When starting multiple mobile in the same second, the libc random number
generator will be seeded to exactly the same value.
The random bits inside the RACH request(s) will be exactly the same
across multiple mobile and when the channel fails they all pick the same
randomized back-off timing.
Use stronger random numbers and replace all calls to random(2) with
osmo_get_rand_id. Add a fallback to try random().
[v2: Add helper to make sure the result is int and between 0 and
RAND_MAX]
Change-Id: Icdd4be88c62bba1e9d954568e48f0c12a67ac182
It was decided to migrate to osmo_get_rand_id() and use random()
as a fall-back. But there is a critical difference between both
functions: osmo_get_rand_id() fills an input buffer with random
bytes (0x00 - 0xff), while *random() returns a value in range
between 0 and RAND_MAX.
osmo_get_rand_id() was used in a wrong way, so in some cases we
could get a negative value (how about IMEI starting from '-'?),
what isn't expected in many cases and could lead to unexpected
behaviour and segmentation faults...
This reverts commit 6d49b049ee.
Change-Id: I7b2a8a5c63cf64360a824926a2219fd7e419b1bb
When starting multiple mobile in the same second, the libc random number
generator will be seeded to exactly the same value.
The random bits inside the RACH request(s) will be exactly the same
across multiple mobile and when the channel fails they all pick the same
randomized back-off timing.
Use stronger random numbers and replace all calls to random(2) with
osmo_get_rand_id. Add a fallback to try random().
Change-Id: Ie0cc64663cd4b90c027b79545dc5d3ac9d87b9dd
Notify once the mm state has been changed. Unfortunaley one state
transition can immediately trigger more transitions (recursively).
In the mid-term it might be best to force all primitives to be
async to avoid unpredictable behavior (e.g. make a shutdown while
being a recursion down?)
Change-Id: I8e9dcf7fd9116985aa060ba027ba74107a19223a
The enum was created to understand the different states during
the shutdown and find places where it is used. The normal
transitions are like.
Idle -> Imsi Detach -> L1 Reset -> Done
Idle -> L1 Reset -> Done
The shutdown can get stuck in case:
* Out of memory situation while handling IMSI detach (timeout)
* Never receiving l1 reset acknnowledgment.
The code could benefit from the move to osmo fsm to deal with
proper timeouts.
Change-Id: Iee1140e4848923c7270495c381bf87b7e3fddee1
Since some 'gsm_7bit_*' functions were deprecated and replaced by
more secure ones with the '_n_' postfix in names, it's better to
use the updated functions.
Change-Id: I4499b592a0dfea71462aed19fe641419d79b3cbd
libosmocore has changed its LAI decoding from hex to decimal. This caused
wrong decoding of MCC and MNC. In order to provide required hex
transcoding, special hex encoding and decoding function are added to
mobile/sysinfo.c.
If network will not respond to (additional) service request, the timeout
will abort the pending MM connection and return to the state before the
MM connection was requested or wait for network command.
There is no support for TS 04.14. A logging message will inidcate this,
if a tester requests test functions. A STATUS message will be sent
as it is for for other usupported protocol types received.
Written-by: Andreas Eversberg <jolly@eversberg.eu>
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
Use VTY to request your extension number form OpenBSC:
en
service 1 *100#
Written-by: Andreas Eversberg <jolly@eversberg.eu>
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
Both MO and MT SMS are supported.
Transmission an reception can be controlled via VTY:
en
sms 1 <destination> <text>
All received SMS are stored in "~/.osmocom/bb/sms.txt".
SMS transmission is performed on SAPI 3 datalink, using DCCH or ACCH.
Written-by: Andreas Eversberg <jolly@eversberg.eu>
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
RR now handles SAPI 3 datalink.
MM connections now have and individual sapi, so MM can use right SAPI
for communication with other layers, as well as releasing the right
MM connections in case of link release.
Written-by: Andreas Eversberg <jolly@eversberg.eu>
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
If location updating (attachment) fails, the mobile returnes into idle
state. Because the SIM may be valid in this location area, the mobile must
check if the SIM is already attached. If not it may not change to normal
service.
Written-by: Andreas Eversberg <jolly@eversberg.eu>
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
The reason for the the wrong power capability comes from the fact that
"rr->cd_now" is not yet set and so the ARFCN is 0 which causes the
GSM900 power capability to be used. It is set to "Class 4" in the
configuration file per default, however this value is not defined for
GSM1800/1900.
Thanx to Dieter Spaar for finding this bug!
This patch introduces cell re-relection. When camping on a cell, it
scanns neighbour cells. If a 'better' cell is found, the cell is selected.
If the cell is in a different location area, a location upating is
performed under certain conditions.
The 'better' cell depends on various informations that are broadcasted on
the BCCH of a neihbour cell and of course the RX level. Most operators
don't set these informations, so the 'better' cell depend on a better
RX level for the same location area, or a much better RX level (6 dBm)
at a different location area.
There were many issues at the idle mode process that has been fixed.
Expecially when moving, the state machines got stuck, so no more cell search
was possible, or no further calls / location updating was possible.
In order to see the process of cell selection, enter the VTY interface and
enable the network monitor:
enable
monitor network 1 (where '1' is the instance of the MS)
In order to see the current state of the processes, enter:
show ms
This makes it possible to use GSM 850 and PCS 1900 bands, as used in the
US. The support relies on the phone hardware.
Each band (900, DCS, 850, PCS, 480 and 450) can be enabled and
disabled individually for each setting.
This patch changes include paths to get osmocom-bb working with
the current libosmocore tree.
Among all these renames, you can notice several tweaks that I
added on purpose, and that require some explanation, they are:
* hexdump() in osmocon.c and osmoload.c has been renamed to avoid
clashing with hexdump() defined in libosmocore.
* gsmmap now depends on libosmogsm. Actually I had to cleanup
Makefile.am because I was experiencing weird linking problems,
probably due to a bug in the autotools. With the change included
in this patch, I got it compiled and linked here correctly.
This patch has been tested with the phone Motorola C123 and the
following images files:
* firmware/board/compal_e88/hello_world.compalram.bin
* firmware/board/compal_e88/layer1.compalram.bin
Using the osmocon, bcch_scan and mobile tools.
Signed-off-by: Pablo Neira Ayuso <pablo@gnumonks.org>
All functions for handling mobile instances and mobile relevant parts are
moved to mobile/app_mobile.c, the mobile/main.c and mobile/mncc.c become a
simple out-of-the-box mobile application. (making calls)
The mobile/main.c can be replaced easily by a different application now.
this application may have it's own call control implementation (layer 4).
Full configurations via VTY is still possible and required in this case.
To create another instance: 'ms <name> create'
To remove an instance: 'no ms <name>'
If no instance exists, 'ms 1' is created automatically on startup.
Each instance can be enabled / disabled by using 'shutdown' or
'no shutdown'. Multiple instances may share the same layer2 socket (same
phone hardware), but in this case only one instance can be enabled at the
same time. This makes it much easier to select different settings without
modifying them.
A 'shutdown' initiates the IMSI detach procedure before shutdown is
completed. A 'shutdown force' will immidiately shutdown.
There is no need to restart the software anymore, if fundamental settings
are changed. In this case, a 'shutdown' followed by a 'no shutdown' will
do the job.
If you already have an old osmocom.cfg, you need to "no shutdown" it.
Everything else behaves as before.
Supported features of hardware (support.c) can be disabled by config.
This way the full featured mobile can be downgraded to indicate less
features to the network, like disabling speech support or crypto support.
Sylvain pointed out that CM SERVICE ACCEPT message is not requred, if
ciphering has been completed. In this case, an RR_SYNC_IND is sent
to mobility management, and treated there as CM SERVICE ACCEPT.
This split the headers and adapt the source.
We use osmocom/bb as a prefix because libosomore also
uses osmocom and generic names such as misc & common could
conflict in the future.
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
We split into :
- common: Everything that can be shared
- mobile: The real spec compliant mobile phones
- misc: Different test stuff
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
Martin Hauke
Vadim Yanitskiy
Sylvain Munaut