[XL] Change in osmocom-bb[master]: ASCI: Add group receive and transmit mode support to RR layer - gerrit-log

21 Sep 2023

jolly has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmocom-bb/+/34491?usp=email )
Change subject: ASCI: Add group receive and transmit mode support to RR layer
......................................................................
ASCI: Add group receive and transmit mode support to RR layer
Related: OS#5364
Change-Id: Ia55c182a1b4cde777a0e16dcfe0cd32e0f2e38eb
---
M src/host/layer23/include/osmocom/bb/common/settings.h
M src/host/layer23/include/osmocom/bb/mobile/gsm48_rr.h
M src/host/layer23/src/mobile/gsm48_rr.c
3 files changed, 1,384 insertions(+), 87 deletions(-)
git pull ssh://gerrit.osmocom.org:29418/osmocom-bb refs/changes/91/34491/1

diff --git a/src/host/layer23/include/osmocom/bb/common/settings.h b/src/host/layer23/include/osmocom/bb/common/settings.h
index 52b485d..efdc69a 100644
--- a/src/host/layer23/include/osmocom/bb/common/settings.h
+++ b/src/host/layer23/include/osmocom/bb/common/settings.h
@@ -188,6 +188,9 @@
/* Timeout for GSM 03.22 C7 state */
    uint8_t			any_timeout;
+
+	/* ASCI settings */
+	bool			uplink_release_local;
 };
struct gsm_settings_abbrev {
diff --git a/src/host/layer23/include/osmocom/bb/mobile/gsm48_rr.h b/src/host/layer23/include/osmocom/bb/mobile/gsm48_rr.h
index 9b73ab2..fdfb144 100644
--- a/src/host/layer23/include/osmocom/bb/mobile/gsm48_rr.h
+++ b/src/host/layer23/include/osmocom/bb/mobile/gsm48_rr.h
@@ -10,6 +10,9 @@
 #define	T200_DCCH_SHARED		2	/* SDCCH shares SAPI 0 and 3 */
 #define	T200_ACCH			2	/* SACCH SAPI 3 */
+/* GSM 04.08 RR timers */
+#define GSM_T3128_MS			1, 0	/* Uplink investigation timer. */
+#define GSM_T3130_MS			5, 0	/* Uplink access timeout. */
/* GSM 04.07 9.1.2 */
 #define	GSM48_RR_EST_REQ		0x10
@@ -23,6 +26,15 @@
 #define	GSM48_RR_ABORT_REQ		0x60
 #define	GSM48_RR_ABORT_IND		0x62
 #define	GSM48_RR_ACT_REQ		0x70
+/* These are non-stadard primitives, used for group receive/transmit modes. */
+#define	GSM48_RR_GROUP_REQ		0x80	/* Join a group channel in group receive mode. */
+#define	GSM48_RR_GROUP_CNF		0x81	/* Group channel has been joined. */
+#define	GSM48_RR_GROUP_REL_REQ		0x84	/* Release group channel. */
+#define	GSM48_RR_GROUP_REL_IND		0x86	/* Group channel has been released or failed. */
+#define	GSM48_RR_UPLINK_REQ		0x90	/* Request uplink for group transmit mode. */
+#define	GSM48_RR_UPLINK_CNF		0x91	/* Access granted. */
+#define	GSM48_RR_UPLINK_REL_REQ		0x94	/* Release uplink for group receive mode. */
+#define	GSM48_RR_UPLINK_REL_IND		0x96	/* Access denied or failed or uplink released. */
#define RR_EST_CAUSE_EMERGENCY		1
 #define RR_EST_CAUSE_REESTAB_TCH_F	2
@@ -45,6 +57,8 @@
 #define RR_REL_CAUSE_EMERGENCY_ONLY	6
 #define RR_REL_CAUSE_LOST_SIGNAL	7
 #define RR_REL_CAUSE_LINK_FAILURE	8
+#define RR_REL_CAUSE_UPLINK_BUSY	9
+#define RR_REL_CAUSE_UPLINK_REJECTED	10
#define RR_SYNC_CAUSE_CIPHERING		1
@@ -71,6 +85,11 @@
 #define GSM48_RR_ST_DEDICATED		2
 #define GSM48_RR_ST_REL_PEND		3
+/* group states */
+#define GSM48_RR_GST_OFF		0
+#define GSM48_RR_GST_RECEIVE		1
+#define GSM48_RR_GST_TRANSMIT		2
+
 /* special states for SAPI 3 link */
 #define GSM48_RR_SAPI3ST_IDLE		0
 #define GSM48_RR_SAPI3ST_WAIT_EST	1
@@ -197,6 +216,19 @@
    /* sapi 3 */
    uint8_t			sapi3_state;
    uint8_t			sapi3_link_id;
+
+	/* group call */
+	struct llist_head	notif_list;	/* list of received call notifications */
+	int			group_state;	/* extension to RR state for group transmit/receive modes */
+	struct gsm48_rr_cd	cd_group;	/* channel description of group call channel */
+	bool			uplink_free;	/* Is set, if uplink is currently free. */
+	int8_t			uic;		/* UIC to use for access burst (-1 for BSIC) */
+	bool			uplink_access;	/* The network wants us to send listener access bursts. */
+	struct osmo_timer_list	t_ul_free;	/* Uplink free timer. (480ms timer) */
+	struct osmo_timer_list	t3128;		/* Uplink investigation timer. */
+	struct osmo_timer_list	t3130;		/* Uplink access timer. */
+	int			uplink_tries;	/* Counts number of tries to access the uplink. */
+	int			uplink_counter;	/* Counts number of access bursts per 'try'. */
 };
const char *get_rr_name(int value);
diff --git a/src/host/layer23/src/mobile/gsm48_rr.c b/src/host/layer23/src/mobile/gsm48_rr.c
index 47817a7..bb453f1 100644
--- a/src/host/layer23/src/mobile/gsm48_rr.c
+++ b/src/host/layer23/src/mobile/gsm48_rr.c
@@ -34,6 +34,53 @@
  * When the assignment or handover fails, the old channel is activate and the
  * link is established again. Also pending messages are sent.
  *
+ * Group Channel:
+ *
+ * A group receive/transmit mode is not documented at GSM 04.07. The group
+ * receive mode is similar to the IDLE mode, except that the MS is listening
+ * to a TCH. The group transmit mode is similar to the DEDICATED mode. Special
+ * (undocumented) commands are used to enter group receive and transmit mode.
+ *
+ * There is a substate that indicates group receive/transmit mode. If the
+ * substate is set to group receive, the IDLE mode becomes the group receive
+ * mode. If the substate is set to group transmit, the dedicated mode becomes
+ * the group transmit mode. The substate set to group receive allows to enter
+ * regular dedicated mode and return back to group receive mode afterwards.
+ *
+ * new_rr_state(rr, GSM48_RR_ST_IDLE) is used to return to IDLE mode or to
+ * group receive mode, depending on the substate.
+ *
+ * The Uplink access on group channel:
+ *
+ * If the uplink is busy, wait until it becomes free (Uplink investigation
+ * procedure). Abort, if the procedure times out, if the VGCS UPLINK GRANT
+ * message is recived for a different talker.
+ *
+ * Request uplink using access bursts on TCH until an VGCS UPLINK GRANT is
+ * received. Abort, if it the procedure times out, if the uplink becomes busy,
+ * if the VGCS UPLINK GRANT message references a different frame numer.
+ *
+ * Establish layer 2 with TALKER INDICATION. Abort, if content resolution
+ * mismatches (RR_REL_IND), if link fails (MDL_ERROR), if uplink becomes free.
+ *
+ * Release uplink and wait until uplink becomes free. Abort, if UPLINK RELEASE
+ * is received or if uplink fails.
+ *
+ * New primitives are invented for group/broadcast calls. They are not
+ * specified in any recommendation. They are:
+ *
+ * GSM48_MM_EVENT_NOTIFICATION: Notify MM layer about received/ceased call.
+ * GSM48_MM_EVENT_UPLINK_BUSY: Notify MM layer about uplink becoming busy.
+ * GSM48_MM_EVENT_UPLINK_FREE: Notify MM layer about uplink becoming free.
+ *
+ * RR_GROUP_REQ: The MM layer requests group channel in receive mode.
+ * RR_GROUP_CNF: The RR confirms group channel.
+ * RR_GROUP_REL_REQ: The MM layer releases group channel.
+ * RR_GROUP_REL_IND: The RR indicates/confirms release of group channel.
+ * RR_UPLINK_REQ: The MM layer requests uplink (group transmit mode).
+ * RR_UPLINK_CNF: The RR layer confirms uplink. (Uplink was granted.)
+ * RR_UPLINK_REL_REQ: The MM layer requests release of uplink.
+ * RR_UPLINK_REL_IND: The RR layer indicates/confirms release of uplink
  */
/* Testing delayed (immediate) assignment / handover
@@ -84,6 +131,8 @@
#include <l1ctl_proto.h>
+static int gsm48_rr_render_ma(struct osmocom_ms *ms, struct gsm48_rr_cd *cd, uint16_t *ma, uint8_t *ma_len);
+static int gsm48_rr_activate_channel(struct osmocom_ms *ms, struct gsm48_rr_cd *cd, uint16_t *ma, uint8_t ma_len);
 static void start_rr_t_meas(struct gsm48_rrlayer *rr, int sec, int micro);
 static void stop_rr_t_starting(struct gsm48_rrlayer *rr);
 static void stop_rr_t3124(struct gsm48_rrlayer *rr);
@@ -93,6 +142,13 @@
 static int gsm48_rr_set_mode(struct osmocom_ms *ms, uint8_t chan_nr, uint8_t mode, uint8_t tch_flags);
 static int gsm48_rr_rel_cnf(struct osmocom_ms *ms, struct msgb *msg);
 int gsm414_rcv_test(struct osmocom_ms *ms, const struct msgb *msg);
+static int gsm48_rr_uplink_access(struct osmocom_ms *ms, struct msgb *msg);
+static int gsm48_rr_uplink_access_abort(struct osmocom_ms *ms, uint8_t cause);
+static int gsm48_rr_group_rel(struct osmocom_ms *ms, int cause);
+static int gsm48_rr_uplink_rel_req(struct osmocom_ms *ms, struct msgb *msg);
+static int gsm48_match_ra(struct osmocom_ms *ms, struct gsm48_req_ref *ref, int hist_num);
+static int gsm48_rr_tx_talker_indication(struct osmocom_ms *ms);
+static int gsm48_rr_uplink_status(struct osmocom_ms *ms, uint32_t event);
/*
  * support
@@ -348,19 +404,21 @@
static void new_rr_state(struct gsm48_rrlayer *rr, int state)
 {
+	struct osmocom_ms *ms = rr->ms;
+
    if (state < 0 || state >=
    	(sizeof(gsm48_rr_state_names) / sizeof(char *)))
    	return;
-	/* must check against equal state */
-	if (rr->state == state) {
+	/* Check against equal state or IDLE state. */
+	if (rr->state == state && state != GSM48_RR_ST_IDLE) {
    	LOGP(DRR, LOGL_INFO, "equal state ? %s\n",
    		gsm48_rr_state_names[rr->state]);
    	return;
    }
LOGP(DRR, LOGL_INFO, "new state %s -> %s\n",
-		gsm48_rr_state_names[rr->state], gsm48_rr_state_names[state]);
+	     gsm48_rr_state_names[rr->state], gsm48_rr_state_names[state]);
/* abort handover, in case of release of dedicated mode */
    if (rr->state == GSM48_RR_ST_DEDICATED) {
@@ -374,10 +432,15 @@
rr->state = state;
-	if (state == GSM48_RR_ST_IDLE) {
+	if (state != GSM48_RR_ST_IDLE)
+		return;
+
+	/* Return from dedicated/group receive/transmit mode to idle mode. (Trigger cell reselection.) */
+	if (rr->group_state == GSM48_RR_GST_OFF) {
    	struct msgb *msg, *nmsg;
    	struct gsm322_msg *em;
+		LOGP(DRR, LOGL_INFO, "Returning to IDLE mode.\n");
    	/* release dedicated mode, if any */
    	l1ctl_tx_dm_rel_req(rr->ms);
    	rr->ms->meas.rl_fail = 0;
@@ -420,6 +483,45 @@
    	msgb_free(nmsg);
    	/* reset any BA range */
    	rr->ba_ranges = 0;
+		return;
+	}
+
+	/* Return from dedicated mode to group receive mode.
+	 * This is not used, because we never enter dedicated mode during group receive/transmit mode.
+	 * It may be used later, if we support it in MM layer. */
+	if (rr->group_state == GSM48_RR_GST_RECEIVE) {
+		uint16_t ma[64];
+		uint8_t ma_len;
+		struct msgb *msg;
+
+		LOGP(DRR, LOGL_INFO, "Returning to GROUP RECEIVE mode.\n");
+		/* release dedicated mode, if any */
+		l1ctl_tx_dm_rel_req(rr->ms);
+		rr->ms->meas.rl_fail = 0;
+		rr->dm_est = 0;
+		l1ctl_tx_reset_req(rr->ms, L1CTL_RES_T_SCHED);
+		/* free establish message, if any */
+		rr->rr_est_req = 0;
+		if (rr->rr_est_msg) {
+			msgb_free(rr->rr_est_msg);
+			rr->rr_est_msg = NULL;
+		}
+		/* free all pending messages */
+		while((msg = msgb_dequeue(&rr->downqueue)))
+			msgb_free(msg);
+		/* reset ciphering */
+		rr->cipher_on = 0;
+		/* copy channel description "group mode" */
+		memcpy(&rr->cd_now, &rr->cd_group, sizeof(rr->cd_now));
+		/* render channel "group mode" */
+		gsm48_rr_render_ma(ms, &rr->cd_now, ma, &ma_len);
+		/* activate channel */
+		gsm48_rr_activate_channel(ms, &rr->cd_now, ma, ma_len);
+#ifdef WITH_GAPK_IO
+		/* clean-up GAPK state */
+		gapk_io_clean_up_ms(rr->ms);
+#endif
+		return;
    }
 }
@@ -460,6 +562,14 @@
    { GSM48_RR_ABORT_REQ,		"RR_ABORT_REQ" },
    { GSM48_RR_ABORT_IND,		"RR_ABORT_IND" },
    { GSM48_RR_ACT_REQ,		"RR_ACT_REQ" },
+	{ GSM48_RR_GROUP_REQ,		"RR_GROUP_REQ" },
+	{ GSM48_RR_GROUP_CNF,		"RR_GROUP_CNF" },
+	{ GSM48_RR_GROUP_REL_REQ,	"RR_GROUP_REL_REQ" },
+	{ GSM48_RR_GROUP_REL_IND,	"RR_GROUP_REL_IND" },
+	{ GSM48_RR_UPLINK_REQ,		"RR_UPLINK_REQ" },
+	{ GSM48_RR_UPLINK_CNF,		"RR_UPLINK_CNF" },
+	{ GSM48_RR_UPLINK_REL_REQ,	"RR_UPLINK_REL_REQ" },
+	{ GSM48_RR_UPLINK_REL_IND,	"RR_UPLINK_REL_IND" },
    { 0,				NULL }
 };
@@ -778,6 +888,36 @@
    new_rr_state(rr, GSM48_RR_ST_IDLE);
 }
+static void timeout_rr_t3128(void *arg)
+{
+	struct gsm48_rrlayer *rr = arg;
+	struct osmocom_ms *ms = rr->ms;
+
+	LOGP(DRR, LOGL_INFO, "timer T3128 has fired\n");
+
+	LOGP(DRR, LOGL_NOTICE, "Failed to access uplink, uplink did not become free.\n");
+	gsm48_rr_uplink_access_abort(ms, RR_REL_CAUSE_UPLINK_BUSY);
+}
+
+static void timeout_rr_t3130(void *arg)
+{
+	struct gsm48_rrlayer *rr = arg;
+	struct osmocom_ms *ms = rr->ms;
+
+	LOGP(DRR, LOGL_INFO, "timer T3130 has fired\n");
+
+	gsm48_rr_uplink_access(ms, NULL);
+}
+
+static void timeout_rr_t_ul_free(void *arg)
+{
+	struct gsm48_rrlayer *rr = arg;
+
+	LOGP(DRR, LOGL_INFO, "uplink free timer has fired\n");
+	rr->uplink_free = false;
+	gsm48_rr_uplink_status(rr->ms, GSM48_MM_EVENT_UPLINK_BUSY);
+}
+
 static void start_rr_t_meas(struct gsm48_rrlayer *rr, int sec, int micro)
 {
    rr->t_meas.cb = timeout_rr_meas;
@@ -830,6 +970,33 @@
    osmo_timer_schedule(&rr->t3126, sec, micro);
 }
+static void start_rr_t3128(struct gsm48_rrlayer *rr, int sec, int micro)
+{
+	LOGP(DRR, LOGL_INFO, "starting T3128 with %d.%03d seconds\n", sec,
+		micro / 1000);
+	rr->t3128.cb = timeout_rr_t3128;
+	rr->t3128.data = rr;
+	osmo_timer_schedule(&rr->t3128, sec, micro);
+}
+
+static void start_rr_t3130(struct gsm48_rrlayer *rr, int sec, int micro)
+{
+	LOGP(DRR, LOGL_INFO, "starting T3130 with %d.%03d seconds\n", sec,
+		micro / 1000);
+	rr->t3130.cb = timeout_rr_t3130;
+	rr->t3130.data = rr;
+	osmo_timer_schedule(&rr->t3130, sec, micro);
+}
+
+static void start_rr_t_ul_free(struct gsm48_rrlayer *rr)
+{
+	if (!osmo_timer_pending(&rr->t_ul_free))
+		LOGP(DRR, LOGL_INFO, "starting uplink free timer\n");
+	rr->t_ul_free.cb = timeout_rr_t_ul_free;
+	rr->t_ul_free.data = rr;
+	osmo_timer_schedule(&rr->t_ul_free, 0, 480000);
+}
+
 static void stop_rr_t_meas(struct gsm48_rrlayer *rr)
 {
    if (osmo_timer_pending(&rr->t_meas)) {
@@ -886,6 +1053,30 @@
    }
 }
+static void stop_rr_t3128(struct gsm48_rrlayer *rr)
+{
+	if (osmo_timer_pending(&rr->t3128)) {
+		LOGP(DRR, LOGL_INFO, "stopping pending timer T3128\n");
+		osmo_timer_del(&rr->t3128);
+	}
+}
+
+static void stop_rr_t3130(struct gsm48_rrlayer *rr)
+{
+	if (osmo_timer_pending(&rr->t3130)) {
+		LOGP(DRR, LOGL_INFO, "stopping pending timer T3130\n");
+		osmo_timer_del(&rr->t3130);
+	}
+}
+
+static void stop_rr_t_ul_free(struct gsm48_rrlayer *rr)
+{
+	if (osmo_timer_pending(&rr->t_ul_free)) {
+		LOGP(DRR, LOGL_INFO, "stopping pending uplink free timer\n");
+		osmo_timer_del(&rr->t_ul_free);
+	}
+}
+
 /*
  * status
  */
@@ -1284,6 +1475,558 @@
 }
/*
+ * VGCS uplink control
+ */
+
+/* UPLINK BUSY (9.1.46) */
+static int gsm48_rr_rx_uplink_busy(struct osmocom_ms *ms, struct msgb *msg)
+{
+	struct gsm48_rrlayer *rr = &ms->rrlayer;
+
+	LOGP(DRR, LOGL_INFO, "UPLINK BUSY\n");
+
+	/* Only allow when in some group mode. */
+	if (rr->group_state == GSM48_RR_GST_OFF)
+		return 0;
+
+	/* Uplink is busy now. */
+	if (rr->uplink_free) {
+		rr->uplink_free = false;
+		gsm48_rr_uplink_status(ms, GSM48_MM_EVENT_UPLINK_BUSY);
+	}
+	stop_rr_t_ul_free(rr);
+
+	/* Abort during uplink investigation or access procedure. */
+	if (osmo_timer_pending(&rr->t3128) || osmo_timer_pending(&rr->t3130)) {
+		LOGP(DRR, LOGL_NOTICE, "Abort uplink access, due to busy uplink.\n");
+		return gsm48_rr_uplink_access_abort(ms, RR_REL_CAUSE_UPLINK_BUSY);
+	}
+
+	return 0;
+}
+
+/* UPLINK FREE (9.1.47) */
+static int gsm48_rr_rx_uplink_free(struct osmocom_ms *ms, struct msgb *msg)
+{
+	struct gsm48_rrlayer *rr = &ms->rrlayer;
+	struct bitvec bv;
+	bool uplink_access = false;
+	int8_t uic = -1;
+	uint8_t *mode;
+	bool group_channel;
+
+	bv = (struct bitvec) {
+		.data_len = msgb_l3len(msg),
+		.data = msgb_l3(msg),
+		.cur_bit = 8,
+	};
+
+	/* Uplink Access */
+	if (bitvec_get_bit_high(&bv) == H)
+		uplink_access = true;
+
+	/* UIC */
+	if (bitvec_get_bit_high(&bv) == H) {
+		uic = bitvec_get_uint(&bv, 6);
+	}
+
+	/* Note: Emergency Indicator not used. */
+
+	/* Do not flood the logging with UPLINK FREE messages. Log only on the fist received message. */
+	if (!osmo_timer_pending(&rr->t_ul_free))
+		LOGP(DRR, LOGL_INFO, "UPLINK FREE (uplink access=%s, uic=%d)\n", (uplink_access) ? "true" : "false",
+		     uic);
+
+	/* Uplink is free now. */
+	if (!rr->uplink_free) {
+		rr->uplink_free = true;
+		gsm48_rr_uplink_status(ms, GSM48_MM_EVENT_UPLINK_FREE);
+	}
+	rr->uic = uic;
+	rr->uplink_access = uplink_access;
+	start_rr_t_ul_free(rr);
+
+	/* We can be in group mode or in dedicated mode. When we are in dedicated mode and we receive UPLINK FREE,
+	 * we know that we are actually on a group channel. This is the actual confirm to the UPLINK RELEASE message
+	 * on a group channel. We must then release layer 2 locally and indicate channel release toward upper layer.
+	 *
+	 * When we are in group transmit mode, we return to group receive mode and also release layer 2 locally and
+	 * indicate uplink release towards upper layer.
+	 *
+	 * When we are waiting for a free uplink (T3128 is running), we start uplink access. While accessing the
+	 * uplink, we ignore further UPLINK FREE messages.
+	 */
+	group_channel = (rr->group_state != GSM48_RR_GST_OFF);
+
+	if (group_channel) {
+		/* Start uplink access. */
+		if (osmo_timer_pending(&rr->t3128)) {
+			rr->uplink_tries = 3;
+			return gsm48_rr_uplink_access(ms, NULL);
+		}
+
+		/* Ignore uplink free messages while accessing uplink. */
+		if (osmo_timer_pending(&rr->t3130))
+			return 0;
+	}
+
+	/* Any time in group transmit mode or dedicated mode, release on uplink free. */
+	if (rr->state == GSM48_RR_ST_DEDICATED || rr->state == GSM48_RR_ST_REL_PEND) {
+		struct msgb *nmsg;
+
+		LOGP(DRR, LOGL_INFO, "Uplink becomes free, send (local) release to layer 2.\n");
+
+		/* Go into pending release state if not already.
+		 * We are already in pending relese state when we release uplink normally.
+		 * If we receive UPLINK FREE while we release normally, we abort layer 2. */
+		if (rr->state != GSM48_RR_ST_REL_PEND)
+			new_rr_state(rr, GSM48_RR_ST_REL_PEND);
+
+		/* release message */
+		nmsg = gsm48_l3_msgb_alloc();
+		if (!nmsg)
+			return -ENOMEM;
+		mode = msgb_put(nmsg, 2);
+		mode[0] = RSL_IE_RELEASE_MODE;
+		mode[1] = RSL_REL_LOCAL_END;
+		gsm48_send_rsl_nol3(ms, RSL_MT_REL_REQ, nmsg, 0);
+
+		return 0;
+	}
+
+	return 0;
+}
+
+/* UPLINK RELEASE (9.1.48) */
+static int gsm48_rr_rx_uplink_release(struct osmocom_ms *ms, struct msgb *msg)
+{
+	struct gsm48_rrlayer *rr = &ms->rrlayer;
+	struct gsm48_hdr *gh = msgb_l3(msg);
+	struct gsm48_uplink_release *ur = (struct gsm48_uplink_release *)gh->data;
+	int payload_len = msgb_l3len(msg) - sizeof(*gh) - sizeof(*ur);
+
+	if (payload_len < 0) {
+		LOGP(DRR, LOGL_NOTICE, "Short UPLINK RELEASE message.\n");
+		return -EINVAL;
+	}
+
+	LOGP(DRR, LOGL_INFO, "UPLINK RELEASE with cause 0x%02x\n", ur->rr_cause);
+
+	/* Only allow when in some group mode. */
+	if (rr->group_state == GSM48_RR_GST_OFF)
+		return 0;
+
+	if (rr->state == GSM48_RR_ST_DEDICATED && rr->group_state == GSM48_RR_GST_TRANSMIT)
+		return gsm48_rr_uplink_access_abort(ms, RR_REL_CAUSE_NORMAL);
+
+	return 0;
+}
+
+/* Release of channel on VGCS/VBS. */
+static int gsm48_rr_rx_chan_rel_ui(struct osmocom_ms *ms, struct msgb *msg)
+{
+	struct gsm48_rrlayer *rr = &ms->rrlayer;
+	struct gsm48_hdr *gh = msgb_l3(msg);
+	struct gsm48_chan_rel *cr = (struct gsm48_chan_rel *)gh->data;
+	int payload_len = msgb_l3len(msg) - sizeof(*gh) - sizeof(*cr);
+	struct tlv_parsed tp;
+
+	if (payload_len < 0) {
+		LOGP(DRR, LOGL_NOTICE, "Short read of CHANNEL RELEASE "
+			"message.\n");
+		return gsm48_rr_tx_rr_status(ms,
+			GSM48_RR_CAUSE_PROT_ERROR_UNSPC);
+	}
+	tlv_parse(&tp, &gsm48_rr_att_tlvdef, cr->data, payload_len, 0, 0);
+
+	LOGP(DRR, LOGL_INFO, "CHANNEL RELESE via UI frame with cause 0x%02x\n", cr->rr_cause);
+
+	/* Only allow when in group receive mode. */
+	if (rr->group_state != GSM48_RR_GST_RECEIVE)
+		return 0;
+
+	return gsm48_rr_group_rel(ms, RR_REL_CAUSE_NORMAL);
+}
+
+/* VGCS UPLINK GRANT (9.1.49) */
+static int gsm48_rr_rx_vgcs_uplink_grant(struct osmocom_ms *ms, struct msgb *msg)
+{
+	struct gsm48_rrlayer *rr = &ms->rrlayer;
+	struct gsm48_sysinfo *s = &ms->cellsel.sel_si;
+	struct gsm_settings *set = &ms->settings;
+	struct gsm0408_vgcs_ul_grant *ug = msgb_l3(msg);
+	int ug_len = msgb_l3len(msg) - sizeof(*ug);
+
+	LOGP(DRR, LOGL_INFO, "VGCS UPLINK GRANT\n");
+
+	if (ug_len < 0) {
+		LOGP(DRR, LOGL_NOTICE, "Short read of VGCS UPLINK GRANT message.\n");
+		return -EINVAL;
+	}
+
+	/* Only allow when in some group mode. */
+	if (rr->group_state == GSM48_RR_GST_OFF)
+		return 0;
+
+	/* Uplink is busy now. */
+	if (rr->uplink_free) {
+		rr->uplink_free = false;
+		gsm48_rr_uplink_status(rr->ms, GSM48_MM_EVENT_UPLINK_BUSY);
+	}
+	stop_rr_t_ul_free(rr);
+
+	/* Abort during uplink investigation or access procedure. */
+	if (osmo_timer_pending(&rr->t3128)) {
+		LOGP(DRR, LOGL_NOTICE, "Abort uplink access, other phone accessing the uplink.\n");
+		return gsm48_rr_uplink_access_abort(ms, RR_REL_CAUSE_UPLINK_BUSY);
+	}
+
+	/* We are not waiting for the uplink to be granted. */
+	if (!osmo_timer_pending(&rr->t3130))
+		return 0;
+
+	/* Stop timer. */
+	stop_rr_t3130(rr);
+
+	/* Check if message is for our request. */
+	if (!gsm48_match_ra(ms, &ug->req_ref, 5)) {
+		LOGP(DRR, LOGL_NOTICE, "Abort uplink access, other phone gets uplink access granted.\n");
+		return gsm48_rr_uplink_access_abort(ms, RR_REL_CAUSE_UPLINK_BUSY);
+	}
+
+	LOGP(DRR, LOGL_INFO, "Access to uplink has been granted.\n");
+
+	/* Set initial power and timing advance. */
+	rr->cd_now.ind_tx_power = s->ms_txpwr_max_cch;
+	rr->cd_now.ind_ta = ug->ta;
+	LOGP(DRR, LOGL_INFO, "Applying initial ta and tx_power\n");
+	l1ctl_tx_param_req(ms, rr->cd_now.ind_ta - set->alter_delay,
+			   (set->alter_tx_power) ? set->alter_tx_power_value : s->ms_txpwr_max_cch);
+
+	/* Turn on transmitter. */
+	rr->cd_now.tch_flags &= ~(L1CTL_TCH_FLAG_RXONLY);
+	gsm48_rr_set_mode(ms, rr->cd_now.chan_nr, rr->cd_now.mode, rr->cd_now.tch_flags);
+
+	/* Complete group transmit mode. */
+	new_rr_state(rr, GSM48_RR_ST_DEDICATED);
+
+	/* Establish layer 2 connection. */
+	return gsm48_rr_tx_talker_indication(ms);
+}
+
+/* send rr uplink release */
+static int gsm48_rr_tx_uplink_release(struct osmocom_ms *ms, uint8_t cause)
+{
+	struct msgb *nmsg;
+	struct gsm48_hdr *gh;
+	struct gsm48_uplink_release *ur;
+
+	LOGP(DRR, LOGL_INFO, "UPLINK RELEASE (cause #%d)\n", cause);
+
+	nmsg = gsm48_l3_msgb_alloc();
+	if (!nmsg)
+		return -ENOMEM;
+	gh = (struct gsm48_hdr *) msgb_put(nmsg, sizeof(*gh));
+	ur = (struct gsm48_uplink_release *) msgb_put(nmsg, sizeof(*ur));
+
+	gh->proto_discr = GSM48_PDISC_RR;
+	gh->msg_type = GSM48_MT_RR_UPLINK_RELEASE;
+	ur->rr_cause = cause;
+
+	return gsm48_send_rsl(ms, RSL_MT_DATA_REQ, nmsg, 0);
+}
+
+/* send talker indication */
+static int gsm48_rr_tx_talker_indication(struct osmocom_ms *ms)
+{
+	struct gsm48_rrlayer *rr = &ms->rrlayer;
+	struct msgb *nmsg;
+	struct gsm48_hdr *gh;
+	struct gsm48_talker_indication *ti;
+
+	LOGP(DRR, LOGL_INFO, "TALKER INDICATION\n");
+
+	nmsg = gsm48_l3_msgb_alloc();
+	if (!nmsg)
+		return -ENOMEM;
+	gh = (struct gsm48_hdr *) msgb_put(nmsg, sizeof(*gh));
+	ti = (struct gsm48_talker_indication *) msgb_put(nmsg, sizeof(*ti));
+
+	gh->proto_discr = GSM48_PDISC_RR;
+	gh->msg_type = GSM48_MT_RR_TALKER_IND;
+
+	/* classmark 2 */
+	ti->cm2_len = sizeof(ti->cm2);
+	gsm48_rr_enc_cm2(ms, &ti->cm2, rr->cd_now.arfcn);
+	/* mobile identity (Use TMSI if available.) */
+	gsm48_encode_mi(ms, nmsg, false, GSM_MI_TYPE_TMSI, false);
+
+	/* start establishmnet */
+	return gsm48_send_rsl(ms, RSL_MT_EST_REQ, nmsg, 0);
+}
+
+struct asci_notif {
+	struct llist_head	entry;
+	struct gsm48_rrlayer	*rr;
+	uint8_t			gcr[5];
+	bool			ch_desc_present;
+	struct gsm48_chan_desc	ch_desc;
+	struct osmo_timer_list	timer;
+};
+
+/* When does a notification received from NCH expires. */
+#define NOTIFICATION_TIMEOUT	5
+
+static void asci_notif_timeout(void *arg);
+
+/* Add new notification to list. */
+static struct asci_notif *asci_notif_alloc(struct gsm48_rrlayer *rr, uint8_t *gcr)
+{
+	struct asci_notif *notif;
+
+	notif = talloc_zero(rr->ms, struct asci_notif);
+	if (!notif)
+		return NULL;
+	notif->rr = rr;
+	memcpy(notif->gcr, gcr, sizeof(notif->gcr));
+	llist_add_tail(&notif->entry, &rr->notif_list);
+
+	notif->timer.cb = asci_notif_timeout;
+	notif->timer.data = notif;
+
+	return notif;
+}
+
+/* Remove notification from list. */
+static void asci_notif_free(struct asci_notif *notif)
+{
+	osmo_timer_del(&notif->timer);
+	llist_del(&notif->entry);
+	talloc_free(notif);
+}
+
+/* Remove all ASCI notifications from list. */
+static void asci_notif_list_free(struct gsm48_rrlayer *rr)
+{
+	struct asci_notif *notif, *notif2;
+
+	llist_for_each_entry_safe(notif, notif2, &rr->notif_list, entry)
+		asci_notif_free(notif);
+}
+
+/* Notification timed out. */
+static void asci_notif_timeout(void *arg)
+{
+	struct asci_notif *notif = arg;
+	struct gsm48_rrlayer *rr = notif->rr;
+	struct msgb *nmsg;
+	struct gsm48_mm_event *mme;
+
+	/* Send notification of ceased call to MM layer. */
+	LOGP(DRR, LOGL_INFO, "Notify MM layer about ceased group call.\n");
+	nmsg = gsm48_mmevent_msgb_alloc(GSM48_MM_EVENT_NOTIFICATION);
+	if (!nmsg)
+		return;
+	mme = (struct gsm48_mm_event *) nmsg->data;
+	memcpy(mme->notification.gcr, notif->gcr, sizeof(mme->notification.gcr));
+	mme->notification.gone = true;
+	gsm48_mmevent_msg(rr->ms, nmsg);
+
+	asci_notif_free(notif);
+}
+
+/* Find notification in list. */
+static struct asci_notif *asci_notif_find(struct gsm48_rrlayer *rr, uint8_t *gcr)
+{
+	struct asci_notif *notif;
+
+	llist_for_each_entry(notif, &rr->notif_list, entry) {
+		if (!memcmp(&notif->gcr, gcr, sizeof(notif->gcr)))
+			return notif;
+	}
+
+	return NULL;
+}
+
+static int gsm48_rr_rx_group_call(struct osmocom_ms *ms, uint8_t *gcr, uint8_t *ch_desc, bool nch)
+{
+	struct gsm48_rrlayer *rr = &ms->rrlayer;
+	struct asci_notif *notif;
+	bool update_call = false;
+	struct msgb *nmsg;
+	struct gsm48_mm_event *mme;
+
+	/* Find or create notification entry. Only create entries for notifications on NCH */
+	notif = asci_notif_find(rr, gcr);
+	if (!notif) {
+		update_call = true;
+		if (nch) {
+			notif = asci_notif_alloc(rr, gcr);
+			if (!notif)
+				return -ENOMEM;
+		}
+	}
+
+	/* Update channel description. */
+	if (notif) {
+		if (ch_desc) {
+			if (!notif->ch_desc_present)
+				update_call = true;
+			notif->ch_desc_present = true;
+			memcpy(&notif->ch_desc, ch_desc, sizeof(notif->ch_desc));
+		} else {
+			notif->ch_desc_present = false;
+			if (!notif->ch_desc_present)
+				update_call = true;
+		}
+		/* (Re-)Start timer. */
+		osmo_timer_schedule(&notif->timer, NOTIFICATION_TIMEOUT, 0);
+	} else
+		update_call = true;
+
+	/* Send notification of new or updated call to MM layer. */
+	if (update_call) {
+		LOGP(DRR, LOGL_INFO, "Notify MM layer about new/updated group call.\n");
+		nmsg = gsm48_mmevent_msgb_alloc(GSM48_MM_EVENT_NOTIFICATION);
+		if (!nmsg)
+			return -ENOMEM;
+		mme = (struct gsm48_mm_event *) nmsg->data;
+		memcpy(mme->notification.gcr, gcr, sizeof(mme->notification.gcr));
+		if (ch_desc) {
+			mme->notification.ch_desc_present = true;
+			memcpy(&mme->notification.ch_desc, ch_desc, sizeof(mme->notification.ch_desc));
+		}
+		gsm48_mmevent_msg(ms, nmsg);
+	}
+
+	return 0;
+}
+
+/* Common function to decode Group Call Information */
+static int gsm48_rr_decode_group_call_info(struct osmocom_ms *ms, struct bitvec *bv, bool nch)
+{
+	struct bitvec *gcr_bv = NULL, *chd_bv = NULL;
+	int rc = 0;
+	int i;
+
+	/* <Group Call Reference : bit(36)> */
+	gcr_bv = bitvec_alloc(5*8, NULL);
+	OSMO_ASSERT(gcr_bv);
+	for (i = 0; i < 36; i++)
+		bitvec_set_bit(gcr_bv, bitvec_get_bit_pos(bv, bv->cur_bit++));
+	/* Group Channel Description */
+	if (bitvec_get_bit_pos(bv, bv->cur_bit++) == 1) {
+		chd_bv = bitvec_alloc(3*8, NULL);
+		OSMO_ASSERT(chd_bv);
+		for (i = 0; i < 24; i++)
+			bitvec_set_bit(chd_bv, bitvec_get_bit_pos(bv, bv->cur_bit++));
+		/* FIXME: hopping */
+		if (bitvec_get_bit_pos(bv, bv->cur_bit++) == 1) {
+			LOGP(DRR, LOGL_ERROR, "\nHopping not supported on VGCS/VBS channel, please fix!\n\n");
+			rc = -ENOTSUP;
+			goto out;
+		}
+	}
+
+	rc = gsm48_rr_rx_group_call(ms, gcr_bv->data, (chd_bv) ? chd_bv->data : NULL, nch);
+
+out:
+	if (chd_bv)
+		bitvec_free(chd_bv);
+	if (gcr_bv)
+		bitvec_free(gcr_bv);
+
+	return rc;
+}
+
+/* Notification/FACCH (9.1.21a) */
+static int gsm48_rr_rx_notif_facch(struct osmocom_ms *ms, struct msgb *msg)
+{
+	struct gsm48_hdr_sh *sgh = msgb_l3(msg);
+	int payload_len = msgb_l3len(msg) - sizeof(*sgh);
+	struct bitvec bv;
+	int rc;
+
+	LOGP(DRR, LOGL_INFO, "NOTIFICATION/FACCH\n");
+
+	bv = (struct bitvec) {
+		.data = sgh->data,
+		.data_len = payload_len,
+	};
+
+	/* Group Call Information */
+	if (bitvec_get_bit_pos(&bv, bv.cur_bit++) == 0) {
+		rc = gsm48_rr_decode_group_call_info(ms, &bv, false);
+		return rc;
+	}
+
+	/* Note: Other informations are not used. */
+	return -ENOTSUP;
+}
+
+/* Notification/NCH (9.1.21b) */
+static int gsm48_rr_rx_notif_nch(struct osmocom_ms *ms, struct msgb *msg)
+{
+	struct gsm48_notification_nch *nn = msgb_l3(msg);
+	int payload_len = msgb_l3len(msg) - sizeof(*nn);
+	struct bitvec bv;
+	int rc;
+
+	LOGP(DRR, LOGL_INFO, "NOTIFICATION/NCH\n");
+
+	bv = (struct bitvec) {
+		.data = nn->data,
+		.data_len = payload_len,
+	};
+
+	/* 0 | 1 <NLN(NCH) : bit (2) > */
+	if (bitvec_get_bit_pos(&bv, bv.cur_bit++) == 1) {
+		/* NLN not used
+		nln = bitvec_get_uint(&bv, 2);
+		nln_present = true;
+		*/
+		bv.cur_bit += 2;
+	}
+
+	/* < list of Group Call NCH information > */
+	while (bitvec_get_bit_pos(&bv, bv.cur_bit++) == 1) {
+		rc = gsm48_rr_decode_group_call_info(ms, &bv, true);
+		if (rc < 0)
+			break;
+	}
+
+	return 0;
+}
+
+/* System information type 10 (9.1.50)*/
+static int gsm48_rr_rx_sysinfo_10(struct osmocom_ms *ms, struct msgb *msg)
+{
+	LOGP(DRR, LOGL_INFO, "SYSINFO 10\n");
+
+	/* Ignore content. */
+	return -ENOTSUP;
+}
+
+/* Provide uplink status to upper layer. */
+static int gsm48_rr_uplink_status(struct osmocom_ms *ms, uint32_t event)
+{
+	struct gsm48_rrlayer *rr = &ms->rrlayer;
+	struct msgb *nmsg;
+
+	if (rr->group_state != GSM48_RR_GST_RECEIVE)
+		return -EINVAL;
+
+	/* Send notification of uplink state to MM layer. */
+	LOGP(DRR, LOGL_INFO, "Notify MM layer about uplink state.\n");
+	nmsg = gsm48_mmevent_msgb_alloc(event);
+	if (!nmsg)
+		return -ENOMEM;
+	gsm48_mmevent_msg(rr->ms, nmsg);
+
+	return 0;
+}
+
+/*
  * random access
  */
@@ -1308,7 +2051,7 @@
     && (!cs->selected || (cs->state != GSM322_C3_CAMPED_NORMALLY
    		    && cs->state != GSM322_C7_CAMPED_ANY_CELL))) {
    	LOGP(DRR, LOGL_INFO, "Paging, but not camping, ignore.\n");
-	 	return -EINVAL;
+		return -EINVAL;
    }
/* ignore channel request while not camping on a cell */
@@ -2918,6 +3661,9 @@
LOGP(DSUM, LOGL_INFO, "Radio link lost signal\n");
+	if (rr->group_state != GSM48_RR_GST_OFF)
+		return gsm48_rr_group_rel(ms, RR_REL_CAUSE_LOST_SIGNAL);
+
    /* stop T3211 if running */
    stop_rr_t3110(rr);
@@ -3022,7 +3768,7 @@
    gsm48_rr_tx_meas_rep(ms);
/* establish */
-	LOGP(DRR, LOGL_INFO, "establishing channel in dedicated mode\n");
+	LOGP(DRR, LOGL_INFO, "establishing channel in dedicated/group mode\n");
if (rsl_dec_chan_nr(cd->chan_nr, &ch_type, &ch_subch, &ch_ts) != 0) {
    	LOGP(DRR, LOGL_ERROR,
@@ -3329,6 +4075,7 @@
    struct gsm322_cellsel *cs = &ms->cellsel;
    uint8_t *mode;
    struct msgb *nmsg;
+	int msg_type;
/* if MM has releases before confirm, we start release */
    if (rr->state == GSM48_RR_ST_REL_PEND) {
@@ -3352,8 +4099,11 @@
    	gsm48_rr_tx_cm_change(ms);
/* send confirm to upper layer */
-	nmsg = gsm48_rr_msgb_alloc(
-		(rr->rr_est_req) ? GSM48_RR_EST_CNF : GSM48_RR_EST_IND);
+	if (rr->rr_est_req)
+		msg_type = GSM48_RR_EST_CNF;
+	else
+		msg_type = GSM48_RR_EST_IND;
+	nmsg = gsm48_rr_msgb_alloc(msg_type);
    if (!nmsg)
    	return -ENOMEM;
    return gsm48_rr_upmsg(ms, nmsg);
@@ -3366,6 +4116,12 @@
    struct msgb *nmsg;
    struct gsm48_rr_hdr *nrrh;
+	/* Handle on group channel. */
+	if (rr->group_state == GSM48_RR_GST_TRANSMIT) {
+		LOGP(DRR, LOGL_INFO, "Returning to group receive mode, due to link release indication.\n");
+		return gsm48_rr_uplink_access_abort(ms, RR_REL_CAUSE_NORMAL);
+	}
+
    /* switch back to old channel, if modify/ho failed */
    switch (rr->modify_state) {
    case GSM48_RR_MOD_ASSIGN:
@@ -3435,6 +4191,9 @@
new_rr_state(rr, GSM48_RR_ST_REL_PEND);
+	/* When we receive a channel release, we are not just releasing the transmit mode. */
+	rr->group_state = GSM48_RR_GST_OFF;
+
    /* start T3110, so that two DISCs can be sent due to T200 timeout */
    start_rr_t3110(rr, 1, 500000);
@@ -4472,6 +5231,16 @@
    return 0;
 }
+/* send HANDOVER/UPLINK ACCESS burst (9.1.14) */
+static int gsm48_rr_tx_rand_acc_dedicated(struct osmocom_ms *ms, uint8_t ref, uint16_t offset, int8_t uic)
+{
+	struct gsm48_rrlayer *rr = &ms->rrlayer;
+
+	LOGP(DRR, LOGL_INFO, "send access bursts on DCCH (ref 0x%02x)\n", ref);
+
+	return l1ctl_tx_rach_req(ms, rr->cd_now.chan_nr, 0x00, ref, 0, offset, uic);
+}
+
 /* send all queued messages down to layer 2 */
 static int gsm48_rr_dequeue_down(struct osmocom_ms *ms)
 {
@@ -4494,17 +5263,27 @@
    return 0;
 }
-/* channel is resumed in dedicated mode */
+/* Channel is resumed in dedicated mode or uplink is estabished. */
 static int gsm48_rr_estab_cnf_dedicated(struct osmocom_ms *ms, struct msgb *msg)
 {
    struct gsm48_rrlayer *rr = &ms->rrlayer;
+	struct msgb *nmsg;
-	LOGP(DRR, LOGL_INFO, "data link is resumed\n");
+	if (rr->group_state == GSM48_RR_GST_TRANSMIT) {
+		LOGP(DRR, LOGL_INFO, "data link established on uplink\n");
-	/* transmit queued frames during ho / ass transition */
-	gsm48_rr_dequeue_down(ms);
+		/* Confirm uplink access. */
+		nmsg = gsm48_rr_msgb_alloc(GSM48_RR_UPLINK_CNF);
+		if (nmsg)
+			gsm48_rr_upmsg(ms, nmsg);
+	} else {
+		LOGP(DRR, LOGL_INFO, "data link is resumed\n");
-	rr->modify_state = GSM48_RR_MOD_NONE;
+		/* transmit queued frames during ho / ass transition */
+		gsm48_rr_dequeue_down(ms);
+
+		rr->modify_state = GSM48_RR_MOD_NONE;
+	}
return 0;
 }
@@ -4594,6 +5373,13 @@
    struct gsm48_rr_hdr *nrrh;
    uint16_t acc_class;
+	/* Reject during group call. */
+	if (rr->group_state != GSM48_RR_GST_OFF) {
+		LOGP(DRR, LOGL_INFO, "We have a group call, rejecting!\n");
+		cause = RR_REL_CAUSE_TRY_LATER;
+		goto reject;
+	}
+
    /* 3.3.1.1.3.2 */
    if (osmo_timer_pending(&rr->t3122)) {
    	if (rrh->cause != RR_EST_CAUSE_EMERGENCY) {
@@ -4681,10 +5467,225 @@
    memcpy(msgb_put(rr->rr_est_msg, msgb_l3len(msg)),
    	msgb_l3(msg), msgb_l3len(msg));
+	if (rr->group_state == GSM48_RR_GST_RECEIVE) {
+		/* Release group receive mode. */
+		l1ctl_tx_dm_rel_req(rr->ms);
+		rr->ms->meas.rl_fail = 0;
+		l1ctl_tx_reset_req(rr->ms, L1CTL_RES_T_SCHED);
+	}
+
    /* request channel */
    return gsm48_rr_chan_req(ms, rrh->cause, 0, 0);
 }
+/* 3.3.3.2 Request for group receive mode. */
+static int gsm48_rr_group_req(struct osmocom_ms *ms, struct msgb *msg)
+{
+	struct gsm48_rrlayer *rr = &ms->rrlayer;
+	struct gsm322_cellsel *cs = &ms->cellsel;
+	struct gsm48_sysinfo *s = &cs->sel_si;
+	struct gsm48_rr_hdr *rrh = (struct gsm48_rr_hdr *) msg->data;
+	uint8_t cause;
+	struct msgb *nmsg;
+	struct gsm48_rr_hdr *nrrh;
+	struct gsm48_rr_cd cd;
+	uint8_t ch_type, ch_subch, ch_ts;
+	uint16_t ma[64];
+	uint8_t ma_len;
+	int rc;
+
+	/* if state is not idle */
+	if (rr->state != GSM48_RR_ST_IDLE || rr->group_state != GSM48_RR_GST_OFF) {
+		LOGP(DRR, LOGL_INFO, "We are not IDLE yet, rejecting!\n");
+		cause = RR_REL_CAUSE_TRY_LATER;
+		reject:
+		LOGP(DSUM, LOGL_INFO, "Joining group call channel not possible\n");
+		nmsg = gsm48_rr_msgb_alloc(GSM48_RR_GROUP_REL_IND);
+		if (!nmsg)
+			return -ENOMEM;
+		nrrh = (struct gsm48_rr_hdr *)nmsg->data;
+		nrrh->cause = cause;
+		return gsm48_rr_upmsg(ms, nmsg);
+	}
+
+	/* cell selected */
+	if (!cs->selected) {
+		LOGP(DRR, LOGL_INFO, "No cell selected, rejecting!\n");
+		cause = RR_REL_CAUSE_TRY_LATER;
+		goto reject;
+	}
+
+	/* check if camping */
+	if (cs->state != GSM322_C3_CAMPED_NORMALLY
+	 && cs->state != GSM322_C7_CAMPED_ANY_CELL) {
+		LOGP(DRR, LOGL_INFO, "Not camping, rejecting! "
+			"(cs->state = %d)\n", cs->state);
+		cause = RR_REL_CAUSE_TRY_LATER;
+		goto reject;
+	}
+
+	/* get channel description */
+	memset(&cd, 0, sizeof(cd));
+	cd.chan_nr = rrh->ch_desc.chan_nr;
+	if (rsl_dec_chan_nr(cd.chan_nr, &ch_type, &ch_subch, &ch_ts) != 0) {
+		LOGP(DRR, LOGL_ERROR,
+		     "%s(): rsl_dec_chan_nr(chan_nr=0x%02x) failed\n",
+		     __func__, cd.chan_nr);
+		cause = GSM48_RR_CAUSE_CHAN_MODE_UNACCT;
+		goto reject;
+	}
+	if (rrh->ch_desc.h0.h) {
+		LOGP(DRR, LOGL_ERROR, "HOPPING NOT SUPPORTED, PLEASE FIX!\n");
+		cd.h = 1;
+		gsm48_decode_chan_h1(&rrh->ch_desc, &cd.tsc, &cd.maio,
+			&cd.hsn);
+		LOGP(DRR, LOGL_INFO, " (chan_nr 0x%02x MAIO %u HSN %u TS %u SS %u TSC %u)\n",
+		     rrh->ch_desc.chan_nr, cd.maio, cd.hsn, ch_ts, ch_subch, cd.tsc);
+	} else {
+		cd.h = 0;
+		gsm48_decode_chan_h0(&rrh->ch_desc, &cd.tsc, &cd.arfcn);
+		if (gsm_refer_pcs(cs->arfcn, s))
+			cd.arfcn |= ARFCN_PCS;
+		LOGP(DRR, LOGL_INFO, " (chan_nr 0x%02x ARFCN %s TS %u SS %u TSC %u)\n",
+		     rrh->ch_desc.chan_nr, gsm_print_arfcn(cd.arfcn), ch_ts, ch_subch, cd.tsc);
+	}
+	if (gsm48_rr_render_ma(ms, &rr->cd_group, ma, &ma_len)) {
+		cause = GSM48_RR_CAUSE_CHAN_MODE_UNACCT;
+		goto reject;
+	}
+
+	/* Turn off transmitter. */
+	cd.tch_flags |= L1CTL_TCH_FLAG_RXONLY;
+
+	/* Set mode to Speech V1. FIXME: Add AMR support. */
+	cd.mode = GSM48_CMODE_SPEECH_V1;
+
+	/* Set current channel and also store as 'cd_group', used when leaving dedicated mode. */
+	memcpy(&rr->cd_now, &cd, sizeof(rr->cd_now));
+	memcpy(&rr->cd_group, &cd, sizeof(rr->cd_group));
+
+	/* tell cell selection process to leave idle mode
+	 * NOTE: this must be sent unbuffered, because the state may not
+	 * change until idle mode is left
+	 */
+	nmsg = gsm322_msgb_alloc(GSM322_EVENT_LEAVE_IDLE);
+	if (!nmsg)
+		return -ENOMEM;
+	rc = gsm322_c_event(ms, nmsg);
+	msgb_free(nmsg);
+	if (rc) {
+		LOGP(DRR, LOGL_INFO, "Failed to leave IDLE mode.\n");
+		cause = GSM48_RR_CAUSE_CHAN_MODE_UNACCT;
+		goto reject;
+	}
+
+	/* Initial uplink state. */
+	rr->uplink_free = false;
+
+	/* Set group state to receive mode. */
+	rr->group_state = GSM48_RR_GST_RECEIVE;
+
+	/* Wait until synced to the CCCH ... */
+	return 0;
+}
+/* ... Continue after synced to the CCCH. */
+static int gsm48_rr_group_req_continue(struct osmocom_ms *ms)
+{
+	struct gsm48_rrlayer *rr = &ms->rrlayer;
+	uint16_t ma[64];
+	uint8_t ma_len;
+	struct msgb *nmsg;
+
+	/* get hopping sequence, if required */
+	gsm48_rr_render_ma(ms, &rr->cd_group, ma, &ma_len);
+	/* activate channel */
+	gsm48_rr_activate_channel(ms, &rr->cd_group, ma, ma_len);
+
+	/* Confirm group call channel. */
+	nmsg = gsm48_rr_msgb_alloc(GSM48_RR_GROUP_CNF);
+	if (!nmsg)
+		return -ENOMEM;
+	return gsm48_rr_upmsg(ms, nmsg);
+}
+
+/* After "loss of signal"/release in group transmit or receive mode, return IDLE and release towards MM. */
+static int gsm48_rr_group_rel(struct osmocom_ms *ms, int cause)
+{
+	struct gsm48_rrlayer *rr = &ms->rrlayer;
+	struct msgb *nmsg;
+	struct gsm48_rr_hdr *nrrh;
+	uint8_t *mode;
+
+	/* Stop group receive and transmit timers. */
+	stop_rr_t_ul_free(rr);
+	stop_rr_t3128(rr);
+	stop_rr_t3130(rr);
+
+	if (rr->state == GSM48_RR_ST_DEDICATED || rr->state == GSM48_RR_ST_REL_PEND) {
+		struct msgb *nmsg;
+
+		LOGP(DRR, LOGL_INFO, "Channel lost, send (local) release to layer 2.\n");
+
+		/* Go into group receive mode, so that the channel gets released on LAPD release confirm. */
+		rr->group_state = GSM48_RR_GST_RECEIVE;
+		if (rr->state != GSM48_RR_ST_REL_PEND)
+			new_rr_state(rr, GSM48_RR_ST_REL_PEND);
+
+		/* release message */
+		nmsg = gsm48_l3_msgb_alloc();
+		if (!nmsg)
+			return -ENOMEM;
+		mode = msgb_put(nmsg, 2);
+		mode[0] = RSL_IE_RELEASE_MODE;
+		mode[1] = RSL_REL_LOCAL_END;
+		gsm48_send_rsl_nol3(ms, RSL_MT_REL_REQ, nmsg, 0);
+
+		/* release SAPI 3 link, if exits */
+		gsm48_release_sapi3_link(ms);
+
+		/* Wait for LAPD to confirm. Then return idle. */
+		return 0;
+	}
+
+	/* Go back to IDLE mode. */
+	rr->group_state = GSM48_RR_GST_OFF;
+	new_rr_state(rr, GSM48_RR_ST_IDLE);
+
+	/* Indicate release to MM. */
+	nmsg = gsm48_rr_msgb_alloc(GSM48_RR_GROUP_REL_IND);
+	if (!nmsg)
+		return -ENOMEM;
+	nrrh = (struct gsm48_rr_hdr *)nmsg->data;
+	nrrh->cause = cause;
+	return gsm48_rr_upmsg(ms, nmsg);
+}
+
+/* Release group channel, return to IDLE. */
+static int gsm48_rr_group_rel_req(struct osmocom_ms *ms, struct msgb *msg)
+{
+	struct gsm48_rrlayer *rr = &ms->rrlayer;
+
+	/* Only in group receive/transmit mode. */
+	if (rr->group_state == GSM48_RR_GST_OFF)
+		return 0;
+
+	/* Stop group receive and transmit timers. */
+	stop_rr_t_ul_free(rr);
+	stop_rr_t3128(rr);
+	stop_rr_t3130(rr);
+
+	/* Unset group state. Wait, if release is pending. */
+	rr->group_state = GSM48_RR_GST_OFF;
+	if (rr->state != GSM48_RR_ST_IDLE) {
+		LOGP(DRR, LOGL_INFO, "Cannot release group channel yet, wait to return to IDLE state.\n");
+		return 0;
+	}
+
+	LOGP(DRR, LOGL_INFO, "Release Group channel.\n");
+	new_rr_state(rr, GSM48_RR_ST_IDLE);
+	return 0;
+}
+
 /* 3.4.2 transfer data in dedicated mode */
 static int gsm48_rr_data_req(struct osmocom_ms *ms, struct msgb *msg)
 {
@@ -4770,6 +5771,9 @@
    	case GSM48_MT_RR_CHAN_REL:
    		rc = gsm48_rr_rx_chan_rel(ms, msg);
    		break;
+		case GSM48_MT_RR_UPLINK_RELEASE:
+			rc = gsm48_rr_rx_uplink_release(ms, msg);
+			break;
    	case GSM48_MT_RR_APP_INFO:
    		LOGP(DRR, LOGL_NOTICE, "APP INFO not supported!\n");
    		break;
@@ -4849,6 +5853,10 @@
    	return gsm48_rr_rx_imm_ass_ext(ms, msg);
    case GSM48_MT_RR_IMM_ASS_REJ:
    	return gsm48_rr_rx_imm_ass_rej(ms, msg);
+
+	case GSM48_MT_RR_NOTIF_NCH:
+		return gsm48_rr_rx_notif_nch(ms, msg);
+
    default:
 #if 0
    	LOGP(DRR, LOGL_NOTICE, "CCCH message type 0x%02x unknown.\n",
@@ -4858,28 +5866,70 @@
    }
 }
+#define N201_Bter_SACCH		21
+#define N201_Bter_SDCCH_FACCH	23
+#define N201_B4			19
+
 /* receive ACCH at RR layer */
 static int gsm48_rr_rx_acch(struct osmocom_ms *ms, struct msgb *msg)
 {
-	struct gsm48_rrlayer *rr = &ms->rrlayer;
-	struct gsm_settings *set = &ms->settings;
-	struct abis_rsl_rll_hdr *rllh = msgb_l2(msg);
-	struct gsm48_system_information_type_header *sih = msgb_l3(msg);
+	struct gsm48_system_information_type_header *sih;
+	struct gsm48_hdr_sh *sgh;
+	struct gsm48_hdr *gh;
+	/* Bter frame (SACCH or SDCCH/FACCH) */
+	if (msgb_l3len(msg) == N201_Bter_SACCH || msgb_l3len(msg) == N201_Bter_SDCCH_FACCH) {
+		sgh = msgb_l3(msg);
+		if (sgh->rr_short_pd != GSM48_PDISC_SH_RR) {
+			LOGP(DRR, LOGL_NOTICE, "Short header message is not an RR message.\n");
+			return -EINVAL;
+		}
+		switch (sgh->msg_type) {
+		case GSM48_MT_RR_SH_UL_FREE:
+			return gsm48_rr_rx_uplink_free(ms, msg);
+		case GSM48_MT_RR_SH_FACCH:
+			return gsm48_rr_rx_notif_facch(ms, msg);
+		case GSM48_MT_RR_SH_SI10:
+			return gsm48_rr_rx_sysinfo_10(ms, msg);
+		default:
+			LOGP(DRR, LOGL_NOTICE, "Short header message type 0x%02x unsupported.\n", sgh->msg_type);
+			return -EINVAL;
+		}
+	}
+	/* B4 frame (SACCH) */
+	if ((msg->cb[0] & 0x40) && msgb_l3len(msg) == N201_B4) {
+		sih = msgb_l3(msg);
+		switch (sih->system_information) {
+		case GSM48_MT_RR_SYSINFO_5:
+			return gsm48_rr_rx_sysinfo5(ms, msg);
+		case GSM48_MT_RR_SYSINFO_5bis:
+			return gsm48_rr_rx_sysinfo5bis(ms, msg);
+		case GSM48_MT_RR_SYSINFO_5ter:
+			return gsm48_rr_rx_sysinfo5ter(ms, msg);
+		case GSM48_MT_RR_SYSINFO_6:
+			return gsm48_rr_rx_sysinfo6(ms, msg);
+		default:
+			LOGP(DRR, LOGL_NOTICE, "ACCH message type 0x%02x unknown.\n", sih->system_information);
+			return -EINVAL;
+		}
+	}
-	switch (sih->system_information) {
-	case GSM48_MT_RR_SYSINFO_5:
-		return gsm48_rr_rx_sysinfo5(ms, msg);
-	case GSM48_MT_RR_SYSINFO_5bis:
-		return gsm48_rr_rx_sysinfo5bis(ms, msg);
-	case GSM48_MT_RR_SYSINFO_5ter:
-		return gsm48_rr_rx_sysinfo5ter(ms, msg);
-	case GSM48_MT_RR_SYSINFO_6:
-		return gsm48_rr_rx_sysinfo6(ms, msg);
+	/* B frame (UI frame on VGCS) */
+	if (msgb_l3len(msg) < sizeof(*gh)) {
+		LOGP(DRR, LOGL_NOTICE, "ACCH message too short.\n");
+		return -EINVAL;
+	}
+	gh = msgb_l3(msg);
+	switch (gh->msg_type) {
+	case GSM48_MT_RR_VGCS_UPL_GRANT:
+		return gsm48_rr_rx_vgcs_uplink_grant(ms, msg);
+	case GSM48_MT_RR_UPLINK_BUSY:
+		return gsm48_rr_rx_uplink_busy(ms, msg);
+	case GSM48_MT_RR_CHAN_REL:
+		return gsm48_rr_rx_chan_rel_ui(ms, msg);
    default:
-		LOGP(DRR, LOGL_NOTICE, "ACCH message type 0x%02x unknown.\n",
-			sih->system_information);
+		LOGP(DRR, LOGL_NOTICE, "ACCH message type 0x%02x unknown.\n", gh->msg_type);
    	return -EINVAL;
    }
 }
@@ -4936,6 +5986,10 @@
    	LOGP(DCS, LOGL_INFO, "Channel provides data.\n");
    	cs->ccch_state = GSM322_CCCH_ST_DATA;
+		/* in group receive mode */
+		if (ms->rrlayer.group_state == GSM48_RR_GST_RECEIVE)
+			return gsm48_rr_group_req_continue(ms);
+
    	/* in dedicated mode */
    	if (ms->rrlayer.state == GSM48_RR_ST_CONN_PEND)
    		return gsm48_rr_tx_rand_acc(ms, NULL);
@@ -5029,6 +6083,12 @@
    uint16_t ma[64];
    uint8_t ma_len;
+	/* Handle on group channel. */
+	if (rr->group_state == GSM48_RR_GST_TRANSMIT) {
+		LOGP(DRR, LOGL_INFO, "Returning to group receive mode, due to link release confirm.\n");
+		return gsm48_rr_uplink_access_abort(ms, RR_REL_CAUSE_NORMAL);
+	}
+
    /* switch back to old channel, if modify/ho failed */
    switch (rr->modify_state) {
    case GSM48_RR_MOD_ASSIGN:
@@ -5075,7 +6135,11 @@
    stop_rr_t3110(rr);
/* send release indication */
-	nmsg = gsm48_rr_msgb_alloc(GSM48_RR_REL_IND);
+	if (rr->group_state == GSM48_RR_GST_RECEIVE) {
+		nmsg = gsm48_rr_msgb_alloc(GSM48_RR_GROUP_REL_IND);
+		rr->group_state = GSM48_RR_GST_OFF;
+	} else
+		nmsg = gsm48_rr_msgb_alloc(GSM48_RR_REL_IND);
    if (!nmsg)
    	return -ENOMEM;
    nrrh = (struct gsm48_rr_hdr *)nmsg->data;
@@ -5123,6 +6187,12 @@
    if (rr->modify_state)
    	return 0;
+	/* Handle on group channel. */
+	if ((link_id & 7) == 0 && rr->group_state == GSM48_RR_GST_TRANSMIT) {
+		LOGP(DRR, LOGL_INFO, "Returning to group receive mode, due to link failure.\n");
+		return gsm48_rr_uplink_access_abort(ms, RR_REL_CAUSE_LINK_FAILURE);
+	}
+
    /* send abort ind to upper layer */
    nmsg = gsm48_rr_msgb_alloc(GSM48_RR_ABORT_IND);
    if (!nmsg)
@@ -5145,6 +6215,202 @@
    return 0;
 }
+/* Request uplink in group receive mode. */
+static int gsm48_rr_uplink_req(struct osmocom_ms *ms, struct msgb *msg)
+{
+	struct gsm48_rrlayer *rr = &ms->rrlayer;
+	struct msgb *nmsg;
+	struct gsm48_rr_hdr *nrrh;
+
+	/* Only in group receive mode */
+	if (rr->state != GSM48_RR_ST_IDLE || rr->group_state != GSM48_RR_GST_RECEIVE) {
+		LOGP(DRR, LOGL_INFO, "We are not in group receive mode yet, rejecting!\n");
+		nmsg = gsm48_rr_msgb_alloc(GSM48_RR_UPLINK_REL_IND);
+		if (!nmsg)
+			return -ENOMEM;
+		nrrh = (struct gsm48_rr_hdr *)nmsg->data;
+		nrrh->cause = RR_REL_CAUSE_TRY_LATER;
+		return gsm48_rr_upmsg(ms, nmsg);
+	}
+
+	LOGP(DRR, LOGL_INFO, "Changing from group receive mode to group transmit mode.\n");
+
+	/* Enter uplink access procedure. */
+	new_rr_state(rr, GSM48_RR_ST_CONN_PEND);
+
+	/* Set group state to transmit mode. */
+	rr->group_state = GSM48_RR_GST_TRANSMIT;
+
+	/* Uplink investigation procedure (3.3.1.2.1.1) */
+	if (!rr->uplink_free) {
+		start_rr_t3128(rr, GSM_T3128_MS);
+		return 0;
+	}
+
+	rr->uplink_tries = 3;
+	return gsm48_rr_uplink_access(ms, NULL);
+}
+
+/* Start uplink access procedure. (3.3.1.2.1.2) */
+static int gsm48_rr_uplink_access(struct osmocom_ms *ms, struct msgb *msg)
+{
+	struct gsm48_rrlayer *rr = &ms->rrlayer;
+
+	/* store frame number */
+	if (msg) {
+		struct abis_rsl_cchan_hdr *ch = msgb_l2(msg);
+		struct gsm48_req_ref *ref =
+				(struct gsm48_req_ref *) (ch->data + 1);
+
+		if (msgb_l2len(msg) < sizeof(*ch) + sizeof(*ref)) {
+			LOGP(DRR, LOGL_ERROR, "CHAN_CNF too slort\n");
+			return -EINVAL;
+		}
+
+		/* Store to history buffer. */
+		/* shift history and store */
+		memcpy(&(rr->cr_hist[4]), &(rr->cr_hist[3]),
+			sizeof(struct gsm48_cr_hist));
+		memcpy(&(rr->cr_hist[3]), &(rr->cr_hist[2]),
+			sizeof(struct gsm48_cr_hist));
+		memcpy(&(rr->cr_hist[2]), &(rr->cr_hist[1]),
+			sizeof(struct gsm48_cr_hist));
+		memcpy(&(rr->cr_hist[1]), &(rr->cr_hist[0]),
+			sizeof(struct gsm48_cr_hist));
+		rr->cr_hist[0].valid = 1;
+		rr->cr_hist[0].ref.ra = rr->cr_ra;
+		rr->cr_hist[0].ref.t1 = ref->t1;
+		rr->cr_hist[0].ref.t2 = ref->t2;
+		rr->cr_hist[0].ref.t3_low = ref->t3_low;
+		rr->cr_hist[0].ref.t3_high = ref->t3_high;
+	}
+
+	if (!osmo_timer_pending(&rr->t3130)) {
+		uint8_t uplink_ref;
+
+		/* Only try up to 3 times. */
+		if (!rr->uplink_tries) {
+			LOGP(DRR, LOGL_NOTICE, "Abort uplink access, due uplink access timeout.\n");
+			return gsm48_rr_uplink_access_abort(ms, RR_REL_CAUSE_LINK_FAILURE);
+		}
+
+		LOGP(DRR, LOGL_INFO, "Trying to access uplink.\n");
+
+		rr->uplink_tries--;
+
+		/* See Table 9.1.45.1 */
+		uplink_ref = layer23_random();
+		uplink_ref &= 0x1f;
+		uplink_ref |= 0xc0;
+
+		/* store value, mask and history */
+		rr->cr_ra = uplink_ref;
+		rr->cr_hist[4].valid = 0;
+		rr->cr_hist[3].valid = 0;
+		rr->cr_hist[2].valid = 0;
+		rr->cr_hist[1].valid = 0;
+		rr->cr_hist[0].valid = 0;
+
+		/* Reset counter. */
+		rr->uplink_counter = 0;
+
+		/* Start T3130. */
+		start_rr_t3130(rr, GSM_T3130_MS);
+	}
+
+	/* Send random access bursts up to 5 times. */
+	if (rr->uplink_counter < 5) {
+		int delay_ms;
+
+		/* The first UPLINK ACCESS message shall be delayed between 0..20ms.
+		 * Subsequent UPLINK ACCESS messages shall be delayed 100ms + 0..20ms. */
+		delay_ms = (layer23_random() & 0xffff) / 3277;
+		if (rr->uplink_counter)
+			delay_ms += 100;
+
+		gsm48_rr_tx_rand_acc_dedicated(ms, rr->cr_ra, delay_ms * 26 / 120, rr->uic);
+		rr->uplink_counter++;
+	}
+
+	return 0;
+}
+
+/* Whenever uplink access is released or failed for some reason. */
+static int gsm48_rr_uplink_access_abort(struct osmocom_ms *ms, uint8_t cause)
+{
+	struct gsm48_rrlayer *rr = &ms->rrlayer;
+	struct msgb *nmsg;
+	struct gsm48_rr_hdr *nrrh;
+
+	/* Stop group transmit mode timers. */
+	stop_rr_t3128(rr);
+	stop_rr_t3130(rr);
+
+	/* Turn off transmitter. */
+	rr->cd_now.tch_flags |= L1CTL_TCH_FLAG_RXONLY;
+	gsm48_rr_set_mode(ms, rr->cd_now.chan_nr, rr->cd_now.mode, rr->cd_now.tch_flags);
+
+	/* Only return IDLE without changing channel, because we are still in group transmit mode. */
+	new_rr_state(rr, GSM48_RR_ST_IDLE);
+
+	/* Set group state to receive mode. */
+	rr->group_state = GSM48_RR_GST_RECEIVE;
+
+	nmsg = gsm48_rr_msgb_alloc(GSM48_RR_UPLINK_REL_IND);
+	if (!nmsg)
+		return -ENOMEM;
+	nrrh = (struct gsm48_rr_hdr *)nmsg->data;
+	nrrh->cause = cause;
+	return gsm48_rr_upmsg(ms, nmsg);
+}
+
+/* Leave uplink, also called when leaving group channel. */
+static int gsm48_rr_uplink_rel_req(struct osmocom_ms *ms, struct msgb *msg)
+{
+	struct gsm48_rrlayer *rr = &ms->rrlayer;
+	struct gsm_settings *set = &ms->settings;
+	struct msgb *nmsg;
+	uint8_t *mode;
+
+	/* Only in group transmit mode */
+	if (rr->group_state != GSM48_RR_GST_TRANSMIT)
+		return -EINVAL;
+
+	/* Stop group transmit mode timers. */
+	stop_rr_t3128(rr);
+	stop_rr_t3130(rr);
+
+	/* Continue if in dedicated mode, so we release and wait for uplink to become free. */
+	if (rr->state != GSM48_RR_ST_DEDICATED)
+		return 0;
+
+	LOGP(DRR, LOGL_INFO, "Returning from group transmit to group receive mode.\n");
+
+	/* Leave uplink, wait for uplink beeing free, channel release or channel/link failure. */
+	gsm48_rr_tx_uplink_release(ms, GSM48_RR_CAUSE_LEAVE_GROUP_CA);
+
+	/* Go into release pending mode. */
+	new_rr_state(rr, GSM48_RR_ST_REL_PEND);
+
+	/* Special setting where we release locally. This means we wait for free uplink an then release. */
+	if (set->uplink_release_local) {
+		LOGP(DRR, LOGL_INFO, "Release L2 locally as specified via VTY. Wait for UPLINK FREE.\n");
+		return 0;
+	}
+
+	/* Release dedicated mode. */
+	/* disconnect the main signalling link */
+	nmsg = gsm48_l3_msgb_alloc();
+	if (!nmsg)
+		return -ENOMEM;
+	mode = msgb_put(nmsg, 2);
+	mode[0] = RSL_IE_RELEASE_MODE;
+	mode[1] = RSL_REL_NORMAL;
+	gsm48_send_rsl_nol3(ms, RSL_MT_REL_REQ, nmsg, 0);
+
+	return 0;
+}
+
 static int gsm48_rr_estab_ind_sapi3(struct osmocom_ms *ms, struct msgb *msg)
 {
    struct gsm48_rrlayer *rr = &ms->rrlayer;
@@ -5385,11 +6651,6 @@
    {SBIT(GSM48_RR_ST_DEDICATED),
     RSL_MT_SUSP_CONF, gsm48_rr_susp_cnf_dedicated},
-#if 0
-	{SBIT(GSM48_RR_ST_DEDICATED),
-	 RSL_MT_CHAN_CNF, gsm48_rr_rand_acc_cnf_dedicated},
-#endif
-
    {SBIT(GSM48_RR_ST_DEDICATED),
     RSL_MT_ERROR_IND, gsm48_rr_mdl_error_ind},
 };
@@ -5486,11 +6747,24 @@
    	"%s\n", ms->name, rsl_msg_name(msg_type),
    	gsm48_rr_state_names[rr->state]);
-	if (rr->state == GSM48_RR_ST_CONN_PEND
-	 && msg_type == RSL_MT_CHAN_CONF) {
-	 	rc = gsm48_rr_tx_rand_acc(ms, msg);
-		msgb_free(msg);
-		return rc;
+	if (msg_type == RSL_MT_CHAN_CONF) {
+		/* Recevie confirm to get the FN when the access burst was transmitted on VGCS channel. */
+		if (rr->state == GSM48_RR_ST_CONN_PEND && rr->group_state == GSM48_RR_GST_TRANSMIT) {
+			rc = gsm48_rr_uplink_access(ms, msg);
+			msgb_free(msg);
+			return rc;
+		}
+		/* Ignore subsequent access bursts in dedicated group transmit mode. */
+		if (rr->state == GSM48_RR_ST_DEDICATED && rr->group_state == GSM48_RR_GST_TRANSMIT) {
+			msgb_free(msg);
+			return 0;
+		}
+		/* Recevie confirm to get the FN when the access burst was transmitted on CCCH. */
+		if (rr->state == GSM48_RR_ST_CONN_PEND) {
+			rc = gsm48_rr_tx_rand_acc(ms, msg);
+			msgb_free(msg);
+			return rc;
+		}
    }
LOGP(DRSL, LOGL_NOTICE, "RSLms message unhandled\n");
@@ -5542,6 +6816,20 @@
    {SBIT(GSM48_RR_ST_CONN_PEND) |
     SBIT(GSM48_RR_ST_DEDICATED), /* 3.4.13.3 */
     GSM48_RR_ABORT_REQ, gsm48_rr_abort_req},
+
+	/* NOTE: If not IDLE, it is rejected there. */
+	{ALL_STATES, /* 3.3.3.2 */
+	 GSM48_RR_GROUP_REQ, gsm48_rr_group_req},
+
+	{ALL_STATES,
+	 GSM48_RR_GROUP_REL_REQ, gsm48_rr_group_rel_req},
+
+	/* NOTE: If not IDLE, it is rejected there. */
+	{ALL_STATES, /* 3.3.1.2 */
+	 GSM48_RR_UPLINK_REQ, gsm48_rr_uplink_req},
+
+	{ALL_STATES, /* 3.4.13.4 */
+	 GSM48_RR_UPLINK_REL_REQ, gsm48_rr_uplink_rel_req},
 };
#define RRDOWNSLLEN \
@@ -5652,6 +6940,9 @@
    	rr->audio_mode = 0x00;
    }
+	/* List of notifications about ongoing ASCI calls */
+	INIT_LLIST_HEAD(&rr->notif_list);
+
    return 0;
 }
@@ -5680,6 +6971,12 @@
    stop_rr_t3122(rr);
    stop_rr_t3124(rr);
    stop_rr_t3126(rr);
+	stop_rr_t_ul_free(rr);
+	stop_rr_t3128(rr);
+	stop_rr_t3130(rr);
+
+	/* Free pending list entries. */
+	asci_notif_list_free(rr);
return 0;
 }
@@ -5723,54 +7020,6 @@
    osmo_timer_schedule(&rr->t3124, sec, micro);
 }
-/* send HANDOVER ACCESS burst (9.1.14) */
-static int gsm48_rr_tx_hando_access(struct osmocom_ms *ms)
-{
-	nmsg = msgb_alloc_headroom(20, 16, "HAND_ACCESS");
-	if (!nmsg)
-		return -ENOMEM;
-	*msgb_put(nmsg, 1) = rr->hando_ref;
-	todo burst
-	return gsm48_send_rsl(ms, RSL_MT_RAND_ACC_REQ, nmsg, 0);
-}
-
-/* send next channel request in dedicated state */
-static int gsm48_rr_rand_acc_cnf_dedicated(struct osmocom_ms *ms, struct msgb *msg)
-{
-	struct gsm48_rrlayer *rr = &ms->rrlayer;
-	struct msgb *nmsg;
-	int s;
-
-	if (rr->modify_state != GSM48_RR_MOD_HANDO) {
-		LOGP(DRR, LOGL_NOTICE, "Random access confirm, but not in handover state.\n");
-		return 0;
-	}
-
-	/* send up to four handover access bursts */
-	if (rr->hando_acc_left) {
-		rr->hando_acc_left--;
-		gsm48_rr_tx_hando_access(ms);
-		return;
-	}
-
-	/* start timer for sending next HANDOVER ACCESS bursts afterwards */
-	if (!osmo_timer_pending(&rr->t3124)) {
-		if (allocated channel is SDCCH)
-			start_rr_t3124(rr, GSM_T3124_675);
-		else
-			start_rr_t3124(rr, GSM_T3124_320);
-	}
-	if (!rr->n_chan_req) {
-		start_rr_t3126(rr, 5, 0); /* TODO improve! */
-		return 0;
-	}
-	rr->n_chan_req--;
-
-	/* wait for PHYSICAL INFORMATION message or T3124 timeout */
-	return 0;
-
-}
-
 #endif
int gsm48_rr_tx_voice(struct osmocom_ms *ms, struct msgb *msg)
@@ -5806,6 +7055,9 @@
    struct gsm48_rrlayer *rr = &ms->rrlayer;
    uint8_t ch_type, ch_subch, ch_ts;
+	if (ms->settings.audio.io_handler != AUDIO_IOH_NONE)
+		return 0;
+
    LOGP(DRR, LOGL_INFO, "setting audio mode to %d\n", mode);
rr->audio_mode = mode;
-- 
To view, visit https://gerrit.osmocom.org/c/osmocom-bb/+/34491?usp=email
To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings

Gerrit-Project: osmocom-bb
Gerrit-Branch: master
Gerrit-Change-Id: Ia55c182a1b4cde777a0e16dcfe0cd32e0f2e38eb
Gerrit-Change-Number: 34491
Gerrit-PatchSet: 1
Gerrit-Owner: jolly andreas@eversberg.eu
Gerrit-MessageType: newchange



    