IPA is naming these functions CRCX, MDCX, DLCX to follow
the naming of the MediaGatewayControlProtocol. Change the
code to go from BIND to CRCX (create connection) and from
CONNECT to MDCX (modify connection).
Connect indicates that it is only possible to call it once
while it is possible to call it more than once to modify
the audio parmaters and such. So the IPA terminology is
making a bit more sense here (now that we know it).
E.g. to analyze the subscr_get/subscr_put behavior one can place
the generate_backtrace into the functions, recompile and then filter
the output with contrib/bt.py to get the function name, file and line.
On channel mode modify and assignment command when using
the a multirate code the multirate configuration must be
present in the packet.
Add a parameter and add a warning when using it in a
broken way.
Allow to handle the channel requested differently based
on the NECI value for the "paging any" case. This will allow
to open a TCH/H, TCH/F depending on the neci mode.
Use the correct length when going over the array instead
of using the neci0 values. Remove the fixme from the method
as well as the issue has been addressed by adding a parameter
to the method.
Not doing this could lead to a double deletion due the paging
request being removed during the callback and afterwards as
well. Change the code to save the callback data, remove the
request, do the callback.
A patch was proposed by Andreas Eversberg and this one is
based on it.
This allows the administrator to use the vty interface to issue a silent
call to a given subscriber by using
"subscriber extension XXXX silent call start"
and stopping that silent call with
"subscriber extension XXXX silent call stop"
"Silent SMS" is a SMS that is delivered (and confirmed) but
not shown on the display of the phone. You can now send
such SMS by using
sms send silent extension 12345 text
or
sms send silent imsi 123451234512345 text
This will print test rep[orts that look like:
<0020> ipaccess-config.c:91 TEST REPORT: test_no=0x43 test_res=PARTIAL
<0020> ipaccess-config.c:140 ==> ARFCN 37, RxLev 24, RxQual 0: 262-1, LAC 13830 CI 10759
- Added function "gsm340_scts" to decode the service center time stamp
into a UTC/GMT timestamp
- in function gsm340_validity_period: can now decode validity period
format absolute.
In the case a transaction has been already scheduled return 0 was
called but the subscriber and transaction would leak. Fix it by
calling subscr_put and trans_free.
After claiming the channel also remove the reference on the subscr.
This is confirmed by looking at the source of their dissector.
The length can go up to 273 bytes apparently (again, according
to the source of their dissector).
Keep track of which SAPIs have been established either by the
BTS (from the MS) or by us. This can be used by the on-waves
BSC code to figure out if a new request should be made.
Be able to send RR CHANNEL MODIFY from the BSC/MSC code
as well. Move the method that knows about the IPAccess RTP
and issues the "bind" to the utils tool
Add code to generate an assignment command for a given lchan. It
is expected that the lchan is modified already and the mode will
be picked up from their. Currently only the mandantory items
are supported.
ipaccess-config stopped working after the introduction of
multi-TRX/RSL stream id support in commit 8175e95222.
Set the oml_tei to 0xff by default and add an option to set
a different stream id.
- Improved handling of extension-number string (as per review)
- Guard against a buffer-overflow if mobile sends a too-long USSD
- declare some function-parameters const
- fix gsm_ts_name function to display the right BTS number (bts->nr rather than bts->bts_nr)
This patch removes the need of static global variables and introduces a new,
caller-allocated 'struct ussd_request' that needs to be passed to the various
functions.
This is needed when you need to manually parse TLV blocks
that don't follow the logic supported by tlv_parse but you
still want to rely on working code and not fiddle with details.
bsc_init.c still contained a hard-coded channel configuration,
i.e. CCCH_combined on TS0 of C0, and TCH/F on all other channels.
Now it correctly uses the value as specified in the config file.
If we have a dynamic TCH/F / PDCH channel configuration, then
we can either ACTIVATE CHANNEL it for a TCH/F, or we need to send
this vendor-specific PDCH ACTIVATE command to use it as a PDCH.
As opposed to a fixed configuration, this allows an intelligent
BSC channel allocator to use otherwise idle channels as PDCH
as long as no more TCH's are needed.
Since TS 12.21 implements only SET ATTRIBUTE for some object classes,
ip.access had to extend it to be able to set attributes on arbitrary
objects. We now introduce a function implementing that message.
Supporting GPRS means we have a number of additional OML objects to
deal with. We need to extend our gsm_bts structure to at least
include the nm_state for each of those objects.
Tag-variableLength-Value is an encoding scheme used in the GPRS NS
and BSSGP protocols, where the length value can be 8 or 16 bits,
depending on actual demand.
For the compiler classmark1 is a struct and the compiler is
unaware that it fits into an unsigned int. Use memcpy to
copy it to a u_int8_t (the compiler should inline this).
dbi_conn_quote_binary_copy works on unsigned char* change
q_apdu to be unsigned char.
Commit 9bd7bc1b4c caused the RSL
initialization to happen too early, resulting in the BTS
bootstrapping but missing [some of?] the system information
types.
In order to support multi-TRX configurations, we need to be able
to cope with multiple RSL streams (each with their own stream identifier)
inside one ip.access TCP connection.
Since this is very similar to using the TEI on a E1 line, we simply
recycle the logic and data fields that are used for the TEI.
this fixes the delay of audio caused by stalling of the openbsc process.
the use of 'usleep(100000)' for slowing down transmission to nanoBTS is
replaced by the tx-delay timer. i did this on bs11 code, so i did it the
same way. it actually queues frames for transmission not nanoBTS. on
transmission a timer is started and when this timer expires, the next
frame in the queue is transmitted (timer restarted) until the queue is
empty.
Add support for 1900 nanoBTS by using unified bts_type
GSM_BTS_TYPE_NANOBTS for 900, 1800 and 1900 versions.
Reduce the nanoBTS enum values to one and derive the
version from the user supplied band. In the future we
might want to do auto band detection.
The configuration file needs to be changed to refer
to nanobts instead of nanobts900/nanobts1800.
Signed-off-by: Mike Haben <michael.haben@btinternet.com>
Signed-off-by: Holger Hans Peter Freyther <zecke@selfish.org>
Addresses a FIXME in abis_nm.c, parsing the parameters
passed by a Software Activate request. I've tested this
on three different IpAccess BTSs (including one which
didn't work with the original code), would be good if
someone could check it on a BS11.
Signed-off-by: Mike Haben <michael.haben@btinternet.com>
Tested-by: Holger Hans Peter Freyther <zecke@selfish.org>
We are using LAC=0 for remembering that a GSM subscriber is
detached. I recently added code to gsm_bts_by_lac that will
return every BTS in case the lac is 0. Harald highlightes
that we would now search for detached subscribers at every
BTS of our network which is clearly not what we want.
Introduce two defines for the two reserved LAC, add a
pointer to the specification, check that our config files
do not contain these reserved values, use the define
and change gsm_bts_by_lac to use the other define.
This is a regression coming from the recent split of the
handle_ts1_read method in two.
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
Signed-off-by: Holger Hans Peter Freyther <zecke@selfish.org>
For the MSC<->BSC connection we are going to use the same header
as used from BTS<->BSC but we are not having an E1-Link, a gsm network
or a gsm_bts available and can not use this part of the code.
The LAC can be 16bit of size. the generation of the LAI, struct
gsm_subsriber and the BSC<->MSC was already using it as a
16bit (short) value.
Change struct gsm_bts to parse 16bit and change the vty configuration
parsing code to deal with a short too.
For the on-waves.com MSC case we want to page every BTS reached
of the network. Our gsm_subscriber entry does not have a LAC
entry set and defaults to zero. Use the reserved 0x0000 to
indicate that we want to use every bts in the network.
This will influence the paging code to start and stop paging.
Add one method to extract the MI which will allow to load
the gsm_subscriber depending on the MSC/BSC setup and then
use gsm48_handle_paging_resp to finish the paging response
handling.
Gracefully handle a case where success and expire could fire... I'm
only hitting this when doing something evil to simulate network code
but it seems appropriate to handle this gracefully.
Transfering the cell_identity from BSC to MSC is required for the
on-waves.com support. Allow to set the cell_identity in the cfg
file and patch the system information tables to set it.
tmsi is four octets long, there is no need to make it a string
and then jump through hoops to convert it to a number. Keep the database
using it as a string to benefit from the NULL handling of the db.
Introduce the reserved tmsi which has all bits set to 1 according
to GSM 03.03 §2.4 and start checking for it and make sure the db
code will never allocate such a tmsi.
When only one SMS is sent, the freeing of the lchan will
automatically free all transactions on the lchan.
However, if there are several SMS sent at once, the call
to gsm411_send_sms_lchan will create a new transaction
with the same caracteristics as the previous one. If
the old one is not free'd, the next call to trans_find_by_id
(triggered by the next incoming RP-ACK) will not return the good
transaction and things go haywire.
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
The algorithm ID used in the GSM 04.08 RR message is
(x-1) for A5/x. In RSL it's (x+1) for A5/x so there is
a difference of 2.
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
This just adds the 04.08 and RSL bits for A5, but not the logic
for performing authentication.
The caller would first set lchan->encr and then call
gsm48_send_rr_ciph_mode(lchan), which encapsulates the 04.08
CIPHERING MODE COMMAND into a RSL ENCRYPTION COMMAND and sends it
to the BTS for execution + forwarding.
This fixes the 'only first call works' problem that some of us were
having with the nanoBTS.
(the field just happenned to be 0 == GSM48_CMODE_SIGN after startup)
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
Prefix generate_mid_from_tmsi with a gsm48_, create a new method
to binary encode the imsi. Add a unit test for parsing and decoding.
The implementation can parse the data it generated and the
last octet seems to be filled with the end mark.
Do not advertize to broadcast on a different frequency, this
was only useful for the HAR2009. The frequency list of the cell
probably needs to migrate into the vty config file.
Revert of ee4410a4f3
Share the initialization and bootstraping of the network by moving
the code to a new file and making boostrap_network and shutdown_net
external.
Cleanup the header list after the move and remove trailing whitespace.
The existing gsm_04_08.c implementation is mixing BSC and MSC
behavior. Move some simple parsing and generation functions over
to gsm_04_08_utils.c to allow a different MSC to define the policy.
Currently we have circular dependencies from libbsc to libmsc
and this requires to play some linker tricks. The problem will
be solved in two ways, first we will get rid of the circular
dependencies and second we can start using --start-group and
--end-group of the linker to play the tricks for us.
For the BSC part we still assign a gsm_subscriber to lchan but it
might only contain the TMSI of this subscriber.
For the MSC part we will need the HLR/VLR feature of the gsm_subscriber,
specially the lookup's by number...
So if libbsc.a/libmsc.a are compiled in one app and used the
subscribers will be shared, and if only libbsc.a gets used we will
have more empty gsm_subscriber.c..
Attempt to split up bsc/msc functionality according to the specs. The
libbsc.a will be responsible for communicating with the BTS, configuring
it, paging, channel allocation and passing layer3 messages in both
ways. libmsc.a will implement the policy and such.
this enables the caller to detect if the paging request was rejected
by the paging layer, especially in case it is already paging this very
subscriber.
In the case of SMS / 04.11, we used to have a memory leak of struct gsm_sms's,
since we would only free them from the paging succeeded/expired callbacks.
the various constructors get called in a non-obvious, linker determined
order, which makes certain objects disappear from the talloc report.
This change moves the talloc context creation into a new talloc_ctx.c file
SMS related messages are all sent over SAPI=3. But in addition
to that, we also need to send it over the correct link identifier,
i.e. SACCH or main signalling channel
The channel allocator can be set in ascending or descending order.
Ascnending means we first try to allocate channels on TRX0, then TRX1, etc.
Descending means we first try to allocate cahnnels on TRXn, then n-1 down to 0.
This means that the config file is now finally the central source of not only
the E1 configuration on the BSC, but also the E1 and GSM channel configuration
on the BTS.
When starting the first time there are no tables, doing a revision
check will fail and bsc_hack will exit without tables created. Do
the revision check within db_prepare and allow new tables to be
created before.
As it turns out, we start to allocate SDCCH for voice calls. Since we
don't yet implement switching from SDCCH to TCH during call setup,
this leads to various problems.
This is only relevant for TRX1, since TRX0 will always opwerate at constant
power. However, when channels on TRX0 are activated, we should provide
a reasonable BS poewr level.
* send more pending messages after RP-ACK of DELIVER has been received
* send pending messages after RP-SMMA has been received
* clear the transaction when sending CP-ACK in MT/DELIVER case
* always use the same transaction ID (since my assumptions about
SMS transactions were wrong)
* try to deliver messages through existing lchan rather than starting
paging
* send pending SM's after LOCATION UPDATE ACCEPT has been sent
You can now type commands like
'sms send extentsion 1003 This is a test message'
to trigger paging and delivery of the message 'This is a test message'
to the subscriber with extension 1003. There's also a variant that uses
the IMSI of the subscriber.
Messages sent this way are only attempted to deliver immediately. If
immediate delivery fails, there is no attempt to store it in the database.
SM's need to be transferred over their own RLL connection on SAPI3, rather than
the default SAPI0 connection that we're using for signalling like 04.08
RR/MM/CC.
This is not that much of a problem in the case of SMS SUBMIT from the MS to
the netwrok. In that case, the MS will start its primary RLL connection
with SAPI3, and we can just respond with SAPI3.
However, in the case of SMS DELIVER to a MS, we first page the MS, it then
establishes SAPI0. We then need to explicitly request the establishment of
a SAPI3 RLL connection, before we can send CP-DATA with our RP-DATA and DELIVER
RPDU
Now that we have the bsc_rll.c code, we can actually wait for a paging
response, and from the paging response request the establishment of the SAPI3
connection. We will be called back once that connection is open and can
successively start transmission of the SM.
A caller can call rll_establish(lchan, link_id) and a callback to the GSM RLL
code. He will get called back if the RLL link is established or receives some
error message, or the establishment times out.
We need this for proper SMS implementation, where we need to restablish a SAPI3
RLL link before transmitting the actual CP-DATA messages.
we now have the full path from the MS into the database (SUBMIT), as well as
back from the database to the MS (DELIVER). The database gets correctly
updated once a SMS has been successfully delivered.
What's still missing is the periodic scan over all undelivered messages,
trying to deliver them to the respective MS. So far, you have to manually
trigger this on the telnet interface with 'sms send pending 1'
Holger Hans Peter Freyther
Harald Welte
Sylvain Munaut