This way it fits better the structure where the general one counts all
rachs, and 11bit only the 11 bits. More per-type splitting will be done
in follow-up commits where new types are added.
Change-Id: Ibdfb10dcc65d71e98e2fe8b05001cafea786f071
If it's not single block packets access, then it's one phase packet
access. TS 44.018 Table 9.1.8.1:
"""
One phase packet access with request for single timeslot uplink transmission;
one PDCH is needed.
"""
Change-Id: Ic6beb6dcfebb77fd264b179b028f99a29c644fb1
ns_configure_nse() only sets bind when it doesn't exist yet. If it
already exists bind[i] stays NULL and causes a segfault in
gprs_ns2_is_ip_bind() later on.
This patch ensures bind[i] is either created of set to the existing
bind.
Change-Id: I103e82e6c64324c087a4ff325a83eeab0e5a4ee9
Related: SYS#4971
Fixup for previous patch, which forgot to update the pui using the new
variable, as done already in the same patch for M_NEXT_EXIST.
Change-Id: I92a04c708bcc6c15348324321e8890361bbc5c31
Fixes: 72cdb30ee2b1c0d71ff6d9583d51f46b2e5fdcea
If we decode Exist bit as "1" but we are at the end of the message, and
all the Next items we'd read are expected to be possibly NULL, then swap
the Exist bit in the decoded structure as "0" in order to tell the
decoder user that the related information structure is actually unset,
as if "0" was received.
Related: SYS#5552
Related: OS#4955
Related: OS#5020
Change-Id: I38602e4b680ed87297c7e440691a494c07cad446
All additional release fields are considered optional, and the
CSN_DESCR for Content_t already marks almost all as such, except
DownlinkDualCarrierCapability_r7.
It has been found that some MS transmits a MS RA Capability with a Length=61 bits
where the last bit in the buffer is setting the Exist bit for
DownlinkDualCarrierCapability_r7 as 1. Hence, the CSN1 decoder failed to
decode the whole message because it expected to keep reading there
despite there's no more bytes to read.
While this is could actually be considered an MS bug, let's relax our
expectancies and simply consider the case { 1 <end> } as it was { 0 },
and mark skip decoding DownlinkDualCarrierCapability_r7. That waht
wireshark (packet-gsm_a_gsm.c) or pycrate do for instance.
This patch itself doesn't fix the problem where actually the Exist bit
is stored as 1 in the output decoded structure, but simply allows keep
ongoing with decoding until the end. This issue will be fixed in a
follow-up patch.
Related: SYS#5552
Related: OS#4955
Related: OS#5020
Change-Id: I9a2541bd3544802a646890f32725201836abb0da
This RA Cap creaes a decoding error on our CSN1 decoder, but seems to be
handled properly by wireshark's own decoder as well as pycrate.
The ending bit of last byte in "MS RA capability 1" has a "1" which
according to spec should flag the existance of
DownlinkDualCarrierCapability_r7, but nothing else comes after it. This
matches the expectancies as per Length field of the first RA Cap.
Related: SYS#5552
Related: OS#4955
Related: OS#5020
Change-Id: I51235e8575f4b992b44078713ec67bbccfd13293
The CSN1 encoder/decoder code is already lengthy and complex enough,
there's no need to keep it in the same file, specially because when
debugging, only is interested in one of the 2 functions, and they both
look really similar (long spaghetti switches).
Change-Id: I7d1b1f7e6d7f89b052b3fd73a960419bb2673020
This way PCU always answers DATA.ind and the BTS can still clearly
identify idle frames. It also simplifies testing and verification of
correct behavior.
Related: SYS#4919
Change-Id: Ife718eeed2af011479c03099ea109518f04567bc
This function is expected to be used only on DL TBF so far, so let's
really assert to avoid going through if something is wrong and ending up
later with other issues.
Change-Id: If398ee48364fce5b5e38830b2b278b3bad9a48a2
Code above setting the timer in same tbf_fsm already has this kind of
assert, but it helps understanding the code having this assert here.
Change-Id: I7588deef5073694eb5fecdb516c241a04594e2b0
In that function, previous PDCHs are unlinked and then alloc_algorithm
is expected to assign new TFIs.
Change-Id: I7bcbb223ca32400bede7ab638695ba3c015c9946
Off the top of my head: The tbf_ was kept during a previous refactoring
a while ago to avoid changing lots of more lines in the same patch.
Change-Id: I8ae689a272b7c4d244576ff157f6019a87041abc
TSC is not really a property of a TBF, so let's drop it in order to avoid
confusing and possible misuse of that accessor.
Change-Id: I105eb65d507e45631faddb23420c42bc9560e580
There's no real need to pass a tlli per separate, the information is
already contained in the MS. Furthermore, when doing so, it becomes
clear the TLLI was only passed to set it again on the MS, so actually
that ms_update() can be totally dropped since it will act as a no-op.
Change-Id: Ie761c3c7c222458ab0514117ae637ad3267139a0
The situation holds true as long as the assignment is resolved. Hence,
it can also happen that the TBF is in RELEASE state, because it was
unable to do the assignment (and after retrying, MAX_N3105 moved it into
RELEASING).
Let's not explicitly check states, the other conditions should be
enough.
Related: SYS#5647
Change-Id: I05fb0ea44aeb3fbda9e8e1c449e9366efaa2c511
It doesn't make sense to keep asking the scheduler to retransmit Pkt Ul
Ass if the tbf_fsm already decided we are going to release the TBF.
It can be seen in following log extract:
"""
tbf_ul_ass_fsm.c:112 TBF(TFI=1 TLLI=0xe1c12303 DIR=UL STATE=ASSIGN EGPRS) start Packet Uplink Assignment (PACCH)
tbf_ul_ass_fsm.c:131 TBF(TFI=1 TLLI=0xe1c12303 DIR=UL STATE=ASSIGN EGPRS) Scheduled UL Assignment polling on PACCH (FN=612941, TS=7)
tbf_ul_ass_fsm.c:188 UL_ASS_TBF(UL-TFI_1)[849e50]{SEND_ASS}: state_chg to WAIT_ACK
pdch_ul_controller.c:330 PDCH(bts=0,trx=1,ts=7) Timeout for registered POLL (FN=612937, reason=DL_ASS): TBF(TFI=1 TLLI=0xe1c12303 DIR=UL STATE=ASSIGN EGPRS)
tbf.cpp:550 TBF(TFI=1 TLLI=0xe1c12303 DIR=UL STATE=ASSIGN EGPRS) poll timeout for FN=612937, TS=7 (curr FN 612937)
tbf.cpp:392 TBF(TFI=1 TLLI=0xe1c12303 DIR=UL STATE=ASSIGN EGPRS) N3105 exceeded MAX (8)
tbf.cpp:602 TBF(UL-TFI_1)[7bd530]{ASSIGN}: Received Event MAX_N3105
tbf_fsm.c:194 TBF(UL-TFI_1)[7bd530]{ASSIGN}: state_chg to RELEASING
pdch_ul_controller.c:330 PDCH(bts=0,trx=1,ts=7) Timeout for registered POLL (FN=612941, reason=UL_ASS): TBF(TFI=1 TLLI=0xe1c12303 DIR=UL STATE=RELEASING EGPRS)
tbf.cpp:550 TBF(TFI=1 TLLI=0xe1c12303 DIR=UL STATE=RELEASING EGPRS) poll timeout for FN=612941, TS=7 (curr FN 612941)
tbf.cpp:589 UL_ASS_TBF(UL-TFI_1)[849e50]{WAIT_ACK}: Received Event ASS_POLL_TIMEOUT
tbf_ul_ass_fsm.c:224 TBF(TFI=1 TLLI=0xe1c12303 DIR=UL STATE=RELEASING EGPRS) Timeout for polling PACKET CONTROL ACK for PACKET UPLINK ASSIGNMENT: |Assignment was on PACCH|No uplink data received yet|
tbf_ul_ass_fsm.c:226 UL_ASS_TBF(UL-TFI_1)[849e50]{WAIT_ACK}: state_chg to SEND_ASS
tbf_ul_ass_fsm.c:308 UL_ASS_TBF(UL-TFI_1)[849e50]{SEND_ASS}: Received Event CREATE_RLCMAC_MSG
tbf_ul_ass_fsm.c:112 TBF(TFI=1 TLLI=0xe1c12303 DIR=UL STATE=RELEASING EGPRS) start Packet Uplink Assignment (PACCH)
tbf_ul_ass_fsm.c:131 TBF(TFI=1 TLLI=0xe1c12303 DIR=UL STATE=RELEASING EGPRS) Scheduled UL Assignment polling on PACCH (FN=612976, TS=7)
tbf_ul_ass_fsm.c:188 UL_ASS_TBF(UL-TFI_1)[849e50]{SEND_ASS}: state_chg to WAIT_ACK
"""
Change-Id: I94243ff99dfaf3664a1a4b3c4c87b5104ba4f7d1
When MS sends us the Packet Resource Request as RRBP from final UL ACK/NACK, we create a new TBF
with a different set of allocated TS. However, we must send the Pkt UL Assignment with information
of the new TBF using that same TS where we receive the Packet Resource Request, which happens to
be the control TS of the previous/old TBF. The original control TS of the new TBF is kept in
tbf->first_common_ts.
Hence the code does gprs_rlcmac_pdch::rcv_resource_request():
"""
ul_tbf->control_ts = ts_no;
"""
And later, when we receive a CTRL ACK answering the Pkt UL Assigment, we change the control TS of
the new TBF back to the new one, by calling tbf_assign_control_ts(), which basically does:
"""
tbf->control_ts = tbf->first_common_ts;
"""
So, for instance we have a TBF which was allocated with tbf->control_ts=4 and hence is only attached
to PDCH 4 (tbf->pdch[]), but for which is temporarily applied tbf->control_ts=7. Hence, when a poll
is requested, it is done in control_ts, aka 7, which is not in the array of attached PDCH.
The problem is of course if we never reach the point where the final control_ts is set, due to never
receiving the CTRL ACK. If the TBF is freed (due to timer X2001) before receiving the CTRL ACK and
hence tbf_assign_control_ts() is called, a crash may occur, because potentially a poll for the TBF is
left in TS 7 because it's not a PDCH attached to the TBF and hence poll
entries on that TS are not released, hence keeping a pointer to the
freed TBF.
Related: SYS#5647
Change-Id: I0c49f2695e0d932d956c01976c9458eebee63cd4
Seen on a runnig osmo-pcu against real MS:
"""
pdch_ul_controller.c:329 PDCH(bts=0,trx=1,ts=7) Timeout for registered POLL (FN=751140): TBF(TFI=0 TLLI=0xe8c12143 DIR=UL STATE=ASSIGN EGPRS)
tbf.cpp:542 TBF(TFI=0 TLLI=0xe8c12143 DIR=UL STATE=ASSIGN EGPRS) poll timeout for FN=751140, TS=7 (curr FN 751140)
tbf.cpp:384 TBF(TFI=0 TLLI=0xe8c12143 DIR=UL STATE=ASSIGN EGPRS) N3105 exceeded MAX (8)
tbf.cpp:594 TBF(UL-TFI_0)[9bc050]{ASSIGN}: Received Event MAX_N3105
tbf.cpp:594 TBF(UL-TFI_0)[9bc050]{ASSIGN}: Event MAX_N3105 not permitted
"""
It was first though when FSMs where introduced that an FSM in ASSIGN
state could not receive this kind of event because it was believed to be
sending no CTRL blocks at all until flow state. That's because the
believe was that Assignment over PACCH was done by another existing TBF.
It turns out this is usually the case, but not in all cases. In at least
one case, the tbf object (and tbf_fsm/tbf_{ul,dl}_ass_fsm) itself is
handling its own assignment (hence eg. sending the UL assignment and waiting
response through tbf_ul_ass_fsm. This happens if a UL TBF sends a Pkt
Resource Req as a response to RRBP of final UL ACK/NACK in order to
request a new TBF, where it temporarily uses the control_ts of the
previous TBF to get a new Pkt UL Assignment over PACCH.
If Pkt Ul Assignment doesn't receive a CTRL ACK, tbf_ul_ass_fsm will
retrnamist it, until MAX_N3015 is reached (the event we failed to
handle until now). At this point, we really want to transition to
RELEASING in order to avoid keeping the TBF allocating resources (until
X2001 times out).
Related: SYS#5647
Change-Id: I86d5c1bbccd06673d08451b812d149e727404733
Move the required conditions to generate a message to the rts()
function, this way the scheduler knows this TBF cannot yet attempt the
procedure and hence will not request it to create a message which will
fail.
This way the scheduler will schedule other itneresting messages instead
of failing and scheduling a dummy block as a result.
Change-Id: Idbe4f9bbd23005a43c586b737cf9adc2114287e2
This helps distinguishing the case where a TBF is in the initial state
and the unexpected case where osmo_fsm_inst_state_name reports "NULL"
due to fi pointer being NULL.
Change-Id: Ieaabfc9fa0dedb299bcf4541783cf80e366a88c3
Let's only release PDCH ULC entry if it was indeed what we expected.
In other case, time it out.
Move the case in the switch statement to the start to easy function
readibility (early return style).
Change-Id: I3d8749acca8e7859295d73cce556b2083169f726
If we didn't expect this kind of UL messages according to pdch ULC, then
we shouldn't allow going forward and releasing the ULC entry: let it
time out instead so that TBF runs whatever appopiate action is needed in
this case, be it retransamission, releasing itself, etc.
Change-Id: I8ab3f5e4f2f802944269453db13a80c9ede67714
If it doesn't match out expectancies, it means we early return and hence
don't push forward / update whatever state was requested upon receival
of the UL message for the expected TBF. Hence, we shall not remove the
allocated ULC entry: in this scenario we need to keep it so that timeout
procedure times out and the tbf applies whatever measures are required,
be it retransmission, releasing itself, etc.
Change-Id: Ia69a7d92c4b5c98ec71a75605c8dc3a755e63a35
This one is larger than some of the other already available.
The decoder is wroking as expected here.
Change-Id: I5d986f68395326f894349446194090b1ddaecd69
Fixes following error log line:
"{RELEASING}: Event DL_ACKNACK_MISS not permitted"
Rationale: We may move to RELEASING state at some point, for instance
due to MAX_N3101/MAX_N3105 while still having some active poll
registered in some PDCH ulc. Upon that poll (most probably) timing out,
it will send a DL_ACKNACK_MISS event to us. Since we are already
determined to release the TBF (waiting for T3195 or T3169 to trigger),
simply ignore the event and avoid logging an error.
Fixes: OS#5240
Change-Id: Ibfb49356d2b3b5fccb6d59db8593b2256e5c51fb
This clarifies the different paths and uniforms them. Makes code far
easier to read and debug.
New improved verification already found some misehavior in some tests.
Change-Id: I7e4a88d6e004bbb7974595320ed73742162c7ad7
The test uses get_poll_fn() to submit a UL ctrl block on the next
expected poll TS+FN.
During initial transmit_dl_data(), 2 POLLs for DL_ACK are set on
different TS, but the test only updates the clock for one of them in
send_ul_mac_block(). As a result, one POLL item is left in the rb_tree,
and later on, when send_control_ack() is called, get_poll_fn() will pick
that 2nd DL_ACK poll FN+TS which was left untouched (due to sending no
events to the PCU clock) instead of the FN+TS which was expected to be
allocated by PCU for DL_ASS.
Until now this was not an issue since rcv_control_ack() was not properly
veirfying what the poll scheduler was expecting and accepted it. This is
no longer the case after the follow up patch refactoring
rcv_control_ack() and improving its robustness.
Change-Id: I3a4b089fe66a99e73e07bd1c690cd4d67752fad9
Move FSM internal state checks to its own file. Re-use the helper
function in the 2 places where same stuff is checked.
Change-Id: I9ded6e1c80e6cd7bcf6883bc2e853b6dafb33f7c