Add one method to extract the MI which will allow to load
the gsm_subscriber depending on the MSC/BSC setup and then
use gsm48_handle_paging_resp to finish the paging response
handling.
Gracefully handle a case where success and expire could fire... I'm
only hitting this when doing something evil to simulate network code
but it seems appropriate to handle this gracefully.
Transfering the cell_identity from BSC to MSC is required for the
on-waves.com support. Allow to set the cell_identity in the cfg
file and patch the system information tables to set it.
tmsi is four octets long, there is no need to make it a string
and then jump through hoops to convert it to a number. Keep the database
using it as a string to benefit from the NULL handling of the db.
Introduce the reserved tmsi which has all bits set to 1 according
to GSM 03.03 §2.4 and start checking for it and make sure the db
code will never allocate such a tmsi.
When only one SMS is sent, the freeing of the lchan will
automatically free all transactions on the lchan.
However, if there are several SMS sent at once, the call
to gsm411_send_sms_lchan will create a new transaction
with the same caracteristics as the previous one. If
the old one is not free'd, the next call to trans_find_by_id
(triggered by the next incoming RP-ACK) will not return the good
transaction and things go haywire.
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
The algorithm ID used in the GSM 04.08 RR message is
(x-1) for A5/x. In RSL it's (x+1) for A5/x so there is
a difference of 2.
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
This just adds the 04.08 and RSL bits for A5, but not the logic
for performing authentication.
The caller would first set lchan->encr and then call
gsm48_send_rr_ciph_mode(lchan), which encapsulates the 04.08
CIPHERING MODE COMMAND into a RSL ENCRYPTION COMMAND and sends it
to the BTS for execution + forwarding.
This fixes the 'only first call works' problem that some of us were
having with the nanoBTS.
(the field just happenned to be 0 == GSM48_CMODE_SIGN after startup)
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
Prefix generate_mid_from_tmsi with a gsm48_, create a new method
to binary encode the imsi. Add a unit test for parsing and decoding.
The implementation can parse the data it generated and the
last octet seems to be filled with the end mark.
Do not advertize to broadcast on a different frequency, this
was only useful for the HAR2009. The frequency list of the cell
probably needs to migrate into the vty config file.
Revert of ee4410a4f3
Share the initialization and bootstraping of the network by moving
the code to a new file and making boostrap_network and shutdown_net
external.
Cleanup the header list after the move and remove trailing whitespace.
The existing gsm_04_08.c implementation is mixing BSC and MSC
behavior. Move some simple parsing and generation functions over
to gsm_04_08_utils.c to allow a different MSC to define the policy.
Currently we have circular dependencies from libbsc to libmsc
and this requires to play some linker tricks. The problem will
be solved in two ways, first we will get rid of the circular
dependencies and second we can start using --start-group and
--end-group of the linker to play the tricks for us.
For the BSC part we still assign a gsm_subscriber to lchan but it
might only contain the TMSI of this subscriber.
For the MSC part we will need the HLR/VLR feature of the gsm_subscriber,
specially the lookup's by number...
So if libbsc.a/libmsc.a are compiled in one app and used the
subscribers will be shared, and if only libbsc.a gets used we will
have more empty gsm_subscriber.c..
Attempt to split up bsc/msc functionality according to the specs. The
libbsc.a will be responsible for communicating with the BTS, configuring
it, paging, channel allocation and passing layer3 messages in both
ways. libmsc.a will implement the policy and such.
this enables the caller to detect if the paging request was rejected
by the paging layer, especially in case it is already paging this very
subscriber.
In the case of SMS / 04.11, we used to have a memory leak of struct gsm_sms's,
since we would only free them from the paging succeeded/expired callbacks.
the various constructors get called in a non-obvious, linker determined
order, which makes certain objects disappear from the talloc report.
This change moves the talloc context creation into a new talloc_ctx.c file
SMS related messages are all sent over SAPI=3. But in addition
to that, we also need to send it over the correct link identifier,
i.e. SACCH or main signalling channel
The channel allocator can be set in ascending or descending order.
Ascnending means we first try to allocate channels on TRX0, then TRX1, etc.
Descending means we first try to allocate cahnnels on TRXn, then n-1 down to 0.
This means that the config file is now finally the central source of not only
the E1 configuration on the BSC, but also the E1 and GSM channel configuration
on the BTS.
When starting the first time there are no tables, doing a revision
check will fail and bsc_hack will exit without tables created. Do
the revision check within db_prepare and allow new tables to be
created before.
As it turns out, we start to allocate SDCCH for voice calls. Since we
don't yet implement switching from SDCCH to TCH during call setup,
this leads to various problems.
This is only relevant for TRX1, since TRX0 will always opwerate at constant
power. However, when channels on TRX0 are activated, we should provide
a reasonable BS poewr level.
* send more pending messages after RP-ACK of DELIVER has been received
* send pending messages after RP-SMMA has been received
* clear the transaction when sending CP-ACK in MT/DELIVER case
* always use the same transaction ID (since my assumptions about
SMS transactions were wrong)
* try to deliver messages through existing lchan rather than starting
paging
* send pending SM's after LOCATION UPDATE ACCEPT has been sent
You can now type commands like
'sms send extentsion 1003 This is a test message'
to trigger paging and delivery of the message 'This is a test message'
to the subscriber with extension 1003. There's also a variant that uses
the IMSI of the subscriber.
Messages sent this way are only attempted to deliver immediately. If
immediate delivery fails, there is no attempt to store it in the database.
SM's need to be transferred over their own RLL connection on SAPI3, rather than
the default SAPI0 connection that we're using for signalling like 04.08
RR/MM/CC.
This is not that much of a problem in the case of SMS SUBMIT from the MS to
the netwrok. In that case, the MS will start its primary RLL connection
with SAPI3, and we can just respond with SAPI3.
However, in the case of SMS DELIVER to a MS, we first page the MS, it then
establishes SAPI0. We then need to explicitly request the establishment of
a SAPI3 RLL connection, before we can send CP-DATA with our RP-DATA and DELIVER
RPDU
Now that we have the bsc_rll.c code, we can actually wait for a paging
response, and from the paging response request the establishment of the SAPI3
connection. We will be called back once that connection is open and can
successively start transmission of the SM.
A caller can call rll_establish(lchan, link_id) and a callback to the GSM RLL
code. He will get called back if the RLL link is established or receives some
error message, or the establishment times out.
We need this for proper SMS implementation, where we need to restablish a SAPI3
RLL link before transmitting the actual CP-DATA messages.
we now have the full path from the MS into the database (SUBMIT), as well as
back from the database to the MS (DELIVER). The database gets correctly
updated once a SMS has been successfully delivered.
What's still missing is the periodic scan over all undelivered messages,
trying to deliver them to the respective MS. So far, you have to manually
trigger this on the telnet interface with 'sms send pending 1'
The existing code always paged for a TCH/F, which is really wasteful
when considering the delivery of SMS messages.
Also, increase the verbosity of the debug message a bit.
So far, we immediately disable the RF channel without following a proper
RLL RELEASE procedure. This patch changes this.
If we locally terminate the connection, the channel allocator now triggers a
RLL RELEASE REQuest, which is responsed by the MS with a RLL RELEASE CONFirm,
based on which we send the RF CHANnel RELease to the BTS.
If the MS terminates the connection, we receive a RLL RELEASE INDication,
based on which we trigger RF CHANnel RELease to the BTS.
This helps us to detect the frequency error of BS-11 if it is located
next to the nanoBTS 900.
If 'ipaccess-config -l' is called, it will produce a report like
<0020> ipaccess-config.c:85 TEST REPORT: test_no=0x42 test_res=0
<0020> ipaccess-config.c:108 ==> ARFCN 220, Frequency Error 22
<0020> ipaccess-config.c:108 ==> ARFCN 1, Frequency Error -37
<0020> ipaccess-config.c:108 ==> ARFCN 10, Frequency Error 0
<0020> ipaccess-config.c:108 ==> ARFCN 20, Frequency Error 11
<0020> ipaccess-config.c:108 ==> ARFCN 53, Frequency Error 5
<0020> ipaccess-config.c:108 ==> ARFCN 63, Frequency Error -4
<0020> ipaccess-config.c:108 ==> ARFCN 84, Frequency Error 11
<0020> ipaccess-config.c:108 ==> ARFCN 101, Frequency Error 0
<0020> ipaccess-config.c:108 ==> ARFCN 123, Frequency Error -52
where in this case the ARFCN 123 is the BS-11 with a frequency error
larger than all the other (regular) BTS in the vicinity.
We nowuse the interactive VTY layer to configure OpenBSC. You can
create BTS's, set their parameters as well as TRX's and their
timeslots on the telnet UI.
What is lacking so far:
1) we only read the config file once and don't properly react
to changes performed at runtime
2) ip.access BTS supportis not integrated yet
There are three config files as examples
* openbsc.cfg.1-1: single BTS, single TRX
* openbsc.cfg.1-2: single BTS, dual TRX
* openbsc.cfg.2-2: dual BTS, dual TRX
Using this option, you can use two BS-11 connected to the same E1
link. The first BS-11 needs to have BPORT0 and BPORT1 objects created with E1
Line Configuration attribute "multi-drop". The second BS-11 is configured with
only BPORT0 in star configuration, and needs to have the OML signalling on TS6
instead of TS1. Also, a kernel patch providing a second virtual E1 interface
is needed.
Fix two bugs in OML software download code where we allocate data structures
using talloc, but free() them using the system memory allocator. Spotted by
dexter.
Each BTS gets its own E1 line data structure. They are meant to bind
each to their own (virtual?) mISDN device.
BTS0 uses TS01 (siganlling) and TS02/03 (TRX0), TS04/05(TRX1)
BTS1 uses TS11 (siganlling) and TS12/13 (TRX0), TS14/15(TRX1)
BTS2 uses TS21 (siganlling) and TS22/23 (TRX0), TS24/25(TRX1)
In order to use multiple mISDN cards, we need to:
1) move driver initialization out of line initialization
2) make sure we allow partial (virtual) E1 cards with < 30 B-channels
* remove old HAVE_TRX1 definition, replace it with '-1' commandline argument
* make sure we actually configure the OML TRX attributes with a different
ARFCN than TRX0
* make sure we configure timeslot 0 of TRX1 also in TCH/F mode
This code is untested, but if you have a dual-trx BS-11, and the second TRX
is activated, you should be able to run bsc_hack with the -1 option to enable
and use the second trx. It works like this:
* TRX1 shares E1 timeslot 0 for signalling
* TRX1 RSL link uses TEI2 (TRX0 uses 1)
* TRX1 on ARFCN+2, i.e. if you have TRX0 on 122, TRX1 will be 124
* we only need one piece of code to calculate rsl_ie_chan_mode from
our run-time data structures (gsm_lchan)
* add some more channel modes for TCH/H and data
* use enum's to make the compiler warn us about unhandled enum values
* make sure the caller determines the (signalling,speech,data) mode
only after the LCHAN_MODIFY we know the final mode of the channel,
so we have to postpone our IPAC_BIND until then to make sure we set
the correct speech codec.
Up until now, we only supported direct RTP streams between ip.access BTS.
With this commit, the user can specify '-P' to the command line to enable
a RTP/RTCP proxy inside OpenBSC. The nanoBTS will then send all their voice
data to OpenBSC, which will relay it to the respective destination BTS (which
can be the same BTS).
The default behaviour remains unchanged. Without '-P' on the command line,
RTP/RTCP is exchanged directly.
* explicitly set the "ip speech mode" IE during BIND and CONNECT messages,
depending on the speech codec used by the voice call
* more verbose debug messages regarding IPAC_BIND and IPAC_CONNECT
* do not always blindly specify RTP payload type, but use the value
returned by BIND_ACK, _if_ it is present.
The rtp_proxy.[ch] code is intended to be used as a transparent
RTP/RTCP proxy, relaying the media streams from one ip.access BTS
to another. In an 'ideal' network, this is obviously not needed,
since the BTS's can send those streams directly between each other.
However, for debugging, 'lawful interception', transcoding or interfacing
a TRAU/E1 based BTS, we actually need to process those RTP streams
ourselves.
There were many places in the code where we had to explicitly
reference the transaction_id and put it into a packet. By introducing
and optional gsm_trans parameter to gsm48_sendmsg(), we can implement
this code once rather than dozens of time.
since a subscriber is an element of the gsm_network, we have to ensure
subscr->net is always set correctly. We do this by using gsm_network
as an argument to all functions that resolve or create a subscriber.
Since a transaction is associated to a gsm_subscriber, and the subsciber
is part of a network, we don't need to have a dedicated transaction->network
pointer.
This changeset factors out gsm_transaction as something independent
of call control in preparation to re-use the code from SMS. A
transaction is uniquely identified by either its callref, or by
a tuple of (transaction_id, protocol, subscriber).
Since a transaction is associated to a gsm_subscriber, and the subsciber
is part of a network, we don't need to have a dedicated transaction->network
pointer.
This changeset factors out gsm_transaction as something independent
of call control in preparation to re-use the code from SMS. A
transaction is uniquely identified by either its callref, or by
a tuple of (transaction_id, protocol, subscriber).
since a subscriber is an element of the gsm_network, we have to ensure
subscr->net is always set correctly. We do this by using gsm_network
as an argument to all functions that resolve or create a subscriber.
Currently we send the attribute changes in a send and forget
fashion. But sometimes the nanoBTS is sending us a NACK, e.g
with a invalid unit id. Start handling the NACK and provide
an error message to the user. The error message is not yet
describing the cause of the error but this is a slight progress
to the previous silent failure.
For further evaluation/analysis, this patch stores the classmark 1, 2 and 3
values of every equipment in the SQL database. We can use this non-volatile
data to determine the supported features for each handset that we've ever
seen on our network.
Holger Hans Peter Freyther
Sylvain Munaut
Harald Welte