ass == 1);
597 bitvec_set_bit(&bv, sup->e_otd_based == 1);
598 bitvec_set_bit(&bv, sup->gps_ass == 1);
599 bitvec_set_bit(&bv, sup->gps_based == 1);
600 bitvec_set_bit(&bv, sup->gps_conv == 1);
602 bitvec_set_bit(&bv, ZERO);
605 /* partitial bytes will be completed */
606 *len = (bv.cur_bit + 7) >> 3;
607 bitvec_spare_padding(&bv, (*len * 8) - 1);
612 /* encode classmark 2 */
613 int gsm48_rr_enc_cm2(struct osmocom_ms *ms, struct gsm48_classmark2 *cm)
615 struct gsm48_rrlayer *rr = &ms->rrlayer;
616 struct gsm_support *sup = &ms->support;
618 if (rr->arfcn >= 512 && rr->arfcn <= 885)
619 cm->pwr_lev = sup->pwr_lev_1800;
621 cm->pwr_lev = sup->pwr_lev_900;
622 cm->a5_1 = sup->a5_1;
623 cm->es_ind = sup->es_ind;
624 cm->rev_lev = sup->rev_lev;
625 cm->fc = (sup->r_gsm || sup->e_gsm);
626 cm->vgcs = sup->vgcs;
628 cm->sm_cap = sup->sms_ptp;
629 cm->ss_scr = sup->ss_ind;
630 cm->ps_cap = sup->ps_cap;
631 cm->a5_2 = sup->a5_2;
632 cm->a5_3 = sup->a5_3;
633 cm->cmsp = sup->cmsp;
634 cm->solsa = sup->solsa;
635 cm->lcsva_cap = sup->lcsva;
640 /* send classmark change */
641 static int gsm48_rr_tx_cm_change(struct osmocom_ms *ms)
643 struct gsm_support *sup = &ms->support;
645 struct gsm48_hdr *gh;
646 struct gsm48_cm_change *cc;
647 uint8_t cm3[14], *tlv;
649 LOGP(DRR, LOGL_INFO, "CLASSMARK CHANGE\n");
651 nmsg = gsm48_l3_msgb_alloc();
654 gh = (struct gsm48_hdr *) msgb_put(nmsg, sizeof(*gh));
655 cc = (struct gsm48_cm_change *) msgb_put(nmsg, sizeof(*cc));
657 gh->proto_discr = GSM48_PDISC_RR;
658 gh->msg_type = GSM48_MT_RR_CLSM_CHG;
661 cc->cm2_len = sizeof(cc->cm2);
662 gsm48_rr_enc_cm2(ms, &cc->cm2);
665 if (sup->dcs_1800 || sup->e_gsm || sup->r_gsm
666 || sup->a5_7 || sup->a5_6 || sup->a5_5 || sup->a5_4
669 || sup->ext_meas || sup->meas_cap
672 cm3[0] = GSM48_IE_CLASSMARK3;
673 gsm48_rr_enc_cm3(ms, cm3 + 2, &cm3[1]);
674 tlv = msgb_put(nmsg, 2 + cm3[1]);
675 memcpy(tlv, cm3, 2 + cm3[1]);
678 return gsm48_send_rsl(ms, RSL_MT_DATA_REQ, nmsg);
681 /* receiving classmark enquiry */
682 static int gsm48_rr_rx_cm_enq(struct osmocom_ms *ms, struct msgb *msg)
685 return gsm48_rr_tx_cm_change(ms);
692 /* temporary timer until we have time control over channnel request */
693 #define RSL_MT_CHAN_CNF 0x19
694 #include <osmocom/l1ctl.h>
695 static void temp_rach_to(void *arg)
697 struct gsm48_rrlayer *rr = arg;
698 struct osmocom_ms *ms = rr->ms;
699 struct msgb *msg = msgb_alloc_headroom(23+10, 10, "LAPDm RR");
700 struct abis_rsl_rll_hdr *rllh = (struct abis_rsl_rll_hdr *) msgb_put(msg, sizeof(*rllh));
702 rllh->c.msg_type = RSL_MT_CHAN_CNF;
703 gsm48_rcv_rsl(ms, msg);
708 /* send channel request burst message */
709 static int gsm48_rr_tx_chan_req(struct osmocom_ms *ms, int cause, int paging)
711 struct gsm48_rrlayer *rr = &ms->rrlayer;
712 struct gsm322_cellsel *cs = &ms->cellsel;
713 struct gsm48_sysinfo *s = &ms->sysinfo;
715 struct l1ctl_info_ul *nul;
716 struct l1ctl_rach_req *nra;
717 struct gsm48_rr_hdr *nrrh;
718 uint8_t chan_req, chan_req_val, chan_req_mask;
721 /* ignore paging, if not camping */
722 if (paging && cs->state != GSM322_C3_CAMPED_NORMALLY) {
726 /* tell cell selection process to leave idle mode
727 * NOTE: this must be sent unbuffered, because the state may not
728 * change until idle mode is left
730 nmsg = gsm322_msgb_alloc(GSM322_EVENT_LEAVE_IDLE);
733 gsm322_c_event(ms, nmsg);
737 new_rr_state(rr, GSM48_RR_ST_CONN_PEND);
739 /* number of retransmissions (without first transmission) */
740 rr->n_chan_req = s->max_retrans;
742 /* generate CHAN REQ (9.1.8) */
744 case RR_EST_CAUSE_EMERGENCY:
746 chan_req_mask = 0x1f;
748 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x (Emergency call)\n",
751 case RR_EST_CAUSE_REESTAB_TCH_F:
752 chan_req_mask = 0x1f;
754 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x (re-establish "
755 "TCH/F)\n", chan_req_val);
757 case RR_EST_CAUSE_REESTAB_TCH_H:
759 chan_req_mask = 0x03;
761 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x "
762 "(re-establish TCH/H with NECI)\n",
765 chan_req_mask = 0x1f;
767 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x "
768 "(re-establish TCH/H no NECI)\n", chan_req_val);
771 case RR_EST_CAUSE_REESTAB_2_TCH_H:
773 chan_req_mask = 0x03;
775 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x "
776 "(re-establish TCH/H+TCH/H with NECI)\n",
779 chan_req_mask = 0x1f;
781 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x "
782 "(re-establish TCH/H+TCH/H no NECI)\n",
786 case RR_EST_CAUSE_ANS_PAG_ANY:
787 chan_req_mask = 0x1f;
789 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x (PAGING "
790 "Any channel)\n", chan_req_val);
792 case RR_EST_CAUSE_ANS_PAG_SDCCH:
793 chan_req_mask = 0x0f;
795 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x (PAGING SDCCH)\n",
798 case RR_EST_CAUSE_ANS_PAG_TCH_F:
799 /* ms supports no dual rate */
800 chan_req_mask = 0x1f;
802 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x (PAGING TCH/F)\n",
805 case RR_EST_CAUSE_ANS_PAG_TCH_ANY:
806 /* ms supports no dual rate */
807 chan_req_mask = 0x1f;
809 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x (PAGING TCH/H or "
810 "TCH/F)\n", chan_req_val);
812 case RR_EST_CAUSE_ORIG_TCHF:
813 /* ms supports no dual rate */
814 chan_req_mask = 0x1f;
816 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x (Orig TCH/F)\n",
819 case RR_EST_CAUSE_LOC_UPD:
821 chan_req_mask = 0x0f;
823 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x (Location "
824 "Update with NECI)\n", chan_req_val);
826 chan_req_mask = 0x1f;
828 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x (Location "
829 "Update no NECI)\n", chan_req_val);
832 case RR_EST_CAUSE_OTHER_SDCCH:
834 chan_req_mask = 0x0f;
836 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x (OHTER "
837 "with NECI)\n", chan_req_val);
839 chan_req_mask = 0x1f;
841 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x (OTHER "
842 "no NECI)\n", chan_req_val);
846 if (!rr->rr_est_req) /* no request from MM */
849 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: with unknown "
850 "establishment cause: %d\n", cause);
851 nmsg = gsm48_rr_msgb_alloc(GSM48_RR_REL_IND);
854 nrrh = (struct gsm48_rr_hdr *)nmsg->data;
855 nrrh->cause = RR_REL_CAUSE_UNDEFINED;
856 gsm48_rr_upmsg(ms, nmsg);
857 new_rr_state(rr, GSM48_RR_ST_IDLE);
863 /* create and send RACH msg */
865 nmsg = gsm48_rsl_msgb_alloc();
867 nmsg = msgb_alloc_headroom(64, 48, "RAND_ACC");
868 struct l1ctl_hdr *l1h;
869 nmsg->l1h = msgb_put(nmsg, sizeof(*l1h));
870 l1h = (struct l1ctl_hdr *) nmsg->l1h;
871 l1h->msg_type = L1CTL_RACH_REQ;
874 nul = (struct l1ctl_info_ul *) msgb_put(nmsg, sizeof(*nul));
876 nra = (struct l1ctl_rach_req *) msgb_put(nmsg, sizeof(*nra));
879 chan_req &= chan_req_mask;
880 chan_req |= chan_req_val;
886 at this point we require chan req to be sent at a given delay
887 also we require a confirm from radio part
888 nra->delay = random() % t;
890 rr->temp_rach_ti.cb = temp_rach_to;
891 rr->temp_rach_ti.data = rr;
892 bsc_schedule_timer(&rr->temp_rach_ti, 0, 900000);
896 rr->chan_req_val = chan_req_val;
897 rr->chan_req_mask = chan_req_mask;
900 rr->cr_hist[1] = chan_req;
903 add layer 1 conrols to RSL...
904 return gsm48_send_rsl(ms, RSL_MT_CHAN_REQ, nmsg);
906 return osmo_send_l1(ms, nmsg);
910 /* send next channel request in conn pend state */
911 static int gsm48_rr_rand_acc_cnf(struct osmocom_ms *ms, struct msgb *msg)
913 struct gsm48_rrlayer *rr = &ms->rrlayer;
914 struct gsm48_sysinfo *s = &ms->sysinfo;
916 struct l1ctl_info_ul *nul;
917 struct l1ctl_rach_req *nra;
921 LOGP(DRR, LOGL_INFO, "RANDOM ACCESS confirm (requests left %d)\n",
924 if (!rr->n_chan_req) {
925 LOGP(DRR, LOGL_INFO, "Done with sending RANDOM ACCESS "
927 if (!bsc_timer_pending(&rr->t3126))
928 start_rr_t3126(rr, 5, 0); /* TODO improve! */
934 switch(s->tx_integer) {
935 case 3: case 8: case 14: case 50:
936 if (s->ccch_conf != 1) /* not combined CCCH */
940 case 4: case 9: case 16:
941 if (s->ccch_conf != 1)
945 case 5: case 10: case 20:
946 if (s->ccch_conf != 1)
950 case 6: case 11: case 25:
951 if (s->ccch_conf != 1)
956 if (s->ccch_conf != 1)
962 /* resend chan_req with new randiom */
964 nmsg = gsm48_rsl_msgb_alloc();
966 nmsg = msgb_alloc_headroom(64, 48, "RAND_ACC");
967 struct l1ctl_hdr *l1h;
968 nmsg->l1h = msgb_put(nmsg, sizeof(*l1h));
969 l1h = (struct l1ctl_hdr *) nmsg->l1h;
970 l1h->msg_type = L1CTL_RACH_REQ;
973 nul = (struct l1ctl_info_ul *) msgb_put(nmsg, sizeof(*nul));
975 nra = (struct l1ctl_rach_req *) msgb_put(nmsg, sizeof(*nra));
977 chan_req &= rr->chan_req_mask;
978 chan_req |= rr->chan_req_val;
981 at this point we require chan req to be sent at a given delay
982 also we require a confirm from radio part
983 nra->delay = (random() % s->tx_integer) + slots;
985 LOGP(DRR, LOGL_INFO, "RANDOM ACCESS (ra 0x%02x delay %d)\n", nra->ra,
988 rr->temp_rach_ti.cb = temp_rach_to;
989 rr->temp_rach_ti.data = rr;
990 bsc_schedule_timer(&rr->temp_rach_ti, 0, 900000);
992 LOGP(DRR, LOGL_INFO, "RANDOM ACCESS (ra 0x%02x)\n", nra->ra);
995 /* shift history and store */
996 rr->cr_hist[3] = rr->cr_hist[2];
997 rr->cr_hist[2] = rr->cr_hist[1];
998 rr->cr_hist[1] = chan_req;
1001 add layer 1 conrols to RSL...
1002 return gsm48_send_rsl(ms, RSL_MT_CHAN_REQ, nmsg);
1004 return osmo_send_l1(ms, nmsg);
1009 * system information
1012 /* decode "Cell Channel Description" (10.5.2.1b) and other frequency lists */
1013 static int gsm48_decode_freq_list(struct gsm_support *sup,
1014 struct gsm_sysinfo_freq *f, uint8_t *cd, uint8_t len, uint8_t mask,
1021 * The Range format uses "SMOD" computation.
1022 * e.g. "n SMOD m" equals "((n - 1) % m) + 1"
1023 * A cascade of multiple SMOD computations is simpified:
1024 * "(n SMOD m) SMOD o" equals "(((n - 1) % m) % o) + 1"
1026 * The Range format uses 16 octets of data in SYSTEM INFORMATION.
1027 * When used in dedicated messages, the length can be less.
1028 * In this case the ranges are decoded for all frequencies that
1029 * fit in the block of given length.
1033 for (i = 0; i < 1024; i++)
1037 if ((cd[0] & 0xc0 & mask) == 0x00) {
1038 /* Bit map 0 format */
1041 for (i = 1; i <= 124; i++)
1042 if ((cd[15 - ((i-1) >> 3)] & (1 << ((i-1) & 7))))
1048 /* only Bit map 0 format for P-GSM */
1049 if (sup->p_gsm && !sup->e_gsm && !sup->r_gsm && !sup->dcs_1800)
1053 if ((cd[0] & 0xc8 & mask) == 0x80) {
1054 /* Range 1024 format */
1055 uint16_t w[17]; /* 1..16 */
1056 struct gsm48_range_1024 *r = (struct gsm48_range_1024 *)cd;
1060 memset(w, 0, sizeof(w));
1063 w[1] = (r->w1_hi << 8) | r->w1_lo;
1065 w[2] = (r->w2_hi << 1) | r->w2_lo;
1067 w[3] = (r->w3_hi << 2) | r->w3_lo;
1069 w[4] = (r->w4_hi << 2) | r->w4_lo;
1071 w[5] = (r->w5_hi << 2) | r->w5_lo;
1073 w[6] = (r->w6_hi << 2) | r->w6_lo;
1075 w[7] = (r->w7_hi << 2) | r->w7_lo;
1077 w[8] = (r->w8_hi << 1) | r->w8_lo;
1083 w[11] = (r->w11_hi << 6) | r->w11_lo;
1085 w[12] = (r->w12_hi << 5) | r->w12_lo;
1087 w[13] = (r->w13_hi << 4) | r->w13_lo;
1089 w[14] = (r->w14_hi << 3) | r->w14_lo;
1091 w[15] = (r->w15_hi << 2) | r->w15_lo;
1095 f[w[1]].mask |= frqt;
1097 f[((w[1] - 512 + w[2] - 1) % 1023) + 1].mask |= frqt;
1099 f[((w[1] + w[3] - 1) % 1023) + 1].mask |= frqt;
1101 f[((w[1] - 512 + ((w[2] - 256 + w[4] - 1) % 511)) % 1023) + 1].mask |= frqt;
1103 f[((w[1] + ((w[3] - 256 - w[5] - 1) % 511)) % 1023) + 1].mask |= frqt;
1105 f[((w[1] - 512 + ((w[2] + w[6] - 1) % 511)) % 1023) + 1].mask |= frqt;
1107 f[((w[1] + ((w[3] + w[7] - 1) % 511)) % 1023) + 1].mask |= frqt;
1109 f[((w[1] - 512 + ((w[2] - 256 + ((w[4] - 128 + w[8] - 1) % 255)) % 511)) % 1023) + 1].mask |= frqt;
1111 f[((w[1] + ((w[3] - 256 + ((w[5] - 128 + w[9] - 1) % 255)) % 511)) % 1023) + 1].mask |= frqt;
1113 f[((w[1] - 512 + ((w[2] + ((w[6] - 128 + w[10] - 1) % 255)) % 511)) % 1023) + 1].mask |= frqt;
1115 f[((w[1] + ((w[3] + ((w[7] - 128 + w[11] - 1) % 255)) % 511)) % 1023) + 1].mask |= frqt;
1117 f[((w[1] - 512 + ((w[2] - 256 + ((w[4] + w[12] - 1) % 255)) % 511)) % 1023) + 1].mask |= frqt;
1119 f[((w[1] + ((w[3] - 256 + ((w[5] + w[13] - 1) % 255)) % 511)) % 1023) + 1].mask |= frqt;
1121 f[((w[1] - 512 + ((w[2] + ((w[6] + w[14] - 1) % 255)) % 511)) % 1023) + 1].mask |= frqt;
1123 f[((w[1] + ((w[3] + ((w[7] + w[15] - 1) % 255)) % 511)) % 1023) + 1].mask |= frqt;
1125 f[((w[1] - 512 + ((w[2] - 256 + ((w[4] - 128 + ((w[8] - 64 + w[16] - 1) % 127)) % 255)) % 511)) % 1023) + 1].mask |= frqt;
1130 if ((cd[0] & 0xce & mask) == 0x88) {
1131 /* Range 512 format */
1132 uint16_t w[18]; /* 1..17 */
1133 struct gsm48_range_512 *r = (struct gsm48_range_512 *)cd;
1137 memset(w, 0, sizeof(w));
1138 w[0] = (r->orig_arfcn_hi << 9) || (r->orig_arfcn_mid << 1) || r->orig_arfcn_lo;
1139 w[1] = (r->w1_hi << 2) || r->w1_lo;
1141 w[2] = (r->w2_hi << 2) || r->w2_lo;
1143 w[3] = (r->w3_hi << 2) || r->w3_lo;
1145 w[4] = (r->w4_hi << 1) || r->w4_lo;
1151 w[7] = (r->w7_hi << 6) || r->w7_lo;
1153 w[8] = (r->w8_hi << 4) || r->w8_lo;
1155 w[9] = (r->w9_hi << 2) || r->w9_lo;
1161 w[12] = (r->w12_hi << 4) || r->w12_lo;
1163 w[13] = (r->w13_hi << 2) || r->w13_lo;
1169 w[16] = (r->w16_hi << 3) || r->w16_lo;
1173 f[w[0]].mask |= frqt;
1175 f[(w[0] + w[1]) % 1024].mask |= frqt;
1177 f[(w[0] + ((w[1] - 256 + w[2] - 1) % 511) + 1) % 1024].mask |= frqt;
1179 f[(w[0] + ((w[1] + w[3] - 1) % 511) + 1) % 1024].mask |= frqt;
1181 f[(w[0] + ((w[1] - 256 + ((w[2] - 128 + w[4] - 1) % 255)) % 511) + 1) % 1024].mask |= frqt;
1183 f[(w[0] + ((w[1] + ((w[3] - 128 + w[5] - 1) % 255)) % 511) + 1) % 1024].mask |= frqt;
1185 f[(w[0] + ((w[1] - 256 + ((w[2] + w[6] - 1) % 255)) % 511) + 1) % 1024].mask |= frqt;
1187 f[(w[0] + ((w[1] + ((w[3] + w[7] - 1) % 255)) % 511) + 1) % 1024].mask |= frqt;
1189 f[(w[0] + ((w[1] - 256 + ((w[2] - 128 + ((w[4] - 64 + w[8] - 1) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
1191 f[(w[0] + ((w[1] + ((w[3] - 128 + ((w[5] - 64 + w[9] - 1) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
1193 f[(w[0] + ((w[1] - 256 + ((w[2] + ((w[6] - 64 + w[10] - 1) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
1195 f[(w[0] + ((w[1] + ((w[3] + ((w[7] - 64 + w[11] - 1) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
1197 f[(w[0] + ((w[1] - 256 + ((w[2] - 128 + ((w[4] + w[12] - 1) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
1199 f[(w[0] + ((w[1] + ((w[3] - 128 + ((w[5] + w[13] - 1) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
1201 f[(w[0] + ((w[1] - 256 + ((w[2] + ((w[6] + w[14] - 1) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
1203 f[(w[0] + ((w[1] + ((w[3] + ((w[7] + w[15] - 1) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
1205 f[(w[0] + ((w[1] - 256 + ((w[2] - 128 + ((w[4] - 64 + ((w[8] - 32 + w[16] - 1) % 63)) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
1207 f[(w[0] + ((w[1] + ((w[3] - 128 + ((w[5] - 64 + ((w[9] - 32 + w[17] - 1) % 63)) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
1212 if ((cd[0] & 0xce & mask) == 0x8a) {
1213 /* Range 256 format */
1214 uint16_t w[22]; /* 1..21 */
1215 struct gsm48_range_256 *r = (struct gsm48_range_256 *)cd;
1219 memset(w, 0, sizeof(w));
1220 w[0] = (r->orig_arfcn_hi << 9) || (r->orig_arfcn_mid << 1) || r->orig_arfcn_lo;
1221 w[1] = (r->w1_hi << 1) || r->w1_lo;
1227 w[4] = (r->w4_hi << 5) || r->w4_lo;
1229 w[5] = (r->w5_hi << 3) || r->w5_lo;
1231 w[6] = (r->w6_hi << 1) || r->w6_lo;
1235 w[8] = (r->w8_hi << 4) || r->w8_lo;
1237 w[9] = (r->w9_hi << 1) || r->w9_lo;
1241 w[11] = (r->w11_hi << 3) || r->w11_lo;
1249 w[15] = (r->w14_hi << 2) || r->w14_lo;
1251 w[16] = (r->w16_hi << 3) || r->w16_lo;
1257 w[19] = (r->w18_hi << 3) || r->w18_lo;
1259 w[20] = (r->w20_hi << 3) || r->w20_lo;
1263 f[w[0]].mask |= frqt;
1265 f[(w[0] + w[1]) % 1024].mask |= frqt;
1267 f[(w[0] + ((w[1] - 128 + w[2] - 1) % 255) + 1) % 1024].mask |= frqt;
1269 f[(w[0] + ((w[1] + w[3] - 1) % 255) + 1) % 1024].mask |= frqt;
1271 f[(w[0] + ((w[1] - 128 + ((w[2] - 64 + w[4] - 1) % 127)) % 255) + 1) % 1024].mask |= frqt;
1273 f[(w[0] + ((w[1] + ((w[3] - 64 + w[5] - 1) % 127)) % 255) + 1) % 1024].mask |= frqt;
1275 f[(w[0] + ((w[1] - 128 + ((w[2] + w[6] - 1) % 127)) % 255) + 1) % 1024].mask |= frqt;
1277 f[(w[0] + ((w[1] + ((w[3] + w[7] - 1) % 127)) % 255) + 1) % 1024].mask |= frqt;
1279 f[(w[0] + ((w[1] - 128 + ((w[2] - 64 + ((w[4] - 32 + w[8] - 1) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1281 f[(w[0] + ((w[1] + ((w[3] - 64 + ((w[5] - 32 + w[9] - 1) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1283 f[(w[0] + ((w[1] - 128 + ((w[2] + ((w[6] - 32 + w[10] - 1) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1285 f[(w[0] + ((w[1] + ((w[3] + ((w[7] - 32 + w[11] - 1) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1287 f[(w[0] + ((w[1] - 128 + ((w[2] - 64 + ((w[4] + w[12] - 1) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1289 f[(w[0] + ((w[1] + ((w[3] - 64 + ((w[5] + w[13] - 1) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1291 f[(w[0] + ((w[1] - 128 + ((w[2] + ((w[6] + w[14] - 1) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1293 f[(w[0] + ((w[1] + ((w[3] + ((w[7] + w[15] - 1) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1295 f[(w[0] + ((w[1] - 128 + ((w[2] - 64 + ((w[4] - 32 + ((w[8] - 16 + w[16] - 1) % 31)) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1297 f[(w[0] + ((w[1] + ((w[3] - 64 + ((w[5] - 32 + ((w[9] - 16 + w[17] - 1) % 31)) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1299 f[(w[0] + ((w[1] - 128 + ((w[2] + ((w[6] - 32 + ((w[10] - 16 + w[18] - 1) % 31)) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1301 f[(w[0] + ((w[1] + ((w[3] + ((w[7] - 32 + ((w[11] - 16 + w[19] - 1) % 31)) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1303 f[(w[0] + ((w[1] - 128 + ((w[2] - 64 + ((w[4] + ((w[12] - 16 + w[20] - 1) % 31)) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1305 f[(w[0] + ((w[1] + ((w[3] - 64 + ((w[5] + ((w[13] - 16 + w[21] - 1) % 31)) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1310 if ((cd[0] & 0xce & mask) == 0x8c) {
1311 /* Range 128 format */
1312 uint16_t w[29]; /* 1..28 */
1313 struct gsm48_range_128 *r = (struct gsm48_range_128 *)cd;
1317 memset(w, 0, sizeof(w));
1318 w[0] = (r->orig_arfcn_hi << 9) || (r->orig_arfcn_mid << 1) || r->orig_arfcn_lo;
1323 w[3] = (r->w3_hi << 4) || r->w3_lo;
1325 w[4] = (r->w4_hi << 1) || r->w4_lo;
1329 w[6] = (r->w6_hi << 3) || r->w6_lo;
1353 w[18] = (r->w18_hi << 1) || r->w18_lo;
1359 w[21] = (r->w21_hi << 2) || r->w21_lo;
1369 w[26] = (r->w26_hi << 1) || r->w26_lo;
1375 f[w[0]].mask |= frqt;
1377 f[(w[0] + w[1]) % 1024].mask |= frqt;
1379 f[(w[0] + ((w[1] - 64 + w[2] - 1) % 127) + 1) % 1024].mask |= frqt;
1381 f[(w[0] + ((w[1] + w[3] - 1) % 127) + 1) % 1024].mask |= frqt;
1383 f[(w[0] + ((w[1] - 64 + ((w[2] - 32 + w[4] - 1) % 63)) % 127) + 1) % 1024].mask |= frqt;
1385 f[(w[0] + ((w[1] + ((w[3] - 32 + w[5] - 1) % 63)) % 127) + 1) % 1024].mask |= frqt;
1387 f[(w[0] + ((w[1] - 64 + ((w[2] + w[6] - 1) % 63)) % 127) + 1) % 1024].mask |= frqt;
1389 f[(w[0] + ((w[1] + ((w[3] + w[7] - 1) % 63)) % 127) + 1) % 1024].mask |= frqt;
1391 f[(w[0] + ((w[1] - 64 + ((w[2] - 32 + ((w[4] - 16 + w[8] - 1) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1393 f[(w[0] + ((w[1] + ((w[3] - 32 + ((w[5] - 16 + w[9] - 1) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1395 f[(w[0] + ((w[1] - 64 + ((w[2] + ((w[6] - 16 + w[10] - 1) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1397 f[(w[0] + ((w[1] + ((w[3] + ((w[7] - 16 + w[11] - 1) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1399 f[(w[0] + ((w[1] - 64 + ((w[2] - 32 + ((w[4] + w[12] - 1) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1401 f[(w[0] + ((w[1] + ((w[3] - 32 + ((w[5] + w[13] - 1) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1403 f[(w[0] + ((w[1] - 64 + ((w[2] + ((w[6] + w[14] - 1) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1405 f[(w[0] + ((w[1] + ((w[3] + ((w[7] + w[15] - 1) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1407 f[(w[0] + ((w[1] - 64 + ((w[2] - 32 + ((w[4] - 16 + ((w[8] - 8 + w[16] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1409 f[(w[0] + ((w[1] + ((w[3] - 32 + ((w[5] - 16 + ((w[9] - 8 + w[17] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1411 f[(w[0] + ((w[1] - 64 + ((w[2] + ((w[6] - 16 + ((w[10] - 8 + w[18] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1413 f[(w[0] + ((w[1] + ((w[3] + ((w[7] - 16 + ((w[11] - 8 + w[19] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1415 f[(w[0] + ((w[1] - 64 + ((w[2] - 32 + ((w[4] + ((w[12] - 8 + w[20] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1417 f[(w[0] + ((w[1] + ((w[3] - 32 + ((w[5] + ((w[13] - 8 + w[21] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1419 f[(w[0] + ((w[1] - 64 + ((w[2] + ((w[6] + ((w[14] - 8 + w[22] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1421 f[(w[0] + ((w[1] + ((w[3] + ((w[7] + ((w[15] - 8 + w[23] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1423 f[(w[0] + ((w[1] - 64 + ((w[2] - 32 + ((w[4] - 16 + ((w[8] + w[24] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1425 f[(w[0] + ((w[1] + ((w[3] - 32 + ((w[5] - 16 + ((w[9] + w[25] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1427 f[(w[0] + ((w[1] - 64 + ((w[2] + ((w[6] - 16 + ((w[10] + w[26] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1429 f[(w[0] + ((w[1] + ((w[3] + ((w[7] - 16 + ((w[11] + w[27] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1431 f[(w[0] + ((w[1] - 64 + ((w[2] - 32 + ((w[4] + ((w[12] + w[28] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1436 if ((cd[0] & 0xce & mask) == 0x8e) {
1437 /* Variable bitmap format (can be any length >= 3) */
1439 struct gsm48_var_bit *r = (struct gsm48_var_bit *)cd;
1443 orig = (r->orig_arfcn_hi << 9) || (r->orig_arfcn_mid << 1) || r->orig_arfcn_lo;
1444 f[orig].mask |= frqt;
1445 for (i = 1; 2 + (i >> 3) < len; i++)
1446 if ((cd[2 + (i >> 3)] & (0x80 >> (i & 7))))
1447 f[(orig + 1) % 1024].mask |= frqt;
1455 /* decode "Cell Selection Parameters" (10.5.2.4) */
1456 static int gsm48_decode_cell_sel_param(struct gsm48_sysinfo *s,
1457 struct gsm48_cell_sel_par *cs)
1460 convert ms_txpwr_max_ccch dependant on the current frequenc and support
1461 to the right powe level
1463 s->ms_txpwr_max_ccch = cs->ms_txpwr_max_ccch;
1464 s->cell_resel_hyst_db = cs->cell_resel_hyst * 2;
1465 s->rxlev_acc_min_db = cs->rxlev_acc_min - 110;
1472 /* decode "Cell Options (BCCH)" (10.5.2.3) */
1473 static int gsm48_decode_cellopt_bcch(struct gsm48_sysinfo *s,
1474 struct gsm48_cell_options *co)
1476 s->bcch_radio_link_timeout = (co->radio_link_timeout + 1) * 4;
1477 s->bcch_dtx = co->dtx;
1478 s->bcch_pwrc = co->pwrc;
1483 /* decode "Cell Options (SACCH)" (10.5.2.3a) */
1484 static int gsm48_decode_cellopt_sacch(struct gsm48_sysinfo *s,
1485 struct gsm48_cell_options *co)
1487 s->sacch_radio_link_timeout = (co->radio_link_timeout + 1) * 4;
1488 s->sacch_dtx = co->dtx;
1489 s->sacch_pwrc = co->pwrc;
1494 /* decode "Control Channel Description" (10.5.2.11) */
1495 static int gsm48_decode_ccd(struct gsm48_sysinfo *s,
1496 struct gsm48_control_channel_descr *cc)
1498 s->ccch_conf = cc->ccch_conf;
1499 s->bs_ag_blks_res = cc->bs_ag_blks_res;
1500 s->att_allowed = cc->att;
1501 s->pag_mf_periods = cc->bs_pa_mfrms + 2;
1502 s->t3212 = cc->t3212 * 360; /* convert deci-hours to seconds */
1507 /* decode "Mobile Allocation" (10.5.2.21) */
1508 static int gsm48_decode_mobile_alloc(struct gsm48_sysinfo *s,
1509 uint8_t *ma, uint8_t len)
1512 uint16_t f[len << 3];
1514 /* not more than 64 hopping indexes allowed in IE */
1520 for (i = 0; i < 1024; i++)
1521 s->freq[i].mask &= ~FREQ_TYPE_HOPP;
1523 /* generating list of all frequencies (1..1023,0) */
1524 for (i = 1; i <= 1024; i++) {
1525 if ((s->freq[i & 1023].mask & FREQ_TYPE_SERV)) {
1527 if (j == (len << 3))
1532 /* fill hopping table with frequency index given by IE
1533 * and set hopping type bits
1535 for (i = 0; i < (len << 3); i++) {
1536 /* if bit is set, this frequency index is used for hopping */
1537 if ((ma[len - 1 - (i >> 3)] & (1 << (i & 7)))) {
1538 /* index higher than entries in list ? */
1540 LOGP(DRR, LOGL_NOTICE, "Mobile Allocation "
1541 "hopping index %d exceeds maximum "
1542 "number of cell frequencies. (%d)\n",
1546 s->hopping[s->hopp_len++] = f[i];
1547 s->freq[f[i]].mask |= FREQ_TYPE_HOPP;
1554 /* Rach Control decode tables */
1555 static uint8_t gsm48_max_retrans[4] = {
1558 static uint8_t gsm48_tx_integer[16] = {
1559 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 16, 20, 25, 32, 50
1562 /* decode "RACH Control Parameter" (10.5.2.29) */
1563 static int gsm48_decode_rach_ctl_param(struct gsm48_sysinfo *s,
1564 struct gsm48_rach_control *rc)
1566 s->reest_denied = rc->re;
1567 s->cell_barr = rc->cell_bar;
1568 s->tx_integer = gsm48_tx_integer[rc->tx_integer];
1569 s->max_retrans = gsm48_max_retrans[rc->max_trans];
1570 s->class_barr = (rc->t2 << 8) | rc->t3;
1574 static int gsm48_decode_rach_ctl_neigh(struct gsm48_sysinfo *s,
1575 struct gsm48_rach_control *rc)
1577 s->nb_reest_denied = rc->re;
1578 s->nb_cell_barr = rc->cell_bar;
1579 s->nb_tx_integer = gsm48_tx_integer[rc->tx_integer];
1580 s->nb_max_retrans = gsm48_max_retrans[rc->max_trans];
1581 s->nb_class_barr = (rc->t2 << 8) | rc->t3;
1586 /* decode "SI 1 Rest Octets" (10.5.2.32) */
1587 static int gsm48_decode_si1_rest(struct gsm48_sysinfo *s, uint8_t *si,
1593 /* decode "SI 3 Rest Octets" (10.5.2.34) */
1594 static int gsm48_decode_si3_rest(struct gsm48_sysinfo *s, uint8_t *si,
1600 /* decode "SI 4 Rest Octets" (10.5.2.35) */
1601 static int gsm48_decode_si4_rest(struct gsm48_sysinfo *s, uint8_t *si,
1607 /* decode "SI 6 Rest Octets" (10.5.2.35a) */
1608 static int gsm48_decode_si6_rest(struct gsm48_sysinfo *s, uint8_t *si,
1614 /* send sysinfo event to other layers */
1615 static int gsm48_send_sysinfo(struct osmocom_ms *ms, uint8_t type)
1618 struct gsm322_msg *em;
1620 nmsg = gsm322_msgb_alloc(GSM322_EVENT_SYSINFO);
1623 em = (struct gsm322_msg *) nmsg->data;
1625 gsm322_cs_sendmsg(ms, nmsg);
1627 /* send timer info to location update process */
1628 nmsg = gsm48_mmevent_msgb_alloc(GSM48_MM_EVENT_SYSINFO);
1631 gsm48_mmevent_msg(ms, nmsg);
1636 /* receive "SYSTEM INFORMATION 1" message (9.1.31) */
1637 static int gsm48_rr_rx_sysinfo1(struct osmocom_ms *ms, struct msgb *msg)
1639 struct gsm48_system_information_type_1 *si = msgb_l3(msg);
1640 struct gsm48_sysinfo *s = &ms->sysinfo;
1641 int payload_len = msgb_l3len(msg) - sizeof(*si);
1643 if (payload_len < 0) {
1644 LOGP(DRR, LOGL_NOTICE, "Short read of SYSTEM INFORMATION 1 "
1649 if (!memcmp(si, s->si1_msg, MIN(msgb_l3len(msg), sizeof(s->si1_msg))))
1651 memcpy(s->si1_msg, si, MIN(msgb_l3len(msg), sizeof(s->si1_msg)));
1653 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 1\n");
1655 /* Cell Channel Description */
1656 gsm48_decode_freq_list(&ms->support, s->freq,
1657 si->cell_channel_description,
1658 sizeof(si->cell_channel_description), 0xce, FREQ_TYPE_SERV);
1659 /* RACH Control Parameter */
1660 gsm48_decode_rach_ctl_param(s, &si->rach_control);
1661 /* SI 1 Rest Octets */
1663 gsm48_decode_si1_rest(s, si->rest_octets, payload_len);
1667 return gsm48_send_sysinfo(ms, si->header.system_information);
1670 /* receive "SYSTEM INFORMATION 2" message (9.1.32) */
1671 static int gsm48_rr_rx_sysinfo2(struct osmocom_ms *ms, struct msgb *msg)
1673 struct gsm48_system_information_type_2 *si = msgb_l3(msg);
1674 struct gsm48_sysinfo *s = &ms->sysinfo;
1675 int payload_len = msgb_l3len(msg) - sizeof(*si);
1677 if (payload_len < 0) {
1678 LOGP(DRR, LOGL_NOTICE, "Short read of SYSTEM INFORMATION 2 "
1682 //printf("len = %d\n", MIN(msgb_l3len(msg), sizeof(s->si2_msg)));
1684 if (!memcmp(si, s->si2_msg, MIN(msgb_l3len(msg), sizeof(s->si2_msg))))
1686 memcpy(s->si2_msg, si, MIN(msgb_l3len(msg), sizeof(s->si2_msg)));
1688 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 2\n");
1690 /* Neighbor Cell Description */
1691 s->nb_ext_ind_si2 = (si->bcch_frequency_list[0] >> 6) & 1;
1692 s->nb_ba_ind_si2 = (si->bcch_frequency_list[0] >> 5) & 1;
1693 gsm48_decode_freq_list(&ms->support, s->freq, si->bcch_frequency_list,
1694 sizeof(si->bcch_frequency_list), 0xce, FREQ_TYPE_NCELL_2);
1696 s->nb_ncc_permitted = si->ncc_permitted;
1697 /* RACH Control Parameter */
1698 gsm48_decode_rach_ctl_neigh(s, &si->rach_control);
1702 return gsm48_send_sysinfo(ms, si->header.system_information);
1705 /* receive "SYSTEM INFORMATION 2bis" message (9.1.33) */
1706 static int gsm48_rr_rx_sysinfo2bis(struct osmocom_ms *ms, struct msgb *msg)
1708 struct gsm48_system_information_type_2bis *si = msgb_l3(msg);
1709 struct gsm48_sysinfo *s = &ms->sysinfo;
1710 int payload_len = msgb_l3len(msg) - sizeof(*si);
1712 if (payload_len < 0) {
1713 LOGP(DRR, LOGL_NOTICE, "Short read of SYSTEM INFORMATION 2bis "
1718 if (!memcmp(si, s->si2b_msg, MIN(msgb_l3len(msg),
1719 sizeof(s->si2b_msg))))
1721 memcpy(s->si2b_msg, si, MIN(msgb_l3len(msg), sizeof(s->si2b_msg)));
1723 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 2bis\n");
1725 /* Neighbor Cell Description */
1726 s->nb_ext_ind_si2bis = (si->bcch_frequency_list[0] >> 6) & 1;
1727 s->nb_ba_ind_si2bis = (si->bcch_frequency_list[0] >> 5) & 1;
1728 gsm48_decode_freq_list(&ms->support, s->freq,
1729 si->bcch_frequency_list,
1730 sizeof(si->bcch_frequency_list), 0x8e,
1731 FREQ_TYPE_NCELL_2bis);
1732 /* RACH Control Parameter */
1733 gsm48_decode_rach_ctl_neigh(s, &si->rach_control);
1737 return gsm48_send_sysinfo(ms, si->header.system_information);
1740 /* receive "SYSTEM INFORMATION 2ter" message (9.1.34) */
1741 static int gsm48_rr_rx_sysinfo2ter(struct osmocom_ms *ms, struct msgb *msg)
1743 struct gsm48_system_information_type_2ter *si = msgb_l3(msg);
1744 struct gsm48_sysinfo *s = &ms->sysinfo;
1745 int payload_len = msgb_l3len(msg) - sizeof(*si);
1747 if (payload_len < 0) {
1748 LOGP(DRR, LOGL_NOTICE, "Short read of SYSTEM INFORMATION 2ter "
1753 if (!memcmp(si, s->si2t_msg, MIN(msgb_l3len(msg),
1754 sizeof(s->si2t_msg))))
1756 memcpy(s->si2t_msg, si, MIN(msgb_l3len(msg), sizeof(s->si2t_msg)));
1758 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 2ter\n");
1760 /* Neighbor Cell Description 2 */
1761 s->nb_multi_rep_si2ter = (si->ext_bcch_frequency_list[0] >> 6) & 3;
1762 gsm48_decode_freq_list(&ms->support, s->freq,
1763 si->ext_bcch_frequency_list,
1764 sizeof(si->ext_bcch_frequency_list), 0x8e,
1765 FREQ_TYPE_NCELL_2ter);
1769 return gsm48_send_sysinfo(ms, si->header.system_information);
1772 /* receive "SYSTEM INFORMATION 3" message (9.1.35) */
1773 static int gsm48_rr_rx_sysinfo3(struct osmocom_ms *ms, struct msgb *msg)
1775 struct gsm48_system_information_type_3 *si = msgb_l3(msg);
1776 struct gsm48_sysinfo *s = &ms->sysinfo;
1777 int payload_len = msgb_l3len(msg) - sizeof(*si);
1779 if (payload_len < 0) {
1780 LOGP(DRR, LOGL_NOTICE, "Short read of SYSTEM INFORMATION 3 "
1785 if (!memcmp(si, s->si3_msg, MIN(msgb_l3len(msg), sizeof(s->si3_msg))))
1787 memcpy(s->si3_msg, si, MIN(msgb_l3len(msg), sizeof(s->si3_msg)));
1790 s->cell_id = ntohs(si->cell_identity);
1792 gsm48_decode_lai(&si->lai, &s->mcc, &s->mnc, &s->lac);
1793 /* Control Channel Description */
1794 gsm48_decode_ccd(s, &si->control_channel_desc);
1795 /* Cell Options (BCCH) */
1796 gsm48_decode_cellopt_bcch(s, &si->cell_options);
1797 /* Cell Selection Parameters */
1798 gsm48_decode_cell_sel_param(s, &si->cell_sel_par);
1799 /* RACH Control Parameter */
1800 gsm48_decode_rach_ctl_param(s, &si->rach_control);
1801 /* SI 3 Rest Octets */
1802 if (payload_len >= 4)
1803 gsm48_decode_si3_rest(s, si->rest_octets, payload_len);
1805 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 3 (mcc %03d mnc %02d "
1806 "lac 0x%04x)\n", s->mcc, s->mnc, s->lac);
1810 return gsm48_send_sysinfo(ms, si->header.system_information);
1813 /* receive "SYSTEM INFORMATION 4" message (9.1.36) */
1814 static int gsm48_rr_rx_sysinfo4(struct osmocom_ms *ms, struct msgb *msg)
1816 /* NOTE: pseudo length is not in this structure, so we skip */
1817 struct gsm48_system_information_type_4 *si = msgb_l3(msg);
1818 struct gsm48_sysinfo *s = &ms->sysinfo;
1819 int payload_len = msgb_l3len(msg) - sizeof(*si);
1820 uint8_t *data = si->data;
1821 struct gsm48_chan_desc *cd;
1823 if (payload_len < 0) {
1825 LOGP(DRR, LOGL_NOTICE, "Short read of SYSTEM INFORMATION 4 "
1830 if (!memcmp(si, s->si4_msg, MIN(msgb_l3len(msg), sizeof(s->si4_msg))))
1832 memcpy(s->si4_msg, si, MIN(msgb_l3len(msg), sizeof(s->si4_msg)));
1835 gsm48_decode_lai(&si->lai, &s->mcc, &s->mnc, &s->lac);
1836 /* Cell Selection Parameters */
1837 gsm48_decode_cell_sel_param(s, &si->cell_sel_par);
1838 /* RACH Control Parameter */
1839 gsm48_decode_rach_ctl_param(s, &si->rach_control);
1840 /* CBCH Channel Description */
1841 if (payload_len >= 1 && data[0] == GSM48_IE_CBCH_CHAN_DESC) {
1842 if (payload_len < 4)
1844 cd = (struct gsm48_chan_desc *) (data + 1);
1847 gsm48_decode_chan_h1(cd, &s->tsc, &s->maio, &s->hsn);
1850 gsm48_decode_chan_h0(cd, &s->tsc, &s->arfcn);
1855 /* CBCH Mobile Allocation */
1856 if (payload_len >= 1 && data[0] == GSM48_IE_CBCH_MOB_AL) {
1857 if (payload_len < 1 || payload_len < 2 + data[1])
1859 gsm48_decode_mobile_alloc(s, data + 2, si->data[1]);
1860 payload_len -= 2 + data[1];
1861 data += 2 + data[1];
1863 /* SI 4 Rest Octets */
1864 if (payload_len > 0)
1865 gsm48_decode_si4_rest(s, data, payload_len);
1867 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 4 (mcc %03d mnc %02d "
1868 "lac 0x%04x)\n", s->mcc, s->mnc, s->lac);
1872 return gsm48_send_sysinfo(ms, si->header.system_information);
1875 /* receive "SYSTEM INFORMATION 5" message (9.1.37) */
1876 static int gsm48_rr_rx_sysinfo5(struct osmocom_ms *ms, struct msgb *msg)
1878 /* NOTE: pseudo length is not in this structure, so we skip */
1879 struct gsm48_system_information_type_5 *si = msgb_l3(msg) + 1;
1880 struct gsm48_sysinfo *s = &ms->sysinfo;
1881 int payload_len = msgb_l3len(msg) - sizeof(*si) - 1;
1883 if (payload_len < 0) {
1884 LOGP(DRR, LOGL_NOTICE, "Short read of SYSTEM INFORMATION 5 "
1889 if (!memcmp(si, s->si5_msg, MIN(msgb_l3len(msg), sizeof(s->si5_msg))))
1891 memcpy(s->si5_msg, si, MIN(msgb_l3len(msg), sizeof(s->si5_msg)));
1893 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 5\n");
1895 /* Neighbor Cell Description */
1896 s->nb_ext_ind_si5 = (si->bcch_frequency_list[0] >> 6) & 1;
1897 s->nb_ba_ind_si5 = (si->bcch_frequency_list[0] >> 5) & 1;
1898 gsm48_decode_freq_list(&ms->support, s->freq, si->bcch_frequency_list,
1899 sizeof(si->bcch_frequency_list), 0xce, FREQ_TYPE_REP_5);
1903 return gsm48_send_sysinfo(ms, si->system_information);
1906 /* receive "SYSTEM INFORMATION 5bis" message (9.1.38) */
1907 static int gsm48_rr_rx_sysinfo5bis(struct osmocom_ms *ms, struct msgb *msg)
1909 /* NOTE: pseudo length is not in this structure, so we skip */
1910 struct gsm48_system_information_type_5bis *si = msgb_l3(msg) + 1;
1911 struct gsm48_sysinfo *s = &ms->sysinfo;
1912 int payload_len = msgb_l3len(msg) - sizeof(*si) - 1;
1914 if (payload_len < 0) {
1915 LOGP(DRR, LOGL_NOTICE, "Short read of SYSTEM INFORMATION 5bis "
1920 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 5bis\n");
1922 if (!memcmp(si, s->si5b_msg, MIN(msgb_l3len(msg),
1923 sizeof(s->si5b_msg))))
1925 memcpy(s->si5b_msg, si, MIN(msgb_l3len(msg), sizeof(s->si5b_msg)));
1927 /* Neighbor Cell Description */
1928 s->nb_ext_ind_si5bis = (si->bcch_frequency_list[0] >> 6) & 1;
1929 s->nb_ba_ind_si5bis = (si->bcch_frequency_list[0] >> 5) & 1;
1930 gsm48_decode_freq_list(&ms->support, s->freq, si->bcch_frequency_list,
1931 sizeof(si->bcch_frequency_list), 0xce, FREQ_TYPE_REP_5bis);
1935 return gsm48_send_sysinfo(ms, si->system_information);
1938 /* receive "SYSTEM INFORMATION 5ter" message (9.1.39) */
1939 static int gsm48_rr_rx_sysinfo5ter(struct osmocom_ms *ms, struct msgb *msg)
1941 /* NOTE: pseudo length is not in this structure, so we skip */
1942 struct gsm48_system_information_type_5ter *si = msgb_l3(msg) + 1;
1943 struct gsm48_sysinfo *s = &ms->sysinfo;
1944 int payload_len = msgb_l3len(msg) - sizeof(*si) - 1;
1946 if (payload_len < 0) {
1947 LOGP(DRR, LOGL_NOTICE, "Short read of SYSTEM INFORMATION 5ter "
1952 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 5ter\n");
1954 if (!memcmp(si, s->si5t_msg, MIN(msgb_l3len(msg),
1955 sizeof(s->si5t_msg))))
1957 memcpy(s->si5t_msg, si, MIN(msgb_l3len(msg), sizeof(s->si5t_msg)));
1959 /* Neighbor Cell Description */
1960 gsm48_decode_freq_list(&ms->support, s->freq, si->bcch_frequency_list,
1961 sizeof(si->bcch_frequency_list), 0xce, FREQ_TYPE_REP_5ter);
1965 return gsm48_send_sysinfo(ms, si->system_information);
1968 /* receive "SYSTEM INFORMATION 6" message (9.1.39) */
1969 static int gsm48_rr_rx_sysinfo6(struct osmocom_ms *ms, struct msgb *msg)
1971 /* NOTE: pseudo length is not in this structure, so we skip */
1972 struct gsm48_system_information_type_6 *si = msgb_l3(msg) + 1;
1973 struct gsm48_sysinfo *s = &ms->sysinfo;
1974 int payload_len = msgb_l3len(msg) - sizeof(*si) - 1;
1976 if (payload_len < 0) {
1977 LOGP(DRR, LOGL_NOTICE, "Short read of SYSTEM INFORMATION 6 "
1982 if (!memcmp(si, s->si6_msg, MIN(msgb_l3len(msg), sizeof(s->si6_msg))))
1984 memcpy(s->si6_msg, si, MIN(msgb_l3len(msg), sizeof(s->si6_msg)));
1987 if (s->si6 && s->cell_id != ntohs(si->cell_identity))
1988 LOGP(DRR, LOGL_INFO, "Cell ID on SI 6 differs from previous "
1990 s->cell_id = ntohs(si->cell_identity);
1992 gsm48_decode_lai(&si->lai, &s->mcc, &s->mnc, &s->lac);
1993 /* Cell Options (SACCH) */
1994 gsm48_decode_cellopt_sacch(s, &si->cell_options);
1996 s->nb_ncc_permitted = si->ncc_permitted;
1997 /* SI 6 Rest Octets */
1998 if (payload_len >= 4)
1999 gsm48_decode_si6_rest(s, si->rest_octets, payload_len);
2001 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 6 (mcc %03d mnc %02d "
2002 "lac 0x%04x)\n", s->mcc, s->mnc, s->lac);
2006 return gsm48_send_sysinfo(ms, si->system_information);
2013 /* paging channel request */
2014 static int gsm48_rr_chan2cause[4] = {
2015 RR_EST_CAUSE_ANS_PAG_ANY,
2016 RR_EST_CAUSE_ANS_PAG_SDCCH,
2017 RR_EST_CAUSE_ANS_PAG_TCH_F,
2018 RR_EST_CAUSE_ANS_PAG_TCH_ANY
2021 /* given LV of mobile identity is checked agains ms */
2022 static int gsm_match_mi(struct osmocom_ms *ms, uint8_t *mi)
2030 mi_type = mi[1] & GSM_MI_TYPE_MASK;
2032 case GSM_MI_TYPE_TMSI:
2035 memcpy(&tmsi, mi+2, 4);
2036 if (ms->subscr.tmsi == ntohl(tmsi)
2037 && ms->subscr.tmsi_valid) {
2038 LOGP(DRR, LOGL_INFO, "TMSI %08x matches\n", ntohl(tmsi));
2042 LOGP(DRR, LOGL_INFO, "TMSI %08x (not for us)\n",
2045 case GSM_MI_TYPE_IMSI:
2046 gsm48_mi_to_string(imsi, sizeof(imsi), mi + 1, mi[0]);
2047 if (!strcmp(imsi, ms->subscr.imsi)) {
2048 LOGP(DRR, LOGL_INFO, "IMSI %s matches\n", imsi);
2052 LOGP(DRR, LOGL_INFO, "IMSI %s (not for us)\n", imsi);
2055 LOGP(DRR, LOGL_NOTICE, "Paging with unsupported MI type %d.\n",
2062 /* 9.1.22 PAGING REQUEST 1 message received */
2063 static int gsm48_rr_rx_pag_req_1(struct osmocom_ms *ms, struct msgb *msg)
2065 struct gsm48_rrlayer *rr = &ms->rrlayer;
2066 struct gsm322_cellsel *cs = &ms->cellsel;
2067 struct gsm48_paging1 *pa = msgb_l3(msg);
2068 int payload_len = msgb_l3len(msg) - sizeof(*pa);
2072 /* 3.3.1.1.2: ignore paging while not camping on a cell */
2073 if (rr->state != GSM48_RR_ST_IDLE
2074 && cs->state != GSM322_C3_CAMPED_NORMALLY) {
2075 LOGP(DRR, LOGL_INFO, "PAGING ignored, we are not camping "
2080 if (payload_len < 2) {
2082 LOGP(DRR, LOGL_NOTICE, "Short read of PAGING REQUEST 1 "
2087 /* channel needed */
2088 chan_1 = pa->cneed1;
2089 chan_2 = pa->cneed2;
2092 if (payload_len < mi[0] + 1)
2094 if (gsm_match_mi(ms, mi) > 0)
2095 return gsm48_rr_tx_chan_req(ms, gsm48_rr_chan2cause[chan_1], 1);
2097 payload_len -= mi[0] + 1;
2098 mi = pa->data + mi[0] + 1;
2099 if (payload_len < 2)
2101 if (mi[0] != GSM48_IE_MOBILE_ID)
2103 if (payload_len < mi[1] + 2)
2105 if (gsm_match_mi(ms, mi + 1) > 0)
2106 return gsm48_rr_tx_chan_req(ms, gsm48_rr_chan2cause[chan_2], 1);
2111 /* 9.1.23 PAGING REQUEST 2 message received */
2112 static int gsm48_rr_rx_pag_req_2(struct osmocom_ms *ms, struct msgb *msg)
2114 struct gsm48_rrlayer *rr = &ms->rrlayer;
2115 struct gsm322_cellsel *cs = &ms->cellsel;
2116 struct gsm48_paging2 *pa = msgb_l3(msg);
2117 int payload_len = msgb_l3len(msg) - sizeof(*pa);
2119 int chan_1, chan_2, chan_3;
2121 /* 3.3.1.1.2: ignore paging while not camping on a cell */
2122 if (rr->state != GSM48_RR_ST_IDLE
2123 && cs->state != GSM322_C3_CAMPED_NORMALLY) {
2124 LOGP(DRR, LOGL_INFO, "PAGING ignored, we are not camping "
2129 if (payload_len < 0) {
2131 LOGP(DRR, LOGL_NOTICE, "Short read of PAGING REQUEST 2 "
2136 /* channel needed */
2137 chan_1 = pa->cneed1;
2138 chan_2 = pa->cneed2;
2140 if (ms->subscr.tmsi == ntohl(pa->tmsi1)
2141 && ms->subscr.tmsi_valid)
2142 return gsm48_rr_tx_chan_req(ms, gsm48_rr_chan2cause[chan_1], 1);
2144 if (ms->subscr.tmsi == ntohl(pa->tmsi2)
2145 && ms->subscr.tmsi_valid)
2146 return gsm48_rr_tx_chan_req(ms, gsm48_rr_chan2cause[chan_2], 1);
2149 if (payload_len < 2)
2151 if (mi[0] != GSM48_IE_MOBILE_ID)
2153 if (payload_len < mi[1] + 2 + 1) /* must include "channel needed" */
2155 chan_3 = mi[mi[1] + 2] & 0x03; /* channel needed */
2156 if (gsm_match_mi(ms, mi + 1) > 0)
2157 return gsm48_rr_tx_chan_req(ms, gsm48_rr_chan2cause[chan_3], 1);
2162 /* 9.1.24 PAGING REQUEST 3 message received */
2163 static int gsm48_rr_rx_pag_req_3(struct osmocom_ms *ms, struct msgb *msg)
2165 struct gsm48_rrlayer *rr = &ms->rrlayer;
2166 struct gsm322_cellsel *cs = &ms->cellsel;
2167 struct gsm48_paging3 *pa = msgb_l3(msg);
2168 int payload_len = msgb_l3len(msg) - sizeof(*pa);
2169 int chan_1, chan_2, chan_3, chan_4;
2171 /* 3.3.1.1.2: ignore paging while not camping on a cell */
2172 if (rr->state != GSM48_RR_ST_IDLE
2173 && cs->state != GSM322_C3_CAMPED_NORMALLY) {
2174 LOGP(DRR, LOGL_INFO, "PAGING ignored, we are not camping "
2179 if (payload_len < 0) { /* must include "channel needed", part of *pa */
2180 LOGP(DRR, LOGL_NOTICE, "Short read of PAGING REQUEST 3 "
2185 /* channel needed */
2186 chan_1 = pa->cneed1;
2187 chan_2 = pa->cneed2;
2188 chan_3 = pa->cneed3;
2189 chan_4 = pa->cneed4;
2191 if (ms->subscr.tmsi == ntohl(pa->tmsi1)
2192 && ms->subscr.tmsi_valid)
2193 return gsm48_rr_tx_chan_req(ms, gsm48_rr_chan2cause[chan_1], 1);
2195 if (ms->subscr.tmsi == ntohl(pa->tmsi2)
2196 && ms->subscr.tmsi_valid)
2197 return gsm48_rr_tx_chan_req(ms, gsm48_rr_chan2cause[chan_2], 1);
2199 if (ms->subscr.tmsi == ntohl(pa->tmsi3)
2200 && ms->subscr.tmsi_valid)
2201 return gsm48_rr_tx_chan_req(ms, gsm48_rr_chan2cause[chan_3], 1);
2203 if (ms->subscr.tmsi == ntohl(pa->tmsi4)
2204 && ms->subscr.tmsi_valid)
2205 return gsm48_rr_tx_chan_req(ms, gsm48_rr_chan2cause[chan_4], 1);
2211 * (immediate) assignment
2214 /* match request reference agains request history */
2215 static int gsm48_match_ra(struct osmocom_ms *ms, struct gsm48_req_ref *ref)
2217 struct gsm48_rrlayer *rr = &ms->rrlayer;
2220 for (i = 0; i < 3; i++) {
2221 if (rr->cr_hist[i] >= 0
2222 && ref->ra == rr->cr_hist[i]) {
2223 LOGP(DRR, LOGL_INFO, "request %02x matches\n", ref->ra);
2224 // todo: match timeslot
2232 /* 9.1.3 sending ASSIGNMENT COMPLETE */
2233 static int gsm48_rr_tx_ass_cpl(struct osmocom_ms *ms, uint8_t cause)
2236 struct gsm48_hdr *gh;
2237 struct gsm48_ass_cpl *ac;
2239 LOGP(DRR, LOGL_INFO, "ASSIGNMENT COMPLETE (cause #%d)\n", cause);
2241 nmsg = gsm48_l3_msgb_alloc();
2244 gh = (struct gsm48_hdr *) msgb_put(nmsg, sizeof(*gh));
2245 ac = (struct gsm48_ass_cpl *) msgb_put(nmsg, sizeof(*ac));
2247 gh->proto_discr = GSM48_PDISC_RR;
2248 gh->msg_type = GSM48_MT_RR_ASS_COMPL;
2251 ac->rr_cause = cause;
2253 return gsm48_send_rsl(ms, RSL_MT_DATA_REQ, nmsg);
2256 /* 9.1.4 sending ASSIGNMENT FAILURE */
2257 static int gsm48_rr_tx_ass_fail(struct osmocom_ms *ms, uint8_t cause)
2260 struct gsm48_hdr *gh;
2261 struct gsm48_ass_fail *af;
2263 LOGP(DRR, LOGL_INFO, "ASSIGNMENT FAILURE (cause #%d)\n", cause);
2265 nmsg = gsm48_l3_msgb_alloc();
2268 gh = (struct gsm48_hdr *) msgb_put(nmsg, sizeof(*gh));
2269 af = (struct gsm48_ass_fail *) msgb_put(nmsg, sizeof(*af));
2271 gh->proto_discr = GSM48_PDISC_RR;
2272 gh->msg_type = GSM48_MT_RR_ASS_COMPL;
2275 af->rr_cause = cause;
2277 return gsm48_send_rsl(ms, RSL_MT_DATA_REQ, nmsg);
2280 /* 9.1.18 IMMEDIATE ASSIGNMENT is received */
2281 static int gsm48_rr_rx_imm_ass(struct osmocom_ms *ms, struct msgb *msg)
2283 struct gsm48_rrlayer *rr = &ms->rrlayer;
2284 struct gsm48_imm_ass *ia = msgb_l3(msg);
2285 int ma_len = msgb_l3len(msg) - sizeof(*ia);
2286 uint8_t ch_type, ch_subch, ch_ts;
2287 struct gsm48_rr_cd cd;
2288 uint8_t *st, st_len;
2290 memset(&cd, 0, sizeof(cd));
2292 if (ma_len < 0 /* mobile allocation IE must be included */
2293 || ia->mob_alloc_len > ma_len) { /* short read of IE */
2294 LOGP(DRR, LOGL_NOTICE, "Short read of IMMEDIATE ASSIGNMENT "
2298 if (ia->mob_alloc_len > 8) {
2299 LOGP(DRR, LOGL_NOTICE, "Moble allocation in IMMEDIATE "
2300 "ASSIGNMENT too large.\n");
2305 st_len = ma_len - ia->mob_alloc_len;
2306 st = ia->mob_alloc + ia->mob_alloc_len;
2307 if (st_len >= 3 && st[0] == GSM48_IE_START_TIME)
2308 gsm48_decode_start_time(&cd, (struct gsm48_start_time *)(st+1));
2310 /* decode channel description */
2311 rsl_dec_chan_nr(ia->chan_desc.chan_nr, &ch_type, &ch_subch, &ch_ts);
2312 if (ia->chan_desc.h0.h) {
2314 gsm48_decode_chan_h1(&ia->chan_desc, &cd.tsc, &cd.maio,
2316 LOGP(DRR, LOGL_INFO, "IMMEDIATE ASSIGNMENT (ra=0x%02x, "
2317 "chan_nr=0x%02x, MAIO=%u, HSN=%u, TS=%u, SS=%u, "
2318 "TSC=%u)\n", ia->req_ref.ra, ia->chan_desc.chan_nr,
2319 cd.maio, cd.hsn, ch_ts, ch_subch, cd.tsc);
2322 gsm48_decode_chan_h0(&ia->chan_desc, &cd.tsc, &cd.arfcn);
2323 LOGP(DRR, LOGL_INFO, "IMMEDIATE ASSIGNMENT (ra=0x%02x, "
2324 "chan_nr=0x%02x, ARFCN=%u, TS=%u, SS=%u, TSC=%u)\n",
2325 ia->req_ref.ra, ia->chan_desc.chan_nr, cd.arfcn,
2326 ch_ts, ch_subch, cd.tsc);
2329 /* 3.3.1.1.2: ignore assignment while idle */
2330 if (rr->state != GSM48_RR_ST_CONN_PEND || !rr->wait_assign) {
2331 LOGP(DRR, LOGL_INFO, "no previous request\n");
2336 if (gsm48_match_ra(ms, &ia->req_ref)) {
2337 /* channel description */
2338 memcpy(&rr->cd_now, &cd, sizeof(rr->cd_now));
2339 /* timing advance */
2340 rr->cd_now.ta = ia->timing_advance;
2341 /* mobile allocation */
2342 memcpy(&rr->cd_now.mob_alloc_lv, &ia->mob_alloc_len,
2343 ia->mob_alloc_len + 1);
2344 rr->wait_assign = 0;
2345 return gsm48_rr_dl_est(ms);
2347 LOGP(DRR, LOGL_INFO, "does not match our request\n");
2352 /* 9.1.19 IMMEDIATE ASSIGNMENT EXTENDED is received */
2353 static int gsm48_rr_rx_imm_ass_ext(struct osmocom_ms *ms, struct msgb *msg)
2355 struct gsm48_rrlayer *rr = &ms->rrlayer;
2356 struct gsm48_imm_ass_ext *ia = msgb_l3(msg);
2357 int ma_len = msgb_l3len(msg) - sizeof(*ia);
2358 uint8_t ch_type, ch_subch, ch_ts;
2359 struct gsm48_rr_cd cd1, cd2;
2360 uint8_t *st, st_len;
2362 memset(&cd1, 0, sizeof(cd1));
2363 memset(&cd2, 0, sizeof(cd2));
2365 if (ma_len < 0 /* mobile allocation IE must be included */
2366 || ia->mob_alloc_len > ma_len) { /* short read of IE */
2367 LOGP(DRR, LOGL_NOTICE, "Short read of IMMEDIATE ASSIGNMENT "
2368 "EXTENDED message.\n");
2371 if (ia->mob_alloc_len > 4) {
2372 LOGP(DRR, LOGL_NOTICE, "Moble allocation in IMMEDIATE "
2373 "ASSIGNMENT EXTENDED too large.\n");
2378 st_len = ma_len - ia->mob_alloc_len;
2379 st = ia->mob_alloc + ia->mob_alloc_len;
2380 if (st_len >= 3 && st[0] == GSM48_IE_START_TIME) {
2381 gsm48_decode_start_time(&cd1,
2382 (struct gsm48_start_time *)(st+1));
2383 memcpy(&cd2, &cd1, sizeof(cd2));
2386 /* decode channel description */
2387 LOGP(DRR, LOGL_INFO, "IMMEDIATE ASSIGNMENT ");
2388 rsl_dec_chan_nr(ia->chan_desc1.chan_nr, &ch_type, &ch_subch, &ch_ts);
2389 if (ia->chan_desc1.h0.h) {
2391 gsm48_decode_chan_h1(&ia->chan_desc1, &cd1.tsc, &cd1.maio,
2393 LOGP(DRR, LOGL_INFO, "1(ra=0x%02x, "
2394 "chan_nr=0x%02x, MAIO=%u, HSN=%u, TS=%u, SS=%u, "
2395 "TSC=%u)\n", ia->req_ref1.ra, ia->chan_desc1.chan_nr,
2396 cd1.maio, cd1.hsn, ch_ts, ch_subch, cd1.tsc);
2399 gsm48_decode_chan_h0(&ia->chan_desc1, &cd1.tsc, &cd1.arfcn);
2400 LOGP(DRR, LOGL_INFO, "1(ra=0x%02x, "
2401 "chan_nr=0x%02x, ARFCN=%u, TS=%u, SS=%u, TSC=%u)\n",
2402 ia->req_ref1.ra, ia->chan_desc1.chan_nr, cd1.arfcn,
2403 ch_ts, ch_subch, cd1.tsc);
2405 rsl_dec_chan_nr(ia->chan_desc2.chan_nr, &ch_type, &ch_subch, &ch_ts);
2406 if (ia->chan_desc2.h0.h) {
2408 gsm48_decode_chan_h1(&ia->chan_desc2, &cd1.tsc, &cd1.maio,
2410 LOGP(DRR, LOGL_INFO, "2(ra=0x%02x, "
2411 "chan_nr=0x%02x, MAIO=%u, HSN=%u, TS=%u, SS=%u, "
2412 "TSC=%u)\n", ia->req_ref2.ra, ia->chan_desc2.chan_nr,
2413 cd2.maio, cd2.hsn, ch_ts, ch_subch, cd2.tsc);
2416 gsm48_decode_chan_h0(&ia->chan_desc2, &cd2.tsc, &cd2.arfcn);
2417 LOGP(DRR, LOGL_INFO, "2(ra=0x%02x, "
2418 "chan_nr=0x%02x, ARFCN=%u, TS=%u, SS=%u, TSC=%u)\n",
2419 ia->req_ref2.ra, ia->chan_desc2.chan_nr, cd2.arfcn,
2420 ch_ts, ch_subch, cd2.tsc);
2423 /* 3.3.1.1.2: ignore assignment while idle */
2424 if (rr->state != GSM48_RR_ST_CONN_PEND || !rr->wait_assign) {
2425 LOGP(DRR, LOGL_INFO, "no previous request\n");
2430 if (gsm48_match_ra(ms, &ia->req_ref1)) {
2431 /* channel description */
2432 memcpy(&rr->cd_now, &cd1, sizeof(rr->cd_now));
2433 /* timing advance */
2434 rr->cd_now.ta = ia->timing_advance1;
2435 /* mobile allocation */
2436 memcpy(&rr->cd_now.mob_alloc_lv, &ia->mob_alloc_len,
2437 ia->mob_alloc_len + 1);
2438 rr->wait_assign = 0;
2439 return gsm48_rr_dl_est(ms);
2442 if (gsm48_match_ra(ms, &ia->req_ref2)) {
2443 /* channel description */
2444 memcpy(&rr->cd_now, &cd2, sizeof(rr->cd_now));
2445 /* timing advance */
2446 rr->cd_now.ta = ia->timing_advance2;
2447 /* mobile allocation */
2448 memcpy(&rr->cd_now.mob_alloc_lv, &ia->mob_alloc_len,
2449 ia->mob_alloc_len + 1);
2450 rr->wait_assign = 0;
2451 return gsm48_rr_dl_est(ms);
2453 LOGP(DRR, LOGL_INFO, "does not match our request\n");
2458 /* 9.1.20 IMMEDIATE ASSIGNMENT REJECT is received */
2459 static int gsm48_rr_rx_imm_ass_rej(struct osmocom_ms *ms, struct msgb *msg)
2461 struct gsm48_rrlayer *rr = &ms->rrlayer;
2462 struct gsm48_imm_ass_rej *ia = msgb_l3(msg);
2463 int payload_len = msgb_l3len(msg) - sizeof(*ia);
2465 struct gsm48_req_ref *req_ref;
2466 uint8_t t3122_value;
2468 /* 3.3.1.1.2: ignore assignment while idle */
2469 if (rr->state != GSM48_RR_ST_CONN_PEND || !rr->wait_assign)
2472 if (payload_len < 0) {
2473 LOGP(DRR, LOGL_NOTICE, "Short read of IMMEDIATE ASSIGNMENT "
2474 "REJECT message.\n");
2478 for (i = 0; i < 4; i++) {
2479 /* request reference */
2480 req_ref = (struct gsm48_req_ref *)
2481 (((uint8_t *)&ia->req_ref1) + i * 4);
2482 LOGP(DRR, LOGL_INFO, "IMMEDIATE ASSIGNMENT REJECT "
2483 "(ref 0x%02x)\n", req_ref->ra);
2484 if (gsm48_match_ra(ms, req_ref)) {
2485 /* wait indication */
2486 t3122_value = *(((uint8_t *)&ia->wait_ind1) + i * 4);
2488 start_rr_t3122(rr, t3122_value, 0);
2489 /* start timer 3126 if not already */
2490 if (!bsc_timer_pending(&rr->t3126))
2491 start_rr_t3126(rr, 5, 0); /* TODO improve! */
2492 /* stop assignmnet requests */
2495 /* wait until timer 3126 expires, then release
2496 * or wait for channel assignment */
2504 /* 9.1.1 ADDITIONAL ASSIGMENT is received */
2505 static int gsm48_rr_rx_add_ass(struct osmocom_ms *ms, struct msgb *msg)
2507 struct gsm48_hdr *gh = msgb_l3(msg);
2508 struct gsm48_add_ass *aa = (struct gsm48_add_ass *)gh->data;
2509 int payload_len = msgb_l3len(msg) - sizeof(*gh) - sizeof(*aa);
2510 struct tlv_parsed tp;
2512 if (payload_len < 0) {
2513 LOGP(DRR, LOGL_NOTICE, "Short read of ADDITIONAL ASSIGNMENT "
2515 return gsm48_rr_tx_rr_status(ms,
2516 GSM48_RR_CAUSE_PROT_ERROR_UNSPC);
2518 tlv_parse(&tp, &gsm48_rr_att_tlvdef, aa->data, payload_len, 0, 0);
2520 return gsm48_rr_tx_rr_status(ms, GSM48_RR_CAUSE_PROT_ERROR_UNSPC);
2524 * measturement reports
2527 static int gsm48_rr_tx_meas_rep(struct osmocom_ms *ms)
2529 struct gsm48_rrlayer *rr = &ms->rrlayer;
2530 struct gsm48_rr_meas *meas = &rr->meas;
2532 struct gsm48_hdr *gh;
2533 struct gsm48_meas_res *mr;
2535 nmsg = gsm48_l3_msgb_alloc();
2538 gh = (struct gsm48_hdr *) msgb_put(nmsg, sizeof(*gh));
2539 mr = (struct gsm48_meas_res *) msgb_put(nmsg, sizeof(*mr));
2541 gh->proto_discr = GSM48_PDISC_RR;
2542 gh->msg_type = GSM48_MT_RR_MEAS_REP;
2544 /* measurement results */
2545 mr->rxlev_full = meas->rxlev_full;
2546 mr->rxlev_sub = meas->rxlev_sub;
2547 mr->rxqual_full = meas->rxqual_full;
2548 mr->rxqual_sub = meas->rxqual_sub;
2549 mr->dtx_used = meas->dtx;
2550 mr->ba_used = meas->ba;
2551 mr->meas_valid = meas->meas_valid;
2552 if (meas->ncell_na) {
2553 /* no results for serving cells */
2557 mr->no_nc_n_hi = meas->count >> 2;
2558 mr->no_nc_n_lo = meas->count & 3;
2560 mr->rxlev_nc1 = meas->rxlev_nc[0];
2561 mr->rxlev_nc2_hi = meas->rxlev_nc[1] >> 1;
2562 mr->rxlev_nc2_lo = meas->rxlev_nc[1] & 1;
2563 mr->rxlev_nc3_hi = meas->rxlev_nc[2] >> 2;
2564 mr->rxlev_nc3_lo = meas->rxlev_nc[2] & 3;
2565 mr->rxlev_nc4_hi = meas->rxlev_nc[3] >> 3;
2566 mr->rxlev_nc4_lo = meas->rxlev_nc[3] & 7;
2567 mr->rxlev_nc5_hi = meas->rxlev_nc[4] >> 4;
2568 mr->rxlev_nc5_lo = meas->rxlev_nc[4] & 15;
2569 mr->rxlev_nc6_hi = meas->rxlev_nc[5] >> 5;
2570 mr->rxlev_nc6_lo = meas->rxlev_nc[5] & 31;
2571 mr->bsic_nc1_hi = meas->bsic_nc[0] >> 3;
2572 mr->bsic_nc1_lo = meas->bsic_nc[0] & 7;
2573 mr->bsic_nc2_hi = meas->bsic_nc[1] >> 4;
2574 mr->bsic_nc2_lo = meas->bsic_nc[1] & 15;
2575 mr->bsic_nc3_hi = meas->bsic_nc[2] >> 5;
2576 mr->bsic_nc3_lo = meas->bsic_nc[2] & 31;
2577 mr->bsic_nc4 = meas->bsic_nc[3];
2578 mr->bsic_nc5 = meas->bsic_nc[4];
2579 mr->bsic_nc6 = meas->bsic_nc[5];
2580 mr->bcch_f_nc1 = meas->bcch_f_nc[0];
2581 mr->bcch_f_nc2 = meas->bcch_f_nc[1];
2582 mr->bcch_f_nc3 = meas->bcch_f_nc[2];
2583 mr->bcch_f_nc4 = meas->bcch_f_nc[3];
2584 mr->bcch_f_nc5_hi = meas->bcch_f_nc[4] >> 1;
2585 mr->bcch_f_nc5_lo = meas->bcch_f_nc[4] & 1;
2586 mr->bcch_f_nc6_hi = meas->bcch_f_nc[5] >> 2;
2587 mr->bcch_f_nc6_lo = meas->bcch_f_nc[5] & 3;
2589 return gsm48_send_rsl(ms, RSL_MT_UNIT_DATA_REQ, nmsg);
2593 * link establishment and release
2596 /* activate link and send establish request */
2597 static int gsm48_rr_dl_est(struct osmocom_ms *ms)
2599 struct gsm48_rrlayer *rr = &ms->rrlayer;
2600 struct gsm_subscriber *subscr = &ms->subscr;
2602 struct gsm48_hdr *gh;
2603 struct gsm48_pag_rsp *pr;
2609 /* flush pending RACH requests */
2611 rr->n_chan_req = 0; // just to be safe
2612 nmsg = msgb_alloc_headroom(20, 16, "RAND_FLUSH");
2615 gsm48_send_rsl(ms, RSL_MT_RAND_ACC_FLSH, msg);
2617 if (bsc_timer_pending(&rr->temp_rach_ti))
2618 bsc_del_timer(&rr->temp_rach_ti);
2621 /* send DL_EST_REQ */
2622 if (rr->rr_est_msg) {
2623 /* use queued message */
2624 nmsg = rr->rr_est_msg;
2626 LOGP(DRR, LOGL_INFO, "sending establish message\n");
2628 /* create paging response */
2629 nmsg = gsm48_l3_msgb_alloc();
2632 gh = (struct gsm48_hdr *) msgb_put(nmsg, sizeof(*gh));
2633 pr = (struct gsm48_pag_rsp *) msgb_put(nmsg, sizeof(*pr));
2635 pr->key_seq = subscr->key_seq;
2637 pr->cm2_len = sizeof(pr->cm2);
2638 gsm48_rr_enc_cm2(ms, &pr->cm2);
2639 /* mobile identity */
2640 if (ms->subscr.tmsi_valid) {
2641 gsm48_generate_mid_from_tmsi(mi, subscr->tmsi);
2642 LOGP(DRR, LOGL_INFO, "sending paging response with "
2644 } else if (subscr->imsi[0]) {
2645 gsm48_generate_mid_from_imsi(mi, subscr->imsi);
2646 LOGP(DRR, LOGL_INFO, "sending paging response with "
2650 mi[2] = 0xf0 | GSM_MI_TYPE_NONE;
2651 LOGP(DRR, LOGL_INFO, "sending paging response without "
2654 msgb_put(nmsg, 1 + mi[1]);
2655 memcpy(pr->data, mi + 1, 1 + mi[1]);
2658 /* activate channel */
2660 RSL_MT_ to activate channel with all the cd_now informations
2662 rr->arfcn = rr->cd_now.chan_nr;
2663 tx_ph_dm_est_req(ms, rr->cd_now.arfcn, rr->arfcn);
2666 /* start establishmnet */
2667 return gsm48_send_rsl(ms, RSL_MT_EST_REQ, nmsg);
2670 /* the link is established */
2671 static int gsm48_rr_estab_cnf(struct osmocom_ms *ms, struct msgb *msg)
2673 struct gsm48_rrlayer *rr = &ms->rrlayer;
2676 /* if MM has releases before confirm, we start release */
2677 if (rr->state == GSM48_RR_ST_IDLE) {
2678 LOGP(DRR, LOGL_INFO, "MM already released RR.\n");
2679 /* release message */
2680 nmsg = gsm48_l3_msgb_alloc();
2684 return gsm48_send_rsl(ms, RSL_MT_REL_REQ, nmsg);
2688 new_rr_state(rr, GSM48_RR_ST_DEDICATED);
2690 /* send confirm to upper layer */
2691 nmsg = gsm48_rr_msgb_alloc(
2692 (rr->rr_est_req) ? GSM48_RR_EST_CNF : GSM48_RR_EST_IND);
2695 return gsm48_rr_upmsg(ms, nmsg);
2698 /* the link is released */
2699 static int gsm48_rr_rel_cnf(struct osmocom_ms *ms, struct msgb *msg)
2701 struct gsm48_rrlayer *rr = &ms->rrlayer;
2703 /* deactivate channel */
2704 LOGP(DRR, LOGL_INFO, "deactivating channel (arfcn %d)\n", rr->arfcn);
2706 release and give new arfcn
2707 tx_ph_dm_rel_req(ms, arfcn, rr->chan_desc.chan_desc.chan_nr);
2709 l1ctl_tx_ccch_req(ms, rr->arfcn);
2712 /* do nothing, because we aleady IDLE
2713 * or we received the rel cnf of the last connection
2714 * while already requesting a new one (CONN PEND)
2721 * radio ressource requests
2724 /* establish request for dedicated mode */
2725 static int gsm48_rr_est_req(struct osmocom_ms *ms, struct msgb *msg)
2727 struct gsm48_rrlayer *rr = &ms->rrlayer;
2728 struct gsm322_cellsel *cs = &ms->cellsel;
2729 struct gsm48_sysinfo *s = &ms->sysinfo;
2730 struct gsm_subscriber *subscr = &ms->subscr;
2731 struct gsm48_rr_hdr *rrh = (struct gsm48_rr_hdr *) msg->data;
2732 struct gsm48_hdr *gh = msgb_l3(msg);
2735 struct gsm48_rr_hdr *nrrh;
2739 if (bsc_timer_pending(&rr->t3122)) {
2740 if (rrh->cause != RR_EST_CAUSE_EMERGENCY) {
2741 LOGP(DRR, LOGL_INFO, "T3122 running, rejecting!\n");
2742 cause = RR_REL_CAUSE_T3122;
2744 nmsg = gsm48_rr_msgb_alloc(GSM48_RR_REL_IND);
2747 nrrh = (struct gsm48_rr_hdr *)nmsg->data;
2748 nrrh->cause = cause;
2749 return gsm48_rr_upmsg(ms, nmsg);
2751 LOGP(DRR, LOGL_INFO, "T3122 running, but emergency call\n");
2755 /* check if camping */
2756 if (cs->state != GSM322_C3_CAMPED_NORMALLY
2757 && rrh->cause != RR_EST_CAUSE_EMERGENCY) {
2758 LOGP(DRR, LOGL_INFO, "Not camping normally, rejecting!\n");
2759 cause = RR_REL_CAUSE_EMERGENCY_ONLY;
2762 if (cs->state != GSM322_C3_CAMPED_NORMALLY
2763 && cs->state != GSM322_C7_CAMPED_ANY_CELL) {
2764 LOGP(DRR, LOGL_INFO, "Not camping, rejecting!\n");
2765 cause = RR_REL_CAUSE_TRY_LATER;
2769 /* check for relevant informations */
2771 LOGP(DRR, LOGL_INFO, "Not enough SI, rejecting!\n");
2772 cause = RR_REL_CAUSE_TRY_LATER;
2777 if (!subscr->acc_barr && s->cell_barr) {
2778 LOGP(DRR, LOGL_INFO, "Cell barred, rejecting!\n");
2779 cause = RR_REL_CAUSE_NOT_AUTHORIZED;
2782 if (rrh->cause == RR_EST_CAUSE_EMERGENCY)
2783 acc_class = subscr->acc_class | 0x0400;
2785 acc_class = subscr->acc_class & 0xfbff;
2786 if (!subscr->acc_barr && !(acc_class & (s->class_barr ^ 0xffff))) {
2787 LOGP(DRR, LOGL_INFO, "Cell barred for our access class (access "
2788 "%04x barred %04x)!\n", acc_class, s->class_barr);
2789 cause = RR_REL_CAUSE_NOT_AUTHORIZED;
2793 /* requested by RR */
2796 /* clone and store REQUEST message */
2798 LOGP(DRR, LOGL_ERROR, "Error, missing l3 message\n");
2801 rr->rr_est_msg = msgb_alloc_headroom(256, 16, "EST_REQ");
2802 if (!rr->rr_est_msg)
2804 memcpy(msgb_put(rr->rr_est_msg, msgb_l3len(msg)),
2805 msgb_l3(msg), msgb_l3len(msg));
2807 /* request channel */
2808 return gsm48_rr_tx_chan_req(ms, rrh->cause, 0);
2811 /* send all queued messages down to layer 2 */
2812 static int gsm48_rr_dequeue_down(struct osmocom_ms *ms)
2814 struct gsm48_rrlayer *rr = &ms->rrlayer;
2817 while((msg = msgb_dequeue(&rr->downqueue))) {
2818 LOGP(DRR, LOGL_INFO, "Sending queued message.\n");
2819 gsm48_send_rsl(ms, RSL_MT_DATA_REQ, msg);
2825 /* 3.4.2 transfer data in dedicated mode */
2826 static int gsm48_rr_data_req(struct osmocom_ms *ms, struct msgb *msg)
2828 struct gsm48_rrlayer *rr = &ms->rrlayer;
2830 if (rr->state != GSM48_RR_ST_DEDICATED) {
2835 /* pull RR header */
2836 msgb_pull(msg, sizeof(struct gsm48_rr_hdr));
2838 /* queue message, during handover or assignment procedure */
2839 if (rr->hando_susp_state || rr->assign_susp_state) {
2840 LOGP(DRR, LOGL_INFO, "Queueing message during suspend.\n");
2841 msgb_enqueue(&rr->downqueue, msg);
2845 /* forward message */
2846 return gsm48_send_rsl(ms, RSL_MT_DATA_REQ, msg);
2850 * data indications from data link
2853 /* 3.4.2 data from layer 2 to RR and upper layer*/
2854 static int gsm48_rr_data_ind(struct osmocom_ms *ms, struct msgb *msg)
2856 struct gsm48_hdr *gh = msgb_l3(msg);
2857 struct gsm48_rr_hdr *rrh;
2858 uint8_t pdisc = gh->proto_discr & 0x0f;
2860 if (pdisc == GSM48_PDISC_RR) {
2862 uint8_t skip_ind = (gh->proto_discr & 0xf0) >> 4;
2864 /* ignore if skip indicator is not B'0000' */
2868 switch(gh->msg_type) {
2869 case GSM48_MT_RR_ADD_ASS:
2870 rc = gsm48_rr_rx_add_ass(ms, msg);
2873 case GSM48_MT_RR_ASS_CMD:
2874 rc = gsm48_rr_rx_ass_cmd(ms, msg);
2876 case GSM48_MT_RR_CIP_MODE_CMD:
2877 rc = gsm48_rr_rx_cip_mode_cmd(ms, msg);
2880 case GSM48_MT_RR_CLSM_ENQ:
2881 rc = gsm48_rr_rx_cm_enq(ms, msg);
2884 case GSM48_MT_RR_HANDO_CMD:
2885 rc = gsm48_rr_rx_hando_cmd(ms, msg);
2887 case GSM48_MT_RR_FREQ_REDEF:
2888 rc = gsm48_rr_rx_freq_redef(ms, msg);
2892 LOGP(DRR, LOGL_NOTICE, "Message type 0x%02x unknown.\n",
2895 /* status message */
2896 gsm48_rr_tx_rr_status(ms, GSM48_RR_CAUSE_MSG_TYPE_N);
2903 /* pull off RSL header up to L3 message */
2904 msgb_pull(msg, (long)msgb_l3(msg) - (long)msg->data);
2906 /* push RR header */
2907 msgb_push(msg, sizeof(struct gsm48_rr_hdr));
2908 rrh = (struct gsm48_rr_hdr *)msg->data;
2909 rrh->msg_type = GSM48_RR_DATA_IND;
2911 return gsm48_rr_upmsg(ms, msg);
2914 /* receive BCCH at RR layer */
2915 static int gsm48_rr_rx_bcch(struct osmocom_ms *ms, struct msgb *msg)
2917 struct gsm48_system_information_type_header *sih = msgb_l3(msg);
2919 switch (sih->system_information) {
2920 case GSM48_MT_RR_SYSINFO_1:
2921 return gsm48_rr_rx_sysinfo1(ms, msg);
2922 case GSM48_MT_RR_SYSINFO_2:
2923 return gsm48_rr_rx_sysinfo2(ms, msg);
2924 case GSM48_MT_RR_SYSINFO_2bis:
2925 return gsm48_rr_rx_sysinfo2bis(ms, msg);
2926 case GSM48_MT_RR_SYSINFO_2ter:
2927 return gsm48_rr_rx_sysinfo2ter(ms, msg);
2928 case GSM48_MT_RR_SYSINFO_3:
2929 return gsm48_rr_rx_sysinfo3(ms, msg);
2930 case GSM48_MT_RR_SYSINFO_4:
2931 return gsm48_rr_rx_sysinfo4(ms, msg);
2933 LOGP(DRR, LOGL_NOTICE, "BCCH message type 0x%02x unknown.\n",
2934 sih->system_information);
2939 /* receive CCCH at RR layer */
2940 static int gsm48_rr_rx_ccch(struct osmocom_ms *ms, struct msgb *msg)
2942 struct gsm48_system_information_type_header *sih = msgb_l3(msg);
2943 struct gsm322_cellsel *cs = &ms->cellsel;
2945 /* when changing/deactivating ccch, ignore pending messages */
2946 if (!cs->ccch_active)
2949 switch (sih->system_information) {
2950 case GSM48_MT_RR_SYSINFO_5:
2951 return gsm48_rr_rx_sysinfo5(ms, msg);
2952 case GSM48_MT_RR_SYSINFO_5bis:
2953 return gsm48_rr_rx_sysinfo5bis(ms, msg);
2954 case GSM48_MT_RR_SYSINFO_5ter:
2955 return gsm48_rr_rx_sysinfo5ter(ms, msg);
2956 case GSM48_MT_RR_SYSINFO_6:
2957 return gsm48_rr_rx_sysinfo6(ms, msg);
2959 case GSM48_MT_RR_PAG_REQ_1:
2960 return gsm48_rr_rx_pag_req_1(ms, msg);
2961 case GSM48_MT_RR_PAG_REQ_2:
2962 return gsm48_rr_rx_pag_req_2(ms, msg);
2963 case GSM48_MT_RR_PAG_REQ_3:
2964 return gsm48_rr_rx_pag_req_3(ms, msg);
2965 case GSM48_MT_RR_IMM_ASS:
2966 return gsm48_rr_rx_imm_ass(ms, msg);
2967 case GSM48_MT_RR_IMM_ASS_EXT:
2968 return gsm48_rr_rx_imm_ass_ext(ms, msg);
2969 case GSM48_MT_RR_IMM_ASS_REJ:
2970 return gsm48_rr_rx_imm_ass_rej(ms, msg);
2972 LOGP(DRR, LOGL_NOTICE, "CCCH message type 0x%02x unknown.\n",
2973 sih->system_information);
2978 /* unit data from layer 2 to RR layer */
2979 static int gsm48_rr_unit_data_ind(struct osmocom_ms *ms, struct msgb *msg)
2981 struct abis_rsl_rll_hdr *rllh = msgb_l2(msg);
2982 struct tlv_parsed tv;
2984 DEBUGP(DRSL, "RSLms UNIT DATA IND chan_nr=0x%02x link_id=0x%02x\n",
2985 rllh->chan_nr, rllh->link_id);
2987 rsl_tlv_parse(&tv, rllh->data, msgb_l2len(msg)-sizeof(*rllh));
2988 if (!TLVP_PRESENT(&tv, RSL_IE_L3_INFO)) {
2989 DEBUGP(DRSL, "UNIT_DATA_IND without L3 INFO ?!?\n");
2992 msg->l3h = (uint8_t *) TLVP_VAL(&tv, RSL_IE_L3_INFO);
2994 switch (rllh->chan_nr) {
2995 case RSL_CHAN_PCH_AGCH:
2996 return gsm48_rr_rx_ccch(ms, msg);
2998 return gsm48_rr_rx_bcch(ms, msg);
3000 LOGP(DRSL, LOGL_NOTICE, "RSL with chan_nr 0x%02x unknown.\n",
3010 /* state trasitions for link layer messages (lower layer) */
3011 static struct dldatastate {
3014 const char *type_name;
3015 int (*rout) (struct osmocom_ms *ms, struct msgb *msg);
3016 } dldatastatelist[] = {
3017 {SBIT(GSM48_RR_ST_IDLE) | SBIT(GSM48_RR_ST_CONN_PEND),
3018 RSL_MT_UNIT_DATA_IND, "UNIT_DATA_IND", gsm48_rr_unit_data_ind},
3019 {SBIT(GSM48_RR_ST_DEDICATED), /* 3.4.2 */
3020 RSL_MT_DATA_IND, "DATA_IND", gsm48_rr_data_ind},
3021 {SBIT(GSM48_RR_ST_IDLE) | SBIT(GSM48_RR_ST_CONN_PEND),
3022 RSL_MT_EST_CONF, "EST_CONF", gsm48_rr_estab_cnf},
3024 {SBIT(GSM48_RR_ST_DEDICATED),
3025 RSL_MT_EST_CONF, "EST_CONF", gsm48_rr_estab_cnf_dedicated},
3027 RSL_MT_CONNECT_CNF, "CONNECT_CNF", gsm48_rr_connect_cnf},
3029 RSL_MT_RELEASE_IND, "REL_IND", gsm48_rr_rel_ind},
3031 {SBIT(GSM48_RR_ST_IDLE) | SBIT(GSM48_RR_ST_CONN_PEND),
3032 RSL_MT_REL_CONF, "REL_CONF", gsm48_rr_rel_cnf},
3034 {SBIT(GSM48_RR_ST_DEDICATED),
3035 RSL_MT_REL_CONF, "REL_CONF", gsm48_rr_rel_cnf_dedicated},
3037 {SBIT(GSM48_RR_ST_CONN_PEND), /* 3.3.1.1.2 */
3038 RSL_MT_CHAN_CNF, "CHAN_CNF", gsm48_rr_rand_acc_cnf},
3040 {SBIT(GSM48_RR_ST_DEDICATED),
3041 RSL_MT_CHAN_CNF, "CHAN_CNF", gsm48_rr_rand_acc_cnf_dedicated},
3043 RSL_MT_MDL_ERROR_IND, "MDL_ERROR_IND", gsm48_rr_mdl_error_ind},
3047 #define DLDATASLLEN \
3048 (sizeof(dldatastatelist) / sizeof(struct dldatastate))
3050 static int gsm48_rcv_rsl(struct osmocom_ms *ms, struct msgb *msg)
3052 struct gsm48_rrlayer *rr = &ms->rrlayer;
3053 struct abis_rsl_rll_hdr *rllh = msgb_l2(msg);
3054 int msg_type = rllh->c.msg_type;
3058 /* find function for current state and message */
3059 for (i = 0; i < DLDATASLLEN; i++)
3060 if ((msg_type == dldatastatelist[i].type)
3061 && ((1 << rr->state) & dldatastatelist[i].states))
3063 if (i == DLDATASLLEN) {
3064 LOGP(DRSL, LOGL_NOTICE, "RSLms message 0x%02x unhandled at "
3065 "state %s.\n", msg_type, gsm48_rr_state_names[rr->state]);
3069 LOGP(DRSL, LOGL_INFO, "(ms %s) Received 'RSL_MT_%s' from RSL in state "
3070 "%s\n", ms->name, dldatastatelist[i].type_name,
3071 gsm48_rr_state_names[rr->state]);
3073 rc = dldatastatelist[i].rout(ms, msg);
3075 /* free msgb unless it is forwarded */
3076 if (dldatastatelist[i].rout != gsm48_rr_data_ind)
3084 /* state trasitions for RR-SAP messages from up */
3085 static struct rrdownstate {
3088 int (*rout) (struct osmocom_ms *ms, struct msgb *msg);
3089 } rrdownstatelist[] = {
3090 {SBIT(GSM48_RR_ST_IDLE), /* 3.3.1.1 */
3091 GSM48_RR_EST_REQ, gsm48_rr_est_req},
3092 {SBIT(GSM48_RR_ST_DEDICATED), /* 3.4.2 */
3093 GSM48_RR_DATA_REQ, gsm48_rr_data_req},
3095 {SBIT(GSM48_RR_ST_CONN_PEND) | SBIT(GSM48_RR_ST_DEDICATED),
3096 GSM48_RR_ABORT_REQ, gsm48_rr_abort_req},
3097 {SBIT(GSM48_RR_ST_DEDICATED),
3098 GSM48_RR_ACT_REQ, gsm48_rr_act_req},
3102 #define RRDOWNSLLEN \
3103 (sizeof(rrdownstatelist) / sizeof(struct rrdownstate))
3105 int gsm48_rr_downmsg(struct osmocom_ms *ms, struct msgb *msg)
3107 struct gsm48_rrlayer *rr = &ms->rrlayer;
3108 struct gsm48_rr_hdr *rrh = (struct gsm48_rr_hdr *) msg->data;
3109 int msg_type = rrh->msg_type;
3113 LOGP(DRR, LOGL_INFO, "(ms %s) Message '%s' received in state %s\n",
3114 ms->name, get_rr_name(msg_type),
3115 gsm48_rr_state_names[rr->state]);
3117 /* find function for current state and message */
3118 for (i = 0; i < RRDOWNSLLEN; i++)
3119 if ((msg_type == rrdownstatelist[i].type)
3120 && ((1 << rr->state) & rrdownstatelist[i].states))
3122 if (i == RRDOWNSLLEN) {
3123 LOGP(DRR, LOGL_NOTICE, "Message unhandled at this state.\n");
3128 rc = rrdownstatelist[i].rout(ms, msg);
3130 /* free msgb uless it is forwarded */
3131 if (rrdownstatelist[i].rout != gsm48_rr_data_req)
3141 int gsm48_rr_init(struct osmocom_ms *ms)
3143 struct gsm48_rrlayer *rr = &ms->rrlayer;
3145 memset(rr, 0, sizeof(*rr));
3148 LOGP(DRR, LOGL_INFO, "init Radio Ressource process\n");
3150 INIT_LLIST_HEAD(&rr->rsl_upqueue);
3151 INIT_LLIST_HEAD(&rr->downqueue);
3152 /* downqueue is handled here, so don't add_work */
3154 osmol2_register_handler(ms, &gsm48_rx_rsl);
3159 int gsm48_rr_exit(struct osmocom_ms *ms)
3161 struct gsm48_rrlayer *rr = &ms->rrlayer;
3164 LOGP(DRR, LOGL_INFO, "exit Radio Ressource process\n");
3167 while ((msg = msgb_dequeue(&rr->rsl_upqueue)))
3169 while ((msg = msgb_dequeue(&rr->downqueue)))
3172 if (rr->rr_est_msg) {
3173 msgb_free(rr->rr_est_msg);
3174 rr->rr_est_msg = NULL;
3185 the process above is complete
3186 ------------------------------------------------------------------------------
3209 add support structure
3210 initialize support structure
3212 queue messages (rslms_data_req) if channel changes
3214 flush rach msg in all cases: during sending, after its done, and when aborted
3215 stop timers on abort
3216 debugging. (wenn dies todo erledigt ist, bitte in den anderen code moven)
3217 wird beim abbruch immer der gepufferte cm-service-request entfernt, auch beim verschicken?:
3219 todo rr_sync_ind when receiving ciph, re ass, channel mode modify
3221 todo change procedures, release procedure
3223 during procedures, like "channel assignment" or "handover", rr requests must be queued
3224 they must be dequeued when complete
3225 they queue must be flushed when rr fails
3227 #include <osmocore/protocol/gsm_04_08.h>
3228 #include <osmocore/msgb.h>
3229 #include <osmocore/utils.h>
3230 #include <osmocore/gsm48.h>
3232 static int gsm48_rr_abort_req(struct osmocom_ms *ms, struct gsm48_rr *rrmsg)
3234 struct gsm48_rrlayer *rr = ms->rrlayer;
3236 if (rr->state == GSM48_RR_ST_DEDICATED) {
3237 struct gsm_dl dlmsg;
3239 memset(&dlmsg, 0, sizeof(dlmsg));
3240 return gsm48_send_rsl(ms, RSL_MT_REL_REQ, nmsg);
3242 new_rr_state(rr, GSM48_RR_ST_IDLE);
3245 static int gsm48_rr_act_req(struct osmocom_ms *ms, struct gsm48_rr *rrmsg)
3252 /* memcopy of LV of given IE from tlv_parsed structure */
3253 static int tlv_copy(void *dest, int dest_len, struct tlv_parsed *tp, uint8_t ie)
3262 if (!TLVP_PRESENT(tp, ie))
3265 len = TLVP_LEN(tp, ie);
3268 if (len + 1 > dest_len)
3271 memcpy(dest, TLVP_VAL(tp, ie) - 1, len + 1);
3275 static int gsm48_rr_rx_ass_cmd(struct osmocom_ms *ms, struct msgb *msg)
3277 struct gsm48_rrlayer *rr = ms->rrlayer;
3278 struct gsm48_hdr *gh = msgb_l3(msg);
3279 struct gsm48_ass_cmd *ac = (struct gsm48_ass_cmd *)gh->data;
3280 int payload_len = msgb_l3len(msg) - sizeof(*gh) - sizeof(*ac);
3281 struct tlv_parsed tp;
3282 struct gsm48_rr_chan_desc cd;
3285 memset(&cd, 0, sizeof(cd));
3287 if (payload_len < 0) {
3288 LOGP(DRR, LOGL_NOTICE, "Short read of ASSIGNMENT COMMAND message.\n");
3289 return gsm48_rr_tx_rr_status(ms, GSM48_RR_CAUSE_PROT_ERROR_UNSPC);
3291 tlv_parse(&tp, &gsm48_rr_att_tlvdef, ac->data, payload_len, 0, 0);
3293 /* channel description */
3294 memcpy(&cd.chan_desc, &ac->chan_desc, sizeof(chan_desc));
3296 cd.power_command = ac->power_command;
3297 /* frequency list, after timer */
3298 tlv_copy(&cd.fl, sizeof(fl_after), &tp, GSM48_IE_FRQLIST_AFTER);
3299 /* cell channel description */
3300 tlv_copy(&cd.ccd, sizeof(ccd), &tp, GSM48_IE_CELL_CH_DESC);
3301 /* multislot allocation */
3302 tlv_copy(&cd.multia, sizeof(ma), &tp, GSM48_IE_MSLOT_DESC);
3304 tlv_copy(&cd.chanmode, sizeof(chanmode), &tp, GSM48_IE_CHANMODE_1);
3305 /* mobile allocation, after time */
3306 tlv_copy(&cd.moba_after, sizeof(moba_after), &tp, GSM48_IE_MOB_AL_AFTER);
3308 tlv_copy(&cd.start, sizeof(start), &tp, GSM_IE_START_TIME);
3309 /* frequency list, before time */
3310 tlv_copy(&cd.fl_before, sizeof(fl_before), &tp, GSM48_IE_FRQLIST_BEFORE);
3311 /* channel description, before time */
3312 tlv_copy(&cd.chan_desc_before, sizeof(cd_before), &tp, GSM48_IE_CHDES_1_BEFORE);
3313 /* frequency channel sequence, before time */
3314 tlv_copy(&cd.fcs_before, sizeof(fcs_before), &tp, GSM48_IE_FRQSEQ_BEFORE);
3315 /* mobile allocation, before time */
3316 tlv_copy(&cd.moba_before, sizeof(moba_before), &tp, GSM48_IE_MOB_AL_BEFORE);
3317 /* cipher mode setting */
3318 if (TLVP_PRESENT(&tp, GSM48_IE_CIP_MODE_SET))
3319 cd.cipher = *TLVP_VAL(&tp, GSM48_IE_CIP_MODE_SET);
3324 LOGP(DRR, LOGL_INFO, "No current cell allocation available.\n");
3325 return gsm48_rr_tx_rr_status(ms, GSM48_RR_CAUSE_NO_CELL_ALLOC_A);
3328 if (not supported) {
3329 LOGP(DRR, LOGL_INFO, "New channel is not supported.\n");
3330 return gsm48_rr_tx_rr_status(ms, RR_CAUSE_CHAN_MODE_UNACCEPT);
3333 if (freq not supported) {
3334 LOGP(DRR, LOGL_INFO, "New frequency is not supported.\n");
3335 return gsm48_rr_tx_rr_status(ms, RR_CAUSE_FREQ_NOT_IMPLEMENTED);
3338 /* store current channel descriptions, to return in case of failure */
3339 memcpy(&rr->chan_last, &rr->chan_desc, sizeof(*cd));
3340 /* copy new description */
3341 memcpy(&rr->chan_desc, cd, sizeof(cd));
3343 /* start suspension of current link */
3344 nmsg = gsm48_l3_msgb_alloc();
3347 gsm48_send_rsl(ms, RSL_MT_SUSP_REQ, msg);
3349 /* change into special assignment suspension state */
3350 rr->assign_susp_state = 1;
3351 rr->resume_last_state = 0;
3356 /* decode "BA Range" (10.5.2.1a) */
3357 static int gsm48_decode_ba_range(uint8_t *ba, uint8_t, ba_len, uint32_t *range,
3358 uint8_t *ranges, int max_ranges)
3360 /* ba = pointer to IE without IE type and length octets
3361 * ba_len = number of octets
3362 * range = pointer to store decoded range
3363 * ranges = number of ranges decoded
3364 * max_ranges = maximum number of decoded ranges that can be stored
3366 uint16_t lower, higher;
3367 int i, n, required_octets;
3369 /* find out how much ba ranges will be decoded */
3372 required_octets = 5 * (n >> 1) + 3 * (n & 1);
3373 if (required_octets > n) {
3381 for (i = 0; i < n; i++) {
3383 /* decode even range number */
3385 lower |= (*ba >> 6);
3386 higher = (*ba++ & 0x3f) << 4;
3389 lower = (*ba++ & 0x0f) << 6;
3391 higher = (*ba++ & 0x03) << 8;
3393 /* decode odd range number */
3395 *range++ = (higher << 16) | lower;
3403 /* decode "Cell Description" (10.5.2.2) */
3404 static int gsm48_decode_cell_desc(struct gsm48_cell_desc *cd, uint16_t *arfcn, uint8_t *ncc uint8_t *bcc)
3406 *arfcn = (cd->bcch_hi << 8) + cd->bcch_lo;
3411 /* decode "Power Command" (10.5.2.28) and (10.5.2.28a) */
3412 static int gsm48_decode_power_cmd_acc(struct gsm48_power_cmd *pc, uint8_t *power_level uint8_t *atc)
3414 *power_level = pc->power_level;
3415 if (atc) /* only in case of 10.5.2.28a */
3419 /* decode "Synchronization Indication" (10.5.2.39) */
3420 static int gsm48_decode_power_cmd_acc(struct gsm48_rrlayer *rr, struct gsm48_rr_sync_ind *si)
3422 rr->ho_sync_ind = si->si;
3423 rr->ho_rot = si->rot;
3424 rr->ho_nci = si->nci;
3427 /* receiving HANDOVER COMMAND message (9.1.15) */
3428 static int gsm48_rr_rx_hando_cmd(struct osmocom_ms *ms, struct msgb *msg)
3430 struct gsm48_rrlayer *rr = ms->rrlayer;
3431 struct gsm48_hdr *gh = msgb_l3(msg);
3432 struct gsm48_ho_cmd *ho = (struct gsm48_ho_cmd *)gh->data;
3433 int payload_len = msgb_l3len(msg) - sizeof(*gh) - wirklich sizeof(*ho);
3434 struct tlv_parsed tp;
3435 struct gsm48_rr_chan_desc cd;
3438 memset(&cd, 0, sizeof(cd));
3440 if (payload_len < 0) {
3441 LOGP(DRR, LOGL_NOTICE, "Short read of HANDOVER COMMAND message.\n");
3442 return gsm48_rr_tx_rr_status(ms, GSM48_RR_CAUSE_PROT_ERROR_UNSPC);
3444 tlv_parse(&tp, &gsm48_rr_att_tlvdef, ho->data, payload_len, 0, 0);
3446 /* decode Cell Description */
3447 gsm_decode_cell_desc(&ho->cell_desc, &cd.bcch_arfcn, &cd.ncc, &cd.bcc);
3448 /* Channel Description */
3449 memcpy(&rr->chan_desc.chan_desc, ho->chan_desc, 3);
3450 /* Handover Reference */
3451 rr->hando_ref = ho->ho_ref;
3452 /* Power Command and access type */
3453 gsm_decode_power_cmd_acc((struct gsm48_power_cmd *)&ho->power_command,
3454 &cd.power_level, cd.atc);
3455 /* Synchronization Indication */
3456 if (TLVP_PRESENT(&tp, GSM48_IE_SYNC_IND))
3457 gsm48_decode_sync_ind(rr,
3458 TLVP_VAL(&tp, GSM48_IE_MOBILE_ALLOC)-1, &cd);
3459 /* Frequency Sort List */
3460 if (TLVP_PRESENT(&tp, GSM48_IE_FREQ_SHORT_LIST))
3461 gsm48_decode_freq_list(&ms->support, s->freq,
3462 TLVP_VAL(&tp, GSM48_IE_MOBILE_ALLOC),
3463 *(TLVP_VAL(&tp, GSM48_IE_MOBILE_ALLOC)-1),
3464 0xce, FREQ_TYPE_SERV);
3467 today: more IE parsing
3469 /* store current channel descriptions, to return in case of failure */
3470 memcpy(&rr->chan_last, &rr->chan_desc, sizeof(*cd));
3471 /* copy new description */
3472 memcpy(&rr->chan_desc, cd, sizeof(cd));
3474 /* start suspension of current link */
3475 nmsg = gsm48_l3_msgb_alloc();
3478 gsm48_send_rsl(ms, RSL_MT_SUSP_REQ, msg);
3480 /* change into special handover suspension state */
3481 rr->hando_susp_state = 1;
3482 rr->resume_last_state = 0;
3487 static int gsm48_rr_estab_cnf_dedicated(struct osmocom_ms *ms, struct msgb *msg)
3489 if (rr->hando_susp_state || rr->assign_susp_state) {
3490 if (rr->resume_last_state) {
3491 rr->resume_last_state = 0;
3492 gsm48_rr_tx_ass_cpl(ms, GSM48_RR_CAUSE_NORMAL);
3494 gsm48_rr_tx_ass_fail(ms, RR_CAUSE_PROTO_ERR_UNSPEC);
3496 /* transmit queued frames during ho / ass transition */
3497 gsm48_rr_dequeue_down(ms);
3503 static int gsm48_rr_connect_cnf(struct osmocom_ms *ms, struct msgbl *msg)
3507 static int gsm48_rr_rel_ind(struct osmocom_ms *ms, struct msgb *msg)
3511 static int gsm48_rr_rel_cnf_dedicated(struct osmocom_ms *ms, struct msgb *msg)
3513 struct gsm48_rrlayer *rr = ms->rrlayer;
3516 if (rr->hando_susp_state || rr->assign_susp_state) {
3519 /* change radio to new channel */
3520 rr->arfcn = rr->chan_desc.chan_desc.chan_nr;
3521 tx_ph_dm_est_req(ms, arfcn, rr->arfcn);
3523 nmsg = gsm48_l3_msgb_alloc();
3526 /* send DL-ESTABLISH REQUEST */
3527 gsm48_send_rsl(ms, RSL_MT_EST_REQ, nmsg);
3530 if (rr->hando_susp_state) {
3531 gsm48_rr_tx_hando_access(ms);
3532 rr->hando_acc_left = 3;
3537 static int gsm48_rr_mdl_error_ind(struct osmocom_ms *ms, struct msgb *msg)
3539 struct gsm48_rrlayer *rr = ms->rrlayer;
3541 struct gsm_rr_hdr *nrrh;
3543 if (rr->hando_susp_state || rr->assign_susp_state) {
3544 if (!rr->resume_last_state) {
3545 rr->resume_last_state = 1;
3547 /* get old channel description */
3548 memcpy(&rr->chan_desc, &rr->chan_last, sizeof(*cd));
3550 /* change radio to old channel */
3551 rr->arfcn = rr->chan_desc.chan_desc.chan_nr;
3552 tx_ph_dm_est_req(ms, arfcn, rr->arfcn);
3554 /* re-establish old link */
3555 nmsg = gsm48_l3_msgb_alloc();
3558 return gsm48_send_rsl(ms, RSL_MT_EST_REQ, nmsg);
3560 rr->resume_last_state = 0;
3563 /* deactivate channel */
3564 tx_ph_dm_rel_req(ms, arfcn, rr->chan_desc.chan_desc.chan_nr);
3566 /* send abort ind to upper layer */
3567 nmsg = gsm48_mm_msgb_alloc();
3571 nrrh = (struct gsm_mm_hdr *)nmsg->data;
3572 nrrh->msg_type = RR_ABORT_IND;
3573 nrrh->cause = GSM_MM_CAUSE_LINK_FAILURE;
3574 return gsm48_rr_upmsg(ms, msg);
3577 static void timeout_rr_t3124(void *arg)
3579 struct gsm48_rrlayer *rr = arg;
3582 /* stop sending more access bursts when timer expired */
3585 /* get old channel description */
3586 memcpy(&rr->chan_desc, &rr->chan_last, sizeof(*cd));
3588 /* change radio to old channel */
3589 rr->arfcn = rr->chan_desc.chan_desc.chan_nr;
3590 tx_ph_dm_est_req(ms, arfcn, rr->arfcn);
3592 /* re-establish old link */
3593 nmsg = gsm48_l3_msgb_alloc();
3596 return gsm48_send_rsl(ms, RSL_MT_EST_REQ, nmsg);
3601 /* send HANDOVER ACCESS burst (9.1.14) */
3602 static int gsm48_rr_tx_hando_access(struct osmocom_ms *ms)
3604 nmsg = msgb_alloc_headroom(20, 16, "HAND_ACCESS");
3607 *msgb_put(nmsg, 1) = rr->hando_ref;
3609 return gsm48_send_rsl(ms, RSL_MT_RAND_ACC_REQ, nmsg);
3612 /* send next channel request in dedicated state */
3613 static int gsm48_rr_rand_acc_cnf_dedicated(struct osmocom_ms *ms, struct msgb *msg)
3615 struct gsm48_rrlayer *rr = &ms->rrlayer;
3619 if (!rr->hando_susp_state) {
3620 LOGP(DRR, LOGL_NOTICE, "Random acces confirm, but not in handover state.\n");
3624 /* send up to four handover access bursts */
3625 if (rr->hando_acc_left) {
3626 rr->hando_acc_left--;
3627 gsm48_rr_tx_hando_access(ms);
3631 /* start timer for sending next HANDOVER ACCESS bursts afterwards */
3632 if (!bsc_timer_pending(&rr->t3124)) {
3633 if (allocated channel is SDCCH)
3634 start_rr_t3124(rr, GSM_T3124_675);
3636 start_rr_t3124(rr, GSM_T3124_320);
3637 if (!rr->n_chan_req) {
3638 start_rr_t3126(rr, 5, 0); /* TODO improve! */
3643 /* wait for PHYSICAL INFORMATION message or T3124 timeout */
projects / osmocom-bb.git / blob