1 #warning rr on MDL error handling (as specified in 04.08 / 04.06)
3 * (C) 2010 by Andreas Eversberg <jolly@eversberg.eu>
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License along
18 * with this program; if not, write to the Free Software Foundation, Inc.,
19 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 /* Very short description of some of the procedures:
25 * A radio ressource request causes sendig a channel request on RACH.
26 * After receiving of an immediate assignment the link will be establised.
27 * After the link is established, the dedicated mode is entered and confirmed.
29 * A Paging request also triggers the channel request as above...
30 * After the link is established, the dedicated mode is entered and indicated.
32 * During dedicated mode, messages are transferred.
34 * When an assignment command or a handover command is received, the current
35 * link is released. After release, the new channel is activated and the
36 * link is established again. After link is establised, pending messages from
37 * radio ressource are sent.
39 * When the assignment or handover fails, the old channel is activate and the
40 * link is established again. Also pending messages are sent.
49 #include <arpa/inet.h>
51 #include <osmocore/msgb.h>
52 #include <osmocore/utils.h>
53 #include <osmocore/rsl.h>
54 #include <osmocore/gsm48.h>
55 #include <osmocore/bitvec.h>
57 #include <osmocom/osmocom_data.h>
58 #include <osmocom/l1l2_interface.h>
59 #include <osmocom/logging.h>
60 #include <osmocom/networks.h>
61 #include <osmocom/l1ctl.h>
63 static int gsm48_rcv_rsl(struct osmocom_ms *ms, struct msgb *msg);
64 static int gsm48_rr_dl_est(struct osmocom_ms *ms);
70 #define MIN(a, b) ((a < b) ? a : b)
72 int gsm48_decode_lai(struct gsm48_loc_area_id *lai, uint16_t *mcc,
73 uint16_t *mnc, uint16_t *lac)
75 *mcc = ((lai->digits[0] & 0x0f) << 8)
76 | (lai->digits[0] & 0xf0)
77 | (lai->digits[1] & 0x0f);
78 *mnc = ((lai->digits[2] & 0x0f) << 8)
79 | (lai->digits[2] & 0xf0)
80 | ((lai->digits[1] & 0xf0) >> 4);
81 *lac = ntohs(lai->lac);
86 static int gsm48_encode_chan_h0(struct gsm48_chan_desc *cd, uint8_t tsc,
91 cd->h0.arfcn_low = arfcn & 0xff;
92 cd->h0.arfcn_high = arfcn >> 8;
97 static int gsm48_encode_chan_h1(struct gsm48_chan_desc *cd, uint8_t tsc,
98 uint8_t maio, uint8_t hsn)
102 cd->h1.maio_low = maio & 0x03;
103 cd->h1.maio_high = maio >> 2;
110 static int gsm48_decode_chan_h0(struct gsm48_chan_desc *cd, uint8_t *tsc,
114 *arfcn = cd->h0.arfcn_low | (cd->h0.arfcn_high << 8);
119 static int gsm48_decode_chan_h1(struct gsm48_chan_desc *cd, uint8_t *tsc,
120 uint8_t *maio, uint8_t *hsn)
123 *maio = cd->h1.maio_low | (cd->h1.maio_high << 2);
129 /* 10.5.2.38 decode Starting time IE */
130 static int gsm48_decode_start_time(struct gsm48_rr_cd *cd,
131 struct gsm48_start_time *st)
133 cd->start_t1 = st->t1;
134 cd->start_t2 = st->t2;
135 cd->start_t3 = (st->t3_high << 3) | st->t3_low;
140 /* decode "BA Range" (10.5.2.1a) */
141 static int gsm48_decode_ba_range(const uint8_t *ba, uint8_t ba_len,
142 uint32_t *range, uint8_t *ranges, int max_ranges)
144 /* ba = pointer to IE without IE type and length octets
145 * ba_len = number of octets
146 * range = pointer to store decoded range
147 * ranges = number of ranges decoded
148 * max_ranges = maximum number of decoded ranges that can be stored
150 uint16_t lower, higher;
151 int i, n, required_octets;
153 /* find out how much ba ranges will be decoded */
156 required_octets = 5 * (n >> 1) + 3 * (n & 1);
157 if (required_octets > ba_len) {
158 LOGP(DRR, LOGL_NOTICE, "BA range IE too short: %d ranges "
159 "require %d octets, but only %d octets remain.\n",
160 n, required_octets, ba_len);
165 LOGP(DRR, LOGL_NOTICE, "BA range %d exceed the maximum number "
166 "of ranges supported by this mobile (%d).\n",
171 for (i = 0; i < n; i++) {
173 /* decode even range number */
176 higher = (*ba++ & 0x3f) << 4;
179 lower = (*ba++ & 0x0f) << 6;
181 higher = (*ba++ & 0x03) << 8;
183 /* decode odd range number */
185 *range++ = (higher << 16) | lower;
196 const char *gsm48_rr_state_names[] = {
198 "connection pending",
203 static void new_rr_state(struct gsm48_rrlayer *rr, int state)
205 if (state < 0 || state >=
206 (sizeof(gsm48_rr_state_names) / sizeof(char *)))
209 LOGP(DRR, LOGL_INFO, "new state %s -> %s\n",
210 gsm48_rr_state_names[rr->state], gsm48_rr_state_names[state]);
214 if (state == GSM48_RR_ST_IDLE) {
215 struct msgb *msg, *nmsg;
217 /* release dedicated mode, if any */
218 // tx_ph_dm_rel_req(rr->ms);
219 l1ctl_tx_reset_req(rr->ms, L1CTL_RES_T_FULL);
220 /* free establish message, if any */
222 if (rr->rr_est_msg) {
223 msgb_free(rr->rr_est_msg);
224 rr->rr_est_msg = NULL;
226 /* free all pending messages */
227 while((msg = msgb_dequeue(&rr->downqueue)))
229 /* clear all descriptions of last channel */
230 memset(&rr->cd_now, 0, sizeof(rr->cd_now));
233 /* tell cell selection process to return to idle mode
234 * NOTE: this must be sent unbuffered, because it will
235 * leave camping state, so it locks against subsequent
236 * establishment of dedicated channel, before the
237 * cell selection process returned to camping state
238 * again. (after cell reselection)
240 nmsg = gsm322_msgb_alloc(GSM322_EVENT_RET_IDLE);
243 gsm322_c_event(rr->ms, nmsg);
245 /* reset any BA range */
254 /* names of RR-SAP */
255 static const struct value_string gsm48_rr_msg_names[] = {
256 { GSM48_RR_EST_REQ, "RR_EST_REQ" },
257 { GSM48_RR_EST_IND, "RR_EST_IND" },
258 { GSM48_RR_EST_CNF, "RR_EST_CNF" },
259 { GSM48_RR_REL_IND, "RR_REL_IND" },
260 { GSM48_RR_SYNC_IND, "RR_SYNC_IND" },
261 { GSM48_RR_DATA_REQ, "RR_DATA_REQ" },
262 { GSM48_RR_DATA_IND, "RR_DATA_IND" },
263 { GSM48_RR_UNIT_DATA_IND, "RR_UNIT_DATA_IND" },
264 { GSM48_RR_ABORT_REQ, "RR_ABORT_REQ" },
265 { GSM48_RR_ABORT_IND, "RR_ABORT_IND" },
266 { GSM48_RR_ACT_REQ, "RR_ACT_REQ" },
270 const char *get_rr_name(int value)
272 return get_value_string(gsm48_rr_msg_names, value);
275 /* allocate GSM 04.08 layer 3 message */
276 struct msgb *gsm48_l3_msgb_alloc(void)
280 msg = msgb_alloc_headroom(L3_ALLOC_SIZE+L3_ALLOC_HEADROOM,
281 L3_ALLOC_HEADROOM, "GSM 04.08 L3");
284 msg->l3h = msg->data;
289 /* allocate GSM 04.08 message (RR-SAP) */
290 struct msgb *gsm48_rr_msgb_alloc(int msg_type)
293 struct gsm48_rr_hdr *rrh;
295 msg = msgb_alloc_headroom(RR_ALLOC_SIZE+RR_ALLOC_HEADROOM,
296 RR_ALLOC_HEADROOM, "GSM 04.08 RR");
300 rrh = (struct gsm48_rr_hdr *) msgb_put(msg, sizeof(*rrh));
301 rrh->msg_type = msg_type;
306 /* queue message (RR-SAP) */
307 int gsm48_rr_upmsg(struct osmocom_ms *ms, struct msgb *msg)
309 struct gsm48_mmlayer *mm = &ms->mmlayer;
311 msgb_enqueue(&mm->rr_upqueue, msg);
316 /* push rsl header and send (RSL-SAP) */
317 static int gsm48_send_rsl(struct osmocom_ms *ms, uint8_t msg_type,
320 struct gsm48_rrlayer *rr = &ms->rrlayer;
326 rsl_rll_push_l3(msg, msg_type, rr->cd_now.chan_nr,
327 rr->cd_now.link_id, 1);
329 return rslms_recvmsg(msg, ms);
332 /* enqueue messages (RSL-SAP) */
333 static int gsm48_rx_rll(struct msgb *msg, struct osmocom_ms *ms)
335 struct gsm48_rrlayer *rr = &ms->rrlayer;
337 msgb_enqueue(&rr->rsl_upqueue, msg);
342 /* input function that L2 calls when sending messages up to L3 */
343 static int gsm48_rx_rsl(struct msgb *msg, struct osmocom_ms *ms)
345 struct abis_rsl_common_hdr *rslh = msgb_l2(msg);
348 switch (rslh->msg_discr & 0xfe) {
349 case ABIS_RSL_MDISC_RLL:
350 rc = gsm48_rx_rll(msg, ms);
353 /* FIXME: implement this */
354 LOGP(DRSL, LOGL_NOTICE, "unknown RSLms msg_discr 0x%02x\n",
364 /* dequeue messages (RSL-SAP) */
365 int gsm48_rsl_dequeue(struct osmocom_ms *ms)
367 struct gsm48_rrlayer *rr = &ms->rrlayer;
371 while ((msg = msgb_dequeue(&rr->rsl_upqueue))) {
372 /* msg is freed there */
373 gsm48_rcv_rsl(ms, msg);
374 work = 1; /* work done */
384 /* special timer to ensure that UA is sent before disconnecting channel */
385 static void timeout_rr_t_rel_wait(void *arg)
387 struct gsm48_rrlayer *rr = arg;
389 LOGP(DRR, LOGL_INFO, "L2 release timer has fired, done waiting\n");
391 /* return to idle now */
392 new_rr_state(rr, GSM48_RR_ST_IDLE);
395 /* 3.4.13.1.1: Timeout of T3110 */
396 static void timeout_rr_t3110(void *arg)
398 struct gsm48_rrlayer *rr = arg;
399 struct osmocom_ms *ms = rr->ms;
403 LOGP(DRR, LOGL_INFO, "timer T3110 has fired, release locally\n");
405 new_rr_state(rr, GSM48_RR_ST_REL_PEND);
407 /* disconnect the main signalling link */
408 nmsg = gsm48_l3_msgb_alloc();
411 mode = msgb_put(nmsg, 2);
412 mode[0] = RSL_IE_RELEASE_MODE;
413 mode[1] = 1; /* local release */
414 gsm48_send_rsl(ms, RSL_MT_REL_REQ, nmsg);
419 static void timeout_rr_t3122(void *arg)
421 LOGP(DRR, LOGL_INFO, "timer T3122 has fired\n");
424 static void timeout_rr_t3126(void *arg)
426 struct gsm48_rrlayer *rr = arg;
427 struct osmocom_ms *ms = rr->ms;
429 LOGP(DRR, LOGL_INFO, "timer T3126 has fired\n");
430 if (rr->rr_est_req) {
431 struct msgb *msg = gsm48_rr_msgb_alloc(GSM48_RR_REL_IND);
432 struct gsm48_rr_hdr *rrh;
434 LOGP(DSUM, LOGL_INFO, "Requesting channel failed\n");
437 rrh = (struct gsm48_rr_hdr *)msg->data;
438 rrh->cause = RR_REL_CAUSE_RA_FAILURE;
439 gsm48_rr_upmsg(ms, msg);
442 new_rr_state(rr, GSM48_RR_ST_IDLE);
445 static void start_rr_t_rel_wait(struct gsm48_rrlayer *rr, int sec, int micro)
447 LOGP(DRR, LOGL_INFO, "starting T_rel_wait with %d seconds\n", sec);
448 rr->t_rel_wait.cb = timeout_rr_t_rel_wait;
449 rr->t_rel_wait.data = rr;
450 bsc_schedule_timer(&rr->t_rel_wait, sec, micro);
453 static void start_rr_t3110(struct gsm48_rrlayer *rr, int sec, int micro)
455 LOGP(DRR, LOGL_INFO, "starting T3110 with %d seconds\n", sec);
456 rr->t3110.cb = timeout_rr_t3110;
458 bsc_schedule_timer(&rr->t3110, sec, micro);
461 static void start_rr_t3122(struct gsm48_rrlayer *rr, int sec, int micro)
463 LOGP(DRR, LOGL_INFO, "starting T3122 with %d seconds\n", sec);
464 rr->t3122.cb = timeout_rr_t3122;
466 bsc_schedule_timer(&rr->t3122, sec, micro);
469 static void start_rr_t3126(struct gsm48_rrlayer *rr, int sec, int micro)
471 LOGP(DRR, LOGL_INFO, "starting T3126 with %d seconds\n", sec);
472 rr->t3126.cb = timeout_rr_t3126;
474 bsc_schedule_timer(&rr->t3126, sec, micro);
477 static void stop_rr_t_rel_wait(struct gsm48_rrlayer *rr)
479 if (bsc_timer_pending(&rr->t_rel_wait)) {
480 LOGP(DRR, LOGL_INFO, "stopping pending timer T_rel_wait\n");
481 bsc_del_timer(&rr->t_rel_wait);
485 static void stop_rr_t3110(struct gsm48_rrlayer *rr)
487 if (bsc_timer_pending(&rr->t3110)) {
488 LOGP(DRR, LOGL_INFO, "stopping pending timer T3110\n");
489 bsc_del_timer(&rr->t3110);
493 static void stop_rr_t3122(struct gsm48_rrlayer *rr)
495 if (bsc_timer_pending(&rr->t3122)) {
496 LOGP(DRR, LOGL_INFO, "stopping pending timer T3122\n");
497 bsc_del_timer(&rr->t3122);
501 static void stop_rr_t3126(struct gsm48_rrlayer *rr)
503 if (bsc_timer_pending(&rr->t3126)) {
504 LOGP(DRR, LOGL_INFO, "stopping pending timer T3126\n");
505 bsc_del_timer(&rr->t3126);
513 /* send rr status request */
514 static int gsm48_rr_tx_rr_status(struct osmocom_ms *ms, uint8_t cause)
517 struct gsm48_hdr *gh;
518 struct gsm48_rr_status *st;
520 LOGP(DRR, LOGL_INFO, "RR STATUS (cause #%d)\n", cause);
522 nmsg = gsm48_l3_msgb_alloc();
525 gh = (struct gsm48_hdr *) msgb_put(nmsg, sizeof(*gh));
526 st = (struct gsm48_rr_status *) msgb_put(nmsg, sizeof(*st));
528 gh->proto_discr = GSM48_PDISC_RR;
529 gh->msg_type = GSM48_MT_RR_CIPH_M_COMPL;
532 st->rr_cause = cause;
534 return gsm48_send_rsl(ms, RSL_MT_DATA_REQ, nmsg);
541 /* send chiperhing mode complete */
542 static int gsm48_rr_tx_cip_mode_cpl(struct osmocom_ms *ms, uint8_t cr)
544 struct gsm_settings *set = &ms->settings;
546 struct gsm48_hdr *gh;
547 uint8_t buf[11], *tlv;
549 LOGP(DRR, LOGL_INFO, "CIPHERING MODE COMPLETE (cr %d)\n", cr);
551 nmsg = gsm48_l3_msgb_alloc();
554 gh = (struct gsm48_hdr *) msgb_put(nmsg, sizeof(*gh));
556 gh->proto_discr = GSM48_PDISC_RR;
557 gh->msg_type = GSM48_MT_RR_CIPH_M_COMPL;
561 gsm48_generate_mid_from_imsi(buf, set->imeisv);
562 tlv = msgb_put(nmsg, 2 + buf[1]);
563 memcpy(tlv, buf, 2 + buf[1]);
566 return gsm48_send_rsl(ms, RSL_MT_DATA_REQ, nmsg);
569 /* receive ciphering mode command */
570 static int gsm48_rr_rx_cip_mode_cmd(struct osmocom_ms *ms, struct msgb *msg)
572 struct gsm48_rrlayer *rr = &ms->rrlayer;
573 struct gsm_support *sup = &ms->support;
574 struct gsm48_hdr *gh = msgb_l3(msg);
575 struct gsm48_cip_mode_cmd *cm = (struct gsm48_cip_mode_cmd *)gh->data;
576 int payload_len = msgb_l3len(msg) - sizeof(*gh) - sizeof(*cm);
577 uint8_t sc, alg_id, cr;
579 if (payload_len < 0) {
580 LOGP(DRR, LOGL_NOTICE, "Short read of CIPHERING MODE COMMAND "
582 return gsm48_rr_tx_rr_status(ms,
583 GSM48_RR_CAUSE_PROT_ERROR_UNSPC);
586 /* cipher mode setting */
589 /* cipher mode response */
593 LOGP(DRR, LOGL_INFO, "CIPHERING MODE COMMAND (sc=%u, cr=%u)",
596 LOGP(DRR, LOGL_INFO, "CIPHERING MODE COMMAND (sc=%u, "
597 "algo=A5/%d cr=%u)", sc, alg_id + 1, cr);
600 if (rr->cipher_on && sc) {
601 LOGP(DRR, LOGL_INFO, "cipering already applied.\n");
602 return gsm48_rr_tx_rr_status(ms,
603 GSM48_RR_CAUSE_PROT_ERROR_UNSPC);
606 /* check if we actually support this cipher */
607 if ((alg_id == GSM_CIPHER_A5_1 && !sup->a5_1)
608 || (alg_id == GSM_CIPHER_A5_2 && !sup->a5_2)
609 || (alg_id == GSM_CIPHER_A5_3 && !sup->a5_3)
610 || (alg_id == GSM_CIPHER_A5_4 && !sup->a5_4)
611 || (alg_id == GSM_CIPHER_A5_5 && !sup->a5_5)
612 || (alg_id == GSM_CIPHER_A5_6 && !sup->a5_6)
613 || (alg_id == GSM_CIPHER_A5_7 && !sup->a5_7))
614 return gsm48_rr_tx_rr_status(ms,
615 GSM48_RR_CAUSE_CHAN_MODE_UNACCT);
617 /* change to ciphering */
619 rsl command to activate ciperhing
621 rr->cipher_on = sc, rr->cipher_type = alg_id;
624 return gsm48_rr_tx_cip_mode_cpl(ms, cr);
631 /* Encode "Classmark 3" (10.5.1.7) */
632 static int gsm48_rr_enc_cm3(struct osmocom_ms *ms, uint8_t *buf, uint8_t *len)
634 struct gsm_support *sup = &ms->support;
637 memset(&bv, 0, sizeof(bv));
642 bitvec_set_bit(&bv, 0);
643 /* band 3 supported */
645 bitvec_set_bit(&bv, ONE);
647 bitvec_set_bit(&bv, ZERO);
648 /* band 2 supported */
649 if (sup->e_gsm || sup->r_gsm)
650 bitvec_set_bit(&bv, ONE);
652 bitvec_set_bit(&bv, ZERO);
653 /* band 1 supported */
654 if (sup->p_gsm && !(sup->e_gsm || sup->r_gsm))
655 bitvec_set_bit(&bv, ONE);
657 bitvec_set_bit(&bv, ZERO);
660 bitvec_set_bit(&bv, ONE);
662 bitvec_set_bit(&bv, ZERO);
664 bitvec_set_bit(&bv, ONE);
666 bitvec_set_bit(&bv, ZERO);
668 bitvec_set_bit(&bv, ONE);
670 bitvec_set_bit(&bv, ZERO);
672 bitvec_set_bit(&bv, ONE);
674 bitvec_set_bit(&bv, ZERO);
675 /* radio capability */
676 if (sup->dcs_1800 && !sup->p_gsm && !(sup->e_gsm || sup->r_gsm)) {
678 bitvec_set_uint(&bv, 0, 4);
679 bitvec_set_uint(&bv, sup->dcs_capa, 4);
681 if (sup->dcs_1800 && (sup->p_gsm || (sup->e_gsm || sup->r_gsm))) {
683 bitvec_set_uint(&bv, sup->dcs_capa, 4);
685 bitvec_set_uint(&bv, sup->low_capa, 4);
688 bitvec_set_uint(&bv, 0, 4);
689 bitvec_set_uint(&bv, sup->low_capa, 4);
693 bitvec_set_bit(&bv, ONE);
694 bitvec_set_uint(&bv, sup->r_capa, 3);
696 bitvec_set_bit(&bv, ZERO);
698 /* multi slot support */
700 bitvec_set_bit(&bv, ONE);
701 bitvec_set_uint(&bv, sup->ms_sup, 5);
703 bitvec_set_bit(&bv, ZERO);
706 if (sup->ucs2_treat) {
707 bitvec_set_bit(&bv, ONE);
709 bitvec_set_bit(&bv, ZERO);
711 /* support extended measurements */
713 bitvec_set_bit(&bv, ONE);
715 bitvec_set_bit(&bv, ZERO);
717 /* support measurement capability */
719 bitvec_set_bit(&bv, ONE);
720 bitvec_set_uint(&bv, sup->sms_val, 4);
721 bitvec_set_uint(&bv, sup->sm_val, 4);
723 bitvec_set_bit(&bv, ZERO);
725 /* positioning method capability */
727 bitvec_set_bit(&bv, ONE);
728 bitvec_set_bit(&bv, sup->e_otd_ass == 1);
729 bitvec_set_bit(&bv, sup->e_otd_based == 1);
730 bitvec_set_bit(&bv, sup->gps_ass == 1);
731 bitvec_set_bit(&bv, sup->gps_based == 1);
732 bitvec_set_bit(&bv, sup->gps_conv == 1);
734 bitvec_set_bit(&bv, ZERO);
737 /* partitial bytes will be completed */
738 *len = (bv.cur_bit + 7) >> 3;
739 bitvec_spare_padding(&bv, (*len * 8) - 1);
744 /* encode classmark 2 */
745 int gsm48_rr_enc_cm2(struct osmocom_ms *ms, struct gsm48_classmark2 *cm)
747 struct gsm48_rrlayer *rr = &ms->rrlayer;
748 struct gsm_support *sup = &ms->support;
750 if (rr->cd_now.arfcn >= 512 && rr->cd_now.arfcn <= 885)
751 cm->pwr_lev = sup->pwr_lev_1800;
753 cm->pwr_lev = sup->pwr_lev_900;
754 cm->a5_1 = sup->a5_1;
755 cm->es_ind = sup->es_ind;
756 cm->rev_lev = sup->rev_lev;
757 cm->fc = (sup->r_gsm || sup->e_gsm);
758 cm->vgcs = sup->vgcs;
760 cm->sm_cap = sup->sms_ptp;
761 cm->ss_scr = sup->ss_ind;
762 cm->ps_cap = sup->ps_cap;
763 cm->a5_2 = sup->a5_2;
764 cm->a5_3 = sup->a5_3;
765 cm->cmsp = sup->cmsp;
766 cm->solsa = sup->solsa;
767 cm->lcsva_cap = sup->lcsva;
772 /* send classmark change */
773 static int gsm48_rr_tx_cm_change(struct osmocom_ms *ms)
775 struct gsm_support *sup = &ms->support;
777 struct gsm48_hdr *gh;
778 struct gsm48_cm_change *cc;
779 uint8_t cm3[14], *tlv;
781 LOGP(DRR, LOGL_INFO, "CLASSMARK CHANGE\n");
783 nmsg = gsm48_l3_msgb_alloc();
786 gh = (struct gsm48_hdr *) msgb_put(nmsg, sizeof(*gh));
787 cc = (struct gsm48_cm_change *) msgb_put(nmsg, sizeof(*cc));
789 gh->proto_discr = GSM48_PDISC_RR;
790 gh->msg_type = GSM48_MT_RR_CLSM_CHG;
793 cc->cm2_len = sizeof(cc->cm2);
794 gsm48_rr_enc_cm2(ms, &cc->cm2);
797 if (sup->dcs_1800 || sup->e_gsm || sup->r_gsm
798 || sup->a5_7 || sup->a5_6 || sup->a5_5 || sup->a5_4
801 || sup->ext_meas || sup->meas_cap
804 cm3[0] = GSM48_IE_CLASSMARK3;
805 gsm48_rr_enc_cm3(ms, cm3 + 2, &cm3[1]);
806 tlv = msgb_put(nmsg, 2 + cm3[1]);
807 memcpy(tlv, cm3, 2 + cm3[1]);
810 return gsm48_send_rsl(ms, RSL_MT_DATA_REQ, nmsg);
813 /* receiving classmark enquiry */
814 static int gsm48_rr_rx_cm_enq(struct osmocom_ms *ms, struct msgb *msg)
817 return gsm48_rr_tx_cm_change(ms);
824 /* temporary timer until we have time control over channnel request */
825 /* TODO: turn this into a channel activation timeout, later */
826 #define RSL_MT_CHAN_CNF 0x19
827 #include <osmocom/l1ctl.h>
828 int gsm48_rr_rach_conf(struct osmocom_ms *ms, uint32_t fn)
830 struct gsm48_rrlayer *rr = &ms->rrlayer;
831 struct msgb *msg = msgb_alloc_headroom(23+10, 10, "LAPDm RR");
832 struct abis_rsl_rll_hdr *rllh =
833 (struct abis_rsl_rll_hdr *) msgb_put(msg, sizeof(*rllh));
835 if (!rr->wait_assign) {
836 LOGP(DRR, LOGL_INFO, "RACH confirm ignored, not waiting for "
840 LOGP(DRR, LOGL_INFO, "RACH confirm framenr=%u\n", fn);
841 rr->cr_hist[0].valid = 2;
842 rr->cr_hist[0].fn = fn;
844 rllh->c.msg_type = RSL_MT_CHAN_CNF;
845 msg->l2h = (unsigned char *)rllh;
846 gsm48_rcv_rsl(ms, msg);
851 /* start random access */
852 static int gsm48_rr_chan_req(struct osmocom_ms *ms, int cause, int paging)
854 struct gsm48_rrlayer *rr = &ms->rrlayer;
855 struct gsm322_cellsel *cs = &ms->cellsel;
856 struct gsm48_sysinfo *s = cs->si;
858 struct gsm48_rr_hdr *nrrh;
859 uint8_t chan_req_val, chan_req_mask;
862 LOGP(DSUM, LOGL_INFO, "Establish radio link due to %s request\n",
863 (paging) ? "paging" : "mobility management");
865 /* ignore paging, if not camping */
867 && (!cs->selected || (cs->state != GSM322_C3_CAMPED_NORMALLY
868 && cs->state != GSM322_C7_CAMPED_ANY_CELL))) {
869 LOGP(DRR, LOGL_INFO, "Paging, but not camping, ignore.\n");
873 /* tell cell selection process to leave idle mode
874 * NOTE: this must be sent unbuffered, because the state may not
875 * change until idle mode is left
877 nmsg = gsm322_msgb_alloc(GSM322_EVENT_LEAVE_IDLE);
880 rc = gsm322_c_event(ms, nmsg);
885 LOGP(DRR, LOGL_INFO, "Failed to leave IDLE mode.\n");
890 new_rr_state(rr, GSM48_RR_ST_CONN_PEND);
892 /* number of retransmissions (with first transmission) */
893 rr->n_chan_req = s->max_retrans + 1;
895 #warning HACK: always request SDCCH for test
896 cause = RR_EST_CAUSE_LOC_UPD;
897 /* generate CHAN REQ (9.1.8) */
899 case RR_EST_CAUSE_EMERGENCY:
901 chan_req_mask = 0x1f;
903 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x (Emergency call)\n",
906 case RR_EST_CAUSE_REESTAB_TCH_F:
907 chan_req_mask = 0x1f;
909 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x (re-establish "
910 "TCH/F)\n", chan_req_val);
912 case RR_EST_CAUSE_REESTAB_TCH_H:
914 chan_req_mask = 0x03;
916 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x "
917 "(re-establish TCH/H with NECI)\n",
920 chan_req_mask = 0x1f;
922 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x "
923 "(re-establish TCH/H no NECI)\n", chan_req_val);
926 case RR_EST_CAUSE_REESTAB_2_TCH_H:
928 chan_req_mask = 0x03;
930 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x "
931 "(re-establish TCH/H+TCH/H with NECI)\n",
934 chan_req_mask = 0x1f;
936 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x "
937 "(re-establish TCH/H+TCH/H no NECI)\n",
941 case RR_EST_CAUSE_ANS_PAG_ANY:
942 chan_req_mask = 0x1f;
944 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x (PAGING "
945 "Any channel)\n", chan_req_val);
947 case RR_EST_CAUSE_ANS_PAG_SDCCH:
948 chan_req_mask = 0x0f;
950 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x (PAGING SDCCH)\n",
953 case RR_EST_CAUSE_ANS_PAG_TCH_F:
954 /* ms supports no dual rate */
955 chan_req_mask = 0x1f;
957 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x (PAGING TCH/F)\n",
960 case RR_EST_CAUSE_ANS_PAG_TCH_ANY:
961 /* ms supports no dual rate */
962 chan_req_mask = 0x1f;
964 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x (PAGING TCH/H or "
965 "TCH/F)\n", chan_req_val);
967 case RR_EST_CAUSE_ORIG_TCHF:
968 /* ms supports no dual rate */
969 chan_req_mask = 0x1f;
971 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x (Orig TCH/F)\n",
974 case RR_EST_CAUSE_LOC_UPD:
976 chan_req_mask = 0x0f;
978 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x (Location "
979 "Update with NECI)\n", chan_req_val);
981 chan_req_mask = 0x1f;
983 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x (Location "
984 "Update no NECI)\n", chan_req_val);
987 case RR_EST_CAUSE_OTHER_SDCCH:
989 chan_req_mask = 0x0f;
991 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x (OHTER "
992 "with NECI)\n", chan_req_val);
994 chan_req_mask = 0x1f;
996 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x (OTHER "
997 "no NECI)\n", chan_req_val);
1001 if (!rr->rr_est_req) /* no request from MM */
1004 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: with unknown "
1005 "establishment cause: %d\n", cause);
1007 LOGP(DSUM, LOGL_INFO, "Requesting channel failed\n");
1009 nmsg = gsm48_rr_msgb_alloc(GSM48_RR_REL_IND);
1012 nrrh = (struct gsm48_rr_hdr *)nmsg->data;
1013 nrrh->cause = RR_REL_CAUSE_UNDEFINED;
1014 gsm48_rr_upmsg(ms, nmsg);
1015 new_rr_state(rr, GSM48_RR_ST_IDLE);
1019 /* store value, mask and history */
1020 rr->chan_req_val = chan_req_val;
1021 rr->chan_req_mask = chan_req_mask;
1022 rr->cr_hist[2].valid = 0;
1023 rr->cr_hist[1].valid = 0;
1024 rr->cr_hist[0].valid = 0;
1026 /* if channel is already active somehow */
1027 if (cs->ccch_state == GSM322_CCCH_ST_DATA)
1028 return gsm48_rr_tx_rand_acc(ms, NULL);
1033 /* send first/next channel request in conn pend state */
1034 int gsm48_rr_tx_rand_acc(struct osmocom_ms *ms, struct msgb *msg)
1036 struct gsm48_rrlayer *rr = &ms->rrlayer;
1037 struct gsm322_cellsel *cs = &ms->cellsel;
1038 struct gsm48_sysinfo *s = &ms->cellsel.sel_si;
1040 struct l1ctl_info_ul *nul;
1041 struct l1ctl_rach_req *nra;
1045 if (cs->ccch_state != GSM322_CCCH_ST_DATA) {
1046 LOGP(DRR, LOGL_INFO, "CCCH channel activation failed.\n");
1048 if (rr->rr_est_req) {
1050 gsm48_rr_msgb_alloc(GSM48_RR_REL_IND);
1051 struct gsm48_rr_hdr *rrh;
1053 LOGP(DSUM, LOGL_INFO, "Requesting channel failed\n");
1056 rrh = (struct gsm48_rr_hdr *)msg->data;
1057 rrh->cause = RR_REL_CAUSE_RA_FAILURE;
1058 gsm48_rr_upmsg(ms, msg);
1061 new_rr_state(rr, GSM48_RR_ST_IDLE);
1066 if (rr->state == GSM48_RR_ST_IDLE) {
1067 LOGP(DRR, LOGL_INFO, "MM already released RR.\n");
1072 LOGP(DRR, LOGL_INFO, "RANDOM ACCESS (requests left %d)\n",
1075 if (!rr->n_chan_req) {
1076 LOGP(DRR, LOGL_INFO, "Done with sending RANDOM ACCESS "
1078 if (!bsc_timer_pending(&rr->t3126))
1079 start_rr_t3126(rr, 5, 0); /* TODO improve! */
1084 if (!rr->wait_assign) {
1085 /* first random acces, without delay of slots */
1087 rr->wait_assign = 1;
1089 /* subsequent random acces, with slots from table 3.1 */
1090 switch(s->tx_integer) {
1091 case 3: case 8: case 14: case 50:
1092 if (s->ccch_conf != 1) /* not combined CCCH */
1097 case 4: case 9: case 16:
1098 if (s->ccch_conf != 1)
1103 case 5: case 10: case 20:
1104 if (s->ccch_conf != 1)
1109 case 6: case 11: case 25:
1110 if (s->ccch_conf != 1)
1116 if (s->ccch_conf != 1)
1124 /* resend chan_req with new randiom */
1126 nmsg = gsm48_rsl_msgb_alloc();
1128 nmsg = msgb_alloc_headroom(64, 48, "RAND_ACC");
1129 struct l1ctl_hdr *l1h;
1130 nmsg->l1h = msgb_put(nmsg, sizeof(*l1h));
1131 l1h = (struct l1ctl_hdr *) nmsg->l1h;
1132 l1h->msg_type = L1CTL_RACH_REQ;
1135 nul = (struct l1ctl_info_ul *) msgb_put(nmsg, sizeof(*nul));
1137 nra = (struct l1ctl_rach_req *) msgb_put(nmsg, sizeof(*nra));
1138 chan_req = random();
1139 chan_req &= rr->chan_req_mask;
1140 chan_req |= rr->chan_req_val;
1143 nra->mf_off = 1; // (random() % s->tx_integer) + slots;
1144 nra->fn51 = (s->ccch_conf == 1) ? 27 : 50;
1146 LOGP(DRR, LOGL_INFO, "RANDOM ACCESS (Tx-integer %d combined %s "
1147 "S(lots) %d ra 0x%02x offset %d)\n", s->tx_integer,
1148 (s->ccch_conf == 1) ? "yes": "no", slots, nra->ra, nra->mf_off);
1150 /* shift history and store */
1151 memcpy(&(rr->cr_hist[2]), &(rr->cr_hist[1]),
1152 sizeof(struct gsm48_cr_hist));
1153 memcpy(&(rr->cr_hist[1]), &(rr->cr_hist[0]),
1154 sizeof(struct gsm48_cr_hist));
1155 rr->cr_hist[0].valid = 1;
1156 rr->cr_hist[0].chan_req = chan_req;
1159 add layer 1 conrols to RSL...
1160 return gsm48_send_rsl(ms, RSL_MT_CHAN_REQ, nmsg);
1162 //#warning disabled!
1163 return osmo_send_l1(ms, nmsg);
1168 * system information
1171 /* decode "Cell Channel Description" (10.5.2.1b) and other frequency lists */
1172 static int gsm48_decode_freq_list(struct gsm_support *sup,
1173 struct gsm_sysinfo_freq *f, uint8_t *cd, uint8_t len, uint8_t mask,
1180 * The Range format uses "SMOD" computation.
1181 * e.g. "n SMOD m" equals "((n - 1) % m) + 1"
1182 * A cascade of multiple SMOD computations is simpified:
1183 * "(n SMOD m) SMOD o" equals "(((n - 1) % m) % o) + 1"
1185 * The Range format uses 16 octets of data in SYSTEM INFORMATION.
1186 * When used in dedicated messages, the length can be less.
1187 * In this case the ranges are decoded for all frequencies that
1188 * fit in the block of given length.
1192 for (i = 0; i < 1024; i++)
1196 if ((cd[0] & 0xc0 & mask) == 0x00) {
1197 /* Bit map 0 format */
1200 for (i = 1; i <= 124; i++)
1201 if ((cd[15 - ((i-1) >> 3)] & (1 << ((i-1) & 7))))
1207 /* only Bit map 0 format for P-GSM */
1208 if (sup->p_gsm && !sup->e_gsm && !sup->r_gsm && !sup->dcs_1800)
1212 if ((cd[0] & 0xc8 & mask) == 0x80) {
1213 /* Range 1024 format */
1214 uint16_t w[17]; /* 1..16 */
1215 struct gsm48_range_1024 *r = (struct gsm48_range_1024 *)cd;
1219 memset(w, 0, sizeof(w));
1222 w[1] = (r->w1_hi << 8) | r->w1_lo;
1224 w[2] = (r->w2_hi << 1) | r->w2_lo;
1226 w[3] = (r->w3_hi << 2) | r->w3_lo;
1228 w[4] = (r->w4_hi << 2) | r->w4_lo;
1230 w[5] = (r->w5_hi << 2) | r->w5_lo;
1232 w[6] = (r->w6_hi << 2) | r->w6_lo;
1234 w[7] = (r->w7_hi << 2) | r->w7_lo;
1236 w[8] = (r->w8_hi << 1) | r->w8_lo;
1242 w[11] = (r->w11_hi << 6) | r->w11_lo;
1244 w[12] = (r->w12_hi << 5) | r->w12_lo;
1246 w[13] = (r->w13_hi << 4) | r->w13_lo;
1248 w[14] = (r->w14_hi << 3) | r->w14_lo;
1250 w[15] = (r->w15_hi << 2) | r->w15_lo;
1254 f[w[1]].mask |= frqt;
1256 f[((w[1] - 512 + w[2] - 1) % 1023) + 1].mask |= frqt;
1258 f[((w[1] + w[3] - 1) % 1023) + 1].mask |= frqt;
1260 f[((w[1] - 512 + ((w[2] - 256 + w[4] - 1) % 511)) % 1023) + 1].mask |= frqt;
1262 f[((w[1] + ((w[3] - 256 - w[5] - 1) % 511)) % 1023) + 1].mask |= frqt;
1264 f[((w[1] - 512 + ((w[2] + w[6] - 1) % 511)) % 1023) + 1].mask |= frqt;
1266 f[((w[1] + ((w[3] + w[7] - 1) % 511)) % 1023) + 1].mask |= frqt;
1268 f[((w[1] - 512 + ((w[2] - 256 + ((w[4] - 128 + w[8] - 1) % 255)) % 511)) % 1023) + 1].mask |= frqt;
1270 f[((w[1] + ((w[3] - 256 + ((w[5] - 128 + w[9] - 1) % 255)) % 511)) % 1023) + 1].mask |= frqt;
1272 f[((w[1] - 512 + ((w[2] + ((w[6] - 128 + w[10] - 1) % 255)) % 511)) % 1023) + 1].mask |= frqt;
1274 f[((w[1] + ((w[3] + ((w[7] - 128 + w[11] - 1) % 255)) % 511)) % 1023) + 1].mask |= frqt;
1276 f[((w[1] - 512 + ((w[2] - 256 + ((w[4] + w[12] - 1) % 255)) % 511)) % 1023) + 1].mask |= frqt;
1278 f[((w[1] + ((w[3] - 256 + ((w[5] + w[13] - 1) % 255)) % 511)) % 1023) + 1].mask |= frqt;
1280 f[((w[1] - 512 + ((w[2] + ((w[6] + w[14] - 1) % 255)) % 511)) % 1023) + 1].mask |= frqt;
1282 f[((w[1] + ((w[3] + ((w[7] + w[15] - 1) % 255)) % 511)) % 1023) + 1].mask |= frqt;
1284 f[((w[1] - 512 + ((w[2] - 256 + ((w[4] - 128 + ((w[8] - 64 + w[16] - 1) % 127)) % 255)) % 511)) % 1023) + 1].mask |= frqt;
1289 if ((cd[0] & 0xce & mask) == 0x88) {
1290 /* Range 512 format */
1291 uint16_t w[18]; /* 1..17 */
1292 struct gsm48_range_512 *r = (struct gsm48_range_512 *)cd;
1296 memset(w, 0, sizeof(w));
1297 w[0] = (r->orig_arfcn_hi << 9) | (r->orig_arfcn_mid << 1) | r->orig_arfcn_lo;
1298 w[1] = (r->w1_hi << 2) | r->w1_lo;
1300 w[2] = (r->w2_hi << 2) | r->w2_lo;
1302 w[3] = (r->w3_hi << 2) | r->w3_lo;
1304 w[4] = (r->w4_hi << 1) | r->w4_lo;
1310 w[7] = (r->w7_hi << 6) | r->w7_lo;
1312 w[8] = (r->w8_hi << 4) | r->w8_lo;
1314 w[9] = (r->w9_hi << 2) | r->w9_lo;
1320 w[12] = (r->w12_hi << 4) | r->w12_lo;
1322 w[13] = (r->w13_hi << 2) | r->w13_lo;
1328 w[16] = (r->w16_hi << 3) | r->w16_lo;
1331 f[w[0]].mask |= frqt;
1333 f[(w[0] + w[1]) % 1024].mask |= frqt;
1335 f[(w[0] + ((w[1] - 256 + w[2] - 1) % 511) + 1) % 1024].mask |= frqt;
1337 f[(w[0] + ((w[1] + w[3] - 1) % 511) + 1) % 1024].mask |= frqt;
1339 f[(w[0] + ((w[1] - 256 + ((w[2] - 128 + w[4] - 1) % 255)) % 511) + 1) % 1024].mask |= frqt;
1341 f[(w[0] + ((w[1] + ((w[3] - 128 + w[5] - 1) % 255)) % 511) + 1) % 1024].mask |= frqt;
1343 f[(w[0] + ((w[1] - 256 + ((w[2] + w[6] - 1) % 255)) % 511) + 1) % 1024].mask |= frqt;
1345 f[(w[0] + ((w[1] + ((w[3] + w[7] - 1) % 255)) % 511) + 1) % 1024].mask |= frqt;
1347 f[(w[0] + ((w[1] - 256 + ((w[2] - 128 + ((w[4] - 64 + w[8] - 1) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
1349 f[(w[0] + ((w[1] + ((w[3] - 128 + ((w[5] - 64 + w[9] - 1) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
1351 f[(w[0] + ((w[1] - 256 + ((w[2] + ((w[6] - 64 + w[10] - 1) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
1353 f[(w[0] + ((w[1] + ((w[3] + ((w[7] - 64 + w[11] - 1) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
1355 f[(w[0] + ((w[1] - 256 + ((w[2] - 128 + ((w[4] + w[12] - 1) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
1357 f[(w[0] + ((w[1] + ((w[3] - 128 + ((w[5] + w[13] - 1) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
1359 f[(w[0] + ((w[1] - 256 + ((w[2] + ((w[6] + w[14] - 1) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
1361 f[(w[0] + ((w[1] + ((w[3] + ((w[7] + w[15] - 1) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
1363 f[(w[0] + ((w[1] - 256 + ((w[2] - 128 + ((w[4] - 64 + ((w[8] - 32 + w[16] - 1) % 63)) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
1365 f[(w[0] + ((w[1] + ((w[3] - 128 + ((w[5] - 64 + ((w[9] - 32 + w[17] - 1) % 63)) % 127)) % 255)) % 511) + 1) % 1024].mask |= frqt;
1370 if ((cd[0] & 0xce & mask) == 0x8a) {
1371 /* Range 256 format */
1372 uint16_t w[22]; /* 1..21 */
1373 struct gsm48_range_256 *r = (struct gsm48_range_256 *)cd;
1377 memset(w, 0, sizeof(w));
1378 w[0] = (r->orig_arfcn_hi << 9) | (r->orig_arfcn_mid << 1) | r->orig_arfcn_lo;
1379 w[1] = (r->w1_hi << 1) | r->w1_lo;
1385 w[4] = (r->w4_hi << 5) | r->w4_lo;
1387 w[5] = (r->w5_hi << 3) | r->w5_lo;
1389 w[6] = (r->w6_hi << 1) | r->w6_lo;
1393 w[8] = (r->w8_hi << 4) | r->w8_lo;
1395 w[9] = (r->w9_hi << 1) | r->w9_lo;
1399 w[11] = (r->w11_hi << 3) | r->w11_lo;
1407 w[15] = (r->w14_hi << 2) | r->w14_lo;
1409 w[16] = (r->w16_hi << 3) | r->w16_lo;
1415 w[19] = (r->w18_hi << 3) | r->w18_lo;
1417 w[20] = (r->w20_hi << 3) | r->w20_lo;
1420 f[w[0]].mask |= frqt;
1422 f[(w[0] + w[1]) % 1024].mask |= frqt;
1424 f[(w[0] + ((w[1] - 128 + w[2] - 1) % 255) + 1) % 1024].mask |= frqt;
1426 f[(w[0] + ((w[1] + w[3] - 1) % 255) + 1) % 1024].mask |= frqt;
1428 f[(w[0] + ((w[1] - 128 + ((w[2] - 64 + w[4] - 1) % 127)) % 255) + 1) % 1024].mask |= frqt;
1430 f[(w[0] + ((w[1] + ((w[3] - 64 + w[5] - 1) % 127)) % 255) + 1) % 1024].mask |= frqt;
1432 f[(w[0] + ((w[1] - 128 + ((w[2] + w[6] - 1) % 127)) % 255) + 1) % 1024].mask |= frqt;
1434 f[(w[0] + ((w[1] + ((w[3] + w[7] - 1) % 127)) % 255) + 1) % 1024].mask |= frqt;
1436 f[(w[0] + ((w[1] - 128 + ((w[2] - 64 + ((w[4] - 32 + w[8] - 1) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1438 f[(w[0] + ((w[1] + ((w[3] - 64 + ((w[5] - 32 + w[9] - 1) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1440 f[(w[0] + ((w[1] - 128 + ((w[2] + ((w[6] - 32 + w[10] - 1) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1442 f[(w[0] + ((w[1] + ((w[3] + ((w[7] - 32 + w[11] - 1) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1444 f[(w[0] + ((w[1] - 128 + ((w[2] - 64 + ((w[4] + w[12] - 1) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1446 f[(w[0] + ((w[1] + ((w[3] - 64 + ((w[5] + w[13] - 1) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1448 f[(w[0] + ((w[1] - 128 + ((w[2] + ((w[6] + w[14] - 1) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1450 f[(w[0] + ((w[1] + ((w[3] + ((w[7] + w[15] - 1) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1452 f[(w[0] + ((w[1] - 128 + ((w[2] - 64 + ((w[4] - 32 + ((w[8] - 16 + w[16] - 1) % 31)) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1454 f[(w[0] + ((w[1] + ((w[3] - 64 + ((w[5] - 32 + ((w[9] - 16 + w[17] - 1) % 31)) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1456 f[(w[0] + ((w[1] - 128 + ((w[2] + ((w[6] - 32 + ((w[10] - 16 + w[18] - 1) % 31)) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1458 f[(w[0] + ((w[1] + ((w[3] + ((w[7] - 32 + ((w[11] - 16 + w[19] - 1) % 31)) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1460 f[(w[0] + ((w[1] - 128 + ((w[2] - 64 + ((w[4] + ((w[12] - 16 + w[20] - 1) % 31)) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1462 f[(w[0] + ((w[1] + ((w[3] - 64 + ((w[5] + ((w[13] - 16 + w[21] - 1) % 31)) % 63)) % 127)) % 255) + 1) % 1024].mask |= frqt;
1467 if ((cd[0] & 0xce & mask) == 0x8c) {
1468 /* Range 128 format */
1469 uint16_t w[29]; /* 1..28 */
1470 struct gsm48_range_128 *r = (struct gsm48_range_128 *)cd;
1474 memset(w, 0, sizeof(w));
1475 w[0] = (r->orig_arfcn_hi << 9) | (r->orig_arfcn_mid << 1) | r->orig_arfcn_lo;
1480 w[3] = (r->w3_hi << 4) | r->w3_lo;
1482 w[4] = (r->w4_hi << 1) | r->w4_lo;
1486 w[6] = (r->w6_hi << 3) | r->w6_lo;
1510 w[18] = (r->w18_hi << 1) | r->w18_lo;
1516 w[21] = (r->w21_hi << 2) | r->w21_lo;
1526 w[26] = (r->w26_hi << 1) | r->w26_lo;
1531 f[w[0]].mask |= frqt;
1533 f[(w[0] + w[1]) % 1024].mask |= frqt;
1535 f[(w[0] + ((w[1] - 64 + w[2] - 1) % 127) + 1) % 1024].mask |= frqt;
1537 f[(w[0] + ((w[1] + w[3] - 1) % 127) + 1) % 1024].mask |= frqt;
1539 f[(w[0] + ((w[1] - 64 + ((w[2] - 32 + w[4] - 1) % 63)) % 127) + 1) % 1024].mask |= frqt;
1541 f[(w[0] + ((w[1] + ((w[3] - 32 + w[5] - 1) % 63)) % 127) + 1) % 1024].mask |= frqt;
1543 f[(w[0] + ((w[1] - 64 + ((w[2] + w[6] - 1) % 63)) % 127) + 1) % 1024].mask |= frqt;
1545 f[(w[0] + ((w[1] + ((w[3] + w[7] - 1) % 63)) % 127) + 1) % 1024].mask |= frqt;
1547 f[(w[0] + ((w[1] - 64 + ((w[2] - 32 + ((w[4] - 16 + w[8] - 1) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1549 f[(w[0] + ((w[1] + ((w[3] - 32 + ((w[5] - 16 + w[9] - 1) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1551 f[(w[0] + ((w[1] - 64 + ((w[2] + ((w[6] - 16 + w[10] - 1) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1553 f[(w[0] + ((w[1] + ((w[3] + ((w[7] - 16 + w[11] - 1) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1555 f[(w[0] + ((w[1] - 64 + ((w[2] - 32 + ((w[4] + w[12] - 1) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1557 f[(w[0] + ((w[1] + ((w[3] - 32 + ((w[5] + w[13] - 1) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1559 f[(w[0] + ((w[1] - 64 + ((w[2] + ((w[6] + w[14] - 1) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1561 f[(w[0] + ((w[1] + ((w[3] + ((w[7] + w[15] - 1) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1563 f[(w[0] + ((w[1] - 64 + ((w[2] - 32 + ((w[4] - 16 + ((w[8] - 8 + w[16] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1565 f[(w[0] + ((w[1] + ((w[3] - 32 + ((w[5] - 16 + ((w[9] - 8 + w[17] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1567 f[(w[0] + ((w[1] - 64 + ((w[2] + ((w[6] - 16 + ((w[10] - 8 + w[18] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1569 f[(w[0] + ((w[1] + ((w[3] + ((w[7] - 16 + ((w[11] - 8 + w[19] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1571 f[(w[0] + ((w[1] - 64 + ((w[2] - 32 + ((w[4] + ((w[12] - 8 + w[20] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1573 f[(w[0] + ((w[1] + ((w[3] - 32 + ((w[5] + ((w[13] - 8 + w[21] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1575 f[(w[0] + ((w[1] - 64 + ((w[2] + ((w[6] + ((w[14] - 8 + w[22] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1577 f[(w[0] + ((w[1] + ((w[3] + ((w[7] + ((w[15] - 8 + w[23] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1579 f[(w[0] + ((w[1] - 64 + ((w[2] - 32 + ((w[4] - 16 + ((w[8] + w[24] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1581 f[(w[0] + ((w[1] + ((w[3] - 32 + ((w[5] - 16 + ((w[9] + w[25] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1583 f[(w[0] + ((w[1] - 64 + ((w[2] + ((w[6] - 16 + ((w[10] + w[26] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1585 f[(w[0] + ((w[1] + ((w[3] + ((w[7] - 16 + ((w[11] + w[27] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1587 f[(w[0] + ((w[1] - 64 + ((w[2] - 32 + ((w[4] + ((w[12] + w[28] - 1) % 15)) % 31)) % 63)) % 127) + 1) % 1024].mask |= frqt;
1592 if ((cd[0] & 0xce & mask) == 0x8e) {
1593 /* Variable bitmap format (can be any length >= 3) */
1595 struct gsm48_var_bit *r = (struct gsm48_var_bit *)cd;
1599 orig = (r->orig_arfcn_hi << 9) | (r->orig_arfcn_mid << 1) | r->orig_arfcn_lo;
1600 f[orig].mask |= frqt;
1601 for (i = 1; 2 + (i >> 3) < len; i++)
1602 if ((cd[2 + (i >> 3)] & (0x80 >> (i & 7))))
1603 f[(orig + i) % 1024].mask |= frqt;
1611 /* decode "Cell Selection Parameters" (10.5.2.4) */
1612 static int gsm48_decode_cell_sel_param(struct gsm48_sysinfo *s,
1613 struct gsm48_cell_sel_par *cs)
1616 convert ms_txpwr_max_ccch dependant on the current frequenc and support
1617 to the right powe level
1619 s->ms_txpwr_max_ccch = cs->ms_txpwr_max_ccch;
1620 s->cell_resel_hyst_db = cs->cell_resel_hyst * 2;
1621 s->rxlev_acc_min_db = cs->rxlev_acc_min - 110;
1628 /* decode "Cell Options (BCCH)" (10.5.2.3) */
1629 static int gsm48_decode_cellopt_bcch(struct gsm48_sysinfo *s,
1630 struct gsm48_cell_options *co)
1632 s->bcch_radio_link_timeout = (co->radio_link_timeout + 1) * 4;
1633 s->bcch_dtx = co->dtx;
1634 s->bcch_pwrc = co->pwrc;
1639 /* decode "Cell Options (SACCH)" (10.5.2.3a) */
1640 static int gsm48_decode_cellopt_sacch(struct gsm48_sysinfo *s,
1641 struct gsm48_cell_options *co)
1643 s->sacch_radio_link_timeout = (co->radio_link_timeout + 1) * 4;
1644 s->sacch_dtx = co->dtx;
1645 s->sacch_pwrc = co->pwrc;
1650 /* decode "Control Channel Description" (10.5.2.11) */
1651 static int gsm48_decode_ccd(struct gsm48_sysinfo *s,
1652 struct gsm48_control_channel_descr *cc)
1654 s->ccch_conf = cc->ccch_conf;
1655 s->bs_ag_blks_res = cc->bs_ag_blks_res;
1656 s->att_allowed = cc->att;
1657 s->pag_mf_periods = cc->bs_pa_mfrms + 2;
1658 s->t3212 = cc->t3212 * 360; /* convert deci-hours to seconds */
1663 /* decode "Mobile Allocation" (10.5.2.21) */
1664 static int gsm48_decode_mobile_alloc(struct gsm48_sysinfo *s,
1665 uint8_t *ma, uint8_t len, uint16_t *hopping, uint8_t *hopp_len, int si4)
1668 uint16_t f[len << 3];
1670 /* not more than 64 hopping indexes allowed in IE */
1677 for (i = 0; i < 1024; i++)
1678 s->freq[i].mask &= ~FREQ_TYPE_HOPP;
1681 /* generating list of all frequencies (1..1023,0) */
1682 for (i = 1; i <= 1024; i++) {
1683 if ((s->freq[i & 1023].mask & FREQ_TYPE_SERV)) {
1684 LOGP(DRR, LOGL_INFO, "Serving cell ARFCN #%d: %d\n",
1687 if (j == (len << 3))
1692 /* fill hopping table with frequency index given by IE
1693 * and set hopping type bits
1695 for (i = 0; i < (len << 3); i++) {
1696 /* if bit is set, this frequency index is used for hopping */
1697 if ((ma[len - 1 - (i >> 3)] & (1 << (i & 7)))) {
1698 LOGP(DRR, LOGL_INFO, "Hopping ARFCN: %d (bit %d)\n",
1700 /* index higher than entries in list ? */
1702 LOGP(DRR, LOGL_NOTICE, "Mobile Allocation "
1703 "hopping index %d exceeds maximum "
1704 "number of cell frequencies. (%d)\n",
1708 hopping[(*hopp_len)++] = f[i];
1710 s->freq[f[i]].mask |= FREQ_TYPE_HOPP;
1717 /* Rach Control decode tables */
1718 static uint8_t gsm48_max_retrans[4] = {
1721 static uint8_t gsm48_tx_integer[16] = {
1722 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 16, 20, 25, 32, 50
1725 /* decode "RACH Control Parameter" (10.5.2.29) */
1726 static int gsm48_decode_rach_ctl_param(struct gsm48_sysinfo *s,
1727 struct gsm48_rach_control *rc)
1729 s->reest_denied = rc->re;
1730 s->cell_barr = rc->cell_bar;
1731 s->tx_integer = gsm48_tx_integer[rc->tx_integer];
1732 s->max_retrans = gsm48_max_retrans[rc->max_trans];
1733 s->class_barr = (rc->t2 << 8) | rc->t3;
1737 static int gsm48_decode_rach_ctl_neigh(struct gsm48_sysinfo *s,
1738 struct gsm48_rach_control *rc)
1740 s->nb_reest_denied = rc->re;
1741 s->nb_cell_barr = rc->cell_bar;
1742 s->nb_tx_integer = gsm48_tx_integer[rc->tx_integer];
1743 s->nb_max_retrans = gsm48_max_retrans[rc->max_trans];
1744 s->nb_class_barr = (rc->t2 << 8) | rc->t3;
1749 /* decode "SI 1 Rest Octets" (10.5.2.32) */
1750 static int gsm48_decode_si1_rest(struct gsm48_sysinfo *s, uint8_t *si,
1756 /* decode "SI 3 Rest Octets" (10.5.2.34) */
1757 static int gsm48_decode_si3_rest(struct gsm48_sysinfo *s, uint8_t *si,
1762 memset(&bv, 0, sizeof(bv));
1766 /* Optional Selection Parameters */
1767 if (bitvec_get_bit_high(&bv) == H) {
1769 s->sp_cbq = bitvec_get_uint(&bv, 1);
1770 s->sp_cro = bitvec_get_uint(&bv, 6);
1771 s->sp_to = bitvec_get_uint(&bv, 3);
1772 s->sp_pt = bitvec_get_uint(&bv, 5);
1774 /* Optional Power Offset */
1775 if (bitvec_get_bit_high(&bv) == H) {
1777 s->po_value = bitvec_get_uint(&bv, 3);
1779 /* System Onformation 2ter Indicator */
1780 if (bitvec_get_bit_high(&bv) == H)
1782 /* Early Classark Sending Control */
1783 if (bitvec_get_bit_high(&bv) == H)
1785 /* Scheduling if and where */
1786 if (bitvec_get_bit_high(&bv) == H) {
1788 s->sched_where = bitvec_get_uint(&bv, 3);
1790 /* GPRS Indicator */
1791 s->gi_ra_colour = bitvec_get_uint(&bv, 3);
1792 s->gi_si13_pos = bitvec_get_uint(&bv, 1);
1796 /* decode "SI 4 Rest Octets" (10.5.2.35) */
1797 static int gsm48_decode_si4_rest(struct gsm48_sysinfo *s, uint8_t *si,
1803 /* decode "SI 6 Rest Octets" (10.5.2.35a) */
1804 static int gsm48_decode_si6_rest(struct gsm48_sysinfo *s, uint8_t *si,
1810 /* send sysinfo event to other layers */
1811 static int gsm48_send_sysinfo(struct osmocom_ms *ms, uint8_t type)
1814 struct gsm322_msg *em;
1816 nmsg = gsm322_msgb_alloc(GSM322_EVENT_SYSINFO);
1819 em = (struct gsm322_msg *) nmsg->data;
1821 gsm322_cs_sendmsg(ms, nmsg);
1823 /* send timer info to location update process */
1824 nmsg = gsm48_mmevent_msgb_alloc(GSM48_MM_EVENT_SYSINFO);
1827 gsm48_mmevent_msg(ms, nmsg);
1832 /* receive "SYSTEM INFORMATION 1" message (9.1.31) */
1833 static int gsm48_rr_rx_sysinfo1(struct osmocom_ms *ms, struct msgb *msg)
1835 struct gsm48_system_information_type_1 *si = msgb_l3(msg);
1836 struct gsm48_sysinfo *s = ms->cellsel.si;
1837 int payload_len = msgb_l3len(msg) - sizeof(*si);
1840 LOGP(DRR, LOGL_INFO, "No cell selected, SYSTEM INFORMATION 1 "
1845 if (payload_len < 0) {
1846 LOGP(DRR, LOGL_NOTICE, "Short read of SYSTEM INFORMATION 1 "
1851 if (!memcmp(si, s->si1_msg, MIN(msgb_l3len(msg), sizeof(s->si1_msg))))
1853 memcpy(s->si1_msg, si, MIN(msgb_l3len(msg), sizeof(s->si1_msg)));
1855 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 1\n");
1857 /* Cell Channel Description */
1858 gsm48_decode_freq_list(&ms->support, s->freq,
1859 si->cell_channel_description,
1860 sizeof(si->cell_channel_description), 0xce, FREQ_TYPE_SERV);
1861 /* RACH Control Parameter */
1862 gsm48_decode_rach_ctl_param(s, &si->rach_control);
1863 /* SI 1 Rest Octets */
1865 gsm48_decode_si1_rest(s, si->rest_octets, payload_len);
1869 return gsm48_send_sysinfo(ms, si->header.system_information);
1872 /* receive "SYSTEM INFORMATION 2" message (9.1.32) */
1873 static int gsm48_rr_rx_sysinfo2(struct osmocom_ms *ms, struct msgb *msg)
1875 struct gsm48_system_information_type_2 *si = msgb_l3(msg);
1876 struct gsm48_sysinfo *s = ms->cellsel.si;
1877 int payload_len = msgb_l3len(msg) - sizeof(*si);
1880 LOGP(DRR, LOGL_INFO, "No cell selected, SYSTEM INFORMATION 2 "
1885 if (payload_len < 0) {
1886 LOGP(DRR, LOGL_NOTICE, "Short read of SYSTEM INFORMATION 2 "
1890 //printf("len = %d\n", MIN(msgb_l3len(msg), sizeof(s->si2_msg)));
1892 if (!memcmp(si, s->si2_msg, MIN(msgb_l3len(msg), sizeof(s->si2_msg))))
1894 memcpy(s->si2_msg, si, MIN(msgb_l3len(msg), sizeof(s->si2_msg)));
1896 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 2\n");
1898 /* Neighbor Cell Description */
1899 s->nb_ext_ind_si2 = (si->bcch_frequency_list[0] >> 6) & 1;
1900 s->nb_ba_ind_si2 = (si->bcch_frequency_list[0] >> 5) & 1;
1901 gsm48_decode_freq_list(&ms->support, s->freq, si->bcch_frequency_list,
1902 sizeof(si->bcch_frequency_list), 0xce, FREQ_TYPE_NCELL_2);
1904 s->nb_ncc_permitted = si->ncc_permitted;
1905 /* RACH Control Parameter */
1906 gsm48_decode_rach_ctl_neigh(s, &si->rach_control);
1910 return gsm48_send_sysinfo(ms, si->header.system_information);
1913 /* receive "SYSTEM INFORMATION 2bis" message (9.1.33) */
1914 static int gsm48_rr_rx_sysinfo2bis(struct osmocom_ms *ms, struct msgb *msg)
1916 struct gsm48_system_information_type_2bis *si = msgb_l3(msg);
1917 struct gsm48_sysinfo *s = ms->cellsel.si;
1918 int payload_len = msgb_l3len(msg) - sizeof(*si);
1921 LOGP(DRR, LOGL_INFO, "No cell selected, SYSTEM INFORMATION 2bis"
1926 if (payload_len < 0) {
1927 LOGP(DRR, LOGL_NOTICE, "Short read of SYSTEM INFORMATION 2bis "
1932 if (!memcmp(si, s->si2b_msg, MIN(msgb_l3len(msg),
1933 sizeof(s->si2b_msg))))
1935 memcpy(s->si2b_msg, si, MIN(msgb_l3len(msg), sizeof(s->si2b_msg)));
1937 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 2bis\n");
1939 /* Neighbor Cell Description */
1940 s->nb_ext_ind_si2bis = (si->bcch_frequency_list[0] >> 6) & 1;
1941 s->nb_ba_ind_si2bis = (si->bcch_frequency_list[0] >> 5) & 1;
1942 gsm48_decode_freq_list(&ms->support, s->freq,
1943 si->bcch_frequency_list,
1944 sizeof(si->bcch_frequency_list), 0x8e,
1945 FREQ_TYPE_NCELL_2bis);
1946 /* RACH Control Parameter */
1947 gsm48_decode_rach_ctl_neigh(s, &si->rach_control);
1951 return gsm48_send_sysinfo(ms, si->header.system_information);
1954 /* receive "SYSTEM INFORMATION 2ter" message (9.1.34) */
1955 static int gsm48_rr_rx_sysinfo2ter(struct osmocom_ms *ms, struct msgb *msg)
1957 struct gsm48_system_information_type_2ter *si = msgb_l3(msg);
1958 struct gsm48_sysinfo *s = ms->cellsel.si;
1959 int payload_len = msgb_l3len(msg) - sizeof(*si);
1962 LOGP(DRR, LOGL_INFO, "No cell selected, SYSTEM INFORMATION 2ter"
1967 if (payload_len < 0) {
1968 LOGP(DRR, LOGL_NOTICE, "Short read of SYSTEM INFORMATION 2ter "
1973 if (!memcmp(si, s->si2t_msg, MIN(msgb_l3len(msg),
1974 sizeof(s->si2t_msg))))
1976 memcpy(s->si2t_msg, si, MIN(msgb_l3len(msg), sizeof(s->si2t_msg)));
1978 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 2ter\n");
1980 /* Neighbor Cell Description 2 */
1981 s->nb_multi_rep_si2ter = (si->ext_bcch_frequency_list[0] >> 6) & 3;
1982 gsm48_decode_freq_list(&ms->support, s->freq,
1983 si->ext_bcch_frequency_list,
1984 sizeof(si->ext_bcch_frequency_list), 0x8e,
1985 FREQ_TYPE_NCELL_2ter);
1989 return gsm48_send_sysinfo(ms, si->header.system_information);
1992 /* receive "SYSTEM INFORMATION 3" message (9.1.35) */
1993 static int gsm48_rr_rx_sysinfo3(struct osmocom_ms *ms, struct msgb *msg)
1995 struct gsm48_system_information_type_3 *si = msgb_l3(msg);
1996 struct gsm322_cellsel *cs = &ms->cellsel;
1997 struct gsm48_sysinfo *s = cs->si;
1998 int payload_len = msgb_l3len(msg) - sizeof(*si);
2001 LOGP(DRR, LOGL_INFO, "No cell selected, SYSTEM INFORMATION 3 "
2006 if (payload_len < 0) {
2007 LOGP(DRR, LOGL_NOTICE, "Short read of SYSTEM INFORMATION 3 "
2012 if (!memcmp(si, s->si3_msg, MIN(msgb_l3len(msg), sizeof(s->si3_msg))))
2014 memcpy(s->si3_msg, si, MIN(msgb_l3len(msg), sizeof(s->si3_msg)));
2017 s->cell_id = ntohs(si->cell_identity);
2019 gsm48_decode_lai(&si->lai, &s->mcc, &s->mnc, &s->lac);
2020 /* Control Channel Description */
2021 gsm48_decode_ccd(s, &si->control_channel_desc);
2022 /* Cell Options (BCCH) */
2023 gsm48_decode_cellopt_bcch(s, &si->cell_options);
2024 /* Cell Selection Parameters */
2025 gsm48_decode_cell_sel_param(s, &si->cell_sel_par);
2026 /* RACH Control Parameter */
2027 gsm48_decode_rach_ctl_param(s, &si->rach_control);
2028 /* SI 3 Rest Octets */
2029 if (payload_len >= 4)
2030 gsm48_decode_si3_rest(s, si->rest_octets, payload_len);
2032 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 3 (mcc %s mnc %s "
2033 "lac 0x%04x)\n", gsm_print_mcc(s->mcc),
2034 gsm_print_mnc(s->mnc), s->lac);
2038 if (cs->ccch_mode == CCCH_MODE_NONE) {
2039 cs->ccch_mode = (s->ccch_conf == 1) ? CCCH_MODE_COMBINED :
2040 CCCH_MODE_NON_COMBINED;
2041 LOGP(DRR, LOGL_NOTICE, "Changing CCCH_MODE to %d\n",
2043 l1ctl_tx_ccch_mode_req(ms, cs->ccch_mode);
2046 return gsm48_send_sysinfo(ms, si->header.system_information);
2049 /* receive "SYSTEM INFORMATION 4" message (9.1.36) */
2050 static int gsm48_rr_rx_sysinfo4(struct osmocom_ms *ms, struct msgb *msg)
2052 /* NOTE: pseudo length is not in this structure, so we skip */
2053 struct gsm48_system_information_type_4 *si = msgb_l3(msg);
2054 struct gsm48_sysinfo *s = ms->cellsel.si;
2055 int payload_len = msgb_l3len(msg) - sizeof(*si);
2056 uint8_t *data = si->data;
2057 struct gsm48_chan_desc *cd;
2060 LOGP(DRR, LOGL_INFO, "No cell selected, SYSTEM INFORMATION 4 "
2065 if (payload_len < 0) {
2067 LOGP(DRR, LOGL_NOTICE, "Short read of SYSTEM INFORMATION 4 "
2073 LOGP(DRR, LOGL_NOTICE, "Ignoring SYSTEM INFORMATION 4 "
2074 "until SI 1 is received.\n");
2078 if (!memcmp(si, s->si4_msg, MIN(msgb_l3len(msg), sizeof(s->si4_msg))))
2080 memcpy(s->si4_msg, si, MIN(msgb_l3len(msg), sizeof(s->si4_msg)));
2083 gsm48_decode_lai(&si->lai, &s->mcc, &s->mnc, &s->lac);
2084 /* Cell Selection Parameters */
2085 gsm48_decode_cell_sel_param(s, &si->cell_sel_par);
2086 /* RACH Control Parameter */
2087 gsm48_decode_rach_ctl_param(s, &si->rach_control);
2088 /* CBCH Channel Description */
2089 if (payload_len >= 1 && data[0] == GSM48_IE_CBCH_CHAN_DESC) {
2090 if (payload_len < 4)
2092 cd = (struct gsm48_chan_desc *) (data + 1);
2095 gsm48_decode_chan_h1(cd, &s->tsc, &s->maio, &s->hsn);
2098 gsm48_decode_chan_h0(cd, &s->tsc, &s->arfcn);
2103 /* CBCH Mobile Allocation */
2104 if (payload_len >= 1 && data[0] == GSM48_IE_CBCH_MOB_AL) {
2105 if (payload_len < 1 || payload_len < 2 + data[1])
2107 gsm48_decode_mobile_alloc(s, data + 2, si->data[1], s->hopping,
2109 payload_len -= 2 + data[1];
2110 data += 2 + data[1];
2112 /* SI 4 Rest Octets */
2113 if (payload_len > 0)
2114 gsm48_decode_si4_rest(s, data, payload_len);
2116 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 4 (mcc %s mnc %s "
2117 "lac 0x%04x)\n", gsm_print_mcc(s->mcc),
2118 gsm_print_mnc(s->mnc), s->lac);
2122 return gsm48_send_sysinfo(ms, si->header.system_information);
2125 /* receive "SYSTEM INFORMATION 5" message (9.1.37) */
2126 static int gsm48_rr_rx_sysinfo5(struct osmocom_ms *ms, struct msgb *msg)
2128 /* NOTE: pseudo length is not in this structure, so we skip */
2129 struct gsm48_system_information_type_5 *si = msgb_l3(msg) + 1;
2130 struct gsm48_sysinfo *s = ms->cellsel.si;
2131 int payload_len = msgb_l3len(msg) - sizeof(*si) - 1;
2134 LOGP(DRR, LOGL_INFO, "No cell selected, SYSTEM INFORMATION 5 "
2139 if (payload_len < 0) {
2140 LOGP(DRR, LOGL_NOTICE, "Short read of SYSTEM INFORMATION 5 "
2145 if (!memcmp(si, s->si5_msg, MIN(msgb_l3len(msg), sizeof(s->si5_msg))))
2147 memcpy(s->si5_msg, si, MIN(msgb_l3len(msg), sizeof(s->si5_msg)));
2149 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 5\n");
2151 /* Neighbor Cell Description */
2152 s->nb_ext_ind_si5 = (si->bcch_frequency_list[0] >> 6) & 1;
2153 s->nb_ba_ind_si5 = (si->bcch_frequency_list[0] >> 5) & 1;
2154 gsm48_decode_freq_list(&ms->support, s->freq, si->bcch_frequency_list,
2155 sizeof(si->bcch_frequency_list), 0xce, FREQ_TYPE_REP_5);
2159 return gsm48_send_sysinfo(ms, si->system_information);
2162 /* receive "SYSTEM INFORMATION 5bis" message (9.1.38) */
2163 static int gsm48_rr_rx_sysinfo5bis(struct osmocom_ms *ms, struct msgb *msg)
2165 /* NOTE: pseudo length is not in this structure, so we skip */
2166 struct gsm48_system_information_type_5bis *si = msgb_l3(msg) + 1;
2167 struct gsm48_sysinfo *s = ms->cellsel.si;
2168 int payload_len = msgb_l3len(msg) - sizeof(*si) - 1;
2171 LOGP(DRR, LOGL_INFO, "No cell selected, SYSTEM INFORMATION 5bis"
2176 if (payload_len < 0) {
2177 LOGP(DRR, LOGL_NOTICE, "Short read of SYSTEM INFORMATION 5bis "
2182 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 5bis\n");
2184 if (!memcmp(si, s->si5b_msg, MIN(msgb_l3len(msg),
2185 sizeof(s->si5b_msg))))
2187 memcpy(s->si5b_msg, si, MIN(msgb_l3len(msg), sizeof(s->si5b_msg)));
2189 /* Neighbor Cell Description */
2190 s->nb_ext_ind_si5bis = (si->bcch_frequency_list[0] >> 6) & 1;
2191 s->nb_ba_ind_si5bis = (si->bcch_frequency_list[0] >> 5) & 1;
2192 gsm48_decode_freq_list(&ms->support, s->freq, si->bcch_frequency_list,
2193 sizeof(si->bcch_frequency_list), 0xce, FREQ_TYPE_REP_5bis);
2197 return gsm48_send_sysinfo(ms, si->system_information);
2200 /* receive "SYSTEM INFORMATION 5ter" message (9.1.39) */
2201 static int gsm48_rr_rx_sysinfo5ter(struct osmocom_ms *ms, struct msgb *msg)
2203 /* NOTE: pseudo length is not in this structure, so we skip */
2204 struct gsm48_system_information_type_5ter *si = msgb_l3(msg) + 1;
2205 struct gsm48_sysinfo *s = ms->cellsel.si;
2206 int payload_len = msgb_l3len(msg) - sizeof(*si) - 1;
2209 LOGP(DRR, LOGL_INFO, "No cell selected, SYSTEM INFORMATION 5ter"
2214 if (payload_len < 0) {
2215 LOGP(DRR, LOGL_NOTICE, "Short read of SYSTEM INFORMATION 5ter "
2220 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 5ter\n");
2222 if (!memcmp(si, s->si5t_msg, MIN(msgb_l3len(msg),
2223 sizeof(s->si5t_msg))))
2225 memcpy(s->si5t_msg, si, MIN(msgb_l3len(msg), sizeof(s->si5t_msg)));
2227 /* Neighbor Cell Description */
2228 gsm48_decode_freq_list(&ms->support, s->freq, si->bcch_frequency_list,
2229 sizeof(si->bcch_frequency_list), 0xce, FREQ_TYPE_REP_5ter);
2233 return gsm48_send_sysinfo(ms, si->system_information);
2236 /* receive "SYSTEM INFORMATION 6" message (9.1.39) */
2237 static int gsm48_rr_rx_sysinfo6(struct osmocom_ms *ms, struct msgb *msg)
2239 /* NOTE: pseudo length is not in this structure, so we skip */
2240 struct gsm48_system_information_type_6 *si = msgb_l3(msg) + 1;
2241 struct gsm48_sysinfo *s = ms->cellsel.si;
2242 int payload_len = msgb_l3len(msg) - sizeof(*si) - 1;
2245 LOGP(DRR, LOGL_INFO, "No cell selected, SYSTEM INFORMATION 6 "
2250 if (payload_len < 0) {
2251 LOGP(DRR, LOGL_NOTICE, "Short read of SYSTEM INFORMATION 6 "
2256 if (!memcmp(si, s->si6_msg, MIN(msgb_l3len(msg), sizeof(s->si6_msg))))
2258 memcpy(s->si6_msg, si, MIN(msgb_l3len(msg), sizeof(s->si6_msg)));
2261 if (s->si6 && s->cell_id != ntohs(si->cell_identity))
2262 LOGP(DRR, LOGL_INFO, "Cell ID on SI 6 differs from previous "
2264 s->cell_id = ntohs(si->cell_identity);
2266 gsm48_decode_lai(&si->lai, &s->mcc, &s->mnc, &s->lac);
2267 /* Cell Options (SACCH) */
2268 gsm48_decode_cellopt_sacch(s, &si->cell_options);
2270 s->nb_ncc_permitted = si->ncc_permitted;
2271 /* SI 6 Rest Octets */
2272 if (payload_len >= 4)
2273 gsm48_decode_si6_rest(s, si->rest_octets, payload_len);
2275 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 6 (mcc %s mnc %s "
2276 "lac 0x%04x)\n", gsm_print_mcc(s->mcc),
2277 gsm_print_mnc(s->mnc), s->lac);
2281 return gsm48_send_sysinfo(ms, si->system_information);
2288 /* paging channel request */
2289 static int gsm48_rr_chan2cause[4] = {
2290 RR_EST_CAUSE_ANS_PAG_ANY,
2291 RR_EST_CAUSE_ANS_PAG_SDCCH,
2292 RR_EST_CAUSE_ANS_PAG_TCH_F,
2293 RR_EST_CAUSE_ANS_PAG_TCH_ANY
2296 /* given LV of mobile identity is checked agains ms */
2297 static int gsm_match_mi(struct osmocom_ms *ms, uint8_t *mi)
2305 mi_type = mi[1] & GSM_MI_TYPE_MASK;
2307 case GSM_MI_TYPE_TMSI:
2310 memcpy(&tmsi, mi+2, 4);
2311 if (ms->subscr.tmsi == ntohl(tmsi)
2312 && ms->subscr.tmsi_valid) {
2313 LOGP(DPAG, LOGL_INFO, "TMSI %08x matches\n",
2318 LOGP(DPAG, LOGL_INFO, "TMSI %08x (not for us)\n",
2321 case GSM_MI_TYPE_IMSI:
2322 gsm48_mi_to_string(imsi, sizeof(imsi), mi + 1, mi[0]);
2323 if (!strcmp(imsi, ms->subscr.imsi)) {
2324 LOGP(DPAG, LOGL_INFO, "IMSI %s matches\n", imsi);
2328 LOGP(DPAG, LOGL_INFO, "IMSI %s (not for us)\n", imsi);
2331 LOGP(DPAG, LOGL_NOTICE, "Paging with unsupported MI type %d.\n",
2338 /* 9.1.22 PAGING REQUEST 1 message received */
2339 static int gsm48_rr_rx_pag_req_1(struct osmocom_ms *ms, struct msgb *msg)
2341 struct gsm48_rrlayer *rr = &ms->rrlayer;
2342 struct gsm322_cellsel *cs = &ms->cellsel;
2343 struct gsm48_paging1 *pa = msgb_l3(msg);
2344 int payload_len = msgb_l3len(msg) - sizeof(*pa);
2348 /* empty paging request */
2349 if (payload_len >= 2 && (pa->data[1] & GSM_MI_TYPE_MASK) == 0)
2352 /* 3.3.1.1.2: ignore paging while not camping on a cell */
2353 if (rr->state != GSM48_RR_ST_IDLE || !cs->selected
2354 || (cs->state != GSM322_C3_CAMPED_NORMALLY
2355 && cs->state != GSM322_C7_CAMPED_ANY_CELL)) {
2356 LOGP(DRR, LOGL_INFO, "PAGING ignored, we are not camping.\n");
2360 LOGP(DPAG, LOGL_INFO, "PAGING REQUEST 1\n");
2362 if (payload_len < 2) {
2364 LOGP(DRR, LOGL_NOTICE, "Short read of PAGING REQUEST 1 "
2370 /* channel needed */
2371 chan_1 = pa->cneed1;
2372 chan_2 = pa->cneed2;
2375 if (payload_len < mi[0] + 1)
2377 if (gsm_match_mi(ms, mi) > 0)
2378 return gsm48_rr_chan_req(ms, gsm48_rr_chan2cause[chan_1], 1);
2380 payload_len -= mi[0] + 1;
2381 mi = pa->data + mi[0] + 1;
2382 if (payload_len < 2)
2384 if (mi[0] != GSM48_IE_MOBILE_ID)
2386 if (payload_len < mi[1] + 2)
2388 if (gsm_match_mi(ms, mi + 1) > 0)
2389 return gsm48_rr_chan_req(ms, gsm48_rr_chan2cause[chan_2], 1);
2394 /* 9.1.23 PAGING REQUEST 2 message received */
2395 static int gsm48_rr_rx_pag_req_2(struct osmocom_ms *ms, struct msgb *msg)
2397 struct gsm48_rrlayer *rr = &ms->rrlayer;
2398 struct gsm322_cellsel *cs = &ms->cellsel;
2399 struct gsm48_paging2 *pa = msgb_l3(msg);
2400 int payload_len = msgb_l3len(msg) - sizeof(*pa);
2402 int chan_1, chan_2, chan_3;
2404 /* 3.3.1.1.2: ignore paging while not camping on a cell */
2405 if (rr->state != GSM48_RR_ST_IDLE || !cs->selected
2406 || (cs->state != GSM322_C3_CAMPED_NORMALLY
2407 && cs->state != GSM322_C7_CAMPED_ANY_CELL)) {
2408 LOGP(DRR, LOGL_INFO, "PAGING ignored, we are not camping.\n");
2412 LOGP(DPAG, LOGL_INFO, "PAGING REQUEST 2\n");
2414 if (payload_len < 0) {
2416 LOGP(DRR, LOGL_NOTICE, "Short read of PAGING REQUEST 2 "
2422 /* channel needed */
2423 chan_1 = pa->cneed1;
2424 chan_2 = pa->cneed2;
2426 if (ms->subscr.tmsi == ntohl(pa->tmsi1)
2427 && ms->subscr.tmsi_valid) {
2428 LOGP(DPAG, LOGL_INFO, "TMSI %08x matches\n", ntohl(pa->tmsi1));
2429 return gsm48_rr_chan_req(ms, gsm48_rr_chan2cause[chan_1], 1);
2431 LOGP(DPAG, LOGL_INFO, "TMSI %08x (not for us)\n",
2434 if (ms->subscr.tmsi == ntohl(pa->tmsi2)
2435 && ms->subscr.tmsi_valid) {
2436 LOGP(DPAG, LOGL_INFO, "TMSI %08x matches\n", ntohl(pa->tmsi2));
2437 return gsm48_rr_chan_req(ms, gsm48_rr_chan2cause[chan_2], 1);
2439 LOGP(DPAG, LOGL_INFO, "TMSI %08x (not for us)\n",
2443 if (payload_len < 2)
2445 if (mi[0] != GSM48_IE_MOBILE_ID)
2447 if (payload_len < mi[1] + 2 + 1) /* must include "channel needed" */
2449 chan_3 = mi[mi[1] + 2] & 0x03; /* channel needed */
2450 if (gsm_match_mi(ms, mi + 1) > 0)
2451 return gsm48_rr_chan_req(ms, gsm48_rr_chan2cause[chan_3], 1);
2456 /* 9.1.24 PAGING REQUEST 3 message received */
2457 static int gsm48_rr_rx_pag_req_3(struct osmocom_ms *ms, struct msgb *msg)
2459 struct gsm48_rrlayer *rr = &ms->rrlayer;
2460 struct gsm322_cellsel *cs = &ms->cellsel;
2461 struct gsm48_paging3 *pa = msgb_l3(msg);
2462 int payload_len = msgb_l3len(msg) - sizeof(*pa);
2463 int chan_1, chan_2, chan_3, chan_4;
2465 /* 3.3.1.1.2: ignore paging while not camping on a cell */
2466 if (rr->state != GSM48_RR_ST_IDLE || !cs->selected
2467 || (cs->state != GSM322_C3_CAMPED_NORMALLY
2468 && cs->state != GSM322_C7_CAMPED_ANY_CELL)) {
2469 LOGP(DRR, LOGL_INFO, "PAGING ignored, we are not camping.\n");
2473 LOGP(DPAG, LOGL_INFO, "PAGING REQUEST 3\n");
2475 if (payload_len < 0) { /* must include "channel needed", part of *pa */
2476 LOGP(DRR, LOGL_NOTICE, "Short read of PAGING REQUEST 3 "
2482 /* channel needed */
2483 chan_1 = pa->cneed1;
2484 chan_2 = pa->cneed2;
2485 chan_3 = pa->cneed3;
2486 chan_4 = pa->cneed4;
2488 if (ms->subscr.tmsi == ntohl(pa->tmsi1)
2489 && ms->subscr.tmsi_valid) {
2490 LOGP(DPAG, LOGL_INFO, "TMSI %08x matches\n", ntohl(pa->tmsi1));
2491 return gsm48_rr_chan_req(ms, gsm48_rr_chan2cause[chan_1], 1);
2493 LOGP(DPAG, LOGL_INFO, "TMSI %08x (not for us)\n",
2496 if (ms->subscr.tmsi == ntohl(pa->tmsi2)
2497 && ms->subscr.tmsi_valid) {
2498 LOGP(DPAG, LOGL_INFO, "TMSI %08x matches\n", ntohl(pa->tmsi2));
2499 return gsm48_rr_chan_req(ms, gsm48_rr_chan2cause[chan_2], 1);
2501 LOGP(DPAG, LOGL_INFO, "TMSI %08x (not for us)\n",
2504 if (ms->subscr.tmsi == ntohl(pa->tmsi3)
2505 && ms->subscr.tmsi_valid) {
2506 LOGP(DPAG, LOGL_INFO, "TMSI %08x matches\n", ntohl(pa->tmsi3));
2507 return gsm48_rr_chan_req(ms, gsm48_rr_chan2cause[chan_3], 1);
2509 LOGP(DPAG, LOGL_INFO, "TMSI %08x (not for us)\n",
2512 if (ms->subscr.tmsi == ntohl(pa->tmsi4)
2513 && ms->subscr.tmsi_valid) {
2514 LOGP(DPAG, LOGL_INFO, "TMSI %08x matches\n", ntohl(pa->tmsi4));
2515 return gsm48_rr_chan_req(ms, gsm48_rr_chan2cause[chan_4], 1);
2517 LOGP(DPAG, LOGL_INFO, "TMSI %08x (not for us)\n",
2524 * (immediate) assignment
2527 /* match request reference agains request history */
2528 static int gsm48_match_ra(struct osmocom_ms *ms, struct gsm48_req_ref *ref)
2530 struct gsm48_rrlayer *rr = &ms->rrlayer;
2533 uint8_t ia_t1, ia_t2, ia_t3;
2535 for (i = 0; i < 3; i++) {
2536 /* filter confirmed RACH requests only */
2537 if (rr->cr_hist[i].valid == 2
2538 && ref->ra == rr->cr_hist[i].chan_req) {
2541 ia_t3 = (ref->t3_high << 3) | ref->t3_low;
2542 gsm_fn2gsmtime(&tm, rr->cr_hist[i].fn);
2543 if (ia_t1 == (tm.t1 & 0x1f) && ia_t2 == tm.t2
2544 && ia_t3 == tm.t3) {
2545 LOGP(DRR, LOGL_INFO, "request %02x matches "
2546 "(fn=%d,%d,%d)\n", ref->ra, ia_t1,
2550 LOGP(DRR, LOGL_INFO, "request %02x matches "
2551 "but not frame number (IMM.ASS "
2552 "fn=%d,%d,%d != RACH fn=%d,%d,%d)\n",
2553 ref->ra, ia_t1, ia_t2, ia_t3,
2554 tm.t1 & 0x1f, tm.t2, tm.t3);
2561 /* 9.1.18 IMMEDIATE ASSIGNMENT is received */
2562 static int gsm48_rr_rx_imm_ass(struct osmocom_ms *ms, struct msgb *msg)
2564 struct gsm48_rrlayer *rr = &ms->rrlayer;
2565 struct gsm48_imm_ass *ia = msgb_l3(msg);
2566 int ma_len = msgb_l3len(msg) - sizeof(*ia);
2567 uint8_t ch_type, ch_subch, ch_ts;
2568 struct gsm48_rr_cd cd;
2569 uint8_t *st, st_len;
2571 memset(&cd, 0, sizeof(cd));
2573 if (ma_len < 0 /* mobile allocation IE must be included */
2574 || ia->mob_alloc_len > ma_len) { /* short read of IE */
2575 LOGP(DRR, LOGL_NOTICE, "Short read of IMMEDIATE ASSIGNMENT "
2579 if (ia->mob_alloc_len > 8) {
2580 LOGP(DRR, LOGL_NOTICE, "Moble allocation in IMMEDIATE "
2581 "ASSIGNMENT too large.\n");
2586 st_len = ma_len - ia->mob_alloc_len;
2587 st = ia->mob_alloc + ia->mob_alloc_len;
2588 if (st_len >= 3 && st[0] == GSM48_IE_START_TIME)
2589 gsm48_decode_start_time(&cd, (struct gsm48_start_time *)(st+1));
2591 /* decode channel description */
2592 LOGP(DRR, LOGL_INFO, "IMMEDIATE ASSIGNMENT:\n");
2593 cd.chan_nr = ia->chan_desc.chan_nr;
2594 rsl_dec_chan_nr(cd.chan_nr, &ch_type, &ch_subch, &ch_ts);
2595 if (ia->chan_desc.h0.h) {
2597 gsm48_decode_chan_h1(&ia->chan_desc, &cd.tsc, &cd.maio,
2599 LOGP(DRR, LOGL_INFO, " (ta %d/%dm ra 0x%02x chan_nr 0x%02x "
2600 "MAIO %u HSN %u TS %u SS %u TSC %u)\n",
2602 ia->timing_advance * GSM_TA_CM / 100,
2603 ia->req_ref.ra, ia->chan_desc.chan_nr, cd.maio,
2604 cd.hsn, ch_ts, ch_subch, cd.tsc);
2607 gsm48_decode_chan_h0(&ia->chan_desc, &cd.tsc, &cd.arfcn);
2608 LOGP(DRR, LOGL_INFO, " (ta %d/%dm ra 0x%02x chan_nr 0x%02x "
2609 "ARFCN %u TS %u SS %u TSC %u)\n",
2611 ia->timing_advance * GSM_TA_CM / 100,
2612 ia->req_ref.ra, ia->chan_desc.chan_nr, cd.arfcn,
2613 ch_ts, ch_subch, cd.tsc);
2616 /* 3.3.1.1.2: ignore assignment while idle */
2617 if (rr->state != GSM48_RR_ST_CONN_PEND || !rr->wait_assign) {
2618 LOGP(DRR, LOGL_INFO, "Not for us, no request.\n");
2623 if (gsm48_match_ra(ms, &ia->req_ref)) {
2624 /* channel description */
2625 memcpy(&rr->cd_now, &cd, sizeof(rr->cd_now));
2626 /* timing advance */
2627 rr->cd_now.ta = ia->timing_advance;
2628 /* mobile allocation */
2629 memcpy(&rr->cd_now.mob_alloc_lv, &ia->mob_alloc_len,
2630 ia->mob_alloc_len + 1);
2631 rr->wait_assign = 0;
2632 return gsm48_rr_dl_est(ms);
2634 LOGP(DRR, LOGL_INFO, "Request, but not for us.\n");
2639 /* 9.1.19 IMMEDIATE ASSIGNMENT EXTENDED is received */
2640 static int gsm48_rr_rx_imm_ass_ext(struct osmocom_ms *ms, struct msgb *msg)
2642 struct gsm48_rrlayer *rr = &ms->rrlayer;
2643 struct gsm48_imm_ass_ext *ia = msgb_l3(msg);
2644 int ma_len = msgb_l3len(msg) - sizeof(*ia);
2645 uint8_t ch_type, ch_subch, ch_ts;
2646 struct gsm48_rr_cd cd1, cd2;
2647 uint8_t *st, st_len;
2649 memset(&cd1, 0, sizeof(cd1));
2650 memset(&cd2, 0, sizeof(cd2));
2652 if (ma_len < 0 /* mobile allocation IE must be included */
2653 || ia->mob_alloc_len > ma_len) { /* short read of IE */
2654 LOGP(DRR, LOGL_NOTICE, "Short read of IMMEDIATE ASSIGNMENT "
2655 "EXTENDED message.\n");
2658 if (ia->mob_alloc_len > 4) {
2659 LOGP(DRR, LOGL_NOTICE, "Moble allocation in IMMEDIATE "
2660 "ASSIGNMENT EXTENDED too large.\n");
2665 st_len = ma_len - ia->mob_alloc_len;
2666 st = ia->mob_alloc + ia->mob_alloc_len;
2667 if (st_len >= 3 && st[0] == GSM48_IE_START_TIME) {
2668 gsm48_decode_start_time(&cd1,
2669 (struct gsm48_start_time *)(st+1));
2670 memcpy(&cd2, &cd1, sizeof(cd2));
2673 /* decode channel description */
2674 LOGP(DRR, LOGL_INFO, "IMMEDIATE ASSIGNMENT EXTENDED:\n");
2675 cd2.chan_nr = ia->chan_desc1.chan_nr;
2676 rsl_dec_chan_nr(cd1.chan_nr, &ch_type, &ch_subch, &ch_ts);
2677 if (ia->chan_desc1.h0.h) {
2679 gsm48_decode_chan_h1(&ia->chan_desc1, &cd1.tsc, &cd1.maio,
2681 LOGP(DRR, LOGL_INFO, " assignment 1 (ta %d/%dm ra 0x%02x "
2682 "chan_nr 0x%02x MAIO %u HSN %u TS %u SS %u TSC %u)\n",
2683 ia->timing_advance1,
2684 ia->timing_advance1 * GSM_TA_CM / 100,
2685 ia->req_ref1.ra, ia->chan_desc1.chan_nr, cd1.maio,
2686 cd1.hsn, ch_ts, ch_subch, cd1.tsc);
2689 gsm48_decode_chan_h0(&ia->chan_desc1, &cd1.tsc, &cd1.arfcn);
2690 LOGP(DRR, LOGL_INFO, " assignment 1 (ta %d/%dm ra 0x%02x "
2691 "chan_nr 0x%02x ARFCN %u TS %u SS %u TSC %u)\n",
2692 ia->timing_advance1,
2693 ia->timing_advance1 * GSM_TA_CM / 100,
2694 ia->req_ref1.ra, ia->chan_desc1.chan_nr, cd1.arfcn,
2695 ch_ts, ch_subch, cd1.tsc);
2697 cd2.chan_nr = ia->chan_desc2.chan_nr;
2698 rsl_dec_chan_nr(cd2.chan_nr, &ch_type, &ch_subch, &ch_ts);
2699 if (ia->chan_desc2.h0.h) {
2701 gsm48_decode_chan_h1(&ia->chan_desc2, &cd2.tsc, &cd2.maio,
2703 LOGP(DRR, LOGL_INFO, " assignment 2 (ta %d/%dm ra 0x%02x "
2704 "chan_nr 0x%02x MAIO %u HSN %u TS %u SS %u TSC %u)\n",
2705 ia->timing_advance2,
2706 ia->timing_advance2 * GSM_TA_CM / 100,
2707 ia->req_ref2.ra, ia->chan_desc2.chan_nr, cd2.maio,
2708 cd2.hsn, ch_ts, ch_subch, cd2.tsc);
2711 gsm48_decode_chan_h0(&ia->chan_desc2, &cd2.tsc, &cd2.arfcn);
2712 LOGP(DRR, LOGL_INFO, " assignment 2 (ta %d/%dm ra 0x%02x "
2713 "chan_nr 0x%02x ARFCN %u TS %u SS %u TSC %u)\n",
2714 ia->timing_advance2,
2715 ia->timing_advance2 * GSM_TA_CM / 100,
2716 ia->req_ref2.ra, ia->chan_desc2.chan_nr, cd2.arfcn,
2717 ch_ts, ch_subch, cd2.tsc);
2720 /* 3.3.1.1.2: ignore assignment while idle */
2721 if (rr->state != GSM48_RR_ST_CONN_PEND || !rr->wait_assign) {
2722 LOGP(DRR, LOGL_INFO, "Not for us, no request.\n");
2727 if (gsm48_match_ra(ms, &ia->req_ref1)) {
2728 /* channel description */
2729 memcpy(&rr->cd_now, &cd1, sizeof(rr->cd_now));
2730 /* timing advance */
2731 rr->cd_now.ta = ia->timing_advance1;
2732 /* mobile allocation */
2733 memcpy(&rr->cd_now.mob_alloc_lv, &ia->mob_alloc_len,
2734 ia->mob_alloc_len + 1);
2735 rr->wait_assign = 0;
2736 return gsm48_rr_dl_est(ms);
2739 if (gsm48_match_ra(ms, &ia->req_ref2)) {
2740 /* channel description */
2741 memcpy(&rr->cd_now, &cd2, sizeof(rr->cd_now));
2742 /* timing advance */
2743 rr->cd_now.ta = ia->timing_advance2;
2744 /* mobile allocation */
2745 memcpy(&rr->cd_now.mob_alloc_lv, &ia->mob_alloc_len,
2746 ia->mob_alloc_len + 1);
2747 rr->wait_assign = 0;
2748 return gsm48_rr_dl_est(ms);
2750 LOGP(DRR, LOGL_INFO, "Request, but not for us.\n");
2755 /* 9.1.20 IMMEDIATE ASSIGNMENT REJECT is received */
2756 static int gsm48_rr_rx_imm_ass_rej(struct osmocom_ms *ms, struct msgb *msg)
2758 struct gsm48_rrlayer *rr = &ms->rrlayer;
2759 struct gsm48_imm_ass_rej *ia = msgb_l3(msg);
2760 int payload_len = msgb_l3len(msg) - sizeof(*ia);
2762 struct gsm48_req_ref *req_ref;
2763 uint8_t t3122_value;
2765 /* 3.3.1.1.2: ignore assignment while idle */
2766 if (rr->state != GSM48_RR_ST_CONN_PEND || !rr->wait_assign)
2769 if (payload_len < 0) {
2770 LOGP(DRR, LOGL_NOTICE, "Short read of IMMEDIATE ASSIGNMENT "
2771 "REJECT message.\n");
2775 for (i = 0; i < 4; i++) {
2776 /* request reference */
2777 req_ref = (struct gsm48_req_ref *)
2778 (((uint8_t *)&ia->req_ref1) + i * 4);
2779 LOGP(DRR, LOGL_INFO, "IMMEDIATE ASSIGNMENT REJECT "
2780 "(ref 0x%02x)\n", req_ref->ra);
2781 if (gsm48_match_ra(ms, req_ref)) {
2782 /* wait indication */
2783 t3122_value = *(((uint8_t *)&ia->wait_ind1) + i * 4);
2785 start_rr_t3122(rr, t3122_value, 0);
2786 /* start timer 3126 if not already */
2787 if (!bsc_timer_pending(&rr->t3126))
2788 start_rr_t3126(rr, 5, 0); /* TODO improve! */
2789 /* stop assignmnet requests */
2792 /* wait until timer 3126 expires, then release
2793 * or wait for channel assignment */
2801 /* 9.1.1 ADDITIONAL ASSIGMENT is received */
2802 static int gsm48_rr_rx_add_ass(struct osmocom_ms *ms, struct msgb *msg)
2804 struct gsm48_hdr *gh = msgb_l3(msg);
2805 struct gsm48_add_ass *aa = (struct gsm48_add_ass *)gh->data;
2806 int payload_len = msgb_l3len(msg) - sizeof(*gh) - sizeof(*aa);
2807 struct tlv_parsed tp;
2809 if (payload_len < 0) {
2810 LOGP(DRR, LOGL_NOTICE, "Short read of ADDITIONAL ASSIGNMENT "
2812 return gsm48_rr_tx_rr_status(ms,
2813 GSM48_RR_CAUSE_PROT_ERROR_UNSPC);
2815 tlv_parse(&tp, &gsm48_rr_att_tlvdef, aa->data, payload_len, 0, 0);
2817 return gsm48_rr_tx_rr_status(ms, GSM48_RR_CAUSE_PROT_ERROR_UNSPC);
2821 * measturement reports
2824 static int gsm48_rr_tx_meas_rep(struct osmocom_ms *ms)
2826 struct gsm48_rrlayer *rr = &ms->rrlayer;
2827 struct gsm48_rr_meas *meas = &rr->meas;
2829 struct gsm48_hdr *gh;
2830 struct gsm48_meas_res *mr;
2832 nmsg = gsm48_l3_msgb_alloc();
2835 gh = (struct gsm48_hdr *) msgb_put(nmsg, sizeof(*gh));
2836 mr = (struct gsm48_meas_res *) msgb_put(nmsg, sizeof(*mr));
2838 gh->proto_discr = GSM48_PDISC_RR;
2839 gh->msg_type = GSM48_MT_RR_MEAS_REP;
2841 /* measurement results */
2842 mr->rxlev_full = meas->rxlev_full;
2843 mr->rxlev_sub = meas->rxlev_sub;
2844 mr->rxqual_full = meas->rxqual_full;
2845 mr->rxqual_sub = meas->rxqual_sub;
2846 mr->dtx_used = meas->dtx;
2847 mr->ba_used = meas->ba;
2848 mr->meas_valid = meas->meas_valid;
2849 if (meas->ncell_na) {
2850 /* no results for serving cells */
2854 mr->no_nc_n_hi = meas->count >> 2;
2855 mr->no_nc_n_lo = meas->count & 3;
2857 mr->rxlev_nc1 = meas->rxlev_nc[0];
2858 mr->rxlev_nc2_hi = meas->rxlev_nc[1] >> 1;
2859 mr->rxlev_nc2_lo = meas->rxlev_nc[1] & 1;
2860 mr->rxlev_nc3_hi = meas->rxlev_nc[2] >> 2;
2861 mr->rxlev_nc3_lo = meas->rxlev_nc[2] & 3;
2862 mr->rxlev_nc4_hi = meas->rxlev_nc[3] >> 3;
2863 mr->rxlev_nc4_lo = meas->rxlev_nc[3] & 7;
2864 mr->rxlev_nc5_hi = meas->rxlev_nc[4] >> 4;
2865 mr->rxlev_nc5_lo = meas->rxlev_nc[4] & 15;
2866 mr->rxlev_nc6_hi = meas->rxlev_nc[5] >> 5;
2867 mr->rxlev_nc6_lo = meas->rxlev_nc[5] & 31;
2868 mr->bsic_nc1_hi = meas->bsic_nc[0] >> 3;
2869 mr->bsic_nc1_lo = meas->bsic_nc[0] & 7;
2870 mr->bsic_nc2_hi = meas->bsic_nc[1] >> 4;
2871 mr->bsic_nc2_lo = meas->bsic_nc[1] & 15;
2872 mr->bsic_nc3_hi = meas->bsic_nc[2] >> 5;
2873 mr->bsic_nc3_lo = meas->bsic_nc[2] & 31;
2874 mr->bsic_nc4 = meas->bsic_nc[3];
2875 mr->bsic_nc5 = meas->bsic_nc[4];
2876 mr->bsic_nc6 = meas->bsic_nc[5];
2877 mr->bcch_f_nc1 = meas->bcch_f_nc[0];
2878 mr->bcch_f_nc2 = meas->bcch_f_nc[1];
2879 mr->bcch_f_nc3 = meas->bcch_f_nc[2];
2880 mr->bcch_f_nc4 = meas->bcch_f_nc[3];
2881 mr->bcch_f_nc5_hi = meas->bcch_f_nc[4] >> 1;
2882 mr->bcch_f_nc5_lo = meas->bcch_f_nc[4] & 1;
2883 mr->bcch_f_nc6_hi = meas->bcch_f_nc[5] >> 2;
2884 mr->bcch_f_nc6_lo = meas->bcch_f_nc[5] & 3;
2886 return gsm48_send_rsl(ms, RSL_MT_UNIT_DATA_REQ, nmsg);
2890 * link establishment and release
2893 /* process "Loss Of Signal" */
2894 int gsm48_rr_los(struct osmocom_ms *ms)
2896 struct gsm48_rrlayer *rr = &ms->rrlayer;
2899 struct gsm48_rr_hdr *nrrh;
2901 LOGP(DSUM, LOGL_INFO, "Radio link lost signal\n");
2903 /* stop T3211 if running */
2907 case GSM48_RR_ST_CONN_PEND:
2908 LOGP(DRR, LOGL_INFO, "LOS during RACH request\n");
2910 /* stop pending RACH timer */
2913 case GSM48_RR_ST_DEDICATED:
2914 LOGP(DRR, LOGL_INFO, "LOS during dedicated mode, release "
2917 new_rr_state(rr, GSM48_RR_ST_REL_PEND);
2919 /* release message */
2921 nmsg = gsm48_l3_msgb_alloc();
2924 mode = msgb_put(nmsg, 2);
2925 mode[0] = RSL_IE_RELEASE_MODE;
2926 mode[1] = 1; /* local release */
2928 return gsm48_send_rsl(ms, RSL_MT_REL_REQ, nmsg);
2929 case GSM48_RR_ST_REL_PEND:
2930 LOGP(DRR, LOGL_INFO, "LOS during RR release procedure, release "
2933 /* stop pending RACH timer */
2936 /* release locally */
2939 /* this should not happen */
2940 LOGP(DRR, LOGL_ERROR, "LOS in IDLE state, ignoring\n");
2944 /* send inication to upper layer */
2945 nmsg = gsm48_rr_msgb_alloc(GSM48_RR_REL_IND);
2948 nrrh = (struct gsm48_rr_hdr *)nmsg->data;
2949 nrrh->cause = RR_REL_CAUSE_LOST_SIGNAL;
2950 gsm48_rr_upmsg(ms, nmsg);
2953 new_rr_state(rr, GSM48_RR_ST_IDLE);
2957 /* activate link and send establish request */
2958 static int gsm48_rr_dl_est(struct osmocom_ms *ms)
2960 struct gsm48_rrlayer *rr = &ms->rrlayer;
2961 struct gsm_subscriber *subscr = &ms->subscr;
2962 struct gsm322_cellsel *cs = &ms->cellsel;
2963 struct gsm48_sysinfo *s = cs->si;
2965 struct gsm48_hdr *gh;
2966 struct gsm48_pag_rsp *pr;
2968 uint8_t ch_type, ch_subch, ch_ts;
2976 gsm48_decode_mobile_alloc(s, rr->cd_now.mob_alloc_lv + 1,
2977 rr->cd_now.mob_alloc_lv[0], ma, &ma_len, 0);
2979 LOGP(DRR, LOGL_NOTICE, "Hopping, but no allocation\n");
2984 /* send DL_EST_REQ */
2985 if (rr->rr_est_msg) {
2986 /* use queued message */
2987 nmsg = rr->rr_est_msg;
2989 LOGP(DRR, LOGL_INFO, "sending establish message\n");
2991 /* create paging response */
2992 nmsg = gsm48_l3_msgb_alloc();
2995 gh = (struct gsm48_hdr *) msgb_put(nmsg, sizeof(*gh));
2996 pr = (struct gsm48_pag_rsp *) msgb_put(nmsg, sizeof(*pr));
2998 pr->key_seq = subscr->key_seq;
3000 pr->cm2_len = sizeof(pr->cm2);
3001 gsm48_rr_enc_cm2(ms, &pr->cm2);
3002 /* mobile identity */
3003 if (ms->subscr.tmsi_valid) {
3004 gsm48_generate_mid_from_tmsi(mi, subscr->tmsi);
3005 LOGP(DRR, LOGL_INFO, "sending paging response with "
3007 } else if (subscr->imsi[0]) {
3008 gsm48_generate_mid_from_imsi(mi, subscr->imsi);
3009 LOGP(DRR, LOGL_INFO, "sending paging response with "
3013 mi[2] = 0xf0 | GSM_MI_TYPE_NONE;
3014 LOGP(DRR, LOGL_INFO, "sending paging response without "
3017 msgb_put(nmsg, 1 + mi[1]);
3018 memcpy(pr->data, mi + 1, 1 + mi[1]);
3021 /* activate channel */
3023 RSL_MT_ to activate channel with all the cd_now informations
3025 rsl_dec_chan_nr(rr->cd_now.chan_nr, &ch_type, &ch_subch, &ch_ts);
3026 if ((ch_type != RSL_CHAN_SDCCH8_ACCH
3027 && ch_type != RSL_CHAN_SDCCH4_ACCH) || ch_ts > 4) {
3028 printf("Channel type %d, subch %d, ts %d not supported, "
3029 "exitting.\n", ch_type, ch_subch, ch_ts);
3033 tx_ph_dm_est_req_h1(ms, rr->cd_now.maio, rr->cd_now.hsn,
3034 ma, ma_len, rr->cd_now.chan_nr, rr->cd_now.tsc, 0);
3036 tx_ph_dm_est_req_h0(ms, rr->cd_now.arfcn, rr->cd_now.chan_nr,
3040 /* start establishmnet */
3041 return gsm48_send_rsl(ms, RSL_MT_EST_REQ, nmsg);
3044 /* the link is established */
3045 static int gsm48_rr_estab_cnf(struct osmocom_ms *ms, struct msgb *msg)
3047 struct gsm48_rrlayer *rr = &ms->rrlayer;
3051 /* if MM has releases before confirm, we start release */
3052 if (rr->state == GSM48_RR_ST_REL_PEND) {
3053 LOGP(DRR, LOGL_INFO, "MM already released RR.\n");
3054 /* release message */
3055 nmsg = gsm48_l3_msgb_alloc();
3058 mode = msgb_put(nmsg, 2);
3059 mode[0] = RSL_IE_RELEASE_MODE;
3060 mode[1] = 0; /* normal release */
3062 return gsm48_send_rsl(ms, RSL_MT_REL_REQ, nmsg);
3066 new_rr_state(rr, GSM48_RR_ST_DEDICATED);
3068 /* send confirm to upper layer */
3069 nmsg = gsm48_rr_msgb_alloc(
3070 (rr->rr_est_req) ? GSM48_RR_EST_CNF : GSM48_RR_EST_IND);
3073 return gsm48_rr_upmsg(ms, nmsg);
3076 /* the link is released in pending state (by l2) */
3077 static int gsm48_rr_rel_ind(struct osmocom_ms *ms, struct msgb *msg)
3079 struct gsm48_rrlayer *rr = &ms->rrlayer;
3081 struct gsm48_rr_hdr *nrrh;
3083 LOGP(DSUM, LOGL_INFO, "Radio link is released\n");
3085 /* send inication to upper layer */
3086 nmsg = gsm48_rr_msgb_alloc(GSM48_RR_REL_IND);
3089 nrrh = (struct gsm48_rr_hdr *)nmsg->data;
3090 nrrh->cause = RR_REL_CAUSE_NORMAL;
3091 gsm48_rr_upmsg(ms, nmsg);
3093 /* start release timer, so UA will be transmitted */
3094 start_rr_t_rel_wait(rr, 1, 500000);
3096 /* pending release */
3097 new_rr_state(rr, GSM48_RR_ST_REL_PEND);
3102 /* 9.1.7 CHANNEL RELEASE is received */
3103 static int gsm48_rr_rx_chan_rel(struct osmocom_ms *ms, struct msgb *msg)
3105 struct gsm48_rrlayer *rr = &ms->rrlayer;
3106 struct gsm48_hdr *gh = msgb_l3(msg);
3107 struct gsm48_chan_rel *cr = (struct gsm48_chan_rel *)gh->data;
3108 int payload_len = msgb_l3len(msg) - sizeof(*gh) - sizeof(*cr);
3109 struct tlv_parsed tp;
3113 if (payload_len < 0) {
3114 LOGP(DRR, LOGL_NOTICE, "Short read of CHANNEL RELEASE "
3116 return gsm48_rr_tx_rr_status(ms,
3117 GSM48_RR_CAUSE_PROT_ERROR_UNSPC);
3119 tlv_parse(&tp, &gsm48_rr_att_tlvdef, cr->data, payload_len, 0, 0);
3121 LOGP(DRR, LOGL_INFO, "channel release request with cause 0x%02x)\n",
3125 if (TLVP_PRESENT(&tp, GSM48_IE_BA_RANGE)) {
3126 gsm48_decode_ba_range(TLVP_VAL(&tp, GSM48_IE_BA_RANGE),
3127 *(TLVP_VAL(&tp, GSM48_IE_BA_RANGE) - 1), rr->ba_range,
3129 sizeof(rr->ba_range) / sizeof(rr->ba_range[0]));
3130 /* NOTE: the ranges are kept until IDLE state is returned
3131 * (see new_rr_state)
3135 new_rr_state(rr, GSM48_RR_ST_REL_PEND);
3137 /* start T3110, so that two DISCs can be sent due to T200 timeout */
3138 start_rr_t3110(rr, 1, 500000);
3140 /* disconnect the main signalling link */
3141 nmsg = gsm48_l3_msgb_alloc();
3144 mode = msgb_put(nmsg, 2);
3145 mode[0] = RSL_IE_RELEASE_MODE;
3146 mode[1] = 0; /* normal release */
3147 return gsm48_send_rsl(ms, RSL_MT_REL_REQ, nmsg);
3151 * assignment and handover
3154 /* 9.1.3 sending ASSIGNMENT COMPLETE */
3155 static int gsm48_rr_tx_ass_cpl(struct osmocom_ms *ms, uint8_t cause)
3158 struct gsm48_hdr *gh;
3159 struct gsm48_ass_cpl *ac;
3161 LOGP(DRR, LOGL_INFO, "ASSIGNMENT COMPLETE (cause #%d)\n", cause);
3163 nmsg = gsm48_l3_msgb_alloc();
3166 gh = (struct gsm48_hdr *) msgb_put(nmsg, sizeof(*gh));
3167 ac = (struct gsm48_ass_cpl *) msgb_put(nmsg, sizeof(*ac));
3169 gh->proto_discr = GSM48_PDISC_RR;
3170 gh->msg_type = GSM48_MT_RR_ASS_COMPL;
3173 ac->rr_cause = cause;
3175 return gsm48_send_rsl(ms, RSL_MT_DATA_REQ, nmsg);
3178 /* 9.1.4 sending ASSIGNMENT FAILURE */
3179 static int gsm48_rr_tx_ass_fail(struct osmocom_ms *ms, uint8_t cause)
3182 struct gsm48_hdr *gh;
3183 struct gsm48_ass_fail *af;
3185 LOGP(DRR, LOGL_INFO, "ASSIGNMENT FAILURE (cause #%d)\n", cause);
3187 nmsg = gsm48_l3_msgb_alloc();
3190 gh = (struct gsm48_hdr *) msgb_put(nmsg, sizeof(*gh));
3191 af = (struct gsm48_ass_fail *) msgb_put(nmsg, sizeof(*af));
3193 gh->proto_discr = GSM48_PDISC_RR;
3194 gh->msg_type = GSM48_MT_RR_ASS_COMPL;
3197 af->rr_cause = cause;
3199 return gsm48_send_rsl(ms, RSL_MT_DATA_REQ, nmsg);
3202 /* 9.1.2 ASSIGNMENT COMMAND is received */
3203 static int gsm48_rr_rx_ass_cmd(struct osmocom_ms *ms, struct msgb *msg)
3205 // struct gsm48_rrlayer *rr = &ms->rrlayer;
3206 struct gsm48_hdr *gh = msgb_l3(msg);
3207 struct gsm48_ass_cmd *ac = (struct gsm48_ass_cmd *)gh->data;
3208 int payload_len = msgb_l3len(msg) - sizeof(*gh) - sizeof(*ac);
3209 struct tlv_parsed tp;
3210 struct gsm48_rr_cd cd;
3212 LOGP(DRR, LOGL_INFO, "ASSIGNMENT COMMAND\n");
3214 memset(&cd, 0, sizeof(cd));
3216 if (payload_len < 0) {
3217 LOGP(DRR, LOGL_NOTICE, "Short read of ASSIGNMENT COMMAND message.\n");
3218 return gsm48_rr_tx_rr_status(ms, GSM48_RR_CAUSE_PROT_ERROR_UNSPC);
3220 tlv_parse(&tp, &gsm48_rr_att_tlvdef, ac->data, payload_len, 0, 0);
3223 /* channel description */
3224 memcpy(&cd.chan_desc, &ac->chan_desc, sizeof(chan_desc));
3226 cd.power_command = ac->power_command;
3227 /* frequency list, after timer */
3228 tlv_copy(&cd.fl, sizeof(fl_after), &tp, GSM48_IE_FRQLIST_AFTER);
3229 /* cell channel description */
3230 tlv_copy(&cd.ccd, sizeof(ccd), &tp, GSM48_IE_CELL_CH_DESC);
3231 /* multislot allocation */
3232 tlv_copy(&cd.multia, sizeof(ma), &tp, GSM48_IE_MSLOT_DESC);
3234 tlv_copy(&cd.chanmode, sizeof(chanmode), &tp, GSM48_IE_CHANMODE_1);
3235 /* mobile allocation, after time */
3236 tlv_copy(&cd.moba_after, sizeof(moba_after), &tp, GSM48_IE_MOB_AL_AFTER);
3238 tlv_copy(&cd.start, sizeof(start), &tp, GSM_IE_START_TIME);
3239 /* frequency list, before time */
3240 tlv_copy(&cd.fl_before, sizeof(fl_before), &tp, GSM48_IE_FRQLIST_BEFORE);
3241 /* channel description, before time */
3242 tlv_copy(&cd.chan_desc_before, sizeof(cd_before), &tp, GSM48_IE_CHDES_1_BEFORE);
3243 /* frequency channel sequence, before time */
3244 tlv_copy(&cd.fcs_before, sizeof(fcs_before), &tp, GSM48_IE_FRQSEQ_BEFORE);
3245 /* mobile allocation, before time */
3246 tlv_copy(&cd.moba_before, sizeof(moba_before), &tp, GSM48_IE_MOB_AL_BEFORE);
3247 /* cipher mode setting */
3248 if (TLVP_PRESENT(&tp, GSM48_IE_CIP_MODE_SET))
3249 cd.cipher = *TLVP_VAL(&tp, GSM48_IE_CIP_MODE_SET);
3254 LOGP(DRR, LOGL_INFO, "No current cell allocation available.\n");
3255 return gsm48_rr_tx_ass_fail(ms, GSM48_GSM48_RR_CAUSE_NO_CELL_ALLOC_A);
3258 if (not supported) {
3259 LOGP(DRR, LOGL_INFO, "New channel is not supported.\n");
3260 return gsm48_rr_tx_ass_fail(ms, GSM48_RR_CAUSE_CHAN_MODE_UNACCEPT);
3263 if (freq not supported) {
3264 LOGP(DRR, LOGL_INFO, "New frequency is not supported.\n");
3265 return gsm48_rr_tx_ass_fail(ms, GSM48_RR_CAUSE_FREQ_NOT_IMPL);
3268 /* store current channel descriptions, to return in case of failure */
3269 memcpy(&rr->chan_last, &rr->chan_desc, sizeof(*cd));
3270 /* copy new description */
3271 memcpy(&rr->chan_desc, cd, sizeof(cd));
3273 /* start suspension of current link */
3274 nmsg = gsm48_l3_msgb_alloc();
3277 gsm48_send_rsl(ms, RSL_MT_SUSP_REQ, msg);
3279 /* change into special assignment suspension state */
3280 rr->assign_susp_state = 1;
3281 rr->resume_last_state = 0;
3283 return gsm48_rr_tx_ass_fail(ms, GSM48_RR_CAUSE_FREQ_NOT_IMPL);
3290 * radio ressource requests
3293 /* establish request for dedicated mode */
3294 static int gsm48_rr_est_req(struct osmocom_ms *ms, struct msgb *msg)
3296 struct gsm48_rrlayer *rr = &ms->rrlayer;
3297 struct gsm322_cellsel *cs = &ms->cellsel;
3298 struct gsm48_sysinfo *s = cs->si;
3299 struct gsm_subscriber *subscr = &ms->subscr;
3300 struct gsm48_rr_hdr *rrh = (struct gsm48_rr_hdr *) msg->data;
3301 struct gsm48_hdr *gh = msgb_l3(msg);
3304 struct gsm48_rr_hdr *nrrh;
3308 if (bsc_timer_pending(&rr->t3122)) {
3309 if (rrh->cause != RR_EST_CAUSE_EMERGENCY) {
3310 LOGP(DRR, LOGL_INFO, "T3122 running, rejecting!\n");
3311 cause = RR_REL_CAUSE_T3122;
3313 LOGP(DSUM, LOGL_INFO, "Establishing radio link not "
3315 nmsg = gsm48_rr_msgb_alloc(GSM48_RR_REL_IND);
3318 nrrh = (struct gsm48_rr_hdr *)nmsg->data;
3319 nrrh->cause = cause;
3320 return gsm48_rr_upmsg(ms, nmsg);
3322 LOGP(DRR, LOGL_INFO, "T3122 running, but emergency call\n");
3326 /* if state is not idle */
3327 if (rr->state != GSM48_RR_ST_IDLE) {
3328 LOGP(DRR, LOGL_INFO, "We are not IDLE yet, rejecting!\n");
3329 cause = RR_REL_CAUSE_TRY_LATER;
3334 if (!cs->selected) {
3335 LOGP(DRR, LOGL_INFO, "No cell selected, rejecting!\n");
3336 cause = RR_REL_CAUSE_TRY_LATER;
3340 /* check if camping */
3341 if (cs->state != GSM322_C3_CAMPED_NORMALLY
3342 && rrh->cause != RR_EST_CAUSE_EMERGENCY) {
3343 LOGP(DRR, LOGL_INFO, "Not camping normally, rejecting!\n");
3344 cause = RR_REL_CAUSE_EMERGENCY_ONLY;
3347 if (cs->state != GSM322_C3_CAMPED_NORMALLY
3348 && cs->state != GSM322_C7_CAMPED_ANY_CELL) {
3349 LOGP(DRR, LOGL_INFO, "Not camping, rejecting!\n");
3350 cause = RR_REL_CAUSE_TRY_LATER;
3354 /* check for relevant informations */
3356 LOGP(DRR, LOGL_INFO, "Not enough SI, rejecting!\n");
3357 cause = RR_REL_CAUSE_TRY_LATER;
3362 if (!subscr->acc_barr && s->cell_barr) {
3363 LOGP(DRR, LOGL_INFO, "Cell barred, rejecting!\n");
3364 cause = RR_REL_CAUSE_NOT_AUTHORIZED;
3367 if (rrh->cause == RR_EST_CAUSE_EMERGENCY)
3368 acc_class = subscr->acc_class | 0x0400;
3370 acc_class = subscr->acc_class & 0xfbff;
3371 if (!subscr->acc_barr && !(acc_class & (s->class_barr ^ 0xffff))) {
3372 LOGP(DRR, LOGL_INFO, "Cell barred for our access class (access "
3373 "%04x barred %04x)!\n", acc_class, s->class_barr);
3374 cause = RR_REL_CAUSE_NOT_AUTHORIZED;
3378 /* requested by RR */
3381 /* clone and store REQUEST message */
3383 LOGP(DRR, LOGL_ERROR, "Error, missing l3 message\n");
3386 rr->rr_est_msg = gsm48_l3_msgb_alloc();
3387 if (!rr->rr_est_msg)
3389 memcpy(msgb_put(rr->rr_est_msg, msgb_l3len(msg)),
3390 msgb_l3(msg), msgb_l3len(msg));
3392 /* request channel */
3393 return gsm48_rr_chan_req(ms, rrh->cause, 0);
3396 /* send all queued messages down to layer 2 */
3397 static int gsm48_rr_dequeue_down(struct osmocom_ms *ms)
3399 struct gsm48_rrlayer *rr = &ms->rrlayer;
3402 while((msg = msgb_dequeue(&rr->downqueue))) {
3403 LOGP(DRR, LOGL_INFO, "Sending queued message.\n");
3404 gsm48_send_rsl(ms, RSL_MT_DATA_REQ, msg);
3410 /* 3.4.2 transfer data in dedicated mode */
3411 static int gsm48_rr_data_req(struct osmocom_ms *ms, struct msgb *msg)
3413 struct gsm48_rrlayer *rr = &ms->rrlayer;
3415 if (rr->state != GSM48_RR_ST_DEDICATED) {
3420 /* pull RR header */
3421 msgb_pull(msg, sizeof(struct gsm48_rr_hdr));
3423 /* queue message, during handover or assignment procedure */
3424 if (rr->hando_susp_state || rr->assign_susp_state) {
3425 LOGP(DRR, LOGL_INFO, "Queueing message during suspend.\n");
3426 msgb_enqueue(&rr->downqueue, msg);
3430 /* forward message */
3431 return gsm48_send_rsl(ms, RSL_MT_DATA_REQ, msg);
3435 * data indications from data link
3438 /* 3.4.2 data from layer 2 to RR and upper layer*/
3439 static int gsm48_rr_data_ind(struct osmocom_ms *ms, struct msgb *msg)
3441 struct gsm48_hdr *gh = msgb_l3(msg);
3442 struct gsm48_rr_hdr *rrh;
3443 uint8_t pdisc = gh->proto_discr & 0x0f;
3445 if (pdisc == GSM48_PDISC_RR) {
3447 uint8_t skip_ind = (gh->proto_discr & 0xf0) >> 4;
3449 /* ignore if skip indicator is not B'0000' */
3453 switch(gh->msg_type) {
3454 case GSM48_MT_RR_ADD_ASS:
3455 rc = gsm48_rr_rx_add_ass(ms, msg);
3457 case GSM48_MT_RR_ASS_CMD:
3458 rc = gsm48_rr_rx_ass_cmd(ms, msg);
3461 case GSM48_MT_RR_CIP_MODE_CMD:
3462 rc = gsm48_rr_rx_cip_mode_cmd(ms, msg);
3465 case GSM48_MT_RR_CLSM_ENQ:
3466 rc = gsm48_rr_rx_cm_enq(ms, msg);
3469 case GSM48_MT_RR_HANDO_CMD:
3470 rc = gsm48_rr_rx_hando_cmd(ms, msg);
3472 case GSM48_MT_RR_FREQ_REDEF:
3473 rc = gsm48_rr_rx_freq_redef(ms, msg);
3476 case GSM48_MT_RR_CHAN_REL:
3477 rc = gsm48_rr_rx_chan_rel(ms, msg);
3480 LOGP(DRR, LOGL_NOTICE, "Message type 0x%02x unknown.\n",
3483 /* status message */
3484 gsm48_rr_tx_rr_status(ms, GSM48_RR_CAUSE_MSG_TYPE_N);
3491 /* pull off RSL header up to L3 message */
3492 msgb_pull(msg, (long)msgb_l3(msg) - (long)msg->data);
3494 /* push RR header */
3495 msgb_push(msg, sizeof(struct gsm48_rr_hdr));
3496 rrh = (struct gsm48_rr_hdr *)msg->data;
3497 rrh->msg_type = GSM48_RR_DATA_IND;
3499 return gsm48_rr_upmsg(ms, msg);
3502 /* receive BCCH at RR layer */
3503 static int gsm48_rr_rx_bcch(struct osmocom_ms *ms, struct msgb *msg)
3505 struct gsm48_system_information_type_header *sih = msgb_l3(msg);
3507 switch (sih->system_information) {
3508 case GSM48_MT_RR_SYSINFO_1:
3509 return gsm48_rr_rx_sysinfo1(ms, msg);
3510 case GSM48_MT_RR_SYSINFO_2:
3511 return gsm48_rr_rx_sysinfo2(ms, msg);
3512 case GSM48_MT_RR_SYSINFO_2bis:
3513 return gsm48_rr_rx_sysinfo2bis(ms, msg);
3514 case GSM48_MT_RR_SYSINFO_2ter:
3515 return gsm48_rr_rx_sysinfo2ter(ms, msg);
3516 case GSM48_MT_RR_SYSINFO_3:
3517 return gsm48_rr_rx_sysinfo3(ms, msg);
3518 case GSM48_MT_RR_SYSINFO_4:
3519 return gsm48_rr_rx_sysinfo4(ms, msg);
3522 LOGP(DRR, LOGL_NOTICE, "BCCH message type 0x%02x not sup.\n",
3523 sih->system_information);
3529 /* receive CCCH at RR layer */
3530 static int gsm48_rr_rx_pch_agch(struct osmocom_ms *ms, struct msgb *msg)
3532 struct gsm48_system_information_type_header *sih = msgb_l3(msg);
3534 switch (sih->system_information) {
3535 case GSM48_MT_RR_PAG_REQ_1:
3536 return gsm48_rr_rx_pag_req_1(ms, msg);
3537 case GSM48_MT_RR_PAG_REQ_2:
3538 return gsm48_rr_rx_pag_req_2(ms, msg);
3539 case GSM48_MT_RR_PAG_REQ_3:
3540 return gsm48_rr_rx_pag_req_3(ms, msg);
3542 case GSM48_MT_RR_IMM_ASS:
3543 return gsm48_rr_rx_imm_ass(ms, msg);
3544 case GSM48_MT_RR_IMM_ASS_EXT:
3545 return gsm48_rr_rx_imm_ass_ext(ms, msg);
3546 case GSM48_MT_RR_IMM_ASS_REJ:
3547 return gsm48_rr_rx_imm_ass_rej(ms, msg);
3549 LOGP(DRR, LOGL_NOTICE, "CCCH message type 0x%02x unknown.\n",
3550 sih->system_information);
3555 /* receive ACCH at RR layer */
3556 static int gsm48_rr_rx_acch(struct osmocom_ms *ms, struct msgb *msg)
3558 struct gsm48_system_information_type_header *sih = msgb_l3(msg);
3560 switch (sih->system_information) {
3561 case GSM48_MT_RR_SYSINFO_5:
3562 return gsm48_rr_rx_sysinfo5(ms, msg);
3563 case GSM48_MT_RR_SYSINFO_5bis:
3564 return gsm48_rr_rx_sysinfo5bis(ms, msg);
3565 case GSM48_MT_RR_SYSINFO_5ter:
3566 return gsm48_rr_rx_sysinfo5ter(ms, msg);
3567 case GSM48_MT_RR_SYSINFO_6:
3568 return gsm48_rr_rx_sysinfo6(ms, msg);
3570 LOGP(DRR, LOGL_NOTICE, "ACCH message type 0x%02x unknown.\n",
3571 sih->system_information);
3576 /* unit data from layer 2 to RR layer */
3577 static int gsm48_rr_unit_data_ind(struct osmocom_ms *ms, struct msgb *msg)
3579 struct gsm322_cellsel *cs = &ms->cellsel;
3580 struct abis_rsl_rll_hdr *rllh = msgb_l2(msg);
3581 struct tlv_parsed tv;
3583 DEBUGP(DRSL, "RSLms UNIT DATA IND chan_nr=0x%02x link_id=0x%02x\n",
3584 rllh->chan_nr, rllh->link_id);
3586 rsl_tlv_parse(&tv, rllh->data, msgb_l2len(msg)-sizeof(*rllh));
3587 if (!TLVP_PRESENT(&tv, RSL_IE_L3_INFO)) {
3588 DEBUGP(DRSL, "UNIT_DATA_IND without L3 INFO ?!?\n");
3591 msg->l3h = (uint8_t *) TLVP_VAL(&tv, RSL_IE_L3_INFO);
3593 if (cs->ccch_state != GSM322_CCCH_ST_SYNC
3594 && cs->ccch_state != GSM322_CCCH_ST_DATA)
3597 /* when camping, start/reset loss timer */
3598 if (cs->state == GSM322_C3_CAMPED_NORMALLY
3599 || cs->state == GSM322_C7_CAMPED_ANY_CELL) {
3600 struct gsm48_sysinfo *s = &ms->cellsel.sel_si;
3602 set radio link timeout on layer 1
3603 it is the number of subsequent BCCH blocks. (about 1/4 seconds)
3605 start_loss_timer(cs, s->bcch_radio_link_timeout / 4, 0);
3609 /* temporary moved here until confirm is fixed */
3610 if (cs->ccch_state != GSM322_CCCH_ST_DATA) {
3611 LOGP(DCS, LOGL_INFO, "Channel provides data.\n");
3612 cs->ccch_state = GSM322_CCCH_ST_DATA;
3614 /* in dedicated mode */
3615 if (ms->rrlayer.state == GSM48_RR_ST_CONN_PEND)
3616 return gsm48_rr_tx_rand_acc(ms, NULL);
3618 /* set timer for reading BCCH */
3619 if (cs->state == GSM322_C2_STORED_CELL_SEL
3620 || cs->state == GSM322_C1_NORMAL_CELL_SEL
3621 || cs->state == GSM322_C6_ANY_CELL_SEL
3622 || cs->state == GSM322_C4_NORMAL_CELL_RESEL
3623 || cs->state == GSM322_C8_ANY_CELL_RESEL
3624 || cs->state == GSM322_C5_CHOOSE_CELL
3625 || cs->state == GSM322_C9_CHOOSE_ANY_CELL
3626 || cs->state == GSM322_PLMN_SEARCH
3627 || cs->state == GSM322_HPLMN_SEARCH)
3628 start_cs_timer(cs, ms->support.scan_to, 0);
3629 // TODO: timer depends on BCCH config
3632 if (rllh->chan_nr == RSL_CHAN_PCH_AGCH)
3633 return gsm48_rr_rx_pch_agch(ms, msg);
3634 if (rllh->chan_nr == RSL_CHAN_BCCH)
3635 return gsm48_rr_rx_bcch(ms, msg);
3636 if ((rllh->chan_nr & 0xf0) == RSL_CHAN_SDCCH4_ACCH)
3637 return gsm48_rr_rx_acch(ms, msg);
3638 if ((rllh->chan_nr & 0xf0) == RSL_CHAN_SDCCH8_ACCH)
3639 return gsm48_rr_rx_acch(ms, msg);
3640 LOGP(DRSL, LOGL_NOTICE, "RSL with chan_nr 0x%02x unknown.\n",
3645 /* 3.4.13.3 RR abort in dedicated mode (also in conn. pending mode) */
3646 static int gsm48_rr_abort_req(struct osmocom_ms *ms, struct msgb *msg)
3648 struct gsm48_rrlayer *rr = &ms->rrlayer;
3651 /* stop pending RACH timer */
3654 /* release "normally" if we are in dedicated mode */
3655 if (rr->state == GSM48_RR_ST_DEDICATED) {
3658 LOGP(DRR, LOGL_INFO, "Abort in dedicated state, send release "
3661 new_rr_state(rr, GSM48_RR_ST_REL_PEND);
3663 /* release message */
3664 nmsg = gsm48_l3_msgb_alloc();
3667 mode = msgb_put(nmsg, 2);
3668 mode[0] = RSL_IE_RELEASE_MODE;
3669 mode[1] = 0; /* normal release */
3670 return gsm48_send_rsl(ms, RSL_MT_REL_REQ, nmsg);
3673 LOGP(DRR, LOGL_INFO, "Abort in connection pending state, return to "
3676 new_rr_state(rr, GSM48_RR_ST_REL_PEND);
3681 /* release confirm in dedicated mode */
3682 static int gsm48_rr_susp_cnf_dedicated(struct osmocom_ms *ms, struct msgb *msg)
3684 struct gsm48_rrlayer *rr = &ms->rrlayer;
3686 if (rr->hando_susp_state || rr->assign_susp_state) {
3689 /* change radio to new channel */
3690 //todo tx_ph_dm_est_req(ms, rr->cd_now.arfcn, rr->cd_now.chan_nr,
3693 /* send DL-ESTABLISH REQUEST */
3694 nmsg = gsm48_l3_msgb_alloc();
3697 gsm48_send_rsl(ms, RSL_MT_EST_REQ, nmsg);
3701 if (rr->hando_susp_state) {
3702 gsm48_rr_tx_hando_access(ms);
3703 rr->hando_acc_left = 3;
3710 /* release confirm */
3711 static int gsm48_rr_rel_cnf(struct osmocom_ms *ms, struct msgb *msg)
3713 struct gsm48_rrlayer *rr = &ms->rrlayer;
3715 struct gsm48_rr_hdr *nrrh;
3717 LOGP(DSUM, LOGL_INFO, "Requesting channel aborted\n");
3719 /* stop T3211 if running */
3722 /* send release indication */
3723 nmsg = gsm48_rr_msgb_alloc(GSM48_RR_REL_IND);
3726 nrrh = (struct gsm48_rr_hdr *)nmsg->data;
3727 nrrh->cause = RR_REL_CAUSE_NORMAL;
3728 gsm48_rr_upmsg(ms, nmsg);
3731 new_rr_state(rr, GSM48_RR_ST_IDLE);
3739 /* state trasitions for link layer messages (lower layer) */
3740 static struct dldatastate {
3743 int (*rout) (struct osmocom_ms *ms, struct msgb *msg);
3744 } dldatastatelist[] = {
3746 {SBIT(GSM48_RR_ST_IDLE) |
3747 SBIT(GSM48_RR_ST_CONN_PEND) |
3748 SBIT(GSM48_RR_ST_DEDICATED) |
3749 SBIT(GSM48_RR_ST_REL_PEND),
3750 RSL_MT_UNIT_DATA_IND, gsm48_rr_unit_data_ind},
3752 {SBIT(GSM48_RR_ST_DEDICATED), /* 3.4.2 */
3753 RSL_MT_DATA_IND, gsm48_rr_data_ind},
3756 {SBIT(GSM48_RR_ST_CONN_PEND), /* 3.3.1.1.2 */
3757 RSL_MT_CHAN_CNF, gsm48_rr_tx_rand_acc},
3759 {SBIT(GSM48_RR_ST_IDLE) |
3760 SBIT(GSM48_RR_ST_CONN_PEND) |
3761 SBIT(GSM48_RR_ST_REL_PEND),
3762 RSL_MT_EST_CONF, gsm48_rr_estab_cnf},
3765 {SBIT(GSM48_RR_ST_DEDICATED),
3766 RSL_MT_EST_CONF, gsm48_rr_estab_cnf_dedicated},
3769 RSL_MT_CONNECT_CNF, gsm48_rr_connect_cnf},
3774 {SBIT(GSM48_RR_ST_CONN_PEND) |
3775 SBIT(GSM48_RR_ST_DEDICATED),
3776 RSL_MT_REL_IND, gsm48_rr_rel_ind},
3778 {SBIT(GSM48_RR_ST_REL_PEND),
3779 RSL_MT_REL_CONF, gsm48_rr_rel_cnf},
3782 {SBIT(GSM48_RR_ST_DEDICATED),
3783 RSL_MT_SUSP_CONF, gsm48_rr_susp_cnf_dedicated},
3786 {SBIT(GSM48_RR_ST_DEDICATED),
3787 RSL_MT_CHAN_CNF, gsm48_rr_rand_acc_cnf_dedicated},
3790 RSL_MT_MDL_ERROR_IND, gsm48_rr_mdl_error_ind},
3794 #define DLDATASLLEN \
3795 (sizeof(dldatastatelist) / sizeof(struct dldatastate))
3797 static int gsm48_rcv_rsl(struct osmocom_ms *ms, struct msgb *msg)
3799 struct gsm48_rrlayer *rr = &ms->rrlayer;
3800 struct abis_rsl_rll_hdr *rllh = msgb_l2(msg);
3801 int msg_type = rllh->c.msg_type;
3805 if (msg_type != RSL_MT_UNIT_DATA_IND) {
3806 LOGP(DRSL, LOGL_INFO, "(ms %s) Received '%s' from L2 in state "
3807 "%s\n", ms->name, get_rsl_name(msg_type),
3808 gsm48_rr_state_names[rr->state]);
3811 /* find function for current state and message */
3812 for (i = 0; i < DLDATASLLEN; i++)
3813 if ((msg_type == dldatastatelist[i].type)
3814 && ((1 << rr->state) & dldatastatelist[i].states))
3816 if (i == DLDATASLLEN) {
3817 LOGP(DRSL, LOGL_NOTICE, "RSLms message unhandled\n");
3822 rc = dldatastatelist[i].rout(ms, msg);
3824 /* free msgb unless it is forwarded */
3825 if (dldatastatelist[i].rout != gsm48_rr_data_ind)
3831 /* state trasitions for RR-SAP messages from up */
3832 static struct rrdownstate {
3835 int (*rout) (struct osmocom_ms *ms, struct msgb *msg);
3836 } rrdownstatelist[] = {
3837 /* NOTE: If not IDLE, it is rejected there. */
3838 {ALL_STATES, /* 3.3.1.1 */
3839 GSM48_RR_EST_REQ, gsm48_rr_est_req},
3841 {SBIT(GSM48_RR_ST_DEDICATED), /* 3.4.2 */
3842 GSM48_RR_DATA_REQ, gsm48_rr_data_req},
3844 {SBIT(GSM48_RR_ST_CONN_PEND) |
3845 SBIT(GSM48_RR_ST_DEDICATED), /* 3.4.13.3 */
3846 GSM48_RR_ABORT_REQ, gsm48_rr_abort_req},
3849 {SBIT(GSM48_RR_ST_DEDICATED),
3850 GSM48_RR_ACT_REQ, gsm48_rr_act_req},
3854 #define RRDOWNSLLEN \
3855 (sizeof(rrdownstatelist) / sizeof(struct rrdownstate))
3857 int gsm48_rr_downmsg(struct osmocom_ms *ms, struct msgb *msg)
3859 struct gsm48_rrlayer *rr = &ms->rrlayer;
3860 struct gsm48_rr_hdr *rrh = (struct gsm48_rr_hdr *) msg->data;
3861 int msg_type = rrh->msg_type;
3865 LOGP(DRR, LOGL_INFO, "(ms %s) Message '%s' received in state %s\n",
3866 ms->name, get_rr_name(msg_type),
3867 gsm48_rr_state_names[rr->state]);
3869 /* find function for current state and message */
3870 for (i = 0; i < RRDOWNSLLEN; i++)
3871 if ((msg_type == rrdownstatelist[i].type)
3872 && ((1 << rr->state) & rrdownstatelist[i].states))
3874 if (i == RRDOWNSLLEN) {
3875 LOGP(DRR, LOGL_NOTICE, "Message unhandled at this state.\n");
3880 rc = rrdownstatelist[i].rout(ms, msg);
3882 /* free msgb uless it is forwarded */
3883 if (rrdownstatelist[i].rout != gsm48_rr_data_req)
3893 int gsm48_rr_init(struct osmocom_ms *ms)
3895 struct gsm48_rrlayer *rr = &ms->rrlayer;
3897 memset(rr, 0, sizeof(*rr));
3900 LOGP(DRR, LOGL_INFO, "init Radio Ressource process\n");
3902 INIT_LLIST_HEAD(&rr->rsl_upqueue);
3903 INIT_LLIST_HEAD(&rr->downqueue);
3904 /* downqueue is handled here, so don't add_work */
3906 osmol2_register_handler(ms, &gsm48_rx_rsl);
3911 int gsm48_rr_exit(struct osmocom_ms *ms)
3913 struct gsm48_rrlayer *rr = &ms->rrlayer;
3916 LOGP(DRR, LOGL_INFO, "exit Radio Ressource process\n");
3919 while ((msg = msgb_dequeue(&rr->rsl_upqueue)))
3921 while ((msg = msgb_dequeue(&rr->downqueue)))
3924 if (rr->rr_est_msg) {
3925 msgb_free(rr->rr_est_msg);
3926 rr->rr_est_msg = NULL;
3929 stop_rr_t_rel_wait(rr);
3939 the process above is complete
3940 ------------------------------------------------------------------------------
3963 stop timers on abort
3964 wird beim abbruch immer der gepufferte cm-service-request entfernt, auch beim verschicken?:
3966 todo rr_sync_ind when receiving ciph, re ass, channel mode modify
3968 todo change procedures, release procedure
3970 static int gsm48_rr_act_req(struct osmocom_ms *ms, struct gsm48_rr *rrmsg)
3977 /* memcopy of LV of given IE from tlv_parsed structure */
3978 static int tlv_copy(void *dest, int dest_len, struct tlv_parsed *tp, uint8_t ie)
3987 if (!TLVP_PRESENT(tp, ie))
3990 len = TLVP_LEN(tp, ie);
3993 if (len + 1 > dest_len)
3996 memcpy(dest, TLVP_VAL(tp, ie) - 1, len + 1);
4001 /* decode "Cell Description" (10.5.2.2) */
4002 static int gsm48_decode_cell_desc(struct gsm48_cell_desc *cd, uint16_t *arfcn, uint8_t *ncc uint8_t *bcc)
4004 *arfcn = (cd->bcch_hi << 8) + cd->bcch_lo;
4009 /* decode "Power Command" (10.5.2.28) and (10.5.2.28a) */
4010 static int gsm48_decode_power_cmd_acc(struct gsm48_power_cmd *pc, uint8_t *power_level uint8_t *atc)
4012 *power_level = pc->power_level;
4013 if (atc) /* only in case of 10.5.2.28a */
4017 /* decode "Synchronization Indication" (10.5.2.39) */
4018 static int gsm48_decode_power_cmd_acc(struct gsm48_rrlayer *rr, struct gsm48_rr_sync_ind *si)
4020 rr->ho_sync_ind = si->si;
4021 rr->ho_rot = si->rot;
4022 rr->ho_nci = si->nci;
4025 /* receiving HANDOVER COMMAND message (9.1.15) */
4026 static int gsm48_rr_rx_hando_cmd(struct osmocom_ms *ms, struct msgb *msg)
4028 struct gsm48_rrlayer *rr = ms->rrlayer;
4029 struct gsm48_hdr *gh = msgb_l3(msg);
4030 struct gsm48_ho_cmd *ho = (struct gsm48_ho_cmd *)gh->data;
4031 int payload_len = msgb_l3len(msg) - sizeof(*gh) - wirklich sizeof(*ho);
4032 struct tlv_parsed tp;
4033 struct gsm48_rr_cd cd;
4036 memset(&cd, 0, sizeof(cd));
4038 if (payload_len < 0) {
4039 LOGP(DRR, LOGL_NOTICE, "Short read of HANDOVER COMMAND message.\n");
4040 return gsm48_rr_tx_rr_status(ms, GSM48_RR_CAUSE_PROT_ERROR_UNSPC);
4042 tlv_parse(&tp, &gsm48_rr_att_tlvdef, ho->data, payload_len, 0, 0);
4044 /* decode Cell Description */
4045 gsm_decode_cell_desc(&ho->cell_desc, &cd.bcch_arfcn, &cd.ncc, &cd.bcc);
4046 /* Channel Description */
4047 memcpy(&rr->chan_desc.chan_desc, ho->chan_desc, 3);
4048 /* Handover Reference */
4049 rr->hando_ref = ho->ho_ref;
4050 /* Power Command and access type */
4051 gsm_decode_power_cmd_acc((struct gsm48_power_cmd *)&ho->power_command,
4052 &cd.power_level, cd.atc);
4053 /* Synchronization Indication */
4054 if (TLVP_PRESENT(&tp, GSM48_IE_SYNC_IND))
4055 gsm48_decode_sync_ind(rr,
4056 TLVP_VAL(&tp, GSM48_IE_SYNC_IND)-1, &cd);
4057 /* Frequency Sort List */
4058 if (TLVP_PRESENT(&tp, GSM48_IE_FREQ_SHORT_LIST))
4059 gsm48_decode_freq_list(&ms->support, s->freq,
4060 TLVP_VAL(&tp, GSM48_IE_FREQ_SHORT_LIST),
4061 *(TLVP_VAL(&tp, GSM48_IE_FREQ_SHORT_LIST)-1),
4062 0xce, FREQ_TYPE_SERV);
4065 today: more IE parsing
4067 /* store current channel descriptions, to return in case of failure */
4068 memcpy(&rr->chan_last, &rr->chan_desc, sizeof(*cd));
4069 /* copy new description */
4070 memcpy(&rr->chan_desc, cd, sizeof(cd));
4072 /* start suspension of current link */
4073 nmsg = gsm48_l3_msgb_alloc();
4076 gsm48_send_rsl(ms, RSL_MT_SUSP_REQ, msg);
4078 /* change into special handover suspension state */
4079 rr->hando_susp_state = 1;
4080 rr->resume_last_state = 0;
4085 static int gsm48_rr_estab_cnf_dedicated(struct osmocom_ms *ms, struct msgb *msg)
4087 if (rr->hando_susp_state || rr->assign_susp_state) {
4088 if (rr->resume_last_state) {
4089 rr->resume_last_state = 0;
4090 gsm48_rr_tx_ass_cpl(ms, GSM48_RR_CAUSE_NORMAL);
4092 gsm48_rr_tx_ass_fail(ms, GSM48_RR_CAUSE_PROTO_ERR_UNSPEC);
4094 /* transmit queued frames during ho / ass transition */
4095 gsm48_rr_dequeue_down(ms);
4101 static int gsm48_rr_connect_cnf(struct osmocom_ms *ms, struct msgbl *msg)
4105 static int gsm48_rr_mdl_error_ind(struct osmocom_ms *ms, struct msgb *msg)
4107 struct gsm48_rrlayer *rr = ms->rrlayer;
4109 struct gsm_rr_hdr *nrrh;
4111 printing of the cause
4113 switch (msg->l3h[0]) {
4114 case RLL_CAUSE_SEQ_ERR:
4115 case RLL_CAUSE_UNSOL_DM_RESP_MF:
4116 einige muessen ignoriert werden
4117 andere gelten als release
4120 if (rr->hando_susp_state || rr->assign_susp_state) {
4121 if (!rr->resume_last_state) {
4122 rr->resume_last_state = 1;
4124 /* get old channel description */
4125 memcpy(&rr->chan_desc, &rr->chan_last, sizeof(*cd));
4127 /* change radio to old channel */
4128 tx_ph_dm_est_req(ms, rr->cd_now.arfcn,
4129 rr->cd_now.chan_nr, rr->cd_now.tsc);
4131 /* re-establish old link */
4132 nmsg = gsm48_l3_msgb_alloc();
4135 return gsm48_send_rsl(ms, RSL_MT_RECON_REQ, nmsg);
4137 rr->resume_last_state = 0;
4140 /* deactivate channel */
4141 tx_ph_dm_rel_req(ms, arfcn, rr->chan_desc.chan_desc.chan_nr);
4143 /* send abort ind to upper layer */
4144 nmsg = gsm48_mm_msgb_alloc();
4148 nrrh = (struct gsm_mm_hdr *)nmsg->data;
4149 nrrh->msg_type = RR_ABORT_IND;
4150 nrrh->cause = GSM_MM_CAUSE_LINK_FAILURE;
4151 return gsm48_rr_upmsg(ms, msg);
4154 static void timeout_rr_t3124(void *arg)
4156 struct gsm48_rrlayer *rr = arg;
4159 /* stop sending more access bursts when timer expired */
4162 /* get old channel description */
4163 memcpy(&rr->chan_desc, &rr->chan_last, sizeof(*cd));
4165 /* change radio to old channel */
4166 tx_ph_dm_est_req(ms, rr->cd_now.arfcn, rr->cd_now.chan_nr,
4169 /* re-establish old link */
4170 nmsg = gsm48_l3_msgb_alloc();
4173 return gsm48_send_rsl(ms, RSL_MT_REEST_REQ, nmsg);
4178 /* send HANDOVER ACCESS burst (9.1.14) */
4179 static int gsm48_rr_tx_hando_access(struct osmocom_ms *ms)
4181 nmsg = msgb_alloc_headroom(20, 16, "HAND_ACCESS");
4184 *msgb_put(nmsg, 1) = rr->hando_ref;
4186 return gsm48_send_rsl(ms, RSL_MT_RAND_ACC_REQ, nmsg);
4189 /* send next channel request in dedicated state */
4190 static int gsm48_rr_rand_acc_cnf_dedicated(struct osmocom_ms *ms, struct msgb *msg)
4192 struct gsm48_rrlayer *rr = &ms->rrlayer;
4196 if (!rr->hando_susp_state) {
4197 LOGP(DRR, LOGL_NOTICE, "Random acces confirm, but not in handover state.\n");
4201 /* send up to four handover access bursts */
4202 if (rr->hando_acc_left) {
4203 rr->hando_acc_left--;
4204 gsm48_rr_tx_hando_access(ms);
4208 /* start timer for sending next HANDOVER ACCESS bursts afterwards */
4209 if (!bsc_timer_pending(&rr->t3124)) {
4210 if (allocated channel is SDCCH)
4211 start_rr_t3124(rr, GSM_T3124_675);
4213 start_rr_t3124(rr, GSM_T3124_320);
4214 if (!rr->n_chan_req) {
4215 start_rr_t3126(rr, 5, 0); /* TODO improve! */
4220 /* wait for PHYSICAL INFORMATION message or T3124 timeout */
projects / osmocom-bb.git / blob