Gitiles
Code Review Sign In
gerrit.osmocom.org / libosmocore / 8f2c7e5b2b2c038d51653c68380837fd54b84db0 / . / src / gsm / lapdm.c
blob: f99c11938acf1ae0394385af757500a6a593fab7 [file] [log] [blame]
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]1/* GSM LAPDm (TS 04.06) implementation */
2
3/* (C) 2010-2011 by Harald Welte <laforge@gnumonks.org>
4 * (C) 2010 by Andreas Eversberg <jolly@eversberg.eu>
5 *
6 * All Rights Reserved
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License along
19 * with this program; if not, write to the Free Software Foundation, Inc.,
20 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 *
22 */
23
Harald Welte6bdf0b12011-08-17 18:22:08 +0200[diff] [blame]24/*! \addtogroup lapdm
25 * @{
26 */
27
28/*! \file lapdm.c */
29
30/*!
31 * Notes on Buffering: rcv_buffer, tx_queue, tx_hist, send_buffer, send_queue
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]32 *
33 * RX data is stored in the rcv_buffer (pointer). If the message is complete, it
34 * is removed from rcv_buffer pointer and forwarded to L3. If the RX data is
35 * received while there is an incomplete rcv_buffer, it is appended to it.
36 *
37 * TX data is stored in the send_queue first. When transmitting a frame,
38 * the first message in the send_queue is moved to the send_buffer. There it
39 * resides until all fragments are acknowledged. Fragments to be sent by I
40 * frames are stored in the tx_hist buffer for resend, if required. Also the
41 * current fragment is copied into the tx_queue. There it resides until it is
42 * forwarded to layer 1.
43 *
44 * In case we have SAPI 0, we only have a window size of 1, so the unack-
45 * nowledged message resides always in the send_buffer. In case of a suspend,
46 * it can be written back to the first position of the send_queue.
47 *
48 * The layer 1 normally sends a PH-READY-TO-SEND. But because we use
49 * asynchronous transfer between layer 1 and layer 2 (serial link), we must
50 * send a frame before layer 1 reaches the right timeslot to send it. So we
51 * move the tx_queue to layer 1 when there is not already a pending frame, and
52 * wait until acknowledge after the frame has been sent. If we receive an
53 * acknowledge, we can send the next frame from the buffer, if any.
54 *
55 * The moving of tx_queue to layer 1 may also trigger T200, if desired. Also it
56 * will trigger next I frame, if possible.
57 *
58 */
59
60#include <stdio.h>
61#include <stdint.h>
62#include <string.h>
63#include <errno.h>
64#include <arpa/inet.h>
65
66#include <osmocom/core/logging.h>
67#include <osmocom/core/timer.h>
68#include <osmocom/core/msgb.h>
69#include <osmocom/core/utils.h>
70
71#include <osmocom/gsm/tlv.h>
72#include <osmocom/gsm/rsl.h>
73#include <osmocom/gsm/prim.h>
74#include <osmocom/gsm/gsm_utils.h>
75#include <osmocom/gsm/lapdm.h>
76
77#include <osmocom/gsm/protocol/gsm_04_08.h>
78#include <osmocom/gsm/protocol/gsm_08_58.h>
79
80/* TS 04.06 Figure 4 / Section 3.2 */
81#define LAPDm_LPD_NORMAL 0
82#define LAPDm_LPD_SMSCB 1
83#define LAPDm_SAPI_NORMAL 0
84#define LAPDm_SAPI_SMS 3
85#define LAPDm_ADDR(lpd, sapi, cr) ((((lpd) & 0x3) << 5) | (((sapi) & 0x7) << 2) | (((cr) & 0x1) << 1) | 0x1)
86
87#define LAPDm_ADDR_SAPI(addr) (((addr) >> 2) & 0x7)
88#define LAPDm_ADDR_CR(addr) (((addr) >> 1) & 0x1)
89#define LAPDm_ADDR_EA(addr) ((addr) & 0x1)
90
91/* TS 04.06 Table 3 / Section 3.4.3 */
92#define LAPDm_CTRL_I(nr, ns, p) ((((nr) & 0x7) << 5) | (((p) & 0x1) << 4) | (((ns) & 0x7) << 1))
93#define LAPDm_CTRL_S(nr, s, p) ((((nr) & 0x7) << 5) | (((p) & 0x1) << 4) | (((s) & 0x3) << 2) | 0x1)
94#define LAPDm_CTRL_U(u, p) ((((u) & 0x1c) << (5-2)) | (((p) & 0x1) << 4) | (((u) & 0x3) << 2) | 0x3)
95
96#define LAPDm_CTRL_is_I(ctrl) (((ctrl) & 0x1) == 0)
97#define LAPDm_CTRL_is_S(ctrl) (((ctrl) & 0x3) == 1)
98#define LAPDm_CTRL_is_U(ctrl) (((ctrl) & 0x3) == 3)
99
100#define LAPDm_CTRL_U_BITS(ctrl) ((((ctrl) & 0xC) >> 2) | ((ctrl) & 0xE0) >> 3)
101#define LAPDm_CTRL_PF_BIT(ctrl) (((ctrl) >> 4) & 0x1)
102
103#define LAPDm_CTRL_S_BITS(ctrl) (((ctrl) & 0xC) >> 2)
104
105#define LAPDm_CTRL_I_Ns(ctrl) (((ctrl) & 0xE) >> 1)
106#define LAPDm_CTRL_Nr(ctrl) (((ctrl) & 0xE0) >> 5)
107
108/* TS 04.06 Table 4 / Section 3.8.1 */
109#define LAPDm_U_SABM 0x7
110#define LAPDm_U_DM 0x3
111#define LAPDm_U_UI 0x0
112#define LAPDm_U_DISC 0x8
113#define LAPDm_U_UA 0xC
114
115#define LAPDm_S_RR 0x0
116#define LAPDm_S_RNR 0x1
117#define LAPDm_S_REJ 0x2
118
119#define LAPDm_LEN(len) ((len << 2) | 0x1)
120#define LAPDm_MORE 0x2
121
122/* TS 04.06 Section 5.8.3 */
123#define N201_AB_SACCH 18
124#define N201_AB_SDCCH 20
125#define N201_AB_FACCH 20
126#define N201_Bbis 23
127#define N201_Bter_SACCH 21
128#define N201_Bter_SDCCH 23
129#define N201_Bter_FACCH 23
130#define N201_B4 19
131
132/* 5.8.2.1 N200 during establish and release */
133#define N200_EST_REL 5
134/* 5.8.2.1 N200 during timer recovery state */
135#define N200_TR_SACCH 5
136#define N200_TR_SDCCH 23
137#define N200_TR_FACCH_FR 34
138#define N200_TR_EFACCH_FR 48
139#define N200_TR_FACCH_HR 29
140/* FIXME: this depends on chan type */
141#define N200 N200_TR_SACCH
142
143#define CR_MS2BS_CMD 0
144#define CR_MS2BS_RESP 1
145#define CR_BS2MS_CMD 1
146#define CR_BS2MS_RESP 0
147
148/* Set T200 to 1 Second (OpenBTS uses 900ms) */
149#define T200 1, 0
150
151/* k value for each SAPI */
152static uint8_t k_sapi[] = {1, 1, 1, 1, 1, 1, 1, 1};
153
154enum lapdm_format {
155 LAPDm_FMT_A,
156 LAPDm_FMT_B,
157 LAPDm_FMT_Bbis,
158 LAPDm_FMT_Bter,
159 LAPDm_FMT_B4,
160};
161
162static void lapdm_t200_cb(void *data);
163static int rslms_send_i(struct lapdm_msg_ctx *mctx, int line);
164
165/* UTILITY FUNCTIONS */
166
167static inline uint8_t inc_mod8(uint8_t x)
168{
169 return (x + 1) & 7;
170}
171
172static inline uint8_t add_mod8(uint8_t x, uint8_t y)
173{
174 return (x + y) & 7;
175}
176
177static inline uint8_t sub_mod8(uint8_t x, uint8_t y)
178{
179 return (x - y) & 7; /* handle negative results correctly */
180}
181
182static void lapdm_dl_init(struct lapdm_datalink *dl,
183 struct lapdm_entity *entity)
184{
185 memset(dl, 0, sizeof(*dl));
186 INIT_LLIST_HEAD(&dl->send_queue);
187 INIT_LLIST_HEAD(&dl->tx_queue);
188 dl->state = LAPDm_STATE_IDLE;
189 dl->t200.data = dl;
190 dl->t200.cb = &lapdm_t200_cb;
191 dl->entity = entity;
192}
193
Harald Welte6bdf0b12011-08-17 18:22:08 +0200[diff] [blame]194/*! \brief initialize a LAPDm entity and all datalinks inside
195 * \param[in] le LAPDm entity
196 * \param[in] mode \ref lapdm_mode (BTS/MS)
197 */
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]198void lapdm_entity_init(struct lapdm_entity *le, enum lapdm_mode mode)
199{
200 unsigned int i;
201
202 for (i = 0; i < ARRAY_SIZE(le->datalink); i++)
203 lapdm_dl_init(&le->datalink[i], le);
204
205 lapdm_entity_set_mode(le, mode);
206}
207
Harald Welte6bdf0b12011-08-17 18:22:08 +0200[diff] [blame]208/*! \brief initialize a LAPDm channel and all its channels
209 * \param[in] lc \ref lapdm_channel to be initialized
210 * \param[in] mode \ref lapdm_mode (BTS/MS)
211 *
212 * This really is a convenience wrapper around calling \ref
213 * lapdm_entity_init twice.
214 */
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]215void lapdm_channel_init(struct lapdm_channel *lc, enum lapdm_mode mode)
216{
217 lapdm_entity_init(&lc->lapdm_acch, mode);
218 lapdm_entity_init(&lc->lapdm_dcch, mode);
219}
220
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]221static void lapdm_dl_flush_send(struct lapdm_datalink *dl)
222{
223 struct msgb *msg;
224
225 /* Flush send-queue */
226 while ((msg = msgb_dequeue(&dl->send_queue)))
227 msgb_free(msg);
228
229 /* Clear send-buffer */
230 if (dl->send_buffer) {
231 msgb_free(dl->send_buffer);
232 dl->send_buffer = NULL;
233 }
234}
235
236static void lapdm_dl_flush_tx(struct lapdm_datalink *dl)
237{
238 struct msgb *msg;
239 unsigned int i;
240
241 while ((msg = msgb_dequeue(&dl->tx_queue)))
242 msgb_free(msg);
243 for (i = 0; i < 8; i++)
244 dl->tx_length[i] = 0;
245}
246
Harald Welte6bdf0b12011-08-17 18:22:08 +0200[diff] [blame]247/*! \brief flush and release all resoures in LAPDm entity */
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]248void lapdm_entity_exit(struct lapdm_entity *le)
249{
250 unsigned int i;
251 struct lapdm_datalink *dl;
252
253 for (i = 0; i < ARRAY_SIZE(le->datalink); i++) {
254 dl = &le->datalink[i];
255 lapdm_dl_flush_tx(dl);
256 lapdm_dl_flush_send(dl);
257 if (dl->rcv_buffer)
258 msgb_free(dl->rcv_buffer);
259 }
260}
261
Harald Welte6bdf0b12011-08-17 18:22:08 +0200[diff] [blame]262/* \brief lfush and release all resources in LAPDm channel
263 *
264 * A convenience wrapper calling \ref lapdm_entity_exit on both
265 * entities inside the \ref lapdm_channel
266 */
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]267void lapdm_channel_exit(struct lapdm_channel *lc)
268{
269 lapdm_entity_exit(&lc->lapdm_acch);
270 lapdm_entity_exit(&lc->lapdm_dcch);
271}
272
273static void lapdm_dl_newstate(struct lapdm_datalink *dl, uint32_t state)
274{
275 LOGP(DLLAPDM, LOGL_INFO, "new state %s -> %s\n",
276 lapdm_state_names[dl->state], lapdm_state_names[state]);
277
278 dl->state = state;
279}
280
281static struct lapdm_datalink *datalink_for_sapi(struct lapdm_entity *le, uint8_t sapi)
282{
283 switch (sapi) {
284 case LAPDm_SAPI_NORMAL:
285 return &le->datalink[0];
286 case LAPDm_SAPI_SMS:
287 return &le->datalink[1];
288 default:
289 return NULL;
290 }
291}
292
293/* remove the L2 header from a MSGB */
294static inline unsigned char *msgb_pull_l2h(struct msgb *msg)
295{
296 unsigned char *ret = msgb_pull(msg, msg->l3h - msg->l2h);
297 msg->l2h = NULL;
298 return ret;
299}
300
301/* Append padding (if required) */
302static void lapdm_pad_msgb(struct msgb *msg, uint8_t n201)
303{
304 int pad_len = n201 - msgb_l2len(msg);
305 uint8_t *data;
306
307 if (pad_len < 0) {
308 LOGP(DLLAPDM, LOGL_ERROR,
309 "cannot pad message that is already too big!\n");
310 return;
311 }
312
313 data = msgb_put(msg, pad_len);
314 memset(data, 0x2B, pad_len);
315}
316
317/* input function that L2 calls when sending messages up to L3 */
318static int rslms_sendmsg(struct msgb *msg, struct lapdm_entity *le)
319{
320 if (!le->l3_cb) {
321 msgb_free(msg);
322 return -EIO;
323 }
324
325 /* call the layer2 message handler that is registered */
326 return le->l3_cb(msg, le, le->l3_ctx);
327}
328
329/* write a frame into the tx queue */
330static int tx_ph_data_enqueue(struct lapdm_datalink *dl, struct msgb *msg,
331 uint8_t chan_nr, uint8_t link_id, uint8_t n201)
332{
333 struct lapdm_entity *le = dl->entity;
334 struct osmo_phsap_prim pp;
335
336 /* if there is a pending message, queue it */
337 if (le->tx_pending || le->flags & LAPDM_ENT_F_POLLING_ONLY) {
338 *msgb_push(msg, 1) = n201;
339 *msgb_push(msg, 1) = link_id;
340 *msgb_push(msg, 1) = chan_nr;
341 msgb_enqueue(&dl->tx_queue, msg);
342 return -EBUSY;
343 }
344
345 osmo_prim_init(&pp.oph, SAP_GSM_PH, PRIM_PH_DATA,
346 PRIM_OP_REQUEST, msg);
347 pp.u.data.chan_nr = chan_nr;
348 pp.u.data.link_id = link_id;
349
350 /* send the frame now */
351 le->tx_pending = 0; /* disabled flow control */
352 lapdm_pad_msgb(msg, n201);
353
354 return le->l1_prim_cb(&pp.oph, le->l1_ctx);
355}
356
357static struct msgb *tx_dequeue_msgb(struct lapdm_entity *le)
358{
359 struct lapdm_datalink *dl;
360 int last = le->last_tx_dequeue;
361 int i = last, n = ARRAY_SIZE(le->datalink);
362 struct msgb *msg = NULL;
363
364 /* round-robin dequeue */
365 do {
366 /* next */
367 i = (i + 1) % n;
368 dl = &le->datalink[i];
369 if ((msg = msgb_dequeue(&dl->tx_queue)))
370 break;
371 } while (i != last);
372
373 if (msg) {
374 /* Set last dequeue position */
375 le->last_tx_dequeue = i;
376 }
377
378 return msg;
379}
380
Harald Welte6bdf0b12011-08-17 18:22:08 +0200[diff] [blame]381/*! \brief dequeue a msg that's pending transmission via L1 and wrap it into
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]382 * a osmo_phsap_prim */
383int lapdm_phsap_dequeue_prim(struct lapdm_entity *le, struct osmo_phsap_prim *pp)
384{
385 struct msgb *msg;
386 uint8_t n201;
387
388 msg = tx_dequeue_msgb(le);
389 if (!msg)
390 return -ENODEV;
391
392 /* if we have a message, send PH-DATA.req */
393 osmo_prim_init(&pp->oph, SAP_GSM_PH, PRIM_PH_DATA,
394 PRIM_OP_REQUEST, msg);
395
396 /* Pull chan_nr and link_id */
397 pp->u.data.chan_nr = *msg->data;
398 msgb_pull(msg, 1);
399 pp->u.data.link_id = *msg->data;
400 msgb_pull(msg, 1);
401 n201 = *msg->data;
402 msgb_pull(msg, 1);
403
404 /* Pad the frame, we can transmit now */
405 lapdm_pad_msgb(msg, n201);
406
407 return 0;
408}
409
410/* get next frame from the tx queue. because the ms has multiple datalinks,
411 * each datalink's queue is read round-robin.
412 */
413static int l2_ph_data_conf(struct msgb *msg, struct lapdm_entity *le)
414{
415 struct osmo_phsap_prim pp;
416
417 /* we may send again */
418 le->tx_pending = 0;
419
420 /* free confirm message */
421 if (msg)
422 msgb_free(msg);
423
424 if (lapdm_phsap_dequeue_prim(le, &pp) < 0) {
425 /* no message in all queues */
426
427 /* If user didn't request PH-EMPTY_FRAME.req, abort */
428 if (!(le->flags & LAPDM_ENT_F_EMPTY_FRAME))
429 return 0;
430
431 /* otherwise, send PH-EMPTY_FRAME.req */
432 osmo_prim_init(&pp.oph, SAP_GSM_PH,
433 PRIM_PH_EMPTY_FRAME,
434 PRIM_OP_REQUEST, NULL);
435 } else {
436 le->tx_pending = 1;
437 }
438
439 return le->l1_prim_cb(&pp.oph, le->l1_ctx);
440}
441
442/* Create RSLms various RSLms messages */
443static int send_rslms_rll_l3(uint8_t msg_type, struct lapdm_msg_ctx *mctx,
444 struct msgb *msg)
445{
446 /* Add the RSL + RLL header */
447 rsl_rll_push_l3(msg, msg_type, mctx->chan_nr, mctx->link_id, 1);
448
449 /* send off the RSLms message to L3 */
450 return rslms_sendmsg(msg, mctx->dl->entity);
451}
452
453/* Take a B4 format message from L1 and create RSLms UNIT DATA IND */
454static int send_rslms_rll_l3_ui(struct lapdm_msg_ctx *mctx, struct msgb *msg)
455{
456 uint8_t l3_len = msg->tail - (uint8_t *)msgb_l3(msg);
457 struct abis_rsl_rll_hdr *rllh;
458
459 /* Add the RSL + RLL header */
460 msgb_tv16_push(msg, RSL_IE_L3_INFO, l3_len);
461 msgb_push(msg, 2 + 2);
462 rsl_rll_push_hdr(msg, RSL_MT_UNIT_DATA_IND, mctx->chan_nr,
463 mctx->link_id, 1);
464 rllh = (struct abis_rsl_rll_hdr *)msgb_l2(msg);
465
466 rllh->data[0] = RSL_IE_TIMING_ADVANCE;
467 rllh->data[1] = mctx->ta_ind;
468
469 rllh->data[2] = RSL_IE_MS_POWER;
470 rllh->data[3] = mctx->tx_power_ind;
471
472 return rslms_sendmsg(msg, mctx->dl->entity);
473}
474
475static int send_rll_simple(uint8_t msg_type, struct lapdm_msg_ctx *mctx)
476{
477 struct msgb *msg;
478
479 msg = rsl_rll_simple(msg_type, mctx->chan_nr, mctx->link_id, 1);
480
481 /* send off the RSLms message to L3 */
482 return rslms_sendmsg(msg, mctx->dl->entity);
483}
484
485static int rsl_rll_error(uint8_t cause, struct lapdm_msg_ctx *mctx)
486{
487 struct msgb *msg;
488
489 LOGP(DLLAPDM, LOGL_NOTICE, "sending MDL-ERROR-IND %d\n", cause);
490 msg = rsl_rll_simple(RSL_MT_ERROR_IND, mctx->chan_nr, mctx->link_id, 1);
491 msg->l2h = msgb_put(msg, sizeof(struct abis_rsl_rll_hdr));
492 msgb_tlv_put(msg, RSL_IE_RLM_CAUSE, 1, &cause);
493 return rslms_sendmsg(msg, mctx->dl->entity);
494}
495
496static int check_length_ind(struct lapdm_msg_ctx *mctx, uint8_t length_ind)
497{
498 if (!(length_ind & 0x01)) {
499 /* G.4.1 If the EL bit is set to "0", an MDL-ERROR-INDICATION
500 * primitive with cause "frame not implemented" is sent to the
501 * mobile management entity. */
502 LOGP(DLLAPDM, LOGL_NOTICE,
503 "we don't support multi-octet length\n");
504 rsl_rll_error(RLL_CAUSE_FRM_UNIMPL, mctx);
505 return -EINVAL;
506 }
507 return 0;
508}
509
510static int lapdm_send_resend(struct lapdm_datalink *dl)
511{
512 struct msgb *msg = msgb_alloc_headroom(23+10, 10, "LAPDm resend");
513 int length;
514
515 /* Resend SABM/DISC from tx_hist */
516 length = dl->tx_length[0];
517 msg->l2h = msgb_put(msg, length);
518 memcpy(msg->l2h, dl->tx_hist[dl->V_send], length);
519
520 return tx_ph_data_enqueue(dl, msg, dl->mctx.chan_nr, dl->mctx.link_id,
521 dl->mctx.n201);
522}
523
524static int lapdm_send_ua(struct lapdm_msg_ctx *mctx, uint8_t len, uint8_t *data)
525{
526 uint8_t sapi = mctx->link_id & 7;
527 uint8_t f_bit = LAPDm_CTRL_PF_BIT(mctx->ctrl);
528 struct msgb *msg = msgb_alloc_headroom(23+10, 10, "LAPDm UA");
529 struct lapdm_entity *le = mctx->dl->entity;
530
531 msg->l2h = msgb_put(msg, 3 + len);
532 msg->l2h[0] = LAPDm_ADDR(LAPDm_LPD_NORMAL, sapi, le->cr.loc2rem.resp);
533 msg->l2h[1] = LAPDm_CTRL_U(LAPDm_U_UA, f_bit);
534 msg->l2h[2] = LAPDm_LEN(len);
535 if (len)
536 memcpy(msg->l2h + 3, data, len);
537
538 return tx_ph_data_enqueue(mctx->dl, msg, mctx->chan_nr, mctx->link_id,
539 mctx->n201);
540}
541
542static int lapdm_send_dm(struct lapdm_msg_ctx *mctx)
543{
544 uint8_t sapi = mctx->link_id & 7;
545 uint8_t f_bit = LAPDm_CTRL_PF_BIT(mctx->ctrl);
546 struct msgb *msg = msgb_alloc_headroom(23+10, 10, "LAPDm DM");
547 struct lapdm_entity *le = mctx->dl->entity;
548
549 msg->l2h = msgb_put(msg, 3);
550 msg->l2h[0] = LAPDm_ADDR(LAPDm_LPD_NORMAL, sapi, le->cr.loc2rem.resp);
551 msg->l2h[1] = LAPDm_CTRL_U(LAPDm_U_DM, f_bit);
552 msg->l2h[2] = 0;
553
554 return tx_ph_data_enqueue(mctx->dl, msg, mctx->chan_nr, mctx->link_id,
555 mctx->n201);
556}
557
558static int lapdm_send_rr(struct lapdm_msg_ctx *mctx, uint8_t f_bit)
559{
560 uint8_t sapi = mctx->link_id & 7;
561 struct msgb *msg = msgb_alloc_headroom(23+10, 10, "LAPDm RR");
562 struct lapdm_entity *le = mctx->dl->entity;
563
564 msg->l2h = msgb_put(msg, 3);
565 msg->l2h[0] = LAPDm_ADDR(LAPDm_LPD_NORMAL, sapi, le->cr.loc2rem.resp);
566 msg->l2h[1] = LAPDm_CTRL_S(mctx->dl->V_recv, LAPDm_S_RR, f_bit);
567 msg->l2h[2] = LAPDm_LEN(0);
568
569 return tx_ph_data_enqueue(mctx->dl, msg, mctx->chan_nr, mctx->link_id,
570 mctx->n201);
571}
572
573static int lapdm_send_rnr(struct lapdm_msg_ctx *mctx, uint8_t f_bit)
574{
575 uint8_t sapi = mctx->link_id & 7;
576 struct msgb *msg = msgb_alloc_headroom(23+10, 10, "LAPDm RNR");
577 struct lapdm_entity *le = mctx->dl->entity;
578
579 msg->l2h = msgb_put(msg, 3);
580 msg->l2h[0] = LAPDm_ADDR(LAPDm_LPD_NORMAL, sapi, le->cr.loc2rem.resp);
581 msg->l2h[1] = LAPDm_CTRL_S(mctx->dl->V_recv, LAPDm_S_RNR, f_bit);
582 msg->l2h[2] = LAPDm_LEN(0);
583
584 return tx_ph_data_enqueue(mctx->dl, msg, mctx->chan_nr, mctx->link_id,
585 mctx->n201);
586}
587
588static int lapdm_send_rej(struct lapdm_msg_ctx *mctx, uint8_t f_bit)
589{
590 uint8_t sapi = mctx->link_id & 7;
591 struct msgb *msg = msgb_alloc_headroom(23+10, 10, "LAPDm REJ");
592 struct lapdm_entity *le = mctx->dl->entity;
593
594 msg->l2h = msgb_put(msg, 3);
595 msg->l2h[0] = LAPDm_ADDR(LAPDm_LPD_NORMAL, sapi, le->cr.loc2rem.resp);
596 msg->l2h[1] = LAPDm_CTRL_S(mctx->dl->V_recv, LAPDm_S_REJ, f_bit);
597 msg->l2h[2] = LAPDm_LEN(0);
598
599 return tx_ph_data_enqueue(mctx->dl, msg, mctx->chan_nr, mctx->link_id,
600 mctx->n201);
601}
602
603/* Timer callback on T200 expiry */
604static void lapdm_t200_cb(void *data)
605{
606 struct lapdm_datalink *dl = data;
607
608 LOGP(DLLAPDM, LOGL_INFO, "lapdm_t200_cb(%p) state=%u\n", dl, dl->state);
609
610 switch (dl->state) {
611 case LAPDm_STATE_SABM_SENT:
612 /* 5.4.1.3 */
613 if (dl->retrans_ctr + 1 >= N200_EST_REL + 1) {
614 /* send RELEASE INDICATION to L3 */
615 send_rll_simple(RSL_MT_REL_IND, &dl->mctx);
616 /* send MDL ERROR INIDCATION to L3 */
617 rsl_rll_error(RLL_CAUSE_T200_EXPIRED, &dl->mctx);
618 /* flush tx buffers */
619 lapdm_dl_flush_tx(dl);
Harald Welte8264e092011-06-29 19:22:47 +0200[diff] [blame]620 lapdm_dl_flush_send(dl);
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]621 /* go back to idle state */
622 lapdm_dl_newstate(dl, LAPDm_STATE_IDLE);
623 /* NOTE: we must not change any other states or buffers
624 * and queues, since we may reconnect after handover
625 * failure. the buffered messages is replaced there */
626 break;
627 }
628 /* retransmit SABM command */
629 lapdm_send_resend(dl);
630 /* increment re-transmission counter */
631 dl->retrans_ctr++;
632 /* restart T200 (PH-READY-TO-SEND) */
633 osmo_timer_schedule(&dl->t200, T200);
634 break;
635 case LAPDm_STATE_DISC_SENT:
636 /* 5.4.4.3 */
637 if (dl->retrans_ctr + 1 >= N200_EST_REL + 1) {
638 /* send RELEASE INDICATION to L3 */
639 send_rll_simple(RSL_MT_REL_CONF, &dl->mctx);
640 /* send MDL ERROR INIDCATION to L3 */
641 rsl_rll_error(RLL_CAUSE_T200_EXPIRED, &dl->mctx);
642 /* flush buffers */
643 lapdm_dl_flush_tx(dl);
644 lapdm_dl_flush_send(dl);
645 /* go back to idle state */
646 lapdm_dl_newstate(dl, LAPDm_STATE_IDLE);
647 /* NOTE: we must not change any other states or buffers
648 * and queues, since we may reconnect after handover
649 * failure. the buffered messages is replaced there */
650 break;
651 }
652 /* retransmit DISC command */
653 lapdm_send_resend(dl);
654 /* increment re-transmission counter */
655 dl->retrans_ctr++;
656 /* restart T200 (PH-READY-TO-SEND) */
657 osmo_timer_schedule(&dl->t200, T200);
658 break;
659 case LAPDm_STATE_MF_EST:
660 /* 5.5.7 */
661 dl->retrans_ctr = 0;
662 lapdm_dl_newstate(dl, LAPDm_STATE_TIMER_RECOV);
663 /* fall through */
664 case LAPDm_STATE_TIMER_RECOV:
665 dl->retrans_ctr++;
666 if (dl->retrans_ctr < N200) {
667 /* retransmit I frame (V_s-1) with P=1, if any */
668 if (dl->tx_length[sub_mod8(dl->V_send, 1)]) {
669 struct msgb *msg;
670 int length;
671
672 LOGP(DLLAPDM, LOGL_INFO, "retransmit last frame "
673 "V(S)=%d\n", sub_mod8(dl->V_send, 1));
674 /* Create I frame (segment) from tx_hist */
675 length = dl->tx_length[sub_mod8(dl->V_send, 1)];
676 msg = msgb_alloc_headroom(23+10, 10, "LAPDm I");
677 msg->l2h = msgb_put(msg, length);
678 memcpy(msg->l2h,
679 dl->tx_hist[sub_mod8(dl->V_send, 1)],
680 length);
681 msg->l2h[1] = LAPDm_CTRL_I(dl->V_recv,
682 sub_mod8(dl->V_send, 1), 1); /* P=1 */
683 tx_ph_data_enqueue(dl, msg, dl->mctx.chan_nr,
684 dl->mctx.link_id, dl->mctx.n201);
685 } else {
686 /* OR send appropriate supervision frame with P=1 */
687 if (!dl->own_busy && !dl->seq_err_cond) {
688 lapdm_send_rr(&dl->mctx, 1);
689 /* NOTE: In case of sequence error
690 * condition, the REJ frame has been
691 * transmitted when entering the
692 * condition, so it has not be done
693 * here
694 */
695 } else if (dl->own_busy) {
696 lapdm_send_rnr(&dl->mctx, 1);
697 } else {
698 LOGP(DLLAPDM, LOGL_INFO, "unhandled, "
699 "pls. fix\n");
700 }
701 }
702 /* restart T200 (PH-READY-TO-SEND) */
703 osmo_timer_schedule(&dl->t200, T200);
704 } else {
705 /* send MDL ERROR INIDCATION to L3 */
706 rsl_rll_error(RLL_CAUSE_T200_EXPIRED, &dl->mctx);
707 }
708 break;
709 default:
710 LOGP(DLLAPDM, LOGL_INFO, "T200 expired in unexpected "
711 "dl->state %u\n", dl->state);
712 }
713}
714
715/* 5.5.3.1: Common function to acknowlege frames up to the given N(R) value */
716static void lapdm_acknowledge(struct lapdm_msg_ctx *mctx)
717{
718 struct lapdm_datalink *dl = mctx->dl;
719 uint8_t nr = LAPDm_CTRL_Nr(mctx->ctrl);
720 int s = 0, rej = 0, t200_reset = 0;
721 int i;
722
723 /* supervisory frame ? */
724 if (LAPDm_CTRL_is_S(mctx->ctrl))
725 s = 1;
726 /* REJ frame ? */
727 if (s && LAPDm_CTRL_S_BITS(mctx->ctrl) == LAPDm_S_REJ)
728 rej = 1;
729
730 /* Flush all transmit buffers of acknowledged frames */
731 for (i = dl->V_ack; i != nr; i = inc_mod8(i)) {
732 if (dl->tx_length[i]) {
733 dl->tx_length[i] = 0;
734 LOGP(DLLAPDM, LOGL_INFO, "ack frame %d\n", i);
735 }
736 }
737
738 if (dl->state != LAPDm_STATE_TIMER_RECOV) {
739 /* When not in the timer recovery condition, the data
740 * link layer entity shall reset the timer T200 on
741 * receipt of a valid I frame with N(R) higher than V(A),
742 * or an REJ with an N(R) equal to V(A). */
743 if ((!rej && nr != dl->V_ack)
744 || (rej && nr == dl->V_ack)) {
745 LOGP(DLLAPDM, LOGL_INFO, "reset t200\n");
746 t200_reset = 1;
747 osmo_timer_del(&dl->t200);
748 /* 5.5.3.1 Note 1 + 2 imply timer recovery cond. */
749 }
750 /* 5.7.4: N(R) sequence error
751 * N(R) is called valid, if and only if
752 * (N(R)-V(A)) mod 8 <= (V(S)-V(A)) mod 8.
753 */
754 if (sub_mod8(nr, dl->V_ack) > sub_mod8(dl->V_send, dl->V_ack)) {
755 LOGP(DLLAPDM, LOGL_NOTICE, "N(R) sequence error\n");
756 rsl_rll_error(RLL_CAUSE_SEQ_ERR, mctx);
757 }
758 }
759
760 /* V(A) shall be set to the value of N(R) */
761 dl->V_ack = nr;
762
763 /* If T200 has been reset by the receipt of an I, RR or RNR frame,
764 * and if there are outstanding I frames, restart T200 */
765 if (t200_reset && !rej) {
766 if (dl->tx_length[dl->V_send - 1]) {
767 LOGP(DLLAPDM, LOGL_INFO, "start T200, due to unacked I "
768 "frame(s)\n");
769 osmo_timer_schedule(&dl->t200, T200);
770 }
771 }
772}
773
774/* L1 -> L2 */
775
776/* Receive a LAPDm U (Unnumbered) message from L1 */
777static int lapdm_rx_u(struct msgb *msg, struct lapdm_msg_ctx *mctx)
778{
779 struct lapdm_datalink *dl = mctx->dl;
780 struct lapdm_entity *le = dl->entity;
781 uint8_t length;
782 int rc;
783 int rsl_msg;
784
785 switch (LAPDm_CTRL_U_BITS(mctx->ctrl)) {
786 case LAPDm_U_SABM:
787 rsl_msg = RSL_MT_EST_IND;
788
789 LOGP(DLLAPDM, LOGL_INFO, "SABM received\n");
790 /* 5.7.1 */
791 dl->seq_err_cond = 0;
792 /* G.2.2 Wrong value of the C/R bit */
793 if (LAPDm_ADDR_CR(mctx->addr) == le->cr.rem2loc.resp) {
794 LOGP(DLLAPDM, LOGL_NOTICE, "SABM response error\n");
795 msgb_free(msg);
796 rsl_rll_error(RLL_CAUSE_FRM_UNIMPL, mctx);
797 return -EINVAL;
798 }
799
800 length = msg->l2h[2] >> 2;
801 /* G.4.5 If SABM is received with L>N201 or with M bit
802 * set, AN MDL-ERROR-INDICATION is sent to MM.
803 */
804 if ((msg->l2h[2] & LAPDm_MORE) || length + 3 > mctx->n201) {
805 LOGP(DLLAPDM, LOGL_NOTICE, "SABM too large error\n");
806 msgb_free(msg);
807 rsl_rll_error(RLL_CAUSE_UFRM_INC_PARAM, mctx);
808 return -EIO;
809 }
810
811 /* Must be Format B */
812 rc = check_length_ind(mctx, msg->l2h[2]);
813 if (rc < 0) {
814 msgb_free(msg);
815 return rc;
816 }
817 switch (dl->state) {
818 case LAPDm_STATE_IDLE:
819 /* Set chan_nr and link_id for established connection */
820 memset(&dl->mctx, 0, sizeof(dl->mctx));
821 dl->mctx.dl = dl;
822 dl->mctx.chan_nr = mctx->chan_nr;
823 dl->mctx.link_id = mctx->link_id;
824 dl->mctx.n201 = mctx->n201;
825 break;
826 case LAPDm_STATE_MF_EST:
827 if (length == 0) {
828 rsl_msg = RSL_MT_EST_CONF;
829 break;
830 }
831 LOGP(DLLAPDM, LOGL_INFO, "SABM command, multiple "
832 "frame established state\n");
833 /* check for contention resoultion */
834 if (dl->tx_hist[0][2] >> 2) {
835 LOGP(DLLAPDM, LOGL_NOTICE, "SABM not allowed "
836 "during contention resolution\n");
837 rsl_rll_error(RLL_CAUSE_SABM_INFO_NOTALL, mctx);
838 }
839 msgb_free(msg);
840 return 0;
841 case LAPDm_STATE_DISC_SENT:
842 /* 5.4.6.2 send DM with F=P */
843 lapdm_send_dm(mctx);
844 /* reset Timer T200 */
845 osmo_timer_del(&dl->t200);
846 msgb_free(msg);
847 return send_rll_simple(RSL_MT_REL_CONF, mctx);
848 default:
849 lapdm_send_ua(mctx, length, msg->l2h + 3);
850 msgb_free(msg);
851 return 0;
852 }
853 /* send UA response */
854 lapdm_send_ua(mctx, length, msg->l2h + 3);
855 /* set Vs, Vr and Va to 0 */
856 dl->V_send = dl->V_recv = dl->V_ack = 0;
857 /* clear tx_hist */
858 dl->tx_length[0] = 0;
859 /* enter multiple-frame-established state */
860 lapdm_dl_newstate(dl, LAPDm_STATE_MF_EST);
861 /* send notification to L3 */
862 if (length == 0) {
863 /* 5.4.1.2 Normal establishment procedures */
864 rc = send_rll_simple(rsl_msg, mctx);
865 msgb_free(msg);
866 } else {
867 /* 5.4.1.4 Contention resolution establishment */
868 msg->l3h = msg->l2h + 3;
869 msgb_pull_l2h(msg);
870 rc = send_rslms_rll_l3(rsl_msg, mctx, msg);
871 }
872 break;
873 case LAPDm_U_DM:
874 LOGP(DLLAPDM, LOGL_INFO, "DM received\n");
875 /* G.2.2 Wrong value of the C/R bit */
876 if (LAPDm_ADDR_CR(mctx->addr) == le->cr.rem2loc.cmd) {
877 LOGP(DLLAPDM, LOGL_NOTICE, "DM command error\n");
878 msgb_free(msg);
879 rsl_rll_error(RLL_CAUSE_FRM_UNIMPL, mctx);
880 return -EINVAL;
881 }
882 if (!LAPDm_CTRL_PF_BIT(mctx->ctrl)) {
883 /* 5.4.1.2 DM responses with the F bit set to "0"
884 * shall be ignored.
885 */
886 msgb_free(msg);
887 return 0;
888 }
889 switch (dl->state) {
890 case LAPDm_STATE_SABM_SENT:
891 break;
892 case LAPDm_STATE_MF_EST:
893 if (LAPDm_CTRL_PF_BIT(mctx->ctrl) == 1) {
894 LOGP(DLLAPDM, LOGL_INFO, "unsolicited DM "
895 "response\n");
896 rsl_rll_error(RLL_CAUSE_UNSOL_DM_RESP, mctx);
897 } else {
898 LOGP(DLLAPDM, LOGL_INFO, "unsolicited DM "
899 "response, multiple frame established "
900 "state\n");
901 rsl_rll_error(RLL_CAUSE_UNSOL_DM_RESP_MF, mctx);
902 }
903 msgb_free(msg);
904 return 0;
905 case LAPDm_STATE_TIMER_RECOV:
906 /* DM is normal in case PF = 1 */
907 if (LAPDm_CTRL_PF_BIT(mctx->ctrl) == 0) {
908 LOGP(DLLAPDM, LOGL_INFO, "unsolicited DM "
909 "response, multiple frame established "
910 "state\n");
911 rsl_rll_error(RLL_CAUSE_UNSOL_DM_RESP_MF, mctx);
912 msgb_free(msg);
913 return 0;
914 }
915 break;
916 case LAPDm_STATE_DISC_SENT:
917 /* reset Timer T200 */
918 osmo_timer_del(&dl->t200);
919 /* go to idle state */
Harald Welte8264e092011-06-29 19:22:47 +0200[diff] [blame]920 lapdm_dl_flush_tx(dl);
921 lapdm_dl_flush_send(dl);
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]922 lapdm_dl_newstate(dl, LAPDm_STATE_IDLE);
923 rc = send_rll_simple(RSL_MT_REL_CONF, mctx);
924 msgb_free(msg);
925 return 0;
926 case LAPDm_STATE_IDLE:
927 /* 5.4.5 all other frame types shall be discarded */
928 default:
929 LOGP(DLLAPDM, LOGL_INFO, "unsolicited DM response! "
930 "(discarding)\n");
931 msgb_free(msg);
932 return 0;
933 }
934 /* reset T200 */
935 osmo_timer_del(&dl->t200);
936 rc = send_rll_simple(RSL_MT_REL_IND, mctx);
937 msgb_free(msg);
938 break;
939 case LAPDm_U_UI:
940 LOGP(DLLAPDM, LOGL_INFO, "UI received\n");
941 /* G.2.2 Wrong value of the C/R bit */
942 if (LAPDm_ADDR_CR(mctx->addr) == le->cr.rem2loc.resp) {
943 LOGP(DLLAPDM, LOGL_NOTICE, "UI indicates response "
944 "error\n");
945 msgb_free(msg);
946 rsl_rll_error(RLL_CAUSE_FRM_UNIMPL, mctx);
947 return -EINVAL;
948 }
949
950 length = msg->l2h[2] >> 2;
951 /* FIXME: G.4.5 If UI is received with L>N201 or with M bit
952 * set, AN MDL-ERROR-INDICATION is sent to MM.
953 */
954
955 if (mctx->lapdm_fmt == LAPDm_FMT_B4) {
956 length = N201_B4;
957 msg->l3h = msg->l2h + 2;
958 } else {
959 rc = check_length_ind(mctx, msg->l2h[2]);
960 if (rc < 0) {
961 msgb_free(msg);
962 return rc;
963 }
964 length = msg->l2h[2] >> 2;
965 msg->l3h = msg->l2h + 3;
966 }
967 /* do some length checks */
968 if (length == 0) {
969 /* 5.3.3 UI frames received with the length indicator
970 * set to "0" shall be ignored
971 */
972 LOGP(DLLAPDM, LOGL_INFO, "length=0 (discarding)\n");
973 msgb_free(msg);
974 return 0;
975 }
976 switch (LAPDm_ADDR_SAPI(mctx->addr)) {
977 case LAPDm_SAPI_NORMAL:
978 case LAPDm_SAPI_SMS:
979 break;
980 default:
981 /* 5.3.3 UI frames with invalid SAPI values shall be
982 * discarded
983 */
984 LOGP(DLLAPDM, LOGL_INFO, "sapi=%u (discarding)\n",
985 LAPDm_ADDR_SAPI(mctx->addr));
986 msgb_free(msg);
987 return 0;
988 }
989 msgb_pull_l2h(msg);
990 rc = send_rslms_rll_l3_ui(mctx, msg);
991 break;
992 case LAPDm_U_DISC:
993 rsl_msg = RSL_MT_REL_IND;
994
995 LOGP(DLLAPDM, LOGL_INFO, "DISC received\n");
996 /* flush buffers */
997 lapdm_dl_flush_tx(dl);
998 lapdm_dl_flush_send(dl);
999 /* 5.7.1 */
1000 dl->seq_err_cond = 0;
1001 /* G.2.2 Wrong value of the C/R bit */
1002 if (LAPDm_ADDR_CR(mctx->addr) == le->cr.rem2loc.resp) {
1003 LOGP(DLLAPDM, LOGL_NOTICE, "DISC response error\n");
1004 msgb_free(msg);
1005 rsl_rll_error(RLL_CAUSE_FRM_UNIMPL, mctx);
1006 return -EINVAL;
1007 }
1008 length = msg->l2h[2] >> 2;
1009 if (length > 0 || msg->l2h[2] & 0x02) {
1010 /* G.4.4 If a DISC or DM frame is received with L>0 or
1011 * with the M bit set to "1", an MDL-ERROR-INDICATION
1012 * primitive with cause "U frame with incorrect
1013 * parameters" is sent to the mobile management entity.
1014 */
1015 LOGP(DLLAPDM, LOGL_NOTICE,
1016 "U frame iwth incorrect parameters ");
1017 msgb_free(msg);
1018 rsl_rll_error(RLL_CAUSE_UFRM_INC_PARAM, mctx);
1019 return -EIO;
1020 }
1021 switch (dl->state) {
1022 case LAPDm_STATE_IDLE:
1023 LOGP(DLLAPDM, LOGL_INFO, "DISC in idle state\n");
1024 /* send DM with F=P */
1025 msgb_free(msg);
1026 return lapdm_send_dm(mctx);
1027 case LAPDm_STATE_SABM_SENT:
1028 LOGP(DLLAPDM, LOGL_INFO, "DISC in SABM state\n");
1029 /* 5.4.6.2 send DM with F=P */
1030 lapdm_send_dm(mctx);
1031 /* reset Timer T200 */
1032 osmo_timer_del(&dl->t200);
1033 msgb_free(msg);
1034 return send_rll_simple(RSL_MT_REL_IND, mctx);
1035 case LAPDm_STATE_MF_EST:
1036 case LAPDm_STATE_TIMER_RECOV:
1037 LOGP(DLLAPDM, LOGL_INFO, "DISC in est state\n");
1038 break;
1039 case LAPDm_STATE_DISC_SENT:
1040 LOGP(DLLAPDM, LOGL_INFO, "DISC in disc state\n");
1041 rsl_msg = RSL_MT_REL_CONF;
1042 break;
1043 default:
1044 lapdm_send_ua(mctx, length, msg->l2h + 3);
1045 msgb_free(msg);
1046 return 0;
1047 }
1048 /* send UA response */
1049 lapdm_send_ua(mctx, length, msg->l2h + 3);
1050 /* reset Timer T200 */
1051 osmo_timer_del(&dl->t200);
1052 /* enter idle state */
Harald Welte8264e092011-06-29 19:22:47 +0200[diff] [blame]1053 lapdm_dl_flush_tx(dl);
1054 lapdm_dl_flush_send(dl);
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]1055 lapdm_dl_newstate(dl, LAPDm_STATE_IDLE);
1056 /* send notification to L3 */
1057 rc = send_rll_simple(rsl_msg, mctx);
1058 msgb_free(msg);
1059 break;
1060 case LAPDm_U_UA:
1061 LOGP(DLLAPDM, LOGL_INFO, "UA received\n");
1062 /* G.2.2 Wrong value of the C/R bit */
1063 if (LAPDm_ADDR_CR(mctx->addr) == le->cr.rem2loc.cmd) {
1064 LOGP(DLLAPDM, LOGL_NOTICE, "UA indicates command "
1065 "error\n");
1066 msgb_free(msg);
1067 rsl_rll_error(RLL_CAUSE_FRM_UNIMPL, mctx);
1068 return -EINVAL;
1069 }
1070
1071 length = msg->l2h[2] >> 2;
1072 /* G.4.5 If UA is received with L>N201 or with M bit
1073 * set, AN MDL-ERROR-INDICATION is sent to MM.
1074 */
1075 if ((msg->l2h[2] & LAPDm_MORE) || length + 3 > mctx->n201) {
1076 LOGP(DLLAPDM, LOGL_NOTICE, "UA too large error\n");
1077 msgb_free(msg);
1078 rsl_rll_error(RLL_CAUSE_UFRM_INC_PARAM, mctx);
1079 return -EIO;
1080 }
1081
1082 if (!LAPDm_CTRL_PF_BIT(mctx->ctrl)) {
1083 /* 5.4.1.2 A UA response with the F bit set to "0"
1084 * shall be ignored.
1085 */
1086 LOGP(DLLAPDM, LOGL_INFO, "F=0 (discarding)\n");
1087 msgb_free(msg);
1088 return 0;
1089 }
1090 switch (dl->state) {
1091 case LAPDm_STATE_SABM_SENT:
1092 break;
1093 case LAPDm_STATE_MF_EST:
1094 case LAPDm_STATE_TIMER_RECOV:
1095 LOGP(DLLAPDM, LOGL_INFO, "unsolicited UA response! "
1096 "(discarding)\n");
1097 rsl_rll_error(RLL_CAUSE_UNSOL_UA_RESP, mctx);
1098 msgb_free(msg);
1099 return 0;
1100 case LAPDm_STATE_DISC_SENT:
1101 LOGP(DLLAPDM, LOGL_INFO, "UA in disconnect state\n");
1102 /* reset Timer T200 */
1103 osmo_timer_del(&dl->t200);
1104 /* go to idle state */
Harald Welte8264e092011-06-29 19:22:47 +0200[diff] [blame]1105 lapdm_dl_flush_tx(dl);
1106 lapdm_dl_flush_send(dl);
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]1107 lapdm_dl_newstate(dl, LAPDm_STATE_IDLE);
1108 rc = send_rll_simple(RSL_MT_REL_CONF, mctx);
1109 msgb_free(msg);
1110 return 0;
1111 case LAPDm_STATE_IDLE:
1112 /* 5.4.5 all other frame types shall be discarded */
1113 default:
1114 LOGP(DLLAPDM, LOGL_INFO, "unsolicited UA response! "
1115 "(discarding)\n");
1116 msgb_free(msg);
1117 return 0;
1118 }
1119 LOGP(DLLAPDM, LOGL_INFO, "UA in SABM state\n");
1120 /* reset Timer T200 */
1121 osmo_timer_del(&dl->t200);
1122 /* compare UA with SABME if contention resolution is applied */
1123 if (dl->tx_hist[0][2] >> 2) {
1124 rc = check_length_ind(mctx, msg->l2h[2]);
1125 if (rc < 0) {
1126 rc = send_rll_simple(RSL_MT_REL_IND, mctx);
1127 msgb_free(msg);
1128 /* go to idle state */
Harald Welte8264e092011-06-29 19:22:47 +0200[diff] [blame]1129 lapdm_dl_flush_tx(dl);
1130 lapdm_dl_flush_send(dl);
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]1131 lapdm_dl_newstate(dl, LAPDm_STATE_IDLE);
1132 return 0;
1133 }
1134 length = msg->l2h[2] >> 2;
1135 if (length != (dl->tx_hist[0][2] >> 2)
1136 || !!memcmp(dl->tx_hist[0] + 3, msg->l2h + 3,
1137 length)) {
1138 LOGP(DLLAPDM, LOGL_INFO, "**** UA response "
1139 "mismatches ****\n");
1140 rc = send_rll_simple(RSL_MT_REL_IND, mctx);
1141 msgb_free(msg);
1142 /* go to idle state */
Harald Welte8264e092011-06-29 19:22:47 +0200[diff] [blame]1143 lapdm_dl_flush_tx(dl);
1144 lapdm_dl_flush_send(dl);
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]1145 lapdm_dl_newstate(dl, LAPDm_STATE_IDLE);
1146 return 0;
1147 }
1148 }
1149 /* set Vs, Vr and Va to 0 */
1150 dl->V_send = dl->V_recv = dl->V_ack = 0;
1151 /* clear tx_hist */
1152 dl->tx_length[0] = 0;
1153 /* enter multiple-frame-established state */
1154 lapdm_dl_newstate(dl, LAPDm_STATE_MF_EST);
1155 /* send outstanding frames, if any (resume / reconnect) */
1156 rslms_send_i(mctx, __LINE__);
1157 /* send notification to L3 */
1158 rc = send_rll_simple(RSL_MT_EST_CONF, mctx);
1159 msgb_free(msg);
1160 break;
1161 default:
1162 /* G.3.1 */
1163 LOGP(DLLAPDM, LOGL_NOTICE, "Unnumbered frame not allowed.\n");
1164 msgb_free(msg);
1165 rsl_rll_error(RLL_CAUSE_FRM_UNIMPL, mctx);
1166 return -EINVAL;
1167 }
1168 return rc;
1169}
1170
1171/* Receive a LAPDm S (Supervisory) message from L1 */
1172static int lapdm_rx_s(struct msgb *msg, struct lapdm_msg_ctx *mctx)
1173{
1174 struct lapdm_datalink *dl = mctx->dl;
1175 struct lapdm_entity *le = dl->entity;
1176 uint8_t length;
1177
1178 length = msg->l2h[2] >> 2;
1179 if (length > 0 || msg->l2h[2] & 0x02) {
1180 /* G.4.3 If a supervisory frame is received with L>0 or
1181 * with the M bit set to "1", an MDL-ERROR-INDICATION
1182 * primitive with cause "S frame with incorrect
1183 * parameters" is sent to the mobile management entity. */
1184 LOGP(DLLAPDM, LOGL_NOTICE,
1185 "S frame with incorrect parameters\n");
1186 msgb_free(msg);
1187 rsl_rll_error(RLL_CAUSE_SFRM_INC_PARAM, mctx);
1188 return -EIO;
1189 }
1190
1191 if (LAPDm_ADDR_CR(mctx->addr) == le->cr.rem2loc.resp
1192 && LAPDm_CTRL_PF_BIT(mctx->ctrl)
1193 && dl->state != LAPDm_STATE_TIMER_RECOV) {
1194 /* 5.4.2.2: Inidcate error on supervisory reponse F=1 */
1195 LOGP(DLLAPDM, LOGL_NOTICE, "S frame response with F=1 error\n");
1196 rsl_rll_error(RLL_CAUSE_UNSOL_SPRV_RESP, mctx);
1197 }
1198
1199 switch (dl->state) {
1200 case LAPDm_STATE_IDLE:
1201 /* if P=1, respond DM with F=1 (5.2.2) */
1202 /* 5.4.5 all other frame types shall be discarded */
1203 if (LAPDm_CTRL_PF_BIT(mctx->ctrl))
1204 lapdm_send_dm(mctx); /* F=P */
1205 /* fall though */
1206 case LAPDm_STATE_SABM_SENT:
1207 case LAPDm_STATE_DISC_SENT:
1208 LOGP(DLLAPDM, LOGL_NOTICE, "S frame ignored in this state\n");
1209 msgb_free(msg);
1210 return 0;
1211 }
1212 switch (LAPDm_CTRL_S_BITS(mctx->ctrl)) {
1213 case LAPDm_S_RR:
1214 LOGP(DLLAPDM, LOGL_INFO, "RR received\n");
1215 /* 5.5.3.1: Acknowlege all tx frames up the the N(R)-1 */
1216 lapdm_acknowledge(mctx);
1217
1218 /* 5.5.3.2 */
1219 if (LAPDm_ADDR_CR(mctx->addr) == le->cr.rem2loc.cmd
1220 && LAPDm_CTRL_PF_BIT(mctx->ctrl)) {
1221 if (!dl->own_busy && !dl->seq_err_cond) {
1222 LOGP(DLLAPDM, LOGL_NOTICE, "RR frame command "
1223 "with polling bit set and we are not "
1224 "busy, so we reply with RR frame\n");
1225 lapdm_send_rr(mctx, 1);
1226 /* NOTE: In case of sequence error condition,
1227 * the REJ frame has been transmitted when
1228 * entering the condition, so it has not be
1229 * done here
1230 */
1231 } else if (dl->own_busy) {
1232 LOGP(DLLAPDM, LOGL_NOTICE, "RR frame command "
1233 "with polling bit set and we are busy, "
1234 "so we reply with RR frame\n");
1235 lapdm_send_rnr(mctx, 1);
1236 }
1237 } else if (LAPDm_ADDR_CR(mctx->addr) == le->cr.rem2loc.resp
1238 && LAPDm_CTRL_PF_BIT(mctx->ctrl)
1239 && dl->state == LAPDm_STATE_TIMER_RECOV) {
1240 LOGP(DLLAPDM, LOGL_INFO, "RR response with F==1, "
1241 "and we are in timer recovery state, so "
1242 "we leave that state\n");
1243 /* V(S) to the N(R) in the RR frame */
1244 dl->V_send = LAPDm_CTRL_Nr(mctx->ctrl);
1245 /* reset Timer T200 */
1246 osmo_timer_del(&dl->t200);
1247 /* 5.5.7 Clear timer recovery condition */
1248 lapdm_dl_newstate(dl, LAPDm_STATE_MF_EST);
1249 }
1250 /* Send message, if possible due to acknowledged data */
1251 rslms_send_i(mctx, __LINE__);
1252
1253 break;
1254 case LAPDm_S_RNR:
1255 LOGP(DLLAPDM, LOGL_INFO, "RNR received\n");
1256 /* 5.5.3.1: Acknowlege all tx frames up the the N(R)-1 */
1257 lapdm_acknowledge(mctx);
1258
1259 /* 5.5.5 */
1260 /* Set peer receiver busy condition */
1261 dl->peer_busy = 1;
1262
1263 if (LAPDm_CTRL_PF_BIT(mctx->ctrl)) {
1264 if (LAPDm_ADDR_CR(mctx->addr) == le->cr.rem2loc.cmd) {
1265 if (!dl->own_busy) {
1266 LOGP(DLLAPDM, LOGL_INFO, "RNR poll "
1267 "command and we are not busy, "
1268 "so we reply with RR final "
1269 "response\n");
1270 /* Send RR with F=1 */
1271 lapdm_send_rr(mctx, 1);
1272 } else {
1273 LOGP(DLLAPDM, LOGL_INFO, "RNR poll "
1274 "command and we are busy, so "
1275 "we reply with RNR final "
1276 "response\n");
1277 /* Send RNR with F=1 */
1278 lapdm_send_rnr(mctx, 1);
1279 }
1280 } else if (dl->state == LAPDm_STATE_TIMER_RECOV) {
1281 LOGP(DLLAPDM, LOGL_INFO, "RNR poll response "
1282 "and we in timer recovery state, so "
1283 "we leave that state\n");
1284 /* 5.5.7 Clear timer recovery condition */
1285 lapdm_dl_newstate(dl, LAPDm_STATE_MF_EST);
1286 /* V(S) to the N(R) in the RNR frame */
1287 dl->V_send = LAPDm_CTRL_Nr(mctx->ctrl);
1288 }
1289 } else
1290 LOGP(DLLAPDM, LOGL_INFO, "RNR not polling/final state "
1291 "received\n");
1292
1293 /* Send message, if possible due to acknowledged data */
1294 rslms_send_i(mctx, __LINE__);
1295
1296 break;
1297 case LAPDm_S_REJ:
1298 LOGP(DLLAPDM, LOGL_INFO, "REJ received\n");
1299 /* 5.5.3.1: Acknowlege all tx frames up the the N(R)-1 */
1300 lapdm_acknowledge(mctx);
1301
1302 /* 5.5.4.1 */
1303 if (dl->state != LAPDm_STATE_TIMER_RECOV) {
1304 /* Clear an existing peer receiver busy condition */
1305 dl->peer_busy = 0;
1306 /* V(S) and V(A) to the N(R) in the REJ frame */
1307 dl->V_send = dl->V_ack = LAPDm_CTRL_Nr(mctx->ctrl);
1308 /* reset Timer T200 */
1309 osmo_timer_del(&dl->t200);
1310 /* 5.5.3.2 */
1311 if (LAPDm_ADDR_CR(mctx->addr) == le->cr.rem2loc.cmd
1312 && LAPDm_CTRL_PF_BIT(mctx->ctrl)) {
1313 if (!dl->own_busy && !dl->seq_err_cond) {
1314 LOGP(DLLAPDM, LOGL_INFO, "REJ poll "
1315 "command not in timer recovery "
1316 "state and not in own busy "
1317 "condition received, so we "
1318 "respond with RR final "
1319 "response\n");
1320 lapdm_send_rr(mctx, 1);
1321 /* NOTE: In case of sequence error
1322 * condition, the REJ frame has been
1323 * transmitted when entering the
1324 * condition, so it has not be done
1325 * here
1326 */
1327 } else if (dl->own_busy) {
1328 LOGP(DLLAPDM, LOGL_INFO, "REJ poll "
1329 "command not in timer recovery "
1330 "state and in own busy "
1331 "condition received, so we "
1332 "respond with RNR final "
1333 "response\n");
1334 lapdm_send_rnr(mctx, 1);
1335 }
1336 } else
1337 LOGP(DLLAPDM, LOGL_INFO, "REJ response or not "
1338 "polling command not in timer recovery "
1339 "state received\n");
1340 /* send MDL ERROR INIDCATION to L3 */
1341 if (LAPDm_ADDR_CR(mctx->addr) == le->cr.rem2loc.resp
1342 && LAPDm_CTRL_PF_BIT(mctx->ctrl)) {
1343 rsl_rll_error(RLL_CAUSE_UNSOL_SPRV_RESP, mctx);
1344 }
1345
1346 } else if (LAPDm_ADDR_CR(mctx->addr) == le->cr.rem2loc.resp
1347 && LAPDm_CTRL_PF_BIT(mctx->ctrl)) {
1348 LOGP(DLLAPDM, LOGL_INFO, "REJ poll response in timer "
1349 "recovery state received\n");
1350 /* Clear an existing peer receiver busy condition */
1351 dl->peer_busy = 0;
1352 /* 5.5.7 Clear timer recovery condition */
1353 lapdm_dl_newstate(dl, LAPDm_STATE_MF_EST);
1354 /* V(S) and V(A) to the N(R) in the REJ frame */
1355 dl->V_send = dl->V_ack = LAPDm_CTRL_Nr(mctx->ctrl);
1356 /* reset Timer T200 */
1357 osmo_timer_del(&dl->t200);
1358 } else {
1359 /* Clear an existing peer receiver busy condition */
1360 dl->peer_busy = 0;
1361 /* V(S) and V(A) to the N(R) in the REJ frame */
1362 dl->V_send = dl->V_ack = LAPDm_CTRL_Nr(mctx->ctrl);
1363 /* 5.5.3.2 */
1364 if (LAPDm_ADDR_CR(mctx->addr) == le->cr.rem2loc.cmd
1365 && LAPDm_CTRL_PF_BIT(mctx->ctrl)) {
1366 if (!dl->own_busy && !dl->seq_err_cond) {
1367 LOGP(DLLAPDM, LOGL_INFO, "REJ poll "
1368 "command in timer recovery "
1369 "state and not in own busy "
1370 "condition received, so we "
1371 "respond with RR final "
1372 "response\n");
1373 lapdm_send_rr(mctx, 1);
1374 /* NOTE: In case of sequence error
1375 * condition, the REJ frame has been
1376 * transmitted when entering the
1377 * condition, so it has not be done
1378 * here
1379 */
1380 } else if (dl->own_busy) {
1381 LOGP(DLLAPDM, LOGL_INFO, "REJ poll "
1382 "command in timer recovery "
1383 "state and in own busy "
1384 "condition received, so we "
1385 "respond with RNR final "
1386 "response\n");
1387 lapdm_send_rnr(mctx, 1);
1388 }
1389 } else
1390 LOGP(DLLAPDM, LOGL_INFO, "REJ response or not "
1391 "polling command in timer recovery "
1392 "state received\n");
1393 }
1394
1395 /* FIXME: 5.5.4.2 2) */
1396
1397 /* Send message, if possible due to acknowledged data */
1398 rslms_send_i(mctx, __LINE__);
1399
1400 break;
1401 default:
1402 /* G.3.1 */
1403 LOGP(DLLAPDM, LOGL_NOTICE, "Supervisory frame not allowed.\n");
1404 msgb_free(msg);
1405 rsl_rll_error(RLL_CAUSE_FRM_UNIMPL, mctx);
1406 return -EINVAL;
1407 }
1408 msgb_free(msg);
1409 return 0;
1410}
1411
1412/* Receive a LAPDm I (Information) message from L1 */
1413static int lapdm_rx_i(struct msgb *msg, struct lapdm_msg_ctx *mctx)
1414{
1415 struct lapdm_datalink *dl = mctx->dl;
1416 struct lapdm_entity *le = dl->entity;
1417 //uint8_t nr = LAPDm_CTRL_Nr(mctx->ctrl);
1418 uint8_t ns = LAPDm_CTRL_I_Ns(mctx->ctrl);
1419 uint8_t length;
1420 int rc;
1421
1422 LOGP(DLLAPDM, LOGL_NOTICE, "I received\n");
1423
1424 /* G.2.2 Wrong value of the C/R bit */
1425 if (LAPDm_ADDR_CR(mctx->addr) == le->cr.rem2loc.resp) {
1426 LOGP(DLLAPDM, LOGL_NOTICE, "I frame response not allowed\n");
1427 msgb_free(msg);
1428 rsl_rll_error(RLL_CAUSE_FRM_UNIMPL, mctx);
1429 return -EINVAL;
1430 }
1431
1432 length = msg->l2h[2] >> 2;
1433 if (length == 0 || length + 3 > mctx->n201) {
1434 /* G.4.2 If the length indicator of an I frame is set
1435 * to a numerical value L>N201 or L=0, an MDL-ERROR-INDICATION
1436 * primitive with cause "I frame with incorrect length"
1437 * is sent to the mobile management entity. */
1438 LOGP(DLLAPDM, LOGL_NOTICE, "I frame length not allowed\n");
1439 msgb_free(msg);
1440 rsl_rll_error(RLL_CAUSE_IFRM_INC_LEN, mctx);
1441 return -EIO;
1442 }
1443
1444 /* G.4.2 If the numerical value of L is L<N201 and the M
1445 * bit is set to "1", then an MDL-ERROR-INDICATION primitive with
1446 * cause "I frame with incorrect use of M bit" is sent to the
1447 * mobile management entity. */
1448 if ((msg->l2h[2] & LAPDm_MORE) && length + 3 < mctx->n201) {
1449 LOGP(DLLAPDM, LOGL_NOTICE, "I frame with M bit too short\n");
1450 msgb_free(msg);
1451 rsl_rll_error(RLL_CAUSE_IFRM_INC_MBITS, mctx);
1452 return -EIO;
1453 }
1454
1455 switch (dl->state) {
1456 case LAPDm_STATE_IDLE:
1457 /* if P=1, respond DM with F=1 (5.2.2) */
1458 /* 5.4.5 all other frame types shall be discarded */
1459 if (LAPDm_CTRL_PF_BIT(mctx->ctrl))
1460 lapdm_send_dm(mctx); /* F=P */
1461 /* fall though */
1462 case LAPDm_STATE_SABM_SENT:
1463 case LAPDm_STATE_DISC_SENT:
1464 LOGP(DLLAPDM, LOGL_NOTICE, "I frame ignored in this state\n");
1465 msgb_free(msg);
1466 return 0;
1467 }
1468
1469 /* 5.7.1: N(s) sequence error */
1470 if (ns != dl->V_recv) {
1471 LOGP(DLLAPDM, LOGL_NOTICE, "N(S) sequence error: N(S)=%u, "
1472 "V(R)=%u\n", ns, dl->V_recv);
1473 /* discard data */
1474 msgb_free(msg);
1475 if (!dl->seq_err_cond) {
1476 /* FIXME: help me understand what exactly todo here
1477 dl->seq_err_cond = 1;
1478 */
1479 lapdm_send_rej(mctx, LAPDm_CTRL_PF_BIT(mctx->ctrl));
1480 } else {
1481 }
1482 return -EIO;
1483 }
1484 dl->seq_err_cond = 0;
1485
1486 /* Increment receiver state */
1487 dl->V_recv = inc_mod8(dl->V_recv);
1488 LOGP(DLLAPDM, LOGL_NOTICE, "incrementing V(R) to %u\n", dl->V_recv);
1489
1490 /* 5.5.3.1: Acknowlege all transmitted frames up the the N(R)-1 */
1491 lapdm_acknowledge(mctx); /* V(A) is also set here */
1492
1493 /* Only if we are not in own receiver busy condition */
1494 if (!dl->own_busy) {
1495 /* if the frame carries a complete segment */
1496 if (!(msg->l2h[2] & LAPDm_MORE)
1497 && !dl->rcv_buffer) {
1498 LOGP(DLLAPDM, LOGL_INFO, "message in single I frame\n");
1499 /* send a DATA INDICATION to L3 */
1500 msg->l3h = msg->l2h + 3;
1501 msgb_pull_l2h(msg);
1502 msg->len = length;
1503 msg->tail = msg->data + length;
1504 rc = send_rslms_rll_l3(RSL_MT_DATA_IND, mctx, msg);
1505 } else {
1506 /* create rcv_buffer */
1507 if (!dl->rcv_buffer) {
1508 LOGP(DLLAPDM, LOGL_INFO, "message in multiple I "
1509 "frames (first message)\n");
1510 dl->rcv_buffer = msgb_alloc_headroom(200+56, 56,
1511 "LAPDm RX");
1512 dl->rcv_buffer->l3h = dl->rcv_buffer->data;
1513 }
1514 /* concat. rcv_buffer */
1515 if (msgb_l3len(dl->rcv_buffer) + length > 200) {
1516 LOGP(DLLAPDM, LOGL_NOTICE, "Received frame "
1517 "overflow!\n");
1518 } else {
1519 memcpy(msgb_put(dl->rcv_buffer, length),
1520 msg->l2h + 3, length);
1521 }
1522 /* if the last segment was received */
1523 if (!(msg->l2h[2] & LAPDm_MORE)) {
1524 LOGP(DLLAPDM, LOGL_INFO, "message in multiple I "
1525 "frames (last message)\n");
1526 rc = send_rslms_rll_l3(RSL_MT_DATA_IND, mctx,
1527 dl->rcv_buffer);
1528 dl->rcv_buffer = NULL;
1529 } else
1530 LOGP(DLLAPDM, LOGL_INFO, "message in multiple I "
1531 "frames (next message)\n");
1532 msgb_free(msg);
1533
1534 }
1535 } else
1536 LOGP(DLLAPDM, LOGL_INFO, "I frame ignored during own receiver "
1537 "busy condition\n");
1538
1539 /* Check for P bit */
1540 if (LAPDm_CTRL_PF_BIT(mctx->ctrl)) {
1541 /* 5.5.2.1 */
1542 /* check if we are not in own receiver busy */
1543 if (!dl->own_busy) {
1544 LOGP(DLLAPDM, LOGL_INFO, "we are not busy, send RR\n");
1545 /* Send RR with F=1 */
1546 rc = lapdm_send_rr(mctx, 1);
1547 } else {
1548 LOGP(DLLAPDM, LOGL_INFO, "we are busy, send RNR\n");
1549 /* Send RNR with F=1 */
1550 rc = lapdm_send_rnr(mctx, 1);
1551 }
1552 } else {
1553 /* 5.5.2.2 */
1554 /* check if we are not in own receiver busy */
1555 if (!dl->own_busy) {
1556 /* NOTE: V(R) is already set above */
1557 rc = rslms_send_i(mctx, __LINE__);
1558 if (rc) {
1559 LOGP(DLLAPDM, LOGL_INFO, "we are not busy and "
1560 "have no pending data, send RR\n");
1561 /* Send RR with F=0 */
1562 return lapdm_send_rr(mctx, 0);
1563 }
1564 /* all I or one RR is sent, we are done */
1565 return 0;
1566 } else {
1567 LOGP(DLLAPDM, LOGL_INFO, "we are busy, send RNR\n");
1568 /* Send RNR with F=0 */
1569 rc = lapdm_send_rnr(mctx, 0);
1570 }
1571 }
1572
1573 /* Send message, if possible due to acknowledged data */
1574 rslms_send_i(mctx, __LINE__);
1575
1576 return rc;
1577}
1578
1579/* Receive a LAPDm message from L1 */
1580static int lapdm_ph_data_ind(struct msgb *msg, struct lapdm_msg_ctx *mctx)
1581{
1582 int rc;
1583
1584 /* G.2.3 EA bit set to "0" is not allowed in GSM */
1585 if (!LAPDm_ADDR_EA(mctx->addr)) {
1586 LOGP(DLLAPDM, LOGL_NOTICE, "EA bit 0 is not allowed in GSM\n");
1587 msgb_free(msg);
1588 rsl_rll_error(RLL_CAUSE_FRM_UNIMPL, mctx);
1589 return -EINVAL;
1590 }
1591
1592 if (LAPDm_CTRL_is_U(mctx->ctrl))
1593 rc = lapdm_rx_u(msg, mctx);
1594 else if (LAPDm_CTRL_is_S(mctx->ctrl))
1595 rc = lapdm_rx_s(msg, mctx);
1596 else if (LAPDm_CTRL_is_I(mctx->ctrl))
1597 rc = lapdm_rx_i(msg, mctx);
1598 else {
1599 LOGP(DLLAPDM, LOGL_NOTICE, "unknown LAPDm format\n");
1600 msgb_free(msg);
1601 rc = -EINVAL;
1602 }
1603 return rc;
1604}
1605
1606/* input into layer2 (from layer 1) */
1607static int l2_ph_data_ind(struct msgb *msg, struct lapdm_entity *le, uint8_t chan_nr, uint8_t link_id)
1608{
1609 uint8_t cbits = chan_nr >> 3;
Harald Welte64207742011-06-27 23:32:14 +0200[diff] [blame]1610 uint8_t sapi; /* we cannot take SAPI from link_id, as L1 has no clue */
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]1611 struct lapdm_msg_ctx mctx;
1612 int rc = 0;
1613
1614 /* when we reach here, we have a msgb with l2h pointing to the raw
1615 * 23byte mac block. The l1h has already been purged. */
1616
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]1617 mctx.chan_nr = chan_nr;
1618 mctx.link_id = link_id;
1619 mctx.addr = mctx.ctrl = 0;
1620
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]1621 /* check for L1 chan_nr/link_id and determine LAPDm hdr format */
1622 if (cbits == 0x10 || cbits == 0x12) {
1623 /* Format Bbis is used on BCCH and CCCH(PCH, NCH and AGCH) */
1624 mctx.lapdm_fmt = LAPDm_FMT_Bbis;
1625 mctx.n201 = N201_Bbis;
Harald Welte64207742011-06-27 23:32:14 +0200[diff] [blame]1626 sapi = 0;
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]1627 } else {
1628 if (mctx.link_id & 0x40) {
Harald Welte7ca604b2011-06-29 12:13:51 +0200[diff] [blame]1629 /* It was received from network on SACCH */
1630
1631 /* If sent by BTS, lapdm_fmt must be B4 */
1632 if (le->mode == LAPDM_MODE_MS) {
1633 mctx.lapdm_fmt = LAPDm_FMT_B4;
1634 mctx.n201 = N201_B4;
1635 LOGP(DLLAPDM, LOGL_INFO, "fmt=B4\n");
1636 } else {
1637 mctx.lapdm_fmt = LAPDm_FMT_B;
1638 mctx.n201 = N201_AB_SACCH;
1639 LOGP(DLLAPDM, LOGL_INFO, "fmt=B\n");
1640 }
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]1641 /* SACCH frames have a two-byte L1 header that
1642 * OsmocomBB L1 doesn't strip */
1643 mctx.tx_power_ind = msg->l2h[0] & 0x1f;
1644 mctx.ta_ind = msg->l2h[1];
1645 msgb_pull(msg, 2);
1646 msg->l2h += 2;
Harald Welte64207742011-06-27 23:32:14 +0200[diff] [blame]1647 sapi = (msg->l2h[0] >> 2) & 7;
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]1648 } else {
1649 mctx.lapdm_fmt = LAPDm_FMT_B;
1650 LOGP(DLLAPDM, LOGL_INFO, "fmt=B\n");
1651 mctx.n201 = 23; // FIXME: select correct size by chan.
Harald Welte64207742011-06-27 23:32:14 +0200[diff] [blame]1652 sapi = (msg->l2h[0] >> 2) & 7;
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]1653 }
1654 }
1655
Harald Welte64207742011-06-27 23:32:14 +0200[diff] [blame]1656 mctx.dl = datalink_for_sapi(le, sapi);
1657 /* G.2.1 No action on frames containing an unallocated SAPI. */
1658 if (!mctx.dl) {
1659 LOGP(DLLAPDM, LOGL_NOTICE, "Received frame for unsupported "
1660 "SAPI %d!\n", sapi);
Harald Welte64207742011-06-27 23:32:14 +0200[diff] [blame]1661 msgb_free(msg);
1662 return -EIO;
1663 }
1664
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]1665 switch (mctx.lapdm_fmt) {
1666 case LAPDm_FMT_A:
1667 case LAPDm_FMT_B:
1668 case LAPDm_FMT_B4:
1669 mctx.addr = msg->l2h[0];
1670 if (!(mctx.addr & 0x01)) {
1671 LOGP(DLLAPDM, LOGL_ERROR, "we don't support "
1672 "multibyte addresses (discarding)\n");
1673 msgb_free(msg);
1674 return -EINVAL;
1675 }
1676 mctx.ctrl = msg->l2h[1];
1677 /* obtain SAPI from address field */
1678 mctx.link_id |= LAPDm_ADDR_SAPI(mctx.addr);
1679 rc = lapdm_ph_data_ind(msg, &mctx);
1680 break;
1681 case LAPDm_FMT_Bter:
1682 /* FIXME */
1683 msgb_free(msg);
1684 break;
1685 case LAPDm_FMT_Bbis:
1686 /* directly pass up to layer3 */
1687 LOGP(DLLAPDM, LOGL_INFO, "fmt=Bbis UI\n");
1688 msg->l3h = msg->l2h;
1689 msgb_pull_l2h(msg);
1690 rc = send_rslms_rll_l3(RSL_MT_UNIT_DATA_IND, &mctx, msg);
1691 break;
1692 default:
1693 msgb_free(msg);
1694 }
1695
1696 return rc;
1697}
1698
1699/* input into layer2 (from layer 1) */
1700static int l2_ph_rach_ind(struct lapdm_entity *le, uint8_t ra, uint32_t fn, uint8_t acc_delay)
1701{
1702 struct abis_rsl_cchan_hdr *ch;
1703 struct gsm48_req_ref req_ref;
1704 struct gsm_time gt;
1705 struct msgb *msg = msgb_alloc_headroom(512, 64, "RSL CHAN RQD");
1706
1707 msg->l2h = msgb_push(msg, sizeof(*ch));
1708 ch = (struct abis_rsl_cchan_hdr *)msg->l2h;
1709 rsl_init_cchan_hdr(ch, RSL_MT_CHAN_RQD);
1710 ch->chan_nr = RSL_CHAN_RACH;
1711
1712 /* generate a RSL CHANNEL REQUIRED message */
1713 gsm_fn2gsmtime(&gt, fn);
1714 req_ref.ra = ra;
1715 req_ref.t1 = gt.t1; /* FIXME: modulo? */
1716 req_ref.t2 = gt.t2;
1717 req_ref.t3_low = gt.t3 & 7;
1718 req_ref.t3_high = gt.t3 >> 3;
1719
1720 msgb_tv_fixed_put(msg, RSL_IE_REQ_REFERENCE, 3, (uint8_t *) &req_ref);
1721 msgb_tv_put(msg, RSL_IE_ACCESS_DELAY, acc_delay);
1722
1723 return rslms_sendmsg(msg, le);
1724}
1725
1726static int l2_ph_chan_conf(struct msgb *msg, struct lapdm_entity *le, uint32_t frame_nr);
1727
Harald Welte6bdf0b12011-08-17 18:22:08 +0200[diff] [blame]1728/*! \brief Receive a PH-SAP primitive from L1 */
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]1729int lapdm_phsap_up(struct osmo_prim_hdr *oph, struct lapdm_entity *le)
1730{
1731 struct osmo_phsap_prim *pp = (struct osmo_phsap_prim *) oph;
1732 int rc = 0;
1733
1734 if (oph->sap != SAP_GSM_PH) {
1735 LOGP(DLLAPDM, LOGL_ERROR, "primitive for unknown SAP %u\n",
1736 oph->sap);
1737 return -ENODEV;
1738 }
1739
1740 switch (oph->primitive) {
1741 case PRIM_PH_DATA:
1742 if (oph->operation != PRIM_OP_INDICATION) {
1743 LOGP(DLLAPDM, LOGL_ERROR, "PH_DATA is not INDICATION %u\n",
1744 oph->operation);
1745 return -ENODEV;
1746 }
1747 rc = l2_ph_data_ind(oph->msg, le, pp->u.data.chan_nr,
1748 pp->u.data.link_id);
1749 break;
1750 case PRIM_PH_RTS:
1751 if (oph->operation != PRIM_OP_INDICATION) {
1752 LOGP(DLLAPDM, LOGL_ERROR, "PH_RTS is not INDICATION %u\n",
1753 oph->operation);
1754 return -ENODEV;
1755 }
1756 rc = l2_ph_data_conf(oph->msg, le);
1757 break;
1758 case PRIM_PH_RACH:
1759 switch (oph->operation) {
1760 case PRIM_OP_INDICATION:
1761 rc = l2_ph_rach_ind(le, pp->u.rach_ind.ra, pp->u.rach_ind.fn,
1762 pp->u.rach_ind.acc_delay);
1763 break;
1764 case PRIM_OP_CONFIRM:
1765 rc = l2_ph_chan_conf(oph->msg, le, pp->u.rach_ind.fn);
1766 break;
1767 default:
1768 return -EIO;
1769 }
1770 break;
1771 }
1772
1773 return rc;
1774}
1775
1776
1777/* L3 -> L2 / RSLMS -> LAPDm */
1778
1779/* L3 requests establishment of data link */
1780static int rslms_rx_rll_est_req(struct msgb *msg, struct lapdm_datalink *dl)
1781{
1782 struct lapdm_entity *le = dl->entity;
1783 struct abis_rsl_rll_hdr *rllh = msgb_l2(msg);
1784 uint8_t chan_nr = rllh->chan_nr;
1785 uint8_t link_id = rllh->link_id;
1786 uint8_t sapi = rllh->link_id & 7;
1787 struct tlv_parsed tv;
1788 uint8_t length;
1789 uint8_t n201 = 23; //FIXME
1790
1791 /* Set chan_nr and link_id for established connection */
1792 memset(&dl->mctx, 0, sizeof(dl->mctx));
1793 dl->mctx.dl = dl;
1794 dl->mctx.n201 = n201;
1795 dl->mctx.chan_nr = chan_nr;
1796 dl->mctx.link_id = link_id;
1797
1798 rsl_tlv_parse(&tv, rllh->data, msgb_l2len(msg)-sizeof(*rllh));
1799 if (TLVP_PRESENT(&tv, RSL_IE_L3_INFO)) {
1800 msg->l3h = TLVP_VAL(&tv, RSL_IE_L3_INFO);
1801 /* contention resolution establishment procedure */
1802 if (sapi != 0) {
1803 /* According to clause 6, the contention resolution
1804 * procedure is only permitted with SAPI value 0 */
1805 LOGP(DLLAPDM, LOGL_ERROR, "SAPI != 0 but contention"
1806 "resolution (discarding)\n");
1807 msgb_free(msg);
1808 return send_rll_simple(RSL_MT_REL_IND, &dl->mctx);
1809 }
1810 /* transmit a SABM command with the P bit set to "1". The SABM
1811 * command shall contain the layer 3 message unit */
1812 length = TLVP_LEN(&tv, RSL_IE_L3_INFO);
1813 LOGP(DLLAPDM, LOGL_INFO, "perform establishment with content "
1814 "(SABM)\n");
1815 } else {
1816 /* normal establishment procedure */
1817 length = 0;
1818 LOGP(DLLAPDM, LOGL_INFO, "perform normal establishm. (SABM)\n");
1819 }
1820
1821 /* check if the layer3 message length exceeds N201 */
1822 if (length + 3 > 21) { /* FIXME: do we know the channel N201? */
1823 LOGP(DLLAPDM, LOGL_ERROR, "frame too large: %d > N201(%d) "
1824 "(discarding)\n", length + 3, 21);
1825 msgb_free(msg);
1826 return send_rll_simple(RSL_MT_REL_IND, &dl->mctx);
1827 }
1828
1829 /* Flush send-queue */
1830 /* Clear send-buffer */
1831 lapdm_dl_flush_send(dl);
1832
1833 /* Discard partly received L3 message */
1834 if (dl->rcv_buffer) {
1835 msgb_free(dl->rcv_buffer);
1836 dl->rcv_buffer = NULL;
1837 }
1838
1839 /* Remove RLL header from msgb */
1840 msgb_pull_l2h(msg);
1841
1842 /* Push LAPDm header on msgb */
1843 msg->l2h = msgb_push(msg, 3);
1844 msg->l2h[0] = LAPDm_ADDR(LAPDm_LPD_NORMAL, sapi, le->cr.loc2rem.cmd);
1845 msg->l2h[1] = LAPDm_CTRL_U(LAPDm_U_SABM, 1);
1846 msg->l2h[2] = LAPDm_LEN(length);
1847 /* Transmit-buffer carries exactly one segment */
1848 memcpy(dl->tx_hist[0], msg->l2h, 3 + length);
1849 dl->tx_length[0] = 3 + length;
1850 /* set Vs to 0, because it is used as index when resending SABM */
1851 dl->V_send = 0;
1852
1853 /* Set states */
1854 dl->own_busy = dl->peer_busy = 0;
1855 dl->retrans_ctr = 0;
1856 lapdm_dl_newstate(dl, LAPDm_STATE_SABM_SENT);
1857
1858 /* Tramsmit and start T200 */
1859 osmo_timer_schedule(&dl->t200, T200);
1860 return tx_ph_data_enqueue(dl, msg, chan_nr, link_id, n201);
1861}
1862
1863/* L3 requests transfer of unnumbered information */
1864static int rslms_rx_rll_udata_req(struct msgb *msg, struct lapdm_datalink *dl)
1865{
1866 struct lapdm_entity *le = dl->entity;
1867 struct abis_rsl_rll_hdr *rllh = msgb_l2(msg);
1868 uint8_t chan_nr = rllh->chan_nr;
1869 uint8_t link_id = rllh->link_id;
1870 uint8_t sapi = link_id & 7;
1871 struct tlv_parsed tv;
1872 int length;
1873 uint8_t n201 = 23; //FIXME
1874 uint8_t ta = 0, tx_power = 0;
1875
1876 /* check if the layer3 message length exceeds N201 */
1877
1878 rsl_tlv_parse(&tv, rllh->data, msgb_l2len(msg)-sizeof(*rllh));
1879
1880 if (TLVP_PRESENT(&tv, RSL_IE_TIMING_ADVANCE)) {
1881 ta = *TLVP_VAL(&tv, RSL_IE_TIMING_ADVANCE);
1882 }
1883 if (TLVP_PRESENT(&tv, RSL_IE_MS_POWER)) {
1884 tx_power = *TLVP_VAL(&tv, RSL_IE_MS_POWER);
1885 }
1886 if (!TLVP_PRESENT(&tv, RSL_IE_L3_INFO)) {
1887 LOGP(DLLAPDM, LOGL_ERROR, "unit data request without message "
1888 "error\n");
1889 msgb_free(msg);
1890 return -EINVAL;
1891 }
1892 msg->l3h = TLVP_VAL(&tv, RSL_IE_L3_INFO);
1893 length = TLVP_LEN(&tv, RSL_IE_L3_INFO);
1894 /* check if the layer3 message length exceeds N201 */
1895 if (length + 5 > 23) { /* FIXME: do we know the channel N201? */
1896 LOGP(DLLAPDM, LOGL_ERROR, "frame too large: %d > N201(%d) "
1897 "(discarding)\n", length + 5, 23);
1898 msgb_free(msg);
1899 return -EIO;
1900 }
1901
1902 LOGP(DLLAPDM, LOGL_INFO, "sending unit data (tx_power=%d, ta=%d)\n",
1903 tx_power, ta);
1904
1905 /* Remove RLL header from msgb */
1906 msgb_pull_l2h(msg);
1907
1908 /* Push L1 + LAPDm header on msgb */
1909 msg->l2h = msgb_push(msg, 2 + 3);
1910 msg->l2h[0] = tx_power;
1911 msg->l2h[1] = ta;
1912 msg->l2h[2] = LAPDm_ADDR(LAPDm_LPD_NORMAL, sapi, le->cr.loc2rem.cmd);
1913 msg->l2h[3] = LAPDm_CTRL_U(LAPDm_U_UI, 0);
1914 msg->l2h[4] = LAPDm_LEN(length);
1915 // FIXME: short L2 header support
1916
1917 /* Tramsmit */
1918 return tx_ph_data_enqueue(dl, msg, chan_nr, link_id, n201);
1919}
1920
1921/* L3 requests transfer of acknowledged information */
1922static int rslms_rx_rll_data_req(struct msgb *msg, struct lapdm_datalink *dl)
1923{
1924 struct abis_rsl_rll_hdr *rllh = msgb_l2(msg);
1925 struct tlv_parsed tv;
1926
1927 rsl_tlv_parse(&tv, rllh->data, msgb_l2len(msg)-sizeof(*rllh));
1928 if (!TLVP_PRESENT(&tv, RSL_IE_L3_INFO)) {
1929 LOGP(DLLAPDM, LOGL_ERROR, "data request without message "
1930 "error\n");
1931 msgb_free(msg);
1932 return -EINVAL;
1933 }
1934 msg->l3h = TLVP_VAL(&tv, RSL_IE_L3_INFO);
1935
1936 LOGP(DLLAPDM, LOGL_INFO, "writing message to send-queue\n");
1937
1938 /* Remove the RSL/RLL header */
1939 msgb_pull_l2h(msg);
1940
1941 /* Write data into the send queue */
1942 msgb_enqueue(&dl->send_queue, msg);
1943
1944 /* Send message, if possible */
1945 rslms_send_i(&dl->mctx, __LINE__);
1946 return 0;
1947}
1948
1949/* Send next I frame from queued/buffered data */
1950static int rslms_send_i(struct lapdm_msg_ctx *mctx, int line)
1951{
1952 struct lapdm_datalink *dl = mctx->dl;
1953 struct lapdm_entity *le = dl->entity;
1954 uint8_t chan_nr = mctx->chan_nr;
1955 uint8_t link_id = mctx->link_id;
1956 uint8_t sapi = link_id & 7;
1957 int k = k_sapi[sapi];
1958 struct msgb *msg;
1959 int length, left;
1960 int rc = - 1; /* we sent nothing */
1961
1962 LOGP(DLLAPDM, LOGL_INFO, "%s() called from line %d\n", __func__, line);
1963
1964 next_frame:
1965
1966 if (dl->peer_busy) {
1967 LOGP(DLLAPDM, LOGL_INFO, "peer busy, not sending\n");
1968 return rc;
1969 }
1970
1971 if (dl->state == LAPDm_STATE_TIMER_RECOV) {
1972 LOGP(DLLAPDM, LOGL_INFO, "timer recovery, not sending\n");
1973 return rc;
1974 }
1975
1976 /* If the send state variable V(S) is equal to V(A) plus k
1977 * (where k is the maximum number of outstanding I frames - see
1978 * subclause 5.8.4), the data link layer entity shall not transmit any
1979 * new I frames, but shall retransmit an I frame as a result
1980 * of the error recovery procedures as described in subclauses 5.5.4 and
1981 * 5.5.7. */
1982 if (dl->V_send == add_mod8(dl->V_ack, k)) {
1983 LOGP(DLLAPDM, LOGL_INFO, "k frames outstanding, not sending "
1984 "more (k=%u V(S)=%u V(A)=%u)\n", k, dl->V_send,
1985 dl->V_ack);
1986 return rc;
1987 }
1988
1989 /* if we have no tx_hist yet, we create it */
1990 if (!dl->tx_length[dl->V_send]) {
1991 /* Get next message into send-buffer, if any */
1992 if (!dl->send_buffer) {
1993 next_message:
1994 dl->send_out = 0;
1995 dl->send_buffer = msgb_dequeue(&dl->send_queue);
1996 /* No more data to be sent */
1997 if (!dl->send_buffer)
1998 return rc;
1999 LOGP(DLLAPDM, LOGL_INFO, "get message from "
2000 "send-queue\n");
2001 }
2002
2003 /* How much is left in the send-buffer? */
2004 left = msgb_l3len(dl->send_buffer) - dl->send_out;
2005 /* Segment, if data exceeds N201 */
2006 length = left;
2007 if (length > mctx->n201 - 3)
2008 length = mctx->n201 - 3;
2009 LOGP(DLLAPDM, LOGL_INFO, "msg-len %d sent %d left %d N201 %d "
2010 "length %d first byte %02x\n",
2011 msgb_l3len(dl->send_buffer), dl->send_out, left,
2012 mctx->n201, length, dl->send_buffer->l3h[0]);
2013 /* If message in send-buffer is completely sent */
2014 if (left == 0) {
2015 msgb_free(dl->send_buffer);
2016 dl->send_buffer = NULL;
2017 goto next_message;
2018 }
2019
2020 LOGP(DLLAPDM, LOGL_INFO, "send I frame %sV(S)=%d\n",
2021 (left > length) ? "segment " : "", dl->V_send);
2022
2023 /* Create I frame (segment) and transmit-buffer content */
2024 msg = msgb_alloc_headroom(23+10, 10, "LAPDm I");
2025 msg->l2h = msgb_put(msg, 3 + length);
2026 msg->l2h[0] = LAPDm_ADDR(LAPDm_LPD_NORMAL, sapi, le->cr.loc2rem.cmd);
2027 msg->l2h[1] = LAPDm_CTRL_I(dl->V_recv, dl->V_send, 0);
2028 msg->l2h[2] = LAPDm_LEN(length);
2029 if (left > length)
2030 msg->l2h[2] |= LAPDm_MORE;
2031 memcpy(msg->l2h + 3, dl->send_buffer->l3h + dl->send_out,
2032 length);
2033 memcpy(dl->tx_hist[dl->V_send], msg->l2h, 3 + length);
2034 dl->tx_length[dl->V_send] = 3 + length;
2035 /* Add length to track how much is already in the tx buffer */
2036 dl->send_out += length;
2037 } else {
2038 LOGP(DLLAPDM, LOGL_INFO, "resend I frame from tx buffer "
2039 "V(S)=%d\n", dl->V_send);
2040
2041 /* Create I frame (segment) from tx_hist */
2042 length = dl->tx_length[dl->V_send];
2043 msg = msgb_alloc_headroom(23+10, 10, "LAPDm I");
2044 msg->l2h = msgb_put(msg, length);
2045 memcpy(msg->l2h, dl->tx_hist[dl->V_send], length);
2046 msg->l2h[1] = LAPDm_CTRL_I(dl->V_recv, dl->V_send, 0);
2047 }
2048
2049 /* The value of the send state variable V(S) shall be incremented by 1
2050 * at the end of the transmission of the I frame */
2051 dl->V_send = inc_mod8(dl->V_send);
2052
2053 /* If timer T200 is not running at the time right before transmitting a
2054 * frame, when the PH-READY-TO-SEND primitive is received from the
2055 * physical layer., it shall be set. */
2056 if (!osmo_timer_pending(&dl->t200))
2057 osmo_timer_schedule(&dl->t200, T200);
2058
2059 tx_ph_data_enqueue(dl, msg, chan_nr, link_id, mctx->n201);
2060
2061 rc = 0; /* we sent something */
2062 goto next_frame;
2063}
2064
2065/* L3 requests suspension of data link */
2066static int rslms_rx_rll_susp_req(struct msgb *msg, struct lapdm_datalink *dl)
2067{
2068 struct abis_rsl_rll_hdr *rllh = msgb_l2(msg);
2069 uint8_t sapi = rllh->link_id & 7;
2070
2071 if (sapi != 0) {
2072 LOGP(DLLAPDM, LOGL_ERROR, "SAPI != 0 while suspending\n");
2073 msgb_free(msg);
2074 return -EINVAL;
2075 }
2076
2077 LOGP(DLLAPDM, LOGL_INFO, "perform suspension\n");
2078
2079 /* put back the send-buffer to the send-queue (first position) */
2080 if (dl->send_buffer) {
2081 LOGP(DLLAPDM, LOGL_INFO, "put frame in sendbuffer back to "
2082 "queue\n");
2083 llist_add(&dl->send_buffer->list, &dl->send_queue);
2084 dl->send_buffer = NULL;
2085 } else
2086 LOGP(DLLAPDM, LOGL_INFO, "no frame in sendbuffer\n");
2087
2088 /* Clear transmit buffer, but keep send buffer */
2089 lapdm_dl_flush_tx(dl);
2090
2091 msgb_free(msg);
2092
2093 return send_rll_simple(RSL_MT_SUSP_CONF, &dl->mctx);
2094}
2095
2096/* L3 requests resume of data link */
2097static int rslms_rx_rll_res_req(struct msgb *msg, struct lapdm_datalink *dl)
2098{
2099 struct lapdm_entity *le = dl->entity;
2100 struct abis_rsl_rll_hdr *rllh = msgb_l2(msg);
2101 uint8_t chan_nr = rllh->chan_nr;
2102 uint8_t link_id = rllh->link_id;
2103 uint8_t sapi = rllh->link_id & 7;
2104 struct tlv_parsed tv;
2105 uint8_t length;
2106 uint8_t n201 = 23; //FIXME
2107
2108 /* Set chan_nr and link_id for established connection */
2109 memset(&dl->mctx, 0, sizeof(dl->mctx));
2110 dl->mctx.dl = dl;
2111 dl->mctx.n201 = n201;
2112 dl->mctx.chan_nr = chan_nr;
2113 dl->mctx.link_id = link_id;
2114
2115 rsl_tlv_parse(&tv, rllh->data, msgb_l2len(msg)-sizeof(*rllh));
2116 if (!TLVP_PRESENT(&tv, RSL_IE_L3_INFO)) {
2117 LOGP(DLLAPDM, LOGL_ERROR, "resume without message error\n");
2118 msgb_free(msg);
2119 return send_rll_simple(RSL_MT_REL_IND, &dl->mctx);
2120 }
2121 length = TLVP_LEN(&tv, RSL_IE_L3_INFO);
2122
2123 LOGP(DLLAPDM, LOGL_INFO, "perform re-establishment (SABM) length=%d\n",
2124 length);
2125
2126 /* Replace message in the send-buffer (reconnect) */
2127 if (dl->send_buffer)
2128 msgb_free(dl->send_buffer);
2129 dl->send_out = 0;
2130 if (length) {
2131 /* Remove the RSL/RLL header */
2132 msgb_pull_l2h(msg);
2133 /* Write data into the send buffer, to be sent first */
2134 dl->send_buffer = msg;
2135 }
2136
2137 /* Discard partly received L3 message */
2138 if (dl->rcv_buffer) {
2139 msgb_free(dl->rcv_buffer);
2140 dl->rcv_buffer = NULL;
2141 }
2142
2143 /* Create new msgb (old one is now free) */
2144 msg = msgb_alloc_headroom(23+10, 10, "LAPDm SABM");
2145 msg->l2h = msgb_put(msg, 3);
2146 msg->l2h[0] = LAPDm_ADDR(LAPDm_LPD_NORMAL, sapi, le->cr.loc2rem.cmd);
2147 msg->l2h[1] = LAPDm_CTRL_U(LAPDm_U_SABM, 1);
2148 msg->l2h[2] = LAPDm_LEN(0);
2149 /* Transmit-buffer carries exactly one segment */
2150 memcpy(dl->tx_hist[0], msg->l2h, 3);
2151 dl->tx_length[0] = 3;
2152 /* set Vs to 0, because it is used as index when resending SABM */
2153 dl->V_send = 0;
2154
2155 /* Set states */
2156 dl->own_busy = dl->peer_busy = 0;
2157 dl->retrans_ctr = 0;
2158 lapdm_dl_newstate(dl, LAPDm_STATE_SABM_SENT);
2159
2160 /* Tramsmit and start T200 */
2161 osmo_timer_schedule(&dl->t200, T200);
2162 return tx_ph_data_enqueue(dl, msg, chan_nr, link_id, n201);
2163}
2164
2165/* L3 requests release of data link */
2166static int rslms_rx_rll_rel_req(struct msgb *msg, struct lapdm_datalink *dl)
2167{
2168 struct lapdm_entity *le = dl->entity;
2169 struct abis_rsl_rll_hdr *rllh = msgb_l2(msg);
2170 uint8_t chan_nr = rllh->chan_nr;
2171 uint8_t link_id = rllh->link_id;
2172 uint8_t sapi = rllh->link_id & 7;
2173 uint8_t mode = 0;
2174
2175 /* get release mode */
2176 if (rllh->data[0] == RSL_IE_RELEASE_MODE)
2177 mode = rllh->data[1] & 1;
2178
2179 /* local release */
2180 if (mode) {
2181 LOGP(DLLAPDM, LOGL_INFO, "perform local release\n");
2182 msgb_free(msg);
2183 /* reset Timer T200 */
2184 osmo_timer_del(&dl->t200);
2185 /* enter idle state */
2186 lapdm_dl_newstate(dl, LAPDm_STATE_IDLE);
2187 /* flush buffers */
2188 lapdm_dl_flush_tx(dl);
2189 lapdm_dl_flush_send(dl);
2190 /* send notification to L3 */
2191 return send_rll_simple(RSL_MT_REL_CONF, &dl->mctx);
2192 }
2193
2194 /* in case we are already disconnecting */
2195 if (dl->state == LAPDm_STATE_DISC_SENT)
2196 return -EBUSY;
2197
2198 LOGP(DLLAPDM, LOGL_INFO, "perform normal release (DISC)\n");
2199
2200 /* Pull rllh */
2201 msgb_pull(msg, msg->tail - msg->l2h);
2202
2203 /* Push LAPDm header on msgb */
2204 msg->l2h = msgb_push(msg, 3);
2205 msg->l2h[0] = LAPDm_ADDR(LAPDm_LPD_NORMAL, sapi, le->cr.loc2rem.cmd);
2206 msg->l2h[1] = LAPDm_CTRL_U(LAPDm_U_DISC, 1);
2207 msg->l2h[2] = LAPDm_LEN(0);
2208 /* Transmit-buffer carries exactly one segment */
2209 memcpy(dl->tx_hist[0], msg->l2h, 3);
2210 dl->tx_length[0] = 3;
2211
2212 /* Set states */
2213 dl->own_busy = dl->peer_busy = 0;
2214 dl->retrans_ctr = 0;
2215 lapdm_dl_newstate(dl, LAPDm_STATE_DISC_SENT);
2216
2217 /* Tramsmit and start T200 */
2218 osmo_timer_schedule(&dl->t200, T200);
2219 return tx_ph_data_enqueue(dl, msg, chan_nr, link_id, dl->mctx.n201);
2220}
2221
2222/* L3 requests release in idle state */
2223static int rslms_rx_rll_rel_req_idle(struct msgb *msg, struct lapdm_datalink *dl)
2224{
2225 msgb_free(msg);
2226
2227 /* send notification to L3 */
2228 return send_rll_simple(RSL_MT_REL_CONF, &dl->mctx);
2229}
2230
2231/* L3 requests channel in idle state */
2232static int rslms_rx_chan_rqd(struct lapdm_channel *lc, struct msgb *msg)
2233{
2234 struct abis_rsl_cchan_hdr *cch = msgb_l2(msg);
2235 void *l1ctx = lc->lapdm_dcch.l1_ctx;
2236 struct osmo_phsap_prim pp;
2237
2238 osmo_prim_init(&pp.oph, SAP_GSM_PH, PRIM_PH_RACH,
2239 PRIM_OP_REQUEST, NULL);
2240
2241 if (msgb_l2len(msg) < sizeof(*cch) + 4 + 2 + 2) {
2242 LOGP(DLLAPDM, LOGL_ERROR, "Message too short for CHAN RQD!\n");
2243 return -EINVAL;
2244 }
2245 if (cch->data[0] != RSL_IE_REQ_REFERENCE) {
2246 LOGP(DLLAPDM, LOGL_ERROR, "Missing REQ REFERENCE IE\n");
2247 return -EINVAL;
2248 }
2249 pp.u.rach_req.ra = cch->data[1];
2250 pp.u.rach_req.offset = ((cch->data[2] & 0x7f) << 8) | cch->data[3];
2251 pp.u.rach_req.is_combined_ccch = cch->data[2] >> 7;
2252
2253 if (cch->data[4] != RSL_IE_ACCESS_DELAY) {
2254 LOGP(DLLAPDM, LOGL_ERROR, "Missing ACCESS_DELAY IE\n");
2255 return -EINVAL;
2256 }
2257 /* TA = 0 - delay */
2258 pp.u.rach_req.ta = 0 - cch->data[5];
2259
2260 if (cch->data[6] != RSL_IE_MS_POWER) {
2261 LOGP(DLLAPDM, LOGL_ERROR, "Missing MS POWER IE\n");
2262 return -EINVAL;
2263 }
2264 pp.u.rach_req.tx_power = cch->data[7];
2265
2266 msgb_free(msg);
2267
2268 return lc->lapdm_dcch.l1_prim_cb(&pp.oph, l1ctx);
2269}
2270
2271/* L1 confirms channel request */
2272static int l2_ph_chan_conf(struct msgb *msg, struct lapdm_entity *le, uint32_t frame_nr)
2273{
2274 struct abis_rsl_cchan_hdr *ch;
2275 struct gsm_time tm;
2276 struct gsm48_req_ref *ref;
2277
2278 gsm_fn2gsmtime(&tm, frame_nr);
2279
2280 msgb_pull_l2h(msg);
2281 msg->l2h = msgb_push(msg, sizeof(*ch) + sizeof(*ref));
2282 ch = (struct abis_rsl_cchan_hdr *)msg->l2h;
2283 rsl_init_cchan_hdr(ch, RSL_MT_CHAN_CONF);
2284 ch->chan_nr = RSL_CHAN_RACH;
2285 ch->data[0] = RSL_IE_REQ_REFERENCE;
2286 ref = (struct gsm48_req_ref *) (ch->data + 1);
2287 ref->t1 = tm.t1;
2288 ref->t2 = tm.t2;
2289 ref->t3_low = tm.t3 & 0x7;
2290 ref->t3_high = tm.t3 >> 3;
2291
2292 return rslms_sendmsg(msg, le);
2293}
2294
2295const char *lapdm_state_names[] = {
2296 "LAPDm_STATE_NULL",
2297 "LAPDm_STATE_IDLE",
2298 "LAPDm_STATE_SABM_SENT",
2299 "LAPDm_STATE_MF_EST",
2300 "LAPDm_STATE_TIMER_RECOV",
2301 "LAPDm_STATE_DISC_SENT",
2302};
2303
2304/* statefull handling for RSLms RLL messages from L3 */
2305static struct l2downstate {
2306 uint32_t states;
2307 int type;
2308 int (*rout) (struct msgb *msg, struct lapdm_datalink *dl);
2309} l2downstatelist[] = {
2310 /* create and send UI command */
2311 {ALL_STATES,
2312 RSL_MT_UNIT_DATA_REQ, rslms_rx_rll_udata_req},
2313
2314 /* create and send SABM command */
2315 {SBIT(LAPDm_STATE_IDLE),
2316 RSL_MT_EST_REQ, rslms_rx_rll_est_req},
2317
2318 /* create and send I command */
2319 {SBIT(LAPDm_STATE_MF_EST) |
2320 SBIT(LAPDm_STATE_TIMER_RECOV),
2321 RSL_MT_DATA_REQ, rslms_rx_rll_data_req},
2322
2323 /* suspend datalink */
2324 {SBIT(LAPDm_STATE_MF_EST) |
2325 SBIT(LAPDm_STATE_TIMER_RECOV),
2326 RSL_MT_SUSP_REQ, rslms_rx_rll_susp_req},
2327
2328 /* create and send SABM command (resume) */
2329 {SBIT(LAPDm_STATE_MF_EST) |
2330 SBIT(LAPDm_STATE_TIMER_RECOV),
2331 RSL_MT_RES_REQ, rslms_rx_rll_res_req},
2332
2333 /* create and send SABM command (reconnect) */
2334 {SBIT(LAPDm_STATE_IDLE) |
2335 SBIT(LAPDm_STATE_MF_EST) |
2336 SBIT(LAPDm_STATE_TIMER_RECOV),
2337 RSL_MT_RECON_REQ, rslms_rx_rll_res_req},
2338
2339 /* create and send DISC command */
2340 {SBIT(LAPDm_STATE_SABM_SENT) |
2341 SBIT(LAPDm_STATE_MF_EST) |
2342 SBIT(LAPDm_STATE_TIMER_RECOV) |
2343 SBIT(LAPDm_STATE_DISC_SENT),
2344 RSL_MT_REL_REQ, rslms_rx_rll_rel_req},
2345
2346 /* release in idle state */
2347 {SBIT(LAPDm_STATE_IDLE),
2348 RSL_MT_REL_REQ, rslms_rx_rll_rel_req_idle},
2349};
2350
2351#define L2DOWNSLLEN \
2352 (sizeof(l2downstatelist) / sizeof(struct l2downstate))
2353
2354/* incoming RSLms RLL message from L3 */
2355static int rslms_rx_rll(struct msgb *msg, struct lapdm_channel *lc)
2356{
2357 struct abis_rsl_rll_hdr *rllh = msgb_l2(msg);
2358 int msg_type = rllh->c.msg_type;
2359 uint8_t sapi = rllh->link_id & 7;
2360 struct lapdm_entity *le;
2361 struct lapdm_datalink *dl;
2362 int i, supported = 0;
2363 int rc = 0;
2364
2365 if (msgb_l2len(msg) < sizeof(*rllh)) {
2366 LOGP(DLLAPDM, LOGL_ERROR, "Message too short for RLL hdr!\n");
2367 return -EINVAL;
2368 }
2369
2370 if (rllh->link_id & 0x40)
2371 le = &lc->lapdm_acch;
2372 else
2373 le = &lc->lapdm_dcch;
2374
2375 /* G.2.1 No action schall be taken on frames containing an unallocated
2376 * SAPI.
2377 */
2378 dl = datalink_for_sapi(le, sapi);
2379 if (!dl) {
2380 LOGP(DLLAPDM, LOGL_ERROR, "No instance for SAPI %d!\n", sapi);
2381 return -EINVAL;
2382 }
2383
2384 LOGP(DLLAPDM, LOGL_INFO, "(%p) RLL Message '%s' received in state %s\n",
2385 lc->name, rsl_msg_name(msg_type), lapdm_state_names[dl->state]);
2386
2387 /* find function for current state and message */
2388 for (i = 0; i < L2DOWNSLLEN; i++) {
2389 if (msg_type == l2downstatelist[i].type)
2390 supported = 1;
2391 if ((msg_type == l2downstatelist[i].type)
2392 && ((1 << dl->state) & l2downstatelist[i].states))
2393 break;
2394 }
2395 if (!supported) {
2396 LOGP(DLLAPDM, LOGL_NOTICE, "Message unsupported.\n");
2397 msgb_free(msg);
2398 return 0;
2399 }
2400 if (i == L2DOWNSLLEN) {
2401 LOGP(DLLAPDM, LOGL_NOTICE, "Message unhandled at this state.\n");
2402 msgb_free(msg);
2403 return 0;
2404 }
2405
2406 rc = l2downstatelist[i].rout(msg, dl);
2407
2408 return rc;
2409}
2410
2411/* incoming RSLms COMMON CHANNEL message from L3 */
2412static int rslms_rx_com_chan(struct msgb *msg, struct lapdm_channel *lc)
2413{
2414 struct abis_rsl_cchan_hdr *cch = msgb_l2(msg);
2415 int msg_type = cch->c.msg_type;
2416 int rc = 0;
2417
2418 if (msgb_l2len(msg) < sizeof(*cch)) {
2419 LOGP(DLLAPDM, LOGL_ERROR, "Message too short for COM CHAN hdr!\n");
2420 return -EINVAL;
2421 }
2422
2423 switch (msg_type) {
2424 case RSL_MT_CHAN_RQD:
2425 /* create and send RACH request */
2426 rc = rslms_rx_chan_rqd(lc, msg);
2427 break;
2428 default:
2429 LOGP(DLLAPDM, LOGL_NOTICE, "Unknown COMMON CHANNEL msg %d!\n",
2430 msg_type);
2431 msgb_free(msg);
2432 return 0;
2433 }
2434
2435 return rc;
2436}
2437
Harald Welte6bdf0b12011-08-17 18:22:08 +0200[diff] [blame]2438/*! \brief Receive a RSLms \ref msgb from Layer 3 */
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]2439int lapdm_rslms_recvmsg(struct msgb *msg, struct lapdm_channel *lc)
2440{
2441 struct abis_rsl_common_hdr *rslh = msgb_l2(msg);
2442 int rc = 0;
2443
2444 if (msgb_l2len(msg) < sizeof(*rslh)) {
2445 LOGP(DLLAPDM, LOGL_ERROR, "Message too short RSL hdr!\n");
2446 return -EINVAL;
2447 }
2448
2449 switch (rslh->msg_discr & 0xfe) {
2450 case ABIS_RSL_MDISC_RLL:
2451 rc = rslms_rx_rll(msg, lc);
2452 break;
2453 case ABIS_RSL_MDISC_COM_CHAN:
2454 rc = rslms_rx_com_chan(msg, lc);
2455 break;
2456 default:
2457 LOGP(DLLAPDM, LOGL_ERROR, "unknown RSLms message "
2458 "discriminator 0x%02x", rslh->msg_discr);
2459 msgb_free(msg);
2460 return -EINVAL;
2461 }
2462
2463 return rc;
2464}
2465
Harald Welte6bdf0b12011-08-17 18:22:08 +0200[diff] [blame]2466/*! \brief Set the \ref lapdm_mode of a LAPDm entity */
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]2467int lapdm_entity_set_mode(struct lapdm_entity *le, enum lapdm_mode mode)
2468{
2469 switch (mode) {
2470 case LAPDM_MODE_MS:
2471 le->cr.loc2rem.cmd = CR_MS2BS_CMD;
2472 le->cr.loc2rem.resp = CR_MS2BS_RESP;
2473 le->cr.rem2loc.cmd = CR_BS2MS_CMD;
2474 le->cr.rem2loc.resp = CR_BS2MS_RESP;
2475 break;
2476 case LAPDM_MODE_BTS:
2477 le->cr.loc2rem.cmd = CR_BS2MS_CMD;
2478 le->cr.loc2rem.resp = CR_BS2MS_RESP;
2479 le->cr.rem2loc.cmd = CR_MS2BS_CMD;
2480 le->cr.rem2loc.resp = CR_MS2BS_RESP;
2481 break;
2482 default:
2483 return -EINVAL;
2484 }
2485
2486 le->mode = mode;
2487
2488 return 0;
2489}
2490
Harald Welte6bdf0b12011-08-17 18:22:08 +0200[diff] [blame]2491/*! \brief Set the \ref lapdm_mode of a LAPDm channel*/
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]2492int lapdm_channel_set_mode(struct lapdm_channel *lc, enum lapdm_mode mode)
2493{
2494 int rc;
2495
2496 rc = lapdm_entity_set_mode(&lc->lapdm_dcch, mode);
2497 if (rc < 0)
2498 return rc;
2499
2500 return lapdm_entity_set_mode(&lc->lapdm_acch, mode);
2501}
2502
Harald Welte6bdf0b12011-08-17 18:22:08 +0200[diff] [blame]2503/*! \brief Set the L1 callback and context of a LAPDm channel */
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]2504void lapdm_channel_set_l1(struct lapdm_channel *lc, osmo_prim_cb cb, void *ctx)
2505{
2506 lc->lapdm_dcch.l1_prim_cb = cb;
2507 lc->lapdm_acch.l1_prim_cb = cb;
2508 lc->lapdm_dcch.l1_ctx = ctx;
2509 lc->lapdm_acch.l1_ctx = ctx;
2510}
2511
Harald Welte6bdf0b12011-08-17 18:22:08 +0200[diff] [blame]2512/*! \brief Set the L3 callback and context of a LAPDm channel */
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]2513void lapdm_channel_set_l3(struct lapdm_channel *lc, lapdm_cb_t cb, void *ctx)
2514{
2515 lc->lapdm_dcch.l3_cb = cb;
2516 lc->lapdm_acch.l3_cb = cb;
2517 lc->lapdm_dcch.l3_ctx = ctx;
2518 lc->lapdm_acch.l3_ctx = ctx;
2519}
2520
Harald Welte6bdf0b12011-08-17 18:22:08 +0200[diff] [blame]2521/*! \brief Reset an entire LAPDm entity and all its datalinks */
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]2522void lapdm_entity_reset(struct lapdm_entity *le)
2523{
2524 struct lapdm_datalink *dl;
2525 int i;
2526
2527 for (i = 0; i < ARRAY_SIZE(le->datalink); i++) {
2528 dl = &le->datalink[i];
2529 if (dl->state == LAPDm_STATE_IDLE)
2530 continue;
2531 LOGP(DLLAPDM, LOGL_INFO, "Resetting LAPDm instance\n");
2532 /* reset Timer T200 */
2533 osmo_timer_del(&dl->t200);
2534 /* enter idle state */
2535 dl->state = LAPDm_STATE_IDLE;
2536 /* flush buffer */
2537 lapdm_dl_flush_tx(dl);
2538 lapdm_dl_flush_send(dl);
2539 }
2540}
2541
Harald Welte6bdf0b12011-08-17 18:22:08 +0200[diff] [blame]2542/*! \brief Reset a LAPDm channel with all its entities */
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]2543void lapdm_channel_reset(struct lapdm_channel *lc)
2544{
2545 lapdm_entity_reset(&lc->lapdm_dcch);
2546 lapdm_entity_reset(&lc->lapdm_acch);
2547}
2548
Harald Welte6bdf0b12011-08-17 18:22:08 +0200[diff] [blame]2549/*! \brief Set the flags of a LAPDm entity */
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]2550void lapdm_entity_set_flags(struct lapdm_entity *le, unsigned int flags)
2551{
2552 le->flags = flags;
2553}
2554
Harald Welte6bdf0b12011-08-17 18:22:08 +0200[diff] [blame]2555/*! \brief Set the flags of all LAPDm entities in a LAPDm channel */
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]2556void lapdm_channel_set_flags(struct lapdm_channel *lc, unsigned int flags)
2557{
2558 lapdm_entity_set_flags(&lc->lapdm_dcch, flags);
2559 lapdm_entity_set_flags(&lc->lapdm_acch, flags);
2560}
Harald Welte6bdf0b12011-08-17 18:22:08 +0200[diff] [blame]2561
2562/*! }@ */