Despite the correct range of Timing Advance value is [0..63],
there is a special feature in OsmocomBB which allows one to
simulate the distance between both MS and a BTS by playing
with the signal delay.
It was discovered that l1ctl_tx_param_req() is using an unsigned
'uint8_t' type for Timing Advance value, while other code and
L1CTL protocol is using signed 'int8_t'. This may result in
distortion of negative values, so let's fix this!
Change-Id: I6ee42b5fa2ca9ebe187f0b933465c49f840a55c2
We don't need to hand-code unix domain socket initialization but
can simply use our library function for it. As an added benefit,
the library code already contains corner case handling for non-NUL
terminated unix domain socket path.
Change-Id: I57c724c78dbbbce0546ebe914e370f32c8c89703
When starting multiple mobile in the same second, the libc random number
generator will be seeded to exactly the same value.
The random bits inside the RACH request(s) will be exactly the same
across multiple mobile and when the channel fails they all pick the same
randomized back-off timing.
Use stronger random numbers and replace all calls to random(2) with
osmo_get_rand_id. Add a fallback to try random().
[v2: Add helper to make sure the result is int and between 0 and
RAND_MAX]
Change-Id: Icdd4be88c62bba1e9d954568e48f0c12a67ac182
Previously, TCH frames coming from L1 were reordered to the RTP
format. Moreover, the implementation had a few problems:
- L1CTL is not the best place for such manipulations;
- payloads with other than FR codec were corrupted.
Let's use RTP-ordered payloads on the L1CTL interface,
performing TCH frame reordering at the firmware.
Please note, that actual FR reordering was moved to the firmware
as is, without any codec determination. This could be fixed in
a separate change.
Change-Id: I81ec8ed3c9e72a62b22c1720c299cdc68b733cf1
Previously, the L1CTL_CRYPTO_REQ message contained only a ciphering
algorithm and actual Kc key to be used. The key length was
calculated manually using the MSGB API.
Let's avoid manual calculations here, as it may cause unexpected
behavior if the message structure is changed. Also, let's fill
the UL header with minimal information about a channel, which
is going to be encrypted.
Change-Id: I5fab079907c5276322d3ec2b46cab81f10c7ed09
We want the script interface to interface through a primitive
interface. This will allow to move it to a different thread or
a process in the future. The script interface will just use the
primitives.
It is not clear how "sap" will be used here. I am keeping it
at 0 right now. The first primitive is starting a timer with a
request and then getting an indication as a response.
Change-Id: Id2456b7fae35546553c4805f12a40c0812d9255c
Add a mobile application logging category and replace printf with
a LOGP. The code is sadly still using exit in the middle of handling.
Change-Id: I71e7f6e6375a485b45bad76ada2be17b0901577d
As we use talloc, it's absurdly not to use the main feature of
the library - hierarchical memory management. This change sets
talloc context of all sub-allocated objects to related osmocom_ms
instance. So, as soon as osmocom_ms instance is destroyed, all
sub-allocated chunks are getting destroyed too.
Change-Id: I6e3467ff739f3e6dc8dd60cc6d1fcd3f8e490ce9
The approach of talloc memory management reduces memory usage,
and prevents some buffer overflows, which were possible before.
Change-Id: Icd6706117fdd7f1b3481b0e3817bbb3b31f12f60
If sap_state is equal to SAP_NOT_CONNECTED, it cannot
be equal to another value at the same time. So the
second part of condition doesn't make sense.
Change-Id: I3038fc15745dc4be796d894002524e6b2dd5c90e
1) Now the SAP interface is selectable as SIM source using the 'sim sap'
command in VTY.
2) SAP connection starts only if it is configured as SIM source.
3) Fixed sap_socket_path configuration r/w errors.
Written-by: Яницкий Ва дим <axilirator@gmail.com>
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
The downlink singalling failure counter DSC is decremented by 4
in case of unsuccessfull decoding of CCCH block and incremented
by 1 in case of successfull decoding of CCCH block. The initial
and maximum value of 90 requires to check the signal only once
per 51 multiframe.
If DRX would be supported, only a subset of 51 multiframes are
received, so the initial / maximum value of 90 must be reduced
accordingly.
When parsing SI4, there's a check and a log message saying that CBCH
MA is ignored until SI1 is received. Then the MA is decoded anyway --
incorrectly -- such that it remains incorrect even after receiving
the next SI1.
Fix that with an "else".
Signed-off-by: Alex Badea <vamposdecampos@gmail.com>
Signed-off-by: Andreas Eversberg <jolly@eversberg.eu>
As Dieter points out, this drastically improves the resiliance to high
receive levels on the C155. We cannot blindly assume a received signal
level of -85 dBm if the BTS is 2m away and we actually receive -40 dBm.
This patch extends the L1CTL_FBSB_REQ data structure in layer 1 with the
respective field, as well as the l1ctl_tx_fbsb_req() API function called
from the various layer23 apps.
"mobile" and "bcch_scan" already did a PM request and thus know the
expected signal power. "ccch_scan" and "cbch_sniff" apparently don't
do, so the -85 dBm constant is now hardcoded into the host-side source
code there, and should probably be fixed in a follow-up patch.
libosmocore has changed its LAI decoding from hex to decimal. This caused
wrong decoding of MCC and MNC. In order to provide required hex
transcoding, special hex encoding and decoding function are added to
mobile/sysinfo.c.
Error:
gcc -Wall -I/home/kevredon/osmocom-bb/src/shared/libosmocore/include -I/home/kevredon/osmocom-bb/src/shared/libosmocore/include -g -O2 -D_HAVE_GPSD -lgps -o cell_log main.o app_cell_log.o cell_log.o geo.o ../common/liblayer23.a /home/kevredon/osmocom-bb/src/shared/libosmocore/build-host/src/.libs/libosmocore.a /home/kevredon/osmocom-bb/src/shared/libosmocore/build-host/src/gsm/.libs/libosmogsm.a /home/kevredon/osmocom-bb/src/shared/libosmocore/build-host/src/codec/.libs/libosmocodec.a -lm
../common/liblayer23.a(gps.o): In function `osmo_gpsd_cb':
/home/kevredon/osmocom-bb/src/host/layer23/src/common/gps.c:79: undefined reference to `gps_waiting'
Fix:
Holger told me to do so (he knows better then me about autoconf)
- set CFLAGS and LIBS for LIBGPS in layer23
- add libgps CFLAGS and LIBS in Makefile.am for common, misc, mobile
I would have done the following (which also works):
-AC_CHECK_LIB(gps, gps_waiting, CFLAGS+=" -D_HAVE_GPSD" LDFLAGS+=" -lgps",,)
+AC_CHECK_LIB(gps, gps_waiting, CFLAGS+=" -D_HAVE_GPSD" LDFLAGS+=" -lgps" LIBS+=" -lgps",,)
This is importaint on certan cells to finish BCCH scanning. If SI2ter
indication is falsely detected, BCCH reading will timeout, because no
expected SI2ter is received.
Use VTY to request your extension number form OpenBSC:
en
service 1 *100#
Written-by: Andreas Eversberg <jolly@eversberg.eu>
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
Since libosmocore already has LAPDm implementation, we don't need the
local copy of LAPDm code anymore.
Written-by: Andreas Eversberg <jolly@eversberg.eu>
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
This patch introduces cell re-relection. When camping on a cell, it
scanns neighbour cells. If a 'better' cell is found, the cell is selected.
If the cell is in a different location area, a location upating is
performed under certain conditions.
The 'better' cell depends on various informations that are broadcasted on
the BCCH of a neihbour cell and of course the RX level. Most operators
don't set these informations, so the 'better' cell depend on a better
RX level for the same location area, or a much better RX level (6 dBm)
at a different location area.
There were many issues at the idle mode process that has been fixed.
Expecially when moving, the state machines got stuck, so no more cell search
was possible, or no further calls / location updating was possible.
In order to see the process of cell selection, enter the VTY interface and
enable the network monitor:
enable
monitor network 1 (where '1' is the instance of the MS)
In order to see the current state of the processes, enter:
show ms
Commit 3538c38835 introduced the
l1_prim_cb but the init of the misc apps were not updated, make
it us the generic callback that should restore the previous behavior
This function can be called by a TDMA-driven L1 which will never actually want
to receive unsolicited/asynchronous PH-DATA.req primitives, but who will simply
directly poll the LAPDm transmit queue by calling the abovementioned function
We also introduce some related functions like
lapdm_{entity,channel}_set_mode()
lapdm_{entity,channel}_reset()
This is all in preparation for the Osmo-BTS Work.
This makes it possible to use GSM 850 and PCS 1900 bands, as used in the
US. The support relies on the phone hardware.
Each band (900, DCS, 850, PCS, 480 and 450) can be enabled and
disabled individually for each setting.
This patch changes include paths to get osmocom-bb working with
the current libosmocore tree.
Among all these renames, you can notice several tweaks that I
added on purpose, and that require some explanation, they are:
* hexdump() in osmocon.c and osmoload.c has been renamed to avoid
clashing with hexdump() defined in libosmocore.
* gsmmap now depends on libosmogsm. Actually I had to cleanup
Makefile.am because I was experiencing weird linking problems,
probably due to a bug in the autotools. With the change included
in this patch, I got it compiled and linked here correctly.
This patch has been tested with the phone Motorola C123 and the
following images files:
* firmware/board/compal_e88/hello_world.compalram.bin
* firmware/board/compal_e88/layer1.compalram.bin
Using the osmocon, bcch_scan and mobile tools.
Signed-off-by: Pablo Neira Ayuso <pablo@gnumonks.org>
Be able to add extra (short) options from the 'applet' to
the main application. Use this to print the help mentioning
app specific options, pass the getopt string and handle the
command line parsing for it.
Change cell_log to keep the logname in the app_cell_log.c
and then access it from the cell_log.c implementation.
Make it possible that each l23 app can inject the copyright string,
also prepare to have callbacks for the config handling and other
places. This will be useful to add app specific config options.
connect's addrlen should be sizeof(local), not the contained path's length.
With the previous code, on OS X connect() will fail with ENOENT.
This permits layer23 to work on OS X using the pl2303 driver,
/dev/tty.usbserial , MacPorts arm-elf-gcc and RANLIB=arm-elf-ranlib
Signed-off-by: Harald Welte <laforge@gnumonks.org>
To create another instance: 'ms <name> create'
To remove an instance: 'no ms <name>'
If no instance exists, 'ms 1' is created automatically on startup.
Each instance can be enabled / disabled by using 'shutdown' or
'no shutdown'. Multiple instances may share the same layer2 socket (same
phone hardware), but in this case only one instance can be enabled at the
same time. This makes it much easier to select different settings without
modifying them.
A 'shutdown' initiates the IMSI detach procedure before shutdown is
completed. A 'shutdown force' will immidiately shutdown.
There is no need to restart the software anymore, if fundamental settings
are changed. In this case, a 'shutdown' followed by a 'no shutdown' will
do the job.
If you already have an old osmocom.cfg, you need to "no shutdown" it.
Everything else behaves as before.
Sylvain found out that the state was not cleared when receiving an RR
response with F-bit == 1. The missing handling is now added and tested.
Furthermore there is a minor fix to prevent underflow when resending last
frame in "timer recovery state".
In order to resume correctly, the first message (ASSIGNMENT COMPLETE or
HANDOVER COMPLETE) must be sent after the link is resumed. Therefore it
must be given with the resume command. Unacknowledged messages are
transmitted afterwards, if any.
There are two criterions for lossing a signal, idle mode and dedicated mode.
A counter counts down when a frame is dropped, and counts up when a valid
frame is received on certain channel. The loss criterion is reached, if the
counter reaches 0. The values added to / removed from the counter and the
limits depend on the process.
Vadim Yanitskiy
Harald Welte
Sylvain Munaut