The TMSI encoding is up to us but generate_mid_from_tmsi and mi_to_string
did not agree on the encoding. Adjust mi_to_string to properly decode the
TMSI generated by generate_mid_from_tmsi. Check that the four bits are '1111'
and that the length is five. Memcpy the bytes to tmsi (to work with ARM or such)
and convert the number to host order...
Implement the CM Service Request. Try to get the subscriber from the TMSI and
assign it to the gsm_lchan. There is a small issue that will be fixed in the
next commit.
(done by z.)
Be able to send Accept/Reject the Service Request. Use mi_string
instead of the the msgb buffer (even if it is memsetted and such)...
The TMSI allocation seems to be a bit problematic and needs some
further checking. The rough idea is that we try to find the subscriber
for a CM Service Request and then decide based on the subscriber
if we want to handle the call.
It is possible that the BTS is closing the channel even when
our upper layers are doing work. Reset the use_count add a fixme
to call cancellations for pending operations. Cancellation of the
call state (state machines in general) and such come into mind...
Increase when the refcount of the lchan when we initiate a call,
get a SETUP message and put it when we want to release the call...
Once we have proper Q.931 support the use/put needs to be improved,
e.g. we currently do not allow to hangup from the network, and it
will ring until the end of time...
Wrote and test code to add and remove paging requests... This
will be using the fact that the linux list is building a circle
on each tick we can send one/x paging requests and continue round
robin...
You can request to open a channel to a MS and the paging layer
will call you once the channel is allocated. Internally the CCCH
Load Indication will be handled and retry to page a terminal.
It looks like that certain phones that send their old TMSI from
a different network and we assign them a new one with LOCATION
UPDATING ACCEPT will send us a TMSI Reallocation Complete. Print out
the the imsi.
Add the -f option to use a different channel. This is done
by patching the various tables before the OML and RSL is brought
up. It looks like it is working...
Patch by Harald, moving of the patch_tables invocation by zecke
Remove the callbacks from gsm_network for now. A set of different
callbacks will be back. E.g. when the paging is completed, when the
Q.931 like call handling is there...
Remove var's or move them into #if 0, remove unused stuff that looks
like we do not need it anytime soon or #if 0 them, move stuff around.
Allow to change the refcount for a given channel. Store which
bts is our primary bts. A command to switch the primary bts will
be added as well. This makes entering and parsing of commands more
easy.
Really compare pointers to check if the one gsm_subscriber
is equal to the other... gsm_subscriber should be unique for
a given IMSI so comparing the pointers should be fine.
Removing the P Bit from the fake LAPD frame will make wireshark
run the data through the GSM RSL dissector with the right SAPI
and LAPD preference setting.
We need to append the Linux LAPD header for wireshark. This means
that we currently can not support B Channels or such. Maybe we will
need to add another LAPD header.
Make sure that del_timer succeeds and removes an entry from the list. Currently
sending the LOCATION UPDATING REJECT from within the timer will not remove the
list element as ->active gets set to 0 in the timer updating before calling the
callback. Fix the segfault and allow the timer to be removed from within its
own callback.
This might turn into a complete wire protocol with special
client software. For now it will be a simple client interface
that you can use with telnet to do certain things.
This is using flex to implement the parsing. Implementation
and more commands will follow.
The current LAPD control field for indication/disconnect/etc
is wrong and currently we are only interested in the actual
A-Bis data spoken between the BTS and BSC and not on the indication
of the physical line (connection, disconnect, release..)
When using ISDN as network type and using a fake LAPD encapsulation
wireshark should be able to recognize some bits if dump.
Append a dummy LAPD header. It is not clear to me if the Control field
of the LAPD frame is part of the msg or if we need to add it as well.
TODO:
- Do the same for the B Channel
- Write out time
- Check if more of the LAPD frame needs to be prepended. The
information from the mISDNhead comes into mind. Maybe it makes
sense to start a custom wireshark mISDN dissector.
gsm_subscriber is now refcounted, the db backend is leaking
a lot less, db_get_subscriber will allocate the subscr record
now, subscr_* will look up a subscriber in the list of currently
active subscribers and add an ref to this one.
The db test cases pass, more testing will be when next to the bts
Call use_lchan early in allocate_loc_updating_req, do not directly call
rsl_chan_release but go through channel alloc to take the use_count into
account.
As reported by the operator the rejecting didn't work after the
first fix (wrong logic/missing negation). The hypothesis is that
that the lchan was released before the reject timeout was fired.
Fix it by getting a reference on the lchan when allocating a
logical operation and release the reference when the operation
is finished or timed out.
We are going to have logical operations like Phone Call, SMS,
Paging, Updating Request on a logical channel and for each of
these operations we might need to store state. For now pointers
in gsm_lchan look like the best way of doing this and we start
by introducing an operation for the location updating request.
The new flow of things are:
- We get the location updating request and update/create
the subscriber and maybe send the identity requests to
the mobile station
- We start the updating timer, if it times out we will
reject the mobile station.
- Once we get the Identity Responses we have asked for
and the reject timer did not fire yet we might accept
the user.
When a channel is allocated, start a timeout, when a lchan_use
is used the timer will be restarted, when the timeout fires
we will try to recycle or restart the timer.
I removed gsm48_sendmsg(msg) when removing the send_sms from the
_acc method. This is obviously wrong. Fix the regression, spotted
while testing with LaF0rge. This regression was introduced in r120.
gsm_data.h add new callbacks, add some parameters, update bsc_hack and
other call sites.
Remember that we need to ACCEPT/REJECT the LOCATION UPDATE REQUEST and
then send the ACCEPT or schedule the sending of the reject. Currently
it is possible that for a new subscriber that we do not have a !subscbr
yet, we will trigger an IDENTITY REQUEST and schedule the reject timer.
This may lead to rejecting AND accepting (a new subscriber). This issue
is triggered when allowing everyone to connect to the network.
On channel allocation the bsc_hack added a cookie to the lchan on
ack and nack we will take a look and then assume it is the channel
we have allocated. This can be easily exploited by a MS sending fake
responses to paging commands. After the channel has been acked we would
have to ask for the tmsi or find the information on the channel
allocation. For now we will guess.
Currently it is not possible to know for which tmsi the channel
is going to be allocated. The bsc_hack will guess.. in the future
it might be forced to ask for the tmsi after the channel has been
opened...
Add a callback to the gsm_network. When updating the location and
assigning a new tmsi callback into the bsc_hack.c and have a queue
of mobile stations to page, allocate a channel for and ultimately
dial.
Use strdup to be able to use strtok on the category string and add
a test case. Also safe some more information to be able to use color
in the print statement.
One can use add_timer or schedule_timer to add a timer. After
the timeout time has been reached the callback will be called.
One can call add_time/schedule_timer and del_timer from within
the callback.
* initialize OML and RSL based on TEI establish (ACTIVATE_IND) events
* fix abis_nm_raw_msg() to not overwrite the OML header with payload
* fix debug print statements
* fix msgb_dequeue: actually dequeue it from the list ;)