Gitiles
Code Review Sign In
gerrit.osmocom.org / libosmocore / f84571d0f46845285b810a48679a554fb68ec278 / . / src / gsm / lapdm.c
blob: a2212785132fef1aa11d8884d76147f1f8ebd5b1 [file] [log] [blame]
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]1/* GSM LAPDm (TS 04.06) implementation */
2
3/* (C) 2010-2011 by Harald Welte <laforge@gnumonks.org>
4 * (C) 2010 by Andreas Eversberg <jolly@eversberg.eu>
5 *
6 * All Rights Reserved
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License along
19 * with this program; if not, write to the Free Software Foundation, Inc.,
20 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 *
22 */
23
Harald Welte6bdf0b12011-08-17 18:22:08 +0200[diff] [blame]24/*! \addtogroup lapdm
25 * @{
26 */
27
28/*! \file lapdm.c */
29
30/*!
31 * Notes on Buffering: rcv_buffer, tx_queue, tx_hist, send_buffer, send_queue
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]32 *
33 * RX data is stored in the rcv_buffer (pointer). If the message is complete, it
34 * is removed from rcv_buffer pointer and forwarded to L3. If the RX data is
35 * received while there is an incomplete rcv_buffer, it is appended to it.
36 *
37 * TX data is stored in the send_queue first. When transmitting a frame,
38 * the first message in the send_queue is moved to the send_buffer. There it
39 * resides until all fragments are acknowledged. Fragments to be sent by I
40 * frames are stored in the tx_hist buffer for resend, if required. Also the
41 * current fragment is copied into the tx_queue. There it resides until it is
42 * forwarded to layer 1.
43 *
44 * In case we have SAPI 0, we only have a window size of 1, so the unack-
45 * nowledged message resides always in the send_buffer. In case of a suspend,
46 * it can be written back to the first position of the send_queue.
47 *
48 * The layer 1 normally sends a PH-READY-TO-SEND. But because we use
49 * asynchronous transfer between layer 1 and layer 2 (serial link), we must
50 * send a frame before layer 1 reaches the right timeslot to send it. So we
51 * move the tx_queue to layer 1 when there is not already a pending frame, and
52 * wait until acknowledge after the frame has been sent. If we receive an
53 * acknowledge, we can send the next frame from the buffer, if any.
54 *
55 * The moving of tx_queue to layer 1 may also trigger T200, if desired. Also it
56 * will trigger next I frame, if possible.
57 *
58 */
59
60#include <stdio.h>
61#include <stdint.h>
62#include <string.h>
63#include <errno.h>
64#include <arpa/inet.h>
65
66#include <osmocom/core/logging.h>
67#include <osmocom/core/timer.h>
68#include <osmocom/core/msgb.h>
69#include <osmocom/core/utils.h>
70
71#include <osmocom/gsm/tlv.h>
72#include <osmocom/gsm/rsl.h>
73#include <osmocom/gsm/prim.h>
74#include <osmocom/gsm/gsm_utils.h>
75#include <osmocom/gsm/lapdm.h>
76
77#include <osmocom/gsm/protocol/gsm_04_08.h>
78#include <osmocom/gsm/protocol/gsm_08_58.h>
79
80/* TS 04.06 Figure 4 / Section 3.2 */
81#define LAPDm_LPD_NORMAL 0
82#define LAPDm_LPD_SMSCB 1
83#define LAPDm_SAPI_NORMAL 0
84#define LAPDm_SAPI_SMS 3
85#define LAPDm_ADDR(lpd, sapi, cr) ((((lpd) & 0x3) << 5) | (((sapi) & 0x7) << 2) | (((cr) & 0x1) << 1) | 0x1)
86
87#define LAPDm_ADDR_SAPI(addr) (((addr) >> 2) & 0x7)
88#define LAPDm_ADDR_CR(addr) (((addr) >> 1) & 0x1)
89#define LAPDm_ADDR_EA(addr) ((addr) & 0x1)
90
91/* TS 04.06 Table 3 / Section 3.4.3 */
92#define LAPDm_CTRL_I(nr, ns, p) ((((nr) & 0x7) << 5) | (((p) & 0x1) << 4) | (((ns) & 0x7) << 1))
93#define LAPDm_CTRL_S(nr, s, p) ((((nr) & 0x7) << 5) | (((p) & 0x1) << 4) | (((s) & 0x3) << 2) | 0x1)
94#define LAPDm_CTRL_U(u, p) ((((u) & 0x1c) << (5-2)) | (((p) & 0x1) << 4) | (((u) & 0x3) << 2) | 0x3)
95
96#define LAPDm_CTRL_is_I(ctrl) (((ctrl) & 0x1) == 0)
97#define LAPDm_CTRL_is_S(ctrl) (((ctrl) & 0x3) == 1)
98#define LAPDm_CTRL_is_U(ctrl) (((ctrl) & 0x3) == 3)
99
100#define LAPDm_CTRL_U_BITS(ctrl) ((((ctrl) & 0xC) >> 2) | ((ctrl) & 0xE0) >> 3)
101#define LAPDm_CTRL_PF_BIT(ctrl) (((ctrl) >> 4) & 0x1)
102
103#define LAPDm_CTRL_S_BITS(ctrl) (((ctrl) & 0xC) >> 2)
104
105#define LAPDm_CTRL_I_Ns(ctrl) (((ctrl) & 0xE) >> 1)
106#define LAPDm_CTRL_Nr(ctrl) (((ctrl) & 0xE0) >> 5)
107
108/* TS 04.06 Table 4 / Section 3.8.1 */
109#define LAPDm_U_SABM 0x7
110#define LAPDm_U_DM 0x3
111#define LAPDm_U_UI 0x0
112#define LAPDm_U_DISC 0x8
113#define LAPDm_U_UA 0xC
114
115#define LAPDm_S_RR 0x0
116#define LAPDm_S_RNR 0x1
117#define LAPDm_S_REJ 0x2
118
119#define LAPDm_LEN(len) ((len << 2) | 0x1)
120#define LAPDm_MORE 0x2
121
122/* TS 04.06 Section 5.8.3 */
123#define N201_AB_SACCH 18
124#define N201_AB_SDCCH 20
125#define N201_AB_FACCH 20
126#define N201_Bbis 23
127#define N201_Bter_SACCH 21
128#define N201_Bter_SDCCH 23
129#define N201_Bter_FACCH 23
130#define N201_B4 19
131
132/* 5.8.2.1 N200 during establish and release */
133#define N200_EST_REL 5
134/* 5.8.2.1 N200 during timer recovery state */
135#define N200_TR_SACCH 5
136#define N200_TR_SDCCH 23
137#define N200_TR_FACCH_FR 34
138#define N200_TR_EFACCH_FR 48
139#define N200_TR_FACCH_HR 29
140/* FIXME: this depends on chan type */
141#define N200 N200_TR_SACCH
142
143#define CR_MS2BS_CMD 0
144#define CR_MS2BS_RESP 1
145#define CR_BS2MS_CMD 1
146#define CR_BS2MS_RESP 0
147
148/* Set T200 to 1 Second (OpenBTS uses 900ms) */
149#define T200 1, 0
150
151/* k value for each SAPI */
152static uint8_t k_sapi[] = {1, 1, 1, 1, 1, 1, 1, 1};
153
154enum lapdm_format {
155 LAPDm_FMT_A,
156 LAPDm_FMT_B,
157 LAPDm_FMT_Bbis,
158 LAPDm_FMT_Bter,
159 LAPDm_FMT_B4,
160};
161
162static void lapdm_t200_cb(void *data);
163static int rslms_send_i(struct lapdm_msg_ctx *mctx, int line);
164
165/* UTILITY FUNCTIONS */
166
167static inline uint8_t inc_mod8(uint8_t x)
168{
169 return (x + 1) & 7;
170}
171
172static inline uint8_t add_mod8(uint8_t x, uint8_t y)
173{
174 return (x + y) & 7;
175}
176
177static inline uint8_t sub_mod8(uint8_t x, uint8_t y)
178{
179 return (x - y) & 7; /* handle negative results correctly */
180}
181
182static void lapdm_dl_init(struct lapdm_datalink *dl,
183 struct lapdm_entity *entity)
184{
185 memset(dl, 0, sizeof(*dl));
186 INIT_LLIST_HEAD(&dl->send_queue);
187 INIT_LLIST_HEAD(&dl->tx_queue);
188 dl->state = LAPDm_STATE_IDLE;
189 dl->t200.data = dl;
190 dl->t200.cb = &lapdm_t200_cb;
191 dl->entity = entity;
192}
193
Harald Welte6bdf0b12011-08-17 18:22:08 +0200[diff] [blame]194/*! \brief initialize a LAPDm entity and all datalinks inside
195 * \param[in] le LAPDm entity
196 * \param[in] mode \ref lapdm_mode (BTS/MS)
197 */
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]198void lapdm_entity_init(struct lapdm_entity *le, enum lapdm_mode mode)
199{
200 unsigned int i;
201
202 for (i = 0; i < ARRAY_SIZE(le->datalink); i++)
203 lapdm_dl_init(&le->datalink[i], le);
204
205 lapdm_entity_set_mode(le, mode);
206}
207
Harald Welte6bdf0b12011-08-17 18:22:08 +0200[diff] [blame]208/*! \brief initialize a LAPDm channel and all its channels
209 * \param[in] lc \ref lapdm_channel to be initialized
210 * \param[in] mode \ref lapdm_mode (BTS/MS)
211 *
212 * This really is a convenience wrapper around calling \ref
213 * lapdm_entity_init twice.
214 */
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]215void lapdm_channel_init(struct lapdm_channel *lc, enum lapdm_mode mode)
216{
217 lapdm_entity_init(&lc->lapdm_acch, mode);
218 lapdm_entity_init(&lc->lapdm_dcch, mode);
219}
220
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]221static void lapdm_dl_flush_send(struct lapdm_datalink *dl)
222{
223 struct msgb *msg;
224
225 /* Flush send-queue */
226 while ((msg = msgb_dequeue(&dl->send_queue)))
227 msgb_free(msg);
228
229 /* Clear send-buffer */
230 if (dl->send_buffer) {
231 msgb_free(dl->send_buffer);
232 dl->send_buffer = NULL;
233 }
234}
235
236static void lapdm_dl_flush_tx(struct lapdm_datalink *dl)
237{
238 struct msgb *msg;
239 unsigned int i;
240
241 while ((msg = msgb_dequeue(&dl->tx_queue)))
242 msgb_free(msg);
243 for (i = 0; i < 8; i++)
244 dl->tx_length[i] = 0;
245}
246
Harald Welte6bdf0b12011-08-17 18:22:08 +0200[diff] [blame]247/*! \brief flush and release all resoures in LAPDm entity */
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]248void lapdm_entity_exit(struct lapdm_entity *le)
249{
250 unsigned int i;
251 struct lapdm_datalink *dl;
252
253 for (i = 0; i < ARRAY_SIZE(le->datalink); i++) {
254 dl = &le->datalink[i];
255 lapdm_dl_flush_tx(dl);
256 lapdm_dl_flush_send(dl);
257 if (dl->rcv_buffer)
258 msgb_free(dl->rcv_buffer);
259 }
260}
261
Harald Welte6bdf0b12011-08-17 18:22:08 +0200[diff] [blame]262/* \brief lfush and release all resources in LAPDm channel
263 *
264 * A convenience wrapper calling \ref lapdm_entity_exit on both
265 * entities inside the \ref lapdm_channel
266 */
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]267void lapdm_channel_exit(struct lapdm_channel *lc)
268{
269 lapdm_entity_exit(&lc->lapdm_acch);
270 lapdm_entity_exit(&lc->lapdm_dcch);
271}
272
273static void lapdm_dl_newstate(struct lapdm_datalink *dl, uint32_t state)
274{
275 LOGP(DLLAPDM, LOGL_INFO, "new state %s -> %s\n",
276 lapdm_state_names[dl->state], lapdm_state_names[state]);
277
278 dl->state = state;
279}
280
281static struct lapdm_datalink *datalink_for_sapi(struct lapdm_entity *le, uint8_t sapi)
282{
283 switch (sapi) {
284 case LAPDm_SAPI_NORMAL:
285 return &le->datalink[0];
286 case LAPDm_SAPI_SMS:
287 return &le->datalink[1];
288 default:
289 return NULL;
290 }
291}
292
293/* remove the L2 header from a MSGB */
294static inline unsigned char *msgb_pull_l2h(struct msgb *msg)
295{
296 unsigned char *ret = msgb_pull(msg, msg->l3h - msg->l2h);
297 msg->l2h = NULL;
298 return ret;
299}
300
301/* Append padding (if required) */
302static void lapdm_pad_msgb(struct msgb *msg, uint8_t n201)
303{
304 int pad_len = n201 - msgb_l2len(msg);
305 uint8_t *data;
306
307 if (pad_len < 0) {
308 LOGP(DLLAPDM, LOGL_ERROR,
309 "cannot pad message that is already too big!\n");
310 return;
311 }
312
313 data = msgb_put(msg, pad_len);
314 memset(data, 0x2B, pad_len);
315}
316
317/* input function that L2 calls when sending messages up to L3 */
318static int rslms_sendmsg(struct msgb *msg, struct lapdm_entity *le)
319{
320 if (!le->l3_cb) {
321 msgb_free(msg);
322 return -EIO;
323 }
324
325 /* call the layer2 message handler that is registered */
326 return le->l3_cb(msg, le, le->l3_ctx);
327}
328
329/* write a frame into the tx queue */
330static int tx_ph_data_enqueue(struct lapdm_datalink *dl, struct msgb *msg,
331 uint8_t chan_nr, uint8_t link_id, uint8_t n201)
332{
333 struct lapdm_entity *le = dl->entity;
334 struct osmo_phsap_prim pp;
335
336 /* if there is a pending message, queue it */
337 if (le->tx_pending || le->flags & LAPDM_ENT_F_POLLING_ONLY) {
338 *msgb_push(msg, 1) = n201;
339 *msgb_push(msg, 1) = link_id;
340 *msgb_push(msg, 1) = chan_nr;
341 msgb_enqueue(&dl->tx_queue, msg);
342 return -EBUSY;
343 }
344
345 osmo_prim_init(&pp.oph, SAP_GSM_PH, PRIM_PH_DATA,
346 PRIM_OP_REQUEST, msg);
347 pp.u.data.chan_nr = chan_nr;
348 pp.u.data.link_id = link_id;
349
350 /* send the frame now */
351 le->tx_pending = 0; /* disabled flow control */
352 lapdm_pad_msgb(msg, n201);
353
354 return le->l1_prim_cb(&pp.oph, le->l1_ctx);
355}
356
357static struct msgb *tx_dequeue_msgb(struct lapdm_entity *le)
358{
359 struct lapdm_datalink *dl;
360 int last = le->last_tx_dequeue;
361 int i = last, n = ARRAY_SIZE(le->datalink);
362 struct msgb *msg = NULL;
363
364 /* round-robin dequeue */
365 do {
366 /* next */
367 i = (i + 1) % n;
368 dl = &le->datalink[i];
369 if ((msg = msgb_dequeue(&dl->tx_queue)))
370 break;
371 } while (i != last);
372
373 if (msg) {
374 /* Set last dequeue position */
375 le->last_tx_dequeue = i;
376 }
377
378 return msg;
379}
380
Harald Welte6bdf0b12011-08-17 18:22:08 +0200[diff] [blame]381/*! \brief dequeue a msg that's pending transmission via L1 and wrap it into
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]382 * a osmo_phsap_prim */
383int lapdm_phsap_dequeue_prim(struct lapdm_entity *le, struct osmo_phsap_prim *pp)
384{
385 struct msgb *msg;
386 uint8_t n201;
387
388 msg = tx_dequeue_msgb(le);
389 if (!msg)
390 return -ENODEV;
391
392 /* if we have a message, send PH-DATA.req */
393 osmo_prim_init(&pp->oph, SAP_GSM_PH, PRIM_PH_DATA,
394 PRIM_OP_REQUEST, msg);
395
396 /* Pull chan_nr and link_id */
397 pp->u.data.chan_nr = *msg->data;
398 msgb_pull(msg, 1);
399 pp->u.data.link_id = *msg->data;
400 msgb_pull(msg, 1);
401 n201 = *msg->data;
402 msgb_pull(msg, 1);
403
404 /* Pad the frame, we can transmit now */
405 lapdm_pad_msgb(msg, n201);
406
407 return 0;
408}
409
410/* get next frame from the tx queue. because the ms has multiple datalinks,
411 * each datalink's queue is read round-robin.
412 */
413static int l2_ph_data_conf(struct msgb *msg, struct lapdm_entity *le)
414{
415 struct osmo_phsap_prim pp;
416
417 /* we may send again */
418 le->tx_pending = 0;
419
420 /* free confirm message */
421 if (msg)
422 msgb_free(msg);
423
424 if (lapdm_phsap_dequeue_prim(le, &pp) < 0) {
425 /* no message in all queues */
426
427 /* If user didn't request PH-EMPTY_FRAME.req, abort */
428 if (!(le->flags & LAPDM_ENT_F_EMPTY_FRAME))
429 return 0;
430
431 /* otherwise, send PH-EMPTY_FRAME.req */
432 osmo_prim_init(&pp.oph, SAP_GSM_PH,
433 PRIM_PH_EMPTY_FRAME,
434 PRIM_OP_REQUEST, NULL);
435 } else {
436 le->tx_pending = 1;
437 }
438
439 return le->l1_prim_cb(&pp.oph, le->l1_ctx);
440}
441
442/* Create RSLms various RSLms messages */
443static int send_rslms_rll_l3(uint8_t msg_type, struct lapdm_msg_ctx *mctx,
444 struct msgb *msg)
445{
446 /* Add the RSL + RLL header */
447 rsl_rll_push_l3(msg, msg_type, mctx->chan_nr, mctx->link_id, 1);
448
449 /* send off the RSLms message to L3 */
450 return rslms_sendmsg(msg, mctx->dl->entity);
451}
452
453/* Take a B4 format message from L1 and create RSLms UNIT DATA IND */
454static int send_rslms_rll_l3_ui(struct lapdm_msg_ctx *mctx, struct msgb *msg)
455{
456 uint8_t l3_len = msg->tail - (uint8_t *)msgb_l3(msg);
457 struct abis_rsl_rll_hdr *rllh;
458
459 /* Add the RSL + RLL header */
460 msgb_tv16_push(msg, RSL_IE_L3_INFO, l3_len);
461 msgb_push(msg, 2 + 2);
462 rsl_rll_push_hdr(msg, RSL_MT_UNIT_DATA_IND, mctx->chan_nr,
463 mctx->link_id, 1);
464 rllh = (struct abis_rsl_rll_hdr *)msgb_l2(msg);
465
466 rllh->data[0] = RSL_IE_TIMING_ADVANCE;
467 rllh->data[1] = mctx->ta_ind;
468
469 rllh->data[2] = RSL_IE_MS_POWER;
470 rllh->data[3] = mctx->tx_power_ind;
471
472 return rslms_sendmsg(msg, mctx->dl->entity);
473}
474
475static int send_rll_simple(uint8_t msg_type, struct lapdm_msg_ctx *mctx)
476{
477 struct msgb *msg;
478
479 msg = rsl_rll_simple(msg_type, mctx->chan_nr, mctx->link_id, 1);
480
481 /* send off the RSLms message to L3 */
482 return rslms_sendmsg(msg, mctx->dl->entity);
483}
484
485static int rsl_rll_error(uint8_t cause, struct lapdm_msg_ctx *mctx)
486{
487 struct msgb *msg;
488
489 LOGP(DLLAPDM, LOGL_NOTICE, "sending MDL-ERROR-IND %d\n", cause);
490 msg = rsl_rll_simple(RSL_MT_ERROR_IND, mctx->chan_nr, mctx->link_id, 1);
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]491 msgb_tlv_put(msg, RSL_IE_RLM_CAUSE, 1, &cause);
492 return rslms_sendmsg(msg, mctx->dl->entity);
493}
494
495static int check_length_ind(struct lapdm_msg_ctx *mctx, uint8_t length_ind)
496{
497 if (!(length_ind & 0x01)) {
498 /* G.4.1 If the EL bit is set to "0", an MDL-ERROR-INDICATION
499 * primitive with cause "frame not implemented" is sent to the
500 * mobile management entity. */
501 LOGP(DLLAPDM, LOGL_NOTICE,
502 "we don't support multi-octet length\n");
503 rsl_rll_error(RLL_CAUSE_FRM_UNIMPL, mctx);
504 return -EINVAL;
505 }
506 return 0;
507}
508
509static int lapdm_send_resend(struct lapdm_datalink *dl)
510{
511 struct msgb *msg = msgb_alloc_headroom(23+10, 10, "LAPDm resend");
512 int length;
513
514 /* Resend SABM/DISC from tx_hist */
515 length = dl->tx_length[0];
516 msg->l2h = msgb_put(msg, length);
517 memcpy(msg->l2h, dl->tx_hist[dl->V_send], length);
518
519 return tx_ph_data_enqueue(dl, msg, dl->mctx.chan_nr, dl->mctx.link_id,
520 dl->mctx.n201);
521}
522
523static int lapdm_send_ua(struct lapdm_msg_ctx *mctx, uint8_t len, uint8_t *data)
524{
525 uint8_t sapi = mctx->link_id & 7;
526 uint8_t f_bit = LAPDm_CTRL_PF_BIT(mctx->ctrl);
527 struct msgb *msg = msgb_alloc_headroom(23+10, 10, "LAPDm UA");
528 struct lapdm_entity *le = mctx->dl->entity;
529
530 msg->l2h = msgb_put(msg, 3 + len);
531 msg->l2h[0] = LAPDm_ADDR(LAPDm_LPD_NORMAL, sapi, le->cr.loc2rem.resp);
532 msg->l2h[1] = LAPDm_CTRL_U(LAPDm_U_UA, f_bit);
533 msg->l2h[2] = LAPDm_LEN(len);
534 if (len)
535 memcpy(msg->l2h + 3, data, len);
536
537 return tx_ph_data_enqueue(mctx->dl, msg, mctx->chan_nr, mctx->link_id,
538 mctx->n201);
539}
540
541static int lapdm_send_dm(struct lapdm_msg_ctx *mctx)
542{
543 uint8_t sapi = mctx->link_id & 7;
544 uint8_t f_bit = LAPDm_CTRL_PF_BIT(mctx->ctrl);
545 struct msgb *msg = msgb_alloc_headroom(23+10, 10, "LAPDm DM");
546 struct lapdm_entity *le = mctx->dl->entity;
547
548 msg->l2h = msgb_put(msg, 3);
549 msg->l2h[0] = LAPDm_ADDR(LAPDm_LPD_NORMAL, sapi, le->cr.loc2rem.resp);
550 msg->l2h[1] = LAPDm_CTRL_U(LAPDm_U_DM, f_bit);
551 msg->l2h[2] = 0;
552
553 return tx_ph_data_enqueue(mctx->dl, msg, mctx->chan_nr, mctx->link_id,
554 mctx->n201);
555}
556
557static int lapdm_send_rr(struct lapdm_msg_ctx *mctx, uint8_t f_bit)
558{
559 uint8_t sapi = mctx->link_id & 7;
560 struct msgb *msg = msgb_alloc_headroom(23+10, 10, "LAPDm RR");
561 struct lapdm_entity *le = mctx->dl->entity;
562
563 msg->l2h = msgb_put(msg, 3);
564 msg->l2h[0] = LAPDm_ADDR(LAPDm_LPD_NORMAL, sapi, le->cr.loc2rem.resp);
565 msg->l2h[1] = LAPDm_CTRL_S(mctx->dl->V_recv, LAPDm_S_RR, f_bit);
566 msg->l2h[2] = LAPDm_LEN(0);
567
568 return tx_ph_data_enqueue(mctx->dl, msg, mctx->chan_nr, mctx->link_id,
569 mctx->n201);
570}
571
572static int lapdm_send_rnr(struct lapdm_msg_ctx *mctx, uint8_t f_bit)
573{
574 uint8_t sapi = mctx->link_id & 7;
575 struct msgb *msg = msgb_alloc_headroom(23+10, 10, "LAPDm RNR");
576 struct lapdm_entity *le = mctx->dl->entity;
577
578 msg->l2h = msgb_put(msg, 3);
579 msg->l2h[0] = LAPDm_ADDR(LAPDm_LPD_NORMAL, sapi, le->cr.loc2rem.resp);
580 msg->l2h[1] = LAPDm_CTRL_S(mctx->dl->V_recv, LAPDm_S_RNR, f_bit);
581 msg->l2h[2] = LAPDm_LEN(0);
582
583 return tx_ph_data_enqueue(mctx->dl, msg, mctx->chan_nr, mctx->link_id,
584 mctx->n201);
585}
586
587static int lapdm_send_rej(struct lapdm_msg_ctx *mctx, uint8_t f_bit)
588{
589 uint8_t sapi = mctx->link_id & 7;
590 struct msgb *msg = msgb_alloc_headroom(23+10, 10, "LAPDm REJ");
591 struct lapdm_entity *le = mctx->dl->entity;
592
593 msg->l2h = msgb_put(msg, 3);
594 msg->l2h[0] = LAPDm_ADDR(LAPDm_LPD_NORMAL, sapi, le->cr.loc2rem.resp);
595 msg->l2h[1] = LAPDm_CTRL_S(mctx->dl->V_recv, LAPDm_S_REJ, f_bit);
596 msg->l2h[2] = LAPDm_LEN(0);
597
598 return tx_ph_data_enqueue(mctx->dl, msg, mctx->chan_nr, mctx->link_id,
599 mctx->n201);
600}
601
602/* Timer callback on T200 expiry */
603static void lapdm_t200_cb(void *data)
604{
605 struct lapdm_datalink *dl = data;
606
607 LOGP(DLLAPDM, LOGL_INFO, "lapdm_t200_cb(%p) state=%u\n", dl, dl->state);
608
609 switch (dl->state) {
610 case LAPDm_STATE_SABM_SENT:
611 /* 5.4.1.3 */
612 if (dl->retrans_ctr + 1 >= N200_EST_REL + 1) {
613 /* send RELEASE INDICATION to L3 */
614 send_rll_simple(RSL_MT_REL_IND, &dl->mctx);
615 /* send MDL ERROR INIDCATION to L3 */
616 rsl_rll_error(RLL_CAUSE_T200_EXPIRED, &dl->mctx);
617 /* flush tx buffers */
618 lapdm_dl_flush_tx(dl);
Harald Welte8264e092011-06-29 19:22:47 +0200[diff] [blame]619 lapdm_dl_flush_send(dl);
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]620 /* go back to idle state */
621 lapdm_dl_newstate(dl, LAPDm_STATE_IDLE);
622 /* NOTE: we must not change any other states or buffers
623 * and queues, since we may reconnect after handover
624 * failure. the buffered messages is replaced there */
625 break;
626 }
627 /* retransmit SABM command */
628 lapdm_send_resend(dl);
629 /* increment re-transmission counter */
630 dl->retrans_ctr++;
631 /* restart T200 (PH-READY-TO-SEND) */
632 osmo_timer_schedule(&dl->t200, T200);
633 break;
634 case LAPDm_STATE_DISC_SENT:
635 /* 5.4.4.3 */
636 if (dl->retrans_ctr + 1 >= N200_EST_REL + 1) {
637 /* send RELEASE INDICATION to L3 */
638 send_rll_simple(RSL_MT_REL_CONF, &dl->mctx);
639 /* send MDL ERROR INIDCATION to L3 */
640 rsl_rll_error(RLL_CAUSE_T200_EXPIRED, &dl->mctx);
641 /* flush buffers */
642 lapdm_dl_flush_tx(dl);
643 lapdm_dl_flush_send(dl);
644 /* go back to idle state */
645 lapdm_dl_newstate(dl, LAPDm_STATE_IDLE);
646 /* NOTE: we must not change any other states or buffers
647 * and queues, since we may reconnect after handover
648 * failure. the buffered messages is replaced there */
649 break;
650 }
651 /* retransmit DISC command */
652 lapdm_send_resend(dl);
653 /* increment re-transmission counter */
654 dl->retrans_ctr++;
655 /* restart T200 (PH-READY-TO-SEND) */
656 osmo_timer_schedule(&dl->t200, T200);
657 break;
658 case LAPDm_STATE_MF_EST:
659 /* 5.5.7 */
660 dl->retrans_ctr = 0;
661 lapdm_dl_newstate(dl, LAPDm_STATE_TIMER_RECOV);
662 /* fall through */
663 case LAPDm_STATE_TIMER_RECOV:
664 dl->retrans_ctr++;
665 if (dl->retrans_ctr < N200) {
666 /* retransmit I frame (V_s-1) with P=1, if any */
667 if (dl->tx_length[sub_mod8(dl->V_send, 1)]) {
668 struct msgb *msg;
669 int length;
670
671 LOGP(DLLAPDM, LOGL_INFO, "retransmit last frame "
672 "V(S)=%d\n", sub_mod8(dl->V_send, 1));
673 /* Create I frame (segment) from tx_hist */
674 length = dl->tx_length[sub_mod8(dl->V_send, 1)];
675 msg = msgb_alloc_headroom(23+10, 10, "LAPDm I");
676 msg->l2h = msgb_put(msg, length);
677 memcpy(msg->l2h,
678 dl->tx_hist[sub_mod8(dl->V_send, 1)],
679 length);
680 msg->l2h[1] = LAPDm_CTRL_I(dl->V_recv,
681 sub_mod8(dl->V_send, 1), 1); /* P=1 */
682 tx_ph_data_enqueue(dl, msg, dl->mctx.chan_nr,
683 dl->mctx.link_id, dl->mctx.n201);
684 } else {
685 /* OR send appropriate supervision frame with P=1 */
686 if (!dl->own_busy && !dl->seq_err_cond) {
687 lapdm_send_rr(&dl->mctx, 1);
688 /* NOTE: In case of sequence error
689 * condition, the REJ frame has been
690 * transmitted when entering the
691 * condition, so it has not be done
692 * here
693 */
694 } else if (dl->own_busy) {
695 lapdm_send_rnr(&dl->mctx, 1);
696 } else {
697 LOGP(DLLAPDM, LOGL_INFO, "unhandled, "
698 "pls. fix\n");
699 }
700 }
701 /* restart T200 (PH-READY-TO-SEND) */
702 osmo_timer_schedule(&dl->t200, T200);
703 } else {
704 /* send MDL ERROR INIDCATION to L3 */
705 rsl_rll_error(RLL_CAUSE_T200_EXPIRED, &dl->mctx);
706 }
707 break;
708 default:
709 LOGP(DLLAPDM, LOGL_INFO, "T200 expired in unexpected "
710 "dl->state %u\n", dl->state);
711 }
712}
713
714/* 5.5.3.1: Common function to acknowlege frames up to the given N(R) value */
715static void lapdm_acknowledge(struct lapdm_msg_ctx *mctx)
716{
717 struct lapdm_datalink *dl = mctx->dl;
718 uint8_t nr = LAPDm_CTRL_Nr(mctx->ctrl);
719 int s = 0, rej = 0, t200_reset = 0;
720 int i;
721
722 /* supervisory frame ? */
723 if (LAPDm_CTRL_is_S(mctx->ctrl))
724 s = 1;
725 /* REJ frame ? */
726 if (s && LAPDm_CTRL_S_BITS(mctx->ctrl) == LAPDm_S_REJ)
727 rej = 1;
728
729 /* Flush all transmit buffers of acknowledged frames */
730 for (i = dl->V_ack; i != nr; i = inc_mod8(i)) {
731 if (dl->tx_length[i]) {
732 dl->tx_length[i] = 0;
733 LOGP(DLLAPDM, LOGL_INFO, "ack frame %d\n", i);
734 }
735 }
736
737 if (dl->state != LAPDm_STATE_TIMER_RECOV) {
738 /* When not in the timer recovery condition, the data
739 * link layer entity shall reset the timer T200 on
740 * receipt of a valid I frame with N(R) higher than V(A),
741 * or an REJ with an N(R) equal to V(A). */
742 if ((!rej && nr != dl->V_ack)
743 || (rej && nr == dl->V_ack)) {
744 LOGP(DLLAPDM, LOGL_INFO, "reset t200\n");
745 t200_reset = 1;
746 osmo_timer_del(&dl->t200);
747 /* 5.5.3.1 Note 1 + 2 imply timer recovery cond. */
748 }
749 /* 5.7.4: N(R) sequence error
750 * N(R) is called valid, if and only if
751 * (N(R)-V(A)) mod 8 <= (V(S)-V(A)) mod 8.
752 */
753 if (sub_mod8(nr, dl->V_ack) > sub_mod8(dl->V_send, dl->V_ack)) {
754 LOGP(DLLAPDM, LOGL_NOTICE, "N(R) sequence error\n");
755 rsl_rll_error(RLL_CAUSE_SEQ_ERR, mctx);
756 }
757 }
758
759 /* V(A) shall be set to the value of N(R) */
760 dl->V_ack = nr;
761
762 /* If T200 has been reset by the receipt of an I, RR or RNR frame,
763 * and if there are outstanding I frames, restart T200 */
764 if (t200_reset && !rej) {
765 if (dl->tx_length[dl->V_send - 1]) {
766 LOGP(DLLAPDM, LOGL_INFO, "start T200, due to unacked I "
767 "frame(s)\n");
768 osmo_timer_schedule(&dl->t200, T200);
769 }
770 }
771}
772
773/* L1 -> L2 */
774
775/* Receive a LAPDm U (Unnumbered) message from L1 */
776static int lapdm_rx_u(struct msgb *msg, struct lapdm_msg_ctx *mctx)
777{
778 struct lapdm_datalink *dl = mctx->dl;
779 struct lapdm_entity *le = dl->entity;
780 uint8_t length;
781 int rc;
782 int rsl_msg;
783
784 switch (LAPDm_CTRL_U_BITS(mctx->ctrl)) {
785 case LAPDm_U_SABM:
786 rsl_msg = RSL_MT_EST_IND;
787
788 LOGP(DLLAPDM, LOGL_INFO, "SABM received\n");
789 /* 5.7.1 */
790 dl->seq_err_cond = 0;
791 /* G.2.2 Wrong value of the C/R bit */
792 if (LAPDm_ADDR_CR(mctx->addr) == le->cr.rem2loc.resp) {
793 LOGP(DLLAPDM, LOGL_NOTICE, "SABM response error\n");
794 msgb_free(msg);
795 rsl_rll_error(RLL_CAUSE_FRM_UNIMPL, mctx);
796 return -EINVAL;
797 }
798
799 length = msg->l2h[2] >> 2;
800 /* G.4.5 If SABM is received with L>N201 or with M bit
801 * set, AN MDL-ERROR-INDICATION is sent to MM.
802 */
803 if ((msg->l2h[2] & LAPDm_MORE) || length + 3 > mctx->n201) {
804 LOGP(DLLAPDM, LOGL_NOTICE, "SABM too large error\n");
805 msgb_free(msg);
806 rsl_rll_error(RLL_CAUSE_UFRM_INC_PARAM, mctx);
807 return -EIO;
808 }
809
810 /* Must be Format B */
811 rc = check_length_ind(mctx, msg->l2h[2]);
812 if (rc < 0) {
813 msgb_free(msg);
814 return rc;
815 }
816 switch (dl->state) {
817 case LAPDm_STATE_IDLE:
818 /* Set chan_nr and link_id for established connection */
819 memset(&dl->mctx, 0, sizeof(dl->mctx));
820 dl->mctx.dl = dl;
821 dl->mctx.chan_nr = mctx->chan_nr;
822 dl->mctx.link_id = mctx->link_id;
823 dl->mctx.n201 = mctx->n201;
824 break;
825 case LAPDm_STATE_MF_EST:
826 if (length == 0) {
827 rsl_msg = RSL_MT_EST_CONF;
828 break;
829 }
830 LOGP(DLLAPDM, LOGL_INFO, "SABM command, multiple "
831 "frame established state\n");
832 /* check for contention resoultion */
833 if (dl->tx_hist[0][2] >> 2) {
834 LOGP(DLLAPDM, LOGL_NOTICE, "SABM not allowed "
835 "during contention resolution\n");
836 rsl_rll_error(RLL_CAUSE_SABM_INFO_NOTALL, mctx);
837 }
838 msgb_free(msg);
839 return 0;
840 case LAPDm_STATE_DISC_SENT:
841 /* 5.4.6.2 send DM with F=P */
842 lapdm_send_dm(mctx);
843 /* reset Timer T200 */
844 osmo_timer_del(&dl->t200);
845 msgb_free(msg);
846 return send_rll_simple(RSL_MT_REL_CONF, mctx);
847 default:
848 lapdm_send_ua(mctx, length, msg->l2h + 3);
849 msgb_free(msg);
850 return 0;
851 }
852 /* send UA response */
853 lapdm_send_ua(mctx, length, msg->l2h + 3);
854 /* set Vs, Vr and Va to 0 */
855 dl->V_send = dl->V_recv = dl->V_ack = 0;
856 /* clear tx_hist */
857 dl->tx_length[0] = 0;
858 /* enter multiple-frame-established state */
859 lapdm_dl_newstate(dl, LAPDm_STATE_MF_EST);
860 /* send notification to L3 */
861 if (length == 0) {
862 /* 5.4.1.2 Normal establishment procedures */
863 rc = send_rll_simple(rsl_msg, mctx);
864 msgb_free(msg);
865 } else {
866 /* 5.4.1.4 Contention resolution establishment */
867 msg->l3h = msg->l2h + 3;
868 msgb_pull_l2h(msg);
869 rc = send_rslms_rll_l3(rsl_msg, mctx, msg);
870 }
871 break;
872 case LAPDm_U_DM:
873 LOGP(DLLAPDM, LOGL_INFO, "DM received\n");
874 /* G.2.2 Wrong value of the C/R bit */
875 if (LAPDm_ADDR_CR(mctx->addr) == le->cr.rem2loc.cmd) {
876 LOGP(DLLAPDM, LOGL_NOTICE, "DM command error\n");
877 msgb_free(msg);
878 rsl_rll_error(RLL_CAUSE_FRM_UNIMPL, mctx);
879 return -EINVAL;
880 }
881 if (!LAPDm_CTRL_PF_BIT(mctx->ctrl)) {
882 /* 5.4.1.2 DM responses with the F bit set to "0"
883 * shall be ignored.
884 */
885 msgb_free(msg);
886 return 0;
887 }
888 switch (dl->state) {
889 case LAPDm_STATE_SABM_SENT:
890 break;
891 case LAPDm_STATE_MF_EST:
892 if (LAPDm_CTRL_PF_BIT(mctx->ctrl) == 1) {
893 LOGP(DLLAPDM, LOGL_INFO, "unsolicited DM "
894 "response\n");
895 rsl_rll_error(RLL_CAUSE_UNSOL_DM_RESP, mctx);
896 } else {
897 LOGP(DLLAPDM, LOGL_INFO, "unsolicited DM "
898 "response, multiple frame established "
899 "state\n");
900 rsl_rll_error(RLL_CAUSE_UNSOL_DM_RESP_MF, mctx);
901 }
902 msgb_free(msg);
903 return 0;
904 case LAPDm_STATE_TIMER_RECOV:
905 /* DM is normal in case PF = 1 */
906 if (LAPDm_CTRL_PF_BIT(mctx->ctrl) == 0) {
907 LOGP(DLLAPDM, LOGL_INFO, "unsolicited DM "
908 "response, multiple frame established "
909 "state\n");
910 rsl_rll_error(RLL_CAUSE_UNSOL_DM_RESP_MF, mctx);
911 msgb_free(msg);
912 return 0;
913 }
914 break;
915 case LAPDm_STATE_DISC_SENT:
916 /* reset Timer T200 */
917 osmo_timer_del(&dl->t200);
918 /* go to idle state */
Harald Welte8264e092011-06-29 19:22:47 +0200[diff] [blame]919 lapdm_dl_flush_tx(dl);
920 lapdm_dl_flush_send(dl);
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]921 lapdm_dl_newstate(dl, LAPDm_STATE_IDLE);
922 rc = send_rll_simple(RSL_MT_REL_CONF, mctx);
923 msgb_free(msg);
924 return 0;
925 case LAPDm_STATE_IDLE:
926 /* 5.4.5 all other frame types shall be discarded */
927 default:
928 LOGP(DLLAPDM, LOGL_INFO, "unsolicited DM response! "
929 "(discarding)\n");
930 msgb_free(msg);
931 return 0;
932 }
933 /* reset T200 */
934 osmo_timer_del(&dl->t200);
935 rc = send_rll_simple(RSL_MT_REL_IND, mctx);
936 msgb_free(msg);
937 break;
938 case LAPDm_U_UI:
939 LOGP(DLLAPDM, LOGL_INFO, "UI received\n");
940 /* G.2.2 Wrong value of the C/R bit */
941 if (LAPDm_ADDR_CR(mctx->addr) == le->cr.rem2loc.resp) {
942 LOGP(DLLAPDM, LOGL_NOTICE, "UI indicates response "
943 "error\n");
944 msgb_free(msg);
945 rsl_rll_error(RLL_CAUSE_FRM_UNIMPL, mctx);
946 return -EINVAL;
947 }
948
949 length = msg->l2h[2] >> 2;
950 /* FIXME: G.4.5 If UI is received with L>N201 or with M bit
951 * set, AN MDL-ERROR-INDICATION is sent to MM.
952 */
953
954 if (mctx->lapdm_fmt == LAPDm_FMT_B4) {
955 length = N201_B4;
956 msg->l3h = msg->l2h + 2;
957 } else {
958 rc = check_length_ind(mctx, msg->l2h[2]);
959 if (rc < 0) {
960 msgb_free(msg);
961 return rc;
962 }
963 length = msg->l2h[2] >> 2;
964 msg->l3h = msg->l2h + 3;
965 }
966 /* do some length checks */
967 if (length == 0) {
968 /* 5.3.3 UI frames received with the length indicator
969 * set to "0" shall be ignored
970 */
971 LOGP(DLLAPDM, LOGL_INFO, "length=0 (discarding)\n");
972 msgb_free(msg);
973 return 0;
974 }
975 switch (LAPDm_ADDR_SAPI(mctx->addr)) {
976 case LAPDm_SAPI_NORMAL:
977 case LAPDm_SAPI_SMS:
978 break;
979 default:
980 /* 5.3.3 UI frames with invalid SAPI values shall be
981 * discarded
982 */
983 LOGP(DLLAPDM, LOGL_INFO, "sapi=%u (discarding)\n",
984 LAPDm_ADDR_SAPI(mctx->addr));
985 msgb_free(msg);
986 return 0;
987 }
988 msgb_pull_l2h(msg);
989 rc = send_rslms_rll_l3_ui(mctx, msg);
990 break;
991 case LAPDm_U_DISC:
992 rsl_msg = RSL_MT_REL_IND;
993
994 LOGP(DLLAPDM, LOGL_INFO, "DISC received\n");
995 /* flush buffers */
996 lapdm_dl_flush_tx(dl);
997 lapdm_dl_flush_send(dl);
998 /* 5.7.1 */
999 dl->seq_err_cond = 0;
1000 /* G.2.2 Wrong value of the C/R bit */
1001 if (LAPDm_ADDR_CR(mctx->addr) == le->cr.rem2loc.resp) {
1002 LOGP(DLLAPDM, LOGL_NOTICE, "DISC response error\n");
1003 msgb_free(msg);
1004 rsl_rll_error(RLL_CAUSE_FRM_UNIMPL, mctx);
1005 return -EINVAL;
1006 }
1007 length = msg->l2h[2] >> 2;
1008 if (length > 0 || msg->l2h[2] & 0x02) {
1009 /* G.4.4 If a DISC or DM frame is received with L>0 or
1010 * with the M bit set to "1", an MDL-ERROR-INDICATION
1011 * primitive with cause "U frame with incorrect
1012 * parameters" is sent to the mobile management entity.
1013 */
1014 LOGP(DLLAPDM, LOGL_NOTICE,
1015 "U frame iwth incorrect parameters ");
1016 msgb_free(msg);
1017 rsl_rll_error(RLL_CAUSE_UFRM_INC_PARAM, mctx);
1018 return -EIO;
1019 }
1020 switch (dl->state) {
1021 case LAPDm_STATE_IDLE:
1022 LOGP(DLLAPDM, LOGL_INFO, "DISC in idle state\n");
1023 /* send DM with F=P */
1024 msgb_free(msg);
1025 return lapdm_send_dm(mctx);
1026 case LAPDm_STATE_SABM_SENT:
1027 LOGP(DLLAPDM, LOGL_INFO, "DISC in SABM state\n");
1028 /* 5.4.6.2 send DM with F=P */
1029 lapdm_send_dm(mctx);
1030 /* reset Timer T200 */
1031 osmo_timer_del(&dl->t200);
1032 msgb_free(msg);
1033 return send_rll_simple(RSL_MT_REL_IND, mctx);
1034 case LAPDm_STATE_MF_EST:
1035 case LAPDm_STATE_TIMER_RECOV:
1036 LOGP(DLLAPDM, LOGL_INFO, "DISC in est state\n");
1037 break;
1038 case LAPDm_STATE_DISC_SENT:
1039 LOGP(DLLAPDM, LOGL_INFO, "DISC in disc state\n");
1040 rsl_msg = RSL_MT_REL_CONF;
1041 break;
1042 default:
1043 lapdm_send_ua(mctx, length, msg->l2h + 3);
1044 msgb_free(msg);
1045 return 0;
1046 }
1047 /* send UA response */
1048 lapdm_send_ua(mctx, length, msg->l2h + 3);
1049 /* reset Timer T200 */
1050 osmo_timer_del(&dl->t200);
1051 /* enter idle state */
Harald Welte8264e092011-06-29 19:22:47 +0200[diff] [blame]1052 lapdm_dl_flush_tx(dl);
1053 lapdm_dl_flush_send(dl);
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]1054 lapdm_dl_newstate(dl, LAPDm_STATE_IDLE);
1055 /* send notification to L3 */
1056 rc = send_rll_simple(rsl_msg, mctx);
1057 msgb_free(msg);
1058 break;
1059 case LAPDm_U_UA:
1060 LOGP(DLLAPDM, LOGL_INFO, "UA received\n");
1061 /* G.2.2 Wrong value of the C/R bit */
1062 if (LAPDm_ADDR_CR(mctx->addr) == le->cr.rem2loc.cmd) {
1063 LOGP(DLLAPDM, LOGL_NOTICE, "UA indicates command "
1064 "error\n");
1065 msgb_free(msg);
1066 rsl_rll_error(RLL_CAUSE_FRM_UNIMPL, mctx);
1067 return -EINVAL;
1068 }
1069
1070 length = msg->l2h[2] >> 2;
1071 /* G.4.5 If UA is received with L>N201 or with M bit
1072 * set, AN MDL-ERROR-INDICATION is sent to MM.
1073 */
1074 if ((msg->l2h[2] & LAPDm_MORE) || length + 3 > mctx->n201) {
1075 LOGP(DLLAPDM, LOGL_NOTICE, "UA too large error\n");
1076 msgb_free(msg);
1077 rsl_rll_error(RLL_CAUSE_UFRM_INC_PARAM, mctx);
1078 return -EIO;
1079 }
1080
1081 if (!LAPDm_CTRL_PF_BIT(mctx->ctrl)) {
1082 /* 5.4.1.2 A UA response with the F bit set to "0"
1083 * shall be ignored.
1084 */
1085 LOGP(DLLAPDM, LOGL_INFO, "F=0 (discarding)\n");
1086 msgb_free(msg);
1087 return 0;
1088 }
1089 switch (dl->state) {
1090 case LAPDm_STATE_SABM_SENT:
1091 break;
1092 case LAPDm_STATE_MF_EST:
1093 case LAPDm_STATE_TIMER_RECOV:
1094 LOGP(DLLAPDM, LOGL_INFO, "unsolicited UA response! "
1095 "(discarding)\n");
1096 rsl_rll_error(RLL_CAUSE_UNSOL_UA_RESP, mctx);
1097 msgb_free(msg);
1098 return 0;
1099 case LAPDm_STATE_DISC_SENT:
1100 LOGP(DLLAPDM, LOGL_INFO, "UA in disconnect state\n");
1101 /* reset Timer T200 */
1102 osmo_timer_del(&dl->t200);
1103 /* go to idle state */
Harald Welte8264e092011-06-29 19:22:47 +0200[diff] [blame]1104 lapdm_dl_flush_tx(dl);
1105 lapdm_dl_flush_send(dl);
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]1106 lapdm_dl_newstate(dl, LAPDm_STATE_IDLE);
1107 rc = send_rll_simple(RSL_MT_REL_CONF, mctx);
1108 msgb_free(msg);
1109 return 0;
1110 case LAPDm_STATE_IDLE:
1111 /* 5.4.5 all other frame types shall be discarded */
1112 default:
1113 LOGP(DLLAPDM, LOGL_INFO, "unsolicited UA response! "
1114 "(discarding)\n");
1115 msgb_free(msg);
1116 return 0;
1117 }
1118 LOGP(DLLAPDM, LOGL_INFO, "UA in SABM state\n");
1119 /* reset Timer T200 */
1120 osmo_timer_del(&dl->t200);
1121 /* compare UA with SABME if contention resolution is applied */
1122 if (dl->tx_hist[0][2] >> 2) {
1123 rc = check_length_ind(mctx, msg->l2h[2]);
1124 if (rc < 0) {
1125 rc = send_rll_simple(RSL_MT_REL_IND, mctx);
1126 msgb_free(msg);
1127 /* go to idle state */
Harald Welte8264e092011-06-29 19:22:47 +0200[diff] [blame]1128 lapdm_dl_flush_tx(dl);
1129 lapdm_dl_flush_send(dl);
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]1130 lapdm_dl_newstate(dl, LAPDm_STATE_IDLE);
1131 return 0;
1132 }
1133 length = msg->l2h[2] >> 2;
1134 if (length != (dl->tx_hist[0][2] >> 2)
1135 || !!memcmp(dl->tx_hist[0] + 3, msg->l2h + 3,
1136 length)) {
1137 LOGP(DLLAPDM, LOGL_INFO, "**** UA response "
1138 "mismatches ****\n");
1139 rc = send_rll_simple(RSL_MT_REL_IND, mctx);
1140 msgb_free(msg);
1141 /* go to idle state */
Harald Welte8264e092011-06-29 19:22:47 +0200[diff] [blame]1142 lapdm_dl_flush_tx(dl);
1143 lapdm_dl_flush_send(dl);
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]1144 lapdm_dl_newstate(dl, LAPDm_STATE_IDLE);
1145 return 0;
1146 }
1147 }
1148 /* set Vs, Vr and Va to 0 */
1149 dl->V_send = dl->V_recv = dl->V_ack = 0;
1150 /* clear tx_hist */
1151 dl->tx_length[0] = 0;
1152 /* enter multiple-frame-established state */
1153 lapdm_dl_newstate(dl, LAPDm_STATE_MF_EST);
1154 /* send outstanding frames, if any (resume / reconnect) */
1155 rslms_send_i(mctx, __LINE__);
1156 /* send notification to L3 */
1157 rc = send_rll_simple(RSL_MT_EST_CONF, mctx);
1158 msgb_free(msg);
1159 break;
1160 default:
1161 /* G.3.1 */
1162 LOGP(DLLAPDM, LOGL_NOTICE, "Unnumbered frame not allowed.\n");
1163 msgb_free(msg);
1164 rsl_rll_error(RLL_CAUSE_FRM_UNIMPL, mctx);
1165 return -EINVAL;
1166 }
1167 return rc;
1168}
1169
1170/* Receive a LAPDm S (Supervisory) message from L1 */
1171static int lapdm_rx_s(struct msgb *msg, struct lapdm_msg_ctx *mctx)
1172{
1173 struct lapdm_datalink *dl = mctx->dl;
1174 struct lapdm_entity *le = dl->entity;
1175 uint8_t length;
1176
1177 length = msg->l2h[2] >> 2;
1178 if (length > 0 || msg->l2h[2] & 0x02) {
1179 /* G.4.3 If a supervisory frame is received with L>0 or
1180 * with the M bit set to "1", an MDL-ERROR-INDICATION
1181 * primitive with cause "S frame with incorrect
1182 * parameters" is sent to the mobile management entity. */
1183 LOGP(DLLAPDM, LOGL_NOTICE,
1184 "S frame with incorrect parameters\n");
1185 msgb_free(msg);
1186 rsl_rll_error(RLL_CAUSE_SFRM_INC_PARAM, mctx);
1187 return -EIO;
1188 }
1189
1190 if (LAPDm_ADDR_CR(mctx->addr) == le->cr.rem2loc.resp
1191 && LAPDm_CTRL_PF_BIT(mctx->ctrl)
1192 && dl->state != LAPDm_STATE_TIMER_RECOV) {
1193 /* 5.4.2.2: Inidcate error on supervisory reponse F=1 */
1194 LOGP(DLLAPDM, LOGL_NOTICE, "S frame response with F=1 error\n");
1195 rsl_rll_error(RLL_CAUSE_UNSOL_SPRV_RESP, mctx);
1196 }
1197
1198 switch (dl->state) {
1199 case LAPDm_STATE_IDLE:
1200 /* if P=1, respond DM with F=1 (5.2.2) */
1201 /* 5.4.5 all other frame types shall be discarded */
1202 if (LAPDm_CTRL_PF_BIT(mctx->ctrl))
1203 lapdm_send_dm(mctx); /* F=P */
1204 /* fall though */
1205 case LAPDm_STATE_SABM_SENT:
1206 case LAPDm_STATE_DISC_SENT:
1207 LOGP(DLLAPDM, LOGL_NOTICE, "S frame ignored in this state\n");
1208 msgb_free(msg);
1209 return 0;
1210 }
1211 switch (LAPDm_CTRL_S_BITS(mctx->ctrl)) {
1212 case LAPDm_S_RR:
1213 LOGP(DLLAPDM, LOGL_INFO, "RR received\n");
1214 /* 5.5.3.1: Acknowlege all tx frames up the the N(R)-1 */
1215 lapdm_acknowledge(mctx);
1216
1217 /* 5.5.3.2 */
1218 if (LAPDm_ADDR_CR(mctx->addr) == le->cr.rem2loc.cmd
1219 && LAPDm_CTRL_PF_BIT(mctx->ctrl)) {
1220 if (!dl->own_busy && !dl->seq_err_cond) {
1221 LOGP(DLLAPDM, LOGL_NOTICE, "RR frame command "
1222 "with polling bit set and we are not "
1223 "busy, so we reply with RR frame\n");
1224 lapdm_send_rr(mctx, 1);
1225 /* NOTE: In case of sequence error condition,
1226 * the REJ frame has been transmitted when
1227 * entering the condition, so it has not be
1228 * done here
1229 */
1230 } else if (dl->own_busy) {
1231 LOGP(DLLAPDM, LOGL_NOTICE, "RR frame command "
1232 "with polling bit set and we are busy, "
1233 "so we reply with RR frame\n");
1234 lapdm_send_rnr(mctx, 1);
1235 }
1236 } else if (LAPDm_ADDR_CR(mctx->addr) == le->cr.rem2loc.resp
1237 && LAPDm_CTRL_PF_BIT(mctx->ctrl)
1238 && dl->state == LAPDm_STATE_TIMER_RECOV) {
1239 LOGP(DLLAPDM, LOGL_INFO, "RR response with F==1, "
1240 "and we are in timer recovery state, so "
1241 "we leave that state\n");
1242 /* V(S) to the N(R) in the RR frame */
1243 dl->V_send = LAPDm_CTRL_Nr(mctx->ctrl);
1244 /* reset Timer T200 */
1245 osmo_timer_del(&dl->t200);
1246 /* 5.5.7 Clear timer recovery condition */
1247 lapdm_dl_newstate(dl, LAPDm_STATE_MF_EST);
1248 }
1249 /* Send message, if possible due to acknowledged data */
1250 rslms_send_i(mctx, __LINE__);
1251
1252 break;
1253 case LAPDm_S_RNR:
1254 LOGP(DLLAPDM, LOGL_INFO, "RNR received\n");
1255 /* 5.5.3.1: Acknowlege all tx frames up the the N(R)-1 */
1256 lapdm_acknowledge(mctx);
1257
1258 /* 5.5.5 */
1259 /* Set peer receiver busy condition */
1260 dl->peer_busy = 1;
1261
1262 if (LAPDm_CTRL_PF_BIT(mctx->ctrl)) {
1263 if (LAPDm_ADDR_CR(mctx->addr) == le->cr.rem2loc.cmd) {
1264 if (!dl->own_busy) {
1265 LOGP(DLLAPDM, LOGL_INFO, "RNR poll "
1266 "command and we are not busy, "
1267 "so we reply with RR final "
1268 "response\n");
1269 /* Send RR with F=1 */
1270 lapdm_send_rr(mctx, 1);
1271 } else {
1272 LOGP(DLLAPDM, LOGL_INFO, "RNR poll "
1273 "command and we are busy, so "
1274 "we reply with RNR final "
1275 "response\n");
1276 /* Send RNR with F=1 */
1277 lapdm_send_rnr(mctx, 1);
1278 }
1279 } else if (dl->state == LAPDm_STATE_TIMER_RECOV) {
1280 LOGP(DLLAPDM, LOGL_INFO, "RNR poll response "
1281 "and we in timer recovery state, so "
1282 "we leave that state\n");
1283 /* 5.5.7 Clear timer recovery condition */
1284 lapdm_dl_newstate(dl, LAPDm_STATE_MF_EST);
1285 /* V(S) to the N(R) in the RNR frame */
1286 dl->V_send = LAPDm_CTRL_Nr(mctx->ctrl);
1287 }
1288 } else
1289 LOGP(DLLAPDM, LOGL_INFO, "RNR not polling/final state "
1290 "received\n");
1291
1292 /* Send message, if possible due to acknowledged data */
1293 rslms_send_i(mctx, __LINE__);
1294
1295 break;
1296 case LAPDm_S_REJ:
1297 LOGP(DLLAPDM, LOGL_INFO, "REJ received\n");
1298 /* 5.5.3.1: Acknowlege all tx frames up the the N(R)-1 */
1299 lapdm_acknowledge(mctx);
1300
1301 /* 5.5.4.1 */
1302 if (dl->state != LAPDm_STATE_TIMER_RECOV) {
1303 /* Clear an existing peer receiver busy condition */
1304 dl->peer_busy = 0;
1305 /* V(S) and V(A) to the N(R) in the REJ frame */
1306 dl->V_send = dl->V_ack = LAPDm_CTRL_Nr(mctx->ctrl);
1307 /* reset Timer T200 */
1308 osmo_timer_del(&dl->t200);
1309 /* 5.5.3.2 */
1310 if (LAPDm_ADDR_CR(mctx->addr) == le->cr.rem2loc.cmd
1311 && LAPDm_CTRL_PF_BIT(mctx->ctrl)) {
1312 if (!dl->own_busy && !dl->seq_err_cond) {
1313 LOGP(DLLAPDM, LOGL_INFO, "REJ poll "
1314 "command not in timer recovery "
1315 "state and not in own busy "
1316 "condition received, so we "
1317 "respond with RR final "
1318 "response\n");
1319 lapdm_send_rr(mctx, 1);
1320 /* NOTE: In case of sequence error
1321 * condition, the REJ frame has been
1322 * transmitted when entering the
1323 * condition, so it has not be done
1324 * here
1325 */
1326 } else if (dl->own_busy) {
1327 LOGP(DLLAPDM, LOGL_INFO, "REJ poll "
1328 "command not in timer recovery "
1329 "state and in own busy "
1330 "condition received, so we "
1331 "respond with RNR final "
1332 "response\n");
1333 lapdm_send_rnr(mctx, 1);
1334 }
1335 } else
1336 LOGP(DLLAPDM, LOGL_INFO, "REJ response or not "
1337 "polling command not in timer recovery "
1338 "state received\n");
1339 /* send MDL ERROR INIDCATION to L3 */
1340 if (LAPDm_ADDR_CR(mctx->addr) == le->cr.rem2loc.resp
1341 && LAPDm_CTRL_PF_BIT(mctx->ctrl)) {
1342 rsl_rll_error(RLL_CAUSE_UNSOL_SPRV_RESP, mctx);
1343 }
1344
1345 } else if (LAPDm_ADDR_CR(mctx->addr) == le->cr.rem2loc.resp
1346 && LAPDm_CTRL_PF_BIT(mctx->ctrl)) {
1347 LOGP(DLLAPDM, LOGL_INFO, "REJ poll response in timer "
1348 "recovery state received\n");
1349 /* Clear an existing peer receiver busy condition */
1350 dl->peer_busy = 0;
1351 /* 5.5.7 Clear timer recovery condition */
1352 lapdm_dl_newstate(dl, LAPDm_STATE_MF_EST);
1353 /* V(S) and V(A) to the N(R) in the REJ frame */
1354 dl->V_send = dl->V_ack = LAPDm_CTRL_Nr(mctx->ctrl);
1355 /* reset Timer T200 */
1356 osmo_timer_del(&dl->t200);
1357 } else {
1358 /* Clear an existing peer receiver busy condition */
1359 dl->peer_busy = 0;
1360 /* V(S) and V(A) to the N(R) in the REJ frame */
1361 dl->V_send = dl->V_ack = LAPDm_CTRL_Nr(mctx->ctrl);
1362 /* 5.5.3.2 */
1363 if (LAPDm_ADDR_CR(mctx->addr) == le->cr.rem2loc.cmd
1364 && LAPDm_CTRL_PF_BIT(mctx->ctrl)) {
1365 if (!dl->own_busy && !dl->seq_err_cond) {
1366 LOGP(DLLAPDM, LOGL_INFO, "REJ poll "
1367 "command in timer recovery "
1368 "state and not in own busy "
1369 "condition received, so we "
1370 "respond with RR final "
1371 "response\n");
1372 lapdm_send_rr(mctx, 1);
1373 /* NOTE: In case of sequence error
1374 * condition, the REJ frame has been
1375 * transmitted when entering the
1376 * condition, so it has not be done
1377 * here
1378 */
1379 } else if (dl->own_busy) {
1380 LOGP(DLLAPDM, LOGL_INFO, "REJ poll "
1381 "command in timer recovery "
1382 "state and in own busy "
1383 "condition received, so we "
1384 "respond with RNR final "
1385 "response\n");
1386 lapdm_send_rnr(mctx, 1);
1387 }
1388 } else
1389 LOGP(DLLAPDM, LOGL_INFO, "REJ response or not "
1390 "polling command in timer recovery "
1391 "state received\n");
1392 }
1393
1394 /* FIXME: 5.5.4.2 2) */
1395
1396 /* Send message, if possible due to acknowledged data */
1397 rslms_send_i(mctx, __LINE__);
1398
1399 break;
1400 default:
1401 /* G.3.1 */
1402 LOGP(DLLAPDM, LOGL_NOTICE, "Supervisory frame not allowed.\n");
1403 msgb_free(msg);
1404 rsl_rll_error(RLL_CAUSE_FRM_UNIMPL, mctx);
1405 return -EINVAL;
1406 }
1407 msgb_free(msg);
1408 return 0;
1409}
1410
1411/* Receive a LAPDm I (Information) message from L1 */
1412static int lapdm_rx_i(struct msgb *msg, struct lapdm_msg_ctx *mctx)
1413{
1414 struct lapdm_datalink *dl = mctx->dl;
1415 struct lapdm_entity *le = dl->entity;
1416 //uint8_t nr = LAPDm_CTRL_Nr(mctx->ctrl);
1417 uint8_t ns = LAPDm_CTRL_I_Ns(mctx->ctrl);
1418 uint8_t length;
1419 int rc;
1420
1421 LOGP(DLLAPDM, LOGL_NOTICE, "I received\n");
1422
1423 /* G.2.2 Wrong value of the C/R bit */
1424 if (LAPDm_ADDR_CR(mctx->addr) == le->cr.rem2loc.resp) {
1425 LOGP(DLLAPDM, LOGL_NOTICE, "I frame response not allowed\n");
1426 msgb_free(msg);
1427 rsl_rll_error(RLL_CAUSE_FRM_UNIMPL, mctx);
1428 return -EINVAL;
1429 }
1430
1431 length = msg->l2h[2] >> 2;
1432 if (length == 0 || length + 3 > mctx->n201) {
1433 /* G.4.2 If the length indicator of an I frame is set
1434 * to a numerical value L>N201 or L=0, an MDL-ERROR-INDICATION
1435 * primitive with cause "I frame with incorrect length"
1436 * is sent to the mobile management entity. */
1437 LOGP(DLLAPDM, LOGL_NOTICE, "I frame length not allowed\n");
1438 msgb_free(msg);
1439 rsl_rll_error(RLL_CAUSE_IFRM_INC_LEN, mctx);
1440 return -EIO;
1441 }
1442
1443 /* G.4.2 If the numerical value of L is L<N201 and the M
1444 * bit is set to "1", then an MDL-ERROR-INDICATION primitive with
1445 * cause "I frame with incorrect use of M bit" is sent to the
1446 * mobile management entity. */
1447 if ((msg->l2h[2] & LAPDm_MORE) && length + 3 < mctx->n201) {
1448 LOGP(DLLAPDM, LOGL_NOTICE, "I frame with M bit too short\n");
1449 msgb_free(msg);
1450 rsl_rll_error(RLL_CAUSE_IFRM_INC_MBITS, mctx);
1451 return -EIO;
1452 }
1453
1454 switch (dl->state) {
1455 case LAPDm_STATE_IDLE:
1456 /* if P=1, respond DM with F=1 (5.2.2) */
1457 /* 5.4.5 all other frame types shall be discarded */
1458 if (LAPDm_CTRL_PF_BIT(mctx->ctrl))
1459 lapdm_send_dm(mctx); /* F=P */
1460 /* fall though */
1461 case LAPDm_STATE_SABM_SENT:
1462 case LAPDm_STATE_DISC_SENT:
1463 LOGP(DLLAPDM, LOGL_NOTICE, "I frame ignored in this state\n");
1464 msgb_free(msg);
1465 return 0;
1466 }
1467
1468 /* 5.7.1: N(s) sequence error */
1469 if (ns != dl->V_recv) {
1470 LOGP(DLLAPDM, LOGL_NOTICE, "N(S) sequence error: N(S)=%u, "
1471 "V(R)=%u\n", ns, dl->V_recv);
1472 /* discard data */
1473 msgb_free(msg);
1474 if (!dl->seq_err_cond) {
1475 /* FIXME: help me understand what exactly todo here
1476 dl->seq_err_cond = 1;
1477 */
1478 lapdm_send_rej(mctx, LAPDm_CTRL_PF_BIT(mctx->ctrl));
1479 } else {
1480 }
1481 return -EIO;
1482 }
1483 dl->seq_err_cond = 0;
1484
1485 /* Increment receiver state */
1486 dl->V_recv = inc_mod8(dl->V_recv);
1487 LOGP(DLLAPDM, LOGL_NOTICE, "incrementing V(R) to %u\n", dl->V_recv);
1488
1489 /* 5.5.3.1: Acknowlege all transmitted frames up the the N(R)-1 */
1490 lapdm_acknowledge(mctx); /* V(A) is also set here */
1491
1492 /* Only if we are not in own receiver busy condition */
1493 if (!dl->own_busy) {
1494 /* if the frame carries a complete segment */
1495 if (!(msg->l2h[2] & LAPDm_MORE)
1496 && !dl->rcv_buffer) {
1497 LOGP(DLLAPDM, LOGL_INFO, "message in single I frame\n");
1498 /* send a DATA INDICATION to L3 */
1499 msg->l3h = msg->l2h + 3;
1500 msgb_pull_l2h(msg);
1501 msg->len = length;
1502 msg->tail = msg->data + length;
1503 rc = send_rslms_rll_l3(RSL_MT_DATA_IND, mctx, msg);
1504 } else {
1505 /* create rcv_buffer */
1506 if (!dl->rcv_buffer) {
1507 LOGP(DLLAPDM, LOGL_INFO, "message in multiple I "
1508 "frames (first message)\n");
1509 dl->rcv_buffer = msgb_alloc_headroom(200+56, 56,
1510 "LAPDm RX");
1511 dl->rcv_buffer->l3h = dl->rcv_buffer->data;
1512 }
1513 /* concat. rcv_buffer */
1514 if (msgb_l3len(dl->rcv_buffer) + length > 200) {
1515 LOGP(DLLAPDM, LOGL_NOTICE, "Received frame "
1516 "overflow!\n");
1517 } else {
1518 memcpy(msgb_put(dl->rcv_buffer, length),
1519 msg->l2h + 3, length);
1520 }
1521 /* if the last segment was received */
1522 if (!(msg->l2h[2] & LAPDm_MORE)) {
1523 LOGP(DLLAPDM, LOGL_INFO, "message in multiple I "
1524 "frames (last message)\n");
1525 rc = send_rslms_rll_l3(RSL_MT_DATA_IND, mctx,
1526 dl->rcv_buffer);
1527 dl->rcv_buffer = NULL;
1528 } else
1529 LOGP(DLLAPDM, LOGL_INFO, "message in multiple I "
1530 "frames (next message)\n");
1531 msgb_free(msg);
1532
1533 }
1534 } else
1535 LOGP(DLLAPDM, LOGL_INFO, "I frame ignored during own receiver "
1536 "busy condition\n");
1537
1538 /* Check for P bit */
1539 if (LAPDm_CTRL_PF_BIT(mctx->ctrl)) {
1540 /* 5.5.2.1 */
1541 /* check if we are not in own receiver busy */
1542 if (!dl->own_busy) {
1543 LOGP(DLLAPDM, LOGL_INFO, "we are not busy, send RR\n");
1544 /* Send RR with F=1 */
1545 rc = lapdm_send_rr(mctx, 1);
1546 } else {
1547 LOGP(DLLAPDM, LOGL_INFO, "we are busy, send RNR\n");
1548 /* Send RNR with F=1 */
1549 rc = lapdm_send_rnr(mctx, 1);
1550 }
1551 } else {
1552 /* 5.5.2.2 */
1553 /* check if we are not in own receiver busy */
1554 if (!dl->own_busy) {
1555 /* NOTE: V(R) is already set above */
1556 rc = rslms_send_i(mctx, __LINE__);
1557 if (rc) {
1558 LOGP(DLLAPDM, LOGL_INFO, "we are not busy and "
1559 "have no pending data, send RR\n");
1560 /* Send RR with F=0 */
1561 return lapdm_send_rr(mctx, 0);
1562 }
1563 /* all I or one RR is sent, we are done */
1564 return 0;
1565 } else {
1566 LOGP(DLLAPDM, LOGL_INFO, "we are busy, send RNR\n");
1567 /* Send RNR with F=0 */
1568 rc = lapdm_send_rnr(mctx, 0);
1569 }
1570 }
1571
1572 /* Send message, if possible due to acknowledged data */
1573 rslms_send_i(mctx, __LINE__);
1574
1575 return rc;
1576}
1577
1578/* Receive a LAPDm message from L1 */
1579static int lapdm_ph_data_ind(struct msgb *msg, struct lapdm_msg_ctx *mctx)
1580{
1581 int rc;
1582
1583 /* G.2.3 EA bit set to "0" is not allowed in GSM */
1584 if (!LAPDm_ADDR_EA(mctx->addr)) {
1585 LOGP(DLLAPDM, LOGL_NOTICE, "EA bit 0 is not allowed in GSM\n");
1586 msgb_free(msg);
1587 rsl_rll_error(RLL_CAUSE_FRM_UNIMPL, mctx);
1588 return -EINVAL;
1589 }
1590
1591 if (LAPDm_CTRL_is_U(mctx->ctrl))
1592 rc = lapdm_rx_u(msg, mctx);
1593 else if (LAPDm_CTRL_is_S(mctx->ctrl))
1594 rc = lapdm_rx_s(msg, mctx);
1595 else if (LAPDm_CTRL_is_I(mctx->ctrl))
1596 rc = lapdm_rx_i(msg, mctx);
1597 else {
1598 LOGP(DLLAPDM, LOGL_NOTICE, "unknown LAPDm format\n");
1599 msgb_free(msg);
1600 rc = -EINVAL;
1601 }
1602 return rc;
1603}
1604
1605/* input into layer2 (from layer 1) */
1606static int l2_ph_data_ind(struct msgb *msg, struct lapdm_entity *le, uint8_t chan_nr, uint8_t link_id)
1607{
1608 uint8_t cbits = chan_nr >> 3;
Harald Welte64207742011-06-27 23:32:14 +0200[diff] [blame]1609 uint8_t sapi; /* we cannot take SAPI from link_id, as L1 has no clue */
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]1610 struct lapdm_msg_ctx mctx;
1611 int rc = 0;
1612
1613 /* when we reach here, we have a msgb with l2h pointing to the raw
1614 * 23byte mac block. The l1h has already been purged. */
1615
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]1616 mctx.chan_nr = chan_nr;
1617 mctx.link_id = link_id;
1618 mctx.addr = mctx.ctrl = 0;
1619
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]1620 /* check for L1 chan_nr/link_id and determine LAPDm hdr format */
1621 if (cbits == 0x10 || cbits == 0x12) {
1622 /* Format Bbis is used on BCCH and CCCH(PCH, NCH and AGCH) */
1623 mctx.lapdm_fmt = LAPDm_FMT_Bbis;
1624 mctx.n201 = N201_Bbis;
Harald Welte64207742011-06-27 23:32:14 +0200[diff] [blame]1625 sapi = 0;
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]1626 } else {
1627 if (mctx.link_id & 0x40) {
Harald Welte7ca604b2011-06-29 12:13:51 +0200[diff] [blame]1628 /* It was received from network on SACCH */
1629
1630 /* If sent by BTS, lapdm_fmt must be B4 */
1631 if (le->mode == LAPDM_MODE_MS) {
1632 mctx.lapdm_fmt = LAPDm_FMT_B4;
1633 mctx.n201 = N201_B4;
1634 LOGP(DLLAPDM, LOGL_INFO, "fmt=B4\n");
1635 } else {
1636 mctx.lapdm_fmt = LAPDm_FMT_B;
1637 mctx.n201 = N201_AB_SACCH;
1638 LOGP(DLLAPDM, LOGL_INFO, "fmt=B\n");
1639 }
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]1640 /* SACCH frames have a two-byte L1 header that
1641 * OsmocomBB L1 doesn't strip */
1642 mctx.tx_power_ind = msg->l2h[0] & 0x1f;
1643 mctx.ta_ind = msg->l2h[1];
1644 msgb_pull(msg, 2);
1645 msg->l2h += 2;
Harald Welte64207742011-06-27 23:32:14 +0200[diff] [blame]1646 sapi = (msg->l2h[0] >> 2) & 7;
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]1647 } else {
1648 mctx.lapdm_fmt = LAPDm_FMT_B;
1649 LOGP(DLLAPDM, LOGL_INFO, "fmt=B\n");
1650 mctx.n201 = 23; // FIXME: select correct size by chan.
Harald Welte64207742011-06-27 23:32:14 +0200[diff] [blame]1651 sapi = (msg->l2h[0] >> 2) & 7;
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]1652 }
1653 }
1654
Harald Welte64207742011-06-27 23:32:14 +0200[diff] [blame]1655 mctx.dl = datalink_for_sapi(le, sapi);
1656 /* G.2.1 No action on frames containing an unallocated SAPI. */
1657 if (!mctx.dl) {
1658 LOGP(DLLAPDM, LOGL_NOTICE, "Received frame for unsupported "
1659 "SAPI %d!\n", sapi);
Harald Welte64207742011-06-27 23:32:14 +0200[diff] [blame]1660 msgb_free(msg);
1661 return -EIO;
1662 }
1663
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]1664 switch (mctx.lapdm_fmt) {
1665 case LAPDm_FMT_A:
1666 case LAPDm_FMT_B:
1667 case LAPDm_FMT_B4:
1668 mctx.addr = msg->l2h[0];
1669 if (!(mctx.addr & 0x01)) {
1670 LOGP(DLLAPDM, LOGL_ERROR, "we don't support "
1671 "multibyte addresses (discarding)\n");
1672 msgb_free(msg);
1673 return -EINVAL;
1674 }
1675 mctx.ctrl = msg->l2h[1];
1676 /* obtain SAPI from address field */
1677 mctx.link_id |= LAPDm_ADDR_SAPI(mctx.addr);
1678 rc = lapdm_ph_data_ind(msg, &mctx);
1679 break;
1680 case LAPDm_FMT_Bter:
1681 /* FIXME */
1682 msgb_free(msg);
1683 break;
1684 case LAPDm_FMT_Bbis:
1685 /* directly pass up to layer3 */
1686 LOGP(DLLAPDM, LOGL_INFO, "fmt=Bbis UI\n");
1687 msg->l3h = msg->l2h;
1688 msgb_pull_l2h(msg);
1689 rc = send_rslms_rll_l3(RSL_MT_UNIT_DATA_IND, &mctx, msg);
1690 break;
1691 default:
1692 msgb_free(msg);
1693 }
1694
1695 return rc;
1696}
1697
1698/* input into layer2 (from layer 1) */
1699static int l2_ph_rach_ind(struct lapdm_entity *le, uint8_t ra, uint32_t fn, uint8_t acc_delay)
1700{
1701 struct abis_rsl_cchan_hdr *ch;
1702 struct gsm48_req_ref req_ref;
1703 struct gsm_time gt;
1704 struct msgb *msg = msgb_alloc_headroom(512, 64, "RSL CHAN RQD");
1705
1706 msg->l2h = msgb_push(msg, sizeof(*ch));
1707 ch = (struct abis_rsl_cchan_hdr *)msg->l2h;
1708 rsl_init_cchan_hdr(ch, RSL_MT_CHAN_RQD);
1709 ch->chan_nr = RSL_CHAN_RACH;
1710
1711 /* generate a RSL CHANNEL REQUIRED message */
1712 gsm_fn2gsmtime(&gt, fn);
1713 req_ref.ra = ra;
1714 req_ref.t1 = gt.t1; /* FIXME: modulo? */
1715 req_ref.t2 = gt.t2;
1716 req_ref.t3_low = gt.t3 & 7;
1717 req_ref.t3_high = gt.t3 >> 3;
1718
1719 msgb_tv_fixed_put(msg, RSL_IE_REQ_REFERENCE, 3, (uint8_t *) &req_ref);
1720 msgb_tv_put(msg, RSL_IE_ACCESS_DELAY, acc_delay);
1721
1722 return rslms_sendmsg(msg, le);
1723}
1724
1725static int l2_ph_chan_conf(struct msgb *msg, struct lapdm_entity *le, uint32_t frame_nr);
1726
Harald Welte6bdf0b12011-08-17 18:22:08 +0200[diff] [blame]1727/*! \brief Receive a PH-SAP primitive from L1 */
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]1728int lapdm_phsap_up(struct osmo_prim_hdr *oph, struct lapdm_entity *le)
1729{
1730 struct osmo_phsap_prim *pp = (struct osmo_phsap_prim *) oph;
1731 int rc = 0;
1732
1733 if (oph->sap != SAP_GSM_PH) {
1734 LOGP(DLLAPDM, LOGL_ERROR, "primitive for unknown SAP %u\n",
1735 oph->sap);
1736 return -ENODEV;
1737 }
1738
1739 switch (oph->primitive) {
1740 case PRIM_PH_DATA:
1741 if (oph->operation != PRIM_OP_INDICATION) {
1742 LOGP(DLLAPDM, LOGL_ERROR, "PH_DATA is not INDICATION %u\n",
1743 oph->operation);
1744 return -ENODEV;
1745 }
1746 rc = l2_ph_data_ind(oph->msg, le, pp->u.data.chan_nr,
1747 pp->u.data.link_id);
1748 break;
1749 case PRIM_PH_RTS:
1750 if (oph->operation != PRIM_OP_INDICATION) {
1751 LOGP(DLLAPDM, LOGL_ERROR, "PH_RTS is not INDICATION %u\n",
1752 oph->operation);
1753 return -ENODEV;
1754 }
1755 rc = l2_ph_data_conf(oph->msg, le);
1756 break;
1757 case PRIM_PH_RACH:
1758 switch (oph->operation) {
1759 case PRIM_OP_INDICATION:
1760 rc = l2_ph_rach_ind(le, pp->u.rach_ind.ra, pp->u.rach_ind.fn,
1761 pp->u.rach_ind.acc_delay);
1762 break;
1763 case PRIM_OP_CONFIRM:
1764 rc = l2_ph_chan_conf(oph->msg, le, pp->u.rach_ind.fn);
1765 break;
1766 default:
1767 return -EIO;
1768 }
1769 break;
1770 }
1771
1772 return rc;
1773}
1774
1775
1776/* L3 -> L2 / RSLMS -> LAPDm */
1777
1778/* L3 requests establishment of data link */
1779static int rslms_rx_rll_est_req(struct msgb *msg, struct lapdm_datalink *dl)
1780{
1781 struct lapdm_entity *le = dl->entity;
1782 struct abis_rsl_rll_hdr *rllh = msgb_l2(msg);
1783 uint8_t chan_nr = rllh->chan_nr;
1784 uint8_t link_id = rllh->link_id;
1785 uint8_t sapi = rllh->link_id & 7;
1786 struct tlv_parsed tv;
1787 uint8_t length;
1788 uint8_t n201 = 23; //FIXME
1789
1790 /* Set chan_nr and link_id for established connection */
1791 memset(&dl->mctx, 0, sizeof(dl->mctx));
1792 dl->mctx.dl = dl;
1793 dl->mctx.n201 = n201;
1794 dl->mctx.chan_nr = chan_nr;
1795 dl->mctx.link_id = link_id;
1796
1797 rsl_tlv_parse(&tv, rllh->data, msgb_l2len(msg)-sizeof(*rllh));
1798 if (TLVP_PRESENT(&tv, RSL_IE_L3_INFO)) {
1799 msg->l3h = TLVP_VAL(&tv, RSL_IE_L3_INFO);
1800 /* contention resolution establishment procedure */
1801 if (sapi != 0) {
1802 /* According to clause 6, the contention resolution
1803 * procedure is only permitted with SAPI value 0 */
1804 LOGP(DLLAPDM, LOGL_ERROR, "SAPI != 0 but contention"
1805 "resolution (discarding)\n");
1806 msgb_free(msg);
1807 return send_rll_simple(RSL_MT_REL_IND, &dl->mctx);
1808 }
1809 /* transmit a SABM command with the P bit set to "1". The SABM
1810 * command shall contain the layer 3 message unit */
1811 length = TLVP_LEN(&tv, RSL_IE_L3_INFO);
1812 LOGP(DLLAPDM, LOGL_INFO, "perform establishment with content "
1813 "(SABM)\n");
1814 } else {
1815 /* normal establishment procedure */
1816 length = 0;
1817 LOGP(DLLAPDM, LOGL_INFO, "perform normal establishm. (SABM)\n");
1818 }
1819
1820 /* check if the layer3 message length exceeds N201 */
1821 if (length + 3 > 21) { /* FIXME: do we know the channel N201? */
1822 LOGP(DLLAPDM, LOGL_ERROR, "frame too large: %d > N201(%d) "
1823 "(discarding)\n", length + 3, 21);
1824 msgb_free(msg);
1825 return send_rll_simple(RSL_MT_REL_IND, &dl->mctx);
1826 }
1827
1828 /* Flush send-queue */
1829 /* Clear send-buffer */
1830 lapdm_dl_flush_send(dl);
1831
1832 /* Discard partly received L3 message */
1833 if (dl->rcv_buffer) {
1834 msgb_free(dl->rcv_buffer);
1835 dl->rcv_buffer = NULL;
1836 }
1837
1838 /* Remove RLL header from msgb */
1839 msgb_pull_l2h(msg);
1840
1841 /* Push LAPDm header on msgb */
1842 msg->l2h = msgb_push(msg, 3);
1843 msg->l2h[0] = LAPDm_ADDR(LAPDm_LPD_NORMAL, sapi, le->cr.loc2rem.cmd);
1844 msg->l2h[1] = LAPDm_CTRL_U(LAPDm_U_SABM, 1);
1845 msg->l2h[2] = LAPDm_LEN(length);
1846 /* Transmit-buffer carries exactly one segment */
1847 memcpy(dl->tx_hist[0], msg->l2h, 3 + length);
1848 dl->tx_length[0] = 3 + length;
1849 /* set Vs to 0, because it is used as index when resending SABM */
1850 dl->V_send = 0;
1851
1852 /* Set states */
1853 dl->own_busy = dl->peer_busy = 0;
1854 dl->retrans_ctr = 0;
1855 lapdm_dl_newstate(dl, LAPDm_STATE_SABM_SENT);
1856
1857 /* Tramsmit and start T200 */
1858 osmo_timer_schedule(&dl->t200, T200);
1859 return tx_ph_data_enqueue(dl, msg, chan_nr, link_id, n201);
1860}
1861
1862/* L3 requests transfer of unnumbered information */
1863static int rslms_rx_rll_udata_req(struct msgb *msg, struct lapdm_datalink *dl)
1864{
1865 struct lapdm_entity *le = dl->entity;
1866 struct abis_rsl_rll_hdr *rllh = msgb_l2(msg);
1867 uint8_t chan_nr = rllh->chan_nr;
1868 uint8_t link_id = rllh->link_id;
1869 uint8_t sapi = link_id & 7;
1870 struct tlv_parsed tv;
1871 int length;
1872 uint8_t n201 = 23; //FIXME
1873 uint8_t ta = 0, tx_power = 0;
1874
1875 /* check if the layer3 message length exceeds N201 */
1876
1877 rsl_tlv_parse(&tv, rllh->data, msgb_l2len(msg)-sizeof(*rllh));
1878
1879 if (TLVP_PRESENT(&tv, RSL_IE_TIMING_ADVANCE)) {
1880 ta = *TLVP_VAL(&tv, RSL_IE_TIMING_ADVANCE);
1881 }
1882 if (TLVP_PRESENT(&tv, RSL_IE_MS_POWER)) {
1883 tx_power = *TLVP_VAL(&tv, RSL_IE_MS_POWER);
1884 }
1885 if (!TLVP_PRESENT(&tv, RSL_IE_L3_INFO)) {
1886 LOGP(DLLAPDM, LOGL_ERROR, "unit data request without message "
1887 "error\n");
1888 msgb_free(msg);
1889 return -EINVAL;
1890 }
1891 msg->l3h = TLVP_VAL(&tv, RSL_IE_L3_INFO);
1892 length = TLVP_LEN(&tv, RSL_IE_L3_INFO);
1893 /* check if the layer3 message length exceeds N201 */
1894 if (length + 5 > 23) { /* FIXME: do we know the channel N201? */
1895 LOGP(DLLAPDM, LOGL_ERROR, "frame too large: %d > N201(%d) "
1896 "(discarding)\n", length + 5, 23);
1897 msgb_free(msg);
1898 return -EIO;
1899 }
1900
1901 LOGP(DLLAPDM, LOGL_INFO, "sending unit data (tx_power=%d, ta=%d)\n",
1902 tx_power, ta);
1903
1904 /* Remove RLL header from msgb */
1905 msgb_pull_l2h(msg);
1906
1907 /* Push L1 + LAPDm header on msgb */
1908 msg->l2h = msgb_push(msg, 2 + 3);
1909 msg->l2h[0] = tx_power;
1910 msg->l2h[1] = ta;
1911 msg->l2h[2] = LAPDm_ADDR(LAPDm_LPD_NORMAL, sapi, le->cr.loc2rem.cmd);
1912 msg->l2h[3] = LAPDm_CTRL_U(LAPDm_U_UI, 0);
1913 msg->l2h[4] = LAPDm_LEN(length);
1914 // FIXME: short L2 header support
1915
1916 /* Tramsmit */
1917 return tx_ph_data_enqueue(dl, msg, chan_nr, link_id, n201);
1918}
1919
1920/* L3 requests transfer of acknowledged information */
1921static int rslms_rx_rll_data_req(struct msgb *msg, struct lapdm_datalink *dl)
1922{
1923 struct abis_rsl_rll_hdr *rllh = msgb_l2(msg);
1924 struct tlv_parsed tv;
1925
1926 rsl_tlv_parse(&tv, rllh->data, msgb_l2len(msg)-sizeof(*rllh));
1927 if (!TLVP_PRESENT(&tv, RSL_IE_L3_INFO)) {
1928 LOGP(DLLAPDM, LOGL_ERROR, "data request without message "
1929 "error\n");
1930 msgb_free(msg);
1931 return -EINVAL;
1932 }
1933 msg->l3h = TLVP_VAL(&tv, RSL_IE_L3_INFO);
1934
1935 LOGP(DLLAPDM, LOGL_INFO, "writing message to send-queue\n");
1936
1937 /* Remove the RSL/RLL header */
1938 msgb_pull_l2h(msg);
1939
1940 /* Write data into the send queue */
1941 msgb_enqueue(&dl->send_queue, msg);
1942
1943 /* Send message, if possible */
1944 rslms_send_i(&dl->mctx, __LINE__);
1945 return 0;
1946}
1947
1948/* Send next I frame from queued/buffered data */
1949static int rslms_send_i(struct lapdm_msg_ctx *mctx, int line)
1950{
1951 struct lapdm_datalink *dl = mctx->dl;
1952 struct lapdm_entity *le = dl->entity;
1953 uint8_t chan_nr = mctx->chan_nr;
1954 uint8_t link_id = mctx->link_id;
1955 uint8_t sapi = link_id & 7;
1956 int k = k_sapi[sapi];
1957 struct msgb *msg;
1958 int length, left;
1959 int rc = - 1; /* we sent nothing */
1960
1961 LOGP(DLLAPDM, LOGL_INFO, "%s() called from line %d\n", __func__, line);
1962
1963 next_frame:
1964
1965 if (dl->peer_busy) {
1966 LOGP(DLLAPDM, LOGL_INFO, "peer busy, not sending\n");
1967 return rc;
1968 }
1969
1970 if (dl->state == LAPDm_STATE_TIMER_RECOV) {
1971 LOGP(DLLAPDM, LOGL_INFO, "timer recovery, not sending\n");
1972 return rc;
1973 }
1974
1975 /* If the send state variable V(S) is equal to V(A) plus k
1976 * (where k is the maximum number of outstanding I frames - see
1977 * subclause 5.8.4), the data link layer entity shall not transmit any
1978 * new I frames, but shall retransmit an I frame as a result
1979 * of the error recovery procedures as described in subclauses 5.5.4 and
1980 * 5.5.7. */
1981 if (dl->V_send == add_mod8(dl->V_ack, k)) {
1982 LOGP(DLLAPDM, LOGL_INFO, "k frames outstanding, not sending "
1983 "more (k=%u V(S)=%u V(A)=%u)\n", k, dl->V_send,
1984 dl->V_ack);
1985 return rc;
1986 }
1987
1988 /* if we have no tx_hist yet, we create it */
1989 if (!dl->tx_length[dl->V_send]) {
1990 /* Get next message into send-buffer, if any */
1991 if (!dl->send_buffer) {
1992 next_message:
1993 dl->send_out = 0;
1994 dl->send_buffer = msgb_dequeue(&dl->send_queue);
1995 /* No more data to be sent */
1996 if (!dl->send_buffer)
1997 return rc;
1998 LOGP(DLLAPDM, LOGL_INFO, "get message from "
1999 "send-queue\n");
2000 }
2001
2002 /* How much is left in the send-buffer? */
2003 left = msgb_l3len(dl->send_buffer) - dl->send_out;
2004 /* Segment, if data exceeds N201 */
2005 length = left;
2006 if (length > mctx->n201 - 3)
2007 length = mctx->n201 - 3;
2008 LOGP(DLLAPDM, LOGL_INFO, "msg-len %d sent %d left %d N201 %d "
2009 "length %d first byte %02x\n",
2010 msgb_l3len(dl->send_buffer), dl->send_out, left,
2011 mctx->n201, length, dl->send_buffer->l3h[0]);
2012 /* If message in send-buffer is completely sent */
2013 if (left == 0) {
2014 msgb_free(dl->send_buffer);
2015 dl->send_buffer = NULL;
2016 goto next_message;
2017 }
2018
2019 LOGP(DLLAPDM, LOGL_INFO, "send I frame %sV(S)=%d\n",
2020 (left > length) ? "segment " : "", dl->V_send);
2021
2022 /* Create I frame (segment) and transmit-buffer content */
2023 msg = msgb_alloc_headroom(23+10, 10, "LAPDm I");
2024 msg->l2h = msgb_put(msg, 3 + length);
2025 msg->l2h[0] = LAPDm_ADDR(LAPDm_LPD_NORMAL, sapi, le->cr.loc2rem.cmd);
2026 msg->l2h[1] = LAPDm_CTRL_I(dl->V_recv, dl->V_send, 0);
2027 msg->l2h[2] = LAPDm_LEN(length);
2028 if (left > length)
2029 msg->l2h[2] |= LAPDm_MORE;
2030 memcpy(msg->l2h + 3, dl->send_buffer->l3h + dl->send_out,
2031 length);
2032 memcpy(dl->tx_hist[dl->V_send], msg->l2h, 3 + length);
2033 dl->tx_length[dl->V_send] = 3 + length;
2034 /* Add length to track how much is already in the tx buffer */
2035 dl->send_out += length;
2036 } else {
2037 LOGP(DLLAPDM, LOGL_INFO, "resend I frame from tx buffer "
2038 "V(S)=%d\n", dl->V_send);
2039
2040 /* Create I frame (segment) from tx_hist */
2041 length = dl->tx_length[dl->V_send];
2042 msg = msgb_alloc_headroom(23+10, 10, "LAPDm I");
2043 msg->l2h = msgb_put(msg, length);
2044 memcpy(msg->l2h, dl->tx_hist[dl->V_send], length);
2045 msg->l2h[1] = LAPDm_CTRL_I(dl->V_recv, dl->V_send, 0);
2046 }
2047
2048 /* The value of the send state variable V(S) shall be incremented by 1
2049 * at the end of the transmission of the I frame */
2050 dl->V_send = inc_mod8(dl->V_send);
2051
2052 /* If timer T200 is not running at the time right before transmitting a
2053 * frame, when the PH-READY-TO-SEND primitive is received from the
2054 * physical layer., it shall be set. */
2055 if (!osmo_timer_pending(&dl->t200))
2056 osmo_timer_schedule(&dl->t200, T200);
2057
2058 tx_ph_data_enqueue(dl, msg, chan_nr, link_id, mctx->n201);
2059
2060 rc = 0; /* we sent something */
2061 goto next_frame;
2062}
2063
2064/* L3 requests suspension of data link */
2065static int rslms_rx_rll_susp_req(struct msgb *msg, struct lapdm_datalink *dl)
2066{
2067 struct abis_rsl_rll_hdr *rllh = msgb_l2(msg);
2068 uint8_t sapi = rllh->link_id & 7;
2069
2070 if (sapi != 0) {
2071 LOGP(DLLAPDM, LOGL_ERROR, "SAPI != 0 while suspending\n");
2072 msgb_free(msg);
2073 return -EINVAL;
2074 }
2075
2076 LOGP(DLLAPDM, LOGL_INFO, "perform suspension\n");
2077
2078 /* put back the send-buffer to the send-queue (first position) */
2079 if (dl->send_buffer) {
2080 LOGP(DLLAPDM, LOGL_INFO, "put frame in sendbuffer back to "
2081 "queue\n");
2082 llist_add(&dl->send_buffer->list, &dl->send_queue);
2083 dl->send_buffer = NULL;
2084 } else
2085 LOGP(DLLAPDM, LOGL_INFO, "no frame in sendbuffer\n");
2086
2087 /* Clear transmit buffer, but keep send buffer */
2088 lapdm_dl_flush_tx(dl);
2089
2090 msgb_free(msg);
2091
2092 return send_rll_simple(RSL_MT_SUSP_CONF, &dl->mctx);
2093}
2094
2095/* L3 requests resume of data link */
2096static int rslms_rx_rll_res_req(struct msgb *msg, struct lapdm_datalink *dl)
2097{
2098 struct lapdm_entity *le = dl->entity;
2099 struct abis_rsl_rll_hdr *rllh = msgb_l2(msg);
2100 uint8_t chan_nr = rllh->chan_nr;
2101 uint8_t link_id = rllh->link_id;
2102 uint8_t sapi = rllh->link_id & 7;
2103 struct tlv_parsed tv;
2104 uint8_t length;
2105 uint8_t n201 = 23; //FIXME
2106
2107 /* Set chan_nr and link_id for established connection */
2108 memset(&dl->mctx, 0, sizeof(dl->mctx));
2109 dl->mctx.dl = dl;
2110 dl->mctx.n201 = n201;
2111 dl->mctx.chan_nr = chan_nr;
2112 dl->mctx.link_id = link_id;
2113
2114 rsl_tlv_parse(&tv, rllh->data, msgb_l2len(msg)-sizeof(*rllh));
2115 if (!TLVP_PRESENT(&tv, RSL_IE_L3_INFO)) {
2116 LOGP(DLLAPDM, LOGL_ERROR, "resume without message error\n");
2117 msgb_free(msg);
2118 return send_rll_simple(RSL_MT_REL_IND, &dl->mctx);
2119 }
2120 length = TLVP_LEN(&tv, RSL_IE_L3_INFO);
2121
2122 LOGP(DLLAPDM, LOGL_INFO, "perform re-establishment (SABM) length=%d\n",
2123 length);
2124
2125 /* Replace message in the send-buffer (reconnect) */
2126 if (dl->send_buffer)
2127 msgb_free(dl->send_buffer);
2128 dl->send_out = 0;
2129 if (length) {
2130 /* Remove the RSL/RLL header */
2131 msgb_pull_l2h(msg);
2132 /* Write data into the send buffer, to be sent first */
2133 dl->send_buffer = msg;
2134 }
2135
2136 /* Discard partly received L3 message */
2137 if (dl->rcv_buffer) {
2138 msgb_free(dl->rcv_buffer);
2139 dl->rcv_buffer = NULL;
2140 }
2141
2142 /* Create new msgb (old one is now free) */
2143 msg = msgb_alloc_headroom(23+10, 10, "LAPDm SABM");
2144 msg->l2h = msgb_put(msg, 3);
2145 msg->l2h[0] = LAPDm_ADDR(LAPDm_LPD_NORMAL, sapi, le->cr.loc2rem.cmd);
2146 msg->l2h[1] = LAPDm_CTRL_U(LAPDm_U_SABM, 1);
2147 msg->l2h[2] = LAPDm_LEN(0);
2148 /* Transmit-buffer carries exactly one segment */
2149 memcpy(dl->tx_hist[0], msg->l2h, 3);
2150 dl->tx_length[0] = 3;
2151 /* set Vs to 0, because it is used as index when resending SABM */
2152 dl->V_send = 0;
2153
2154 /* Set states */
2155 dl->own_busy = dl->peer_busy = 0;
2156 dl->retrans_ctr = 0;
2157 lapdm_dl_newstate(dl, LAPDm_STATE_SABM_SENT);
2158
2159 /* Tramsmit and start T200 */
2160 osmo_timer_schedule(&dl->t200, T200);
2161 return tx_ph_data_enqueue(dl, msg, chan_nr, link_id, n201);
2162}
2163
2164/* L3 requests release of data link */
2165static int rslms_rx_rll_rel_req(struct msgb *msg, struct lapdm_datalink *dl)
2166{
2167 struct lapdm_entity *le = dl->entity;
2168 struct abis_rsl_rll_hdr *rllh = msgb_l2(msg);
2169 uint8_t chan_nr = rllh->chan_nr;
2170 uint8_t link_id = rllh->link_id;
2171 uint8_t sapi = rllh->link_id & 7;
2172 uint8_t mode = 0;
2173
2174 /* get release mode */
2175 if (rllh->data[0] == RSL_IE_RELEASE_MODE)
2176 mode = rllh->data[1] & 1;
2177
2178 /* local release */
2179 if (mode) {
2180 LOGP(DLLAPDM, LOGL_INFO, "perform local release\n");
2181 msgb_free(msg);
2182 /* reset Timer T200 */
2183 osmo_timer_del(&dl->t200);
2184 /* enter idle state */
2185 lapdm_dl_newstate(dl, LAPDm_STATE_IDLE);
2186 /* flush buffers */
2187 lapdm_dl_flush_tx(dl);
2188 lapdm_dl_flush_send(dl);
2189 /* send notification to L3 */
2190 return send_rll_simple(RSL_MT_REL_CONF, &dl->mctx);
2191 }
2192
2193 /* in case we are already disconnecting */
2194 if (dl->state == LAPDm_STATE_DISC_SENT)
2195 return -EBUSY;
2196
2197 LOGP(DLLAPDM, LOGL_INFO, "perform normal release (DISC)\n");
2198
2199 /* Pull rllh */
2200 msgb_pull(msg, msg->tail - msg->l2h);
2201
2202 /* Push LAPDm header on msgb */
2203 msg->l2h = msgb_push(msg, 3);
2204 msg->l2h[0] = LAPDm_ADDR(LAPDm_LPD_NORMAL, sapi, le->cr.loc2rem.cmd);
2205 msg->l2h[1] = LAPDm_CTRL_U(LAPDm_U_DISC, 1);
2206 msg->l2h[2] = LAPDm_LEN(0);
2207 /* Transmit-buffer carries exactly one segment */
2208 memcpy(dl->tx_hist[0], msg->l2h, 3);
2209 dl->tx_length[0] = 3;
2210
2211 /* Set states */
2212 dl->own_busy = dl->peer_busy = 0;
2213 dl->retrans_ctr = 0;
2214 lapdm_dl_newstate(dl, LAPDm_STATE_DISC_SENT);
2215
2216 /* Tramsmit and start T200 */
2217 osmo_timer_schedule(&dl->t200, T200);
2218 return tx_ph_data_enqueue(dl, msg, chan_nr, link_id, dl->mctx.n201);
2219}
2220
2221/* L3 requests release in idle state */
2222static int rslms_rx_rll_rel_req_idle(struct msgb *msg, struct lapdm_datalink *dl)
2223{
2224 msgb_free(msg);
2225
2226 /* send notification to L3 */
2227 return send_rll_simple(RSL_MT_REL_CONF, &dl->mctx);
2228}
2229
2230/* L3 requests channel in idle state */
2231static int rslms_rx_chan_rqd(struct lapdm_channel *lc, struct msgb *msg)
2232{
2233 struct abis_rsl_cchan_hdr *cch = msgb_l2(msg);
2234 void *l1ctx = lc->lapdm_dcch.l1_ctx;
2235 struct osmo_phsap_prim pp;
2236
2237 osmo_prim_init(&pp.oph, SAP_GSM_PH, PRIM_PH_RACH,
2238 PRIM_OP_REQUEST, NULL);
2239
2240 if (msgb_l2len(msg) < sizeof(*cch) + 4 + 2 + 2) {
2241 LOGP(DLLAPDM, LOGL_ERROR, "Message too short for CHAN RQD!\n");
2242 return -EINVAL;
2243 }
2244 if (cch->data[0] != RSL_IE_REQ_REFERENCE) {
2245 LOGP(DLLAPDM, LOGL_ERROR, "Missing REQ REFERENCE IE\n");
2246 return -EINVAL;
2247 }
2248 pp.u.rach_req.ra = cch->data[1];
2249 pp.u.rach_req.offset = ((cch->data[2] & 0x7f) << 8) | cch->data[3];
2250 pp.u.rach_req.is_combined_ccch = cch->data[2] >> 7;
2251
2252 if (cch->data[4] != RSL_IE_ACCESS_DELAY) {
2253 LOGP(DLLAPDM, LOGL_ERROR, "Missing ACCESS_DELAY IE\n");
2254 return -EINVAL;
2255 }
2256 /* TA = 0 - delay */
2257 pp.u.rach_req.ta = 0 - cch->data[5];
2258
2259 if (cch->data[6] != RSL_IE_MS_POWER) {
2260 LOGP(DLLAPDM, LOGL_ERROR, "Missing MS POWER IE\n");
2261 return -EINVAL;
2262 }
2263 pp.u.rach_req.tx_power = cch->data[7];
2264
2265 msgb_free(msg);
2266
2267 return lc->lapdm_dcch.l1_prim_cb(&pp.oph, l1ctx);
2268}
2269
2270/* L1 confirms channel request */
2271static int l2_ph_chan_conf(struct msgb *msg, struct lapdm_entity *le, uint32_t frame_nr)
2272{
2273 struct abis_rsl_cchan_hdr *ch;
2274 struct gsm_time tm;
2275 struct gsm48_req_ref *ref;
2276
2277 gsm_fn2gsmtime(&tm, frame_nr);
2278
2279 msgb_pull_l2h(msg);
2280 msg->l2h = msgb_push(msg, sizeof(*ch) + sizeof(*ref));
2281 ch = (struct abis_rsl_cchan_hdr *)msg->l2h;
2282 rsl_init_cchan_hdr(ch, RSL_MT_CHAN_CONF);
2283 ch->chan_nr = RSL_CHAN_RACH;
2284 ch->data[0] = RSL_IE_REQ_REFERENCE;
2285 ref = (struct gsm48_req_ref *) (ch->data + 1);
2286 ref->t1 = tm.t1;
2287 ref->t2 = tm.t2;
2288 ref->t3_low = tm.t3 & 0x7;
2289 ref->t3_high = tm.t3 >> 3;
2290
2291 return rslms_sendmsg(msg, le);
2292}
2293
2294const char *lapdm_state_names[] = {
2295 "LAPDm_STATE_NULL",
2296 "LAPDm_STATE_IDLE",
2297 "LAPDm_STATE_SABM_SENT",
2298 "LAPDm_STATE_MF_EST",
2299 "LAPDm_STATE_TIMER_RECOV",
2300 "LAPDm_STATE_DISC_SENT",
2301};
2302
2303/* statefull handling for RSLms RLL messages from L3 */
2304static struct l2downstate {
2305 uint32_t states;
2306 int type;
2307 int (*rout) (struct msgb *msg, struct lapdm_datalink *dl);
2308} l2downstatelist[] = {
2309 /* create and send UI command */
2310 {ALL_STATES,
2311 RSL_MT_UNIT_DATA_REQ, rslms_rx_rll_udata_req},
2312
2313 /* create and send SABM command */
2314 {SBIT(LAPDm_STATE_IDLE),
2315 RSL_MT_EST_REQ, rslms_rx_rll_est_req},
2316
2317 /* create and send I command */
2318 {SBIT(LAPDm_STATE_MF_EST) |
2319 SBIT(LAPDm_STATE_TIMER_RECOV),
2320 RSL_MT_DATA_REQ, rslms_rx_rll_data_req},
2321
2322 /* suspend datalink */
2323 {SBIT(LAPDm_STATE_MF_EST) |
2324 SBIT(LAPDm_STATE_TIMER_RECOV),
2325 RSL_MT_SUSP_REQ, rslms_rx_rll_susp_req},
2326
2327 /* create and send SABM command (resume) */
2328 {SBIT(LAPDm_STATE_MF_EST) |
2329 SBIT(LAPDm_STATE_TIMER_RECOV),
2330 RSL_MT_RES_REQ, rslms_rx_rll_res_req},
2331
2332 /* create and send SABM command (reconnect) */
2333 {SBIT(LAPDm_STATE_IDLE) |
2334 SBIT(LAPDm_STATE_MF_EST) |
2335 SBIT(LAPDm_STATE_TIMER_RECOV),
2336 RSL_MT_RECON_REQ, rslms_rx_rll_res_req},
2337
2338 /* create and send DISC command */
2339 {SBIT(LAPDm_STATE_SABM_SENT) |
2340 SBIT(LAPDm_STATE_MF_EST) |
2341 SBIT(LAPDm_STATE_TIMER_RECOV) |
2342 SBIT(LAPDm_STATE_DISC_SENT),
2343 RSL_MT_REL_REQ, rslms_rx_rll_rel_req},
2344
2345 /* release in idle state */
2346 {SBIT(LAPDm_STATE_IDLE),
2347 RSL_MT_REL_REQ, rslms_rx_rll_rel_req_idle},
2348};
2349
2350#define L2DOWNSLLEN \
2351 (sizeof(l2downstatelist) / sizeof(struct l2downstate))
2352
2353/* incoming RSLms RLL message from L3 */
2354static int rslms_rx_rll(struct msgb *msg, struct lapdm_channel *lc)
2355{
2356 struct abis_rsl_rll_hdr *rllh = msgb_l2(msg);
2357 int msg_type = rllh->c.msg_type;
2358 uint8_t sapi = rllh->link_id & 7;
2359 struct lapdm_entity *le;
2360 struct lapdm_datalink *dl;
2361 int i, supported = 0;
2362 int rc = 0;
2363
2364 if (msgb_l2len(msg) < sizeof(*rllh)) {
2365 LOGP(DLLAPDM, LOGL_ERROR, "Message too short for RLL hdr!\n");
2366 return -EINVAL;
2367 }
2368
2369 if (rllh->link_id & 0x40)
2370 le = &lc->lapdm_acch;
2371 else
2372 le = &lc->lapdm_dcch;
2373
2374 /* G.2.1 No action schall be taken on frames containing an unallocated
2375 * SAPI.
2376 */
2377 dl = datalink_for_sapi(le, sapi);
2378 if (!dl) {
2379 LOGP(DLLAPDM, LOGL_ERROR, "No instance for SAPI %d!\n", sapi);
2380 return -EINVAL;
2381 }
2382
2383 LOGP(DLLAPDM, LOGL_INFO, "(%p) RLL Message '%s' received in state %s\n",
2384 lc->name, rsl_msg_name(msg_type), lapdm_state_names[dl->state]);
2385
2386 /* find function for current state and message */
2387 for (i = 0; i < L2DOWNSLLEN; i++) {
2388 if (msg_type == l2downstatelist[i].type)
2389 supported = 1;
2390 if ((msg_type == l2downstatelist[i].type)
2391 && ((1 << dl->state) & l2downstatelist[i].states))
2392 break;
2393 }
2394 if (!supported) {
2395 LOGP(DLLAPDM, LOGL_NOTICE, "Message unsupported.\n");
2396 msgb_free(msg);
2397 return 0;
2398 }
2399 if (i == L2DOWNSLLEN) {
2400 LOGP(DLLAPDM, LOGL_NOTICE, "Message unhandled at this state.\n");
2401 msgb_free(msg);
2402 return 0;
2403 }
2404
2405 rc = l2downstatelist[i].rout(msg, dl);
2406
2407 return rc;
2408}
2409
2410/* incoming RSLms COMMON CHANNEL message from L3 */
2411static int rslms_rx_com_chan(struct msgb *msg, struct lapdm_channel *lc)
2412{
2413 struct abis_rsl_cchan_hdr *cch = msgb_l2(msg);
2414 int msg_type = cch->c.msg_type;
2415 int rc = 0;
2416
2417 if (msgb_l2len(msg) < sizeof(*cch)) {
2418 LOGP(DLLAPDM, LOGL_ERROR, "Message too short for COM CHAN hdr!\n");
2419 return -EINVAL;
2420 }
2421
2422 switch (msg_type) {
2423 case RSL_MT_CHAN_RQD:
2424 /* create and send RACH request */
2425 rc = rslms_rx_chan_rqd(lc, msg);
2426 break;
2427 default:
2428 LOGP(DLLAPDM, LOGL_NOTICE, "Unknown COMMON CHANNEL msg %d!\n",
2429 msg_type);
2430 msgb_free(msg);
2431 return 0;
2432 }
2433
2434 return rc;
2435}
2436
Harald Welte6bdf0b12011-08-17 18:22:08 +0200[diff] [blame]2437/*! \brief Receive a RSLms \ref msgb from Layer 3 */
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]2438int lapdm_rslms_recvmsg(struct msgb *msg, struct lapdm_channel *lc)
2439{
2440 struct abis_rsl_common_hdr *rslh = msgb_l2(msg);
2441 int rc = 0;
2442
2443 if (msgb_l2len(msg) < sizeof(*rslh)) {
2444 LOGP(DLLAPDM, LOGL_ERROR, "Message too short RSL hdr!\n");
2445 return -EINVAL;
2446 }
2447
2448 switch (rslh->msg_discr & 0xfe) {
2449 case ABIS_RSL_MDISC_RLL:
2450 rc = rslms_rx_rll(msg, lc);
2451 break;
2452 case ABIS_RSL_MDISC_COM_CHAN:
2453 rc = rslms_rx_com_chan(msg, lc);
2454 break;
2455 default:
2456 LOGP(DLLAPDM, LOGL_ERROR, "unknown RSLms message "
2457 "discriminator 0x%02x", rslh->msg_discr);
2458 msgb_free(msg);
2459 return -EINVAL;
2460 }
2461
2462 return rc;
2463}
2464
Harald Welte6bdf0b12011-08-17 18:22:08 +0200[diff] [blame]2465/*! \brief Set the \ref lapdm_mode of a LAPDm entity */
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]2466int lapdm_entity_set_mode(struct lapdm_entity *le, enum lapdm_mode mode)
2467{
2468 switch (mode) {
2469 case LAPDM_MODE_MS:
2470 le->cr.loc2rem.cmd = CR_MS2BS_CMD;
2471 le->cr.loc2rem.resp = CR_MS2BS_RESP;
2472 le->cr.rem2loc.cmd = CR_BS2MS_CMD;
2473 le->cr.rem2loc.resp = CR_BS2MS_RESP;
2474 break;
2475 case LAPDM_MODE_BTS:
2476 le->cr.loc2rem.cmd = CR_BS2MS_CMD;
2477 le->cr.loc2rem.resp = CR_BS2MS_RESP;
2478 le->cr.rem2loc.cmd = CR_MS2BS_CMD;
2479 le->cr.rem2loc.resp = CR_MS2BS_RESP;
2480 break;
2481 default:
2482 return -EINVAL;
2483 }
2484
2485 le->mode = mode;
2486
2487 return 0;
2488}
2489
Harald Welte6bdf0b12011-08-17 18:22:08 +0200[diff] [blame]2490/*! \brief Set the \ref lapdm_mode of a LAPDm channel*/
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]2491int lapdm_channel_set_mode(struct lapdm_channel *lc, enum lapdm_mode mode)
2492{
2493 int rc;
2494
2495 rc = lapdm_entity_set_mode(&lc->lapdm_dcch, mode);
2496 if (rc < 0)
2497 return rc;
2498
2499 return lapdm_entity_set_mode(&lc->lapdm_acch, mode);
2500}
2501
Harald Welte6bdf0b12011-08-17 18:22:08 +0200[diff] [blame]2502/*! \brief Set the L1 callback and context of a LAPDm channel */
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]2503void lapdm_channel_set_l1(struct lapdm_channel *lc, osmo_prim_cb cb, void *ctx)
2504{
2505 lc->lapdm_dcch.l1_prim_cb = cb;
2506 lc->lapdm_acch.l1_prim_cb = cb;
2507 lc->lapdm_dcch.l1_ctx = ctx;
2508 lc->lapdm_acch.l1_ctx = ctx;
2509}
2510
Harald Welte6bdf0b12011-08-17 18:22:08 +0200[diff] [blame]2511/*! \brief Set the L3 callback and context of a LAPDm channel */
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]2512void lapdm_channel_set_l3(struct lapdm_channel *lc, lapdm_cb_t cb, void *ctx)
2513{
2514 lc->lapdm_dcch.l3_cb = cb;
2515 lc->lapdm_acch.l3_cb = cb;
2516 lc->lapdm_dcch.l3_ctx = ctx;
2517 lc->lapdm_acch.l3_ctx = ctx;
2518}
2519
Harald Welte6bdf0b12011-08-17 18:22:08 +0200[diff] [blame]2520/*! \brief Reset an entire LAPDm entity and all its datalinks */
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]2521void lapdm_entity_reset(struct lapdm_entity *le)
2522{
2523 struct lapdm_datalink *dl;
2524 int i;
2525
2526 for (i = 0; i < ARRAY_SIZE(le->datalink); i++) {
2527 dl = &le->datalink[i];
2528 if (dl->state == LAPDm_STATE_IDLE)
2529 continue;
2530 LOGP(DLLAPDM, LOGL_INFO, "Resetting LAPDm instance\n");
2531 /* reset Timer T200 */
2532 osmo_timer_del(&dl->t200);
2533 /* enter idle state */
2534 dl->state = LAPDm_STATE_IDLE;
2535 /* flush buffer */
2536 lapdm_dl_flush_tx(dl);
2537 lapdm_dl_flush_send(dl);
2538 }
2539}
2540
Harald Welte6bdf0b12011-08-17 18:22:08 +0200[diff] [blame]2541/*! \brief Reset a LAPDm channel with all its entities */
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]2542void lapdm_channel_reset(struct lapdm_channel *lc)
2543{
2544 lapdm_entity_reset(&lc->lapdm_dcch);
2545 lapdm_entity_reset(&lc->lapdm_acch);
2546}
2547
Harald Welte6bdf0b12011-08-17 18:22:08 +0200[diff] [blame]2548/*! \brief Set the flags of a LAPDm entity */
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]2549void lapdm_entity_set_flags(struct lapdm_entity *le, unsigned int flags)
2550{
2551 le->flags = flags;
2552}
2553
Harald Welte6bdf0b12011-08-17 18:22:08 +0200[diff] [blame]2554/*! \brief Set the flags of all LAPDm entities in a LAPDm channel */
Harald Welte1f0b8c22011-06-27 10:51:37 +0200[diff] [blame]2555void lapdm_channel_set_flags(struct lapdm_channel *lc, unsigned int flags)
2556{
2557 lapdm_entity_set_flags(&lc->lapdm_dcch, flags);
2558 lapdm_entity_set_flags(&lc->lapdm_acch, flags);
2559}
Harald Welte6bdf0b12011-08-17 18:22:08 +0200[diff] [blame]2560
2561/*! }@ */