LAPDm bug: How to exit LAPDm_STATE_TIMER_RECOV state

Sylvain Munaut 246tnt at gmail.com
Sat Oct 23 16:28:55 UTC 2010


Hi,


In GSM 05.06 Section 5.5.7 at the end it says :

---
The timer recovery condition is only cleared if the data link layer
entity receives a valid supervisory frame response
with the F bit set to "1". If the N(R) of this received supervisory
frame is within the range from its current state variable
V(A) to its current send state variable V(S) inclusive, it shall set
its send state variable V(S) to the value of the received
N(R). Timer T200 shall be reset if the received supervisory frame
response is an RR or REJ response with F bit set to
"1". The data link layer entity shall then resume with I frame
transmission or retransmission, as appropriate.
Timer T200 shall be set if the received supervisory response is an RNR
response, and the data link layer shall proceed
with the enquiry process in accordance with subclause 5.5.5.
---

And I don't see where this is supposed to be handled in the code.


I tried this quick fix:

diff --git a/src/host/layer23/src/common/lapdm.c
b/src/host/layer23/src/common/lapdm.c
index b1c0d40..8bd42a7 100644
--- a/src/host/layer23/src/common/lapdm.c
+++ b/src/host/layer23/src/common/lapdm.c
@@ -1081,8 +1081,12 @@ static int lapdm_rx_s(struct msgb *msg, struct
lapdm_msg_ctx *mctx)
        /* 5.4.2.2: Inidcate error on supervisory reponse F=1 */
        if (LAPDm_ADDR_CR(mctx->addr) == CR_BS2MS_RESP
         && LAPDm_CTRL_PF_BIT(mctx->ctrl)) {
-               LOGP(DLAPDM, LOGL_NOTICE, "S frame response with F=1 error\n");
-               rsl_rll_error(RLL_CAUSE_UNSOL_SPRV_RESP, mctx);
+               if (dl->state != LAPDm_STATE_TIMER_RECOV) {
+                       LOGP(DLAPDM, LOGL_NOTICE, "S frame response
with F=1 error\n");
+                       rsl_rll_error(RLL_CAUSE_UNSOL_SPRV_RESP, mctx);
+               } else {
+                       dl->state = LAPDm_STATE_MF_EST;
+               }
        }

        switch (dl->state) {

which seems to fix the issue I encountered but my understanding of how
lapdm.c works is very limited and I doubt that it's all that's needed
to properly handle this case.



Cheers,

    Sylvain Munaut




More information about the baseband-devel mailing list