2 * (C) 2010 by Andreas Eversberg <jolly@eversberg.eu>
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License along
17 * with this program; if not, write to the Free Software Foundation, Inc.,
18 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
22 /* Very short description of some of the procedures:
24 * A radio ressource request causes sendig a channel request on RACH.
25 * After receiving of an immediate assignment the link will be establised.
26 * After the link is established, the dedicated mode is entered and confirmed.
28 * A Paging request also triggers the channel request as above...
29 * After the link is established, the dedicated mode is entered and indicated.
31 * During dedicated mode, messages are transferred.
33 * When an assignment command or a handover command is received, the current
34 * link is released. After release, the new channel is activated and the
35 * link is established again. After link is establised, pending messages from
36 * radio ressource are sent.
38 * When the assignment or handover fails, the old channel is activate and the
39 * link is established again. Also pending messages are sent.
48 #include <arpa/inet.h>
50 #include <osmocore/msgb.h>
51 #include <osmocore/utils.h>
52 #include <osmocore/rsl.h>
53 #include <osmocore/gsm48.h>
54 #include <osmocore/bitvec.h>
56 #include <osmocom/osmocom_data.h>
57 #include <osmocom/l1l2_interface.h>
58 #include <osmocom/logging.h>
60 static int gsm48_rcv_rsl(struct osmocom_ms *ms, struct msgb *msg);
61 static int gsm48_rr_dl_est(struct osmocom_ms *ms);
67 #define MIN(a, b) ((a < b) ? a : b)
69 int gsm48_decode_lai(struct gsm48_loc_area_id *lai, uint16_t *mcc,
70 uint16_t *mnc, uint16_t *lac)
72 *mcc = (lai->digits[0] & 0x0f) * 100
73 + (lai->digits[0] >> 4) * 10
74 + (lai->digits[1] & 0x0f);
75 *mnc = (lai->digits[2] & 0x0f) * 10
76 + (lai->digits[2] >> 4);
77 if ((lai->digits[1] >> 4) != 0xf) /* 3 digits MNC */
78 *mnc += (lai->digits[1] >> 4) * 100;
79 *lac = ntohs(lai->lac);
84 static int gsm48_encode_chan_h0(struct gsm48_chan_desc *cd, uint8_t tsc,
89 cd->h0.arfcn_low = arfcn & 0xff;
90 cd->h0.arfcn_high = arfcn >> 8;
95 static int gsm48_encode_chan_h1(struct gsm48_chan_desc *cd, uint8_t tsc,
96 uint8_t maio, uint8_t hsn)
100 cd->h1.maio_low = maio & 0x03;
101 cd->h1.maio_high = maio >> 2;
108 static int gsm48_decode_chan_h0(struct gsm48_chan_desc *cd, uint8_t *tsc,
112 *arfcn = cd->h0.arfcn_low | (cd->h0.arfcn_high << 8);
117 static int gsm48_decode_chan_h1(struct gsm48_chan_desc *cd, uint8_t *tsc,
118 uint8_t *maio, uint8_t *hsn)
121 *maio = cd->h1.maio_low | (cd->h1.maio_high << 2);
127 /* 10.5.2.38 decode Starting time IE */
128 static int gsm48_decode_start_time(struct gsm48_rr_cd *cd,
129 struct gsm48_start_time *st)
131 cd->start_t1 = st->t1;
132 cd->start_t2 = st->t2;
133 cd->start_t3 = (st->t3_high << 3) | st->t3_low;
142 static const char *gsm48_rr_state_names[] = {
148 static void new_rr_state(struct gsm48_rrlayer *rr, int state)
150 if (state < 0 || state >=
151 (sizeof(gsm48_rr_state_names) / sizeof(char *)))
154 LOGP(DRR, LOGL_INFO, "new state %s -> %s\n",
155 gsm48_rr_state_names[rr->state], gsm48_rr_state_names[state]);
159 if (state == GSM48_RR_ST_IDLE) {
160 struct msgb *msg, *nmsg;
162 /* free establish message, if any */
164 if (rr->rr_est_msg) {
165 msgb_free(rr->rr_est_msg);
166 rr->rr_est_msg = NULL;
168 /* free all pending messages */
169 while((msg = msgb_dequeue(&rr->downqueue)))
171 /* clear all descriptions of last channel */
172 memset(&rr->cd_now, 0, sizeof(rr->cd_now));
175 /* tell cell selection process to return to idle mode
176 * NOTE: this must be sent unbuffered, because it will
177 * leave camping state, so it locks against subsequent
178 * establishment of dedicated channel, before the
179 * cell selection process returned to camping state
180 * again. (after cell reselection)
182 nmsg = gsm322_msgb_alloc(GSM322_EVENT_RET_IDLE);
185 gsm322_c_event(rr->ms, nmsg);
194 /* names of RR-SAP */
195 static const struct value_string gsm48_rr_msg_names[] = {
196 { GSM48_RR_EST_REQ, "RR_EST_REQ" },
197 { GSM48_RR_EST_IND, "RR_EST_IND" },
198 { GSM48_RR_EST_CNF, "RR_EST_CNF" },
199 { GSM48_RR_REL_IND, "RR_REL_IND" },
200 { GSM48_RR_SYNC_IND, "RR_SYNC_IND" },
201 { GSM48_RR_DATA_REQ, "RR_DATA_REQ" },
202 { GSM48_RR_DATA_IND, "RR_DATA_IND" },
203 { GSM48_RR_UNIT_DATA_IND, "RR_UNIT_DATA_IND" },
204 { GSM48_RR_ABORT_REQ, "RR_ABORT_REQ" },
205 { GSM48_RR_ABORT_IND, "RR_ABORT_IND" },
206 { GSM48_RR_ACT_REQ, "RR_ACT_REQ" },
210 const char *get_rr_name(int value)
212 return get_value_string(gsm48_rr_msg_names, value);
215 /* allocate GSM 04.08 layer 3 message */
216 struct msgb *gsm48_l3_msgb_alloc(void)
220 msg = msgb_alloc_headroom(L3_ALLOC_SIZE+L3_ALLOC_HEADROOM,
221 L3_ALLOC_HEADROOM, "GSM 04.08 L3");
224 msg->l3h = msg->data;
229 /* allocate GSM 04.08 message (RR-SAP) */
230 struct msgb *gsm48_rr_msgb_alloc(int msg_type)
233 struct gsm48_rr_hdr *rrh;
235 msg = msgb_alloc_headroom(RR_ALLOC_SIZE+RR_ALLOC_HEADROOM,
236 RR_ALLOC_HEADROOM, "GSM 04.08 RR");
240 rrh = (struct gsm48_rr_hdr *) msgb_put(msg, sizeof(*rrh));
241 rrh->msg_type = msg_type;
246 /* queue message (RR-SAP) */
247 int gsm48_rr_upmsg(struct osmocom_ms *ms, struct msgb *msg)
249 struct gsm48_mmlayer *mm = &ms->mmlayer;
251 msgb_enqueue(&mm->rr_upqueue, msg);
256 /* push rsl header and send (RSL-SAP) */
257 static int gsm48_send_rsl(struct osmocom_ms *ms, uint8_t msg_type,
260 struct gsm48_rrlayer *rr = &ms->rrlayer;
266 rsl_rll_push_l3(msg, msg_type, rr->cd_now.chan_nr,
267 rr->cd_now.link_id, 1);
269 return rslms_recvmsg(msg, ms);
272 /* enqueue messages (RSL-SAP) */
273 static int gsm48_rx_rll(struct msgb *msg, struct osmocom_ms *ms)
275 struct gsm48_rrlayer *rr = &ms->rrlayer;
277 msgb_enqueue(&rr->rsl_upqueue, msg);
282 /* input function that L2 calls when sending messages up to L3 */
283 static int gsm48_rx_rsl(struct msgb *msg, struct osmocom_ms *ms)
285 struct abis_rsl_common_hdr *rslh = msgb_l2(msg);
288 switch (rslh->msg_discr & 0xfe) {
289 case ABIS_RSL_MDISC_RLL:
290 rc = gsm48_rx_rll(msg, ms);
293 /* FIXME: implement this */
294 LOGP(DRSL, LOGL_NOTICE, "unknown RSLms msg_discr 0x%02x\n",
304 /* dequeue messages (RSL-SAP) */
305 int gsm48_rsl_dequeue(struct osmocom_ms *ms)
307 struct gsm48_rrlayer *rr = &ms->rrlayer;
311 while ((msg = msgb_dequeue(&rr->rsl_upqueue))) {
312 /* msg is freed there */
313 gsm48_rcv_rsl(ms, msg);
314 work = 1; /* work done */
324 static void timeout_rr_t3122(void *arg)
326 LOGP(DRR, LOGL_INFO, "timer T3122 has fired\n");
329 static void timeout_rr_t3126(void *arg)
331 struct gsm48_rrlayer *rr = arg;
332 struct osmocom_ms *ms = rr->ms;
334 LOGP(DRR, LOGL_INFO, "timer T3126 has fired\n");
335 if (rr->rr_est_req) {
336 struct msgb *msg = gsm48_rr_msgb_alloc(GSM48_RR_REL_IND);
337 struct gsm48_rr_hdr *rrh;
341 rrh = (struct gsm48_rr_hdr *)msg->data;
342 rrh->cause = RR_REL_CAUSE_RA_FAILURE;
343 gsm48_rr_upmsg(ms, msg);
346 new_rr_state(rr, GSM48_RR_ST_IDLE);
349 static void start_rr_t3122(struct gsm48_rrlayer *rr, int sec, int micro)
351 LOGP(DRR, LOGL_INFO, "starting T3122 with %d seconds\n", sec);
352 rr->t3122.cb = timeout_rr_t3122;
354 bsc_schedule_timer(&rr->t3122, sec, micro);
357 static void start_rr_t3126(struct gsm48_rrlayer *rr, int sec, int micro)
359 LOGP(DRR, LOGL_INFO, "starting T3126 with %d seconds\n", sec);
360 rr->t3126.cb = timeout_rr_t3126;
362 bsc_schedule_timer(&rr->t3126, sec, micro);
365 static void stop_rr_t3122(struct gsm48_rrlayer *rr)
367 if (bsc_timer_pending(&rr->t3122)) {
368 LOGP(DRR, LOGL_INFO, "stopping pending timer T3122\n");
369 bsc_del_timer(&rr->t3122);
373 static void stop_rr_t3126(struct gsm48_rrlayer *rr)
375 if (bsc_timer_pending(&rr->t3126)) {
376 LOGP(DRR, LOGL_INFO, "stopping pending timer T3126\n");
377 bsc_del_timer(&rr->t3126);
385 /* send rr status request */
386 static int gsm48_rr_tx_rr_status(struct osmocom_ms *ms, uint8_t cause)
389 struct gsm48_hdr *gh;
390 struct gsm48_rr_status *st;
392 LOGP(DRR, LOGL_INFO, "RR STATUS (cause #%d)\n", cause);
394 nmsg = gsm48_l3_msgb_alloc();
397 gh = (struct gsm48_hdr *) msgb_put(nmsg, sizeof(*gh));
398 st = (struct gsm48_rr_status *) msgb_put(nmsg, sizeof(*st));
400 gh->proto_discr = GSM48_PDISC_RR;
401 gh->msg_type = GSM48_MT_RR_CIPH_M_COMPL;
404 st->rr_cause = cause;
406 return gsm48_send_rsl(ms, RSL_MT_DATA_REQ, nmsg);
413 /* send chiperhing mode complete */
414 static int gsm48_rr_tx_cip_mode_cpl(struct osmocom_ms *ms, uint8_t cr)
416 struct gsm_support *sup = &ms->support;
418 struct gsm48_hdr *gh;
419 uint8_t buf[11], *tlv;
421 LOGP(DRR, LOGL_INFO, "CIPHERING MODE COMPLETE (cr %d)\n", cr);
423 nmsg = gsm48_l3_msgb_alloc();
426 gh = (struct gsm48_hdr *) msgb_put(nmsg, sizeof(*gh));
428 gh->proto_discr = GSM48_PDISC_RR;
429 gh->msg_type = GSM48_MT_RR_CIPH_M_COMPL;
433 gsm48_generate_mid_from_imsi(buf, sup->imeisv);
434 tlv = msgb_put(nmsg, 2 + buf[1]);
435 memcpy(tlv, buf, 2 + buf[1]);
438 return gsm48_send_rsl(ms, RSL_MT_DATA_REQ, nmsg);
441 /* receive ciphering mode command */
442 static int gsm48_rr_rx_cip_mode_cmd(struct osmocom_ms *ms, struct msgb *msg)
444 struct gsm48_rrlayer *rr = &ms->rrlayer;
445 struct gsm_support *sup = &ms->support;
446 struct gsm48_hdr *gh = msgb_l3(msg);
447 struct gsm48_cip_mode_cmd *cm = (struct gsm48_cip_mode_cmd *)gh->data;
448 int payload_len = msgb_l3len(msg) - sizeof(*gh) - sizeof(*cm);
449 uint8_t sc, alg_id, cr;
451 if (payload_len < 0) {
452 LOGP(DRR, LOGL_NOTICE, "Short read of CIPHERING MODE COMMAND "
454 return gsm48_rr_tx_rr_status(ms,
455 GSM48_RR_CAUSE_PROT_ERROR_UNSPC);
458 /* cipher mode setting */
461 /* cipher mode response */
465 LOGP(DRR, LOGL_INFO, "CIPHERING MODE COMMAND (sc=%u, cr=%u)",
468 LOGP(DRR, LOGL_INFO, "CIPHERING MODE COMMAND (sc=%u, "
469 "algo=A5/%d cr=%u)", sc, alg_id + 1, cr);
472 if (rr->cipher_on && sc) {
473 LOGP(DRR, LOGL_INFO, "cipering already applied.\n");
474 return gsm48_rr_tx_rr_status(ms,
475 GSM48_RR_CAUSE_PROT_ERROR_UNSPC);
478 /* check if we actually support this cipher */
479 if ((alg_id == GSM_CIPHER_A5_1 && !sup->a5_1)
480 || (alg_id == GSM_CIPHER_A5_2 && !sup->a5_2)
481 || (alg_id == GSM_CIPHER_A5_3 && !sup->a5_3)
482 || (alg_id == GSM_CIPHER_A5_4 && !sup->a5_4)
483 || (alg_id == GSM_CIPHER_A5_5 && !sup->a5_5)
484 || (alg_id == GSM_CIPHER_A5_6 && !sup->a5_6)
485 || (alg_id == GSM_CIPHER_A5_7 && !sup->a5_7))
486 return gsm48_rr_tx_rr_status(ms,
487 GSM48_RR_CAUSE_CHAN_MODE_UNACCT);
489 /* change to ciphering */
491 rsl command to activate ciperhing
493 rr->cipher_on = sc, rr->cipher_type = alg_id;
496 return gsm48_rr_tx_cip_mode_cpl(ms, cr);
503 /* Encode "Classmark 3" (10.5.1.7) */
504 static int gsm48_rr_enc_cm3(struct osmocom_ms *ms, uint8_t *buf, uint8_t *len)
506 struct gsm_support *sup = &ms->support;
509 memset(&bv, 0, sizeof(bv));
514 bitvec_set_bit(&bv, 0);
515 /* band 3 supported */
517 bitvec_set_bit(&bv, ONE);
519 bitvec_set_bit(&bv, ZERO);
520 /* band 2 supported */
521 if (sup->e_gsm || sup->r_gsm)
522 bitvec_set_bit(&bv, ONE);
524 bitvec_set_bit(&bv, ZERO);
525 /* band 1 supported */
526 if (sup->p_gsm && !(sup->e_gsm || sup->r_gsm))
527 bitvec_set_bit(&bv, ONE);
529 bitvec_set_bit(&bv, ZERO);
532 bitvec_set_bit(&bv, ONE);
534 bitvec_set_bit(&bv, ZERO);
536 bitvec_set_bit(&bv, ONE);
538 bitvec_set_bit(&bv, ZERO);
540 bitvec_set_bit(&bv, ONE);
542 bitvec_set_bit(&bv, ZERO);
544 bitvec_set_bit(&bv, ONE);
546 bitvec_set_bit(&bv, ZERO);
547 /* radio capability */
548 if (sup->dcs_1800 && !sup->p_gsm && !(sup->e_gsm || sup->r_gsm)) {
550 bitvec_set_uint(&bv, 0, 4);
551 bitvec_set_uint(&bv, sup->dcs_capa, 4);
553 if (sup->dcs_1800 && (sup->p_gsm || (sup->e_gsm || sup->r_gsm))) {
555 bitvec_set_uint(&bv, sup->dcs_capa, 4);
557 bitvec_set_uint(&bv, sup->low_capa, 4);
560 bitvec_set_uint(&bv, 0, 4);
561 bitvec_set_uint(&bv, sup->low_capa, 4);
565 bitvec_set_bit(&bv, ONE);
566 bitvec_set_uint(&bv, sup->r_capa, 3);
568 bitvec_set_bit(&bv, ZERO);
570 /* multi slot support */
572 bitvec_set_bit(&bv, ONE);
573 bitvec_set_uint(&bv, sup->ms_sup, 5);
575 bitvec_set_bit(&bv, ZERO);
578 if (sup->ucs2_treat) {
579 bitvec_set_bit(&bv, ONE);
581 bitvec_set_bit(&bv, ZERO);
583 /* support extended measurements */
585 bitvec_set_bit(&bv, ONE);
587 bitvec_set_bit(&bv, ZERO);
589 /* support measurement capability */
591 bitvec_set_bit(&bv, ONE);
592 bitvec_set_uint(&bv, sup->sms_val, 4);
593 bitvec_set_uint(&bv, sup->sm_val, 4);
595 bitvec_set_bit(&bv, ZERO);
597 /* positioning method capability */
599 bitvec_set_bit(&bv, ONE);
600 bitvec_set_bit(&bv, sup->e_otd_ass == 1);
601 bitvec_set_bit(&bv, sup->e_otd_based == 1);
602 bitvec_set_bit(&bv, sup->gps_ass == 1);
603 bitvec_set_bit(&bv, sup->gps_based == 1);
604 bitvec_set_bit(&bv, sup->gps_conv == 1);
606 bitvec_set_bit(&bv, ZERO);
609 /* partitial bytes will be completed */
610 *len = (bv.cur_bit + 7) >> 3;
611 bitvec_spare_padding(&bv, (*len * 8) - 1);
616 /* encode classmark 2 */
617 int gsm48_rr_enc_cm2(struct osmocom_ms *ms, struct gsm48_classmark2 *cm)
619 struct gsm48_rrlayer *rr = &ms->rrlayer;
620 struct gsm_support *sup = &ms->support;
622 if (rr->cd_now.arfcn >= 512 && rr->cd_now.arfcn <= 885)
623 cm->pwr_lev = sup->pwr_lev_1800;
625 cm->pwr_lev = sup->pwr_lev_900;
626 cm->a5_1 = sup->a5_1;
627 cm->es_ind = sup->es_ind;
628 cm->rev_lev = sup->rev_lev;
629 cm->fc = (sup->r_gsm || sup->e_gsm);
630 cm->vgcs = sup->vgcs;
632 cm->sm_cap = sup->sms_ptp;
633 cm->ss_scr = sup->ss_ind;
634 cm->ps_cap = sup->ps_cap;
635 cm->a5_2 = sup->a5_2;
636 cm->a5_3 = sup->a5_3;
637 cm->cmsp = sup->cmsp;
638 cm->solsa = sup->solsa;
639 cm->lcsva_cap = sup->lcsva;
644 /* send classmark change */
645 static int gsm48_rr_tx_cm_change(struct osmocom_ms *ms)
647 struct gsm_support *sup = &ms->support;
649 struct gsm48_hdr *gh;
650 struct gsm48_cm_change *cc;
651 uint8_t cm3[14], *tlv;
653 LOGP(DRR, LOGL_INFO, "CLASSMARK CHANGE\n");
655 nmsg = gsm48_l3_msgb_alloc();
658 gh = (struct gsm48_hdr *) msgb_put(nmsg, sizeof(*gh));
659 cc = (struct gsm48_cm_change *) msgb_put(nmsg, sizeof(*cc));
661 gh->proto_discr = GSM48_PDISC_RR;
662 gh->msg_type = GSM48_MT_RR_CLSM_CHG;
665 cc->cm2_len = sizeof(cc->cm2);
666 gsm48_rr_enc_cm2(ms, &cc->cm2);
669 if (sup->dcs_1800 || sup->e_gsm || sup->r_gsm
670 || sup->a5_7 || sup->a5_6 || sup->a5_5 || sup->a5_4
673 || sup->ext_meas || sup->meas_cap
676 cm3[0] = GSM48_IE_CLASSMARK3;
677 gsm48_rr_enc_cm3(ms, cm3 + 2, &cm3[1]);
678 tlv = msgb_put(nmsg, 2 + cm3[1]);
679 memcpy(tlv, cm3, 2 + cm3[1]);
682 return gsm48_send_rsl(ms, RSL_MT_DATA_REQ, nmsg);
685 /* receiving classmark enquiry */
686 static int gsm48_rr_rx_cm_enq(struct osmocom_ms *ms, struct msgb *msg)
689 return gsm48_rr_tx_cm_change(ms);
696 /* temporary timer until we have time control over channnel request */
697 /* TODO: turn this into a channel activation timeout, later */
698 #define RSL_MT_CHAN_CNF 0x19
699 #include <osmocom/l1ctl.h>
700 static void temp_rach_to(void *arg)
702 struct gsm48_rrlayer *rr = arg;
703 struct osmocom_ms *ms = rr->ms;
704 struct msgb *msg = msgb_alloc_headroom(23+10, 10, "LAPDm RR");
705 struct abis_rsl_rll_hdr *rllh = (struct abis_rsl_rll_hdr *) msgb_put(msg, sizeof(*rllh));
707 rllh->c.msg_type = RSL_MT_CHAN_CNF;
708 msg->l2h = (unsigned char *)rllh;
709 gsm48_rcv_rsl(ms, msg);
714 /* start random access */
715 static int gsm48_rr_chan_req(struct osmocom_ms *ms, int cause, int paging)
717 struct gsm48_rrlayer *rr = &ms->rrlayer;
718 struct gsm322_cellsel *cs = &ms->cellsel;
719 struct gsm48_sysinfo *s = cs->si;
721 struct gsm48_rr_hdr *nrrh;
722 uint8_t chan_req_val, chan_req_mask;
725 /* ignore paging, if not camping */
727 && (!cs->selected || (cs->state != GSM322_C3_CAMPED_NORMALLY
728 && cs->state != GSM322_C7_CAMPED_ANY_CELL))) {
729 LOGP(DRR, LOGL_INFO, "Paging, but not camping, ignore.\n");
733 /* tell cell selection process to leave idle mode
734 * NOTE: this must be sent unbuffered, because the state may not
735 * change until idle mode is left
737 nmsg = gsm322_msgb_alloc(GSM322_EVENT_LEAVE_IDLE);
740 rc = gsm322_c_event(ms, nmsg);
745 LOGP(DRR, LOGL_INFO, "Failed to leave IDLE mode.\n");
750 new_rr_state(rr, GSM48_RR_ST_CONN_PEND);
752 /* number of retransmissions (with first transmission) */
753 rr->n_chan_req = s->max_retrans + 1;
755 /* generate CHAN REQ (9.1.8) */
757 case RR_EST_CAUSE_EMERGENCY:
759 chan_req_mask = 0x1f;
761 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x (Emergency call)\n",
764 case RR_EST_CAUSE_REESTAB_TCH_F:
765 chan_req_mask = 0x1f;
767 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x (re-establish "
768 "TCH/F)\n", chan_req_val);
770 case RR_EST_CAUSE_REESTAB_TCH_H:
772 chan_req_mask = 0x03;
774 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x "
775 "(re-establish TCH/H with NECI)\n",
778 chan_req_mask = 0x1f;
780 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x "
781 "(re-establish TCH/H no NECI)\n", chan_req_val);
784 case RR_EST_CAUSE_REESTAB_2_TCH_H:
786 chan_req_mask = 0x03;
788 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x "
789 "(re-establish TCH/H+TCH/H with NECI)\n",
792 chan_req_mask = 0x1f;
794 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x "
795 "(re-establish TCH/H+TCH/H no NECI)\n",
799 case RR_EST_CAUSE_ANS_PAG_ANY:
800 chan_req_mask = 0x1f;
802 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x (PAGING "
803 "Any channel)\n", chan_req_val);
805 case RR_EST_CAUSE_ANS_PAG_SDCCH:
806 chan_req_mask = 0x0f;
808 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x (PAGING SDCCH)\n",
811 case RR_EST_CAUSE_ANS_PAG_TCH_F:
812 /* ms supports no dual rate */
813 chan_req_mask = 0x1f;
815 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x (PAGING TCH/F)\n",
818 case RR_EST_CAUSE_ANS_PAG_TCH_ANY:
819 /* ms supports no dual rate */
820 chan_req_mask = 0x1f;
822 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x (PAGING TCH/H or "
823 "TCH/F)\n", chan_req_val);
825 case RR_EST_CAUSE_ORIG_TCHF:
826 /* ms supports no dual rate */
827 chan_req_mask = 0x1f;
829 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x (Orig TCH/F)\n",
832 case RR_EST_CAUSE_LOC_UPD:
834 chan_req_mask = 0x0f;
836 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x (Location "
837 "Update with NECI)\n", chan_req_val);
839 chan_req_mask = 0x1f;
841 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x (Location "
842 "Update no NECI)\n", chan_req_val);
845 case RR_EST_CAUSE_OTHER_SDCCH:
847 chan_req_mask = 0x0f;
849 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x (OHTER "
850 "with NECI)\n", chan_req_val);
852 chan_req_mask = 0x1f;
854 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x (OTHER "
855 "no NECI)\n", chan_req_val);
859 if (!rr->rr_est_req) /* no request from MM */
862 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: with unknown "
863 "establishment cause: %d\n", cause);
865 nmsg = gsm48_rr_msgb_alloc(GSM48_RR_REL_IND);
868 nrrh = (struct gsm48_rr_hdr *)nmsg->data;
869 nrrh->cause = RR_REL_CAUSE_UNDEFINED;
870 gsm48_rr_upmsg(ms, nmsg);
871 new_rr_state(rr, GSM48_RR_ST_IDLE);
875 // TODO: turn this into the channel activation timer
876 rr->temp_rach_ti.cb = temp_rach_to;
877 rr->temp_rach_ti.data = rr;
878 bsc_schedule_timer(&rr->temp_rach_ti, ms->support.sync_to, 0);
880 /* store value, mask and history */
881 rr->chan_req_val = chan_req_val;
882 rr->chan_req_mask = chan_req_mask;
887 /* if channel is already active somehow */
888 if (cs->ccch_state == GSM322_CCCH_ST_DATA)
889 return gsm48_rr_tx_rand_acc(ms, NULL);
894 /* send first/next channel request in conn pend state */
895 int gsm48_rr_tx_rand_acc(struct osmocom_ms *ms, struct msgb *msg)
897 struct gsm48_rrlayer *rr = &ms->rrlayer;
898 struct gsm322_cellsel *cs = &ms->cellsel;
899 struct gsm48_sysinfo *s = &ms->cellsel.sel_si;
901 struct l1ctl_info_ul *nul;
902 struct l1ctl_rach_req *nra;
906 if (cs->ccch_state != GSM322_CCCH_ST_DATA) {
907 LOGP(DRR, LOGL_INFO, "CCCH channel activation failed.\n");
909 if (rr->rr_est_req) {
911 gsm48_rr_msgb_alloc(GSM48_RR_REL_IND);
912 struct gsm48_rr_hdr *rrh;
916 rrh = (struct gsm48_rr_hdr *)msg->data;
917 rrh->cause = RR_REL_CAUSE_RA_FAILURE;
918 gsm48_rr_upmsg(ms, msg);
921 new_rr_state(rr, GSM48_RR_ST_IDLE);
926 if (rr->state == GSM48_RR_ST_IDLE) {
927 LOGP(DRR, LOGL_INFO, "MM already released RR.\n");
932 LOGP(DRR, LOGL_INFO, "RANDOM ACCESS confirm (requests left %d)\n",
935 if (!rr->n_chan_req) {
936 LOGP(DRR, LOGL_INFO, "Done with sending RANDOM ACCESS "
938 if (!bsc_timer_pending(&rr->t3126))
939 start_rr_t3126(rr, 5, 0); /* TODO improve! */
944 if (!rr->wait_assign) {
945 /* first random acces, without delay of slots */
949 /* subsequent random acces, with slots from table 3.1 */
950 switch(s->tx_integer) {
951 case 3: case 8: case 14: case 50:
952 if (s->ccch_conf != 1) /* not combined CCCH */
956 case 4: case 9: case 16:
957 if (s->ccch_conf != 1)
961 case 5: case 10: case 20:
962 if (s->ccch_conf != 1)
966 case 6: case 11: case 25:
967 if (s->ccch_conf != 1)
972 if (s->ccch_conf != 1)
979 /* resend chan_req with new randiom */
981 nmsg = gsm48_rsl_msgb_alloc();
983 nmsg = msgb_alloc_headroom(64, 48, "RAND_ACC");
984 struct l1ctl_hdr *l1h;
985 nmsg->l1h = msgb_put(nmsg, sizeof(*l1h));
986 l1h = (struct l1ctl_hdr *) nmsg->l1h;
987 l1h->msg_type = L1CTL_RACH_REQ;
990 nul = (struct l1ctl_info_ul *) msgb_put(nmsg, sizeof(*nul));
992 nra = (struct l1ctl_rach_req *) msgb_put(nmsg, sizeof(*nra));
994 chan_req &= rr->chan_req_mask;
995 chan_req |= rr->chan_req_val;
998 at this point we require chan req to be sent at a given delay
999 also we require a confirm from radio part
1000 nra->delay = (random() % s->tx_integer) + slots;
1002 LOGP(DRR, LOGL_INFO, "RANDOM ACCESS (ra 0x%02x delay %d)\n", nra->ra,
1005 rr->temp_rach_ti.cb = temp_rach_to;
1006 rr->temp_rach_ti.data = rr;
1007 bsc_schedule_timer(&rr->temp_rach_ti, 0, 900000);
1009 LOGP(DRR, LOGL_INFO, "RANDOM ACCESS (ra 0x%02x)\n", nra->ra);
1012 /* shift history and store */
1013 rr->cr_hist[2] = rr->cr_hist[1];
1014 rr->cr_hist[1] = rr->cr_hist[0];
1015 rr->cr_hist[0] = chan_req;
1018 add layer 1 conrols to RSL...
1019 return gsm48_send_rsl(ms, RSL_MT_CHAN_REQ, nmsg);
1021 //#warning disabled!
1022 return osmo_send_l1(ms, nmsg);
1027 * system information
1030 /* decode "Cell Channel Description" (10.5.2.1b) and other frequency lists */
1031 static int gsm48_decode_freq_list(struct gsm_support *sup,
1032 struct gsm_sysinfo_freq *f, uint8_t *cd, uint8_t len, uint8_t mask,
1039 * The Range format uses "SMOD" computation.
1040 * e.g. "n SMOD m" equals "((n - 1) % m) + 1"
1041 * A cascade of multiple SMOD computations is simpified:
1042 * "(n SMOD m) SMOD o" equals "(((n - 1) % m) % o) + 1"
1044 * The Range format uses 16 octets of data in SYSTEM INFORMATION.
1045 * When used in dedicated messages, the length can be less.
1046 * In this case the ranges are decoded for all frequencies that
1047 * fit in the block of given length.
1051 for (i = 0; i < 1024; i++)
1055 if ((cd[0] & 0xc0 & mask) == 0x00) {
1056 /* Bit map 0 format */
1059 for (i = 1; i <= 124; i++)
1060 if ((cd[15 - ((i-1) >> 3)] & (1 << ((i-1) & 7))))
1066 /* only Bit map 0 format for P-GSM */
1067 if (sup->p_gsm && !sup->e_gsm && !sup->r_gsm && !sup->dcs_1800)
1071 if ((cd[0] & 0xc8 & mask) == 0x80) {
1072 /* Range 1024 format */
1073 uint16_t w[17]; /* 1..16 */
1074 struct gsm48_range_1024 *r = (struct gsm48_range_1024 *)cd;
1078 memset(w, 0, sizeof(w));
1081 w[1] = (r->w1_hi << 8) | r->w1_lo;
1083 w[2] = (r->w2_hi << 1) | r->w2_lo;
1085 w[3] = (r->w3_hi << 2) | r->w3_lo;
1087 w[4] = (r->w4_hi << 2) | r->w4_lo;
1089 w[5] = (r->w5_hi << 2) | r->w5_lo;
1091 w[6] = (r->w6_hi << 2) | r->w6_lo;
1093 w[7] = (r->w7_hi << 2) | r->w7_lo;
1095 w[8] = (r->w8_hi << 1) | r->w8_lo;
1101 w[11] = (r->w11_hi << 6) | r->w11_lo;
1103 w[12] = (r->w12_hi << 5) | r->w12_lo;
1105 w[13] = (r->w13_hi << 4) | r->w13_lo;
1107 w[14] = (r->w14_hi << 3) | r->w14_lo;
1109 w[15] = (r->w15_hi << 2) | r->w15_lo;
1113 f[w[1]].mask |= frqt;
1115 f[((w[1] - 512 + w[2] - 1) % 1023) + 1].mask |= frqt;
1117 f[((w[1] + w[3] - 1) % 1023) + 1].mask |= frqt;
1119 f[((w[1] - 512 + ((w[2] - 256 + w[4] - 1) % 511)) % 1023) + 1].mask |= frqt;
1121 f[((w[1] + ((w[3] - 256 - w[5] - 1) % 511)) % 1023) + 1].mask |= frqt;
1123 f[((w[1] - 512 + ((w[2] + w[6] - 1) % 511)) % 1023) + 1].mask |= frqt;
1125 f[((w[1] + ((w[3] + w[7] - 1) % 511)) % 1023) + 1].mask |= frqt;
1127 f[((w[1] - 512 + ((w[2] - 256 + ((w[4] - 128 + w[8] - 1) % 255)) % 511)) % 1023) + 1].mask |= frqt;
1129 f[((w[1] + ((w[3] - 256 + ((w[5] - 128 + w[9] - 1) % 255)) % 511)) % 1023) + 1].mask |= frqt;
1131 f[((w[1] - 512 + ((w[2] + ((w[6] - 128 + w[10] - 1) % 255)) % 511)) % 1023) + 1].mask |= frqt;
1133 f[((w[1] + ((w[3] + ((w[7] - 128 + w[11] - 1) % 255)) % 511)) % 1023) + 1].mask |= frqt;
1135 f[((w[1] - 512 + ((w[2] - 256 + ((w[4] + w[12] - 1) % 255)) % 511)) % 1023) + 1].mask |= frqt;
1137 f[((w[1] + ((w[3] - 256 + ((w[5] + w[13] - 1) % 255)) % 511)) % 1023) + 1].mask |= frqt;
1139 f[((w[1] - 512 + ((w[2] + ((w[6] + w[14] - 1) % 255)) % 511)) % 1023) + 1].mask |= frqt;
1141 f[((w[1] + ((w[3] + ((w[7] + w[15] - 1) % 255)) % 511)) % 1023) + 1].mask |= frqt;
1143 f[((w[1] - 512 + ((w[2] - 256 + ((w[4] - 128 + ((w[8] - 64 + w[16] - 1) % 127)) % 255)) % 511)) % 1023) + 1].mask |= frqt;
1148 if ((cd[0] & 0xce & mask) == 0x88) {
1149 /* Range 512 format */
1150 uint16_t w[18]; /* 1..17 */
1151 struct gsm48_range_512 *r = (struct gsm48_range_512 *)cd;
1155 memset(w, 0, sizeof(w));
1156 w[0] = (r->orig_arfcn_hi << 9) | (r->orig_arfcn_mid << 1) | r->orig_arfcn_lo;
1157 w[1] = (r->w1_hi << 2) | r->w1_lo;
1159 w[2] = (r->w2_hi << 2) | r->w2_lo;
1161 w[3] = (r->w3_hi << 2) | r->w3_lo;
1163 w[4] = (r->w4_hi << 1) | r->w4_lo;
1169 w[7] = (r->w7_hi << 6) | r->w7_lo;
1171 w[8] = (r->w8_hi << 4) | r->w8_lo;
1173 w[9] = (r->w9_hi << 2) | r->w9_lo;
1179 w[12] = (r->w12_hi << 4) | r->w12_lo;
1181 w[13] = (r->w13_hi << 2) | r->w13_lo;
1187 w[16] = (r->w16_hi << 3) | r->w16_lo;
1190 f[w[0]].mask |= frqt;
1192 f[(w[0] + w[1]) % 1024].mask |= frqt;
1194 f[(w[0] + ((w[1] - 256 + w[2] - 1) % 511) + 1) % 1024].mask |= frqt;
1196 f[(w[0] + ((w[1] + w[3] - 1) % 511) + 1) % 1024].mask |= frqt;
1198 f[(w[0] + ((w[1] - 256 + ((w[2] - 128 + w[4] - 1) % 255)) % 511) + 1) % 1024].mask |= frqt;
1200 f[(w[0] + ((w[1] + ((w[3] - 128 + w[5] - 1) % 255)) % 511) + 1) % 1024].mask |= frqt;
1202 f[(w[0] + ((w[1] - 256 + ((w[2] + w[6] - 1) % 255)) % 511) + 1) % 1024].mask |= frqt;
1204 f[(w[0] + ((w[1] + ((w[3] + w[7] - 1) % 255)) % 511) + 1) % 1024].mask |= frqt;
1206 f[(w[0] + ((w[1] - 256 + ((w[2] - 128 + ((w[4] - 64 + w[8] - 1) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
1208 f[(w[0] + ((w[1] + ((w[3] - 128 + ((w[5] - 64 + w[9] - 1) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
1210 f[(w[0] + ((w[1] - 256 + ((w[2] + ((w[6] - 64 + w[10] - 1) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
1212 f[(w[0] + ((w[1] + ((w[3] + ((w[7] - 64 + w[11] - 1) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
1214 f[(w[0] + ((w[1] - 256 + ((w[2] - 128 + ((w[4] + w[12] - 1) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
1216 f[(w[0] + ((w[1] + ((w[3] - 128 + ((w[5] + w[13] - 1) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
1218 f[(w[0] + ((w[1] - 256 + ((w[2] + ((w[6] + w[14] - 1) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
1220 f[(w[0] + ((w[1] + ((w[3] + ((w[7] + w[15] - 1) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
1222 f[(w[0] + ((w[1] - 256 + ((w[2] - 128 + ((w[4] - 64 + ((w[8] - 32 + w[16] - 1) % 63)) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
1224 f[(w[0] + ((w[1] + ((w[3] - 128 + ((w[5] - 64 + ((w[9] - 32 + w[17] - 1) % 63)) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
1229 if ((cd[0] & 0xce & mask) == 0x8a) {
1230 /* Range 256 format */
1231 uint16_t w[22]; /* 1..21 */
1232 struct gsm48_range_256 *r = (struct gsm48_range_256 *)cd;
1236 memset(w, 0, sizeof(w));
1237 w[0] = (r->orig_arfcn_hi << 9) | (r->orig_arfcn_mid << 1) | r->orig_arfcn_lo;
1238 w[1] = (r->w1_hi << 1) | r->w1_lo;
1244 w[4] = (r->w4_hi << 5) | r->w4_lo;
1246 w[5] = (r->w5_hi << 3) | r->w5_lo;
1248 w[6] = (r->w6_hi << 1) | r->w6_lo;
1252 w[8] = (r->w8_hi << 4) | r->w8_lo;
1254 w[9] = (r->w9_hi << 1) | r->w9_lo;
1258 w[11] = (r->w11_hi << 3) | r->w11_lo;
1266 w[15] = (r->w14_hi << 2) | r->w14_lo;
1268 w[16] = (r->w16_hi << 3) | r->w16_lo;
1274 w[19] = (r->w18_hi << 3) | r->w18_lo;
1276 w[20] = (r->w20_hi << 3) | r->w20_lo;
1279 f[w[0]].mask |= frqt;
1281 f[(w[0] + w[1]) % 1024].mask |= frqt;
1283 f[(w[0] + ((w[1] - 128 + w[2] - 1) % 255) + 1) % 1024].mask |= frqt;
1285 f[(w[0] + ((w[1] + w[3] - 1) % 255) + 1) % 1024].mask |= frqt;
1287 f[(w[0] + ((w[1] - 128 + ((w[2] - 64 + w[4] - 1) % 127)) % 255) + 1) % 1024].mask |= frqt;
1289 f[(w[0] + ((w[1] + ((w[3] - 64 + w[5] - 1) % 127)) % 255) + 1) % 1024].mask |= frqt;
1291 f[(w[0] + ((w[1] - 128 + ((w[2] + w[6] - 1) % 127)) % 255) + 1) % 1024].mask |= frqt;
1293 f[(w[0] + ((w[1] + ((w[3] + w[7] - 1) % 127)) % 255) + 1) % 1024].mask |= frqt;
1295 f[(w[0] + ((w[1] - 128 + ((w[2] - 64 + ((w[4] - 32 + w[8] - 1) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1297 f[(w[0] + ((w[1] + ((w[3] - 64 + ((w[5] - 32 + w[9] - 1) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1299 f[(w[0] + ((w[1] - 128 + ((w[2] + ((w[6] - 32 + w[10] - 1) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1301 f[(w[0] + ((w[1] + ((w[3] + ((w[7] - 32 + w[11] - 1) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1303 f[(w[0] + ((w[1] - 128 + ((w[2] - 64 + ((w[4] + w[12] - 1) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1305 f[(w[0] + ((w[1] + ((w[3] - 64 + ((w[5] + w[13] - 1) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1307 f[(w[0] + ((w[1] - 128 + ((w[2] + ((w[6] + w[14] - 1) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1309 f[(w[0] + ((w[1] + ((w[3] + ((w[7] + w[15] - 1) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1311 f[(w[0] + ((w[1] - 128 + ((w[2] - 64 + ((w[4] - 32 + ((w[8] - 16 + w[16] - 1) % 31)) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1313 f[(w[0] + ((w[1] + ((w[3] - 64 + ((w[5] - 32 + ((w[9] - 16 + w[17] - 1) % 31)) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1315 f[(w[0] + ((w[1] - 128 + ((w[2] + ((w[6] - 32 + ((w[10] - 16 + w[18] - 1) % 31)) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1317 f[(w[0] + ((w[1] + ((w[3] + ((w[7] - 32 + ((w[11] - 16 + w[19] - 1) % 31)) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1319 f[(w[0] + ((w[1] - 128 + ((w[2] - 64 + ((w[4] + ((w[12] - 16 + w[20] - 1) % 31)) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1321 f[(w[0] + ((w[1] + ((w[3] - 64 + ((w[5] + ((w[13] - 16 + w[21] - 1) % 31)) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1326 if ((cd[0] & 0xce & mask) == 0x8c) {
1327 /* Range 128 format */
1328 uint16_t w[29]; /* 1..28 */
1329 struct gsm48_range_128 *r = (struct gsm48_range_128 *)cd;
1333 memset(w, 0, sizeof(w));
1334 w[0] = (r->orig_arfcn_hi << 9) | (r->orig_arfcn_mid << 1) | r->orig_arfcn_lo;
1339 w[3] = (r->w3_hi << 4) | r->w3_lo;
1341 w[4] = (r->w4_hi << 1) | r->w4_lo;
1345 w[6] = (r->w6_hi << 3) | r->w6_lo;
1369 w[18] = (r->w18_hi << 1) | r->w18_lo;
1375 w[21] = (r->w21_hi << 2) | r->w21_lo;
1385 w[26] = (r->w26_hi << 1) | r->w26_lo;
1390 f[w[0]].mask |= frqt;
1392 f[(w[0] + w[1]) % 1024].mask |= frqt;
1394 f[(w[0] + ((w[1] - 64 + w[2] - 1) % 127) + 1) % 1024].mask |= frqt;
1396 f[(w[0] + ((w[1] + w[3] - 1) % 127) + 1) % 1024].mask |= frqt;
1398 f[(w[0] + ((w[1] - 64 + ((w[2] - 32 + w[4] - 1) % 63)) % 127) + 1) % 1024].mask |= frqt;
1400 f[(w[0] + ((w[1] + ((w[3] - 32 + w[5] - 1) % 63)) % 127) + 1) % 1024].mask |= frqt;
1402 f[(w[0] + ((w[1] - 64 + ((w[2] + w[6] - 1) % 63)) % 127) + 1) % 1024].mask |= frqt;
1404 f[(w[0] + ((w[1] + ((w[3] + w[7] - 1) % 63)) % 127) + 1) % 1024].mask |= frqt;
1406 f[(w[0] + ((w[1] - 64 + ((w[2] - 32 + ((w[4] - 16 + w[8] - 1) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1408 f[(w[0] + ((w[1] + ((w[3] - 32 + ((w[5] - 16 + w[9] - 1) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1410 f[(w[0] + ((w[1] - 64 + ((w[2] + ((w[6] - 16 + w[10] - 1) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1412 f[(w[0] + ((w[1] + ((w[3] + ((w[7] - 16 + w[11] - 1) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1414 f[(w[0] + ((w[1] - 64 + ((w[2] - 32 + ((w[4] + w[12] - 1) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1416 f[(w[0] + ((w[1] + ((w[3] - 32 + ((w[5] + w[13] - 1) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1418 f[(w[0] + ((w[1] - 64 + ((w[2] + ((w[6] + w[14] - 1) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1420 f[(w[0] + ((w[1] + ((w[3] + ((w[7] + w[15] - 1) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1422 f[(w[0] + ((w[1] - 64 + ((w[2] - 32 + ((w[4] - 16 + ((w[8] - 8 + w[16] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1424 f[(w[0] + ((w[1] + ((w[3] - 32 + ((w[5] - 16 + ((w[9] - 8 + w[17] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1426 f[(w[0] + ((w[1] - 64 + ((w[2] + ((w[6] - 16 + ((w[10] - 8 + w[18] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1428 f[(w[0] + ((w[1] + ((w[3] + ((w[7] - 16 + ((w[11] - 8 + w[19] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1430 f[(w[0] + ((w[1] - 64 + ((w[2] - 32 + ((w[4] + ((w[12] - 8 + w[20] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1432 f[(w[0] + ((w[1] + ((w[3] - 32 + ((w[5] + ((w[13] - 8 + w[21] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1434 f[(w[0] + ((w[1] - 64 + ((w[2] + ((w[6] + ((w[14] - 8 + w[22] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1436 f[(w[0] + ((w[1] + ((w[3] + ((w[7] + ((w[15] - 8 + w[23] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1438 f[(w[0] + ((w[1] - 64 + ((w[2] - 32 + ((w[4] - 16 + ((w[8] + w[24] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1440 f[(w[0] + ((w[1] + ((w[3] - 32 + ((w[5] - 16 + ((w[9] + w[25] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1442 f[(w[0] + ((w[1] - 64 + ((w[2] + ((w[6] - 16 + ((w[10] + w[26] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1444 f[(w[0] + ((w[1] + ((w[3] + ((w[7] - 16 + ((w[11] + w[27] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1446 f[(w[0] + ((w[1] - 64 + ((w[2] - 32 + ((w[4] + ((w[12] + w[28] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1451 if ((cd[0] & 0xce & mask) == 0x8e) {
1452 /* Variable bitmap format (can be any length >= 3) */
1454 struct gsm48_var_bit *r = (struct gsm48_var_bit *)cd;
1458 orig = (r->orig_arfcn_hi << 9) | (r->orig_arfcn_mid << 1) | r->orig_arfcn_lo;
1459 f[orig].mask |= frqt;
1460 for (i = 1; 2 + (i >> 3) < len; i++)
1461 if ((cd[2 + (i >> 3)] & (0x80 >> (i & 7))))
1462 f[(orig + i) % 1024].mask |= frqt;
1470 /* decode "Cell Selection Parameters" (10.5.2.4) */
1471 static int gsm48_decode_cell_sel_param(struct gsm48_sysinfo *s,
1472 struct gsm48_cell_sel_par *cs)
1475 convert ms_txpwr_max_ccch dependant on the current frequenc and support
1476 to the right powe level
1478 s->ms_txpwr_max_ccch = cs->ms_txpwr_max_ccch;
1479 s->cell_resel_hyst_db = cs->cell_resel_hyst * 2;
1480 s->rxlev_acc_min_db = cs->rxlev_acc_min - 110;
1487 /* decode "Cell Options (BCCH)" (10.5.2.3) */
1488 static int gsm48_decode_cellopt_bcch(struct gsm48_sysinfo *s,
1489 struct gsm48_cell_options *co)
1491 s->bcch_radio_link_timeout = (co->radio_link_timeout + 1) * 4;
1492 s->bcch_dtx = co->dtx;
1493 s->bcch_pwrc = co->pwrc;
1498 /* decode "Cell Options (SACCH)" (10.5.2.3a) */
1499 static int gsm48_decode_cellopt_sacch(struct gsm48_sysinfo *s,
1500 struct gsm48_cell_options *co)
1502 s->sacch_radio_link_timeout = (co->radio_link_timeout + 1) * 4;
1503 s->sacch_dtx = co->dtx;
1504 s->sacch_pwrc = co->pwrc;
1509 /* decode "Control Channel Description" (10.5.2.11) */
1510 static int gsm48_decode_ccd(struct gsm48_sysinfo *s,
1511 struct gsm48_control_channel_descr *cc)
1513 s->ccch_conf = cc->ccch_conf;
1514 s->bs_ag_blks_res = cc->bs_ag_blks_res;
1515 s->att_allowed = cc->att;
1516 s->pag_mf_periods = cc->bs_pa_mfrms + 2;
1517 s->t3212 = cc->t3212 * 360; /* convert deci-hours to seconds */
1522 /* decode "Mobile Allocation" (10.5.2.21) */
1523 static int gsm48_decode_mobile_alloc(struct gsm48_sysinfo *s,
1524 uint8_t *ma, uint8_t len)
1527 uint16_t f[len << 3];
1529 /* not more than 64 hopping indexes allowed in IE */
1535 for (i = 0; i < 1024; i++)
1536 s->freq[i].mask &= ~FREQ_TYPE_HOPP;
1538 /* generating list of all frequencies (1..1023,0) */
1539 for (i = 1; i <= 1024; i++) {
1540 if ((s->freq[i & 1023].mask & FREQ_TYPE_SERV)) {
1542 if (j == (len << 3))
1547 /* fill hopping table with frequency index given by IE
1548 * and set hopping type bits
1550 for (i = 0; i < (len << 3); i++) {
1551 /* if bit is set, this frequency index is used for hopping */
1552 if ((ma[len - 1 - (i >> 3)] & (1 << (i & 7)))) {
1553 /* index higher than entries in list ? */
1555 LOGP(DRR, LOGL_NOTICE, "Mobile Allocation "
1556 "hopping index %d exceeds maximum "
1557 "number of cell frequencies. (%d)\n",
1561 s->hopping[s->hopp_len++] = f[i];
1562 s->freq[f[i]].mask |= FREQ_TYPE_HOPP;
1569 /* Rach Control decode tables */
1570 static uint8_t gsm48_max_retrans[4] = {
1573 static uint8_t gsm48_tx_integer[16] = {
1574 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 16, 20, 25, 32, 50
1577 /* decode "RACH Control Parameter" (10.5.2.29) */
1578 static int gsm48_decode_rach_ctl_param(struct gsm48_sysinfo *s,
1579 struct gsm48_rach_control *rc)
1581 s->reest_denied = rc->re;
1582 s->cell_barr = rc->cell_bar;
1583 s->tx_integer = gsm48_tx_integer[rc->tx_integer];
1584 s->max_retrans = gsm48_max_retrans[rc->max_trans];
1585 s->class_barr = (rc->t2 << 8) | rc->t3;
1589 static int gsm48_decode_rach_ctl_neigh(struct gsm48_sysinfo *s,
1590 struct gsm48_rach_control *rc)
1592 s->nb_reest_denied = rc->re;
1593 s->nb_cell_barr = rc->cell_bar;
1594 s->nb_tx_integer = gsm48_tx_integer[rc->tx_integer];
1595 s->nb_max_retrans = gsm48_max_retrans[rc->max_trans];
1596 s->nb_class_barr = (rc->t2 << 8) | rc->t3;
1601 /* decode "SI 1 Rest Octets" (10.5.2.32) */
1602 static int gsm48_decode_si1_rest(struct gsm48_sysinfo *s, uint8_t *si,
1608 /* decode "SI 3 Rest Octets" (10.5.2.34) */
1609 static int gsm48_decode_si3_rest(struct gsm48_sysinfo *s, uint8_t *si,
1614 memset(&bv, 0, sizeof(bv));
1618 /* Optional Selection Parameters */
1619 if (bitvec_get_bit_high(&bv) == H) {
1621 s->sp_cbq = bitvec_get_uint(&bv, 1);
1622 s->sp_cro = bitvec_get_uint(&bv, 6);
1623 s->sp_to = bitvec_get_uint(&bv, 3);
1624 s->sp_pt = bitvec_get_uint(&bv, 5);
1626 /* Optional Power Offset */
1627 if (bitvec_get_bit_high(&bv) == H) {
1629 s->po_value = bitvec_get_uint(&bv, 3);
1631 /* System Onformation 2ter Indicator */
1632 if (bitvec_get_bit_high(&bv) == H)
1634 /* Early Classark Sending Control */
1635 if (bitvec_get_bit_high(&bv) == H)
1637 /* Scheduling if and where */
1638 if (bitvec_get_bit_high(&bv) == H) {
1640 s->sched_where = bitvec_get_uint(&bv, 3);
1642 /* GPRS Indicator */
1643 s->gi_ra_colour = bitvec_get_uint(&bv, 3);
1644 s->gi_si13_pos = bitvec_get_uint(&bv, 1);
1648 /* decode "SI 4 Rest Octets" (10.5.2.35) */
1649 static int gsm48_decode_si4_rest(struct gsm48_sysinfo *s, uint8_t *si,
1655 /* decode "SI 6 Rest Octets" (10.5.2.35a) */
1656 static int gsm48_decode_si6_rest(struct gsm48_sysinfo *s, uint8_t *si,
1662 /* send sysinfo event to other layers */
1663 static int gsm48_send_sysinfo(struct osmocom_ms *ms, uint8_t type)
1666 struct gsm322_msg *em;
1668 nmsg = gsm322_msgb_alloc(GSM322_EVENT_SYSINFO);
1671 em = (struct gsm322_msg *) nmsg->data;
1673 gsm322_cs_sendmsg(ms, nmsg);
1675 /* send timer info to location update process */
1676 nmsg = gsm48_mmevent_msgb_alloc(GSM48_MM_EVENT_SYSINFO);
1679 gsm48_mmevent_msg(ms, nmsg);
1684 /* receive "SYSTEM INFORMATION 1" message (9.1.31) */
1685 static int gsm48_rr_rx_sysinfo1(struct osmocom_ms *ms, struct msgb *msg)
1687 struct gsm48_system_information_type_1 *si = msgb_l3(msg);
1688 struct gsm48_sysinfo *s = ms->cellsel.si;
1689 int payload_len = msgb_l3len(msg) - sizeof(*si);
1691 if (payload_len < 0) {
1692 LOGP(DRR, LOGL_NOTICE, "Short read of SYSTEM INFORMATION 1 "
1697 if (!memcmp(si, s->si1_msg, MIN(msgb_l3len(msg), sizeof(s->si1_msg))))
1699 memcpy(s->si1_msg, si, MIN(msgb_l3len(msg), sizeof(s->si1_msg)));
1701 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 1\n");
1703 /* Cell Channel Description */
1704 gsm48_decode_freq_list(&ms->support, s->freq,
1705 si->cell_channel_description,
1706 sizeof(si->cell_channel_description), 0xce, FREQ_TYPE_SERV);
1707 /* RACH Control Parameter */
1708 gsm48_decode_rach_ctl_param(s, &si->rach_control);
1709 /* SI 1 Rest Octets */
1711 gsm48_decode_si1_rest(s, si->rest_octets, payload_len);
1715 return gsm48_send_sysinfo(ms, si->header.system_information);
1718 /* receive "SYSTEM INFORMATION 2" message (9.1.32) */
1719 static int gsm48_rr_rx_sysinfo2(struct osmocom_ms *ms, struct msgb *msg)
1721 struct gsm48_system_information_type_2 *si = msgb_l3(msg);
1722 struct gsm48_sysinfo *s = ms->cellsel.si;
1723 int payload_len = msgb_l3len(msg) - sizeof(*si);
1725 if (payload_len < 0) {
1726 LOGP(DRR, LOGL_NOTICE, "Short read of SYSTEM INFORMATION 2 "
1730 //printf("len = %d\n", MIN(msgb_l3len(msg), sizeof(s->si2_msg)));
1732 if (!memcmp(si, s->si2_msg, MIN(msgb_l3len(msg), sizeof(s->si2_msg))))
1734 memcpy(s->si2_msg, si, MIN(msgb_l3len(msg), sizeof(s->si2_msg)));
1736 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 2\n");
1738 /* Neighbor Cell Description */
1739 s->nb_ext_ind_si2 = (si->bcch_frequency_list[0] >> 6) & 1;
1740 s->nb_ba_ind_si2 = (si->bcch_frequency_list[0] >> 5) & 1;
1741 gsm48_decode_freq_list(&ms->support, s->freq, si->bcch_frequency_list,
1742 sizeof(si->bcch_frequency_list), 0xce, FREQ_TYPE_NCELL_2);
1744 s->nb_ncc_permitted = si->ncc_permitted;
1745 /* RACH Control Parameter */
1746 gsm48_decode_rach_ctl_neigh(s, &si->rach_control);
1750 return gsm48_send_sysinfo(ms, si->header.system_information);
1753 /* receive "SYSTEM INFORMATION 2bis" message (9.1.33) */
1754 static int gsm48_rr_rx_sysinfo2bis(struct osmocom_ms *ms, struct msgb *msg)
1756 struct gsm48_system_information_type_2bis *si = msgb_l3(msg);
1757 struct gsm48_sysinfo *s = ms->cellsel.si;
1758 int payload_len = msgb_l3len(msg) - sizeof(*si);
1760 if (payload_len < 0) {
1761 LOGP(DRR, LOGL_NOTICE, "Short read of SYSTEM INFORMATION 2bis "
1766 if (!memcmp(si, s->si2b_msg, MIN(msgb_l3len(msg),
1767 sizeof(s->si2b_msg))))
1769 memcpy(s->si2b_msg, si, MIN(msgb_l3len(msg), sizeof(s->si2b_msg)));
1771 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 2bis\n");
1773 /* Neighbor Cell Description */
1774 s->nb_ext_ind_si2bis = (si->bcch_frequency_list[0] >> 6) & 1;
1775 s->nb_ba_ind_si2bis = (si->bcch_frequency_list[0] >> 5) & 1;
1776 gsm48_decode_freq_list(&ms->support, s->freq,
1777 si->bcch_frequency_list,
1778 sizeof(si->bcch_frequency_list), 0x8e,
1779 FREQ_TYPE_NCELL_2bis);
1780 /* RACH Control Parameter */
1781 gsm48_decode_rach_ctl_neigh(s, &si->rach_control);
1785 return gsm48_send_sysinfo(ms, si->header.system_information);
1788 /* receive "SYSTEM INFORMATION 2ter" message (9.1.34) */
1789 static int gsm48_rr_rx_sysinfo2ter(struct osmocom_ms *ms, struct msgb *msg)
1791 struct gsm48_system_information_type_2ter *si = msgb_l3(msg);
1792 struct gsm48_sysinfo *s = ms->cellsel.si;
1793 int payload_len = msgb_l3len(msg) - sizeof(*si);
1795 if (payload_len < 0) {
1796 LOGP(DRR, LOGL_NOTICE, "Short read of SYSTEM INFORMATION 2ter "
1801 if (!memcmp(si, s->si2t_msg, MIN(msgb_l3len(msg),
1802 sizeof(s->si2t_msg))))
1804 memcpy(s->si2t_msg, si, MIN(msgb_l3len(msg), sizeof(s->si2t_msg)));
1806 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 2ter\n");
1808 /* Neighbor Cell Description 2 */
1809 s->nb_multi_rep_si2ter = (si->ext_bcch_frequency_list[0] >> 6) & 3;
1810 gsm48_decode_freq_list(&ms->support, s->freq,
1811 si->ext_bcch_frequency_list,
1812 sizeof(si->ext_bcch_frequency_list), 0x8e,
1813 FREQ_TYPE_NCELL_2ter);
1817 return gsm48_send_sysinfo(ms, si->header.system_information);
1820 /* receive "SYSTEM INFORMATION 3" message (9.1.35) */
1821 static int gsm48_rr_rx_sysinfo3(struct osmocom_ms *ms, struct msgb *msg)
1823 struct gsm48_system_information_type_3 *si = msgb_l3(msg);
1824 struct gsm48_sysinfo *s = ms->cellsel.si;
1825 int payload_len = msgb_l3len(msg) - sizeof(*si);
1827 if (payload_len < 0) {
1828 LOGP(DRR, LOGL_NOTICE, "Short read of SYSTEM INFORMATION 3 "
1833 if (!memcmp(si, s->si3_msg, MIN(msgb_l3len(msg), sizeof(s->si3_msg))))
1835 memcpy(s->si3_msg, si, MIN(msgb_l3len(msg), sizeof(s->si3_msg)));
1838 s->cell_id = ntohs(si->cell_identity);
1840 gsm48_decode_lai(&si->lai, &s->mcc, &s->mnc, &s->lac);
1841 /* Control Channel Description */
1842 gsm48_decode_ccd(s, &si->control_channel_desc);
1843 /* Cell Options (BCCH) */
1844 gsm48_decode_cellopt_bcch(s, &si->cell_options);
1845 /* Cell Selection Parameters */
1846 gsm48_decode_cell_sel_param(s, &si->cell_sel_par);
1847 /* RACH Control Parameter */
1848 gsm48_decode_rach_ctl_param(s, &si->rach_control);
1849 /* SI 3 Rest Octets */
1850 if (payload_len >= 4)
1851 gsm48_decode_si3_rest(s, si->rest_octets, payload_len);
1853 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 3 (mcc %03d mnc %02d "
1854 "lac 0x%04x)\n", s->mcc, s->mnc, s->lac);
1858 return gsm48_send_sysinfo(ms, si->header.system_information);
1861 /* receive "SYSTEM INFORMATION 4" message (9.1.36) */
1862 static int gsm48_rr_rx_sysinfo4(struct osmocom_ms *ms, struct msgb *msg)
1864 /* NOTE: pseudo length is not in this structure, so we skip */
1865 struct gsm48_system_information_type_4 *si = msgb_l3(msg);
1866 struct gsm48_sysinfo *s = ms->cellsel.si;
1867 int payload_len = msgb_l3len(msg) - sizeof(*si);
1868 uint8_t *data = si->data;
1869 struct gsm48_chan_desc *cd;
1871 if (payload_len < 0) {
1873 LOGP(DRR, LOGL_NOTICE, "Short read of SYSTEM INFORMATION 4 "
1878 if (!memcmp(si, s->si4_msg, MIN(msgb_l3len(msg), sizeof(s->si4_msg))))
1880 memcpy(s->si4_msg, si, MIN(msgb_l3len(msg), sizeof(s->si4_msg)));
1883 gsm48_decode_lai(&si->lai, &s->mcc, &s->mnc, &s->lac);
1884 /* Cell Selection Parameters */
1885 gsm48_decode_cell_sel_param(s, &si->cell_sel_par);
1886 /* RACH Control Parameter */
1887 gsm48_decode_rach_ctl_param(s, &si->rach_control);
1888 /* CBCH Channel Description */
1889 if (payload_len >= 1 && data[0] == GSM48_IE_CBCH_CHAN_DESC) {
1890 if (payload_len < 4)
1892 cd = (struct gsm48_chan_desc *) (data + 1);
1895 gsm48_decode_chan_h1(cd, &s->tsc, &s->maio, &s->hsn);
1898 gsm48_decode_chan_h0(cd, &s->tsc, &s->arfcn);
1903 /* CBCH Mobile Allocation */
1904 if (payload_len >= 1 && data[0] == GSM48_IE_CBCH_MOB_AL) {
1905 if (payload_len < 1 || payload_len < 2 + data[1])
1907 gsm48_decode_mobile_alloc(s, data + 2, si->data[1]);
1908 payload_len -= 2 + data[1];
1909 data += 2 + data[1];
1911 /* SI 4 Rest Octets */
1912 if (payload_len > 0)
1913 gsm48_decode_si4_rest(s, data, payload_len);
1915 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 4 (mcc %03d mnc %02d "
1916 "lac 0x%04x)\n", s->mcc, s->mnc, s->lac);
1920 return gsm48_send_sysinfo(ms, si->header.system_information);
1923 /* receive "SYSTEM INFORMATION 5" message (9.1.37) */
1924 static int gsm48_rr_rx_sysinfo5(struct osmocom_ms *ms, struct msgb *msg)
1926 /* NOTE: pseudo length is not in this structure, so we skip */
1927 struct gsm48_system_information_type_5 *si = msgb_l3(msg) + 1;
1928 struct gsm48_sysinfo *s = ms->cellsel.si;
1929 int payload_len = msgb_l3len(msg) - sizeof(*si) - 1;
1931 if (payload_len < 0) {
1932 LOGP(DRR, LOGL_NOTICE, "Short read of SYSTEM INFORMATION 5 "
1937 if (!memcmp(si, s->si5_msg, MIN(msgb_l3len(msg), sizeof(s->si5_msg))))
1939 memcpy(s->si5_msg, si, MIN(msgb_l3len(msg), sizeof(s->si5_msg)));
1941 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 5\n");
1943 /* Neighbor Cell Description */
1944 s->nb_ext_ind_si5 = (si->bcch_frequency_list[0] >> 6) & 1;
1945 s->nb_ba_ind_si5 = (si->bcch_frequency_list[0] >> 5) & 1;
1946 gsm48_decode_freq_list(&ms->support, s->freq, si->bcch_frequency_list,
1947 sizeof(si->bcch_frequency_list), 0xce, FREQ_TYPE_REP_5);
1951 return gsm48_send_sysinfo(ms, si->system_information);
1954 /* receive "SYSTEM INFORMATION 5bis" message (9.1.38) */
1955 static int gsm48_rr_rx_sysinfo5bis(struct osmocom_ms *ms, struct msgb *msg)
1957 /* NOTE: pseudo length is not in this structure, so we skip */
1958 struct gsm48_system_information_type_5bis *si = msgb_l3(msg) + 1;
1959 struct gsm48_sysinfo *s = ms->cellsel.si;
1960 int payload_len = msgb_l3len(msg) - sizeof(*si) - 1;
1962 if (payload_len < 0) {
1963 LOGP(DRR, LOGL_NOTICE, "Short read of SYSTEM INFORMATION 5bis "
1968 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 5bis\n");
1970 if (!memcmp(si, s->si5b_msg, MIN(msgb_l3len(msg),
1971 sizeof(s->si5b_msg))))
1973 memcpy(s->si5b_msg, si, MIN(msgb_l3len(msg), sizeof(s->si5b_msg)));
1975 /* Neighbor Cell Description */
1976 s->nb_ext_ind_si5bis = (si->bcch_frequency_list[0] >> 6) & 1;
1977 s->nb_ba_ind_si5bis = (si->bcch_frequency_list[0] >> 5) & 1;
1978 gsm48_decode_freq_list(&ms->support, s->freq, si->bcch_frequency_list,
1979 sizeof(si->bcch_frequency_list), 0xce, FREQ_TYPE_REP_5bis);
1983 return gsm48_send_sysinfo(ms, si->system_information);
1986 /* receive "SYSTEM INFORMATION 5ter" message (9.1.39) */
1987 static int gsm48_rr_rx_sysinfo5ter(struct osmocom_ms *ms, struct msgb *msg)
1989 /* NOTE: pseudo length is not in this structure, so we skip */
1990 struct gsm48_system_information_type_5ter *si = msgb_l3(msg) + 1;
1991 struct gsm48_sysinfo *s = ms->cellsel.si;
1992 int payload_len = msgb_l3len(msg) - sizeof(*si) - 1;
1994 if (payload_len < 0) {
1995 LOGP(DRR, LOGL_NOTICE, "Short read of SYSTEM INFORMATION 5ter "
2000 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 5ter\n");
2002 if (!memcmp(si, s->si5t_msg, MIN(msgb_l3len(msg),
2003 sizeof(s->si5t_msg))))
2005 memcpy(s->si5t_msg, si, MIN(msgb_l3len(msg), sizeof(s->si5t_msg)));
2007 /* Neighbor Cell Description */
2008 gsm48_decode_freq_list(&ms->support, s->freq, si->bcch_frequency_list,
2009 sizeof(si->bcch_frequency_list), 0xce, FREQ_TYPE_REP_5ter);
2013 return gsm48_send_sysinfo(ms, si->system_information);
2016 /* receive "SYSTEM INFORMATION 6" message (9.1.39) */
2017 static int gsm48_rr_rx_sysinfo6(struct osmocom_ms *ms, struct msgb *msg)
2019 /* NOTE: pseudo length is not in this structure, so we skip */
2020 struct gsm48_system_information_type_6 *si = msgb_l3(msg) + 1;
2021 struct gsm48_sysinfo *s = ms->cellsel.si;
2022 int payload_len = msgb_l3len(msg) - sizeof(*si) - 1;
2024 if (payload_len < 0) {
2025 LOGP(DRR, LOGL_NOTICE, "Short read of SYSTEM INFORMATION 6 "
2030 if (!memcmp(si, s->si6_msg, MIN(msgb_l3len(msg), sizeof(s->si6_msg))))
2032 memcpy(s->si6_msg, si, MIN(msgb_l3len(msg), sizeof(s->si6_msg)));
2035 if (s->si6 && s->cell_id != ntohs(si->cell_identity))
2036 LOGP(DRR, LOGL_INFO, "Cell ID on SI 6 differs from previous "
2038 s->cell_id = ntohs(si->cell_identity);
2040 gsm48_decode_lai(&si->lai, &s->mcc, &s->mnc, &s->lac);
2041 /* Cell Options (SACCH) */
2042 gsm48_decode_cellopt_sacch(s, &si->cell_options);
2044 s->nb_ncc_permitted = si->ncc_permitted;
2045 /* SI 6 Rest Octets */
2046 if (payload_len >= 4)
2047 gsm48_decode_si6_rest(s, si->rest_octets, payload_len);
2049 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 6 (mcc %03d mnc %02d "
2050 "lac 0x%04x)\n", s->mcc, s->mnc, s->lac);
2054 return gsm48_send_sysinfo(ms, si->system_information);
2061 /* paging channel request */
2062 static int gsm48_rr_chan2cause[4] = {
2063 RR_EST_CAUSE_ANS_PAG_ANY,
2064 RR_EST_CAUSE_ANS_PAG_SDCCH,
2065 RR_EST_CAUSE_ANS_PAG_TCH_F,
2066 RR_EST_CAUSE_ANS_PAG_TCH_ANY
2069 /* given LV of mobile identity is checked agains ms */
2070 static int gsm_match_mi(struct osmocom_ms *ms, uint8_t *mi)
2078 mi_type = mi[1] & GSM_MI_TYPE_MASK;
2080 case GSM_MI_TYPE_TMSI:
2083 memcpy(&tmsi, mi+2, 4);
2084 if (ms->subscr.tmsi == ntohl(tmsi)
2085 && ms->subscr.tmsi_valid) {
2086 LOGP(DPAG, LOGL_INFO, "TMSI %08x matches\n",
2091 LOGP(DPAG, LOGL_INFO, "TMSI %08x (not for us)\n",
2094 case GSM_MI_TYPE_IMSI:
2095 gsm48_mi_to_string(imsi, sizeof(imsi), mi + 1, mi[0]);
2096 if (!strcmp(imsi, ms->subscr.imsi)) {
2097 LOGP(DPAG, LOGL_INFO, "IMSI %s matches\n", imsi);
2101 LOGP(DPAG, LOGL_INFO, "IMSI %s (not for us)\n", imsi);
2104 LOGP(DPAG, LOGL_NOTICE, "Paging with unsupported MI type %d.\n",
2111 /* 9.1.22 PAGING REQUEST 1 message received */
2112 static int gsm48_rr_rx_pag_req_1(struct osmocom_ms *ms, struct msgb *msg)
2114 struct gsm48_rrlayer *rr = &ms->rrlayer;
2115 struct gsm322_cellsel *cs = &ms->cellsel;
2116 struct gsm48_paging1 *pa = msgb_l3(msg);
2117 int payload_len = msgb_l3len(msg) - sizeof(*pa);
2121 /* empty paging request */
2122 if (payload_len >= 2 && (pa->data[1] & GSM_MI_TYPE_MASK) == 0)
2125 /* 3.3.1.1.2: ignore paging while not camping on a cell */
2126 if (rr->state != GSM48_RR_ST_IDLE || !cs->selected
2127 || (cs->state != GSM322_C3_CAMPED_NORMALLY
2128 && cs->state != GSM322_C7_CAMPED_ANY_CELL)) {
2129 LOGP(DRR, LOGL_INFO, "PAGING ignored, we are not camping.\n");
2133 LOGP(DPAG, LOGL_INFO, "PAGING REQUEST 1\n");
2135 if (payload_len < 2) {
2137 LOGP(DRR, LOGL_NOTICE, "Short read of PAGING REQUEST 1 "
2143 /* channel needed */
2144 chan_1 = pa->cneed1;
2145 chan_2 = pa->cneed2;
2148 if (payload_len < mi[0] + 1)
2150 if (gsm_match_mi(ms, mi) > 0)
2151 return gsm48_rr_chan_req(ms, gsm48_rr_chan2cause[chan_1], 1);
2153 payload_len -= mi[0] + 1;
2154 mi = pa->data + mi[0] + 1;
2155 if (payload_len < 2)
2157 if (mi[0] != GSM48_IE_MOBILE_ID)
2159 if (payload_len < mi[1] + 2)
2161 if (gsm_match_mi(ms, mi + 1) > 0)
2162 return gsm48_rr_chan_req(ms, gsm48_rr_chan2cause[chan_2], 1);
2167 /* 9.1.23 PAGING REQUEST 2 message received */
2168 static int gsm48_rr_rx_pag_req_2(struct osmocom_ms *ms, struct msgb *msg)
2170 struct gsm48_rrlayer *rr = &ms->rrlayer;
2171 struct gsm322_cellsel *cs = &ms->cellsel;
2172 struct gsm48_paging2 *pa = msgb_l3(msg);
2173 int payload_len = msgb_l3len(msg) - sizeof(*pa);
2175 int chan_1, chan_2, chan_3;
2177 /* 3.3.1.1.2: ignore paging while not camping on a cell */
2178 if (rr->state != GSM48_RR_ST_IDLE || !cs->selected
2179 || (cs->state != GSM322_C3_CAMPED_NORMALLY
2180 && cs->state != GSM322_C7_CAMPED_ANY_CELL)) {
2181 LOGP(DRR, LOGL_INFO, "PAGING ignored, we are not camping.\n");
2185 LOGP(DPAG, LOGL_INFO, "PAGING REQUEST 2\n");
2187 if (payload_len < 0) {
2189 LOGP(DRR, LOGL_NOTICE, "Short read of PAGING REQUEST 2 "
2195 /* channel needed */
2196 chan_1 = pa->cneed1;
2197 chan_2 = pa->cneed2;
2199 if (ms->subscr.tmsi == ntohl(pa->tmsi1)
2200 && ms->subscr.tmsi_valid) {
2201 LOGP(DPAG, LOGL_INFO, "TMSI %08x matches\n", ntohl(pa->tmsi1));
2202 return gsm48_rr_chan_req(ms, gsm48_rr_chan2cause[chan_1], 1);
2204 LOGP(DPAG, LOGL_INFO, "TMSI %08x (not for us)\n",
2207 if (ms->subscr.tmsi == ntohl(pa->tmsi2)
2208 && ms->subscr.tmsi_valid) {
2209 LOGP(DPAG, LOGL_INFO, "TMSI %08x matches\n", ntohl(pa->tmsi2));
2210 return gsm48_rr_chan_req(ms, gsm48_rr_chan2cause[chan_2], 1);
2212 LOGP(DPAG, LOGL_INFO, "TMSI %08x (not for us)\n",
2216 if (payload_len < 2)
2218 if (mi[0] != GSM48_IE_MOBILE_ID)
2220 if (payload_len < mi[1] + 2 + 1) /* must include "channel needed" */
2222 chan_3 = mi[mi[1] + 2] & 0x03; /* channel needed */
2223 if (gsm_match_mi(ms, mi + 1) > 0)
2224 return gsm48_rr_chan_req(ms, gsm48_rr_chan2cause[chan_3], 1);
2229 /* 9.1.24 PAGING REQUEST 3 message received */
2230 static int gsm48_rr_rx_pag_req_3(struct osmocom_ms *ms, struct msgb *msg)
2232 struct gsm48_rrlayer *rr = &ms->rrlayer;
2233 struct gsm322_cellsel *cs = &ms->cellsel;
2234 struct gsm48_paging3 *pa = msgb_l3(msg);
2235 int payload_len = msgb_l3len(msg) - sizeof(*pa);
2236 int chan_1, chan_2, chan_3, chan_4;
2238 /* 3.3.1.1.2: ignore paging while not camping on a cell */
2239 if (rr->state != GSM48_RR_ST_IDLE || !cs->selected
2240 || (cs->state != GSM322_C3_CAMPED_NORMALLY
2241 && cs->state != GSM322_C7_CAMPED_ANY_CELL)) {
2242 LOGP(DRR, LOGL_INFO, "PAGING ignored, we are not camping.\n");
2246 LOGP(DPAG, LOGL_INFO, "PAGING REQUEST 3\n");
2248 if (payload_len < 0) { /* must include "channel needed", part of *pa */
2249 LOGP(DRR, LOGL_NOTICE, "Short read of PAGING REQUEST 3 "
2255 /* channel needed */
2256 chan_1 = pa->cneed1;
2257 chan_2 = pa->cneed2;
2258 chan_3 = pa->cneed3;
2259 chan_4 = pa->cneed4;
2261 if (ms->subscr.tmsi == ntohl(pa->tmsi1)
2262 && ms->subscr.tmsi_valid) {
2263 LOGP(DPAG, LOGL_INFO, "TMSI %08x matches\n", ntohl(pa->tmsi1));
2264 return gsm48_rr_chan_req(ms, gsm48_rr_chan2cause[chan_1], 1);
2266 LOGP(DPAG, LOGL_INFO, "TMSI %08x (not for us)\n",
2269 if (ms->subscr.tmsi == ntohl(pa->tmsi2)
2270 && ms->subscr.tmsi_valid) {
2271 LOGP(DPAG, LOGL_INFO, "TMSI %08x matches\n", ntohl(pa->tmsi2));
2272 return gsm48_rr_chan_req(ms, gsm48_rr_chan2cause[chan_2], 1);
2274 LOGP(DPAG, LOGL_INFO, "TMSI %08x (not for us)\n",
2277 if (ms->subscr.tmsi == ntohl(pa->tmsi3)
2278 && ms->subscr.tmsi_valid) {
2279 LOGP(DPAG, LOGL_INFO, "TMSI %08x matches\n", ntohl(pa->tmsi3));
2280 return gsm48_rr_chan_req(ms, gsm48_rr_chan2cause[chan_3], 1);
2282 LOGP(DPAG, LOGL_INFO, "TMSI %08x (not for us)\n",
2285 if (ms->subscr.tmsi == ntohl(pa->tmsi4)
2286 && ms->subscr.tmsi_valid) {
2287 LOGP(DPAG, LOGL_INFO, "TMSI %08x matches\n", ntohl(pa->tmsi4));
2288 return gsm48_rr_chan_req(ms, gsm48_rr_chan2cause[chan_4], 1);
2290 LOGP(DPAG, LOGL_INFO, "TMSI %08x (not for us)\n",
2297 * (immediate) assignment
2300 /* match request reference agains request history */
2301 static int gsm48_match_ra(struct osmocom_ms *ms, struct gsm48_req_ref *ref)
2303 struct gsm48_rrlayer *rr = &ms->rrlayer;
2306 for (i = 0; i < 3; i++) {
2307 if (rr->cr_hist[i] >= 0
2308 && ref->ra == rr->cr_hist[i]) {
2309 LOGP(DRR, LOGL_INFO, "request %02x matches\n", ref->ra);
2310 // todo: match timeslot
2318 /* 9.1.3 sending ASSIGNMENT COMPLETE */
2319 static int gsm48_rr_tx_ass_cpl(struct osmocom_ms *ms, uint8_t cause)
2322 struct gsm48_hdr *gh;
2323 struct gsm48_ass_cpl *ac;
2325 LOGP(DRR, LOGL_INFO, "ASSIGNMENT COMPLETE (cause #%d)\n", cause);
2327 nmsg = gsm48_l3_msgb_alloc();
2330 gh = (struct gsm48_hdr *) msgb_put(nmsg, sizeof(*gh));
2331 ac = (struct gsm48_ass_cpl *) msgb_put(nmsg, sizeof(*ac));
2333 gh->proto_discr = GSM48_PDISC_RR;
2334 gh->msg_type = GSM48_MT_RR_ASS_COMPL;
2337 ac->rr_cause = cause;
2339 return gsm48_send_rsl(ms, RSL_MT_DATA_REQ, nmsg);
2342 /* 9.1.4 sending ASSIGNMENT FAILURE */
2343 static int gsm48_rr_tx_ass_fail(struct osmocom_ms *ms, uint8_t cause)
2346 struct gsm48_hdr *gh;
2347 struct gsm48_ass_fail *af;
2349 LOGP(DRR, LOGL_INFO, "ASSIGNMENT FAILURE (cause #%d)\n", cause);
2351 nmsg = gsm48_l3_msgb_alloc();
2354 gh = (struct gsm48_hdr *) msgb_put(nmsg, sizeof(*gh));
2355 af = (struct gsm48_ass_fail *) msgb_put(nmsg, sizeof(*af));
2357 gh->proto_discr = GSM48_PDISC_RR;
2358 gh->msg_type = GSM48_MT_RR_ASS_COMPL;
2361 af->rr_cause = cause;
2363 return gsm48_send_rsl(ms, RSL_MT_DATA_REQ, nmsg);
2366 /* 9.1.18 IMMEDIATE ASSIGNMENT is received */
2367 static int gsm48_rr_rx_imm_ass(struct osmocom_ms *ms, struct msgb *msg)
2369 struct gsm48_rrlayer *rr = &ms->rrlayer;
2370 struct gsm48_imm_ass *ia = msgb_l3(msg);
2371 int ma_len = msgb_l3len(msg) - sizeof(*ia);
2372 uint8_t ch_type, ch_subch, ch_ts;
2373 struct gsm48_rr_cd cd;
2374 uint8_t *st, st_len;
2376 memset(&cd, 0, sizeof(cd));
2378 if (ma_len < 0 /* mobile allocation IE must be included */
2379 || ia->mob_alloc_len > ma_len) { /* short read of IE */
2380 LOGP(DRR, LOGL_NOTICE, "Short read of IMMEDIATE ASSIGNMENT "
2384 if (ia->mob_alloc_len > 8) {
2385 LOGP(DRR, LOGL_NOTICE, "Moble allocation in IMMEDIATE "
2386 "ASSIGNMENT too large.\n");
2391 st_len = ma_len - ia->mob_alloc_len;
2392 st = ia->mob_alloc + ia->mob_alloc_len;
2393 if (st_len >= 3 && st[0] == GSM48_IE_START_TIME)
2394 gsm48_decode_start_time(&cd, (struct gsm48_start_time *)(st+1));
2396 /* decode channel description */
2397 LOGP(DRR, LOGL_INFO, "IMMEDIATE ASSIGNMENT:");
2398 cd.chan_nr = ia->chan_desc.chan_nr;
2399 rsl_dec_chan_nr(cd.chan_nr, &ch_type, &ch_subch, &ch_ts);
2400 if (ia->chan_desc.h0.h) {
2402 gsm48_decode_chan_h1(&ia->chan_desc, &cd.tsc, &cd.maio,
2404 LOGP(DRR, LOGL_INFO, " (ta %d/%dm ra 0x%02x chan_nr 0x%02x "
2405 "MAIO %u HSN %u TS %u SS %u TSC %u)\n",
2407 ia->timing_advance * GSM_TA_CM / 100,
2408 ia->req_ref.ra, ia->chan_desc.chan_nr, cd.maio,
2409 cd.hsn, ch_ts, ch_subch, cd.tsc);
2412 gsm48_decode_chan_h0(&ia->chan_desc, &cd.tsc, &cd.arfcn);
2413 LOGP(DRR, LOGL_INFO, " (ta %d/%dm ra 0x%02x chan_nr 0x%02x "
2414 "ARFCN %u TS %u SS %u TSC %u)\n",
2416 ia->timing_advance * GSM_TA_CM / 100,
2417 ia->req_ref.ra, ia->chan_desc.chan_nr, cd.arfcn,
2418 ch_ts, ch_subch, cd.tsc);
2421 /* 3.3.1.1.2: ignore assignment while idle */
2422 if (rr->state != GSM48_RR_ST_CONN_PEND || !rr->wait_assign) {
2423 LOGP(DRR, LOGL_INFO, "Not for us, no request.\n");
2428 if (gsm48_match_ra(ms, &ia->req_ref)) {
2429 /* channel description */
2430 memcpy(&rr->cd_now, &cd, sizeof(rr->cd_now));
2431 /* timing advance */
2432 rr->cd_now.ta = ia->timing_advance;
2433 /* mobile allocation */
2434 memcpy(&rr->cd_now.mob_alloc_lv, &ia->mob_alloc_len,
2435 ia->mob_alloc_len + 1);
2436 rr->wait_assign = 0;
2437 return gsm48_rr_dl_est(ms);
2439 LOGP(DRR, LOGL_INFO, "Request, but not for us.\n");
2444 /* 9.1.19 IMMEDIATE ASSIGNMENT EXTENDED is received */
2445 static int gsm48_rr_rx_imm_ass_ext(struct osmocom_ms *ms, struct msgb *msg)
2447 struct gsm48_rrlayer *rr = &ms->rrlayer;
2448 struct gsm48_imm_ass_ext *ia = msgb_l3(msg);
2449 int ma_len = msgb_l3len(msg) - sizeof(*ia);
2450 uint8_t ch_type, ch_subch, ch_ts;
2451 struct gsm48_rr_cd cd1, cd2;
2452 uint8_t *st, st_len;
2454 memset(&cd1, 0, sizeof(cd1));
2455 memset(&cd2, 0, sizeof(cd2));
2457 if (ma_len < 0 /* mobile allocation IE must be included */
2458 || ia->mob_alloc_len > ma_len) { /* short read of IE */
2459 LOGP(DRR, LOGL_NOTICE, "Short read of IMMEDIATE ASSIGNMENT "
2460 "EXTENDED message.\n");
2463 if (ia->mob_alloc_len > 4) {
2464 LOGP(DRR, LOGL_NOTICE, "Moble allocation in IMMEDIATE "
2465 "ASSIGNMENT EXTENDED too large.\n");
2470 st_len = ma_len - ia->mob_alloc_len;
2471 st = ia->mob_alloc + ia->mob_alloc_len;
2472 if (st_len >= 3 && st[0] == GSM48_IE_START_TIME) {
2473 gsm48_decode_start_time(&cd1,
2474 (struct gsm48_start_time *)(st+1));
2475 memcpy(&cd2, &cd1, sizeof(cd2));
2478 /* decode channel description */
2479 LOGP(DRR, LOGL_INFO, "IMMEDIATE ASSIGNMENT EXTENDED:\n");
2480 cd2.chan_nr = ia->chan_desc1.chan_nr;
2481 rsl_dec_chan_nr(cd1.chan_nr, &ch_type, &ch_subch, &ch_ts);
2482 if (ia->chan_desc1.h0.h) {
2484 gsm48_decode_chan_h1(&ia->chan_desc1, &cd1.tsc, &cd1.maio,
2486 LOGP(DRR, LOGL_INFO, " assignment 1 (ta %d/%dm ra 0x%02x "
2487 "chan_nr 0x%02x MAIO %u HSN %u TS %u SS %u TSC %u)\n",
2488 ia->timing_advance1,
2489 ia->timing_advance1 * GSM_TA_CM / 100,
2490 ia->req_ref1.ra, ia->chan_desc1.chan_nr, cd1.maio,
2491 cd1.hsn, ch_ts, ch_subch, cd1.tsc);
2494 gsm48_decode_chan_h0(&ia->chan_desc1, &cd1.tsc, &cd1.arfcn);
2495 LOGP(DRR, LOGL_INFO, " assignment 1 (ta %d/%dm ra 0x%02x "
2496 "chan_nr 0x%02x ARFCN %u TS %u SS %u TSC %u)\n",
2497 ia->timing_advance1,
2498 ia->timing_advance1 * GSM_TA_CM / 100,
2499 ia->req_ref1.ra, ia->chan_desc1.chan_nr, cd1.arfcn,
2500 ch_ts, ch_subch, cd1.tsc);
2502 cd2.chan_nr = ia->chan_desc2.chan_nr;
2503 rsl_dec_chan_nr(cd2.chan_nr, &ch_type, &ch_subch, &ch_ts);
2504 if (ia->chan_desc2.h0.h) {
2506 gsm48_decode_chan_h1(&ia->chan_desc2, &cd2.tsc, &cd2.maio,
2508 LOGP(DRR, LOGL_INFO, " assignment 2 (ta %d/%dm ra 0x%02x "
2509 "chan_nr 0x%02x MAIO %u HSN %u TS %u SS %u TSC %u)\n",
2510 ia->timing_advance2,
2511 ia->timing_advance2 * GSM_TA_CM / 100,
2512 ia->req_ref2.ra, ia->chan_desc2.chan_nr, cd2.maio,
2513 cd2.hsn, ch_ts, ch_subch, cd2.tsc);
2516 gsm48_decode_chan_h0(&ia->chan_desc2, &cd2.tsc, &cd2.arfcn);
2517 LOGP(DRR, LOGL_INFO, " assignment 2 (ta %d/%dm ra 0x%02x "
2518 "chan_nr 0x%02x ARFCN %u TS %u SS %u TSC %u)\n",
2519 ia->timing_advance2,
2520 ia->timing_advance2 * GSM_TA_CM / 100,
2521 ia->req_ref2.ra, ia->chan_desc2.chan_nr, cd2.arfcn,
2522 ch_ts, ch_subch, cd2.tsc);
2525 /* 3.3.1.1.2: ignore assignment while idle */
2526 if (rr->state != GSM48_RR_ST_CONN_PEND || !rr->wait_assign) {
2527 LOGP(DRR, LOGL_INFO, "Not for us, no request.\n");
2532 if (gsm48_match_ra(ms, &ia->req_ref1)) {
2533 /* channel description */
2534 memcpy(&rr->cd_now, &cd1, sizeof(rr->cd_now));
2535 /* timing advance */
2536 rr->cd_now.ta = ia->timing_advance1;
2537 /* mobile allocation */
2538 memcpy(&rr->cd_now.mob_alloc_lv, &ia->mob_alloc_len,
2539 ia->mob_alloc_len + 1);
2540 rr->wait_assign = 0;
2541 return gsm48_rr_dl_est(ms);
2544 if (gsm48_match_ra(ms, &ia->req_ref2)) {
2545 /* channel description */
2546 memcpy(&rr->cd_now, &cd2, sizeof(rr->cd_now));
2547 /* timing advance */
2548 rr->cd_now.ta = ia->timing_advance2;
2549 /* mobile allocation */
2550 memcpy(&rr->cd_now.mob_alloc_lv, &ia->mob_alloc_len,
2551 ia->mob_alloc_len + 1);
2552 rr->wait_assign = 0;
2553 return gsm48_rr_dl_est(ms);
2555 LOGP(DRR, LOGL_INFO, "Request, but not for us.\n");
2560 /* 9.1.20 IMMEDIATE ASSIGNMENT REJECT is received */
2561 static int gsm48_rr_rx_imm_ass_rej(struct osmocom_ms *ms, struct msgb *msg)
2563 struct gsm48_rrlayer *rr = &ms->rrlayer;
2564 struct gsm48_imm_ass_rej *ia = msgb_l3(msg);
2565 int payload_len = msgb_l3len(msg) - sizeof(*ia);
2567 struct gsm48_req_ref *req_ref;
2568 uint8_t t3122_value;
2570 /* 3.3.1.1.2: ignore assignment while idle */
2571 if (rr->state != GSM48_RR_ST_CONN_PEND || !rr->wait_assign)
2574 if (payload_len < 0) {
2575 LOGP(DRR, LOGL_NOTICE, "Short read of IMMEDIATE ASSIGNMENT "
2576 "REJECT message.\n");
2580 for (i = 0; i < 4; i++) {
2581 /* request reference */
2582 req_ref = (struct gsm48_req_ref *)
2583 (((uint8_t *)&ia->req_ref1) + i * 4);
2584 LOGP(DRR, LOGL_INFO, "IMMEDIATE ASSIGNMENT REJECT "
2585 "(ref 0x%02x)\n", req_ref->ra);
2586 if (gsm48_match_ra(ms, req_ref)) {
2587 /* wait indication */
2588 t3122_value = *(((uint8_t *)&ia->wait_ind1) + i * 4);
2590 start_rr_t3122(rr, t3122_value, 0);
2591 /* start timer 3126 if not already */
2592 if (!bsc_timer_pending(&rr->t3126))
2593 start_rr_t3126(rr, 5, 0); /* TODO improve! */
2594 /* stop assignmnet requests */
2597 /* wait until timer 3126 expires, then release
2598 * or wait for channel assignment */
2606 /* 9.1.1 ADDITIONAL ASSIGMENT is received */
2607 static int gsm48_rr_rx_add_ass(struct osmocom_ms *ms, struct msgb *msg)
2609 struct gsm48_hdr *gh = msgb_l3(msg);
2610 struct gsm48_add_ass *aa = (struct gsm48_add_ass *)gh->data;
2611 int payload_len = msgb_l3len(msg) - sizeof(*gh) - sizeof(*aa);
2612 struct tlv_parsed tp;
2614 if (payload_len < 0) {
2615 LOGP(DRR, LOGL_NOTICE, "Short read of ADDITIONAL ASSIGNMENT "
2617 return gsm48_rr_tx_rr_status(ms,
2618 GSM48_RR_CAUSE_PROT_ERROR_UNSPC);
2620 tlv_parse(&tp, &gsm48_rr_att_tlvdef, aa->data, payload_len, 0, 0);
2622 return gsm48_rr_tx_rr_status(ms, GSM48_RR_CAUSE_PROT_ERROR_UNSPC);
2626 * measturement reports
2629 static int gsm48_rr_tx_meas_rep(struct osmocom_ms *ms)
2631 struct gsm48_rrlayer *rr = &ms->rrlayer;
2632 struct gsm48_rr_meas *meas = &rr->meas;
2634 struct gsm48_hdr *gh;
2635 struct gsm48_meas_res *mr;
2637 nmsg = gsm48_l3_msgb_alloc();
2640 gh = (struct gsm48_hdr *) msgb_put(nmsg, sizeof(*gh));
2641 mr = (struct gsm48_meas_res *) msgb_put(nmsg, sizeof(*mr));
2643 gh->proto_discr = GSM48_PDISC_RR;
2644 gh->msg_type = GSM48_MT_RR_MEAS_REP;
2646 /* measurement results */
2647 mr->rxlev_full = meas->rxlev_full;
2648 mr->rxlev_sub = meas->rxlev_sub;
2649 mr->rxqual_full = meas->rxqual_full;
2650 mr->rxqual_sub = meas->rxqual_sub;
2651 mr->dtx_used = meas->dtx;
2652 mr->ba_used = meas->ba;
2653 mr->meas_valid = meas->meas_valid;
2654 if (meas->ncell_na) {
2655 /* no results for serving cells */
2659 mr->no_nc_n_hi = meas->count >> 2;
2660 mr->no_nc_n_lo = meas->count & 3;
2662 mr->rxlev_nc1 = meas->rxlev_nc[0];
2663 mr->rxlev_nc2_hi = meas->rxlev_nc[1] >> 1;
2664 mr->rxlev_nc2_lo = meas->rxlev_nc[1] & 1;
2665 mr->rxlev_nc3_hi = meas->rxlev_nc[2] >> 2;
2666 mr->rxlev_nc3_lo = meas->rxlev_nc[2] & 3;
2667 mr->rxlev_nc4_hi = meas->rxlev_nc[3] >> 3;
2668 mr->rxlev_nc4_lo = meas->rxlev_nc[3] & 7;
2669 mr->rxlev_nc5_hi = meas->rxlev_nc[4] >> 4;
2670 mr->rxlev_nc5_lo = meas->rxlev_nc[4] & 15;
2671 mr->rxlev_nc6_hi = meas->rxlev_nc[5] >> 5;
2672 mr->rxlev_nc6_lo = meas->rxlev_nc[5] & 31;
2673 mr->bsic_nc1_hi = meas->bsic_nc[0] >> 3;
2674 mr->bsic_nc1_lo = meas->bsic_nc[0] & 7;
2675 mr->bsic_nc2_hi = meas->bsic_nc[1] >> 4;
2676 mr->bsic_nc2_lo = meas->bsic_nc[1] & 15;
2677 mr->bsic_nc3_hi = meas->bsic_nc[2] >> 5;
2678 mr->bsic_nc3_lo = meas->bsic_nc[2] & 31;
2679 mr->bsic_nc4 = meas->bsic_nc[3];
2680 mr->bsic_nc5 = meas->bsic_nc[4];
2681 mr->bsic_nc6 = meas->bsic_nc[5];
2682 mr->bcch_f_nc1 = meas->bcch_f_nc[0];
2683 mr->bcch_f_nc2 = meas->bcch_f_nc[1];
2684 mr->bcch_f_nc3 = meas->bcch_f_nc[2];
2685 mr->bcch_f_nc4 = meas->bcch_f_nc[3];
2686 mr->bcch_f_nc5_hi = meas->bcch_f_nc[4] >> 1;
2687 mr->bcch_f_nc5_lo = meas->bcch_f_nc[4] & 1;
2688 mr->bcch_f_nc6_hi = meas->bcch_f_nc[5] >> 2;
2689 mr->bcch_f_nc6_lo = meas->bcch_f_nc[5] & 3;
2691 return gsm48_send_rsl(ms, RSL_MT_UNIT_DATA_REQ, nmsg);
2695 * link establishment and release
2698 /* activate link and send establish request */
2699 static int gsm48_rr_dl_est(struct osmocom_ms *ms)
2701 struct gsm48_rrlayer *rr = &ms->rrlayer;
2702 struct gsm_subscriber *subscr = &ms->subscr;
2704 struct gsm48_hdr *gh;
2705 struct gsm48_pag_rsp *pr;
2707 uint8_t ch_type, ch_subch, ch_ts;
2712 /* flush pending RACH requests */
2714 rr->n_chan_req = 0; // just to be safe
2715 nmsg = msgb_alloc_headroom(20, 16, "RAND_FLUSH");
2718 gsm48_send_rsl(ms, RSL_MT_RAND_ACC_FLSH, msg);
2720 if (bsc_timer_pending(&rr->temp_rach_ti))
2721 bsc_del_timer(&rr->temp_rach_ti);
2724 /* send DL_EST_REQ */
2725 if (rr->rr_est_msg) {
2726 /* use queued message */
2727 nmsg = rr->rr_est_msg;
2729 LOGP(DRR, LOGL_INFO, "sending establish message\n");
2731 /* create paging response */
2732 nmsg = gsm48_l3_msgb_alloc();
2735 gh = (struct gsm48_hdr *) msgb_put(nmsg, sizeof(*gh));
2736 pr = (struct gsm48_pag_rsp *) msgb_put(nmsg, sizeof(*pr));
2738 pr->key_seq = subscr->key_seq;
2740 pr->cm2_len = sizeof(pr->cm2);
2741 gsm48_rr_enc_cm2(ms, &pr->cm2);
2742 /* mobile identity */
2743 if (ms->subscr.tmsi_valid) {
2744 gsm48_generate_mid_from_tmsi(mi, subscr->tmsi);
2745 LOGP(DRR, LOGL_INFO, "sending paging response with "
2747 } else if (subscr->imsi[0]) {
2748 gsm48_generate_mid_from_imsi(mi, subscr->imsi);
2749 LOGP(DRR, LOGL_INFO, "sending paging response with "
2753 mi[2] = 0xf0 | GSM_MI_TYPE_NONE;
2754 LOGP(DRR, LOGL_INFO, "sending paging response without "
2757 msgb_put(nmsg, 1 + mi[1]);
2758 memcpy(pr->data, mi + 1, 1 + mi[1]);
2761 /* activate channel */
2763 RSL_MT_ to activate channel with all the cd_now informations
2765 rsl_dec_chan_nr(rr->cd_now.chan_nr, &ch_type, &ch_subch, &ch_ts);
2766 if (ch_type != RSL_CHAN_SDCCH4_ACCH || ch_ts != 0) {
2767 printf("Channel type not supported, exitting.\n");
2770 tx_ph_dm_est_req(ms, rr->cd_now.arfcn, rr->cd_now.chan_nr);
2773 /* start establishmnet */
2774 return gsm48_send_rsl(ms, RSL_MT_EST_REQ, nmsg);
2777 /* the link is established */
2778 static int gsm48_rr_estab_cnf(struct osmocom_ms *ms, struct msgb *msg)
2780 struct gsm48_rrlayer *rr = &ms->rrlayer;
2783 /* if MM has releases before confirm, we start release */
2784 if (rr->state == GSM48_RR_ST_IDLE) {
2785 LOGP(DRR, LOGL_INFO, "MM already released RR.\n");
2786 /* release message */
2787 nmsg = gsm48_l3_msgb_alloc();
2791 return gsm48_send_rsl(ms, RSL_MT_REL_REQ, nmsg);
2795 new_rr_state(rr, GSM48_RR_ST_DEDICATED);
2797 /* send confirm to upper layer */
2798 nmsg = gsm48_rr_msgb_alloc(
2799 (rr->rr_est_req) ? GSM48_RR_EST_CNF : GSM48_RR_EST_IND);
2802 return gsm48_rr_upmsg(ms, nmsg);
2805 /* the link is released */
2806 static int gsm48_rr_rel_cnf(struct osmocom_ms *ms, struct msgb *msg)
2808 struct gsm48_rrlayer *rr = &ms->rrlayer;
2810 /* deactivate channel */
2811 LOGP(DRR, LOGL_INFO, "deactivating channel (arfcn %d)\n",
2814 release and give new arfcn
2815 tx_ph_dm_rel_req(ms, arfcn, rr->chan_desc.chan_desc.chan_nr);
2817 l1ctl_tx_fbsb_req(ms, rr->cd_now.arfcn, 0x07, 100, 0);
2820 /* do nothing, because we aleady IDLE
2821 * or we received the rel cnf of the last connection
2822 * while already requesting a new one (CONN PEND)
2829 * radio ressource requests
2832 /* establish request for dedicated mode */
2833 static int gsm48_rr_est_req(struct osmocom_ms *ms, struct msgb *msg)
2835 struct gsm48_rrlayer *rr = &ms->rrlayer;
2836 struct gsm322_cellsel *cs = &ms->cellsel;
2837 struct gsm48_sysinfo *s = cs->si;
2838 struct gsm_subscriber *subscr = &ms->subscr;
2839 struct gsm48_rr_hdr *rrh = (struct gsm48_rr_hdr *) msg->data;
2840 struct gsm48_hdr *gh = msgb_l3(msg);
2843 struct gsm48_rr_hdr *nrrh;
2847 if (bsc_timer_pending(&rr->t3122)) {
2848 if (rrh->cause != RR_EST_CAUSE_EMERGENCY) {
2849 LOGP(DRR, LOGL_INFO, "T3122 running, rejecting!\n");
2850 cause = RR_REL_CAUSE_T3122;
2852 nmsg = gsm48_rr_msgb_alloc(GSM48_RR_REL_IND);
2855 nrrh = (struct gsm48_rr_hdr *)nmsg->data;
2856 nrrh->cause = cause;
2857 return gsm48_rr_upmsg(ms, nmsg);
2859 LOGP(DRR, LOGL_INFO, "T3122 running, but emergency call\n");
2864 if (!cs->selected) {
2865 LOGP(DRR, LOGL_INFO, "No cell selected, rejecting!\n");
2866 cause = RR_REL_CAUSE_TRY_LATER;
2870 /* check if camping */
2871 if (cs->state != GSM322_C3_CAMPED_NORMALLY
2872 && rrh->cause != RR_EST_CAUSE_EMERGENCY) {
2873 LOGP(DRR, LOGL_INFO, "Not camping normally, rejecting!\n");
2874 cause = RR_REL_CAUSE_EMERGENCY_ONLY;
2877 if (cs->state != GSM322_C3_CAMPED_NORMALLY
2878 && cs->state != GSM322_C7_CAMPED_ANY_CELL) {
2879 LOGP(DRR, LOGL_INFO, "Not camping, rejecting!\n");
2880 cause = RR_REL_CAUSE_TRY_LATER;
2884 /* check for relevant informations */
2886 LOGP(DRR, LOGL_INFO, "Not enough SI, rejecting!\n");
2887 cause = RR_REL_CAUSE_TRY_LATER;
2892 if (!subscr->acc_barr && s->cell_barr) {
2893 LOGP(DRR, LOGL_INFO, "Cell barred, rejecting!\n");
2894 cause = RR_REL_CAUSE_NOT_AUTHORIZED;
2897 if (rrh->cause == RR_EST_CAUSE_EMERGENCY)
2898 acc_class = subscr->acc_class | 0x0400;
2900 acc_class = subscr->acc_class & 0xfbff;
2901 if (!subscr->acc_barr && !(acc_class & (s->class_barr ^ 0xffff))) {
2902 LOGP(DRR, LOGL_INFO, "Cell barred for our access class (access "
2903 "%04x barred %04x)!\n", acc_class, s->class_barr);
2904 cause = RR_REL_CAUSE_NOT_AUTHORIZED;
2908 /* requested by RR */
2911 /* clone and store REQUEST message */
2913 LOGP(DRR, LOGL_ERROR, "Error, missing l3 message\n");
2916 rr->rr_est_msg = gsm48_l3_msgb_alloc();
2917 if (!rr->rr_est_msg)
2919 memcpy(msgb_put(rr->rr_est_msg, msgb_l3len(msg)),
2920 msgb_l3(msg), msgb_l3len(msg));
2922 /* request channel */
2923 return gsm48_rr_chan_req(ms, rrh->cause, 0);
2926 /* send all queued messages down to layer 2 */
2927 static int gsm48_rr_dequeue_down(struct osmocom_ms *ms)
2929 struct gsm48_rrlayer *rr = &ms->rrlayer;
2932 while((msg = msgb_dequeue(&rr->downqueue))) {
2933 LOGP(DRR, LOGL_INFO, "Sending queued message.\n");
2934 gsm48_send_rsl(ms, RSL_MT_DATA_REQ, msg);
2940 /* 3.4.2 transfer data in dedicated mode */
2941 static int gsm48_rr_data_req(struct osmocom_ms *ms, struct msgb *msg)
2943 struct gsm48_rrlayer *rr = &ms->rrlayer;
2945 if (rr->state != GSM48_RR_ST_DEDICATED) {
2950 /* pull RR header */
2951 msgb_pull(msg, sizeof(struct gsm48_rr_hdr));
2953 /* queue message, during handover or assignment procedure */
2954 if (rr->hando_susp_state || rr->assign_susp_state) {
2955 LOGP(DRR, LOGL_INFO, "Queueing message during suspend.\n");
2956 msgb_enqueue(&rr->downqueue, msg);
2960 /* forward message */
2961 return gsm48_send_rsl(ms, RSL_MT_DATA_REQ, msg);
2965 * data indications from data link
2968 /* 3.4.2 data from layer 2 to RR and upper layer*/
2969 static int gsm48_rr_data_ind(struct osmocom_ms *ms, struct msgb *msg)
2971 struct gsm48_hdr *gh = msgb_l3(msg);
2972 struct gsm48_rr_hdr *rrh;
2973 uint8_t pdisc = gh->proto_discr & 0x0f;
2975 if (pdisc == GSM48_PDISC_RR) {
2977 uint8_t skip_ind = (gh->proto_discr & 0xf0) >> 4;
2979 /* ignore if skip indicator is not B'0000' */
2983 switch(gh->msg_type) {
2984 case GSM48_MT_RR_ADD_ASS:
2985 rc = gsm48_rr_rx_add_ass(ms, msg);
2988 case GSM48_MT_RR_ASS_CMD:
2989 rc = gsm48_rr_rx_ass_cmd(ms, msg);
2991 case GSM48_MT_RR_CIP_MODE_CMD:
2992 rc = gsm48_rr_rx_cip_mode_cmd(ms, msg);
2995 case GSM48_MT_RR_CLSM_ENQ:
2996 rc = gsm48_rr_rx_cm_enq(ms, msg);
2999 case GSM48_MT_RR_HANDO_CMD:
3000 rc = gsm48_rr_rx_hando_cmd(ms, msg);
3002 case GSM48_MT_RR_FREQ_REDEF:
3003 rc = gsm48_rr_rx_freq_redef(ms, msg);
3007 LOGP(DRR, LOGL_NOTICE, "Message type 0x%02x unknown.\n",
3010 /* status message */
3011 gsm48_rr_tx_rr_status(ms, GSM48_RR_CAUSE_MSG_TYPE_N);
3018 /* pull off RSL header up to L3 message */
3019 msgb_pull(msg, (long)msgb_l3(msg) - (long)msg->data);
3021 /* push RR header */
3022 msgb_push(msg, sizeof(struct gsm48_rr_hdr));
3023 rrh = (struct gsm48_rr_hdr *)msg->data;
3024 rrh->msg_type = GSM48_RR_DATA_IND;
3026 return gsm48_rr_upmsg(ms, msg);
3029 /* receive BCCH at RR layer */
3030 static int gsm48_rr_rx_bcch(struct osmocom_ms *ms, struct msgb *msg)
3032 struct gsm48_system_information_type_header *sih = msgb_l3(msg);
3034 switch (sih->system_information) {
3035 case GSM48_MT_RR_SYSINFO_1:
3036 return gsm48_rr_rx_sysinfo1(ms, msg);
3037 case GSM48_MT_RR_SYSINFO_2:
3038 return gsm48_rr_rx_sysinfo2(ms, msg);
3039 case GSM48_MT_RR_SYSINFO_2bis:
3040 return gsm48_rr_rx_sysinfo2bis(ms, msg);
3041 case GSM48_MT_RR_SYSINFO_2ter:
3042 return gsm48_rr_rx_sysinfo2ter(ms, msg);
3043 case GSM48_MT_RR_SYSINFO_3:
3044 return gsm48_rr_rx_sysinfo3(ms, msg);
3045 case GSM48_MT_RR_SYSINFO_4:
3046 return gsm48_rr_rx_sysinfo4(ms, msg);
3049 LOGP(DRR, LOGL_NOTICE, "BCCH message type 0x%02x not sup.\n",
3050 sih->system_information);
3056 /* receive CCCH at RR layer */
3057 static int gsm48_rr_rx_pch_agch(struct osmocom_ms *ms, struct msgb *msg)
3059 struct gsm48_system_information_type_header *sih = msgb_l3(msg);
3061 switch (sih->system_information) {
3062 case GSM48_MT_RR_SYSINFO_5:
3063 return gsm48_rr_rx_sysinfo5(ms, msg);
3064 case GSM48_MT_RR_SYSINFO_5bis:
3065 return gsm48_rr_rx_sysinfo5bis(ms, msg);
3066 case GSM48_MT_RR_SYSINFO_5ter:
3067 return gsm48_rr_rx_sysinfo5ter(ms, msg);
3068 case GSM48_MT_RR_SYSINFO_6:
3069 return gsm48_rr_rx_sysinfo6(ms, msg);
3071 case GSM48_MT_RR_PAG_REQ_1:
3072 return gsm48_rr_rx_pag_req_1(ms, msg);
3073 case GSM48_MT_RR_PAG_REQ_2:
3074 return gsm48_rr_rx_pag_req_2(ms, msg);
3075 case GSM48_MT_RR_PAG_REQ_3:
3076 return gsm48_rr_rx_pag_req_3(ms, msg);
3078 case GSM48_MT_RR_IMM_ASS:
3079 return gsm48_rr_rx_imm_ass(ms, msg);
3080 case GSM48_MT_RR_IMM_ASS_EXT:
3081 return gsm48_rr_rx_imm_ass_ext(ms, msg);
3082 case GSM48_MT_RR_IMM_ASS_REJ:
3083 return gsm48_rr_rx_imm_ass_rej(ms, msg);
3086 LOGP(DRR, LOGL_NOTICE, "CCCH message type 0x%02x unknown.\n",
3087 sih->system_information);
3093 /* unit data from layer 2 to RR layer */
3094 static int gsm48_rr_unit_data_ind(struct osmocom_ms *ms, struct msgb *msg)
3096 struct gsm322_cellsel *cs = &ms->cellsel;
3097 struct abis_rsl_rll_hdr *rllh = msgb_l2(msg);
3098 struct tlv_parsed tv;
3100 DEBUGP(DRSL, "RSLms UNIT DATA IND chan_nr=0x%02x link_id=0x%02x\n",
3101 rllh->chan_nr, rllh->link_id);
3103 rsl_tlv_parse(&tv, rllh->data, msgb_l2len(msg)-sizeof(*rllh));
3104 if (!TLVP_PRESENT(&tv, RSL_IE_L3_INFO)) {
3105 DEBUGP(DRSL, "UNIT_DATA_IND without L3 INFO ?!?\n");
3108 msg->l3h = (uint8_t *) TLVP_VAL(&tv, RSL_IE_L3_INFO);
3110 if (cs->ccch_state != GSM322_CCCH_ST_SYNC
3111 && cs->ccch_state != GSM322_CCCH_ST_DATA)
3114 /* when camping, start/reset loss timer */
3115 if (cs->state == GSM322_C3_CAMPED_NORMALLY
3116 || cs->state == GSM322_C7_CAMPED_ANY_CELL) {
3117 struct gsm48_sysinfo *s = &ms->cellsel.sel_si;
3119 set radio link timeout on layer 1
3120 it is the number of subsequent BCCH blocks. (about 1/4 seconds)
3122 start_loss_timer(cs, s->bcch_radio_link_timeout / 4, 0);
3126 /* temporary moved here until confirm is fixed */
3127 if (cs->ccch_state != GSM322_CCCH_ST_DATA) {
3128 LOGP(DCS, LOGL_INFO, "Channel provides data.\n");
3129 cs->ccch_state = GSM322_CCCH_ST_DATA;
3131 /* in dedicated mode */
3132 if (ms->rrlayer.state == GSM48_RR_ST_CONN_PEND)
3133 return gsm48_rr_tx_rand_acc(ms, NULL);
3135 /* set timer for reading BCCH */
3136 if (cs->state == GSM322_C2_STORED_CELL_SEL
3137 || cs->state == GSM322_C1_NORMAL_CELL_SEL
3138 || cs->state == GSM322_C6_ANY_CELL_SEL
3139 || cs->state == GSM322_C4_NORMAL_CELL_RESEL
3140 || cs->state == GSM322_C8_ANY_CELL_RESEL
3141 || cs->state == GSM322_C5_CHOOSE_CELL
3142 || cs->state == GSM322_C9_CHOOSE_ANY_CELL
3143 || cs->state == GSM322_PLMN_SEARCH
3144 || cs->state == GSM322_HPLMN_SEARCH)
3145 start_cs_timer(cs, ms->support.scan_to, 0);
3146 // TODO: timer depends on BCCH config
3149 switch (rllh->chan_nr) {
3150 case RSL_CHAN_PCH_AGCH:
3151 return gsm48_rr_rx_pch_agch(ms, msg);
3154 #warning testing corrupt frames
3156 if (ms->cellsel.state == GSM322_C7_CAMPED_ANY_CELL)
3157 for(i=0;i<msgb_l3len(msg);i++)
3158 msg->l3h[i] = random();
3161 return gsm48_rr_rx_bcch(ms, msg);
3163 LOGP(DRSL, LOGL_NOTICE, "RSL with chan_nr 0x%02x unknown.\n",
3173 /* state trasitions for link layer messages (lower layer) */
3174 static struct dldatastate {
3177 const char *type_name;
3178 int (*rout) (struct osmocom_ms *ms, struct msgb *msg);
3179 } dldatastatelist[] = {
3180 {SBIT(GSM48_RR_ST_IDLE) | SBIT(GSM48_RR_ST_CONN_PEND),
3181 RSL_MT_UNIT_DATA_IND, "UNIT_DATA_IND", gsm48_rr_unit_data_ind},
3182 {SBIT(GSM48_RR_ST_DEDICATED), /* 3.4.2 */
3183 RSL_MT_DATA_IND, "DATA_IND", gsm48_rr_data_ind},
3184 {SBIT(GSM48_RR_ST_IDLE) | SBIT(GSM48_RR_ST_CONN_PEND),
3185 RSL_MT_EST_CONF, "EST_CONF", gsm48_rr_estab_cnf},
3187 {SBIT(GSM48_RR_ST_DEDICATED),
3188 RSL_MT_EST_CONF, "EST_CONF", gsm48_rr_estab_cnf_dedicated},
3190 RSL_MT_CONNECT_CNF, "CONNECT_CNF", gsm48_rr_connect_cnf},
3192 RSL_MT_RELEASE_IND, "REL_IND", gsm48_rr_rel_ind},
3194 {SBIT(GSM48_RR_ST_IDLE) | SBIT(GSM48_RR_ST_CONN_PEND),
3195 RSL_MT_REL_CONF, "REL_CONF", gsm48_rr_rel_cnf},
3197 {SBIT(GSM48_RR_ST_DEDICATED),
3198 RSL_MT_REL_CONF, "REL_CONF", gsm48_rr_rel_cnf_dedicated},
3200 {SBIT(GSM48_RR_ST_CONN_PEND), /* 3.3.1.1.2 */
3201 RSL_MT_CHAN_CNF, "CHAN_CNF", gsm48_rr_tx_rand_acc},
3203 {SBIT(GSM48_RR_ST_DEDICATED),
3204 RSL_MT_CHAN_CNF, "CHAN_CNF", gsm48_rr_rand_acc_cnf_dedicated},
3206 RSL_MT_MDL_ERROR_IND, "MDL_ERROR_IND", gsm48_rr_mdl_error_ind},
3210 #define DLDATASLLEN \
3211 (sizeof(dldatastatelist) / sizeof(struct dldatastate))
3213 static int gsm48_rcv_rsl(struct osmocom_ms *ms, struct msgb *msg)
3215 struct gsm48_rrlayer *rr = &ms->rrlayer;
3216 struct abis_rsl_rll_hdr *rllh = msgb_l2(msg);
3217 int msg_type = rllh->c.msg_type;
3221 /* find function for current state and message */
3222 for (i = 0; i < DLDATASLLEN; i++)
3223 if ((msg_type == dldatastatelist[i].type)
3224 && ((1 << rr->state) & dldatastatelist[i].states))
3226 if (i == DLDATASLLEN) {
3227 LOGP(DRSL, LOGL_NOTICE, "RSLms message 0x%02x unhandled at "
3228 "state %s.\n", msg_type, gsm48_rr_state_names[rr->state]);
3232 LOGP(DRSL, LOGL_INFO, "(ms %s) Received 'RSL_MT_%s' from RSL in state "
3233 "%s\n", ms->name, dldatastatelist[i].type_name,
3234 gsm48_rr_state_names[rr->state]);
3236 rc = dldatastatelist[i].rout(ms, msg);
3238 /* free msgb unless it is forwarded */
3239 if (dldatastatelist[i].rout != gsm48_rr_data_ind)
3245 /* state trasitions for RR-SAP messages from up */
3246 static struct rrdownstate {
3249 int (*rout) (struct osmocom_ms *ms, struct msgb *msg);
3250 } rrdownstatelist[] = {
3251 {SBIT(GSM48_RR_ST_IDLE), /* 3.3.1.1 */
3252 GSM48_RR_EST_REQ, gsm48_rr_est_req},
3253 {SBIT(GSM48_RR_ST_DEDICATED), /* 3.4.2 */
3254 GSM48_RR_DATA_REQ, gsm48_rr_data_req},
3256 {SBIT(GSM48_RR_ST_CONN_PEND) | SBIT(GSM48_RR_ST_DEDICATED),
3257 GSM48_RR_ABORT_REQ, gsm48_rr_abort_req},
3258 {SBIT(GSM48_RR_ST_DEDICATED),
3259 GSM48_RR_ACT_REQ, gsm48_rr_act_req},
3263 #define RRDOWNSLLEN \
3264 (sizeof(rrdownstatelist) / sizeof(struct rrdownstate))
3266 int gsm48_rr_downmsg(struct osmocom_ms *ms, struct msgb *msg)
3268 struct gsm48_rrlayer *rr = &ms->rrlayer;
3269 struct gsm48_rr_hdr *rrh = (struct gsm48_rr_hdr *) msg->data;
3270 int msg_type = rrh->msg_type;
3274 LOGP(DRR, LOGL_INFO, "(ms %s) Message '%s' received in state %s\n",
3275 ms->name, get_rr_name(msg_type),
3276 gsm48_rr_state_names[rr->state]);
3278 /* find function for current state and message */
3279 for (i = 0; i < RRDOWNSLLEN; i++)
3280 if ((msg_type == rrdownstatelist[i].type)
3281 && ((1 << rr->state) & rrdownstatelist[i].states))
3283 if (i == RRDOWNSLLEN) {
3284 LOGP(DRR, LOGL_NOTICE, "Message unhandled at this state.\n");
3289 rc = rrdownstatelist[i].rout(ms, msg);
3291 /* free msgb uless it is forwarded */
3292 if (rrdownstatelist[i].rout != gsm48_rr_data_req)
3302 int gsm48_rr_init(struct osmocom_ms *ms)
3304 struct gsm48_rrlayer *rr = &ms->rrlayer;
3306 memset(rr, 0, sizeof(*rr));
3309 LOGP(DRR, LOGL_INFO, "init Radio Ressource process\n");
3311 INIT_LLIST_HEAD(&rr->rsl_upqueue);
3312 INIT_LLIST_HEAD(&rr->downqueue);
3313 /* downqueue is handled here, so don't add_work */
3315 osmol2_register_handler(ms, &gsm48_rx_rsl);
3320 int gsm48_rr_exit(struct osmocom_ms *ms)
3322 struct gsm48_rrlayer *rr = &ms->rrlayer;
3325 LOGP(DRR, LOGL_INFO, "exit Radio Ressource process\n");
3328 while ((msg = msgb_dequeue(&rr->rsl_upqueue)))
3330 while ((msg = msgb_dequeue(&rr->downqueue)))
3333 if (rr->rr_est_msg) {
3334 msgb_free(rr->rr_est_msg);
3335 rr->rr_est_msg = NULL;
3346 the process above is complete
3347 ------------------------------------------------------------------------------
3370 add support structure
3371 initialize support structure
3373 queue messages (rslms_data_req) if channel changes
3375 flush rach msg in all cases: during sending, after its done, and when aborted
3376 stop timers on abort
3377 debugging. (wenn dies todo erledigt ist, bitte in den anderen code moven)
3378 wird beim abbruch immer der gepufferte cm-service-request entfernt, auch beim verschicken?:
3380 todo rr_sync_ind when receiving ciph, re ass, channel mode modify
3382 todo change procedures, release procedure
3384 during procedures, like "channel assignment" or "handover", rr requests must be queued
3385 they must be dequeued when complete
3386 they queue must be flushed when rr fails
3388 #include <osmocore/protocol/gsm_04_08.h>
3389 #include <osmocore/msgb.h>
3390 #include <osmocore/utils.h>
3391 #include <osmocore/gsm48.h>
3393 static int gsm48_rr_abort_req(struct osmocom_ms *ms, struct gsm48_rr *rrmsg)
3395 struct gsm48_rrlayer *rr = ms->rrlayer;
3397 if (rr->state == GSM48_RR_ST_DEDICATED) {
3398 struct gsm_dl dlmsg;
3400 memset(&dlmsg, 0, sizeof(dlmsg));
3401 return gsm48_send_rsl(ms, RSL_MT_REL_REQ, nmsg);
3403 new_rr_state(rr, GSM48_RR_ST_IDLE);
3406 static int gsm48_rr_act_req(struct osmocom_ms *ms, struct gsm48_rr *rrmsg)
3413 /* memcopy of LV of given IE from tlv_parsed structure */
3414 static int tlv_copy(void *dest, int dest_len, struct tlv_parsed *tp, uint8_t ie)
3423 if (!TLVP_PRESENT(tp, ie))
3426 len = TLVP_LEN(tp, ie);
3429 if (len + 1 > dest_len)
3432 memcpy(dest, TLVP_VAL(tp, ie) - 1, len + 1);
3436 static int gsm48_rr_rx_ass_cmd(struct osmocom_ms *ms, struct msgb *msg)
3438 struct gsm48_rrlayer *rr = ms->rrlayer;
3439 struct gsm48_hdr *gh = msgb_l3(msg);
3440 struct gsm48_ass_cmd *ac = (struct gsm48_ass_cmd *)gh->data;
3441 int payload_len = msgb_l3len(msg) - sizeof(*gh) - sizeof(*ac);
3442 struct tlv_parsed tp;
3443 struct gsm48_rr_chan_desc cd;
3446 memset(&cd, 0, sizeof(cd));
3448 if (payload_len < 0) {
3449 LOGP(DRR, LOGL_NOTICE, "Short read of ASSIGNMENT COMMAND message.\n");
3450 return gsm48_rr_tx_rr_status(ms, GSM48_RR_CAUSE_PROT_ERROR_UNSPC);
3452 tlv_parse(&tp, &gsm48_rr_att_tlvdef, ac->data, payload_len, 0, 0);
3454 /* channel description */
3455 memcpy(&cd.chan_desc, &ac->chan_desc, sizeof(chan_desc));
3457 cd.power_command = ac->power_command;
3458 /* frequency list, after timer */
3459 tlv_copy(&cd.fl, sizeof(fl_after), &tp, GSM48_IE_FRQLIST_AFTER);
3460 /* cell channel description */
3461 tlv_copy(&cd.ccd, sizeof(ccd), &tp, GSM48_IE_CELL_CH_DESC);
3462 /* multislot allocation */
3463 tlv_copy(&cd.multia, sizeof(ma), &tp, GSM48_IE_MSLOT_DESC);
3465 tlv_copy(&cd.chanmode, sizeof(chanmode), &tp, GSM48_IE_CHANMODE_1);
3466 /* mobile allocation, after time */
3467 tlv_copy(&cd.moba_after, sizeof(moba_after), &tp, GSM48_IE_MOB_AL_AFTER);
3469 tlv_copy(&cd.start, sizeof(start), &tp, GSM_IE_START_TIME);
3470 /* frequency list, before time */
3471 tlv_copy(&cd.fl_before, sizeof(fl_before), &tp, GSM48_IE_FRQLIST_BEFORE);
3472 /* channel description, before time */
3473 tlv_copy(&cd.chan_desc_before, sizeof(cd_before), &tp, GSM48_IE_CHDES_1_BEFORE);
3474 /* frequency channel sequence, before time */
3475 tlv_copy(&cd.fcs_before, sizeof(fcs_before), &tp, GSM48_IE_FRQSEQ_BEFORE);
3476 /* mobile allocation, before time */
3477 tlv_copy(&cd.moba_before, sizeof(moba_before), &tp, GSM48_IE_MOB_AL_BEFORE);
3478 /* cipher mode setting */
3479 if (TLVP_PRESENT(&tp, GSM48_IE_CIP_MODE_SET))
3480 cd.cipher = *TLVP_VAL(&tp, GSM48_IE_CIP_MODE_SET);
3485 LOGP(DRR, LOGL_INFO, "No current cell allocation available.\n");
3486 return gsm48_rr_tx_rr_status(ms, GSM48_RR_CAUSE_NO_CELL_ALLOC_A);
3489 if (not supported) {
3490 LOGP(DRR, LOGL_INFO, "New channel is not supported.\n");
3491 return gsm48_rr_tx_rr_status(ms, RR_CAUSE_CHAN_MODE_UNACCEPT);
3494 if (freq not supported) {
3495 LOGP(DRR, LOGL_INFO, "New frequency is not supported.\n");
3496 return gsm48_rr_tx_rr_status(ms, RR_CAUSE_FREQ_NOT_IMPLEMENTED);
3499 /* store current channel descriptions, to return in case of failure */
3500 memcpy(&rr->chan_last, &rr->chan_desc, sizeof(*cd));
3501 /* copy new description */
3502 memcpy(&rr->chan_desc, cd, sizeof(cd));
3504 /* start suspension of current link */
3505 nmsg = gsm48_l3_msgb_alloc();
3508 gsm48_send_rsl(ms, RSL_MT_SUSP_REQ, msg);
3510 /* change into special assignment suspension state */
3511 rr->assign_susp_state = 1;
3512 rr->resume_last_state = 0;
3517 /* decode "BA Range" (10.5.2.1a) */
3518 static int gsm48_decode_ba_range(uint8_t *ba, uint8_t, ba_len, uint32_t *range,
3519 uint8_t *ranges, int max_ranges)
3521 /* ba = pointer to IE without IE type and length octets
3522 * ba_len = number of octets
3523 * range = pointer to store decoded range
3524 * ranges = number of ranges decoded
3525 * max_ranges = maximum number of decoded ranges that can be stored
3527 uint16_t lower, higher;
3528 int i, n, required_octets;
3530 /* find out how much ba ranges will be decoded */
3533 required_octets = 5 * (n >> 1) + 3 * (n & 1);
3534 if (required_octets > n) {
3542 for (i = 0; i < n; i++) {
3544 /* decode even range number */
3546 lower |= (*ba >> 6);
3547 higher = (*ba++ & 0x3f) << 4;
3550 lower = (*ba++ & 0x0f) << 6;
3552 higher = (*ba++ & 0x03) << 8;
3554 /* decode odd range number */
3556 *range++ = (higher << 16) | lower;
3564 /* decode "Cell Description" (10.5.2.2) */
3565 static int gsm48_decode_cell_desc(struct gsm48_cell_desc *cd, uint16_t *arfcn, uint8_t *ncc uint8_t *bcc)
3567 *arfcn = (cd->bcch_hi << 8) + cd->bcch_lo;
3572 /* decode "Power Command" (10.5.2.28) and (10.5.2.28a) */
3573 static int gsm48_decode_power_cmd_acc(struct gsm48_power_cmd *pc, uint8_t *power_level uint8_t *atc)
3575 *power_level = pc->power_level;
3576 if (atc) /* only in case of 10.5.2.28a */
3580 /* decode "Synchronization Indication" (10.5.2.39) */
3581 static int gsm48_decode_power_cmd_acc(struct gsm48_rrlayer *rr, struct gsm48_rr_sync_ind *si)
3583 rr->ho_sync_ind = si->si;
3584 rr->ho_rot = si->rot;
3585 rr->ho_nci = si->nci;
3588 /* receiving HANDOVER COMMAND message (9.1.15) */
3589 static int gsm48_rr_rx_hando_cmd(struct osmocom_ms *ms, struct msgb *msg)
3591 struct gsm48_rrlayer *rr = ms->rrlayer;
3592 struct gsm48_hdr *gh = msgb_l3(msg);
3593 struct gsm48_ho_cmd *ho = (struct gsm48_ho_cmd *)gh->data;
3594 int payload_len = msgb_l3len(msg) - sizeof(*gh) - wirklich sizeof(*ho);
3595 struct tlv_parsed tp;
3596 struct gsm48_rr_chan_desc cd;
3599 memset(&cd, 0, sizeof(cd));
3601 if (payload_len < 0) {
3602 LOGP(DRR, LOGL_NOTICE, "Short read of HANDOVER COMMAND message.\n");
3603 return gsm48_rr_tx_rr_status(ms, GSM48_RR_CAUSE_PROT_ERROR_UNSPC);
3605 tlv_parse(&tp, &gsm48_rr_att_tlvdef, ho->data, payload_len, 0, 0);
3607 /* decode Cell Description */
3608 gsm_decode_cell_desc(&ho->cell_desc, &cd.bcch_arfcn, &cd.ncc, &cd.bcc);
3609 /* Channel Description */
3610 memcpy(&rr->chan_desc.chan_desc, ho->chan_desc, 3);
3611 /* Handover Reference */
3612 rr->hando_ref = ho->ho_ref;
3613 /* Power Command and access type */
3614 gsm_decode_power_cmd_acc((struct gsm48_power_cmd *)&ho->power_command,
3615 &cd.power_level, cd.atc);
3616 /* Synchronization Indication */
3617 if (TLVP_PRESENT(&tp, GSM48_IE_SYNC_IND))
3618 gsm48_decode_sync_ind(rr,
3619 TLVP_VAL(&tp, GSM48_IE_MOBILE_ALLOC)-1, &cd);
3620 /* Frequency Sort List */
3621 if (TLVP_PRESENT(&tp, GSM48_IE_FREQ_SHORT_LIST))
3622 gsm48_decode_freq_list(&ms->support, s->freq,
3623 TLVP_VAL(&tp, GSM48_IE_MOBILE_ALLOC),
3624 *(TLVP_VAL(&tp, GSM48_IE_MOBILE_ALLOC)-1),
3625 0xce, FREQ_TYPE_SERV);
3628 today: more IE parsing
3630 /* store current channel descriptions, to return in case of failure */
3631 memcpy(&rr->chan_last, &rr->chan_desc, sizeof(*cd));
3632 /* copy new description */
3633 memcpy(&rr->chan_desc, cd, sizeof(cd));
3635 /* start suspension of current link */
3636 nmsg = gsm48_l3_msgb_alloc();
3639 gsm48_send_rsl(ms, RSL_MT_SUSP_REQ, msg);
3641 /* change into special handover suspension state */
3642 rr->hando_susp_state = 1;
3643 rr->resume_last_state = 0;
3648 static int gsm48_rr_estab_cnf_dedicated(struct osmocom_ms *ms, struct msgb *msg)
3650 if (rr->hando_susp_state || rr->assign_susp_state) {
3651 if (rr->resume_last_state) {
3652 rr->resume_last_state = 0;
3653 gsm48_rr_tx_ass_cpl(ms, GSM48_RR_CAUSE_NORMAL);
3655 gsm48_rr_tx_ass_fail(ms, RR_CAUSE_PROTO_ERR_UNSPEC);
3657 /* transmit queued frames during ho / ass transition */
3658 gsm48_rr_dequeue_down(ms);
3664 static int gsm48_rr_connect_cnf(struct osmocom_ms *ms, struct msgbl *msg)
3668 static int gsm48_rr_rel_ind(struct osmocom_ms *ms, struct msgb *msg)
3672 static int gsm48_rr_rel_cnf_dedicated(struct osmocom_ms *ms, struct msgb *msg)
3674 struct gsm48_rrlayer *rr = ms->rrlayer;
3677 if (rr->hando_susp_state || rr->assign_susp_state) {
3680 /* change radio to new channel */
3681 tx_ph_dm_est_req(ms, rr->cd_now.arfcn, rr->cd_now.chan_nr);
3683 nmsg = gsm48_l3_msgb_alloc();
3686 /* send DL-ESTABLISH REQUEST */
3687 gsm48_send_rsl(ms, RSL_MT_EST_REQ, nmsg);
3690 if (rr->hando_susp_state) {
3691 gsm48_rr_tx_hando_access(ms);
3692 rr->hando_acc_left = 3;
3697 static int gsm48_rr_mdl_error_ind(struct osmocom_ms *ms, struct msgb *msg)
3699 struct gsm48_rrlayer *rr = ms->rrlayer;
3701 struct gsm_rr_hdr *nrrh;
3703 if (rr->hando_susp_state || rr->assign_susp_state) {
3704 if (!rr->resume_last_state) {
3705 rr->resume_last_state = 1;
3707 /* get old channel description */
3708 memcpy(&rr->chan_desc, &rr->chan_last, sizeof(*cd));
3710 /* change radio to old channel */
3711 tx_ph_dm_est_req(ms, rr->cd_now.arfcn,
3712 rr->cd_now.chan_nr);
3714 /* re-establish old link */
3715 nmsg = gsm48_l3_msgb_alloc();
3718 return gsm48_send_rsl(ms, RSL_MT_EST_REQ, nmsg);
3720 rr->resume_last_state = 0;
3723 /* deactivate channel */
3724 tx_ph_dm_rel_req(ms, arfcn, rr->chan_desc.chan_desc.chan_nr);
3726 /* send abort ind to upper layer */
3727 nmsg = gsm48_mm_msgb_alloc();
3731 nrrh = (struct gsm_mm_hdr *)nmsg->data;
3732 nrrh->msg_type = RR_ABORT_IND;
3733 nrrh->cause = GSM_MM_CAUSE_LINK_FAILURE;
3734 return gsm48_rr_upmsg(ms, msg);
3737 static void timeout_rr_t3124(void *arg)
3739 struct gsm48_rrlayer *rr = arg;
3742 /* stop sending more access bursts when timer expired */
3745 /* get old channel description */
3746 memcpy(&rr->chan_desc, &rr->chan_last, sizeof(*cd));
3748 /* change radio to old channel */
3749 tx_ph_dm_est_req(ms, rr->cd_now.arfcn, rr->cd_now.chan_nr);
3751 /* re-establish old link */
3752 nmsg = gsm48_l3_msgb_alloc();
3755 return gsm48_send_rsl(ms, RSL_MT_EST_REQ, nmsg);
3760 /* send HANDOVER ACCESS burst (9.1.14) */
3761 static int gsm48_rr_tx_hando_access(struct osmocom_ms *ms)
3763 nmsg = msgb_alloc_headroom(20, 16, "HAND_ACCESS");
3766 *msgb_put(nmsg, 1) = rr->hando_ref;
3768 return gsm48_send_rsl(ms, RSL_MT_RAND_ACC_REQ, nmsg);
3771 /* send next channel request in dedicated state */
3772 static int gsm48_rr_rand_acc_cnf_dedicated(struct osmocom_ms *ms, struct msgb *msg)
3774 struct gsm48_rrlayer *rr = &ms->rrlayer;
3778 if (!rr->hando_susp_state) {
3779 LOGP(DRR, LOGL_NOTICE, "Random acces confirm, but not in handover state.\n");
3783 /* send up to four handover access bursts */
3784 if (rr->hando_acc_left) {
3785 rr->hando_acc_left--;
3786 gsm48_rr_tx_hando_access(ms);
3790 /* start timer for sending next HANDOVER ACCESS bursts afterwards */
3791 if (!bsc_timer_pending(&rr->t3124)) {
3792 if (allocated channel is SDCCH)
3793 start_rr_t3124(rr, GSM_T3124_675);
3795 start_rr_t3124(rr, GSM_T3124_320);
3796 if (!rr->n_chan_req) {
3797 start_rr_t3126(rr, 5, 0); /* TODO improve! */
3802 /* wait for PHYSICAL INFORMATION message or T3124 timeout */